Merge branch 'master' into ingest/fix/500-pkginfo

.ci/Jenkinsfile_flaky

@@ -35,7 +35,7 @@ kibanaPipeline(timeoutMinutes: 180) {
             if (!IS_XPACK) {
               kibanaPipeline.buildOss()
               if (CI_GROUP == '1') {
-                runbld("./test/scripts/jenkins_build_kbn_tp_sample_panel_action.sh", "Build kbn tp sample panel action for ciGroup1")
+                runbld("./test/scripts/jenkins_build_kbn_sample_panel_action.sh", "Build kbn tp sample panel action for ciGroup1")
               }
             } else {
               kibanaPipeline.buildXpack()

.github/CODEOWNERS

@@ -177,17 +177,23 @@
 # Elasticsearch UI
 /src/plugins/console/  @elastic/es-ui
 /src/plugins/es_ui_shared/  @elastic/es-ui
-/x-pack/plugins/console_extensions/  @elastic/es-ui
 /x-pack/legacy/plugins/cross_cluster_replication/  @elastic/es-ui
 /x-pack/legacy/plugins/index_lifecycle_management/  @elastic/es-ui
 /x-pack/legacy/plugins/index_management/  @elastic/es-ui
 /x-pack/legacy/plugins/license_management/  @elastic/es-ui
-/x-pack/plugins/remote_clusters/  @elastic/es-ui
 /x-pack/legacy/plugins/rollup/  @elastic/es-ui
-/x-pack/plugins/searchprofiler/  @elastic/es-ui
-/x-pack/plugins/painless_lab/  @elastic/es-ui
 /x-pack/legacy/plugins/snapshot_restore/  @elastic/es-ui
 /x-pack/legacy/plugins/upgrade_assistant/  @elastic/es-ui
+/x-pack/plugins/console_extensions/  @elastic/es-ui
+/x-pack/plugins/es_ui_shared/  @elastic/es-ui
+/x-pack/plugins/grokdebugger/  @elastic/es-ui
+/x-pack/plugins/index_management/  @elastic/es-ui
+/x-pack/plugins/license_management/  @elastic/es-ui
+/x-pack/plugins/painless_lab/  @elastic/es-ui
+/x-pack/plugins/remote_clusters/  @elastic/es-ui
+/x-pack/plugins/rollup/  @elastic/es-ui
+/x-pack/plugins/searchprofiler/  @elastic/es-ui
+/x-pack/plugins/snapshot_restore/  @elastic/es-ui
 /x-pack/plugins/upgrade_assistant/  @elastic/es-ui
 /x-pack/plugins/watcher/  @elastic/es-ui
 

.github/paths-labeller.yml

@@ -1,13 +1,4 @@
 ---
-  - "Team:AppArch":
-    - "src/plugins/bfetch/**/*.*"
-    - "src/plugins/dashboard_embeddable_container/**/*.*"
-    - "src/plugins/data/**/*.*"
-    - "src/plugins/embeddable/**/*.*"
-    - "src/plugins/expressions/**/*.*"
-    - "src/plugins/inspector/**/*.*"
-    - "src/plugins/ui_actions/**/*.*"
-    - "src/plugins/visualizations/**/*.*"
   - "Feature:Embedding":
     - "src/plugins/embeddable/**/*.*"
     - "src/plugins/dashboard_embeddable_container/**/*.*"

docs/canvas/canvas-elements.asciidoc

@@ -23,7 +23,7 @@ By default, most of the elements you create use demo data until you change the d
 
 * *{es} SQL* — Access your data in {es} using SQL syntax. For information about SQL syntax, refer to {ref}/sql-spec.html[SQL language].
 
-* *{es} raw data* — Access your raw data in {es} without the use of aggregations. Use {es} raw data when you have low volume datasets, or to plot exact, non-aggregated values.
+* *{es} documents* &mdash; Access your data in {es} without using aggregations. To use, select an index and fields, and optionally enter a query using the <<lucene-query,Lucene Query Syntax>>. Use the *{es} documents* data source when you have low volume datasets, to view raw documents, or to plot exact, non-aggregated values on a chart.
 
 * *Timelion* &mdash; Access your time series data using <<timelion,Timelion>> queries. To use Timelion queries, you can enter a query using the <<lucene-query,Lucene Query Syntax>>.
 

docs/logs/using.asciidoc

@@ -38,7 +38,7 @@ Log entries for the specified time appear in the middle of the page. To quickly
 [[logs-customize]]
 === Customize your view
 Click *Customize* to customize the view.
-Here, you can set the scale to use for the minimap timeline, choose whether to wrap long lines, and choose your preferred text size.
+Here, you can choose whether to wrap long lines, and choose your preferred text size.
 
 [float]
 === Configuring the data to use for your logs

docs/migration/migrate_8_0.asciidoc

@@ -61,24 +61,53 @@ for example, `logstash-*`.
 *Impact:* Use `xpack.security.authc.providers` instead.
 
 [float]
-==== `xpack.security.authc.saml.realm` is now mandatory when using the SAML authentication provider
-*Details:* Previously Kibana was choosing the appropriate Elasticsearch SAML realm automatically using the `Assertion Consumer Service`
-URL that it derived from the actual server address. Starting in 8.0.0, the Elasticsearch SAML realm name that Kibana will use should be
-specified explicitly.
+==== `xpack.security.authc.providers` has changed value format
+*Details:* `xpack.security.authc.providers` setting in the `kibana.yml` has changed value format.
+
+*Impact:* Array of provider types as a value is no longer supported, use extended object format instead.
+
+[float]
+==== `xpack.security.authc.saml` is no longer valid
+*Details:* The deprecated `xpack.security.authc.saml` setting in the `kibana.yml` file has been removed.
 
-*Impact:* Always define `xpack.security.authc.saml.realm` when using the SAML authentication provider.
+*Impact:* Configure SAML authentication providers using `xpack.security.authc.providers.saml.{provider unique name}.*` settings instead.
+
+[float]
+==== `xpack.security.authc.oidc` is no longer valid
+*Details:* The deprecated `xpack.security.authc.oidc` setting in the `kibana.yml` file has been removed.
+
+*Impact:* Configure OpenID Connect authentication providers using `xpack.security.authc.providers.oidc.{provider unique name}.*` settings instead.
 
 [float]
 ==== `xpack.security.public` is no longer valid
-*Details:* The deprecated `xpack.security.public` setting in the `kibana.yml` file has been removed.
+*Details:* Previously Kibana was choosing the appropriate Elasticsearch SAML realm automatically using the `Assertion Consumer Service`
+URL that it derived from the actual server address and `xpack.security.public` setting. Starting in 8.0.0, the deprecated `xpack.security.public` setting in the `kibana.yml` file has been removed and the Elasticsearch SAML realm name that Kibana will use should be specified explicitly.
 
-*Impact:* Define `xpack.security.authc.saml.realm` when using the SAML authentication provider instead.
+*Impact:* Define `xpack.security.authc.providers.saml.{provider unique name}.realm` when using the SAML authentication providers instead.
 
 [float]
 ==== `/api/security/v1/saml` endpoint is no longer supported
 *Details:* The deprecated `/api/security/v1/saml` endpoint is no longer supported.
 
-*Impact:* Rely on `/api/security/saml/callback` endpoint when using SAML instead. This change should be reflected in Kibana `server.xsrf.whitelist` config as well as in Elasticsearch and Identity Provider SAML settings.
+*Impact:* Rely on `/api/security/saml/callback` endpoint when using SAML instead. This change should be reflected in Elasticsearch and Identity Provider SAML settings.
+
+[float]
+==== `/api/security/v1/oidc` endpoint is no longer supported
+*Details:* The deprecated `/api/security/v1/oidc` endpoint is no longer supported.
+
+*Impact:* Rely on `/api/security/oidc/callback` endpoint when using OpenID Connect instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.
+
+[float]
+==== `/api/security/v1/oidc` endpoint is no longer supported for Third Party initiated login
+*Details:* The deprecated `/api/security/v1/oidc` endpoint is no longer supported for Third Party initiated login.
+
+*Impact:* Rely on `/api/security/oidc/initiate_login` endpoint when using Third Party initiated OpenID Connect login instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.
+
+[float]
+==== `/api/security/v1/oidc/implicit` endpoint is no longer supported
+*Details:* The deprecated `/api/security/v1/oidc/implicit` endpoint is no longer supported.
+
+*Impact:* Rely on `/api/security/oidc/implicit` endpoint when using OpenID Connect Implicit Flow instead. This change should be reflected in OpenID Connect Provider settings.
 
 [float]
 === `optimize` directory is now in the `data` folder
@@ -112,4 +141,13 @@ access level.
 been deprecated with warnings that have been logged throughout 7.x. Please use Kibana UI to re-generate the
 POST URL snippets if you depend on these for automated PDF reports.
 
+[float]
+=== Configurations starting with `xpack.telemetry` are no longer valid
+
+*Details:*
+The `xpack.` prefix has been removed for all telemetry configurations.
+
+*Impact:*
+For any configurations beginning with `xpack.telemetry`, remove the `xpack` prefix. Use {kibana-ref}/telemetry-settings-kbn.html#telemetry-general-settings[`telemetry.enabled`] instead.
+
 // end::notable-breaking-changes[]

docs/settings/telemetry-settings.asciidoc

@@ -0,0 +1,38 @@
+[[telemetry-settings-kbn]]
+=== Telemetry settings in Kibana
+++++
+<titleabbrev>Telemetry settings</titleabbrev>
+++++
+
+By default, Usage Collection (also known as Telemetry) is enabled. This
+helps us learn about the {kib} features that our users are most interested in, so we
+can focus our efforts on making them even better.
+
+You can control whether this data is sent from the {kib} servers, or if it should be sent 
+from the user's browser, in case a firewall is blocking the connections from the server. Additionally, you can decide to completely disable this feature either in the config file or in {kib} via *Management > Kibana > Advanced Settings > Usage Data*.
+
+See our https://www.elastic.co/legal/privacy-statement[Privacy Statement] to learn more.
+
+[float]
+[[telemetry-general-settings]]
+==== General telemetry settings
+
+`telemetry.enabled`:: *Default: true*.
+Set to `true` to send cluster statistics to Elastic. Reporting your
+cluster statistics helps us improve your user experience. Your data is never
+shared with anyone. Set to `false` to disable statistics reporting from any
+browser connected to the {kib} instance.
+
+`telemetry.sendUsageFrom`:: *Default: 'browser'*.
+Set to `'server'` to report the cluster statistics from the {kib} server.
+If the server fails to connect to our endpoint at https://telemetry.elastic.co/, it assumes
+it is behind a firewall and falls back to `'browser'` to send it from users' browsers
+when they are navigating through {kib}.
+
+`telemetry.optIn`:: *Default: true*.
+Set to `true` to automatically opt into reporting cluster statistics. You can also opt out through
+*Advanced Settings* in {kib}.
+
+`telemetry.allowChangingOptInStatus`:: *Default: true*.
+Set to `true` to allow overwriting the `telemetry.optIn` setting via the {kib} UI. 
+Note: When `false`, `telemetry.optIn` must be `true`. To disable telemetry and not allow users to change that parameter, use `telemetry.enabled`.

docs/setup/settings.asciidoc

@@ -410,9 +410,7 @@ all http requests to https over the port configured as `server.port`.
 supported protocols with versions. Valid protocols: `TLSv1`, `TLSv1.1`, `TLSv1.2`
 
 `server.xsrf.whitelist:`:: It is not recommended to disable protections for
-arbitrary API endpoints. Instead, supply the `kbn-xsrf` header. There are some
-scenarios where whitelisting is required, however, such as
-<<kibana-authentication, SAML and OpenID Connect Single Sign-On setups>>.
+arbitrary API endpoints. Instead, supply the `kbn-xsrf` header.
 The `server.xsrf.whitelist` setting requires the following format:
 
 [source,text]
@@ -465,3 +463,4 @@ include::{docdir}/settings/reporting-settings.asciidoc[]
 include::secure-settings.asciidoc[]
 include::{docdir}/settings/security-settings.asciidoc[]
 include::{docdir}/settings/spaces-settings.asciidoc[]
+include::{docdir}/settings/telemetry-settings.asciidoc[]