Merge branch 'main' into fix/add-kbn-fips-flag

elastic · Jul 13, 2024 · adcc39c · adcc39c
2 parents cd39c6d + f5fda2c
commit adcc39c
Show file tree

Hide file tree

Showing 248 changed files with 6,190 additions and 2,698 deletions.
diff --git a/.buildkite/ftr_configs.yml b/.buildkite/ftr_configs.yml
@@ -11,9 +11,12 @@ disabled:
   - x-pack/test/fleet_api_integration/config.base.ts
   - x-pack/test/security_solution_api_integration/config/ess/config.base.ts
   - x-pack/test/security_solution_api_integration/config/ess/config.base.basic.ts
+  - x-pack/test/security_solution_api_integration/config/ess/config.base.edr_workflows.trial.ts
+  - x-pack/test/security_solution_api_integration/config/ess/config.base.edr_workflows.ts
+  - x-pack/test/security_solution_api_integration/config/ess/config.base.basic.ts
   - x-pack/test/security_solution_api_integration/config/serverless/config.base.ts
+  - x-pack/test/security_solution_api_integration/config/serverless/config.base.edr_workflows.ts
   - x-pack/test/security_solution_api_integration/config/serverless/config.base.essentials.ts
-  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/configs/config.base.ts
   - x-pack/test/security_solution_endpoint/configs/config.base.ts
 
   # QA suites that are run out-of-band
@@ -580,5 +583,17 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/investigation/timeline/security_and_spaces/configs/ess.trial.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/sources/indices/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/sources/indices/trial_license_complete_tier/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/configs/config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/artifacts/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/artifacts/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/authentication/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/authentication/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/metadata/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/metadata/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/package/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/package/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/policy_response/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/policy_response/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/response_actions/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/edr_workflows/response_actions/trial_license_complete_tier/configs/serverless.config.ts
diff --git a/...e/pipelines/security_solution_quality_gate/mki_periodic/mki_periodic_defend_workflows.yml b/...e/pipelines/security_solution_quality_gate/mki_periodic/mki_periodic_defend_workflows.yml
@@ -1,18 +1,143 @@
 steps:
-  - command: .buildkite/scripts/pipelines/security_solution_quality_gate/edr_workflows/mki_security_solution_defend_workflows.sh cypress:dw:qa:serverless:run
-    label: "Cypress MKI - Defend Workflows "
-    key: test_defend_workflows
-    agents:
-      image: family/kibana-ubuntu-2004
-      imageProject: elastic-images-prod
-      provider: gcp
-      enableNestedVirtualization: true
-      localSsds: 1
-      localSsdInterface: nvme
-      machineType: n2-standard-4
-    timeout_in_minutes: 300
-    parallelism: 6
-    retry:
-      automatic:
-        - exit_status: "*"
-          limit: 1
+  - group: "Cypress MKI - Defend Workflows"
+    key: cypress_test_defend_workflows
+    steps:
+      - label: "Running cypress:dw:qa:serverless:run"
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/edr_workflows/mki_security_solution_defend_workflows.sh cypress:dw:qa:serverless:run
+        key: test_defend_workflows
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          enableNestedVirtualization: true
+          localSsds: 1
+          localSsdInterface: nvme
+          machineType: n2-standard-4
+        timeout_in_minutes: 300
+        parallelism: 6
+        retry:
+          automatic:
+            - exit_status: "*"
+              limit: 1
+
+  - group: "API MKI - Defend Workflows"
+    key: api_test_defend_workflows
+    steps:
+#      - label: "Running edr_workflows:artifacts:qa:serverless"
+#        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh edr_workflows:artifacts:qa:serverless
+#        key: edr_workflows:artifacts:qa:serverless
+#        agents:
+#          image: family/kibana-ubuntu-2004
+#          imageProject: elastic-images-prod
+#          provider: gcp
+#          enableNestedVirtualization: true
+#          localSsds: 1
+#          localSsdInterface: nvme
+#          machineType: n2-standard-4
+#        timeout_in_minutes: 120
+#        retry:
+#          automatic:
+#            - exit_status: "1"
+#              limit: 1
+#
+#      - label: "Running edr_workflows:authentication:qa:serverless"
+#        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh edr_workflows:authentication:qa:serverless
+#        key: edr_workflows:authentication:qa:serverless
+#        agents:
+#          image: family/kibana-ubuntu-2004
+#          imageProject: elastic-images-prod
+#          provider: gcp
+#          enableNestedVirtualization: true
+#          localSsds: 1
+#          localSsdInterface: nvme
+#          machineType: n2-standard-4
+#        timeout_in_minutes: 120
+#        retry:
+#          automatic:
+#            - exit_status: "1"
+#              limit: 1
+#
+#      - label: "Running edr_workflows:metadata:qa:serverless"
+#        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh edr_workflows:metadata:qa:serverless
+#        key: edr_workflows:metadata:qa:serverless
+#        agents:
+#          image: family/kibana-ubuntu-2004
+#          imageProject: elastic-images-prod
+#          provider: gcp
+#          enableNestedVirtualization: true
+#          localSsds: 1
+#          localSsdInterface: nvme
+#          machineType: n2-standard-4
+#        timeout_in_minutes: 120
+#        retry:
+#          automatic:
+#            - exit_status: "1"
+#              limit: 1
+#
+#      - label: "Running edr_workflows:package:qa:serverless"
+#        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh edr_workflows:package:qa:serverless
+#        key: edr_workflows:package:qa:serverless
+#        agents:
+#          image: family/kibana-ubuntu-2004
+#          imageProject: elastic-images-prod
+#          provider: gcp
+#          enableNestedVirtualization: true
+#          localSsds: 1
+#          localSsdInterface: nvme
+#          machineType: n2-standard-4
+#        timeout_in_minutes: 120
+#        retry:
+#          automatic:
+#            - exit_status: "1"
+#              limit: 1
+
+      - label: "Running edr_workflows:policy_response:qa:serverless"
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh edr_workflows:policy_response:qa:serverless
+        key: edr_workflows:policy_response:qa:serverless
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          enableNestedVirtualization: true
+          localSsds: 1
+          localSsdInterface: nvme
+          machineType: n2-standard-4
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: "1"
+              limit: 1
+
+      - label: "Running edr_workflows:resolver:qa:serverless"
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh edr_workflows:resolver:qa:serverless
+        key: edr_workflows:resolver:qa:serverless
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          enableNestedVirtualization: true
+          localSsds: 1
+          localSsdInterface: nvme
+          machineType: n2-standard-4
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: "1"
+              limit: 1
+
+      - label: "Running edr_workflows:response_actions:qa:serverless"
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh edr_workflows:response_actions:qa:serverless
+        key: edr_workflows:response_actions:qa:serverless
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          enableNestedVirtualization: true
+          localSsds: 1
+          localSsdInterface: nvme
+          machineType: n2-standard-4
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: "1"
+              limit: 1
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1618,7 +1618,7 @@ x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout  @elastic/
 /x-pack/plugins/security_solution/server/fleet_integration/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/scripts/endpoint/ @elastic/security-defend-workflows
 /x-pack/test/security_solution_endpoint/ @elastic/security-defend-workflows
-/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/ @elastic/security-defend-workflows
+/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/ @elastic/security-defend-workflows
 /x-pack/test_serverless/shared/lib/security/kibana_roles/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution_serverless/public/upselling/sections/endpoint_management @elastic/security-defend-workflows
 /x-pack/plugins/security_solution_serverless/public/upselling/pages/endpoint_management @elastic/security-defend-workflows

diff --git a/packages/core/http/core-http-server-internal/src/https_redirect_server.test.ts b/packages/core/http/core-http-server-internal/src/https_redirect_server.test.ts
@@ -96,3 +96,14 @@ test('forwards http requests to https', async () => {
       expect(res.header.location).toEqual(`https://${config.host}:${config.port}/`);
     });
 });
+
+test('keeps the request host when redirecting', async () => {
+  await server.start(config);
+
+  await supertest(`http://localhost:${config.ssl.redirectHttpFromPort}`)
+    .get('/')
+    .expect(302)
+    .then((res) => {
+      expect(res.header.location).toEqual(`https://localhost:${config.port}/`);
+    });
+});
diff --git a/packages/core/http/core-http-server-internal/src/https_redirect_server.ts b/packages/core/http/core-http-server-internal/src/https_redirect_server.ts
@@ -40,7 +40,7 @@ export class HttpsRedirectServer {
       return responseToolkit
         .redirect(
           formatUrl({
-            hostname: config.host,
+            hostname: request.url.hostname,
             pathname: request.url.pathname,
             port: config.port,
             protocol: 'https',

diff --git a/packages/kbn-ftr-common-functional-ui-services/services/remote/webdriver.ts b/packages/kbn-ftr-common-functional-ui-services/services/remote/webdriver.ts
@@ -32,26 +32,48 @@ import { preventParallelCalls } from './prevent_parallel_calls';
 import { Browsers } from './browsers';
 import { NetworkProfile, NETWORK_PROFILES } from './network_profiles';
 
-const throttleOption: string = process.env.TEST_THROTTLE_NETWORK as string;
-const headlessBrowser: string = process.env.TEST_BROWSER_HEADLESS as string;
-const browserBinaryPath: string = process.env.TEST_BROWSER_BINARY_PATH as string;
-const remoteDebug: string = process.env.TEST_REMOTE_DEBUG as string;
-const certValidation: string = process.env.NODE_TLS_REJECT_UNAUTHORIZED as string;
-const noCache: string = process.env.TEST_DISABLE_CACHE as string;
+interface Configuration {
+  throttleOption: string;
+  headlessBrowser: string;
+  browserBinaryPath: string;
+  remoteDebug: string;
+  certValidation: string;
+  noCache: string;
+  chromiumUserPrefs: Record<string, any>;
+}
+
+const now = Date.now();
 const SECOND = 1000;
 const MINUTE = 60 * SECOND;
 const NO_QUEUE_COMMANDS = ['getLog', 'getStatus', 'newSession', 'quit'];
 const downloadDir = resolve(REPO_ROOT, 'target/functional-tests/downloads');
-const chromiumUserPrefs = {
-  'download.default_directory': downloadDir,
-  'download.prompt_for_download': false,
-  'profile.content_settings.exceptions.clipboard': {
-    '[*.],*': {
-      last_modified: Date.now(),
-      setting: 1,
-    },
-  },
-};
+let runtimeEnvVariables: Configuration | undefined;
+
+// ENV variables may be injected dynamically by the test runner CLI script
+// so do not read on module load, rather read on demand.
+function getConfiguration(): Configuration {
+  if (!runtimeEnvVariables) {
+    runtimeEnvVariables = {
+      throttleOption: process.env.TEST_THROTTLE_NETWORK as string,
+      headlessBrowser: process.env.TEST_BROWSER_HEADLESS as string,
+      browserBinaryPath: process.env.TEST_BROWSER_BINARY_PATH as string,
+      remoteDebug: process.env.TEST_REMOTE_DEBUG as string,
+      certValidation: process.env.NODE_TLS_REJECT_UNAUTHORIZED as string,
+      noCache: process.env.TEST_DISABLE_CACHE as string,
+      chromiumUserPrefs: {
+        'download.default_directory': downloadDir,
+        'download.prompt_for_download': false,
+        'profile.content_settings.exceptions.clipboard': {
+          '[*.],*': {
+            last_modified: now,
+            setting: 1,
+          },
+        },
+      },
+    };
+  }
+  return runtimeEnvVariables;
+}
 
 const sleep$ = (ms: number) => Rx.timer(ms).pipe(ignoreElements());
 
@@ -75,6 +97,14 @@ export interface BrowserConfig {
 
 function initChromiumOptions(browserType: Browsers, acceptInsecureCerts: boolean) {
   const options = browserType === Browsers.Chrome ? new chrome.Options() : new edge.Options();
+  const {
+    headlessBrowser,
+    certValidation,
+    remoteDebug,
+    browserBinaryPath,
+    noCache,
+    chromiumUserPrefs,
+  } = getConfiguration();
 
   options.addArguments(
     // Disables the sandbox for all process types that are normally sandboxed.
@@ -162,6 +192,7 @@ async function attemptToCreateCommand(
   const attemptId = ++attemptCounter;
   log.debug('[webdriver] Creating session');
   const remoteSessionUrl = process.env.REMOTE_SESSION_URL;
+  const { headlessBrowser, throttleOption, noCache } = getConfiguration();
 
   const buildDriverInstance = async () => {
     switch (browserType) {

diff --git a/src/plugins/unified_histogram/public/chart/histogram.tsx b/src/plugins/unified_histogram/public/chart/histogram.tsx
@@ -185,7 +185,7 @@ export function Histogram({
     }
 
     & .lnsExpressionRenderer {
-      width: ${attributes.visualizationType === 'lnsMetric' ? '90$' : '100%'};
+      width: ${attributes.visualizationType === 'lnsMetric' ? '90%' : '100%'};
       margin: auto;
       box-shadow: ${attributes.visualizationType === 'lnsMetric' ? boxShadow : 'none'};
     }

diff --git a/test/api_integration/apis/esql/errors.ts b/test/api_integration/apis/esql/errors.ts
@@ -237,7 +237,8 @@ export default function ({ getService }: FtrProviderContext) {
             await cleanup();
           });
 
-          it(`Checking error messages`, async () => {
+          // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/188109
+          it.skip(`Checking error messages`, async () => {
             for (const { query, error } of queryToErrors) {
               const jsonBody = await sendESQLQuery(query);
 

diff --git a/test/functional/apps/home/_welcome.ts b/test/functional/apps/home/_welcome.ts
@@ -15,7 +15,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const PageObjects = getPageObjects(['common', 'home']);
   const deployment = getService('deployment');
 
-  describe('Welcome interstitial', () => {
+  // FLAKY: https://github.com/elastic/kibana/issues/186168
+  describe.skip('Welcome interstitial', () => {
     beforeEach(async () => {
       // Need to navigate to page first to clear storage before test can be run
       await PageObjects.common.navigateToUrl('home', undefined);

diff --git a/x-pack/packages/kbn-elastic-assistant-common/constants.ts b/x-pack/packages/kbn-elastic-assistant-common/constants.ts
@@ -10,20 +10,22 @@ export const ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION = '1';
 export const ELASTIC_AI_ASSISTANT_URL = '/api/security_ai_assistant';
 export const ELASTIC_AI_ASSISTANT_INTERNAL_URL = '/internal/elastic_assistant';
 
-export const ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL = `${ELASTIC_AI_ASSISTANT_INTERNAL_URL}/current_user/conversations`;
+export const ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL = `${ELASTIC_AI_ASSISTANT_URL}/current_user/conversations`;
 export const ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL_BY_ID = `${ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL}/{id}`;
-export const ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL_BY_ID_MESSAGES = `${ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL_BY_ID}/messages`;
+
+export const ELASTIC_AI_ASSISTANT_INTERNAL_CONVERSATIONS_URL = `${ELASTIC_AI_ASSISTANT_INTERNAL_URL}/current_user/conversations`;
+export const ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL_BY_ID_MESSAGES = `${ELASTIC_AI_ASSISTANT_INTERNAL_CONVERSATIONS_URL}/{id}/messages`;
 
 export const ELASTIC_AI_ASSISTANT_CHAT_COMPLETE_URL = `${ELASTIC_AI_ASSISTANT_URL}/chat/complete`;
 
-export const ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL_BULK_ACTION = `${ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL}/_bulk_action`;
+export const ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL_BULK_ACTION = `${ELASTIC_AI_ASSISTANT_INTERNAL_CONVERSATIONS_URL}/_bulk_action`;
 export const ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL_FIND = `${ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL}/_find`;
 
-export const ELASTIC_AI_ASSISTANT_PROMPTS_URL = `${ELASTIC_AI_ASSISTANT_INTERNAL_URL}/prompts`;
+export const ELASTIC_AI_ASSISTANT_PROMPTS_URL = `${ELASTIC_AI_ASSISTANT_URL}/prompts`;
 export const ELASTIC_AI_ASSISTANT_PROMPTS_URL_BULK_ACTION = `${ELASTIC_AI_ASSISTANT_PROMPTS_URL}/_bulk_action`;
 export const ELASTIC_AI_ASSISTANT_PROMPTS_URL_FIND = `${ELASTIC_AI_ASSISTANT_PROMPTS_URL}/_find`;
 
-export const ELASTIC_AI_ASSISTANT_ANONYMIZATION_FIELDS_URL = `${ELASTIC_AI_ASSISTANT_INTERNAL_URL}/anonymization_fields`;
+export const ELASTIC_AI_ASSISTANT_ANONYMIZATION_FIELDS_URL = `${ELASTIC_AI_ASSISTANT_URL}/anonymization_fields`;
 export const ELASTIC_AI_ASSISTANT_ANONYMIZATION_FIELDS_URL_BULK_ACTION = `${ELASTIC_AI_ASSISTANT_ANONYMIZATION_FIELDS_URL}/_bulk_action`;
 export const ELASTIC_AI_ASSISTANT_ANONYMIZATION_FIELDS_URL_FIND = `${ELASTIC_AI_ASSISTANT_ANONYMIZATION_FIELDS_URL}/_find`;
 

diff --git a/...ssistant/impl/assistant/api/anonymization_fields/bulk_update_anonymization_fields.test.ts b/...ssistant/impl/assistant/api/anonymization_fields/bulk_update_anonymization_fields.test.ts
@@ -48,7 +48,7 @@ describe('bulkUpdateAnonymizationFields', () => {
       ELASTIC_AI_ASSISTANT_ANONYMIZATION_FIELDS_URL_BULK_ACTION,
       {
         method: 'POST',
-        version: API_VERSIONS.internal.v1,
+        version: API_VERSIONS.public.v1,
         body: JSON.stringify({
           create: [],
           update: [],
@@ -71,7 +71,7 @@ describe('bulkUpdateAnonymizationFields', () => {
       ELASTIC_AI_ASSISTANT_ANONYMIZATION_FIELDS_URL_BULK_ACTION,
       {
         method: 'POST',
-        version: API_VERSIONS.internal.v1,
+        version: API_VERSIONS.public.v1,
         body: JSON.stringify({
           create: [anonymizationField1, anonymizationField2],
           update: [],
@@ -93,7 +93,7 @@ describe('bulkUpdateAnonymizationFields', () => {
       ELASTIC_AI_ASSISTANT_ANONYMIZATION_FIELDS_URL_BULK_ACTION,
       {
         method: 'POST',
-        version: API_VERSIONS.internal.v1,
+        version: API_VERSIONS.public.v1,
         body: JSON.stringify({
           update: [anonymizationField1, anonymizationField2],
           delete: { ids: [] },