Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Additional cases changes #6

Conversation

michaelolo24
Copy link
Collaborator

Summary

Summarize your PR. If it involves visual changes include a screenshot or gif.

Checklist

Delete any items that are not applicable to this PR.

Risk Matrix

Delete this section if it is not applicable to this PR.

Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.

When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:

Risk Probability Severity Mitigation/Notes
Multiple Spaces—unexpected behavior in non-default Kibana Space. Low High Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces.
Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. High Low Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure.
Code should gracefully handle cases when feature X or plugin Y are disabled. Medium High Unit tests will verify that any feature flag or plugin combination still results in our service operational.
See more potential risk examples

For maintainers

sabarasaba and others added 30 commits October 9, 2024 17:54
…lastic#194354)

## Summary

This PR is a follow up to elastic#192665 and addresses a bunch of feedback and
fixes including:

- [X] Adds support for updating/editing entries
- [X] Fixes initial loading experience of the KB Settings Setup/Table
- [X] Fixes two bugs where `semantic_text` and `text` must be declared
for `IndexEntries` to work
- [X] Add new Settings Context Menu items for KB and Alerts
 - [X] Add support for `required` entries in initial prompt
* See [this
trace](https://smith.langchain.com/public/84a17a31-8ce8-4bd9-911e-38a854484dd8/r)
for included knowledge. Note that the KnowledgeBaseRetrievalTool was not
selected.
* Note: All prompts were updated to include the `{knowledge_history}`
placeholder, and _not behind the feature flag_, as this will just be the
empty case until the feature flag is enabled.

TODO (in this or follow-up PR):
 - [ ] Add suggestions to `index` and `fields` inputs
 - [ ] Adds URL deeplinking to securityAssistantManagement
- [ ] Fix bug where updating entry does not re-create embeddings (see
[comment](elastic#194354 (comment)))
 - [ ] Fix loading indicators when adding/editing entries
 - [ ] API integration tests for update API (@e40pud)


### Checklist

Delete any items that are not applicable to this PR.

- [X] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
* Docs being tracked in
elastic/security-docs#5337 for when feature
flag is enabled
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Patryk Kopycinski <[email protected]>
…ed (elastic#195196)

## Summary

When a user is creating a Lens ES|QL chart we run the suggestions api
even if the query hasn't changed. This PR adds a guard to avoid
refetching the attributes when the query hasn't changed at all.
Fix elastic#142915

### Risk Matrix

| Risk | Probability | Severity | Mitigation/Notes |

|---------------------------|-------------|----------|-------------------------|
| Third party plugin types throw type errors | Low | Low | type checks
will error when using a deprecated type. Plugin authors should extend
the supported types or define new ones inline |

### For maintainers

- [X] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
(no breaking changes)
…stic#195616)

Part of elastic#194171

Notice in the screen shot below, how opening Kibana home page loads
async dashboard chunks.
<img width="500" alt="Screenshot 2024-10-09 at 8 38 24 AM"
src="https://github.com/user-attachments/assets/2cfdb512-03e4-4634-bb0c-a8d163f98540">

This PR replaces async import with a sync import. The page load bundle
size increases but this is no different than the current behavior, just
the import is now properly accounted for in page load stats. The next
step is to resolve elastic#191642 and
reduce the page load impact of registering uiActions (but this is out of
scope for this PR).
This introduces a "Logs Overview" component for use in solution UIs
behind a feature flag.

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Kerry Gallagher <[email protected]>
Co-authored-by: Elastic Machine <[email protected]>
## Summary

Remove feature flag for manual rule run

---------

Co-authored-by: Elastic Machine <[email protected]>
…c#195395)

## Summary

Recently while debugging a production issue where the Synthetics plugin
was receiving 401 errors while trying to reach the Synthetics Service
health endpoint, we isolated that there was an issue with the mTLS
handshake between Kibana and the service.

Unfortunately, we were unsure if there was some missing custom config
(especially relevant in Serverless Kibana), or if the certificate values
were not present in the first place.

Adding this warning will help us make this determination better in the
future when reviewing Kibana logs, as we will be assured if the config
is not defined via this warning.
## Summary

Related to elastic#192484. This PR adding [new content package types and
schemas](elastic/package-spec#777) so that
content packages can be returned correctly from EPR to unblock
development of those packages.

The only current content package is `kubernetes_otel`. You will need to
bump up the max allowed spec version and search with beta (prerelease)
packages enabled to find it:
```
xpack.fleet.internal.registry.spec.max: '3.4'
```

Tests will come with the rest of work for elastic#192484

---------

Co-authored-by: kibanamachine <[email protected]>
## Summary

This PR tags all pipelines that are related to the Kibana serverless
release (including requirements like on-merge and artifacts build) with
`kibana-serverless-release`. This will allow us to easily find these
pipelines in Buildkite.
…#193807)

Resolves elastic#186534

## Summary

This PR splits the for-loop in the `ActionScheduler.run` function into
the appropriate scheduler classes. Previously, each scheduler had a
`generateExecutables` function that would return an array of executables
and the `ActionScheduler` would loop through the array and convert the
executable to a scheduleable action depending on whether it was a
per-alert action, summary action or system action. This refactor renames
`generateExecutables` into `getActionsToSchedule` and moves the logic to
convert the executables into a schedulable action into the appropriate
scheduler class.

## To Verify

Create some rules with per-alert and summary and system actions and
verify they are triggered as expected.

---------

Co-authored-by: Elastic Machine <[email protected]>
…r/server/integration_tests - unrecognized task types should be no workload aggregator errors when there are removed task types (elastic#195496)

Resolves elastic#194208

## Summary

The original integration test was checking for the (non) existence of
any error logs on startup when there are removed task types, which was
not specific enough because there were occasionally error logs like

```
"Task SLO:ORPHAN_SUMMARIES-CLEANUP-TASK \"SLO:ORPHAN_SUMMARIES-CLEANUP-TASK:1.0.0\" failed: ResponseError: search_phase_execution_exception
```

so this PR updates the integration test to check specifically for
workload aggregator error logs

Co-authored-by: Elastic Machine <[email protected]>
### Summary

Remove history and backfill transforms, leaving latest transform in
place.

Notable changes to latest transform:
- it does not read from history output anymore but source indices
defined on the definition
- it defines a `latest.lookbackPeriod` to limit the amount of data
ingested, which defaults to 24h
- each metadata aggregation now accepts a
`metadata.aggregation.lookbackPeriod` which defaults to the
`latest.lookbackPeriod`
- `entity.firstSeenTimestamp` is removed. this should be temporary until
we have a solution for
elastic/elastic-entity-model#174
- latest metrics used to get the latest pre-computed value from history
data, but is it now aggregating over the `lookbackPeriod` in the source
indices (which can be filtered down with `metrics.filter`)
- `latest` block on the entity definition is now mandatory

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Mark Hopkin <[email protected]>
…" screen (elastic#194077)

## Summary

Resolves elastic#176291

### Screenshots

#### Discover/Dashboard/Visualize
<img width="1517" alt="image"
src="https://github.com/user-attachments/assets/c8fb4faf-8d2d-4043-a757-6f092d1fceb3">

#### Stack Management > Data view
<img width="1519" alt="image"
src="https://github.com/user-attachments/assets/bb3f28bd-0ce9-4c49-ace1-1be875e17ba3">

#### If User does not have privilege to create a Data View
<img width="1336" alt="image"
src="https://github.com/user-attachments/assets/bb3f4cbc-8213-41c0-bf09-bd47a9d264e4">

### Checklist

Delete any items that are not applicable to this PR.

- [x] Use a new SVG resource for the ES|QL illustration
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [x] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [x] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [x] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Liam Thompson <[email protected]>
Co-authored-by: Andrea Del Rio <[email protected]>
…onnectors (elastic#194081)

Allows connector types to add functions to be called when connectors are created, updated, and deleted.

Extracted from elastic#189027, commit c97afeb

Co-authored-by: Yuliia Naumenko <[email protected]>
1) After an elasticsearch image is promoted, this triggers a VM rebuild
to update the snapshot cache
1) Moves elasticsearch builds to later in the day, when there's less
activity.
… alert suppression (elastic#195425)

## Summary

GA-ing alert suppression for IM rule, ML rule, Threshold rule, ES|QL
rule and New Terms rule. Thanks to @vitaliidm for setting up the
groundwork to easily update which rules GA.

Rules that remain in technical preview are: EQL.
## Summary

It fixes the flaky test raised on elastic#195634 by adding the possibility to
pass the timestamp to the function. That helps to eliminate flakiness,
by passing the same `currentTimestamp` to both the test and the
function. Also, it's a simpler approach that doesn't require mocking
global objects or using Jest's fake timers, keeping your test
straightforward and easy to understand.
…orm Page (elastic#194516)

## Summary

Depends on: elastic#194086
Designs:
https://www.figma.com/design/eTr6WsKzhSLcQ24AlgrY8R/Flapping-per-Rule--%3E-%23294?node-id=5265-29867&node-type=frame&t=1VfgdlcjkSHmpbje-0

Adds the rule specific flapping form to the new rule form page. 

## To test:

1. change `IS_RULE_SPECIFIC_FLAPPING_ENABLED` to true 
2. run `yarn start --run-examples`
3. assert the new flapping UI exists by going to developer examples ->
create/edit rule

<img width="1162" alt="Screenshot 2024-09-30 at 11 43 16 PM"
src="https://github.com/user-attachments/assets/a1275a49-f2ed-43ce-815b-5c0bd93770e5">

### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Elastic Machine <[email protected]>
…n configView (elastic#195567)

## Closes elastic/search-team#6557

## Summary

Fixes a known bug for Network Drive connector (as this feature is only
used in it). The problem happens when there are Rich Configurable Fields
that are marked as "advanced" and depend on certain fields - in some
cases this field will not be shown until the page is fully reloaded.

Criteria that makes the bug happen:

1. Have some RCFs that are marked as "advanced":
https://github.com/elastic/connectors/blob/main/connectors/sources/network_drive.py#L405-L414.
(`"ui_restrictions": ["advanced"]`)
2. Make it so that this RCF depends on another field, and by default is
hidden - for example this field depends on a field "OS" that has
"Windows" and "Linux" as available options and Windows is default, but
this RCF depends on it being "Linux"
3. Try satisfying the dependency and see if the RCF is displayed - it
won't be, unless you save the form and reload it

The problem happens because for changes in "advanced" section the
configuration is not updated, so the view that's rendered still thinks
that the dependency is not satisfied and the field should not be
rendered

Before:


https://github.com/user-attachments/assets/51f9f8b0-a57a-4d96-a183-6dbbd36a919e

After:


https://github.com/user-attachments/assets/be32f434-0810-4345-bc4e-dc82f617705c


### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
azasypkin and others added 29 commits October 14, 2024 18:49
… an aggregation or field in Anomaly detection, data frame analytics (elastic#186670)

## Summary

This PR adds new ability to toggle visibility for empty fields when
choosing an aggregation or field in Anomaly detection and Data frame
analytics


https://github.com/user-attachments/assets/c3763b6b-b09d-44b1-bd83-6ee418f0602e



https://github.com/user-attachments/assets/5d8b0788-dd59-44e4-b324-3a4035b7a0ec



### Checklist

Delete any items that are not applicable to this PR.

- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)


### Risk Matrix

Delete this section if it is not applicable to this PR.

Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.

When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:

| Risk | Probability | Severity | Mitigation/Notes |

|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces&mdash;unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes&mdash;Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |


### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: kibanamachine <[email protected]>
…Available indices table (elastic#196141)

Closes: elastic#196111

### What was changed?: 
1. Added rowHeader attribute for
[EuiTable](https://eui.elastic.co/#/tabular-content/tables).


### Screen:

<img width="1792" alt="image"
src="https://github.com/user-attachments/assets/5f7b0a63-8a7f-42ea-88d8-308cee94dd6d">
## Summary

This PR removes `xpack.cloud.serverless.project_type` from FTR config,
the value breaks mockIdpPlugin that expects it to be defined as
`search`. We will address project type unification separately.

Closes elastic#195976
…ic#195253)

## Summary

This PR reworks how privileges get computed when a user selects the
customize option, and then opts to further customize each available
feature, and is particularly necessary because the previous
implementation for when bulk actions where applied for customization
applied the privilege value on the `base` property instead of on each
feature to further easier customization this in turn resulted in quite
the buggy experience. See visuals below;

## Visuals

### Before

https://github.com/user-attachments/assets/e0bf8c39-5aaf-4489-bfe4-efe4a79650a4

### After


https://github.com/user-attachments/assets/eacbd2db-b9c1-41c2-9c34-8ba21a3f230c
 

<!-- ### Checklist

Delete any items that are not applicable to this PR.

- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials -->
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
<!--
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)


### Risk Matrix

Delete this section if it is not applicable to this PR.

Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.

When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:

| Risk | Probability | Severity | Mitigation/Notes |

|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces&mdash;unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes&mdash;Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |


### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
-->

Co-authored-by: Elastic Machine <[email protected]>
## Summary

Moves the CCS tests to its own file

### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
…shared components (elastic#193828)

**Partially addresses: elastic#171520
**Is a follow-up PR to: elastic#192342

## Summary

Changes:
 - Adds editable components for `name` and `kql_query` fields
- Adds a `FieldFormWrapper` component that abstracts away form creation
and data preparation for each field
- Adds local context providers to pass data between the main context and
field components
- Adds some basic layout components to make the "edit" functionality
work

<img width="1392" alt="Scherm­afbeelding 2024-10-04 om 17 17 44"
src="https://github.com/user-attachments/assets/6272ac84-8159-4b8a-a0d4-88b458f4bc5f">

---------

Co-authored-by: Maxim Palenov <[email protected]>
…bana setting (elastic#194947)

## Summary

Fixes: elastic#193097

Adds a new Kibana advanced setting that allows users to limit the
maximum amount of unassociated notes. The max value for that used to be
hard coded before.


https://github.com/user-attachments/assets/34af7f67-9109-4251-a5a3-a1af68f123fe


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: Elastic Machine <[email protected]>
…#196165)

This is a build/promotion system change only, there is no code related
changes here.

- Similar to elastic#195944, but for the
non-emergency pipeline in staging
- For now, only run the staging manual judgement on slice:
'staging-ds-2'
- Since slices can be grouped as a comma delimited list, we're choosing
to be overly cautious with the regex
)

## Summary

After elastic#167205 was merged, the
`UserMessage.longMessage` was typed as `longMessage: string |
React.ReactNode | ((closePopover: () => void) => React.ReactNode);`

With the upcoming React 18 upgrade, an error will become visible because
`((closePopover: () => void) => React.ReactNode);` can't be used as a
ReactNode but it correctly needs to be called.

In this PR I've made the `closePopover` function being optional (to
simplify the refactoring) and I've added the typecheck where needed.
`v97.0.0`⏩`v97.0.0-backport.0`

_[Questions? Please see our Kibana upgrade
FAQ.](https://github.com/elastic/eui/blob/main/wiki/eui-team-processes/upgrading-kibana.md#faq-for-kibana-teams)_

---

# Backport

This EUI backport adds a single requested change on top of `v97.0.0` to
get it in Kibana before the 8.16 feature freeze:

* elastic/eui#8071

The change can be considered a patch release and shouldn't affect any of
the existing usages of `EuiSuperDatePicker`
## Summary

Closes elastic#195466

As LogDB mode is enabled on MKI QA environment, it causes mappings for
certain fields like `host.name` to be set differently. Hence causing
tests to fail.

As part of the fix, before ingesting data, i am statically setting the
mappings so that it does not cause any collision with something outside
the scope of the tests
…vileges (elastic#186800)

## Summary

This change is the implementation of the `Kibana Privilege Migrations`
proposal/RFC and provides a framework that allows developers to replace
an existing feature with a new one that has the desired configuration
while teaching the platform how the privileges of the deprecated feature
can be represented by non-deprecated ones. This approach avoids
introducing breaking changes for users who still rely on the deprecated
privileges in their existing roles and any automation.

Among the use cases the framework is supposed to handle, the most common
are the following:

* Changing a feature ID from `Alpha` to `Beta`
* Splitting a feature `Alpha` into two features, `Beta` and `Gamma`
* Moving a capability between privileges within a feature (top-level or
sub-feature)
* Consolidating capabilities across independent features

## Scope

This PR includes only the core functionality proposed in the RFC and
most of the necessary guardrails (tests, early validations, etc.) to
help engineers start planning and implementing their migrations as soon
as possible. The following functionality will be added in follow-ups or
once we collect enough feedback:

* Telemetry
* Developer documentation
* UI enhancements (highlighting roles with deprecated privileges and
manual migration actions)

## Framework

The steps below use a scenario where a feature `Alpha` should be split
into two other features `Beta` and `Gamma` as an example.

### Step 1: Create new features with the desired privileges

First of all, define new feature or features with the desired
configuration as you'd do before. There are no constraints here.

<details>

<summary>Click to see the code</summary>

```ts
deps.features.registerKibanaFeature({
  id: 'feature_beta',
  name: 'Feature Beta',
  privileges: {
    all: {
      savedObject: { all: ['saved_object_1'], read: [] },
      ui: ['ui_all'],
      api: ['api_all'],
      … omitted for brevity …
    },
    read: {
      savedObject: { all: [], read: ['saved_object_1'] },
      ui: ['ui_read'],
      api: ['api_read'],
      … omitted for brevity …
    },
  },
  … omitted for brevity …
});

deps.features.registerKibanaFeature({
  id: 'feature_gamma',
  name: 'Feature Gamma',
  privileges: {
    all: {
      savedObject: { all: ['saved_object_2'], read: [] },
      ui: ['ui_all'],
      // Note that Feature Gamma, unlike Features Alpha and Beta doesn't provide any API access tags
      … omitted for brevity …
    },
    read: {
      savedObject: { all: [], read: ['saved_object_2'] },
      ui: ['ui_read'],
      // Note that Feature Gamma, unlike Features Alpha and Beta doesn't provide any API access tags
      … omitted for brevity …
    },
  },
  … omitted for brevity …
});
```

</details>

### Step 2: Mark existing feature as deprecated

Once a feature is marked as deprecated, it should essentially be treated
as frozen for backward compatibility reasons. Deprecated features will
no longer be available through the Kibana role management UI and will be
replaced with non-deprecated privileges.

Deprecated privileges will still be accepted if the role is created or
updated via the Kibana role management APIs to avoid disrupting existing
user automation.

To avoid breaking existing roles that reference privileges provided by
the deprecated features, Kibana will continue registering these
privileges as Elasticsearch application privileges.

<details>

<summary>Click to see the code</summary>

```ts
deps.features.registerKibanaFeature({
  // This is a new `KibanaFeature` property available during feature registration.
  deprecated: {
    // User-facing justification for privilege deprecation that we can display
    // to the user when we ask them to perform role migration.
    notice: i18n.translate('xpack.security...', {
      defaultMessage: "Feature Alpha is deprecated, refer to {link}...",
      values: { link: docLinks.links.security.deprecatedFeatureAlpha },
    })
  },
  // Feature id should stay unchanged, and it's not possible to reuse it.
  id: 'feature_alpha',
  name: 'Feature Alpha (DEPRECATED)',
  privileges: {
    all: {
      savedObject: { all: ['saved_object_1', 'saved_object_2'], read: [] },
      ui: ['ui_all'],
      api: ['api_all'],
      … omitted for brevity …
    },
    read: {
      savedObject: { all: [], read: ['saved_object_1', 'saved_object_2'] },
      ui: ['ui_read'],
      api: ['api_read'],
      … omitted for brevity …
    },
  },
  … omitted for brevity …
});
```
</details>

### Step 3: Map deprecated feature’s privileges to the privileges of the
non-deprecated features

The important requirement for a successful migration from a deprecated
feature to a new feature or features is that it should be possible to
express **any combination** of the deprecated feature and sub-feature
privileges with the feature or sub-feature privileges of non-deprecated
features. This way, while editing a role with deprecated feature
privileges in the UI, the admin will be interacting with new privileges
as if they were creating a new role from scratch, maintaining
consistency.

The relationship between the privileges of the deprecated feature and
the privileges of the features that are supposed to replace them is
expressed with a new `replacedBy` property available on the privileges
of the deprecated feature.

<details>

<summary>Click to see the code</summary>

```ts
deps.features.registerKibanaFeature({
  // This is a new `KibanaFeature` property available during feature registration.
  deprecated: {
    // User-facing justification for privilege deprecation that we can display
    // to the user when we ask them to perform role migration.
    notice: i18n.translate('xpack.security...', {
      defaultMessage: "Feature Alpha is deprecated, refer to {link}...",
      values: { link: docLinks.links.security.deprecatedFeatureAlpha },
    })
  },
  // Feature id should stay unchanged, and it's not possible to reuse it.
  id: 'feature_alpha',
  name: 'Feature Alpha (DEPRECATED)',
  privileges: {
    all: {
      savedObject: { all: ['saved_object_1', 'saved_object_2'], read: [] },
      ui: ['ui_all'],
      api: ['api_all'],
      replacedBy: [
        { feature: 'feature_beta', privileges: ['all'] },
        { feature: 'feature_gamma', privileges: ['all'] },
      ],
      … omitted for brevity …
    },
    read: {
      savedObject: { all: [], read: ['saved_object_1', 'saved_object_2'] },
      ui: ['ui_read'],
      api: ['api_read'],
      replacedBy: [
        { feature: 'feature_beta', privileges: ['read'] },
        { feature: 'feature_gamma', privileges: ['read'] },
	],
      … omitted for brevity …
    },
  },
  … omitted for brevity …
});
```

</details>

### Step 4: Adjust the code to rely only on new, non-deprecated features

Special care should be taken if the replacement privileges cannot reuse
the API access tags from the deprecated privileges and introduce new
tags that will be applied to the same API endpoints. In this case,
developers should replace the API access tags of the deprecated
privileges with the corresponding tags provided by the replacement
privileges. This is necessary because API endpoints can only be accessed
if the user privileges cover all the tags listed in the API endpoint
definition, and without these changes, existing roles referencing
deprecated privileges won’t be able to access those endpoints.

The UI capabilities are handled slightly differently because they are
always prefixed with the feature ID. When migrating to new features with
new IDs, the code that interacts with UI capabilities will be updated to
use these new feature IDs.

<details>

<summary>Click to see the code</summary>

```ts
// BEFORE deprecation/migration
// 1. Feature Alpha defition (not deprecated yet)
deps.features.registerKibanaFeature({
  id: 'feature_alpha',
  privileges: {
    all: {
      api: ['api_all'],
      … omitted for brevity …
    },
  },
  … omitted for brevity …
});

// 2. Route protected by `all` privilege of the Feature Alpha
router.post(
  { path: '/api/domain/my_api', options: { tags: ['access:api_all'] } },
  async (_context, request, response) => {}
);

// AFTER deprecation/migration
// 1. Feature Alpha defition (deprecated, with updated API tags)
deps.features.registerKibanaFeature({
  deprecated: …,
  id: 'feature_alpha',
  privileges: {
    all: {
      api: ['api_all_v2'],
      replacedBy: [
        { feature: 'feature_beta', privileges: ['all'] },
      ],
      … omitted for brevity …
    },
  },
  … omitted for brevity …
});

// 2. Feature Beta defition (new)
deps.features.registerKibanaFeature({
  id: 'feature_beta',
  privileges: {
    all: {
      api: ['api_all_v2'],
      … omitted for brevity …
    }
  },
  … omitted for brevity …
});

// 3. Route protected by `all` privilege of the Feature Alpha OR Feature Beta
router.post(
  { path: '/api/domain/my_api', options: { tags: ['access:api_all_v2'] } },
  async (_context, request, response) => {}
);

----

// ❌ Old client-side code (supports only deprecated privileges)
if (capabilities.feature_alpha.ui_all) {
  … omitted for brevity …
}

// ✅ New client-side code (will work for **both** new and deprecated privileges)
if (capabilities.feature_beta.ui_all) {
  … omitted for brevity …
}
```
</details>

## How to test

The code introduces a set of API integration tests that are designed to
validate whether the privilege mapping between deprecated and
replacement privileges maintains backward compatibility.

You can run the test server with the following config to register a
number of [example deprecated
features](https://github.com/elastic/kibana/pull/186800/files#diff-d887981d43bbe30cda039340b906b0fa7649ba80230be4de8eda326036f10f6fR20-R49)(`x-pack/test/security_api_integration/plugins/features_provider/server/index.ts`)
and the features that replace them, to see the framework in action:

```bash
node scripts/functional_tests_server.js --config x-pack/test/security_api_integration/features.config.ts
```

---------

Co-authored-by: kibanamachine <[email protected]>
…tic#196187)

## Summary

Re-added the serverless search specific index management tests so that
we can ensure the index details page is rendered correctly when the
search indices plugin feature flag is disabled.

This test will be replaced by index_details tests when the feature flag
is enabled, but until that is the default behavior this test ensure we
have full coverage for the user experience.


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.