Merge branch 'master' of github.com:elastic/kibana into detections-fi…

…x-import-rules

.github/CODEOWNERS

@@ -150,9 +150,9 @@
 **/*.scss  @elastic/kibana-design
 
 # Elasticsearch UI
-/src/legacy/core_plugins/console/  @elastic/es-ui
+/src/plugins/console/  @elastic/es-ui
 /src/plugins/es_ui_shared/  @elastic/es-ui
-/x-pack/legacy/plugins/console_extensions/  @elastic/es-ui
+/x-pack/plugins/console_extensions/  @elastic/es-ui
 /x-pack/legacy/plugins/cross_cluster_replication/  @elastic/es-ui
 /x-pack/legacy/plugins/index_lifecycle_management/  @elastic/es-ui
 /x-pack/legacy/plugins/index_management/  @elastic/es-ui

.i18nrc.json

@@ -1,7 +1,7 @@
 {
   "paths": {
     "common.ui": "src/legacy/ui",
-    "console": "src/legacy/core_plugins/console",
+    "console": "src/plugins/console",
     "core": "src/core",
     "dashboardEmbeddableContainer": "src/plugins/dashboard_embeddable_container",
     "data": [

CONTRIBUTING.md

@@ -174,6 +174,16 @@ yarn kbn bootstrap
 
 (You can also run `yarn kbn` to see the other available commands. For more info about this tool, see https://github.com/elastic/kibana/tree/master/packages/kbn-pm.)
 
+When switching branches which use different versions of npm packages you may need to run;
+```bash
+yarn kbn clean
+```
+
+If you have failures during `yarn kbn bootstrap` you may have some corrupted packages in your yarn cache which you can clean with;
+```bash
+yarn cache clean
+```
+
 #### Increase node.js heap size
 
 Kibana is a big project and for some commands it can happen that the process hits the default heap limit and crashes with an out-of-memory error. If you run into this problem, you can increase maximum heap size by setting the `--max_old_space_size` option on the command line. To set the limit for all commands, simply add the following line to your shell config: `export NODE_OPTIONS="--max_old_space_size=2048"`.

docs/user/security/authentication/index.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[kibana-authentication]]
-=== Authentication in Kibana
+=== Authentication in {kib}
 ++++
 <titleabbrev>Authentication</titleabbrev>
 ++++
@@ -16,23 +16,23 @@
 [[basic-authentication]]
 ==== Basic authentication
 
-Basic authentication requires a username and password to successfully log in to {kib}. It is enabled by default and based on the Native security realm provided by {es}. The basic authentication provider uses a Kibana provided login form, and supports authentication using the `Authorization` request header's `Basic` scheme.
+To successfully log in to {kib}, basic authentication requires a username and password. Basic authentication is enabled by default, and is based on the Native security realm or LDAP security realm that is provided by {es}. The basic authentication provider uses a {kib} provided login form, and supports authentication using the `Authorization` request header `Basic` scheme.
 
-The session cookies that are issued by the basic authentication provider are stateless. Therefore, logging out of Kibana when using the basic authentication provider clears the session cookies from the browser but does not invalidate the session cookie for reuse.
+The session cookies that are issued by the basic authentication provider are stateless. Therefore, logging out of {kib} when using the basic authentication provider clears the session cookies from the browser, but does not invalidate the session cookie for reuse.
 
 For more information about basic authentication and built-in users, see
 {ref}/setting-up-authentication.html[User authentication].
 
 [[token-authentication]]
 ==== Token authentication
 
-Token authentication allows users to login using the same Kibana provided login form as basic authentication. The token authentication provider is built on {es}'s token APIs. The bearer tokens returned by {es}'s {ref}/security-api-get-token.html[get token API] can be used directly with Kibana using the `Authorization` request header with the `Bearer` scheme.
+Token authentication allows users to login using the same {kib} provided login form as basic authentication, and is based on the Native security realm or LDAP security realm that is provided by {es}. The token authentication provider is built on {es} token APIs. The bearer tokens returned by {es}'s {ref}/security-api-get-token.html[get token API] can be used directly with {kib} using the `Authorization` request header with the `Bearer` scheme.
 
-The session cookies that are issued by the token authentication provider are stateful, and logging out of Kibana invalidates the session cookies for reuse.
+The session cookies that are issued by the token authentication provider are stateful, and logging out of {kib} invalidates the session cookies for reuse.
 
-Prior to configuring Kibana, ensure token support is enabled in Elasticsearch. See the {ref}/security-api-get-token.html[Elasticsearch token API] documentation for more information.
+Prior to configuring {kib}, ensure token support is enabled in {es}. See the {ref}/security-api-get-token.html[{es} token API] documentation for more information.
 
-To enable the token authentication provider in Kibana, set the following value in your `kibana.yml`:
+To enable the token authentication provider in {kib}, set the following value in your `kibana.yml`:
 
 [source,yaml]
 --------------------------------------------------------------------------------
@@ -67,7 +67,7 @@ server.ssl.clientAuthentication: required
 xpack.security.authc.providers: [pki]
 --------------------------------------------------------------------------------
 
-NOTE: Trusted CAs can also be specified in a PKCS #12 keystore bundled with your Kibana server certificate/key using
+NOTE: Trusted CAs can also be specified in a PKCS #12 keystore bundled with your {kib} server certificate/key using
 `server.ssl.keystore.path` or in a separate trust store using `server.ssl.truststore.path`.
 
 PKI support in {kib} is designed to be the primary (or sole) authentication method for users of that {kib} instance. However, you can configure both PKI and Basic authentication for the same {kib} instance:
@@ -128,7 +128,7 @@ Basic authentication is supported _only_ if `basic` authentication provider is e
 
 At the beginning of the SAML handshake, {kib} stores the initial URL in the session cookie, so it can redirect the user back to that URL after successful SAML authentication.
 If the URL is long, the session cookie might exceed the maximum size supported by the browser--typically 4KB for all cookies per domain. When this happens, the session cookie is truncated,
-or dropped completely, and you might experience sporadic failures during SAML authentication. 
+or dropped completely, and you might experience sporadic failures during SAML authentication.
 
 To remedy this issue, you can decrease the maximum
 size of the URL that {kib} is allowed to store during the SAML handshake. The default value is 2KB.
@@ -185,7 +185,7 @@ Users will be able to access the login page and use Basic authentication by navi
 [float]
 ==== Single sign-on provider details
 
-The following sections apply both to <<saml>> and <<oidc>> 
+The following sections apply both to <<saml>> and <<oidc>>
 
 [float]
 ===== Access and refresh tokens

renovate.json5

@@ -25,15 +25,15 @@
     'Team:Operations',
     'renovate',
     'v8.0.0',
-    'v7.6.0',
+    'v7.7.0',
   ],
   major: {
     labels: [
       'release_note:skip',
       'Team:Operations',
       'renovate',
       'v8.0.0',
-      'v7.6.0',
+      'v7.7.0',
       'renovate:major',
     ],
   },
@@ -238,7 +238,7 @@
           'Team:Operations',
           'renovate',
           'v8.0.0',
-          'v7.6.0',
+          'v7.7.0',
           ':ml',
         ],
       },

src/core/server/http/router/response_adapter.ts

@@ -19,6 +19,7 @@
 import { ResponseObject as HapiResponseObject, ResponseToolkit as HapiResponseToolkit } from 'hapi';
 import typeDetect from 'type-detect';
 import Boom from 'boom';
+import * as stream from 'stream';
 
 import {
   HttpResponsePayload,
@@ -112,8 +113,18 @@ export class HapiResponseAdapter {
     return response;
   }
 
-  private toError(kibanaResponse: KibanaResponse<ResponseError>) {
+  private toError(kibanaResponse: KibanaResponse<ResponseError | Buffer | stream.Readable>) {
     const { payload } = kibanaResponse;
+
+    // Special case for when we are proxying requests and want to enable streaming back error responses opaquely.
+    if (Buffer.isBuffer(payload) || payload instanceof stream.Readable) {
+      const response = this.responseToolkit
+        .response(kibanaResponse.payload)
+        .code(kibanaResponse.status);
+      setHeaders(response, kibanaResponse.options.headers);
+      return response;
+    }
+
     // we use for BWC with Boom payload for error responses - {error: string, message: string, statusCode: string}
     const error = new Boom('', {
       statusCode: kibanaResponse.status,

src/dev/renovate/config.ts

@@ -21,7 +21,7 @@ import { RENOVATE_PACKAGE_GROUPS } from './package_groups';
 import { PACKAGE_GLOBS } from './package_globs';
 import { wordRegExp, maybeFlatMap, maybeMap, getTypePackageName } from './utils';
 
-const DEFAULT_LABELS = ['release_note:skip', 'Team:Operations', 'renovate', 'v8.0.0', 'v7.6.0'];
+const DEFAULT_LABELS = ['release_note:skip', 'Team:Operations', 'renovate', 'v8.0.0', 'v7.7.0'];
 
 export const RENOVATE_CONFIG = {
   extends: ['config:base'],