Merge branch 'main' into eui/55.1.3

Author: kibanamachine

.buildkite/pull_requests.json

@@ -16,7 +16,25 @@
       "trigger_comment_regex": "^(?:(?:buildkite\\W+)?(?:build|test)\\W+(?:this|it))",
       "always_trigger_comment_regex": "^(?:(?:buildkite\\W+)?(?:build|test)\\W+(?:this|it))",
       "skip_ci_labels": ["skip-ci", "jenkins-ci"],
-      "skip_target_branches": ["6.8", "7.11", "7.12"]
+      "skip_target_branches": ["6.8", "7.11", "7.12"],
+      "skip_ci_on_only_changed": [
+        "^docs/",
+        "^rfcs/",
+        "^.ci/.+\\.yml$",
+        "^.ci/es-snapshots/",
+        "^.ci/pipeline-library/",
+        "^.ci/Jenkinsfile_[^/]+$",
+        "^\\.github/",
+        "\\.md$",
+        "^\\.backportrc\\.json$",
+        "^nav-kibana-dev\\.docnav\\.json$",
+        "^src/dev/prs/kibana_qa_pr_list\\.json$",
+        "^\\.buildkite/pull_requests\\.json$"
+      ],
+      "always_require_ci_on_changed": [
+        "^docs/developer/plugin-list.asciidoc$",
+        "/plugins/[^/]+/readme\\.(md|asciidoc)$"
+      ]
     }
   ]
 }

.buildkite/scripts/pipelines/pull_request/pipeline.js

@@ -9,14 +9,11 @@
 const execSync = require('child_process').execSync;
 const fs = require('fs');
 const { areChangesSkippable, doAnyChangesMatch } = require('kibana-buildkite-library');
-const { SKIPPABLE_PR_MATCHERS } = require('./skippable_pr_matchers');
-
-const REQUIRED_PATHS = [
-  // this file is auto-generated and changes to it need to be validated with CI
-  /^docs\/developer\/plugin-list.asciidoc$/,
-  // don't skip CI on prs with changes to plugin readme files /i is for case-insensitive matching
-  /\/plugins\/[^\/]+\/readme\.(md|asciidoc)$/i,
-];
+const prConfigs = require('../../../pull_requests.json');
+const prConfig = prConfigs.jobs.find((job) => job.pipelineSlug === 'kibana-pull-request');
+
+const REQUIRED_PATHS = prConfig.always_require_ci_on_changed.map((r) => new RegExp(r, 'i'));
+const SKIPPABLE_PR_MATCHERS = prConfig.skip_ci_on_only_changed.map((r) => new RegExp(r, 'i'));
 
 const getPipeline = (filename, removeSteps = true) => {
   const str = fs.readFileSync(filename).toString();

.buildkite/scripts/pipelines/pull_request/skippable_pr_matchers.js

@@ -69,7 +69,6 @@ echo "--- Build Elasticsearch"
   :distribution:archives:darwin-aarch64-tar:assemble \
   :distribution:archives:darwin-tar:assemble \
   :distribution:docker:docker-export:assemble \
-  :distribution:docker:cloud-docker-export:assemble \
   :distribution:archives:linux-aarch64-tar:assemble \
   :distribution:archives:linux-tar:assemble \
   :distribution:archives:windows-zip:assemble \
@@ -86,19 +85,26 @@ docker images "docker.elastic.co/elasticsearch/elasticsearch" --format "{{.Tag}}
 docker images "docker.elastic.co/elasticsearch/elasticsearch" --format "{{.Tag}}" | xargs -n1 bash -c 'docker save docker.elastic.co/elasticsearch/elasticsearch:${0} | gzip > ../es-build/elasticsearch-${0}-docker-image.tar.gz'
 
 echo "--- Create kibana-ci docker cloud image archives"
-ES_CLOUD_ID=$(docker images "docker.elastic.co/elasticsearch-ci/elasticsearch-cloud" --format "{{.ID}}")
-ES_CLOUD_VERSION=$(docker images "docker.elastic.co/elasticsearch-ci/elasticsearch-cloud" --format "{{.Tag}}")
-KIBANA_ES_CLOUD_VERSION="$ES_CLOUD_VERSION-$ELASTICSEARCH_GIT_COMMIT"
-KIBANA_ES_CLOUD_IMAGE="docker.elastic.co/kibana-ci/elasticsearch-cloud:$KIBANA_ES_CLOUD_VERSION"
-
-docker tag "$ES_CLOUD_ID" "$KIBANA_ES_CLOUD_IMAGE"
-
-echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co
-trap 'docker logout docker.elastic.co' EXIT
-docker image push "$KIBANA_ES_CLOUD_IMAGE"
-
-export ELASTICSEARCH_CLOUD_IMAGE="$KIBANA_ES_CLOUD_IMAGE"
-export ELASTICSEARCH_CLOUD_IMAGE_CHECKSUM="$(docker images "$KIBANA_ES_CLOUD_IMAGE" --format "{{.Digest}}")"
+# Ignore build failures.  This docker image downloads metricbeat and filebeat.
+# When we bump versions, these dependencies may not exist yet, but we don't want to
+# block the rest of the snapshot promotion process
+set +e
+./gradlew :distribution:docker:cloud-docker-export:assemble && {
+  ES_CLOUD_ID=$(docker images "docker.elastic.co/elasticsearch-ci/elasticsearch-cloud" --format "{{.ID}}")
+  ES_CLOUD_VERSION=$(docker images "docker.elastic.co/elasticsearch-ci/elasticsearch-cloud" --format "{{.Tag}}")
+  KIBANA_ES_CLOUD_VERSION="$ES_CLOUD_VERSION-$ELASTICSEARCH_GIT_COMMIT"
+  KIBANA_ES_CLOUD_IMAGE="docker.elastic.co/kibana-ci/elasticsearch-cloud:$KIBANA_ES_CLOUD_VERSION"
+  echo $ES_CLOUD_ID $ES_CLOUD_VERSION $KIBANA_ES_CLOUD_VERSION $KIBANA_ES_CLOUD_IMAGE
+  docker tag "$ES_CLOUD_ID" "$KIBANA_ES_CLOUD_IMAGE"
+
+  echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co
+  trap 'docker logout docker.elastic.co' EXIT
+  docker image push "$KIBANA_ES_CLOUD_IMAGE"
+
+  export ELASTICSEARCH_CLOUD_IMAGE="$KIBANA_ES_CLOUD_IMAGE"
+  export ELASTICSEARCH_CLOUD_IMAGE_CHECKSUM="$(docker images "$KIBANA_ES_CLOUD_IMAGE" --format "{{.Digest}}")"
+}
+set -e
 
 echo "--- Create checksums for snapshot files"
 cd "$destination"

.buildkite/scripts/steps/es_snapshots/build.sh

@@ -26,3 +26,17 @@ git clean -fdxn -e /config -e /.vscode
 # review the files which will be deleted, consider adding some more excludes (-e)
 # re-run without the dry-run (-n) flag to actually delete the files
 ```
+
+### search.check_ccs_compatibility error
+
+If you run into an error that says something like:
+
+```
+[class org.elasticsearch.action.search.SearchRequest] is not compatible version 8.1.0 and the 'search.check_ccs_compatibility' setting is enabled.
+```
+
+it means you are using a new Elasticsearch feature that will not work in a CCS environment because the feature does not exist in older versions. If you are working on an experimental feature and are okay with this limitation, you will have to move the failing test into a special test suite that does not use this setting to get ci to pass. Take this path cautiously. If you do not remember to move the test back into the default test suite when the feature is GA'ed, it will not have proper CCS test coverage.
+
+We added this test coverage in version `8.1` because we accidentally broke core Kibana features (for example, when Discover started using the new fields parameter) for our CCS users. CCS is not a corner case and (excluding certain experimental features) Kibana should always work for our CCS users. This setting is our way of ensuring test coverage.
+
+Please reach out to the [Kibana Operations team](https://github.com/orgs/elastic/teams/kibana-operations) if you have further questions.

dev_docs/getting_started/troubleshooting.mdx

@@ -112,34 +112,20 @@ In addition to <<authentication-provider-settings,the settings that are valid fo
 NOTE: You can configure only one anonymous provider per {kib} instance.
 
 xpack.security.authc.providers.anonymous.<provider-name>.credentials {ess-icon}::
-Credentials that {kib} should use internally to authenticate anonymous requests to {es}. Possible values are: username and password, API key, or the constant `elasticsearch_anonymous_user` if you want to leverage {ref}/anonymous-access.html[{es} anonymous access].
+Credentials that {kib} should use internally to authenticate anonymous requests to {es}.
 +
 For example:
 +
 [source,yaml]
 ----------------------------------------
-# Username and password credentials
 xpack.security.authc.providers.anonymous.anonymous1:
   credentials:
     username: "anonymous_service_account"
     password: "anonymous_service_account_password"
-
-# API key (concatenated and base64-encoded)
-xpack.security.authc.providers.anonymous.anonymous1:
-  credentials:
-    apiKey: "VnVhQ2ZHY0JDZGJrUW0tZTVhT3g6dWkybHAyYXhUTm1zeWFrdzl0dk5udw=="
-
-# API key (as returned from Elasticsearch API)
-xpack.security.authc.providers.anonymous.anonymous1:
-  credentials:
-    apiKey.id: "VuaCfGcBCdbkQm-e5aOx"
-    apiKey.key: "ui2lp2axTNmsyakw9tvNnw"
-
-# Elasticsearch anonymous access
-xpack.security.authc.providers.anonymous.anonymous1:
-  credentials: "elasticsearch_anonymous_user"
 ----------------------------------------
 
+For more information, refer to <<anonymous-authentication>>.
+
 [float]
 [[http-authentication-settings]]
 ==== HTTP authentication settings

docs/settings/security-settings.asciidoc

@@ -332,13 +332,11 @@ Anyone with access to the network {kib} is exposed to will be able to access {ki
 
 Anonymous authentication gives users access to {kib} without requiring them to provide credentials. This can be useful if you want your users to skip the login step when you embed dashboards in another application or set up a demo {kib} instance in your internal network, while still keeping other security features intact.
 
-To enable anonymous authentication in {kib}, you must decide what credentials the anonymous service account {kib} should use internally to authenticate anonymous requests.
+To enable anonymous authentication in {kib}, you must specify the credentials the anonymous service account {kib} should use internally to authenticate anonymous requests.
 
 NOTE: You can configure only one anonymous authentication provider per {kib} instance.
 
-There are three ways to specify these credentials:
-
-If you have a user who can authenticate to {es} using username and password, for instance from the Native or LDAP security realms, you can also use these credentials to impersonate the anonymous users. Here is how your `kibana.yml` might look if you use username and password credentials:
+You must have a user account that can authenticate to {es} using a username and password, for instance from the Native or LDAP security realms, so that you can use these credentials to impersonate the anonymous users. Here is how your `kibana.yml` might look:
 
 [source,yaml]
 -----------------------------------------------
@@ -350,45 +348,6 @@ xpack.security.authc.providers:
       password: "anonymous_service_account_password"
 -----------------------------------------------
 
-If using username and password credentials isn't desired or feasible, then you can create a dedicated <<api-keys, API key>> for the anonymous service account. In this case, your `kibana.yml` might look like this:
-
-[source,yaml]
------------------------------------------------
-xpack.security.authc.providers:
-  anonymous.anonymous1:
-    order: 0
-    credentials:
-      apiKey: "VnVhQ2ZHY0JDZGJrUW0tZTVhT3g6dWkybHAyYXhUTm1zeWFrdzl0dk5udw=="
------------------------------------------------
-
-The previous configuration snippet uses an API key string that is the result of base64-encoding of the `id` and `api_key` fields returned from the {es} API, joined by a colon. You can also specify these fields separately, and {kib} will do the concatenation and base64-encoding for you:
-
-[source,yaml]
------------------------------------------------
-xpack.security.authc.providers:
-  anonymous.anonymous1:
-    order: 0
-    credentials:
-      apiKey.id: "VuaCfGcBCdbkQm-e5aOx"
-      apiKey.key: "ui2lp2axTNmsyakw9tvNnw"
------------------------------------------------
-
-It's also possible to use {kib} anonymous access in conjunction with the {es} anonymous access.
-
-Prior to configuring {kib}, ensure that anonymous access is enabled and properly configured in {es}. See {ref}/anonymous-access.html[Enabling anonymous access] for more information.
-
-Here is how your `kibana.yml` might look like if you want to use {es} anonymous access to impersonate anonymous users in {kib}:
-
-[source,yaml]
------------------------------------------------
-xpack.security.authc.providers:
-  anonymous.anonymous1:
-    order: 0
-    credentials: "elasticsearch_anonymous_user" <1>
------------------------------------------------
-
-<1> The `elasticsearch_anonymous_user` is a special constant that indicates you want to use the {es} anonymous user.
-
 [float]
 ===== Anonymous access and other types of authentication
 

docs/user/security/authentication/index.asciidoc

@@ -220,6 +220,7 @@
     "@types/mapbox__vector-tile": "1.3.0",
     "@types/moment-duration-format": "^2.2.3",
     "@types/react-is": "^16.7.1",
+    "@types/rrule": "^2.2.9",
     "JSONStream": "1.3.5",
     "abort-controller": "^3.0.0",
     "antlr4ts": "^0.5.0-alpha.3",
@@ -309,6 +310,7 @@
     "loader-utils": "^1.2.3",
     "lodash": "^4.17.21",
     "lru-cache": "^4.1.5",
+    "luxon": "^2.3.2",
     "lz-string": "^1.4.4",
     "mapbox-gl-draw-rectangle-mode": "1.0.4",
     "maplibre-gl": "2.1.9",
@@ -405,6 +407,7 @@
     "reselect": "^4.0.0",
     "resize-observer-polyfill": "^1.5.1",
     "rison-node": "1.0.2",
+    "rrule": "2.6.4",
     "rxjs": "^7.5.5",
     "safe-squel": "^5.12.5",
     "seedrandom": "^3.0.5",

package.json

@@ -39,8 +39,9 @@ type Params = Pick<NoDataPageProps, 'solution' | 'logo'> & DataServiceFactoryCon
 
 export const PureComponent = (params: Params) => {
   const { solution, logo, hasESData, hasUserDataView } = params;
+
   const serviceParams = { hasESData, hasUserDataView, hasDataViews: false };
-  const services = servicesFactory(serviceParams);
+  const services = servicesFactory({ ...serviceParams, hasESData, hasUserDataView });
   return (
     <SharedUxServicesProvider {...services}>
       <KibanaNoDataPage
@@ -51,6 +52,26 @@ export const PureComponent = (params: Params) => {
   );
 };
 
+export const PureComponentLoadingState = () => {
+  const dataCheck = () => new Promise<boolean>((resolve, reject) => {});
+  const services = {
+    ...servicesFactory({ hasESData: false, hasUserDataView: false, hasDataViews: false }),
+    data: {
+      hasESData: dataCheck,
+      hasUserDataView: dataCheck,
+      hasDataView: dataCheck,
+    },
+  };
+  return (
+    <SharedUxServicesProvider {...services}>
+      <KibanaNoDataPage
+        onDataViewCreated={action('onDataViewCreated')}
+        noDataConfig={noDataConfig}
+      />
+    </SharedUxServicesProvider>
+  );
+};
+
 PureComponent.argTypes = {
   solution: {
     control: 'text',

packages/kbn-shared-ux-components/src/empty_state/kibana_no_data_page.stories.tsx

@@ -9,6 +9,7 @@
 import React from 'react';
 import { act } from 'react-dom/test-utils';
 
+import { EuiLoadingElastic } from '@elastic/eui';
 import { mountWithIntl } from '@kbn/test-jest-helpers';
 import { SharedUxServicesProvider, mockServicesFactory } from '@kbn/shared-ux-services';
 
@@ -68,4 +69,28 @@ describe('Kibana No Data Page', () => {
     expect(component.find(NoDataViews).length).toBe(1);
     expect(component.find(NoDataConfigPage).length).toBe(0);
   });
+
+  test('renders loading indicator', async () => {
+    const dataCheck = () => new Promise<boolean>((resolve, reject) => {});
+    const services = {
+      ...mockServicesFactory(),
+      data: {
+        hasESData: dataCheck,
+        hasUserDataView: dataCheck,
+        hasDataView: dataCheck,
+      },
+    };
+    const component = mountWithIntl(
+      <SharedUxServicesProvider {...services}>
+        <KibanaNoDataPage noDataConfig={noDataConfig} onDataViewCreated={onDataViewCreated} />
+      </SharedUxServicesProvider>
+    );
+
+    await act(() => new Promise(setImmediate));
+    component.update();
+
+    expect(component.find(EuiLoadingElastic).length).toBe(1);
+    expect(component.find(NoDataViews).length).toBe(0);
+    expect(component.find(NoDataConfigPage).length).toBe(0);
+  });
 });