Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Endpoint] Add step to the security solution plugin start phase (non-blocking) to check endpoint policy indices #198089

Conversation

paul-tavares
Copy link
Contributor

Summary

@paul-tavares paul-tavares added release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.17.0 labels Oct 28, 2024
@paul-tavares paul-tavares self-assigned this Oct 28, 2024
@paul-tavares paul-tavares requested review from a team as code owners October 28, 2024 20:39
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@paul-tavares paul-tavares added the backport:skip This commit does not require backporting label Oct 28, 2024
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

cc @paul-tavares

Copy link
Contributor

@jloleysens jloleysens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good! Left a q about volume/robustness.

const soClient = fleetServices.savedObjects.createInternalUnscopedSoClient();
const endpointPoliciesIds = await fleetServices.packagePolicy.listIds(soClient, {
kuery: fleetServices.endpointPolicyKuery,
perPage: 10000,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the maximum number of items returned here? Might be a good idea to paginate if 100+.

Kibana runs on pretty low resources in some environments and might be doing other things at the same time.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for 👀
The likelihood - especially for serverless - is that the returned count of items will be low. maybe a handful of policies.


// Ensure policies have backing DOT indices (We don't need to `await` this.
// It can run in the background)
ensureIndicesExistsForPolicies(this.endpointAppContextService).catch(() => {});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a specific reason for leaving this catch block empty? Shouldn’t we at least log the error?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its to silence an ESLint rule that requires all promises to be handled.

Copy link
Contributor

@tomsonpl tomsonpl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for introducing this 👍
Left one minor question.

@paul-tavares paul-tavares merged commit fd615c7 into elastic:main Oct 30, 2024
44 checks passed
@paul-tavares paul-tavares deleted the task/olm-10840-create-dot-indices-on-start branch October 30, 2024 12:38
jeramysoucy added a commit to jeramysoucy/kibana that referenced this pull request Oct 30, 2024
commit 0b87e90c1889c8318c3a08b401e063318d5f0585
Author: Tim Sullivan <[email protected]>
Date:   Wed Oct 30 08:10:52 2024 -0700

    [Reporting] Unskip and optimize tests that generate test reports (#198207)

    This PR re-enables test reports that have been consistently failing in
    the serverless test environment. Investigation shows the reason for
    flakiness _may_ be due to the fact that the reports are exporting a
    large amount of data, which causes timeouts, including authentication
    tokens to time out.

    To speed up the tests, date range filters and field selections have been
    added to the report job parameters, which leads to a lower amount of
    data being exported. The tests that are updated in this PR now generate
    an export with 2 documents, where previously they were exporting up to
    4675 documents.

commit c4301d080b9fd595b6cf2313d2053256b0fae89d
Author: Rodney Norris <[email protected]>
Date:   Wed Oct 30 09:39:42 2024 -0500

    [Search] Refactor: abstracting classic nav items (#196579)

    Moved the base set of sidenav items from being statically defined in
    useEnterpriseSearchNav to using a function that can be shared with the
    plugin. Additionally wrapped this generation in a `useMemo` to improve
    performance.

    This will support the ability to share the classic navigation items for
    Search to other plugins so that they can render their own UIs without
    sharing components with enterprise_search just to have access to the
    side nav defined by enterprise_search.

    - [x] [Unit or functional
    tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
    were updated or added to match the most common scenarios
    - [x] [Flaky Test
    Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
    used on any tests changed

    ---------

    Co-authored-by: Elastic Machine <[email protected]>

commit b9a5d6a46d4224b70ec1709d4fa97cd1c6295408
Author: Agustina Nahir Ruidiaz <[email protected]>
Date:   Wed Oct 30 15:38:54 2024 +0100

    [Security Solution] Fix code scanning alert (#198142)

    Fixes
    [https://github.com/elastic/kibana/security/code-scanning/365](https://github.com/elastic/kibana/security/code-scanning/365)

    To fix the problem, we need to ensure that both double quotes and
    backslashes are properly escaped in the `escapeValue` function. This can
    be achieved by using a regular expression that replaces both characters
    globally. Specifically, we should replace backslashes with double
    backslashes (`\\`) and double quotes with escaped double quotes (`\"`).

    - Update the `escapeValue` function to use a regular expression that
    handles both double quotes and backslashes.
    - Ensure that the regular expression has the global flag (`g`) to
    replace all occurrences of the characters.

    Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

commit fdd5e0be75483868a096484ee261e5717124af6c
Author: Nicolas Chaulet <[email protected]>
Date:   Wed Oct 30 10:16:54 2024 -0400

    [Fleet] Fix update query when change agent policy spaces (#198175)

commit 74cf0e4e2bd386ae38a6b8c537545acbd1707022
Author: Sander Philipse <[email protected]>
Date:   Wed Oct 30 15:04:23 2024 +0100

    [AI Assistant] Add scopes telemetry to AI Assistant events (#197983)

    This adds telemetry to the Observability and Search assistant to judge
    whether it's search or observability.

commit 3a8bd70e835e0467bc5446376345ef7fe1ac4069
Author: Krzysztof Kowalczyk <[email protected]>
Date:   Wed Oct 30 15:02:28 2024 +0100

    Handle DOM storage being disabled (#197798)

    This PR aims to improve the message shown to users when Kibana can't be
    started due to disabled DOM storage (#121189).
    The visuals here follow the same pattern as other fatal errors (see

    ![image](https://github.com/user-attachments/assets/19832830-49e3-4789-9b83-0c1f14d7980d)

    The `isDomStorageDisabled` check has to be done before `CoreService`
    gets instantiated because of issues described below.

    Closes: #121189

    What actually happens when you disable all cookies in a browser? Aside
    from cookies, the browser disables the whole DOM storage -
    `localStorage` and `sessionStorage`. Trying to access those will result
    in an error.

    `getSessionId`https://github.com/elastic/kibana/blob/3bc5e2db73799dc9c7831b6f9da4a52063cf112f/packages/core/analytics/core-analytics-browser-internal/src/get_session_id.ts#L17
    and
    `isSidenavCollapsed$`https://github.com/elastic/kibana/blob/3bc5e2db73799dc9c7831b6f9da4a52063cf112f/packages/core/chrome/core-chrome-browser-internal/src/chrome_service.tsx#L91

    Both of those try to access either `localStorage` or `sessionStorage`
    and both of those are triggered when you create an instance of
    `CoreSystem` which gets instantiated in `kbn_bootstrap`
    https://github.com/elastic/kibana/blob/6ef03697460aba0d3774c0c03fb7fb58c76c00bd/packages/core/root/core-root-browser-internal/src/kbn_bootstrap.ts#L42

    Trying to access DOM storage in `CoreSystem` will cause it to throw an
    error and this means that
    `FatalErrorService`https://github.com/elastic/kibana/blob/6ef03697460aba0d3774c0c03fb7fb58c76c00bd/packages/core/fatal-errors/core-fatal-errors-browser-internal/src/fatal_errors_service.tsx#L32
    will never instantiate and the
    `failure`https://github.com/elastic/kibana/blob/6ef03697460aba0d3774c0c03fb7fb58c76c00bd/packages/core/rendering/core-rendering-server-internal/src/bootstrap/render_template.ts#L68
    function which styles the errors and makes them visible will never
    trigger and all the user will see is permament `Loading Kibana` spinner.

    Wrapping `getSessionId` and `isSidenavCollapsed$` in `try-catch` block
    allows `FatalErrorService` to work properly, which will catch an
    unhandled exception (`Detected an unhandled Promise rejection.`) with an
    error about `sessionStorage` being disabled, which gets thrown by
    `LicensingPlugin` (and possibly in other places). This is not an actual
    solution though - this behavior would happen again if another line of
    code trying to access DOM storage gets added to `CoreSystem`.

    I think it would be best to handle this directly in `kbn_bootstrap.ts`
    by some check like the one below:
    ```javascript
    const isDOMStorageDisabled = () => {
        try {
          const key = 'kbn_bootrasrap_domStorageEnabled';
          sessionStorage.setItem(key, 'true');
          sessionStorage.removeItem(key);
          return false;
        } catch (e) {
          return true;
        }
      };
    const domStorageDisabled = isDOMStorageDisabled()
    /*
      ...some additonal logic
    */
    ```
    This would then require some error displaying logic that doesn't use
    `FatalErrorService`.

    Looking for some feedback on how to properly solve this.

commit 79e64b85dc59708b0d90728eb13b69512e74506f
Author: Dzmitry Lemechko <[email protected]>
Date:   Wed Oct 30 14:47:03 2024 +0100

    [ftr] use getopts to fetch server args (#198227)

    This PR simplifies the code to read server arguments by using `getopts`
    module as @jbudz suggested.

commit e65ca78d444b3ba324b43ea7ab07d08fc1014c13
Author: Gonçalo Rica Pais da Silva <[email protected]>
Date:   Wed Oct 30 14:43:47 2024 +0100

    [Inventory][ECO] Entities Group By View (#195475)

    This PR introduces the API and Page for doing grouped views for the
    Inventory Page. Alongside the plain list view, the page now by default
    shows a grouped view of entities. In this PR, the only current supported
    grouping is by Entity Type.

    https://github.com/user-attachments/assets/a07db592-d6c6-4ec1-a00b-bb469908aa6a

    Tests TBA

    - Navigate to the new Inventory Page
    - By default, the page should load into a grouped view (Type)
    - The page should show all entities currently grouped by their type.
    - If a group has enough entities, pagination navigation should only
    apply to the list within the group.
    - The plain list view should function same as before.
    - Using the search/filter bar should function the same with grouped and
    list view.

    Closes #194740

    ---------

    Co-authored-by: Bryce Buchanan <[email protected]>
    Co-authored-by: kibanamachine <[email protected]>
    Co-authored-by: Elastic Machine <[email protected]>

commit b7beae8e19b63d0381410be5f6917ac593cd430f
Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Date:   Wed Oct 30 08:27:14 2024 -0500

    Update dependency @types/lodash to ^4.17.13 (main) (#198275)

    Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>

commit 6645e747070e1b7bf687227776acda2ae136fc75
Author: Julia <[email protected]>
Date:   Wed Oct 30 13:54:58 2024 +0100

    [ResponseOps][MaintenanceWindow] Introduce pagination for MW find API (#197172)

    Fixes: https://github.com/elastic/kibana/issues/193076

    This PR introduce pagination for our MW find API.

    How to test:

    Use postman/insomnia/curl.
    Do not forget to add this header: `x-elastic-internal-origin: Kibana`,
    because this endpoint in internal.

    Basically you need to do something like this:
    ```
    GET http://localhost:5601/top/internal/alerting/rules/maintenance_window/_find?page=3&per_page=3
    ```

    Try different page and per_page combination. Try without them.

    - [x] [Unit or functional
    tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
    were updated or added to match the most common scenarios
    - [x] [Flaky Test
    Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
    used on any tests changed

    ---------

    Co-authored-by: kibanamachine <[email protected]>

commit fd615c72e6480baf6473cfc9120a99d4f27f6d9e
Author: Paul Tavares <[email protected]>
Date:   Wed Oct 30 08:38:38 2024 -0400

    [Security Solution][Endpoint] Add step to the security solution plugin `start` phase (non-blocking) to check endpoint policy indices (#198089)

    - adds a step to the plugin `start` phase to retrieve all Endpoint
    policies from Fleet and check to ensure they have backing DOT indices.
        - This is a follow up to PR #196953
    - this check will be removed once it is deployed to Serverless, since it
    only needs to run once in that flavor of kibana

commit 811a23830bb60b7b56e08060bc9742fd232a5a8e
Author: Julia Rechkunova <[email protected]>
Date:   Wed Oct 30 13:35:15 2024 +0100

    [OneDiscover] Contextual App Menu Extension Point (#195448)

    - Closes https://github.com/elastic/kibana/issues/194269

    This PR introduces a new extension point `getAppMenu` which allows to:
    - add custom App Menu items (as a button or a submenu with more actions)
    - extend Alerts menu item with more custom actions

    Additionally, this PR rearranges the existing Discover menu items. The
    primary actions are rendered as an icon only now.

    ![Oct-16-2024
    17-43-29](https://github.com/user-attachments/assets/dbb67513-05bb-43a4-bd7b-cf958c58a167)

    The example usage of the new extension point can be found in
    https://github.com/elastic/kibana/blob/e7964f08e3c13bba36d13823575e54b40fabd9bc/src/plugins/discover/public/context_awareness/profile_providers/example/example_data_source_profile/profile.tsx#L81-L168

    1. Add `discover.experimental.enabledProfiles: ['example-root-profile',
    'example-data-source-profile', 'example-document-profile']` to
    `kibana.dev.yml`
    2. Run the following in DevTools
    ```
    POST _aliases
    {
      "actions": [
        {
          "add": {
            "index": "kibana_sample_data_logs",
            "alias": "my-example-logs"
          }
        }
      ]
    }
    ```
    3. Create and use Data View with `my-custom-logs` index pattern

    - [x] [Unit or functional
    tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
    were updated or added to match the most common scenarios
    - [x] This renders correctly on smaller devices using a responsive
    layout. (You can test this [in your
    browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
    - [x] This was checked for [cross-browser
    compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

    ---------

    Co-authored-by: kibanamachine <[email protected]>
    Co-authored-by: Davis McPhee <[email protected]>
    Co-authored-by: Davis McPhee <[email protected]>

commit 496a65230262cb99d72673ade454ece5b380ddf5
Author: Shahzad <[email protected]>
Date:   Wed Oct 30 13:32:17 2024 +0100

    [Synthetics] For lens embeddable apply styling workaround for panel border !! (#198270)

    Fixes https://github.com/elastic/kibana/issues/198273

    For lens embeddable apply styling workaround for panel border !!

    <img width="1726" alt="image"
    src="https://github.com/user-attachments/assets/df2bcc4c-d069-44a7-99c3-59696566a6b3">

commit 40edfe1496348997d4f4a48654882fd0dc1d1a85
Author: Pablo Machado <[email protected]>
Date:   Wed Oct 30 13:28:10 2024 +0100

    [SecuritySolution]  Fix Pagination should reset when a new filter is applied to the entity table (#198129)

    Fix "Pagination should reset when a new filter is applied to the entity
    table"
    * Extra changes: I demoted some error logs to warning as part of
    https://github.com/elastic/security-team/issues/10951

    https://github.com/user-attachments/assets/16357db1-5e77-4c7f-ae94-9371d71c4970
    * Start kibana with data
    * Navigate to the security solution / entity analytics dashboard
    * Start the entity store
    * Navigate between pages and change the filter, sorting, and query.

commit e3c080750ca703f8240f6d47be0285c46f6e1632
Author: Jeramy Soucy <[email protected]>
Date:   Wed Oct 30 13:04:35 2024 +0100

    Fixes session timeout toast countdown (#198266)

    A regression was introduced when upgrading to react-intl v6, and the
    `FormattedRelative` component was replaced by the
    `FormattedRelativeTime` component. The new component requires an
    addition property be specified in order to have the same behavior as the
    previous - formatting seconds > 60 as minutes, and counting down when
    below 1 minute.

    This PR adds the `updateIntervalInSeconds` property to the
    `FormattedRelativeTime` component of the session expiration toast. This
    PR also adds a unit test case to check the time format when > 60s
    remain.

    1. Add the following Kibana configuration setting
    ```
    xpack.security.session.idleTimeout: "2m" # can be anything over 1m, shorter is better for testing
    ```
    2. Start ES & Kibana, log in
    3. Verify the session expiration toast appears and first displays
    minutes. Leave the toast open.
    4. Verify that after 1 minute, the toast begins counting down seconds
    5. Repeat the test from main and verify that the toast only shows the
    initial number of seconds
    A bug was fixed that caused the session expiration toast to incorrectly
    render the remaining time.

commit 05efaaaab7fe1ea386833627df5a24956cc26530
Author: Dzmitry Lemechko <[email protected]>
Date:   Wed Oct 30 11:55:22 2024 +0100

    [ftr] update svl shared config with cluster settings (#196336)

    Adding Elasticsearch cluster settings to replicate MKI cluster setup for
    FTR.

commit e3f3e27fdf6dd7ce369ce52ef937ef839e08233f
Author: James Gowdy <[email protected]>
Date:   Wed Oct 30 10:55:10 2024 +0000

    [ML] Removing anomaly detection scss files (#197447)

    Removes last remaining scss files in favour of inline css with emotion.

    **Before**

    ![image](https://github.com/user-attachments/assets/16910734-8e28-459c-b798-d55d7ab10323)

    **After**

    ![image](https://github.com/user-attachments/assets/5f8a07b7-8796-4302-af24-6facebeb3b48)

    **Before**

    ![image](https://github.com/user-attachments/assets/06657e7f-b913-4393-aeaa-50fc0c53831c)

    **After**

    ![image](https://github.com/user-attachments/assets/fd9eab67-ab91-45c6-9ad9-5addce40a76e)

commit 0ee968480cac02640939a552276aaf4213fbd43d
Author: Mykola Harmash <[email protected]>
Date:   Wed Oct 30 11:54:15 2024 +0100

    [Observability Onboarding] Change CTA for System integration in Auto Detect (#197836)

    Closes https://github.com/elastic/observability-dev/issues/4053 🔒

    * Adds an option to specify metadata for integrations installed from
    registry as a third parameter in the TSV provided to the
    `/integrations/install` endpoint. For now only `system` integration has
    metadata with a hostname, but it's made generic to support other
    integrations when needed.
    * Changes CTA for the System integration to point to the Host details
    * Adds sorting in the detected integrations in the UI to alway show
    System integration at the top

commit 731c5a4b091bfe27968b75e42e62b249acbb045c
Author: Arturo Lidueña <[email protected]>
Date:   Wed Oct 30 11:45:28 2024 +0100

    [Observability AI Assistant] Input box can be resized off-screen (elastic #181408) (#197063)

    fixes [181408](https://github.com/elastic/kibana/issues/181408)

    This PR addresses the issue where the Observability AI Assistant input
    box can be resized outside the boundaries of the browser window. Allows
    the input box to resize dynamically while ensuring it remains usable,
    even when the cursor moves outside the screen during resizing.

commit 4d4de51af979acb79e807408393ce89bdc24d0bc
Author: Pablo Machado <[email protected]>
Date:   Wed Oct 30 11:26:12 2024 +0100

    [SecuritySolution] Update Entity Store transform to read frequency and delay from config (#197992)

    Update Entity Store transform to read frequency and delay from config.

    New Config:
    ```
    xpack.securitySolution.entityAnalytics.entityStore.frequency: '60s'
    xpack.securitySolution.entityAnalytics.entityStore.syncDelay: '60s'
    ```
    * Update Kibana config
    * Start the entity store

    *** If you update the config after the entity store is installed it has
    no effect

commit 75195b4155718ba186ff5354e2a06369cc224279
Author: Julia Rechkunova <[email protected]>
Date:   Wed Oct 30 10:45:06 2024 +0100

    [Discover] Update docs to remove discover:showLegacyFieldTopValues (#197981)

    This PR updates docs as a followup for
    https://github.com/elastic/kibana/pull/155503

    - [x]
    [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
    was added for features that require explanation or tutorials

    Co-authored-by: Davis McPhee <[email protected]>

commit 03c8c4a9cc8144584f2410c753dea2d01b724a82
Author: Joe Reuter <[email protected]>
Date:   Wed Oct 30 10:18:59 2024 +0100

    [Observability Onboarding] Adjust wording for instrumentation and doc links (#198164)

    Closes https://github.com/elastic/kibana/issues/197620

    ![Image](https://github.com/user-attachments/assets/e94dd9ff-bd5b-49a6-9b39-fdf54a4e3e58)

    * Newly introduced cert-manager doc link goes to
    https://ela.st/8-16-otel-cert-manager
    * Instrumentation docs link goes to
    https://ela.st/8-16-otel-apm-instrumentation
    * Code sample for instrumentation replaced

    ---------

    Co-authored-by: Mykola Harmash <[email protected]>

commit 7cad9c31f63274e85d74256472b5d77707279b37
Author: Julia <[email protected]>
Date:   Wed Oct 30 09:50:12 2024 +0100

    [ResponseOps][Cases] Introduce number custom field type (#195245)

    Issue: https://github.com/elastic/kibana/issues/187208

    In this PR I've added new number custom field. It includes both: FE and
    BE.
    Only safe integers (the safe integers consist of all integers from
    -(2^53 - 1) to 2^53 - 1) are allowed as values.

    Testing:
    For testing Postman/Insomnia can be used.
    Go to Case - Settings. New configure will be created.
    After that you can use this endpoint:
    `PATCH
    http://localhost:5601/hcr/api/cases/configure/7377ed43-af0c-46f1-bbe5-fd0b147d591d`

    <details><summary>Body looks something like this:</summary>

    {
        "closure_type": "close-by-user",
        "customFields": [
            {
                "type": "number",
                "key": "54d2abf2-be0e-4fec-ac33-cbce94cf1a10",
                "label": "num",
                "required": false,
                "defaultValue": 123
            },
            {
                "type": "number",
                "key": "6f165838-a8d2-49f7-bbf6-ab3ad96d0d46",
                "label": "num2",
                "required": false,
                "defaultValue": -10
            }
        ],
        "templates": [],
        "connector": {
            "id": "none",
            "type": ".none",
            "fields": null,
            "name": "none"
        },
        "version": "WzIyLDFd"
    }

    </details>

    ![Screenshot 2024-10-07 at 16 23
    15](https://github.com/user-attachments/assets/2d769049-e339-47bb-a17d-189569b8785d)

    Try different numbers: positive and negative. Try to add not number
    types as a default value with `"type": "number"`

    - [x] [Unit or functional
    tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
    were updated or added to match the most common scenarios

    ---------

    Co-authored-by: kibanamachine <[email protected]>

commit 5576316abadc4115020f2e22bd823b413c8e98a2
Author: mohamedhamed-ahmed <[email protected]>
Date:   Wed Oct 30 08:43:35 2024 +0000

    [Stream] Fix callout privileges (#198030)

    closes https://github.com/elastic/kibana/issues/197044
    closes https://github.com/elastic/kibana/issues/197988

    The PR targets fixing 3 bugs:

    1. The callout shouldn't be shown if `Logs Explorer` isn't available,
    otherwise the link displayed in the callout will cause a problem. [Fix
    here](https://github.com/elastic/kibana/pull/198030/files#diff-8c5f793d1bf0d933c73047f31ded8a5a65f91e4f8d5230fc4e40dfb9b245fec1R66)
    2. The callout shouldn't be shown if `Logs Explorer` is available but
    the user doesn't have privilege to access it, otherwise we end up in
    `Application Not Found` page. [Fix
    here](https://github.com/elastic/kibana/pull/198030/files#diff-8c5f793d1bf0d933c73047f31ded8a5a65f91e4f8d5230fc4e40dfb9b245fec1R66)
    3. The side nav entry for `Logs Explorer` should be hidden if `Logs
    Explorer` is disabled. [Fix
    here](https://github.com/elastic/kibana/pull/198030/files#diff-ad4e42fbe4d2a7a99ec5d52fbf127ded12f0efe02a10e3afa0409b40be1f4bcfR397)

commit ac5c74a443646ec90d6b4fd86a1fce6ae28c97b3
Author: Philippe Oberti <[email protected]>
Date:   Wed Oct 30 03:33:04 2024 -0500

    [Security Solution][Notes] - fix the notes link that is shown twice in the search bar (#198200)

    This PR fixes a minor inconvenience where the Kibana search bar was
    showing 2 entries for the new Notes management page.

    | Before fix | After fix |
    | ------------- | ------------- |
    | ![Screenshot 2024-10-29 at 11 53
    44 AM](https://github.com/user-attachments/assets/77bd4b5a-d8d4-4f4f-8378-6aff1ec1b00b)
    | ![Screenshot 2024-10-29 at 11 53
    19 AM](https://github.com/user-attachments/assets/d138e307-b4ea-473b-9102-eb7e7b540bff)
    |

    Notes: this fix does not fix an issue happening in the space-specific
    search, where Notes, Timelines and maybe other entries are appearing
    twice. That issue seems to be related to the way we are removing then
    adding back links to work with the new navigation. I looked into it but
    could not find a way to fix yet, so this will be part of a follow up PR

    https://github.com/elastic/kibana/issues/197694

commit ec72eb22239838e58e277d28a8b0faf4d3acff59
Author: Dzmitry Lemechko <[email protected]>
Date:   Wed Oct 30 09:32:40 2024 +0100

    [kbn-test] fix junit report test for local run (#198120)

    When I run test locally with `node scripts/jest --config
    packages/kbn-test/jest.config.js`, it fails with

    ```
     FAIL  packages/kbn-test/src/mocha/junit_report_generation.test.js
      ● dev/mocha/junit report generation › reports on failed setup hooks

        expect(received).toEqual(expected) // deep equality

        - Expected  - 1
        + Received  + 1

        @@ -1,7 +1,7 @@
          Object {
        -   "command-line": "node scripts/jest --config=packages/kbn-test/jest.config.js --runInBand --coverage=false --passWithNoTests",
        +   "command-line": "node node_modules/jest-worker/build/workers/processChild.js",
            "failures": "2",
            "metadata-json": "{}",
            "name": "test",
            "skipped": "1",
            "tests": "4",
    ```

    This PR uses `process.env.CI` as a condition to apply different value
    for `command-line` property so test will pass locally too.

commit 84e04356e744950bf79c2e59a98740c416508484
Author: Kibana Machine <[email protected]>
Date:   Wed Oct 30 17:32:08 2024 +1100

    [api-docs] 2024-10-30 Daily api_docs build (#198250)

    Generated by
    https://buildkite.com/elastic/kibana-api-docs-daily/builds/876

commit 367add60f24baabbb40cb62c20eae06731920922
Author: Tiago Costa <[email protected]>
Date:   Wed Oct 30 04:56:40 2024 +0000

    skip flaky suite (#192144)

commit 11f2f14b054869ae9e01db3539bc971f28a7f3c5
Author: Tiago Costa <[email protected]>
Date:   Wed Oct 30 04:54:41 2024 +0000

    skip flaky suite (#171177)

commit 60c84ef1b55ec6e353d459e09a2de6ba1e2fc53b
Author: Tiago Costa <[email protected]>
Date:   Wed Oct 30 04:51:53 2024 +0000

    skip flaky suite (#174682)

commit 7a5c06fd36787947cd17ee4ba7f0980635bf63fd
Author: Kibana Machine <[email protected]>
Date:   Wed Oct 30 15:50:22 2024 +1100

    skip failing test suite (#198066)

commit b5d4601e01e3109763c8f8c05fe8ce78045c589e
Author: Ryan Keairns <[email protected]>
Date:   Tue Oct 29 19:13:41 2024 -0700

    Change spaces button loading design (#197922)

    Closes #197916

    One less loading spinner. Instead, uses a skeleton loader for a
    load-in-place effect that is visually less busy and jumpy.

    *Before*
    <img width="420"
    src="https://github.com/user-attachments/assets/33ae37bf-c196-4bbf-a26e-ad469d7f3134"
    />

    *After*

    https://github.com/user-attachments/assets/33cc2d39-2895-4c53-8903-9c3b18d586f9

commit f102ace317700a1841ec77c84c77f76041157746
Author: Mohamed Abdelgaber <[email protected]>
Date:   Wed Oct 30 02:53:09 2024 +0300

    [8.15] [Kibana data view] Fix issue empty user-hash in data view request headers (#197863)

    to fix not compliant HTTP request

    Fix not compliant HTTP request
    for example, request "GET
    /s/<space>/internal/data_views/fields?pattern=abc" Sometimes request
    headers have a user-hash field with an empty value and this makes the
    request not HTTP compliant in some scenarios the request will be dropped
    by WAF or by another security edge for example.

    ![image](https://github.com/user-attachments/assets/de606665-12e6-475c-a2e4-c2e594957f11)

    ---------

    Co-authored-by: kibanamachine <[email protected]>
    Co-authored-by: Elastic Machine <[email protected]>
    Co-authored-by: mabdelgaber.SEC <[email protected]>

commit a098aaaac798d5158deccb21b00e60e41ea71d54
Author: Steph Milovic <[email protected]>
Date:   Tue Oct 29 17:17:24 2024 -0600

    [Security solution] Knowledge base tour video update (#198158)

commit 248119ec8c506311f8d24a35ccae318e066b3026
Author: José Luis González <[email protected]>
Date:   Tue Oct 29 23:18:49 2024 +0100

    [Search][Connectors] Create connector via try in console (#197757)

    This PR enables the possibility of creating a connector opening the
    embedded console in the start step.

    ![CleanShot 2024-10-28 at 10 00
    04](https://github.com/user-attachments/assets/bf2c0a89-1c18-4fcd-8c2b-4fbbe3ef80a9)

    ---------

    Co-authored-by: Liam Thompson <[email protected]>
    Co-authored-by: Elastic Machine <[email protected]>

commit aec93bf043619cde2d6b3fecace70cd4c3c56e94
Author: José Luis González <[email protected]>
Date:   Tue Oct 29 23:17:04 2024 +0100

    [Search][Connectors] Confirmation modal before leaving the connector creation flow (#197646)

    This PR shows a confirmation modal when users leave the connectors
    creation flow before providing all necessary info, asking for
    intentional confirmation after leaving the experience.

    Setting `isFormDirty = true` only after generating the connectors config
    and letting users leave the experience setting `isFormDirty = false`
    when we arrive to the Finish up step

    ![CleanShot 2024-10-24 at 18 56
    11](https://github.com/user-attachments/assets/90f355e2-d227-4d2a-a45e-bcfbb743d588)

    ---------

    Co-authored-by: kibanamachine <[email protected]>
    Co-authored-by: Elastic Machine <[email protected]>
    Co-authored-by: Jedr Blaszyk <[email protected]>

commit b91fa562bb7663a119fdd9c22054560960f625a0
Author: Hannah Mudge <[email protected]>
Date:   Tue Oct 29 16:07:45 2024 -0600

    [Dashboard] [Collapsable Panels] Reduce re-renders (#197343)

    Closes https://github.com/elastic/kibana/issues/191131

    This PR greatly reduces the number of React re-renders that happen as
    panels get dragged around and/or resized. Now, the actions that trigger
    a panel to get rendered are as follows:
    1. Obviously, when the grid first loads, every panel has to be rendered.
    2. When a panel gets dragged from one row to the next, both the original
    row and the new row will re-render all of their panels because the panel
    IDs in both rows changed - however, because of the `key` prop on the
    `GridPanel` component, only the **dragged** panel will actually be fully
    re-mounted.
    3. When a panel gets collapsed and expanded, all panels in that row will
    get re-mounted and rendered.
    4. When a panel ID gets changed (this currently isn't possible, but in
    theory, this would also trigger the panel to get re-rendered due to the
    `key` prop on the `GridPanel` component)

    In order to accomplish this, we are now handling **all style changes**
    via a subscription rather than setting the CSS directly; so, as the
    `gridLayout$` behaviour subjects publishes changes, we update the row +
    panel styles via the panel reference. This allows us to change how the
    grid looks without triggering React to rerender the entire panel.

    **How to Test:**
    Add a `console.log` to the `renderPanelContents` in
    `examples/grid_example/public/app.tsx` - this will tell you when a panel
    is getting re-rendered.

    - [x] This was checked for [cross-browser
    compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

    - [ ] This was checked for breaking API changes and was [labeled
    appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
    - [ ] This will appear in the **Release Notes** and follow the
    [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

    ---------

    Co-authored-by: kibanamachine <[email protected]>

commit 641d9159451447484f3940f0b1c17438472fea5c
Author: Kerry Gallagher <[email protected]>
Date:   Tue Oct 29 22:04:01 2024 +0000

    [Observability] Update breadcrumbs for observability project based navigation (#196785)

    ~⚠️ I'm still putting out some fires with tests, but this is ready to
    start being reviewed.~

    A continuation of https://github.com/elastic/kibana/pull/196169 for
    Observability (please read that PR description first).

    Related: https://github.com/elastic/kibana/issues/192050

    There are essentially three types of breadcrumbs - serverless (which is
    project style), stateful project style (set through spaces settings),
    and classic style (the old breadcrumbs we've seen for years). Whilst
    serverless and stateful project style both use the project based style
    the navigation trees are slightly different, so the breadcrumbs results
    are not identical [when they derive the "nav
    crumbs"](https://github.com/elastic/kibana/blob/9577aa980dd1565fba05e34292fb5c0bba692889/packages/core/chrome/core-chrome-browser-internal/src/project_navigation/breadcrumbs.tsx#L55).

    Here "project style" will refer to serverless and stateful project
    style.

    In these changes I've, for the most part, tried to refactor things so
    Observability solutions route their breadcrumbs through the
    observability-shared `useBreadcrumbs` hook, this way the logic around
    project style, adding an Observability crumb in classic etc is
    consolidated in one place.

    [For several solutions `absolute` breadcrumbs are being
    used](https://github.com/elastic/kibana/blob/9577aa980dd1565fba05e34292fb5c0bba692889/packages/core/chrome/core-chrome-browser-internal/src/project_navigation/breadcrumbs.tsx#L46),
    and this means we'll roughly have the same breadcrumbs across the 3
    experiences (bar Observability being prepended). Teams may want to
    refine this going forward to pass curated breadcrumbs that take into
    account the navigation derived "nav crumbs" (again, bearing in mind the
    trees from serverless and project based chrome do differ), and not use
    absolute mode. APM is an example of this at the moment. Right now this
    is an 8.16 bug though, so this aims to make things acceptable, but not
    necessarily perfect.

    - Project style chrome crumbs have been modelled off the serverless
    ones. The navigation trees here are the same so this should be fine.

    - The `infra` `useBreadcrumbs` hook has been removed, it was only being
    used by logs. Logs now goes via the Observability shared hook using
    `classicOnly`.

    - Metrics (`useMetricsBreadcrumbs` hook) has been slightly amended to
    route more of it's logic through the shared hook.

    - Wasn't setting any nested breadcrumbs at the moment so the logic has
    been simplified to just set some classic crumbs, and defer the rest to
    the nav crumbs via the shared hook.

    - Removed custom logic around prepending Observability, adding link
    handlers etc in favour of the shared hook.

    - Simple breadcrumb needs so these are mostly setting `classicOnly` and
    deferring to the nav crumbs in project style.

    Several solutions have had their usage of the shared hook updated to
    pass in the `serverless` plugin. This was missing before, so calls to
    `serverless.setBreadcrumbs` weren't explicitly happening.

    - Add the following to your `kibana.dev.yml`:

    ```yml
    xpack.cloud.id: "ftr_fake_cloud_id:aGVsbG8uY29tOjQ0MyRFUzEyM2FiYyRrYm4xMjNhYmM="
    xpack.cloud.base_url: "https://cloud.elastic.co"
    ```

    - For testing stateful project style chrome you'll need to go to Stack
    Management > Spaces and change the solution view:

    ![Screenshot 2024-10-21 at 12 44
    21](https://github.com/user-attachments/assets/e3d9fe64-f79f-4e31-a5b6-45a06ca4915d)

    - Set the above to Classic to test classic breadcrumbs.

    - As a reviewer please check your solution against the 3 modes.

    Before these changes we'd see something like the following in APM:

    ![Screenshot 2024-10-11 at 10 56
    54](https://github.com/user-attachments/assets/4938b31e-9d4a-429e-abf0-add04d69b62a)

    Now we'll see something like this in project style:

    ![Screenshot 2024-10-21 at 12 48
    54](https://github.com/user-attachments/assets/0645a3ae-909e-4a70-a077-d9f83bd1d639)

commit eb22f011b44168644145e840d80905278fdd4c5a
Author: Jon <[email protected]>
Date:   Tue Oct 29 17:00:41 2024 -0500

    [ci] Use es snapshot cache on miscellaneous steps 2 (#198078)

    Adds the remaining steps missing snapshot loading from cache that I
    missed on the first loop.

commit 17e72dd7ae43028ea481bbff417b85e8efebad39
Author: Jon <[email protected]>
Date:   Tue Oct 29 16:57:02 2024 -0500

    [ci] Fix cloud deployments (#198086)

    Our build scripts are relying on a step that was removed in
    https://github.com/elastic/elasticsearch/pull/115357. The image that was
    produced by this script is eventually consumed by cloud deployments from
    pull requests.

    This updates our scripts to use the cloud-ess variant instead. There
    should not be any functional difference.

    We'll need the image to go through our promotion pipeline to be tested
    via label.

    https://buildkite.com/elastic/kibana-elasticsearch-snapshot-build/builds/4673

commit 4fb4282509e0a5f7605433a5ef8f9e9085647282
Author: Philippe Oberti <[email protected]>
Date:   Tue Oct 29 16:00:20 2024 -0500

    [Security Solution][Notes] - switch the securitySolutionNotesEnables feature flag to securitySolutionNotesDisabled (#196778)

    This PR switches the `securitySolutionNotesEnabled` to
    `securitySolutionNotesDisabled` (with a `false` value by default) to
    enable the new Notes functionality in `8.16`.
    Customers can set the new `securitySolutionNotesDisabled` feature flag
    to true in their environment if they want to go back to the old notes
    system.

    The PR also fixes a tiny bug with the badge showing the number of notes
    in the Timeline Notes tab. The new system was not taking into account a
    timeline description, so if the timeline had a description the number of
    notes was always 1 lower than the actual number of notes displayed
    below. This issue was highlighted by a Cypress test!

    The goal is to remove the old system entirely within a few releases
    (maybe `8.18` or `9.0`).

    - [x] [Unit or functional
    tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
    were updated or added to match the most common scenarios

    https://github.com/elastic/kibana/issues/189879

commit 81856bc8431daf83c972a65c6b8b0e312f8477a6
Author: Shahzad <[email protected]>
Date:   Tue Oct 29 21:00:40 2024 +0100

    [Fleet] Prevent duplication of managed policy !! (#197575)

    Fixes https://github.com/elastic/kibana/issues/194149

    Prevent duplication of managed policy !!

    <img width="1594" alt="image"
    src="https://github.com/user-attachments/assets/f386a287-4f9e-4307-ba84-98f3ea807ef9">

commit dd90b67a87976c4fcb6b778860200e9c21560013
Author: Ying Mao <[email protected]>
Date:   Tue Oct 29 15:20:12 2024 -0400

    [Response Ops][Actions] Remove deprecated HTTP APIs (#197510)

    Resolves https://github.com/elastic/kibana/issues/90382

    Removes legacy action APIs for 9.0 and updates all tests that still used
    the legacy APIs to use the current APIs. Also did some renaming of
    action -> connector in the files I had to touch.

    Co-authored-by: Elastic Machine <[email protected]>

commit c7b8ca00de0cec5cd99db6e4a218ad40dde27369
Author: Mohamed Nabeel <[email protected]>
Date:   Tue Oct 29 22:10:37 2024 +0530

    Fix Typo: Change 'dashaboard' to 'dashboard' on APM-service Dashboards page #195773 (#196969)

    **Title:** Fix Typo: Change 'dashaboard' to 'dashboard' on APM-service
    Dashboards page

    **Description:**
    This PR fixes a typo on the "Dashboards" page for APM-service. The typo
    "dashaboard" has been corrected to "dashboard" to ensure proper
    functionality and readability.

    closes #195773

    **Changes Made:**
    - Corrected the typo in the text "To get started, add your dashaboard"
    to "To get started, add your dashboard."

    **Testing:**
    - Verified the change on the Dashboards page for APM-service.
    - Ensured no other instances of the typo exist in the codebase.

    **Release note:**
    Fixes a typo on the "Dashboards" page for APM-service, changing
    'dashaboard' to 'dashboard'.

    **Additional Notes:**
    No additional notes.

    Summarize your PR. If it involves visual changes include a screenshot or
    gif.

    Delete any items that are not applicable to this PR.

    - [x] Any text added follows [EUI's writing
    guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
    sentence case text and includes [i18n
    support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
    - [ ]
    [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
    was added for features that require explanation or tutorials
    - [x] [Unit or functional
    tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
    were updated or added to match the most common scenarios
    - [ ] [Flaky Test
    Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
    used on any tests changed
    - [x] Any UI touched in this PR is usable by keyboard only (learn more
    about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
    - [x] Any UI touched in this PR does not create any new axe failures
    (run axe in browser:
    [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
    [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
    - [ ] If a plugin configuration key changed, check if it needs to be
    allowlisted in the cloud and added to the [docker
    list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
    - [x] This renders correctly on smaller devices using a responsive
    layout. (You can test this [in your
    browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
    - [x] This was checked for [cross-browser
    compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

    Delete this section if it is not applicable to this PR.

    Before closing this PR, invite QA, stakeholders, and other developers to
    identify risks that should be tested prior to the change/feature
    release.

    When forming the risk matrix, consider some of the following examples
    and how they may potentially impact the change:

    | Risk | Probability | Severity | Mitigation/Notes |

    |---------------------------|-------------|----------|-------------------------|
    | Multiple Spaces&mdash;unexpected behavior in non-default Kibana Space.
    | Low | High | Integration tests will verify that all features are still
    supported in non-default Kibana Space and when user switches between
    spaces. |
    | Multiple nodes&mdash;Elasticsearch polling might have race conditions
    when multiple Kibana nodes are polling for the same tasks. | High | Low
    | Tasks are idempotent, so executing them multiple times will not result
    in logical error, but will degrade performance. To test for this case we
    add plenty of unit tests around this logic and document manual testing
    procedure. |
    | Code should gracefully handle cases when feature X or plugin Y are
    disabled. | Medium | High | Unit tests will verify that any feature flag
    or plugin combination still results in our service operational. |
    | [See more potential risk
    examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |

    - [ ] This was checked for breaking API changes and was [labeled
    appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
    - [ ] This will appear in the **Release Notes** and follow the
    [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

    ---------

    Co-authored-by: Cauê Marcondes <[email protected]>
    Co-authored-by: Nathan L Smith <[email protected]>
    Co-authored-by: jennypavlova <[email protected]>

commit 85fd147d0162e19999a1f27aea59d7bfbb0b47b4
Author: Raya Fratkina <[email protected]>
Date:   Tue Oct 29 12:09:50 2024 -0400

    Expand README (#197880)

    Adds a bit more general background, intro to concepts, and guidelines
    about what to use FF for and what not to

    Delete any items that are not applicable to this PR.

    - [ ] Any text added follows [EUI's writing
    guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
    sentence case text and includes [i18n
    support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
    - [ ]
    [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
    was added for features that require explanation or tutorials
    - [ ] [Unit or functional
    tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
    were updated or added to match the most common scenarios
    - [ ] [Flaky Test
    Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
    used on any tests changed
    - [ ] Any UI touched in this PR is usable by keyboard only (learn more
    about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
    - [ ] Any UI touched in this PR does not create any new axe failures
    (run axe in browser:
    [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
    [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
    - [ ] If a plugin configuration key changed, check if it needs to be
    allowlisted in the cloud and added to the [docker
    list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
    - [ ] This renders correctly on smaller devices using a responsive
    layout. (You can test this [in your
    browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
    - [ ] This was checked for [cross-browser
    compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

    Delete this section if it is not applicable to this PR.

    Before closing this PR, invite QA, stakeholders, and other developers to
    identify risks that should be tested prior to the change/feature
    release.

    When forming the risk matrix, consider some of the following examples
    and how they may potentially impact the change:

    | Risk | Probability | Severity | Mitigation/Notes |

    |---------------------------|-------------|----------|-------------------------|
    | Multiple Spaces&mdash;unexpected behavior in non-default Kibana Space.
    | Low | High | Integration tests will verify that all features are still
    supported in non-default Kibana Space and when user switches between
    spaces. |
    | Multiple nodes&mdash;Elasticsearch polling might have race conditions
    when multiple Kibana nodes are polling for the same tasks. | High | Low
    | Tasks are idempotent, so executing them multiple times will not result
    in logical error, but will degrade performance. To test for this case we
    add plenty of unit tests around this logic and document manual testing
    procedure. |
    | Code should gracefully handle cases when feature X or plugin Y are
    disabled. | Medium | High | Unit tests will verify that any feature flag
    or plugin combination still results in our service operational. |
    | [See more potential risk
    examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |

    - [ ] This was checked for breaking API changes and was [labeled
    appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
    - [ ] This will appear in the **Release Notes** and follow the
    [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

    ---------

    Co-authored-by: Alejandro Fernández Haro <[email protected]>

commit ae86b54a364d87b15a27f7252eea649c1fc6a722
Author: Alex Szabo <[email protected]>
Date:   Tue Oct 29 16:57:01 2024 +0100

    [CI] Fix project build & deploy job (#196562)
    In #195581 we've added the option to deploy through the clickable
    triggers. But in it's current state, it's broken in several aspects.

    (1) It's not starting on click. Triggers was resulting in a 422 on
    Buildkite's side, and after digging more into it, this was the error:
    <img width="1019" alt="Screenshot 2024-10-16 at 16 53 13"
    src="https://github.com/user-attachments/assets/f602dde9-2cc4-474f-b432-a3d4f9d5ae91">
    Apparently, building PRs needs to be enabled on jobs that want to be
    triggered through the PR bot.

    (2) It is set up to run regardless of the labels

    (3) There's no feedback on runs
    This PR:
     - enables buildability in the pipeline's config
     - exits early if deploy labels are missing
     - adds a comment on the PR if a deploy job is started or finished
    - removes the kibana build step, it's not needed, as we have a step to
    build the docker image

    TODO:
    - [x] Add feedback about a started job (either through a non-required
    check, or a github comment)
     - [x] Early exit if a label is missing

    There are several other builds started right now, because the logic that
    would trigger a build on changing a draft to ready. To be fixed in
    https://github.com/elastic/buildkite-pr-bot/issues/78

    Tested after manually by enabling the option on the UI, and triggering
    through the checkbox:
    https://buildkite.com/elastic/kibana-deploy-project-from-pr/builds/23

commit 11ae6a5bd9a06a4402e8af5173b0b0efcf5f52fc
Author: Drew Tate <[email protected]>
Date:   Tue Oct 29 09:50:30 2024 -0600

    [ES|QL] separate `KEEP`, `DROP`, and `SORT` autocomplete routines (#197744)

    This PR begins the refactor described in
    https://github.com/elastic/kibana/issues/195418.

    The autocomplete engine now delegates to command-specific routines
    attached to the command definitions for `KEEP`, `DROP`, and `SORT`.

    The naming of `getFieldsFor` has been broadened to `getColumnsFor`
    because the response from Elasticsearch can contain variables as well as
    fields, depending on the query that is used to fetch the columns.

    No user-facing behavior should have changed.

    - [x] [Unit or functional
    tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
    were updated or added to match the most common scenarios

    ---------

    Co-authored-by: Elastic Machine <[email protected]>

commit 669dc381bfc671637d4763930c8b4ede7ad7fbf3
Author: Melissa Alvarez <[email protected]>
Date:   Tue Oct 29 09:41:57 2024 -0600

    [ML] Data Frame Analytics: removing scss overrides for exploration pages  (#197724)

    Related meta issue: https://github.com/elastic/kibana/issues/140695

    Regression model evaluation before:

    <img width="1455" alt="image"
    src="https://github.com/user-attachments/assets/cfdb794d-4576-4c10-96c1-0b3856857cdd">

    After:

    <img width="1455" alt="image"
    src="https://github.com/user-attachments/assets/4c2bbdf3-85ef-489e-bc3a-1281d3531328">

    Classification evaluation before:

    <img width="1474" alt="image"
    src="https://github.com/user-attachments/assets/e565cac3-8c1d-4e4f-8cac-7ea8abf4358d">

    After switching fully to flex layout as we no longer support IE11 and
    all the workarounds were no longer needed (Note it's all left aligned
    now):

    <img width="1467" alt="image"
    src="https://github.com/user-attachments/assets/280ea446-17fc-4622-a925-57ef6c01cd89">

    Delete any items that are not applicable to this PR.

    - [ ] Any text added follows [EUI's writing
    guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
    sentence case text and includes [i18n
    support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
    - [ ]
    [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
    was added for features that require explanation or tutorials
    - [ ] [Unit or functional
    tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
    were updated or added to match the most common scenarios
    - [ ] [Flaky Test
    Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
    used on any tests changed
    - [ ] Any UI touched in this PR is usable by keyboard only (learn more
    about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
    - [ ] Any UI touched in this PR does not create any new axe failures
    (run axe in browser:
    [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
    [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
    - [ ] If a plugin configuration key changed, check if it needs to be
    allowlisted in the cloud and added to the [docker
    list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
    - [ ] This renders correctly on smaller devices using a responsive
    layout. (You can test this [in your
    browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
    - [ ] This was checked for [cross-browser
    compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

    ---------

    Co-authored-by: Elastic Machine <[email protected]>

commit 88ebb55fc775d6bb04dc3b21f04a6be1ba1a09dc
Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Date:   Tue Oct 29 06:36:48 2024 -0500

    Update dependency @launchdarkly/node-server-sdk to ^9.6.1 (main) (#196897)

commit 5983137ace057758fc3433b4297514f63f6db255
Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Date:   Tue Oct 29 06:25:14 2024 -0500

    Update docker.elastic.co/wolfi/chainguard-base:latest Docker digest to 1815394 (main) (#198099)

    This PR contains the following updates:

    | Package | Update | Change |
    |---|---|---|
    | docker.elastic.co/wolfi/chainguard-base | digest | `de4d5b0` ->
    `1815394` |

    ---

    📅 **Schedule**: Branch creation - At any time (no schedule defined),
    Automerge - At any time (no schedule defined).

    🚦 **Automerge**: Disabled by config. Please merge this manually once you
    are satisfied.

    ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
    rebase/retry checkbox.

    🔕 **Ignore**: Close this PR and you won't be reminded about this update
    again.

    ---

    - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
    this box

    ---

    This PR has been generated by [Renovate
    Bot](https://togithub.com/renovatebot/renovate).

    <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==-->

    Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>

commit 67d96e3585b690662750173898ce579c52a89522
Author: Tiago Vila Verde <[email protected]>
Date:   Tue Oct 29 12:13:14 2024 +0100

    [Entity Analytics] [Entity Store] Telemetry (#196880)

    This PR adds telemetry for the Entity Store.
    Client side tracks UI enablement actions, whilst Kibana side tracks
    execution time of the store initialisation process and execution time of
    the enrich policy task.
    Finally we also track number of entities in the store

commit b4ed7a1945f5ea5b76be36833cdf11e28641cf8f
Author: Maxim Kholod <[email protected]>
Date:   Tue Oct 29 11:53:23 2024 +0100

    [Cloud Security] add vulnerabilties data set to filter for links from CNVM dashboard (#197648)

    - fixes https://github.com/elastic/security-team/issues/10915

commit db18039dc40bc0e994be666a83a28a0452a0c6e2
Author: Gergő Ábrahám <[email protected]>
Date:   Tue Oct 29 11:52:36 2024 +0100

    [EDR Workflows] Improve on unavailable shard exception flakiness in cypress (#197864)

    The cypress task `cy.task('indexEndpointHosts')` sometimes throws
    `no_shard_available_action_exception`, when transforms are stopped. This
    looks like a temporary issue, and in other tests it is simply retried.

    This PR adds the retry logic for this type of error, and unskips some
    tests.

    closes #194135
    closes #191914

    Delete any items that are not applicable to this PR.
    - [x] [Flaky Test
    Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
    used on any tests changed

commit e5eb58a533ec34e1484340f4e11a0a61083b1572
Author: Tomasz Ciecierski <[email protected]>
Date:   Tue Oct 29 11:35:07 2024 +0100

    [EDR Workflows] Skip Osquery test in MKI (#198117)

commit d23dce0080f8c7815188aa244f98c526d84ee45e
Author: Joe Reuter <[email protected]>
Date:   Tue Oct 29 11:28:22 2024 +0100

    [Observability Onboarding] Set tech preview badges correctly (#197831)

    As discussed, adjust the first onboarding page:
    * Remove tech preview labels from EA flows
    * Change wording

    <img width="857" alt="Screenshot 2024-10-25 at 15 23 47"
    src="https://github.com/user-attachments/assets/ceffbe90-019d-4fa8-ab6f-16cbf0aaf3d4">
    <img width="814" alt="Screenshot 2024-10-25 at 15 23 59"
    src="https://github.com/user-attachments/assets/4f5cf657-6fd2-479f-aa92-9460bc2ecfef">

commit 3c7268d6ca18efa4bde7c398fe659202fc8b457d
Author: Ido Cohen <[email protected]>
Date:   Tue Oct 29 11:41:37 2024 +0200

    [Cloud Security] Fix flaky metering tests

commit 735b2de08a5ab8d4b65e101cca6a044372726627
Author: jennypavlova <[email protected]>
Date:   Tue Oct 29 09:43:20 2024 +0100

    [ObsUx][Infra] Unskip and try to fix hosts view test (#197861)

    Closes #191806

    The parts of the unskipped test were fixed here - the only case I
    couldn't find the reason for failing after unskipping it is `should have
    an option to open the chart in lens` - for some reason, the whole menu
    is gone when checking the CI and I couldn't reproduce that so this will
    be the only skipped part so we can at least have all the other `Hosts
    view` tests

commit 3131dd9bfa1ee28fa12f90bb6ae8060da9e44665
Author: jennypavlova <[email protected]>
Date:   Tue Oct 29 09:42:43 2024 +0100

    [Infra] Fix anomalies flyout navigation failing test (#197999)

    Closes #192882

    The issue was that the url was checked too early which resulted in
    checking the locator url instead of the page url after navigating so I
    added a check for loading before the URL check and this solved the
    issue.

    https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7284

commit 9622f62153f597ea91b34f7e2c877fe70b30f231
Author: Maxim Palenov <[email protected]>
Date:   Tue Oct 29 10:36:33 2024 +0300

    [Security Solution][Hotfix] Avoid blocking prebuilt rule upgrade upon conflicts with disabled feature flag (#198106)

    It turned out some of the update rule buttons are disabled. This is a side effect of the functionality not fully hidden under a feature flag. This PR hides prebuilt rule customisation functionality disabling update rule buttons under `prebuiltRulesCustomizationEnabled` feature flag.

    ![image](https://github.com/user-attachments/assets/b7ca5ff8-be37-47a7-ad7e-b85386909f38)

    <img width="1719" alt="image" src="https://github.com/user-attachments/assets/349223dc-dda5-46fb-832f-d7097a81580e">

    <img width="1721" alt="image" src="https://github.com/user-attachments/assets/a28512f6-e605-460e-884d-571ab408a7d9">

commit 82da5111fef0907226a23371eb229166493c2c9e
Author: Kibana Machine <[email protected]>
Date:   Tue Oct 29 17:25:50 2024 +1100

    [api-docs] 2024-10-29 Daily api_docs build (#198103)

    Generated by
    https://buildkite.com/elastic/kibana-api-docs-daily/builds/875

commit 686b0214cefd96137c5a87ef4bad61ddbbcea5c0
Author: Brad White <[email protected]>
Date:   Mon Oct 28 18:44:36 2024 -0600

    Fix Dev Container KBN_DIR (#195810)

    In #193488, `KBN_DIR` was changed to be a dynamic variable. It wasn't
    being properly propagated through the build process in the Dockerfile
    and the full path to `env.sh` wasn't being set. This passes the
    directory as a build `ARG` as well to fix the path.

commit 8700807899000a86a30f0bdbee59d64f07e31d15
Author: Brad White <[email protected]>
Date:   Mon Oct 28 18:40:12 2024 -0600

    [CI] Disable UpdateCLI workflow on forks (#196624)

    The UpdateCLI workflow is running against forks when it shouldn't be:

    https://github.com/Ikuni17/kibana/actions/runs/11359905941

commit 0de1f95d0e60d20196ef414557a8432ed719406f
Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Date:   Mon Oct 28 18:47:42 2024 -0500

    Update dependency msw to ^2.4.12 (main) (#198060)

    This PR contains the following updates:

    | Package | Type | Update | Change | Pending |
    |---|---|---|---|---|
    | [msw](https://mswjs.io) ([source](https://togithub.com/mswjs/msw)) |
    devDependencies | patch | [`^2.4.11` ->
    `^2.4.12`](https://renovatebot.com/diffs/npm/msw/2.4.11/2.4.12) |
    `2.5.2` (+3) |

    ---

    <details>
    <summary>mswjs/msw (msw)</summary>

    [Compare
    Source](https://togithub.com/mswjs/msw/compare/v2.4.11...v2.4.12)

    - **node:** preserve headers instanceof when recording raw headers
    ([#&#8203;2321](https://togithub.com/mswjs/msw/issues/2321))
    ([`a58a300`](https://togithub.com/mswjs/msw/commit/a58a300687a48e13c0268403a71183cf7825f748))
    [@&#8203;paoloricciuti](https://togithub.com/paoloricciuti)

    </details>

    ---

    📅 **Schedule**: Branch creation - At any time (no schedule defined),
    Automerge - At any time (no schedule defined).

    🚦 **Automerge**: Disabled by config. Please merge this manually once you
    are satisfied.

    ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
    rebase/retry checkbox.

    🔕 **Ignore**: Close this PR and you won't be reminded about this update
    again.

    ---

    - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
    this box

    ---

    This PR has been generated by [Renovate
    Bot](https://togithub.com/renovatebot/renovate).

    <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkNsb3VkIFNlY3VyaXR5IiwiYmFja3BvcnQ6c2tpcCIsInJlbGVhc2Vfbm90ZTpza2lwIl19-->

    Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>

commit be6708bffcb0a264bee29c029c7945ff22fa6761
Author: Jared Burgett <[email protected]>
Date:   Mon Oct 28 16:00:06 2024 -0500

    Added redirect option after Entity CSV upload (#197937)

    Added a redirect button to view Entities after a successful Asset
    Criticality CSV file upload process

    Additionally, made some small changes to the copy for the Entity Store
    management workflows

    <img width="1490" alt="Screenshot 2024-10-27 at 9 49 17 PM"
    src="https://github.com/user-attachments/assets/77b587b7-8300-40ae-adc2-5119aa5f39ab">

    Co-authored-by: Elastic Machine <[email protected]>

commit e65a08cc9154f6cf21609ab3f22ea10eef4f7aed
Author: Tiago Costa <[email protected]>
Date:   Mon Oct 28 20:52:57 2024 +0000

    skip flaky suite (#174661)

commit 7821dd74140d9873c47d5b8650a47d6c50ecc194
Author: Tiago Costa <[email protected]>
Date:   Mon Oct 28 20:49:24 2024 +0000

    skip flaky suite (#196766)

commit e3aa369c3e761f96a000cd081e11c72c05678186
Author: Tiago Costa <[email protected]>
Date:   Mon Oct 28 20:46:03 2024 +0000

    skip flaky suite (#189739)

commit 924b72ee7b2635943962da74bca1ec1cc651a4fa
Author: Tiago Costa <[email protected]>
Date:   Mon Oct 28 20:43:07 2024 +0000

    skip flaky suite (#197765)

commit 3759a60fa0e987fb35f2bca11769a81be3540b4f
Author: Tiago Costa <[email protected]>
Date:   Mon Oct 28 20:41:10 2024 +0000

    skip flaky suite (#192126)

commit a652f4f08bae966fedcba990300a3c8c98c7fa4d
Author: Tiago Costa <[email protected]>
Date:   Mon Oct 28 20:39:55 2024 +0000

    skip flaky suite (#189038)

commit 98d807cdab80d0c680e458f929375cdedd1d0b64
Author: Tiago Costa <[email protected]>
Date:   Mon Oct 28 20:38:08 2024 +0000

    skip flaky suite (#197335)

commit 82ec7ff742295f7f4691f23d989159f6aa9129ed
Author: T…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.17.0 v9.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants