Skip to content

Commit

Permalink
Merge branch 'master' into ingest/fix/ds-from-pkg
Browse files Browse the repository at this point in the history
  • Loading branch information
elasticmachine authored May 14, 2020
2 parents b5c807d + d560145 commit 99d602f
Show file tree
Hide file tree
Showing 41 changed files with 713 additions and 239 deletions.
2 changes: 1 addition & 1 deletion .eslintrc.js
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ module.exports = {
* Licence headers
*/
{
files: ['**/*.{js,ts,tsx}'],
files: ['**/*.{js,ts,tsx}', '!plugins/**/*'],
rules: {
'@kbn/eslint/require-license-header': [
'error',
Expand Down
Binary file modified docs/apm/images/apm-agent-configuration.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/apm/images/apm-alert.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/apm/images/apm-errors-overview.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/apm/images/apm-query-bar.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/apm/images/apm-services-overview.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/apm/images/apm-settings.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/apm/images/apm-setup.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/apm/images/apm-traces.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/apm/images/apm-transaction-response-dist.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/apm/images/apm-transactions-overview.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/apm/images/jvm-metrics-overview.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/apm/images/jvm-metrics.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
8 changes: 6 additions & 2 deletions docs/apm/metrics.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,12 @@ For example, you might be able to correlate a high number of errors with a long
[role="screenshot"]
image::apm/images/apm-metrics.png[Example view of the Metrics overview in APM app in Kibana]

If you're using the Java Agent, the metrics view focuses on JVMs.
A detailed view of metrics per JVM makes it much easier to analyze the provided metrics:
If you're using the Java Agent, you can view metrics for each JVM.

[role="screenshot"]
image::apm/images/jvm-metrics-overview.png[Example view of the Metrics overview for the Java Agent]

Breaking down metrics by JVM makes it much easier to analyze the provided metrics:
CPU usage, memory usage, heap or non-heap memory,
thread count, garbage collection rate, and garbage collection time spent per minute.

Expand Down
67 changes: 33 additions & 34 deletions docs/setup/settings.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -225,11 +225,11 @@ If you configure a custom index, the name must be lowercase, and conform to the
{es} {ref}/indices-create-index.html[index name limitations].
*Default: `".kibana"`*

| `kibana.autocompleteTimeout:`
| `kibana.autocompleteTimeout:` {ess-icon}
| Time in milliseconds to wait for autocomplete suggestions from {es}.
This value must be a whole number greater than zero. *Default: `"1000"`*

| `kibana.autocompleteTerminateAfter:`
| `kibana.autocompleteTerminateAfter:` {ess-icon}
| Maximum number of documents loaded by each shard to generate autocomplete
suggestions. This value must be a whole number greater than zero.
*Default: `"100000"`*
Expand Down Expand Up @@ -300,11 +300,11 @@ suppress all logging output. *Default: `false`*
(for example, `America/Los_Angeles`) to log events using that timezone. For a
list of timezones, refer to https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. *Default: `UTC`*

| [[logging-verbose]] `logging.verbose:`
| [[logging-verbose]] `logging.verbose:` {ece-icon}
| Set to `true` to log all events, including system usage information and all
requests. Supported on {ece}. *Default: `false`*
requests. *Default: `false`*

| `map.includeElasticMapsService:`
| `map.includeElasticMapsService:` {ess-icon}
| Set to `false` to disable connections to Elastic Maps Service.
When `includeElasticMapsService` is turned off, only the vector layers configured by `map.regionmap`
and the tile layer configured by `map.tilemap.url` are available in <<maps, Maps>>. *Default: `true`*
Expand All @@ -313,9 +313,9 @@ and the tile layer configured by `map.tilemap.url` are available in <<maps, Maps
| Set to `true` to proxy all <<maps, Maps application>> Elastic Maps Service
requests through the {kib} server. *Default: `false`*

| [[regionmap-settings]] `map.regionmap:`
| [[regionmap-settings]] `map.regionmap:` {ess-icon} {ece-icon}
| Specifies additional vector layers for
use in <<maps, Maps>> visualizations. Supported on {ece}. Each layer
use in <<maps, Maps>> visualizations. Each layer
object points to an external vector file that contains a geojson
FeatureCollection. The file must use the
https://en.wikipedia.org/wiki/World_Geodetic_System[WGS84 coordinate reference system (ESPG:4326)]
Expand Down Expand Up @@ -343,20 +343,19 @@ map.regionmap:
[cols="2*<"]
|===

| [[regionmap-ES-map]] `map.includeElasticMapsService:`
| [[regionmap-ES-map]] `map.includeElasticMapsService:` {ece-icon}
| Turns on or off whether layers from the Elastic Maps Service should be included in the vector
layer option list. Supported on {ece}. By turning this off,
layer option list. By turning this off,
only the layers that are configured here will be included. The default is `true`.
This also affects whether tile-service from the Elastic Maps Service will be available.

| [[regionmap-attribution]] `map.regionmap.layers[].attribution:`
| [[regionmap-attribution]] `map.regionmap.layers[].attribution:` {ess-icon} {ece-icon}
| Optional. References the originating source of the geojson file.
Supported on {ece}.

| [[regionmap-fields]] `map.regionmap.layers[].fields[]:`
| [[regionmap-fields]] `map.regionmap.layers[].fields[]:` {ess-icon} {ece-icon}
| Mandatory. Each layer
can contain multiple fields to indicate what properties from the geojson
features you wish to expose. Supported on {ece}. The following shows how to define multiple
features you wish to expose. The following shows how to define multiple
properties:

|===
Expand All @@ -379,44 +378,44 @@ map.regionmap:
[cols="2*<"]
|===

| [[regionmap-field-description]] `map.regionmap.layers[].fields[].description:`
| [[regionmap-field-description]] `map.regionmap.layers[].fields[].description:` {ess-icon} {ece-icon}
| Mandatory. The human readable text that is shown under the Options tab when
building the Region Map visualization. Supported on {ece}.
building the Region Map visualization.

| [[regionmap-field-name]] `map.regionmap.layers[].fields[].name:`
| [[regionmap-field-name]] `map.regionmap.layers[].fields[].name:` {ess-icon} {ece-icon}
| Mandatory.
This value is used to do an inner-join between the document stored in
{es} and the geojson file. For example, if the field in the geojson is
called `Location` and has city names, there must be a field in {es}
that holds the same values that {kib} can then use to lookup for the geoshape
data. Supported on {ece}.
data.

| [[regionmap-name]] `map.regionmap.layers[].name:`
| [[regionmap-name]] `map.regionmap.layers[].name:` {ess-icon} {ece-icon}
| Mandatory. A description of
the map being provided. Supported on {ece}.
the map being provided.

| [[regionmap-url]] `map.regionmap.layers[].url:`
| [[regionmap-url]] `map.regionmap.layers[].url:` {ess-icon} {ece-icon}
| Mandatory. The location of the
geojson file as provided by a webserver. Supported on {ece}.
geojson file as provided by a webserver.

| [[tilemap-settings]] `map.tilemap.options.attribution:`
| The map attribution string. Supported on {ece}.
| [[tilemap-settings]] `map.tilemap.options.attribution:` {ess-icon} {ece-icon}
| The map attribution string.
*Default: `"© [Elastic Maps Service](https://www.elastic.co/elastic-maps-service)"`*

| [[tilemap-max-zoom]] `map.tilemap.options.maxZoom:`
| The maximum zoom level. Supported on {ece}. *Default: `10`*
| [[tilemap-max-zoom]] `map.tilemap.options.maxZoom:` {ess-icon} {ece-icon}
| The maximum zoom level. *Default: `10`*

| [[tilemap-min-zoom]] `map.tilemap.options.minZoom:`
| The minimum zoom level. Supported on {ece}. *Default: `1`*
| [[tilemap-min-zoom]] `map.tilemap.options.minZoom:` {ess-icon} {ece-icon}
| The minimum zoom level. *Default: `1`*

| [[tilemap-subdomains]] `map.tilemap.options.subdomains:`
| [[tilemap-subdomains]] `map.tilemap.options.subdomains:` {ess-icon} {ece-icon}
| An array of subdomains
used by the tile service. Specify the position of the subdomain the URL with
the token `{s}`. Supported on {ece}.
the token `{s}`.

| [[tilemap-url]] `map.tilemap.url:`
| [[tilemap-url]] `map.tilemap.url:` {ess-icon} {ece-icon}
| The URL to the tileservice that {kib} uses
to display map tiles in tilemap visualizations. Supported on {ece}. By default,
to display map tiles in tilemap visualizations. By default,
{kib} reads this URL from an external metadata service, but users can
override this parameter to use their own Tile Map Service. For example:
`"https://tiles.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana"`
Expand Down Expand Up @@ -451,7 +450,7 @@ deprecation warning at startup. This setting cannot end in a slash (`/`).
proxy sitting in front of it. This determines whether HTTP compression may be used for responses, based on the request `Referer` header.
This setting may not be used when `server.compression.enabled` is set to `false`. *Default: `none`*

| `server.customResponseHeaders:`
| `server.customResponseHeaders:` {ess-icon}
| Header names and values to
send on all responses to the client from the {kib} server. *Default: `{}`*

Expand Down Expand Up @@ -610,7 +609,7 @@ us improve your user experience. Your data is never shared with anyone. Set to
`false` to disable telemetry capabilities entirely. You can alternatively opt
out through *Advanced Settings*. *Default: `true`*

| `vis_type_vega.enableExternalUrls:`
| `vis_type_vega.enableExternalUrls:` {ess-icon}
| Set this value to true to allow Vega to use any URL to access external data
sources and images. When false, Vega can only get data from {es}. *Default: `false`*

Expand All @@ -622,7 +621,7 @@ disable the License Management UI. *Default: `true`*
| Set this value to false to disable the
Rollup UI. *Default: true*

| `i18n.locale`
| `i18n.locale` {ess-icon}
| Set this value to change the {kib} interface language.
Valid locales are: `en`, `zh-CN`, `ja-JP`. *Default: `en`*

Expand Down
13 changes: 2 additions & 11 deletions docs/user/getting-started.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,9 @@ Ready to try out {kib} and see what it can do? To quickest way to get started wi

[float]
[[cloud-set-up]]
== Set up on Cloud
== Set up on cloud

To access {kib} in a single click, run our hosted Elasticsearch Service on Elastic Cloud.

. Log into the link:https://cloud.elastic.co/[Elasticsearch Service Console].
If you need an account, register for a link:https://www.elastic.co/cloud/elasticsearch-service/signup[free 14-day trial].

. Click *Create deployment*, then give your deployment a name.

. To use the default options, click *Create deployment*. You can modify the other deployment options, but the default options are great to get started.

Be sure to copy down the password for the `elastic` user and Cloud ID information. You'll need that later.
include::{docs-root}/shared/cloud/ess-getting-started.asciidoc[]

[float]
[[get-data-in]]
Expand Down
81 changes: 49 additions & 32 deletions docs/user/security/api-keys/index.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,18 @@
=== API Keys


API keys enable you to create secondary credentials so that you can send
requests on behalf of the user. Secondary credentials have
the same or lower access rights.
API keys enable you to create secondary credentials so that you can send
requests on behalf of the user. Secondary credentials have
the same or lower access rights.

For example, if you extract data from an {es} cluster on a daily
basis, you might create an API key tied to your credentials,
configure it with minimum access,
basis, you might create an API key tied to your credentials,
configure it with minimum access,
and then put the API credentials into a cron job.
Or, you might create API keys to automate ingestion of new data from
remote sources, without a live user interaction.
Or, you might create API keys to automate ingestion of new data from
remote sources, without a live user interaction.

You can create API keys from the {kib} Console. To view and invalidate
You can create API keys from the {kib} Console. To view and invalidate
API keys, use *Management > Security > API Keys*.

[role="screenshot"]
Expand All @@ -24,63 +24,80 @@ image:user/security/api-keys/images/api-keys.png["API Keys UI"]
[[api-keys-service]]
=== {es} API key service

The {es} API key service is automatically enabled when you configure
{ref}/configuring-tls.html#tls-http[TLS on the HTTP interface].
The {es} API key service is automatically enabled when you configure
{ref}/configuring-tls.html#tls-http[TLS on the HTTP interface].
This ensures that clients are unable to send API keys in clear-text.

When HTTPS connections are not enabled between {kib} and {es},
When HTTPS connections are not enabled between {kib} and {es},
you cannot create or manage API keys, and you get an error message.
For more information, see the
{ref}/security-api-create-api-key.html[{es} API key documentation],
For more information, see the
{ref}/security-api-create-api-key.html[{es} API key documentation],
or contact your system administrator.

[float]
[[api-keys-security-privileges]]
=== Security privileges

You must have the `manage_security`, `manage_api_key`, or the `manage_own_api_key`
cluster privileges to use API keys in {kib}. You can manage roles in
*Management > Security > Roles*, or use the <<role-management-api, {kib} Role Management API>>.
You must have the `manage_security`, `manage_api_key`, or the `manage_own_api_key`
cluster privileges to use API keys in {kib}. You can manage roles in
*Management > Security > Roles*, or use the <<role-management-api, {kib} Role Management API>>.


[float]
[[create-api-key]]
=== Create an API key
You can {ref}/security-api-create-api-key.html[create an API key] from
the Kibana Console. For example:
You can {ref}/security-api-create-api-key.html[create an API key] from
the {kib} Console. This example shows how to create an API key
to authenticate to a <<api, Kibana API>>.

[source,js]
POST /_security/api_key
{
"name": "my_api_key",
"expiration": "1d"
"name": "kibana_api_key",
}

This creates an API key with the name `my_api_key` that
expires after one day. API key names must be globally unique.
An expiration date is optional and follows {ref}/common-options.html#time-units[{es} time unit format].
This creates an API key with the
name `kibana_api_key`. API key
names must be globally unique.
An expiration date is optional and follows
{ref}/common-options.html#time-units[{es} time unit format].
When an expiration is not provided, the API key does not expire.

The response should look something like this:

[source,js]
{
"id" : "XFcbCnIBnbwqt2o79G4q",
"name" : "kibana_api_key",
"api_key" : "FD6P5UA4QCWlZZQhYF3YGw"
}

Now, you can use the API key to request {kib} roles. You will need
to base64-encode the `id` and `api_key` provided in the response
and add it to your request as an authorization header. For example:

[source,js]
curl --location --request GET 'http://localhost:5601/api/security/role' \
--header 'Content-Type: application/json;charset=UTF-8' \
--header 'kbn-xsrf: true' \
--header 'Authorization: ApiKey aVZlLUMzSUJuYndxdDJvN0k1bU46aGxlYUpNS2lTa2FKeVZua1FnY1VEdw==' \

[float]
[[view-api-keys]]
=== View and invalidate API keys
The *API Keys* UI lists your API keys, including the name, date created,
The *API Keys* feature in Kibana lists your API keys, including the name, date created,
and expiration date. If an API key expires, its status changes from `Active` to `Expired`.

If you have `manage_security` or `manage_api_key` permissions,
you can view the API keys of all users, and see which API key was
If you have `manage_security` or `manage_api_key` permissions,
you can view the API keys of all users, and see which API key was
created by which user in which realm.
If you have only the `manage_own_api_key` permission, you see only a list of your own keys.

You can invalidate API keys individually or in bulk.
You can invalidate API keys individually or in bulk.
Invalidated keys are deleted in batch after seven days.

[role="screenshot"]
image:user/security/api-keys/images/api-key-invalidate.png["API Keys invalidate"]

You cannot modify an API key. If you need additional privileges,
You cannot modify an API key. If you need additional privileges,
you must create a new key with the desired configuration and invalidate the old key.




29 changes: 13 additions & 16 deletions packages/kbn-es/src/utils/native_realm.js
Original file line number Diff line number Diff line change
Expand Up @@ -76,10 +76,6 @@ exports.NativeRealm = class NativeRealm {
}

const reservedUsers = await this.getReservedUsers();
if (!reservedUsers || reservedUsers.length < 1) {
throw new Error('no reserved users found, unable to set native realm passwords');
}

await Promise.all(
reservedUsers.map(async user => {
await this.setPassword(user, options[`password.${user}`]);
Expand All @@ -88,16 +84,18 @@ exports.NativeRealm = class NativeRealm {
}

async getReservedUsers() {
const users = await this._autoRetry(async () => {
return await this._client.security.getUser();
});
return await this._autoRetry(async () => {
const resp = await this._client.security.getUser();
const usernames = Object.keys(resp.body).filter(
user => resp.body[user].metadata._reserved === true
);

return Object.keys(users.body).reduce((acc, user) => {
if (users.body[user].metadata._reserved === true) {
acc.push(user);
if (!usernames?.length) {
throw new Error('no reserved users found, unable to set native realm passwords');
}
return acc;
}, []);

return usernames;
});
}

async isSecurityEnabled() {
Expand Down Expand Up @@ -125,10 +123,9 @@ exports.NativeRealm = class NativeRealm {
throw error;
}

this._log.warning(
'assuming [elastic] user not available yet, waiting 1.5 seconds and trying again'
);
await new Promise(resolve => setTimeout(resolve, 1500));
const sec = 1.5 * attempt;
this._log.warning(`assuming ES isn't initialized completely, trying again in ${sec} seconds`);
await new Promise(resolve => setTimeout(resolve, sec * 1000));
return await this._autoRetry(fn, attempt + 1);
}
}
Expand Down
1 change: 1 addition & 0 deletions src/plugins/bfetch/server/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import { PluginInitializerContext } from '../../../core/server';
import { BfetchServerPlugin } from './plugin';

export { BfetchServerSetup, BfetchServerStart, BatchProcessingRouteParams } from './plugin';
export { StreamingRequestHandler } from './types';

export function plugin(initializerContext: PluginInitializerContext) {
return new BfetchServerPlugin(initializerContext);
Expand Down
Loading

0 comments on commit 99d602f

Please sign in to comment.