Merge branch 'master' into node-options-from-cfg-file

.ci/Dockerfile

@@ -0,0 +1,35 @@
+ARG NODE_VERSION=10.21.0
+
+FROM node:${NODE_VERSION} AS base
+
+RUN apt-get update && \
+ apt-get -y install xvfb gconf-service libasound2 libatk1.0-0 libc6 libcairo2 libcups2 \
+ libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 \
+ libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 \
+ libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 \
+ libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget openjdk-8-jre && \
+ rm -rf /var/lib/apt/lists/*
+
+RUN curl -sSL https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \
+ && sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \
+ && apt-get update \
+ && apt-get install -y rsync jq bsdtar google-chrome-stable \
+ --no-install-recommends \
+ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+RUN LATEST_VAULT_RELEASE=$(curl -s https://api.github.com/repos/hashicorp/vault/tags | jq --raw-output .[0].name[1:]) \
+ && curl -L https://releases.hashicorp.com/vault/${LATEST_VAULT_RELEASE}/vault_${LATEST_VAULT_RELEASE}_linux_amd64.zip -o vault.zip \
+ && unzip vault.zip \
+ && rm vault.zip \
+ && chmod +x vault \
+ && mv vault /usr/local/bin/vault
+
+RUN groupadd -r kibana && useradd -r -g kibana kibana && mkdir /home/kibana && chown kibana:kibana /home/kibana
+
+COPY ./bash_standard_lib.sh /usr/local/bin/bash_standard_lib.sh
+RUN chmod +x /usr/local/bin/bash_standard_lib.sh
+
+COPY ./runbld /usr/local/bin/runbld
+RUN chmod +x /usr/local/bin/runbld
+
+USER kibana

.ci/runbld_no_junit.yml

@@ -3,4 +3,4 @@
 profiles:
 - ".*": # Match any job
  tests:
- junit-filename-pattern: "8d8bd494-d909-4e67-a052-7e8b5aaeb5e4" # A bogus path that should never exist
+ junit-filename-pattern: false

.github/CODEOWNERS

@@ -144,6 +144,7 @@
 /x-pack/plugins/licensing/ @elastic/kibana-platform
 /x-pack/plugins/global_search/ @elastic/kibana-platform
 /x-pack/plugins/cloud/ @elastic/kibana-platform
+/x-pack/test/saved_objects_field_count/ @elastic/kibana-platform
 /packages/kbn-config-schema/ @elastic/kibana-platform
 /src/legacy/server/config/ @elastic/kibana-platform
 /src/legacy/server/http/ @elastic/kibana-platform

.gitignore

@@ -48,6 +48,8 @@ npm-debug.log*
 .tern-project
 .nyc_output
 .ci/pipeline-library/build/
+.ci/runbld
+.ci/bash_standard_lib.sh
 .gradle
 
 # apm plugin

Jenkinsfile

@@ -8,49 +8,7 @@ kibanaPipeline(timeoutMinutes: 155, checkPrChanges: true, setCommitStatus: true)
  ciStats.trackBuild {
  catchError {
  retryable.enable()
- parallel([
- 'kibana-intake-agent': workers.intake('kibana-intake', './test/scripts/jenkins_unit.sh'),
- 'x-pack-intake-agent': workers.intake('x-pack-intake', './test/scripts/jenkins_xpack.sh'),
- 'kibana-oss-agent': workers.functional('kibana-oss-tests', { kibanaPipeline.buildOss() }, [
- 'oss-firefoxSmoke': kibanaPipeline.functionalTestProcess('kibana-firefoxSmoke', './test/scripts/jenkins_firefox_smoke.sh'),
- 'oss-ciGroup1': kibanaPipeline.ossCiGroupProcess(1),
- 'oss-ciGroup2': kibanaPipeline.ossCiGroupProcess(2),
- 'oss-ciGroup3': kibanaPipeline.ossCiGroupProcess(3),
- 'oss-ciGroup4': kibanaPipeline.ossCiGroupProcess(4),
- 'oss-ciGroup5': kibanaPipeline.ossCiGroupProcess(5),
- 'oss-ciGroup6': kibanaPipeline.ossCiGroupProcess(6),
- 'oss-ciGroup7': kibanaPipeline.ossCiGroupProcess(7),
- 'oss-ciGroup8': kibanaPipeline.ossCiGroupProcess(8),
- 'oss-ciGroup9': kibanaPipeline.ossCiGroupProcess(9),
- 'oss-ciGroup10': kibanaPipeline.ossCiGroupProcess(10),
- 'oss-ciGroup11': kibanaPipeline.ossCiGroupProcess(11),
- 'oss-ciGroup12': kibanaPipeline.ossCiGroupProcess(12),
- 'oss-accessibility': kibanaPipeline.functionalTestProcess('kibana-accessibility', './test/scripts/jenkins_accessibility.sh'),
- // 'oss-visualRegression': kibanaPipeline.functionalTestProcess('visualRegression', './test/scripts/jenkins_visual_regression.sh'),
- ]),
- 'kibana-xpack-agent': workers.functional('kibana-xpack-tests', { kibanaPipeline.buildXpack() }, [
- 'xpack-firefoxSmoke': kibanaPipeline.functionalTestProcess('xpack-firefoxSmoke', './test/scripts/jenkins_xpack_firefox_smoke.sh'),
- 'xpack-ciGroup1': kibanaPipeline.xpackCiGroupProcess(1),
- 'xpack-ciGroup2': kibanaPipeline.xpackCiGroupProcess(2),
- 'xpack-ciGroup3': kibanaPipeline.xpackCiGroupProcess(3),
- 'xpack-ciGroup4': kibanaPipeline.xpackCiGroupProcess(4),
- 'xpack-ciGroup5': kibanaPipeline.xpackCiGroupProcess(5),
- 'xpack-ciGroup6': kibanaPipeline.xpackCiGroupProcess(6),
- 'xpack-ciGroup7': kibanaPipeline.xpackCiGroupProcess(7),
- 'xpack-ciGroup8': kibanaPipeline.xpackCiGroupProcess(8),
- 'xpack-ciGroup9': kibanaPipeline.xpackCiGroupProcess(9),
- 'xpack-ciGroup10': kibanaPipeline.xpackCiGroupProcess(10),
- 'xpack-accessibility': kibanaPipeline.functionalTestProcess('xpack-accessibility', './test/scripts/jenkins_xpack_accessibility.sh'),
- // 'xpack-pageLoadMetrics': kibanaPipeline.functionalTestProcess('xpack-pageLoadMetrics', './test/scripts/jenkins_xpack_page_load_metrics.sh'),
- 'xpack-securitySolutionCypress': { processNumber ->
- whenChanged(['x-pack/plugins/security_solution/', 'x-pack/test/security_solution_cypress/']) {
- kibanaPipeline.functionalTestProcess('xpack-securitySolutionCypress', './test/scripts/jenkins_security_solution_cypress.sh')(processNumber)
- }
- },
-
- // 'xpack-visualRegression': kibanaPipeline.functionalTestProcess('xpack-visualRegression', './test/scripts/jenkins_xpack_visual_regression.sh'),
- ]),
- ])
+ kibanaPipeline.allCiTasks()
  }
  }
  }

docs/apm/api.asciidoc

@@ -10,6 +10,7 @@ Some APM app features are provided via a REST API:
 
 * <<agent-config-api>>
 * <<apm-annotation-api>>
+* <<kibana-api,Kibana API>>
 
 [float]
 [[apm-api-example]]
@@ -355,6 +356,7 @@ allowing you to easily see how these events are impacting the performance of you
 
 By default, annotations are stored in a newly created `observability-annotations` index.
 The name of this index can be changed in your `config.yml` by editing `xpack.observability.annotations.index`.
+If you change the default index name, you'll also need to <<apm-app-annotation-user-create,update your user privileges>> accordingly.
 
 The following APIs are available:
 
@@ -467,3 +469,87 @@ curl -X POST \
  }
 }
 --------------------------------------------------
+
+////
+*******************************************************
+////
+
+[[kibana-api]]
+=== Kibana API
+
+In addition to the APM specific API endpoints, Kibana provides its own <<api,REST API>>
+which you can use to automate certain aspects of configuring and deploying Kibana.
+An example is below.
+
+[[api-create-apm-index-pattern]]
+==== Customize the APM index pattern
+
+As an alternative to updating <<apm-settings-in-kibana,`apm_oss.indexPattern`>> in your `kibana.yml` configuration file,
+you can use Kibana's <<saved-objects-api-update,update object API>> to update the default APM index pattern on the fly.
+
+The following example sets the default APM app index pattern to `some-other-pattern-*`:
+
+[source,sh]
+----
+curl -X PUT "localhost:5601/api/saved_objects/index-pattern/apm_static_index_pattern_id" \ <1>
+-H 'Content-Type: application/json' \
+-H 'kbn-xsrf: true' \
+-H 'Authorization: Basic ${YOUR_AUTH_TOKEN}' \
+-d' {
+ "attributes": {
+ "title": "some-other-pattern-*", <2>
+ }
+ }'
+----
+<1> `apm_static_index_pattern_id` is the internal, hard-coded ID of the APM index pattern.
+This value should not be changed
+<2> Your custom index pattern matcher.
+
+The API returns the following:
+
+[source,json]
+----
+{
+ "id":"apm_static_index_pattern_id",
+ "type":"index-pattern",
+ "updated_at":"2020-07-06T22:55:59.555Z",
+ "version":"WzYsMV0=",
+ "attributes":{
+ "title":"some-other-pattern-*"
+ }
+}
+----
+
+To view the new APM app index pattern, use the <<saved-objects-api-get,GET object API>>:
+
+[source,sh]
+----
+curl -X GET "localhost:5601/api/saved_objects/index-pattern/apm_static_index_pattern_id" \ <1>
+-H 'kbn-xsrf: true' \
+-H 'Authorization: Basic ${YOUR_AUTH_TOKEN}'
+----
+<1> `apm_static_index_pattern_id` is the internal, hard-coded ID of the APM index pattern.
+
+The API returns the following:
+
+[source,json]
+----
+{
+ "id":"apm_static_index_pattern_id",
+ "type":"index-pattern",
+ "updated_at":"2020-07-06T22:55:59.555Z",
+ "version":"WzYsMV0=",
+ "attributes":{...}
+ "fieldFormatMap":"{...}
+ "fields":"[{...},{...},...]
+ "sourceFilters":"[{\"value\":\"sourcemap.sourcemap\"}]",
+ "timeFieldName":"@timestamp",
+ "title":"some-other-pattern-*"
+ },
+ ...
+}
+----
+
+// More examples will go here
+
+More information on Kibana's API is available in <<api,REST API>>.

docs/apm/apm-app-users.asciidoc

@@ -4,7 +4,7 @@
 
 :beat_default_index_prefix: apm
 :beat_kib_app: APM app
-:annotation_index: `observability-annotations`
+:annotation_index: observability-annotations
 
 ++++
 <titleabbrev>Users and privileges</titleabbrev>
@@ -102,6 +102,54 @@ Here are two examples:
 *********************************** ***********************************
 ////
 
+[role="xpack"]
+[[apm-app-annotation-user-create]]
+=== APM app annotation user
+
+++++
+<titleabbrev>Create an annotation user</titleabbrev>
+++++
+
+NOTE: By default, the `apm_user` built-in role provides access to Observability annotations.
+You only need to create an annotation user if the default annotation index
+defined in <<apm-settings-kb,`xpack.observability.annotations.index`>> has been customized.
+
+[[apm-app-annotation-user]]
+==== Annotation user
+
+View deployment annotations in the APM app.
+
+. Create a new role, named something like `annotation_user`,
+and assign the following privileges:
++
+[options="header"]
+|====
+|Type | Privilege | Purpose
+
+|Index
+|`read` on +\{ANNOTATION_INDEX\}+^1^
+|Read-only access to the observability annotation index
+
+|Index
+|`view_index_metadata` on +\{ANNOTATION_INDEX\}+^1^
+|Read-only access to observability annotation index metadata
+|====
++
+^1^ +\{ANNOTATION_INDEX\}+ should be the index name you've defined in
+<<apm-settings-kb,`xpack.observability.annotations.index`>>.
+
+. Assign the `annotation_user` created previously, and the built-in roles necessary to create
+a <<apm-app-reader-full,full>> or <<apm-app-reader-partial,partial>> APM reader to any users that need to view annotations in the APM app
+
+[[apm-app-annotation-api]]
+==== Annotation API
+
+See <<apm-app-api-user>>.
+
+////
+*********************************** ***********************************
+////
+
 [role="xpack"]
 [[apm-app-central-config-user]]
 === APM app central config user

docs/apm/set-up.asciidoc

@@ -25,7 +25,8 @@ simply click *Load Kibana objects* at the bottom of the Setup Instructions.
 [role="screenshot"]
 image::apm/images/apm-index-pattern.png[Setup index pattern for APM in Kibana]
 
-To use a custom index pattern, see <<apm-settings-in-kibana>>.
+TIP: To use a custom index pattern,
+adjust Kibana's <<apm-settings-in-kibana,settings>> or use the <<api-create-apm-index-pattern,Kibana API>>.
 
 [float]
 [[apm-getting-started-next]]

docs/development/core/server/kibana-plugin-core-server.auditableevent.md

@@ -0,0 +1,25 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [AuditableEvent](./kibana-plugin-core-server.auditableevent.md)
+
+## AuditableEvent interface
+
+Event to audit.
+
+<b>Signature:</b>
+
+```typescript
+export interface AuditableEvent 
+```
+
+## Remarks
+
+Not a complete interface.
+
+## Properties
+
+| Property | Type | Description |
+| --- | --- | --- |
+| [message](./kibana-plugin-core-server.auditableevent.message.md) | <code>string</code> | |
+| [type](./kibana-plugin-core-server.auditableevent.type.md) | <code>string</code> | |
+

docs/development/core/server/kibana-plugin-core-server.auditableevent.message.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [AuditableEvent](./kibana-plugin-core-server.auditableevent.md) &gt; [message](./kibana-plugin-core-server.auditableevent.message.md)
+
+## AuditableEvent.message property
+
+<b>Signature:</b>
+
+```typescript
+message: string;
+```

docs/development/core/server/kibana-plugin-core-server.auditableevent.type.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [AuditableEvent](./kibana-plugin-core-server.auditableevent.md) &gt; [type](./kibana-plugin-core-server.auditableevent.type.md)
+
+## AuditableEvent.type property
+
+<b>Signature:</b>
+
+```typescript
+type: string;
+```

docs/development/core/server/kibana-plugin-core-server.auditor.add.md

@@ -0,0 +1,36 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [Auditor](./kibana-plugin-core-server.auditor.md) &gt; [add](./kibana-plugin-core-server.auditor.add.md)
+
+## Auditor.add() method
+
+Add a record to audit log. Service attaches to a log record: - metadata about an end-user initiating an operation - scope name, if presents
+
+<b>Signature:</b>
+
+```typescript
+add(event: AuditableEvent): void;
+```
+
+## Parameters
+
+| Parameter | Type | Description |
+| --- | --- | --- |
+| event | <code>AuditableEvent</code> | |
+
+<b>Returns:</b>
+
+`void`
+
+## Example
+
+How to add a record in audit log:
+
+```typescript
+router.get({ path: '/my_endpoint', validate: false }, async (context, request, response) => {
+ context.core.auditor.withAuditScope('my_plugin_operation');
+ const value = await context.core.elasticsearch.legacy.client.callAsCurrentUser('...');
+ context.core.add({ type: 'operation.type', message: 'perform an operation in ... endpoint' });
+
+```
+

docs/development/core/server/kibana-plugin-core-server.auditor.md

@@ -0,0 +1,21 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [Auditor](./kibana-plugin-core-server.auditor.md)
+
+## Auditor interface
+
+Provides methods to log user actions and access events.
+
+<b>Signature:</b>
+
+```typescript
+export interface Auditor 
+```
+
+## Methods
+
+| Method | Description |
+| --- | --- |
+| [add(event)](./kibana-plugin-core-server.auditor.add.md) | Add a record to audit log. Service attaches to a log record: - metadata about an end-user initiating an operation - scope name, if presents |
+| [withAuditScope(name)](./kibana-plugin-core-server.auditor.withauditscope.md) | Add a high-level scope name for logged events. It helps to identify the root cause of low-level events. |
+