Merge branch 'main' into eui-deprecations-3

.github/CODEOWNERS

@@ -823,12 +823,13 @@ packages/kbn-yarn-lock-validator @elastic/kibana-operations
 /x-pack/test/stack_functional_integration/apps/management/_index_pattern_create.js @elastic/kibana-data-discovery
 /x-pack/test/upgrade/apps/discover @elastic/kibana-data-discovery
 
-# Vis Editors
+# Visualizations
 /src/plugins/visualize/ @elastic/kibana-visualizations
 /x-pack/test/functional/apps/lens @elastic/kibana-visualizations
 /x-pack/test/api_integration/apis/lens/ @elastic/kibana-visualizations
 /test/functional/apps/visualize/ @elastic/kibana-visualizations
 /x-pack/test/functional/apps/graph @elastic/kibana-visualizations
+/test/api_integraion/apis/event_annotations @elastic/kibana-visualizations
 
 # Global Experience
 
@@ -1157,15 +1158,12 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib
 /x-pack/plugins/stack_connectors/common/sentinelone @elastic/security-defend-workflows
 
 ## Security Solution sub teams - Detection Rule Management
-/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema @elastic/security-detection-rule-management @elastic/security-detection-engine
 /x-pack/plugins/security_solution/common/api/detection_engine/fleet_integrations @elastic/security-detection-rule-management
+/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema @elastic/security-detection-rule-management @elastic/security-detection-engine
 /x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules @elastic/security-detection-rule-management
 /x-pack/plugins/security_solution/common/api/detection_engine/rule_management @elastic/security-detection-rule-management
 /x-pack/plugins/security_solution/common/api/detection_engine/rule_monitoring @elastic/security-detection-rule-management
-/x-pack/plugins/security_solution/common/detection_engine/fleet_integrations @elastic/security-detection-rule-management
-/x-pack/plugins/security_solution/common/detection_engine/prebuilt_rules @elastic/security-detection-rule-management
 /x-pack/plugins/security_solution/common/detection_engine/rule_management @elastic/security-detection-rule-management
-/x-pack/plugins/security_solution/common/detection_engine/rule_monitoring @elastic/security-detection-rule-management
 
 /x-pack/test/security_solution_cypress/cypress/e2e/detection_response/prebuilt_rules @elastic/security-detection-rule-management
 /x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management @elastic/security-detection-rule-management
@@ -1196,24 +1194,37 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib
 /x-pack/plugins/security_solution/server/lib/detection_engine/rule_management @elastic/security-detection-rule-management
 /x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring @elastic/security-detection-rule-management
 /x-pack/plugins/security_solution/server/lib/detection_engine/rule_schema @elastic/security-detection-rule-management @elastic/security-detection-engine
-/x-pack/plugins/security_solution/server/utils @elastic/security-detection-rule-management
 
 /x-pack/plugins/security_solution/scripts/openapi @elastic/security-detection-rule-management
 
 ## Security Solution sub teams - Detection Engine
-
-/x-pack/plugins/security_solution/common/api/detection_engine @elastic/security-detection-engine
+/x-pack/plugins/security_solution/common/api/detection_engine/alert_tags @elastic/security-detection-engine
+/x-pack/plugins/security_solution/common/api/detection_engine/index_management @elastic/security-detection-engine
+/x-pack/plugins/security_solution/common/api/detection_engine/model/alerts @elastic/security-detection-engine
+/x-pack/plugins/security_solution/common/api/detection_engine/rule_exceptions @elastic/security-detection-engine
+/x-pack/plugins/security_solution/common/api/detection_engine/rule_preview @elastic/security-detection-engine
+/x-pack/plugins/security_solution/common/api/detection_engine/signals @elastic/security-detection-engine
+/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration @elastic/security-detection-engine
+/x-pack/plugins/security_solution/common/cti @elastic/security-detection-engine
 /x-pack/plugins/security_solution/common/field_maps @elastic/security-detection-engine
+/x-pack/plugins/security_solution/common/risk_engine @elastic/security-detection-engine
 
+/x-pack/plugins/security_solution/public/common/components/sourcerer @elastic/security-detection-engine
 /x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui @elastic/security-detection-engine
+/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions @elastic/security-detection-engine
+/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists @elastic/security-detection-engine
 /x-pack/plugins/security_solution/public/detections/pages/alerts @elastic/security-detection-engine
 /x-pack/plugins/security_solution/public/entity_analytics @elastic/security-detection-engine
+/x-pack/plugins/security_solution/public/exceptions @elastic/security-detection-engine
 
 /x-pack/plugins/security_solution/server/lib/detection_engine/migrations @elastic/security-detection-engine
+/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions_legacy @elastic/security-detection-engine
+/x-pack/plugins/security_solution/server/lib/detection_engine/rule_exceptions @elastic/security-detection-engine
 /x-pack/plugins/security_solution/server/lib/detection_engine/rule_preview @elastic/security-detection-engine
 /x-pack/plugins/security_solution/server/lib/detection_engine/rule_types @elastic/security-detection-engine
 /x-pack/plugins/security_solution/server/lib/detection_engine/routes/index @elastic/security-detection-engine
 /x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals @elastic/security-detection-engine
+/x-pack/plugins/security_solution/server/lib/sourcerer @elastic/security-detection-engine
 
 /x-pack/test/security_solution_cypress/cypress/e2e/data_sources @elastic/security-detection-engine
 /x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation @elastic/security-detection-engine
@@ -1222,40 +1233,26 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib
 /x-pack/test/security_solution_cypress/cypress/e2e/exceptions @elastic/security-detection-engine
 /x-pack/test/security_solution_cypress/cypress/e2e/overview @elastic/security-detection-engine
 
-/x-pack/plugins/security_solution/common/detection_engine/rule_exceptions @elastic/security-detection-engine
-
-/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions @elastic/security-detection-engine
-/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions_ui @elastic/security-detection-engine
-/x-pack/plugins/security_solution/public/common/components/exceptions @elastic/security-detection-engine
-/x-pack/plugins/security_solution/public/exceptions @elastic/security-detection-engine
-/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists @elastic/security-detection-engine
-/x-pack/plugins/security_solution/public/common/components/sourcerer @elastic/security-detection-engine
-
-/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions_legacy @elastic/security-detection-engine
-/x-pack/plugins/security_solution/server/lib/detection_engine/rule_exceptions @elastic/security-detection-engine
-/x-pack/plugins/security_solution/server/lib/sourcerer @elastic/security-detection-engine
-
 ## Security Threat Intelligence - Under Security Platform
 /x-pack/plugins/security_solution/public/common/components/threat_match @elastic/security-detection-engine
 
 ## Security Solution cross teams ownership
 /x-pack/test/security_solution_cypress/cypress/fixtures @elastic/security-detections-response @elastic/security-threat-hunting
 /x-pack/test/security_solution_cypress/cypress/helpers @elastic/security-detections-response @elastic/security-threat-hunting
-/x-pack/test/security_solution_cypress/cypress/e2e/detection_rules @elastic/security-detection-rule-management @elastic/security-detection-engine
 /x-pack/test/security_solution_cypress/cypress/objects @elastic/security-detections-response @elastic/security-threat-hunting
 /x-pack/test/security_solution_cypress/cypress/plugins @elastic/security-detections-response @elastic/security-threat-hunting
 /x-pack/test/security_solution_cypress/cypress/screens/common @elastic/security-detections-response @elastic/security-threat-hunting
 /x-pack/test/security_solution_cypress/cypress/support @elastic/security-detections-response @elastic/security-threat-hunting
 /x-pack/test/security_solution_cypress/cypress/urls @elastic/security-threat-hunting-investigations @elastic/security-detection-engine
 
 /x-pack/plugins/security_solution/common/ecs @elastic/security-threat-hunting-investigations
-/x-pack/plugins/security_solution/common/test @elastic/security-detection-rule-management @elastic/security-detection-engine
+/x-pack/plugins/security_solution/common/test @elastic/security-detections-response @elastic/security-threat-hunting
 
 /x-pack/plugins/security_solution/public/common/components/callouts @elastic/security-detections-response
 /x-pack/plugins/security_solution/public/common/components/hover_actions @elastic/security-threat-hunting-explore @elastic/security-threat-hunting-investigations
 
-/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions @elastic/security-detection-engine @elastic/security-detection-rule-management
 /x-pack/plugins/security_solution/server/routes @elastic/security-detections-response @elastic/security-threat-hunting
+/x-pack/plugins/security_solution/server/utils @elastic/security-detections-response @elastic/security-threat-hunting
 
 ## Security Solution sub teams - security-defend-workflows
 /x-pack/plugins/security_solution/public/management/ @elastic/security-defend-workflows
@@ -1298,7 +1295,7 @@ x-pack/plugins/security_solution/public/threat_intelligence @elastic/protections
 x-pack/test/threat_intelligence_cypress @elastic/protections-experience
 
 # Security Defend Workflows - OSQuery Ownership
-/x-pack/plugins/security_solution/common/detection_engine/rule_response_actions @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_response_actions @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/public/detection_engine/rule_response_actions @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/lib/detection_engine/rule_response_actions @elastic/security-defend-workflows
 

packages/core/http/core-http-browser-internal/src/fetch.test.ts

@@ -29,6 +29,7 @@ describe('Fetch', () => {
   const fetchInstance = new Fetch({
     basePath: new BasePath(BASE_PATH),
     kibanaVersion: 'VERSION',
+    buildNumber: 1234,
     executionContext: executionContextMock,
   });
   afterEach(() => {
@@ -160,6 +161,7 @@ describe('Fetch', () => {
       expect(fetchMock.lastOptions()!.headers).toMatchObject({
         'content-type': 'application/json',
         'kbn-version': 'VERSION',
+        'kbn-build-number': '1234',
         'x-elastic-internal-origin': 'Kibana',
         myheader: 'foo',
       });
@@ -178,6 +180,19 @@ describe('Fetch', () => {
         `"Invalid fetch headers, headers beginning with \\"kbn-\\" are not allowed: [kbn-version]"`
       );
     });
+    it('should not allow overwriting of kbn-build-number header', async () => {
+      fetchMock.get('*', {});
+      await expect(
+        fetchInstance.fetch('/my/path', {
+          headers: {
+            myHeader: 'foo',
+            'kbn-build-number': 4321,
+          },
+        })
+      ).rejects.toThrowErrorMatchingInlineSnapshot(
+        `"Invalid fetch headers, headers beginning with \\"kbn-\\" are not allowed: [kbn-build-number]"`
+      );
+    });
 
     it('should not allow overwriting of x-elastic-internal-origin header', async () => {
       fetchMock.get('*', {});

packages/core/http/core-http-browser-internal/src/fetch.ts

@@ -31,6 +31,7 @@ import { HttpInterceptHaltError } from './http_intercept_halt_error';
 interface Params {
   basePath: IBasePath;
   kibanaVersion: string;
+  buildNumber: number;
   executionContext: ExecutionContextSetup;
 }
 
@@ -135,6 +136,7 @@ export class Fetch {
         'Content-Type': 'application/json',
         ...options.headers,
         'kbn-version': this.params.kibanaVersion,
+        'kbn-build-number': this.params.buildNumber,
         [ELASTIC_HTTP_VERSION_HEADER]: version,
         [X_ELASTIC_INTERNAL_ORIGIN_REQUEST]: 'Kibana',
         ...(!isEmpty(context) ? new ExecutionContextContainer(context).toHeader() : {}),

packages/core/http/core-http-browser-internal/src/http_service.ts

@@ -31,13 +31,14 @@ export class HttpService implements CoreService<HttpSetup, HttpStart> {
 
   public setup({ injectedMetadata, fatalErrors, executionContext }: HttpDeps): HttpSetup {
     const kibanaVersion = injectedMetadata.getKibanaVersion();
+    const buildNumber = injectedMetadata.getKibanaBuildNumber();
     const basePath = new BasePath(
       injectedMetadata.getBasePath(),
       injectedMetadata.getServerBasePath(),
       injectedMetadata.getPublicBaseUrl()
     );
 
-    const fetchService = new Fetch({ basePath, kibanaVersion, executionContext });
+    const fetchService = new Fetch({ basePath, kibanaVersion, buildNumber, executionContext });
     const loadingCount = this.loadingCount.setup({ fatalErrors });
     loadingCount.addLoadingCountSource(fetchService.getRequestCount$());
 

src/plugins/event_annotation/common/content_management/v1/cm_services.ts

@@ -33,7 +33,7 @@ const eventAnnotationGroupAttributesSchema = schema.object(
     description: schema.maybe(schema.string()),
     ignoreGlobalFilters: schema.boolean(),
     annotations: schema.arrayOf(schema.any()),
-    dataViewSpec: schema.maybe(schema.any()),
+    dataViewSpec: schema.oneOf([schema.literal(null), schema.object({}, { unknowns: 'allow' })]),
   },
   { unknowns: 'forbid' }
 );

src/plugins/event_annotation/common/content_management/v1/types.ts

@@ -34,7 +34,8 @@ export interface EventAnnotationGroupSavedObjectAttributes {
   description: string;
   ignoreGlobalFilters: boolean;
   annotations: EventAnnotationConfig[];
-  dataViewSpec?: DataViewSpec;
+  // NULL is important here - undefined will not properly remove this property from the saved object
+  dataViewSpec: DataViewSpec | null;
 }
 
 export interface EventAnnotationGroupSavedObject {

src/plugins/event_annotation/public/event_annotation_service/service.test.ts

@@ -37,6 +37,7 @@ const annotationGroupResolveMocks: Record<string, AnnotationGroupSavedObject> =
       tags: [],
       ignoreGlobalFilters: false,
       annotations: [],
+      dataViewSpec: null,
     },
     type: 'event-annotation-group',
     references: [
@@ -574,7 +575,7 @@ describe('Event Annotation Service', () => {
           title: 'newGroupTitle',
           description: 'my description',
           ignoreGlobalFilters: false,
-          dataViewSpec: undefined,
+          dataViewSpec: null,
           annotations,
         },
         options: {
@@ -624,7 +625,7 @@ describe('Event Annotation Service', () => {
           title: 'newTitle',
           description: '',
           annotations: [],
-          dataViewSpec: undefined,
+          dataViewSpec: null,
           ignoreGlobalFilters: false,
         } as EventAnnotationGroupSavedObjectAttributes,
         options: {

src/plugins/event_annotation/public/event_annotation_service/service.tsx

@@ -218,7 +218,7 @@ export function getEventAnnotationService(
         description,
         ignoreGlobalFilters,
         annotations,
-        dataViewSpec: dataViewSpec || undefined,
+        dataViewSpec,
       },
       references,
     };

test/api_integration/apis/event_annotations/event_annotations.ts

@@ -0,0 +1,152 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import expect from '@kbn/expect';
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+const CONTENT_ENDPOINT = '/api/content_management/rpc';
+
+const CONTENT_TYPE_ID = 'event-annotation-group';
+
+const API_VERSION = 1;
+
+const EXISTING_ID_1 = 'fcebef20-3ba4-11ee-85d3-3dd00bdd66ef'; // from loaded archive
+const EXISTING_ID_2 = '0d1aa670-3baf-11ee-a4a7-c11cb33a9549'; // from loaded archive
+
+const DEFAULT_EVENT_ANNOTATION_GROUP = {
+  title: 'a group',
+  description: '',
+  ignoreGlobalFilters: true,
+  dataViewSpec: null,
+  annotations: [
+    {
+      label: 'Event',
+      type: 'manual',
+      key: {
+        type: 'point_in_time',
+        timestamp: '2023-08-10T15:00:00.000Z',
+      },
+      icon: 'triangle',
+      id: '499ee351-f541-46e0-b327-b3dcae91aff5',
+    },
+  ],
+};
+
+const DEFAULT_REFERENCES = [
+  {
+    type: 'index-pattern',
+    id: '90943e30-9a47-11e8-b64d-95841ca0b247',
+    name: 'event-annotation-group_dataView-ref-90943e30-9a47-11e8-b64d-95841ca0b247',
+  },
+];
+
+export default function ({ getService }: FtrProviderContext) {
+  const kibanaServer = getService('kibanaServer');
+  const supertest = getService('supertest');
+
+  describe('group API', () => {
+    before(async () => {
+      await kibanaServer.importExport.load(
+        'test/api_integration/fixtures/kbn_archiver/event_annotations/event_annotations.json'
+      );
+    });
+
+    after(async () => {
+      await kibanaServer.importExport.unload(
+        'test/api_integration/fixtures/kbn_archiver/event_annotations/event_annotations.json'
+      );
+    });
+
+    describe('search', () => {
+      // TODO test tag searching, ordering, pagination, etc
+
+      it(`should retrieve existing groups`, async () => {
+        const resp = await supertest
+          .post(`${CONTENT_ENDPOINT}/search`)
+          .set('kbn-xsrf', 'kibana')
+          .send({
+            contentTypeId: CONTENT_TYPE_ID,
+            query: {
+              limit: 1000,
+              tags: {
+                included: [],
+                excluded: [],
+              },
+            },
+            version: API_VERSION,
+          })
+          .expect(200);
+
+        const results = resp.body.result.result.hits;
+        expect(results.length).to.be(2);
+        expect(results.map(({ id }: { id: string }) => id)).to.eql([EXISTING_ID_2, EXISTING_ID_1]);
+      });
+    });
+
+    describe('create', () => {
+      it(`should require dataViewSpec to be specified`, async () => {
+        const createWithDataViewSpec = (dataViewSpec: any) =>
+          supertest
+            .post(`${CONTENT_ENDPOINT}/create`)
+            .set('kbn-xsrf', 'kibana')
+            .send({
+              contentTypeId: CONTENT_TYPE_ID,
+              data: { ...DEFAULT_EVENT_ANNOTATION_GROUP, dataViewSpec },
+              options: {
+                references: DEFAULT_REFERENCES,
+              },
+              version: API_VERSION,
+            });
+
+        const errorResp = await createWithDataViewSpec(undefined).expect(400);
+
+        expect(errorResp.body.message).to.be(
+          'Invalid data. [dataViewSpec]: expected at least one defined value but got [undefined]'
+        );
+
+        await createWithDataViewSpec(null).expect(200);
+
+        await createWithDataViewSpec({
+          someDataViewProp: 'some-value',
+        }).expect(200);
+      });
+    });
+
+    describe('update', () => {
+      it(`should require dataViewSpec to be specified`, async () => {
+        const updateWithDataViewSpec = (dataViewSpec: any) =>
+          supertest
+            .post(`${CONTENT_ENDPOINT}/update`)
+            .set('kbn-xsrf', 'kibana')
+            .send({
+              contentTypeId: CONTENT_TYPE_ID,
+              data: { ...DEFAULT_EVENT_ANNOTATION_GROUP, dataViewSpec },
+              id: EXISTING_ID_1,
+              options: {
+                references: DEFAULT_REFERENCES,
+              },
+              version: API_VERSION,
+            });
+
+        const errorResp = await updateWithDataViewSpec(undefined).expect(400);
+
+        expect(errorResp.body.message).to.be(
+          'Invalid data. [dataViewSpec]: expected at least one defined value but got [undefined]'
+        );
+
+        await updateWithDataViewSpec(null).expect(200);
+
+        await updateWithDataViewSpec({
+          someDataViewProp: 'some-value',
+        }).expect(200);
+      });
+    });
+
+    // TODO - delete
+  });
+}