Merge branch 'main' into console/suggestions_on_delete

elastic · Jun 4, 2024 · d0ec290 · d0ec290
2 parents 706f242 + c89ee65
commit d0ec290
Show file tree

Hide file tree

Showing 181 changed files with 2,295 additions and 2,338 deletions.
diff --git a/.buildkite/ftr_configs.yml b/.buildkite/ftr_configs.yml
@@ -1,7 +1,4 @@
 disabled:
-  # TODO: Enable once RBAC timeline search strategy test updated
-  - x-pack/test/timeline/security_and_spaces/config_basic.ts
-
   # Base config files, only necessary to inform config finding script
   - test/functional/config.base.js
   - test/functional/firefox/config.base.ts
@@ -16,6 +13,8 @@ disabled:
   - x-pack/test/security_solution_api_integration/config/ess/config.base.basic.ts
   - x-pack/test/security_solution_api_integration/config/serverless/config.base.ts
   - x-pack/test/security_solution_api_integration/config/serverless/config.base.essentials.ts
+  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/configs/config.base.ts
+  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/configs/config.base.ts
   - x-pack/test/security_solution_endpoint/config.base.ts
   - x-pack/test/security_solution_endpoint_api_int/config.base.ts
 
@@ -399,21 +398,12 @@ enabled:
   - x-pack/test/security_functional/insecure_cluster_warning.config.ts
   - x-pack/test/security_functional/user_profiles.config.ts
   - x-pack/test/security_functional/expired_session.config.ts
-  - x-pack/test/security_solution_endpoint_api_int/config.ts
-  - x-pack/test/security_solution_endpoint_api_int/serverless.config.ts
-  - x-pack/test/security_solution_endpoint/endpoint.config.ts
-  - x-pack/test/security_solution_endpoint/serverless.endpoint.config.ts
-  - x-pack/test/security_solution_endpoint/integrations.config.ts
-  - x-pack/test/security_solution_endpoint/integrations_feature_flag.config.ts
-  - x-pack/test/security_solution_endpoint/serverless.integrations.config.ts
-  - x-pack/test/security_solution_endpoint/serverless.integrations_feature_flag.config.ts
   - x-pack/test/session_view/basic/config.ts
   - x-pack/test/spaces_api_integration/security_and_spaces/config_basic.ts
   - x-pack/test/spaces_api_integration/security_and_spaces/copy_to_space_config_basic.ts
   - x-pack/test/spaces_api_integration/security_and_spaces/config_trial.ts
   - x-pack/test/spaces_api_integration/security_and_spaces/copy_to_space_config_trial.ts
   - x-pack/test/spaces_api_integration/spaces_only/config.ts
-  - x-pack/test/timeline/security_and_spaces/config_trial.ts
   - x-pack/test/ui_capabilities/security_and_spaces/config.ts
   - x-pack/test/ui_capabilities/spaces_only/config.ts
   - x-pack/test/upgrade_assistant_integration/config.js
@@ -565,5 +555,16 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/investigation/saved_objects/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/investigation/timeline/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/investigation/timeline/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/investigation/timeline/security_and_spaces/configs/ess.basic.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/investigation/timeline/security_and_spaces/configs/ess.trial.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/sources/indices/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/sources/indices/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/configs/config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/configs/endpoint.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/configs/serverless.endpoint.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/configs/integrations.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/configs/serverless.integrations.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/configs/serverless.integrations_feature_flag.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/configs/integrations_feature_flag.config.ts
+
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1585,8 +1585,8 @@ x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout  @elastic/
 /x-pack/plugins/security_solution/server/lib/license/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/fleet_integration/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/scripts/endpoint/ @elastic/security-defend-workflows
-/x-pack/test/security_solution_endpoint/ @elastic/security-defend-workflows
-/x-pack/test/security_solution_endpoint_api_int/ @elastic/security-defend-workflows
+/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/ @elastic/security-defend-workflows
+/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/ @elastic/security-defend-workflows
 /x-pack/test_serverless/shared/lib/security/kibana_roles/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution_serverless/public/upselling/sections/endpoint_management @elastic/security-defend-workflows
 /x-pack/plugins/security_solution_serverless/public/upselling/pages/endpoint_management @elastic/security-defend-workflows

diff --git a/packages/kbn-alerting-types/action_variable.ts b/packages/kbn-alerting-types/action_variable.ts
@@ -0,0 +1,100 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+export interface ActionVariable {
+  name: string;
+  description: string;
+  deprecated?: boolean;
+  useWithTripleBracesInTemplates?: boolean;
+  usesPublicBaseUrl?: boolean;
+}
+
+/**
+ *  Returns all flattened keys from a deeply nested object as union
+ */
+type FlattenKeys<T extends Record<string, unknown>, Key = keyof T> = Key extends string
+  ? T[Key] extends Record<string, unknown>
+    ? `${Key}.${FlattenKeys<T[Key]>}`
+    : `${Key}`
+  : never;
+
+/**
+ * All valid action context variables
+ */
+export interface ActionContextVariables {
+  alertId: string;
+  alertName: string;
+  alertInstanceId: string;
+  alertActionGroup: string;
+  alertActionGroupName: string;
+  tags?: string[];
+  spaceId: string;
+  params: Record<string, unknown>;
+  context: Record<string, unknown>;
+  date: string;
+  state: Record<string, unknown>;
+  kibanaBaseUrl?: string;
+  rule: {
+    id: string;
+    name: string;
+    spaceId: string;
+    type: string;
+    params: Record<string, unknown>;
+    tags?: string[];
+    url?: string;
+  };
+  alert: {
+    id: string;
+    uuid: string;
+    actionGroup: string;
+    actionGroupName: string;
+    flapping: boolean;
+    consecutiveMatches?: number;
+  };
+}
+
+/**
+ * All valid summarized action context variables
+ */
+export type SummaryActionContextVariables = ActionContextVariables & {
+  alerts: {
+    new: {
+      count: number;
+      data: unknown[];
+    };
+    ongoing: {
+      count: number;
+      data: unknown[];
+    };
+    recovered: {
+      count: number;
+      data: unknown[];
+    };
+    all: {
+      count: number;
+      data: unknown[];
+    };
+  };
+};
+
+/**
+ * This type takes a deep nested object and returns all flattened keys as a union.
+ * This is needed for the UI where the context variables are used as flattened keys.
+ * We need to remove params and add it ourselves because FlattenKeys
+ * produces `params.${string}` for the params which leads to a TS error
+ * in the UI when the key of the record is `params`
+ */
+export type ActionContextVariablesFlatten =
+  | FlattenKeys<Omit<ActionContextVariables, 'context' | 'state' | 'params'>>
+  | 'params'
+  | 'rule.params';
+
+export type SummaryActionContextVariablesFlatten =
+  | FlattenKeys<Omit<SummaryActionContextVariables, 'context' | 'state' | 'params'>>
+  | 'params'
+  | 'rule.params';
diff --git a/packages/kbn-alerting-types/index.ts b/packages/kbn-alerting-types/index.ts
@@ -13,3 +13,4 @@ export * from './alert_type';
 export * from './rule_notify_when_type';
 export * from './r_rule_types';
 export * from './rule_types';
+export * from './action_variable';
diff --git a/packages/kbn-alerting-types/rule_type_types.ts b/packages/kbn-alerting-types/rule_type_types.ts
@@ -9,20 +9,13 @@
 import type { LicenseType } from '@kbn/licensing-plugin/common/types';
 import type { RecoveredActionGroupId, DefaultActionGroupId } from './builtin_action_groups_types';
 import { ActionGroup } from './action_group_types';
+import { ActionVariable } from './action_variable';
 
 interface ConsumerPrivileges {
   read: boolean;
   all: boolean;
 }
 
-export interface ActionVariable {
-  name: string;
-  description: string;
-  deprecated?: boolean;
-  useWithTripleBracesInTemplates?: boolean;
-  usesPublicBaseUrl?: boolean;
-}
-
 export interface RuleType<
   ActionGroupIds extends Exclude<string, RecoveredActionGroupId> = DefaultActionGroupId,
   RecoveryActionGroupId extends string = RecoveredActionGroupId

diff --git a/packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml b/packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml
@@ -307,13 +307,18 @@ threat_intelligence_analyst:
         - logstash-*
       privileges:
         - read
+    - names:
+        - .asset-criticality.asset-criticality-*
+      privileges:
+        - read
+        - write
     - names:
         - .lists*
         - .items*
-        - .asset-criticality.asset-criticality-*
       privileges:
         - read
         - write
+        - view_index_metadata
     - names:
         - .alerts-security*
         - .siem-signals-*
@@ -684,13 +689,18 @@ endpoint_policy_manager:
         - risk-score.risk-score-*
       privileges:
         - read
+    - names:
+        - .asset-criticality.asset-criticality-*
+      privileges:
+        - read
+        - write
     - names:
         - .lists*
         - .items*
-        - .asset-criticality.asset-criticality-*
       privileges:
         - read
         - write
+        - view_index_metadata
     - names:
         - .alerts-security*
         - .siem-signals-*

diff --git a/packages/kbn-management/settings/setting_ids/index.ts b/packages/kbn-management/settings/setting_ids/index.ts
@@ -174,9 +174,6 @@ export const SECURITY_SOLUTION_ENABLE_CCS_WARNING_ID = 'securitySolution:enableC
 export const SECURITY_SOLUTION_SHOW_RELATED_INTEGRATIONS_ID =
   'securitySolution:showRelatedIntegrations';
 export const SECURITY_SOLUTION_DEFAULT_ALERT_TAGS_KEY = 'securitySolution:alertTags' as const;
-/** This Kibana Advanced Setting allows users to enable/disable the Expandable Flyout */
-export const SECURITY_SOLUTION_ENABLE_EXPANDABLE_FLYOUT_SETTING =
-  'securitySolution:enableExpandableFlyout' as const;
 /** This Kibana Advanced Setting allows users to enable/disable querying cold and frozen data tiers in analyzer */
 export const SECURITY_SOLUTION_EXCLUDE_COLD_AND_FROZEN_TIERS_IN_ANALYZER =
   'securitySolution:excludeColdAndFrozenTiersInAnalyzer' as const;

diff --git a/packages/kbn-react-field/package.json b/packages/kbn-react-field/package.json
@@ -2,5 +2,6 @@
   "name": "@kbn/react-field",
   "version": "1.0.0",
   "license": "SSPL-1.0 OR Elastic License 2.0",
-  "private": true
+  "private": true,
+  "sideEffects": ["*.scss"]
 }
diff --git a/packages/serverless/settings/security_project/index.ts b/packages/serverless/settings/security_project/index.ts
@@ -23,7 +23,6 @@ export const SECURITY_PROJECT_SETTINGS = [
   settings.SECURITY_SOLUTION_NEWS_FEED_URL_ID,
   settings.SECURITY_SOLUTION_ENABLE_NEWS_FEED_ID,
   settings.SECURITY_SOLUTION_DEFAULT_ALERT_TAGS_KEY,
-  settings.SECURITY_SOLUTION_ENABLE_EXPANDABLE_FLYOUT_SETTING,
   settings.SECURITY_SOLUTION_ENABLE_ASSET_CRITICALITY_SETTING,
   settings.SECURITY_SOLUTION_EXCLUDE_COLD_AND_FROZEN_TIERS_IN_ANALYZER,
 ];
diff --git a/src/plugins/kibana_usage_collection/server/collectors/management/schema.ts b/src/plugins/kibana_usage_collection/server/collectors/management/schema.ts
@@ -110,10 +110,6 @@ export const stackManagementSchema: MakeSchemaFrom<UsageStats> = {
     type: 'boolean',
     _meta: { description: 'Non-default value of setting.' },
   },
-  'securitySolution:enableExpandableFlyout': {
-    type: 'boolean',
-    _meta: { description: 'Non-default value of setting.' },
-  },
   'securitySolution:enableAssetCriticality': {
     type: 'boolean',
     _meta: { description: 'Non-default value of setting.' },

diff --git a/src/plugins/kibana_usage_collection/server/collectors/management/types.ts b/src/plugins/kibana_usage_collection/server/collectors/management/types.ts
@@ -73,7 +73,6 @@ export interface UsageStats {
   'securitySolution:defaultAnomalyScore': number;
   'securitySolution:refreshIntervalDefaults': string;
   'securitySolution:enableNewsFeed': boolean;
-  'securitySolution:enableExpandableFlyout': boolean;
   'securitySolution:enableAssetCriticality': boolean;
   'securitySolution:excludeColdAndFrozenTiersInAnalyzer': boolean;
   'securitySolution:enableCcsWarning': boolean;

diff --git a/src/plugins/telemetry/schema/oss_plugins.json b/src/plugins/telemetry/schema/oss_plugins.json
@@ -9630,12 +9630,6 @@
             "description": "Non-default value of setting."
           }
         },
-        "securitySolution:enableExpandableFlyout": {
-          "type": "boolean",
-          "_meta": {
-            "description": "Non-default value of setting."
-          }
-        },
         "securitySolution:enableAssetCriticality": {
           "type": "boolean",
           "_meta": {

diff --git a/...ins/aiops/public/embeddables/change_point_chart/embeddable_change_point_chart_factory.tsx b/...ins/aiops/public/embeddables/change_point_chart/embeddable_change_point_chart_factory.tsx
@@ -188,6 +188,10 @@ export const getChangePointChartEmbeddableFactory = (
         pluginStart
       );
 
+      const onLoading = (v: boolean) => dataLoading.next(v);
+      const onRenderComplete = () => dataLoading.next(false);
+      const onError = (error: Error) => blockingError.next(error);
+
       return {
         api,
         Component: () => {
@@ -242,9 +246,9 @@ export const getChangePointChartEmbeddableFactory = (
               maxSeriesToPlot={maxSeriesToPlot}
               dataViewId={dataViewId}
               partitions={partitions}
-              onLoading={(v) => dataLoading.next(v)}
-              onRenderComplete={() => dataLoading.next(false)}
-              onError={(error) => blockingError.next(error)}
+              onLoading={onLoading}
+              onRenderComplete={onRenderComplete}
+              onError={onError}
               embeddingOrigin={embeddingOrigin}
               lastReloadRequestTime={lastReloadRequestTime}
             />

diff --git a/x-pack/plugins/aiops/public/shared_components/index.tsx b/x-pack/plugins/aiops/public/shared_components/index.tsx
@@ -17,9 +17,9 @@ export const getChangePointDetectionComponent = (
   coreStart: CoreStart,
   pluginStart: AiopsPluginStartDeps
 ): ChangePointDetectionSharedComponent => {
-  return (props) => {
+  return React.memo((props) => {
     return <ChangePointDetectionLazy coreStart={coreStart} pluginStart={pluginStart} {...props} />;
-  };
+  });
 };
 
 export type { ChangePointDetectionSharedComponent } from './change_point_detection';
diff --git a/x-pack/plugins/alerting/server/task_runner/transform_action_params.ts b/x-pack/plugins/alerting/server/task_runner/transform_action_params.ts
@@ -6,6 +6,7 @@
  */
 
 import { PluginStartContract as ActionsPluginStartContract } from '@kbn/actions-plugin/server';
+import { ActionContextVariables, SummaryActionContextVariables } from '@kbn/alerting-types';
 import { AADAlert } from '@kbn/alerts-as-data-utils';
 import { mapKeys, snakeCase } from 'lodash/fp';
 import {
@@ -85,7 +86,8 @@ export function transformActionParams({
   // when the list of variables we pass in here changes,
   // the UI will need to be updated as well; see:
   // x-pack/plugins/triggers_actions_ui/public/application/lib/action_variables.ts
-  const variables = {
+
+  const variables: ActionContextVariables = {
     alertId,
     alertName,
     spaceId,
@@ -115,14 +117,19 @@ export function transformActionParams({
       flapping,
       consecutiveMatches,
     },
+  };
+
+  const variablesWithAADFields: Record<string, unknown> = {
     ...(aadAlert ? { ...aadAlert } : {}),
+    // we do not want the AAD fields to overwrite the base fields
+    ...variables,
   };
 
   return actionsPlugin.renderActionParameterTemplates(
     actionTypeId,
     actionId,
     actionParams,
-    variables
+    variablesWithAADFields
   );
 }
 
@@ -149,7 +156,11 @@ export function transformSummaryActionParams({
   kibanaBaseUrl?: string;
   ruleUrl?: string;
 }): RuleActionParams {
-  const variables = {
+  // when the list of variables we pass in here changes,
+  // the UI will need to be updated as well; see:
+  // x-pack/plugins/triggers_actions_ui/public/application/lib/action_variables.ts
+
+  const variables: SummaryActionContextVariables = {
     alertId: rule.id,
     alertName: rule.name,
     spaceId,
@@ -192,10 +203,8 @@ export function transformSummaryActionParams({
     },
     alerts,
   };
-  return actionsPlugin.renderActionParameterTemplates(
-    actionTypeId,
-    actionId,
-    actionParams,
-    variables
-  );
+
+  return actionsPlugin.renderActionParameterTemplates(actionTypeId, actionId, actionParams, {
+    ...variables,
+  });
 }