Merge branch 'main' into lens/fix_breaking_flyout

.buildkite/ftr_platform_stateful_configs.yml

@@ -314,6 +314,7 @@ enabled:
  - x-pack/test/security_api_integration/saml.config.ts
  - x-pack/test/security_api_integration/saml.http2.config.ts
  - x-pack/test/security_api_integration/saml_cloud.config.ts
+ - x-pack/test/security_api_integration/chips.config.ts
  - x-pack/test/security_api_integration/session_idle.config.ts
  - x-pack/test/security_api_integration/session_invalidate.config.ts
  - x-pack/test/security_api_integration/session_lifespan.config.ts

packages/core/http/core-http-resources-server-internal/src/http_resources_service.test.ts

@@ -6,10 +6,7 @@
  * Side Public License, v 1.
  */
 
-import { getApmConfigMock } from './http_resources_service.test.mocks';
-
 import type { RouteConfig } from '@kbn/core-http-server';
-
 import { mockCoreContext } from '@kbn/core-base-server-mocks';
 import { httpServiceMock, httpServerMock } from '@kbn/core-http-server-mocks';
 import { renderingServiceMock } from '@kbn/core-rendering-server-mocks';
@@ -29,11 +26,6 @@ describe('HttpResources service', () => {
  let router: ReturnType<typeof httpServiceMock.createRouter>;
  const kibanaRequest = httpServerMock.createKibanaRequest();
  const context = createCoreRequestHandlerContextMock();
- const apmConfig = { mockApmConfig: true };
-
- beforeEach(() => {
- getApmConfigMock.mockReturnValue(apmConfig);
- });
 
  describe('#createRegistrar', () => {
  beforeEach(() => {
@@ -93,9 +85,6 @@ describe('HttpResources service', () => {
  },
  {
  isAnonymousPage: false,
- vars: {
- apmConfig,
- },
  }
  );
  });
@@ -118,9 +107,6 @@ describe('HttpResources service', () => {
  },
  {
  isAnonymousPage: true,
- vars: {
- apmConfig,
- },
  }
  );
  });

packages/core/http/core-http-resources-server-internal/src/http_resources_service.ts

@@ -33,8 +33,6 @@ import type {
 
 import type { InternalHttpResourcesSetup } from './types';
 
-import { getApmConfig } from './get_apm_config';
-
 /**
  * @internal
  */
@@ -112,13 +110,9 @@ export class HttpResourcesService implements CoreService<InternalHttpResourcesSe
  ): HttpResourcesServiceToolkit {
  return {
  async renderCoreApp(options: HttpResourcesRenderOptions = {}) {
- const apmConfig = getApmConfig(request.url.pathname);
  const { uiSettings } = await context.core;
  const body = await deps.rendering.render(request, uiSettings, {
  isAnonymousPage: false,
- vars: {
- apmConfig,
- },
  includeExposedConfigKeys: options.includeExposedConfigKeys,
  });
 
@@ -128,13 +122,9 @@ export class HttpResourcesService implements CoreService<InternalHttpResourcesSe
  });
  },
  async renderAnonymousCoreApp(options: HttpResourcesRenderOptions = {}) {
- const apmConfig = getApmConfig(request.url.pathname);
  const { uiSettings } = await context.core;
  const body = await deps.rendering.render(request, uiSettings, {
  isAnonymousPage: true,
- vars: {
- apmConfig,
- },
  includeExposedConfigKeys: options.includeExposedConfigKeys,
  });
 

packages/core/http/core-http-resources-server-internal/tsconfig.json

@@ -11,7 +11,6 @@
  "**/*.ts",
  ],
  "kbn_references": [
- "@kbn/apm-config-loader",
  "@kbn/logging",
  "@kbn/core-http-server",
  "@kbn/core-http-resources-server",

packages/core/http/core-http-server-internal/src/cookie_session_storage.ts

@@ -6,7 +6,7 @@
  * Side Public License, v 1.
  */
 
-import { Request, Server } from '@hapi/hapi';
+import { Request, Server, ServerStateCookieOptions } from '@hapi/hapi';
 import hapiAuthCookie from '@hapi/cookie';
 
 import type { Logger } from '@kbn/logging';
@@ -16,6 +16,7 @@ import type {
  SessionStorage,
  SessionStorageCookieOptions,
 } from '@kbn/core-http-server';
+
 import { ensureRawRequest } from '@kbn/core-http-router-server-internal';
 
 class ScopedCookieSessionStorage<T extends object> implements SessionStorage<T> {
@@ -76,6 +77,7 @@ export async function createCookieSessionStorageFactory<T extends object>(
  log: Logger,
  server: Server,
  cookieOptions: SessionStorageCookieOptions<T>,
+ disableEmbedding: boolean,
  basePath?: string
 ): Promise<SessionStorageFactory<T>> {
  validateOptions(cookieOptions);
@@ -101,6 +103,22 @@ export async function createCookieSessionStorageFactory<T extends object>(
  clearInvalid: false,
  isHttpOnly: true,
  isSameSite: cookieOptions.sameSite ?? false,
+ contextualize: (
+ definition: Omit<ServerStateCookieOptions, 'isSameSite'> & { isSameSite: string }
+ ) => {
+ /**
+ * This is a temporary solution to support the Partitioned attribute.
+ * Statehood performs validation for the params, but only before the contextualize function call.
+ * Since value for the isSameSite is used directly when making segment,
+ * we can leverage that to append the Partitioned attribute to the cookie.
+ *
+ * Once statehood is updated to support the Partitioned attribute, we can remove this.
+ * Issue: https://github.com/elastic/kibana/issues/188720
+ */
+ if (definition.isSameSite === 'None' && definition.isSecure && !disableEmbedding) {
+ definition.isSameSite = 'None;Partitioned';
+ }
+ },
  },
  validateFunc: async (req: Request, session: T | T[]) => {
  const result = cookieOptions.validate(session);

packages/core/http/core-http-server-internal/src/http_server.test.ts

@@ -83,6 +83,9 @@ beforeEach(() => {
  cors: {
  enabled: false,
  },
+ csp: {
+ disableEmbedding: true,
+ },
  cdn: {},
  shutdownTimeout: moment.duration(500, 'ms'),
  } as any;

packages/core/http/core-http-server-internal/src/http_server.ts

@@ -290,7 +290,12 @@ export class HttpServer {
  registerOnPreResponse: this.registerOnPreResponse.bind(this),
  createCookieSessionStorageFactory: <T extends object>(
  cookieOptions: SessionStorageCookieOptions<T>
- ) => this.createCookieSessionStorageFactory(cookieOptions, config.basePath),
+ ) =>
+ this.createCookieSessionStorageFactory(
+ cookieOptions,
+ config.csp.disableEmbedding,
+ config.basePath
+ ),
  basePath: basePathService,
  csp: config.csp,
  auth: {
@@ -553,6 +558,7 @@ export class HttpServer {
 
  private async createCookieSessionStorageFactory<T extends object>(
  cookieOptions: SessionStorageCookieOptions<T>,
+ disableEmbedding: boolean,
  basePath?: string
  ) {
  if (this.server === undefined) {
@@ -569,6 +575,7 @@ export class HttpServer {
  this.logger.get('http', 'server', this.name, 'cookie-session-storage'),
  this.server,
  cookieOptions,
+ disableEmbedding,
  basePath
  );
  return sessionStorageFactory;

packages/core/injected-metadata/core-injected-metadata-browser-internal/src/injected_metadata_service.test.ts

@@ -159,79 +159,3 @@ describe('setup.getLegacyMetadata()', () => {
  }).toThrowError();
  });
 });
-
-describe('setup.getInjectedVar()', () => {
- it('returns values from injectedMetadata.vars', () => {
- const setup = new InjectedMetadataService({
- injectedMetadata: {
- vars: {
- foo: {
- bar: '1',
- },
- 'baz:box': {
- foo: 2,
- },
- },
- },
- } as any).setup();
-
- expect(setup.getInjectedVar('foo')).toEqual({
- bar: '1',
- });
- expect(setup.getInjectedVar('foo.bar')).toBe('1');
- expect(setup.getInjectedVar('baz:box')).toEqual({
- foo: 2,
- });
- expect(setup.getInjectedVar('')).toBe(undefined);
- });
-
- it('returns read-only values', () => {
- const setup = new InjectedMetadataService({
- injectedMetadata: {
- vars: {
- foo: {
- bar: 1,
- },
- },
- },
- } as any).setup();
-
- const foo: any = setup.getInjectedVar('foo');
- expect(() => {
- foo.bar = 2;
- }).toThrowErrorMatchingInlineSnapshot(
- `"Cannot assign to read only property 'bar' of object '#<Object>'"`
- );
- expect(() => {
- foo.newProp = 2;
- }).toThrowErrorMatchingInlineSnapshot(
- `"Cannot add property newProp, object is not extensible"`
- );
- });
-});
-
-describe('setup.getInjectedVars()', () => {
- it('returns all injected vars, readonly', () => {
- const setup = new InjectedMetadataService({
- injectedMetadata: {
- vars: {
- foo: {
- bar: 1,
- },
- },
- },
- } as any).setup();
-
- const vars: any = setup.getInjectedVars();
- expect(() => {
- vars.foo = 2;
- }).toThrowErrorMatchingInlineSnapshot(
- `"Cannot assign to read only property 'foo' of object '#<Object>'"`
- );
- expect(() => {
- vars.newProp = 2;
- }).toThrowErrorMatchingInlineSnapshot(
- `"Cannot add property newProp, object is not extensible"`
- );
- });
-});

packages/core/injected-metadata/core-injected-metadata-browser-internal/src/injected_metadata_service.ts

@@ -6,7 +6,6 @@
  * Side Public License, v 1.
  */
 
-import { get } from 'lodash';
 import { deepFreeze } from '@kbn/std';
 import type { InjectedMetadata } from '@kbn/core-injected-metadata-common-internal';
 import type {
@@ -76,14 +75,6 @@ export class InjectedMetadataService {
  return this.state.legacyMetadata;
  },
 
- getInjectedVar: (name: string, defaultValue?: any): unknown => {
- return get(this.state.vars, name, defaultValue);
- },
-
- getInjectedVars: () => {
- return this.state.vars;
- },
-
  getKibanaBuildNumber: () => {
  return this.state.buildNumber;
  },

packages/core/injected-metadata/core-injected-metadata-browser-internal/src/types.ts

@@ -56,10 +56,6 @@ export interface InternalInjectedMetadataSetup {
  user?: Record<string, any> | undefined;
  };
  };
- getInjectedVar: (name: string, defaultValue?: any) => unknown;
- getInjectedVars: () => {
- [key: string]: unknown;
- };
  getCustomBranding: () => CustomBranding;
 }
 

packages/core/injected-metadata/core-injected-metadata-browser-mocks/src/injected_metadata_service.mock.ts

@@ -27,8 +27,6 @@ const createSetupContractMock = () => {
  getLegacyMetadata: jest.fn(),
  getTheme: jest.fn(),
  getPlugins: jest.fn(),
- getInjectedVar: jest.fn(),
- getInjectedVars: jest.fn(),
  getKibanaBuildNumber: jest.fn(),
  getCustomBranding: jest.fn(),
  };

packages/core/injected-metadata/core-injected-metadata-common-internal/src/types.ts

@@ -71,7 +71,7 @@ export interface InjectedMetadata {
  warnLegacyBrowsers: boolean;
  };
  externalUrl: { policy: InjectedMetadataExternalUrlPolicy[] };
- vars: Record<string, any>;
+ apmConfig: Record<string, unknown> | null;
  uiPlugins: InjectedMetadataPlugin[];
  legacyMetadata: {
  uiSettings: {