Merge branch 'master' into alerting/webhook-basic-auth-optional

.eslintignore

@@ -11,7 +11,6 @@ bower_components
 /src/plugins/data/common/es_query/kuery/ast/_generated_/**
 /src/legacy/core_plugins/vis_type_timelion/public/_generated_/**
 src/legacy/core_plugins/vis_type_vislib/public/vislib/__tests__/lib/fixtures/mock_data
-/src/legacy/ui/public/angular-bootstrap
 /src/legacy/ui/public/flot-charts
 /test/fixtures/scenarios
 /src/legacy/core_plugins/console/public/webpackShims

.eslintrc.js

@@ -302,6 +302,8 @@ module.exports = {
                   'test/plugin_functional/plugins/**/public/np_ready/**/*',
                   'test/plugin_functional/plugins/**/server/np_ready/**/*',
                   'src/legacy/core_plugins/**/public/np_ready/**/*',
+                  'src/legacy/core_plugins/vis_type_*/public/**/*',
+                  '!src/legacy/core_plugins/vis_type_*/public/legacy*',
                   'src/legacy/core_plugins/**/server/np_ready/**/*',
                   'x-pack/legacy/plugins/**/public/np_ready/**/*',
                   'x-pack/legacy/plugins/**/server/np_ready/**/*',

docs/apm/troubleshooting.asciidoc

@@ -6,6 +6,7 @@ your proposed changes at https://github.com/elastic/kibana.
 
 Also check out the https://discuss.elastic.co/c/apm[APM discussion forum].
 
+[[no-apm-data-found]]
 ==== No APM data found
 
 This section can help with any of the following:
@@ -69,3 +70,41 @@ or because something is happening to the request that the Agent doesn't understa
 To resolve this, you'll need to head over to the relevant {apm-agents-ref}[Agent documentation].
 Specifically, view the Agent's supported technologies page.
 You can also use the Agent's public API to manually set a name for the transaction.
+
+==== Fields are not searchable
+
+In Elasticsearch, index patterns are used to define settings and mappings that determine how fields should be analyzed.
+The recommended index template file for APM Server is installed when Kibana starts.
+This template defines which fields are available in Kibana for features like the Kuery bar,
+or for linking to other plugins like Logs, Uptime, and Discover.
+
+As an example, some agents store cookie values in `http.request.cookies`.
+Since `http.request` has disabled dynamic indexing, and `http.request.cookies` is not declared in a custom mapping,
+the values in `http.request.cookies` are not indexed and thus not searchable.
+
+*Ensure an index pattern exists*
+As a first step, you should ensure the correct index pattern exists.
+In Kibana, navigate to *Management > Kibana > Index Patterns*.
+In the pattern list, you should see an apm index pattern; The default is `apm-*`.
+If you don't, the index pattern doesn't exist. See <<no-apm-data-found>> for information on how to fix this problem.
+
+Selecting the `apm-*` index pattern shows a listing of every field defined in the pattern.
+
+*Ensure a field is searchable*
+There are two things you can do to if you'd like to ensure a field is searchable:
+
+1. Index your additional data as {apm-overview-ref}/metadata.html[labels] instead.
+These are dynamic by default, which means they will be indexed and become searchable and aggregatable.
+
+2. Use the {apm-server-ref}/configuration-template.html[`append_fields`] feature. As an example,
+adding the following to `apm-server.yml` will enable dynamic indexing for `http.request.cookies`:
+
+[source,yml]
+----
+setup.template.enabled: true
+setup.template.overwrite: true
+setup.template.append_fields:
+  - name: http.request.cookies
+    type: object
+    dynamic: true
+----

docs/settings/alert-action-settings.asciidoc

@@ -0,0 +1,47 @@
+[role="xpack"]
+[[alert-action-settings-kb]]
+=== Alerting and action settings in Kibana
+++++
+<titleabbrev>Alerting and action settings</titleabbrev>
+++++
+
+Alerts and actions are enabled by default in {kib}, but require you configure the following in order to use them: 
+
+. <<using-kibana-with-security,Set up {kib} to work with {stack} {security-features}>>.
+. <<configuring-tls-kib-es,Set up TLS encryption between {kib} and {es}>>.
+. <<general-alert-action-settings,Specify a value for `xpack.encrypted_saved_objects.encryptionKey`>>.
+
+You can configure the following settings in the `kibana.yml` file.
+
+
+[float]
+[[general-alert-action-settings]]
+==== General settings
+
+`xpack.encrypted_saved_objects.encryptionKey`::
+
+A string of 32 or more characters used to encrypt sensitive properties on alerts and actions before they're stored in {es}. Third party credentials &mdash; such as the username and password used to connect to an SMTP service &mdash; are an example of encrypted properties.  
++
+If not set, {kib} will generate a random key on startup, but all alert and action functions will be blocked. Generated keys are not allowed for alerts and actions because when a new key is generated on restart, existing encrypted data becomes inaccessible. For the same reason, alerts and actions in high-availability deployments of {kib} will behave unexpectedly if the key isn't the same on all instances of {kib}.
++
+Although the key can be specified in clear text in `kibana.yml`, it's recommended to store this key securely in the <<secure-settings,{kib} Keystore>>.
+
+[float]
+[[alert-settings]]
+==== Action settings
+
+`xpack.actions.whitelistedHosts`::
+A list of hostnames that {kib} is allowed to connect to when built-in actions are triggered. It defaults to `[*]`, allowing any host, but keep in mind the potential for SSRF attacks when hosts are not explicitly whitelisted. An empty list `[]` can be used to block built-in actions from making any external connections.
++
+Note that hosts associated with built-in actions, such as Slack and PagerDuty, are not automatically whitelisted. If you are not using the default `[*]` setting, you must ensure that the corresponding endpoints are whitelisted as well.
+
+`xpack.actions.enabledActionTypes`::
+A list of action types that are enabled. It defaults to `[*]`, enabling all types. The names for built-in {kib} action types are prefixed with a `.` and include: `.server-log`, `.slack`, `.email`, `.index`, `.pagerduty`, and `.webhook`. An empty list `[]` will disable all action types.
++
+Disabled action types will not appear as an option when creating new connectors, but existing connectors and actions of that type will remain in {kib} and will not function.  
+
+[float]
+[[action-settings]]
+==== Alert settings
+
+You do not need to configure any additional settings to use alerting in {kib}.

docs/settings/settings-xkb.asciidoc

@@ -10,6 +10,7 @@ include::{asciidoc-dir}/../../shared/settings.asciidoc[]
 
 For more {kib} configuration settings, see <<settings>>.
 
+include::alert-action-settings.asciidoc[]
 include::apm-settings.asciidoc[]
 include::dev-settings.asciidoc[]
 include::graph-settings.asciidoc[]

docs/setup/settings.asciidoc

@@ -457,16 +457,7 @@ Rollup user interface.
 
 `i18n.locale`:: *Default: en* Set this value to change the Kibana interface language. Valid locales are: `en`, `zh-CN`, `ja-JP`.
 
-`xpack.actions.enabledActionTypes:`:: *Default: +[ {asterisk} ]+* Set this value
-to an array of action types that are enabled.  An element of `*` indicates all
-action types registered are enabled.  The action types provided by Kibana are:
-`.server-log`, `.slack`, `.email`, `.index`, `.pagerduty`, `.webhook`.
-
-`xpack.actions.whitelistedHosts:`:: *Default: +[ {asterisk} ]+* Set this value
-to an array of host names which actions such as email, slack, pagerduty, and
-webhook can connect to.  An element of `*` indicates any host can be connected
-to.  An empty array indicates no hosts can be connected to.
-
+include::{docdir}/settings/alert-action-settings.asciidoc[]
 include::{docdir}/settings/apm-settings.asciidoc[]
 include::{docdir}/settings/dev-settings.asciidoc[]
 include::{docdir}/settings/graph-settings.asciidoc[]

docs/user/security/authentication/index.asciidoc

@@ -12,6 +12,7 @@
 - <<pki-authentication>>
 - <<saml>>
 - <<oidc>>
+- <<kerberos>>
 
 [[basic-authentication]]
 ==== Basic authentication
@@ -214,3 +215,26 @@ leaked, it can't be re-used after logout. This is known as "local" logout.
 {kib} can also initiate a "global" logout or _Single Logout_ if it's supported by the external authentication provider and not
 explicitly disabled by {es}. In this case, the user is redirected to the external authentication provider for log out of
 all applications associated with the active provider session.
+
+[[kerberos]]
+==== Kerberos single sign-on
+
+As with the previous SSOs, make sure that you have configured {es} first accordingly. See {ref}/kerberos-realm.html[Kerberos authentication].
+
+Next, to enable Kerberos in {kib}, you will need to enable the Kerberos authentication provider in the `kibana.yml` configuration file, as follows:
+
+[source,yaml]
+-----------------------------------------------
+xpack.security.authc.providers: [kerberos]
+-----------------------------------------------
+
+You may want to be able to authenticate with the basic authentication provider as a secondary mechanism or while you are setting up Kerberos for the stack:
+
+[source,yaml]
+-----------------------------------------------
+xpack.security.authc.providers: [kerberos, basic]
+-----------------------------------------------
+
+As a reminder, the order is important as it determines the order in which each authentication provider is attempted.
+
+Kibana uses SPNEGO, which wraps the Kerberos protocol for use with HTTP, extending it to web applications. At the end of the Kerberos handshake, Kibana will forward the service ticket to Elasticsearch. Elasticsearch will unpack it and it will respond with an access and refresh token which are then used for subsequent authentication.

src/core/public/overlays/modal/modal_service.tsx

@@ -20,7 +20,7 @@
 /* eslint-disable max-classes-per-file */
 
 import { i18n as t } from '@kbn/i18n';
-import { EuiModal, EuiConfirmModal, EuiOverlayMask } from '@elastic/eui';
+import { EuiModal, EuiConfirmModal, EuiOverlayMask, EuiConfirmModalProps } from '@elastic/eui';
 import React from 'react';
 import { render, unmountComponentAtNode } from 'react-dom';
 import { Subject } from 'rxjs';
@@ -68,6 +68,7 @@ export interface OverlayModalConfirmOptions {
   className?: string;
   closeButtonAriaLabel?: string;
   'data-test-subj'?: string;
+  defaultFocusedButton?: EuiConfirmModalProps['defaultFocusedButton'];
 }
 
 /**

src/core/public/public.api.md

@@ -6,6 +6,7 @@
 
 import { Breadcrumb } from '@elastic/eui';
 import { EuiButtonEmptyProps } from '@elastic/eui';
+import { EuiConfirmModalProps } from '@elastic/eui';
 import { EuiGlobalToastListToast } from '@elastic/eui';
 import { ExclusiveUnion } from '@elastic/eui';
 import { IconType } from '@elastic/eui';

src/dev/precommit_hook/casing_check_config.js

@@ -88,7 +88,6 @@ export const IGNORE_DIRECTORY_GLOBS = [
   'src/babel-*',
   'packages/*',
   'packages/kbn-ui-framework/generator-kui',
-  'src/legacy/ui/public/angular-bootstrap',
   'src/legacy/ui/public/flot-charts',
   'src/legacy/ui/public/utils/lodash-mixins',
   'test/functional/fixtures/es_archiver/visualize_source-filters',
@@ -124,9 +123,6 @@ export const TEMPORARILY_IGNORED_PATHS = [
   'src/legacy/core_plugins/timelion/server/series_functions/__tests__/fixtures/tlConfig.js',
   'src/fixtures/config_upgrade_from_4.0.0_to_4.0.1-snapshot.json',
   'src/legacy/core_plugins/vis_type_vislib/public/vislib/__tests__/lib/fixtures/mock_data/terms/_seriesMultiple.js',
-  'src/legacy/ui/public/angular-bootstrap/bindHtml/bindHtml.js',
-  'src/legacy/ui/public/angular-bootstrap/tooltip/tooltip-html-unsafe-popup.html',
-  'src/legacy/ui/public/angular-bootstrap/tooltip/tooltip-popup.html',
   'src/legacy/ui/public/assets/favicons/android-chrome-192x192.png',
   'src/legacy/ui/public/assets/favicons/android-chrome-256x256.png',
   'src/legacy/ui/public/assets/favicons/android-chrome-512x512.png',

src/legacy/core_plugins/data/public/search/aggs/agg_config.ts

@@ -35,7 +35,7 @@ import { Schema } from './schemas';
 import {
   ISearchSource,
   FetchOptions,
-  fieldFormats,
+  FieldFormatsContentType,
   KBN_FIELD_TYPES,
 } from '../../../../../../plugins/data/public';
 
@@ -383,7 +383,7 @@ export class AggConfig {
     return this.aggConfigs.timeRange;
   }
 
-  fieldFormatter(contentType?: fieldFormats.ContentType, defaultFormat?: any) {
+  fieldFormatter(contentType?: FieldFormatsContentType, defaultFormat?: any) {
     const format = this.type && this.type.getFormat(this);
 
     if (format) {
@@ -393,7 +393,7 @@ export class AggConfig {
     return this.fieldOwnFormatter(contentType, defaultFormat);
   }
 
-  fieldOwnFormatter(contentType?: fieldFormats.ContentType, defaultFormat?: any) {
+  fieldOwnFormatter(contentType?: FieldFormatsContentType, defaultFormat?: any) {
     const fieldFormatsService = npStart.plugins.data.fieldFormats;
     const field = this.getField();
     let format = field && field.format;

src/legacy/core_plugins/data/public/search/aggs/agg_type.ts

@@ -29,7 +29,7 @@ import { BaseParamType } from './param_types/base';
 import { AggParamType } from './param_types/agg';
 import {
   KBN_FIELD_TYPES,
-  fieldFormats,
+  IFieldFormat,
   ISearchSource,
 } from '../../../../../../plugins/data/public';
 
@@ -58,7 +58,7 @@ export interface AggTypeConfig<
     inspectorAdapters: Adapters,
     abortSignal?: AbortSignal
   ) => Promise<any>;
-  getFormat?: (agg: TAggConfig) => fieldFormats.FieldFormat;
+  getFormat?: (agg: TAggConfig) => IFieldFormat;
   getValue?: (agg: TAggConfig, bucket: any) => any;
   getKey?: (bucket: any, key: any, agg: TAggConfig) => any;
 }
@@ -199,7 +199,7 @@ export class AggType<
    * @param  {agg} agg - the agg to pick a format for
    * @return {FieldFormat}
    */
-  getFormat: (agg: TAggConfig) => fieldFormats.FieldFormat;
+  getFormat: (agg: TAggConfig) => IFieldFormat;
 
   getValue: (agg: TAggConfig, bucket: any) => any;
 

src/legacy/core_plugins/data/public/search/aggs/buckets/create_filter/date_range.test.ts

@@ -19,7 +19,7 @@
 
 import moment from 'moment';
 import { createFilterDateRange } from './date_range';
-import { fieldFormats } from '../../../../../../../../plugins/data/public';
+import { fieldFormats, FieldFormatsGetConfigFn } from '../../../../../../../../plugins/data/public';
 import { AggConfigs } from '../../agg_configs';
 import { BUCKET_TYPES } from '../bucket_agg_types';
 import { IBucketAggConfig } from '../_bucket_agg_type';
@@ -28,7 +28,7 @@ jest.mock('ui/new_platform');
 
 describe('AggConfig Filters', () => {
   describe('Date range', () => {
-    const getConfig = (() => {}) as fieldFormats.GetConfigFn;
+    const getConfig = (() => {}) as FieldFormatsGetConfigFn;
     const getAggConfigs = () => {
       const field = {
         name: '@timestamp',

src/legacy/core_plugins/data/public/search/aggs/buckets/create_filter/histogram.test.ts

@@ -20,13 +20,13 @@ import { createFilterHistogram } from './histogram';
 import { AggConfigs } from '../../agg_configs';
 import { BUCKET_TYPES } from '../bucket_agg_types';
 import { IBucketAggConfig } from '../_bucket_agg_type';
-import { fieldFormats } from '../../../../../../../../plugins/data/public';
+import { fieldFormats, FieldFormatsGetConfigFn } from '../../../../../../../../plugins/data/public';
 
 jest.mock('ui/new_platform');
 
 describe('AggConfig Filters', () => {
   describe('histogram', () => {
-    const getConfig = (() => {}) as fieldFormats.GetConfigFn;
+    const getConfig = (() => {}) as FieldFormatsGetConfigFn;
     const getAggConfigs = () => {
       const field = {
         name: 'bytes',

src/legacy/core_plugins/data/public/search/aggs/buckets/create_filter/range.test.ts

@@ -18,7 +18,7 @@
  */
 
 import { createFilterRange } from './range';
-import { fieldFormats } from '../../../../../../../../plugins/data/public';
+import { fieldFormats, FieldFormatsGetConfigFn } from '../../../../../../../../plugins/data/public';
 import { AggConfigs } from '../../agg_configs';
 import { BUCKET_TYPES } from '../bucket_agg_types';
 import { IBucketAggConfig } from '../_bucket_agg_type';
@@ -27,7 +27,7 @@ jest.mock('ui/new_platform');
 
 describe('AggConfig Filters', () => {
   describe('range', () => {
-    const getConfig = (() => {}) as fieldFormats.GetConfigFn;
+    const getConfig = (() => {}) as FieldFormatsGetConfigFn;
     const getAggConfigs = () => {
       const field = {
         name: 'bytes',

src/legacy/core_plugins/data/public/search/aggs/buckets/range.test.ts

@@ -19,7 +19,7 @@
 
 import { AggConfigs } from '../agg_configs';
 import { BUCKET_TYPES } from './bucket_agg_types';
-import { fieldFormats } from '../../../../../../../plugins/data/public';
+import { FieldFormatsGetConfigFn, fieldFormats } from '../../../../../../../plugins/data/public';
 
 jest.mock('ui/new_platform');
 
@@ -44,7 +44,7 @@ const buckets = [
 ];
 
 describe('Range Agg', () => {
-  const getConfig = (() => {}) as fieldFormats.GetConfigFn;
+  const getConfig = (() => {}) as FieldFormatsGetConfigFn;
   const getAggConfigs = () => {
     const field = {
       name: 'bytes',

src/legacy/core_plugins/data/public/search/aggs/buckets/terms.ts

@@ -30,7 +30,8 @@ import { IAggConfigs } from '../agg_configs';
 import { Adapters } from '../../../../../../../plugins/inspector/public';
 import {
   ISearchSource,
-  fieldFormats,
+  IFieldFormat,
+  FieldFormatsContentType,
   KBN_FIELD_TYPES,
 } from '../../../../../../../plugins/data/public';
 
@@ -80,9 +81,9 @@ export const termsBucketAgg = new BucketAggType({
     const params = agg.params;
     return agg.getFieldDisplayName() + ': ' + params.order.text;
   },
-  getFormat(bucket): fieldFormats.FieldFormat {
+  getFormat(bucket): IFieldFormat {
     return {
-      getConverterFor: (type: fieldFormats.ContentType) => {
+      getConverterFor: (type: FieldFormatsContentType) => {
         return (val: any) => {
           if (val === '__other__') {
             return bucket.params.otherBucketLabel;
@@ -94,7 +95,7 @@ export const termsBucketAgg = new BucketAggType({
           return bucket.params.field.format.convert(val, type);
         };
       },
-    } as fieldFormats.FieldFormat;
+    } as IFieldFormat;
   },
   createFilter: createFilterTerms,
   postFlightRequest: async (