Merge branch 'master' into ml-transform-kibana-context-cleanup

docs/development/core/server/kibana-plugin-server.destructiveroutemethod.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [DestructiveRouteMethod](./kibana-plugin-server.destructiveroutemethod.md)
+
+## DestructiveRouteMethod type
+
+Set of HTTP methods changing the state of the server.
+
+<b>Signature:</b>
+
+```typescript
+export declare type DestructiveRouteMethod = 'post' | 'put' | 'delete' | 'patch';
+```

docs/development/core/server/kibana-plugin-server.md

@@ -188,6 +188,7 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [ConfigDeprecationLogger](./kibana-plugin-server.configdeprecationlogger.md) | Logger interface used when invoking a [ConfigDeprecation](./kibana-plugin-server.configdeprecation.md) |
 |  [ConfigDeprecationProvider](./kibana-plugin-server.configdeprecationprovider.md) | A provider that should returns a list of [ConfigDeprecation](./kibana-plugin-server.configdeprecation.md)<!-- -->.<!-- -->See [ConfigDeprecationFactory](./kibana-plugin-server.configdeprecationfactory.md) for more usage examples. |
 |  [ConfigPath](./kibana-plugin-server.configpath.md) |  |
+|  [DestructiveRouteMethod](./kibana-plugin-server.destructiveroutemethod.md) | Set of HTTP methods changing the state of the server. |
 |  [ElasticsearchClientConfig](./kibana-plugin-server.elasticsearchclientconfig.md) |  |
 |  [GetAuthHeaders](./kibana-plugin-server.getauthheaders.md) | Get headers to authenticate a user against Elasticsearch. |
 |  [GetAuthState](./kibana-plugin-server.getauthstate.md) | Gets authentication state for a request. Returned by <code>auth</code> interceptor. |
@@ -232,6 +233,7 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [RouteValidationFunction](./kibana-plugin-server.routevalidationfunction.md) | The custom validation function if @<!-- -->kbn/config-schema is not a valid solution for your specific plugin requirements. |
 |  [RouteValidationSpec](./kibana-plugin-server.routevalidationspec.md) | Allowed property validation options: either @<!-- -->kbn/config-schema validations or custom validation functions<!-- -->See [RouteValidationFunction](./kibana-plugin-server.routevalidationfunction.md) for custom validation. |
 |  [RouteValidatorFullConfig](./kibana-plugin-server.routevalidatorfullconfig.md) | Route validations config and options merged into one object |
+|  [SafeRouteMethod](./kibana-plugin-server.saferoutemethod.md) | Set of HTTP methods not changing the state of the server. |
 |  [SavedObjectAttribute](./kibana-plugin-server.savedobjectattribute.md) | Type definition for a Saved Object attribute value |
 |  [SavedObjectAttributeSingle](./kibana-plugin-server.savedobjectattributesingle.md) | Don't use this type, it's simply a helper type for [SavedObjectAttribute](./kibana-plugin-server.savedobjectattribute.md) |
 |  [SavedObjectMigrationFn](./kibana-plugin-server.savedobjectmigrationfn.md) | A migration function for a [saved object type](./kibana-plugin-server.savedobjectstype.md) used to migrate it to a given version |

docs/development/core/server/kibana-plugin-server.routeconfigoptions.md

@@ -19,4 +19,5 @@ export interface RouteConfigOptions<Method extends RouteMethod>
 |  [authRequired](./kibana-plugin-server.routeconfigoptions.authrequired.md) | <code>boolean</code> | A flag shows that authentication for a route: <code>enabled</code> when true <code>disabled</code> when false<!-- -->Enabled by default. |
 |  [body](./kibana-plugin-server.routeconfigoptions.body.md) | <code>Method extends 'get' &#124; 'options' ? undefined : RouteConfigOptionsBody</code> | Additional body options [RouteConfigOptionsBody](./kibana-plugin-server.routeconfigoptionsbody.md)<!-- -->. |
 |  [tags](./kibana-plugin-server.routeconfigoptions.tags.md) | <code>readonly string[]</code> | Additional metadata tag strings to attach to the route. |
+|  [xsrfRequired](./kibana-plugin-server.routeconfigoptions.xsrfrequired.md) | <code>Method extends 'get' ? never : boolean</code> | Defines xsrf protection requirements for a route: - true. Requires an incoming POST/PUT/DELETE request to contain <code>kbn-xsrf</code> header. - false. Disables xsrf protection.<!-- -->Set to true by default |
 

docs/development/core/server/kibana-plugin-server.routeconfigoptions.xsrfrequired.md

@@ -0,0 +1,15 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [RouteConfigOptions](./kibana-plugin-server.routeconfigoptions.md) &gt; [xsrfRequired](./kibana-plugin-server.routeconfigoptions.xsrfrequired.md)
+
+## RouteConfigOptions.xsrfRequired property
+
+Defines xsrf protection requirements for a route: - true. Requires an incoming POST/PUT/DELETE request to contain `kbn-xsrf` header. - false. Disables xsrf protection.
+
+Set to true by default
+
+<b>Signature:</b>
+
+```typescript
+xsrfRequired?: Method extends 'get' ? never : boolean;
+```

docs/development/core/server/kibana-plugin-server.routemethod.md

@@ -9,5 +9,5 @@ The set of common HTTP methods supported by Kibana routing.
 <b>Signature:</b>
 
 ```typescript
-export declare type RouteMethod = 'get' | 'post' | 'put' | 'delete' | 'patch' | 'options';
+export declare type RouteMethod = SafeRouteMethod | DestructiveRouteMethod;
 ```

docs/development/core/server/kibana-plugin-server.saferoutemethod.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [SafeRouteMethod](./kibana-plugin-server.saferoutemethod.md)
+
+## SafeRouteMethod type
+
+Set of HTTP methods not changing the state of the server.
+
+<b>Signature:</b>
+
+```typescript
+export declare type SafeRouteMethod = 'get' | 'options';
+```

packages/kbn-optimizer/src/__fixtures__/mock_repo/plugins/foo/public/async_import.ts

@@ -0,0 +1,20 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+export function foo() {}

packages/kbn-optimizer/src/__fixtures__/mock_repo/plugins/foo/public/index.ts

@@ -19,3 +19,7 @@
 
 export * from './lib';
 export * from './ext';
+
+export async function getFoo() {
+  return await import('./async_import');
+}

packages/kbn-optimizer/src/integration_tests/basic_optimization.test.ts

@@ -128,16 +128,21 @@ it('builds expected bundles, saves bundle counts to metadata', async () => {
     Fs.readFileSync(Path.resolve(MOCK_REPO_DIR, 'plugins/foo/target/public/foo.plugin.js'), 'utf8')
   ).toMatchSnapshot('foo bundle');
 
+  expect(
+    Fs.readFileSync(Path.resolve(MOCK_REPO_DIR, 'plugins/foo/target/public/1.plugin.js'), 'utf8')
+  ).toMatchSnapshot('1 async bundle');
+
   expect(
     Fs.readFileSync(Path.resolve(MOCK_REPO_DIR, 'plugins/bar/target/public/bar.plugin.js'), 'utf8')
   ).toMatchSnapshot('bar bundle');
 
   const foo = config.bundles.find(b => b.id === 'foo')!;
   expect(foo).toBeTruthy();
   foo.cache.refresh();
-  expect(foo.cache.getModuleCount()).toBe(3);
+  expect(foo.cache.getModuleCount()).toBe(4);
   expect(foo.cache.getReferencedFiles()).toMatchInlineSnapshot(`
     Array [
+      <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/foo/public/async_import.ts,
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/foo/public/ext.ts,
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/foo/public/index.ts,
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/foo/public/lib.ts,
@@ -148,8 +153,8 @@ it('builds expected bundles, saves bundle counts to metadata', async () => {
   expect(bar).toBeTruthy();
   bar.cache.refresh();
   expect(bar.cache.getModuleCount()).toBe(
-    // code + styles + style/css-loader runtime
-    14
+    // code + styles + style/css-loader runtimes
+    15
   );
 
   expect(bar.cache.getReferencedFiles()).toMatchInlineSnapshot(`
@@ -159,6 +164,7 @@ it('builds expected bundles, saves bundle counts to metadata', async () => {
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/bar/public/index.ts,
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/bar/public/legacy/styles.scss,
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/bar/public/lib.ts,
+      <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/foo/public/async_import.ts,
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/foo/public/ext.ts,
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/foo/public/index.ts,
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/foo/public/lib.ts,

packages/kbn-optimizer/src/worker/run_compilers.ts

@@ -127,7 +127,7 @@ const observeCompiler = (
         );
       }
 
-      const files = Array.from(referencedFiles);
+      const files = Array.from(referencedFiles).sort(ascending(p => p));
       const mtimes = new Map(
         files.map((path): [string, number | undefined] => {
           try {
@@ -146,7 +146,7 @@ const observeCompiler = (
         optimizerCacheKey: workerConfig.optimizerCacheKey,
         cacheKey: bundle.createCacheKey(files, mtimes),
         moduleCount: normalModules.length,
-        files: files.sort(ascending(f => f)),
+        files,
       });
 
       return compilerMsgs.compilerSuccess({

packages/kbn-test/src/failed_tests_reporter/github_api.ts

@@ -33,6 +33,15 @@ export interface GithubIssue {
   body: string;
 }
 
+/**
+ * Minimal GithubIssue type that can be easily replicated by dry-run helpers
+ */
+export interface GithubIssueMini {
+  number: GithubIssue['number'];
+  body: GithubIssue['body'];
+  html_url: GithubIssue['html_url'];
+}
+
 type RequestOptions = AxiosRequestConfig & {
   safeForDryRun?: boolean;
   maxAttempts?: number;
@@ -162,7 +171,7 @@ export class GithubApi {
   }
 
   async createIssue(title: string, body: string, labels?: string[]) {
-    const resp = await this.request(
+    const resp = await this.request<GithubIssueMini>(
       {
         method: 'POST',
         url: Url.resolve(BASE_URL, 'issues'),
@@ -173,11 +182,13 @@ export class GithubApi {
         },
       },
       {
+        body,
+        number: 999,
         html_url: 'https://dryrun',
       }
     );
 
-    return resp.data.html_url;
+    return resp.data;
   }
 
   private async request<T>(

packages/kbn-test/src/failed_tests_reporter/report_failure.test.ts

@@ -78,9 +78,7 @@ describe('updateFailureIssue()', () => {
       'https://build-url',
       {
         html_url: 'https://github.com/issues/1234',
-        labels: ['some-label'],
         number: 1234,
-        title: 'issue title',
         body: dedent`
           # existing issue body
 

packages/kbn-test/src/failed_tests_reporter/report_failure.ts

@@ -18,7 +18,7 @@
  */
 
 import { TestFailure } from './get_failures';
-import { GithubIssue, GithubApi } from './github_api';
+import { GithubIssueMini, GithubApi } from './github_api';
 import { getIssueMetadata, updateIssueMetadata } from './issue_metadata';
 
 export async function createFailureIssue(buildUrl: string, failure: TestFailure, api: GithubApi) {
@@ -44,7 +44,7 @@ export async function createFailureIssue(buildUrl: string, failure: TestFailure,
   return await api.createIssue(title, body, ['failed-test']);
 }
 
-export async function updateFailureIssue(buildUrl: string, issue: GithubIssue, api: GithubApi) {
+export async function updateFailureIssue(buildUrl: string, issue: GithubIssueMini, api: GithubApi) {
   // Increment failCount
   const newCount = getIssueMetadata(issue.body, 'test.failCount', 0) + 1;
   const newBody = updateIssueMetadata(issue.body, {

packages/kbn-test/src/failed_tests_reporter/run_failed_tests_reporter_cli.ts

@@ -20,8 +20,8 @@
 import { REPO_ROOT, run, createFailError, createFlagError } from '@kbn/dev-utils';
 import globby from 'globby';
 
-import { getFailures } from './get_failures';
-import { GithubApi } from './github_api';
+import { getFailures, TestFailure } from './get_failures';
+import { GithubApi, GithubIssueMini } from './github_api';
 import { updateFailureIssue, createFailureIssue } from './report_failure';
 import { getIssueMetadata } from './issue_metadata';
 import { readTestReport } from './test_report';
@@ -73,6 +73,11 @@ export function runFailedTestsReporterCli() {
         absolute: true,
       });
 
+      const newlyCreatedIssues: Array<{
+        failure: TestFailure;
+        newIssue: GithubIssueMini;
+      }> = [];
+
       for (const reportPath of reportPaths) {
         const report = await readTestReport(reportPath);
         const messages = Array.from(getReportMessageIter(report));
@@ -94,12 +99,22 @@ export function runFailedTestsReporterCli() {
             continue;
           }
 
-          const existingIssue = await githubApi.findFailedTestIssue(
+          let existingIssue: GithubIssueMini | undefined = await githubApi.findFailedTestIssue(
             i =>
               getIssueMetadata(i.body, 'test.class') === failure.classname &&
               getIssueMetadata(i.body, 'test.name') === failure.name
           );
 
+          if (!existingIssue) {
+            const newlyCreated = newlyCreatedIssues.find(
+              ({ failure: f }) => f.classname === failure.classname && f.name === failure.name
+            );
+
+            if (newlyCreated) {
+              existingIssue = newlyCreated.newIssue;
+            }
+          }
+
           if (existingIssue) {
             const newFailureCount = await updateFailureIssue(buildUrl, existingIssue, githubApi);
             const url = existingIssue.html_url;
@@ -110,11 +125,12 @@ export function runFailedTestsReporterCli() {
             continue;
           }
 
-          const newIssueUrl = await createFailureIssue(buildUrl, failure, githubApi);
+          const newIssue = await createFailureIssue(buildUrl, failure, githubApi);
           pushMessage('Test has not failed recently on tracked branches');
           if (updateGithub) {
-            pushMessage(`Created new issue: ${newIssueUrl}`);
+            pushMessage(`Created new issue: ${newIssue.html_url}`);
           }
+          newlyCreatedIssues.push({ failure, newIssue });
         }
 
         // mutates report to include messages and writes updated report to disk

src/core/server/config/deprecation/core_deprecations.test.ts

@@ -81,6 +81,19 @@ describe('core deprecations', () => {
     });
   });
 
+  describe('xsrfDeprecation', () => {
+    it('logs a warning if server.xsrf.whitelist is set', () => {
+      const { messages } = applyCoreDeprecations({
+        server: { xsrf: { whitelist: ['/path'] } },
+      });
+      expect(messages).toMatchInlineSnapshot(`
+        Array [
+          "It is not recommended to disable xsrf protections for API endpoints via [server.xsrf.whitelist]. It will be removed in 8.0 release. Instead, supply the \\"kbn-xsrf\\" header.",
+        ]
+      `);
+    });
+  });
+
   describe('rewriteBasePath', () => {
     it('logs a warning is server.basePath is set and server.rewriteBasePath is not', () => {
       const { messages } = applyCoreDeprecations({

src/core/server/config/deprecation/core_deprecations.ts

@@ -38,6 +38,19 @@ const dataPathDeprecation: ConfigDeprecation = (settings, fromPath, log) => {
   return settings;
 };
 
+const xsrfDeprecation: ConfigDeprecation = (settings, fromPath, log) => {
+  if (
+    has(settings, 'server.xsrf.whitelist') &&
+    get<unknown[]>(settings, 'server.xsrf.whitelist').length > 0
+  ) {
+    log(
+      'It is not recommended to disable xsrf protections for API endpoints via [server.xsrf.whitelist]. ' +
+        'It will be removed in 8.0 release. Instead, supply the "kbn-xsrf" header.'
+    );
+  }
+  return settings;
+};
+
 const rewriteBasePathDeprecation: ConfigDeprecation = (settings, fromPath, log) => {
   if (has(settings, 'server.basePath') && !has(settings, 'server.rewriteBasePath')) {
     log(
@@ -177,4 +190,5 @@ export const coreDeprecationProvider: ConfigDeprecationProvider = ({
   rewriteBasePathDeprecation,
   cspRulesDeprecation,
   mapManifestServiceUrlDeprecation,
+  xsrfDeprecation,
 ];

src/core/server/http/http_server.mocks.ts

@@ -29,6 +29,7 @@ import {
   RouteMethod,
   KibanaResponseFactory,
   RouteValidationSpec,
+  KibanaRouteState,
 } from './router';
 import { OnPreResponseToolkit } from './lifecycle/on_pre_response';
 import { OnPostAuthToolkit } from './lifecycle/on_post_auth';
@@ -43,6 +44,7 @@ interface RequestFixtureOptions<P = any, Q = any, B = any> {
   method?: RouteMethod;
   socket?: Socket;
   routeTags?: string[];
+  kibanaRouteState?: KibanaRouteState;
   routeAuthRequired?: false;
   validation?: {
     params?: RouteValidationSpec<P>;
@@ -62,6 +64,7 @@ function createKibanaRequestMock<P = any, Q = any, B = any>({
   routeTags,
   routeAuthRequired,
   validation = {},
+  kibanaRouteState = { xsrfRequired: true },
 }: RequestFixtureOptions<P, Q, B> = {}) {
   const queryString = stringify(query, { sort: false });
 
@@ -80,7 +83,7 @@ function createKibanaRequestMock<P = any, Q = any, B = any>({
         search: queryString ? `?${queryString}` : queryString,
       },
       route: {
-        settings: { tags: routeTags, auth: routeAuthRequired },
+        settings: { tags: routeTags, auth: routeAuthRequired, app: kibanaRouteState },
       },
       raw: {
         req: { socket },
@@ -109,6 +112,7 @@ function createRawRequestMock(customization: DeepPartial<Request> = {}) {
   return merge(
     {},
     {
+      app: { xsrfRequired: true } as any,
       headers: {},
       path: '/',
       route: { settings: {} },

src/core/server/http/http_server.test.ts

@@ -811,6 +811,7 @@ test('exposes route details of incoming request to a route handler', async () =>
       path: '/',
       options: {
         authRequired: true,
+        xsrfRequired: false,
         tags: [],
       },
     });
@@ -923,6 +924,7 @@ test('exposes route details of incoming request to a route handler (POST + paylo
       path: '/',
       options: {
         authRequired: true,
+        xsrfRequired: true,
         tags: [],
         body: {
           parse: true, // hapi populates the default