Merge branch 'main' into remove_text_layer

.buildkite/pipelines/on_merge.yml

@@ -10,8 +10,6 @@ steps:
 
   - command: .buildkite/scripts/steps/on_merge_build_and_metrics.sh
     label: Default Build and Metrics
-    env:
-      BAZEL_CACHE_MODE: read-write
     agents:
       queue: c2-8
     timeout_in_minutes: 60

.github/workflows/add-to-apm-project.yml

@@ -6,11 +6,11 @@ on:
 jobs:
   add_to_project:
     runs-on: ubuntu-latest
+    if: |
+      github.event.label.name == 'Team:apm'
     steps:
       - uses: octokit/graphql-action@v2.x
         id: add_to_project
-        if: |
-          github.event.label.name == 'Team:apm'
         with:
           headers: '{"GraphQL-Features": "projects_next_graphql"}'
           query: |
@@ -26,3 +26,22 @@ jobs:
         env:
           PROJECT_ID: "PN_kwDOAGc3Zs0VSg"
           GITHUB_TOKEN: ${{ secrets.APM_TECH_KIBANA_USER_TOKEN }}
+      - uses: octokit/graphql-action@v2.x
+        id: label_team
+        with:
+          headers: '{"GraphQL-Features": "projects_next_graphql"}'
+          query: |
+            mutation label_team($projectid:String!,$itemid:String!,$fieldid:String!,$value:String!) {
+              updateProjectNextItemField(input: { projectId:$projectid itemId:$itemid fieldId:$fieldid value:$value }) {
+                projectNextItem {
+                  id
+                }
+              }
+            }
+          projectid: ${{ env.PROJECT_ID }}
+          itemid: ${{ fromJSON(steps.add_to_project.outputs.data).addProjectNextItem.projectNextItem.id }}
+          fieldid: "MDE2OlByb2plY3ROZXh0RmllbGQ0NDE0Ng=="
+          value: "c33f5c54"
+        env:
+          PROJECT_ID: "PN_kwDOAGc3Zs0VSg"
+          GITHUB_TOKEN: ${{ secrets.APM_TECH_KIBANA_USER_TOKEN }}

docs/developer/plugin-list.asciidoc

@@ -393,7 +393,7 @@ adds dynamic actions to every embeddables state, in order to support drilldowns.
 
 |{kib-repo}blob/{branch}/x-pack/plugins/encrypted_saved_objects/README.md[encryptedSavedObjects]
 |The purpose of this plugin is to provide a way to encrypt/decrypt attributes on the custom Saved Objects that works with
-security and spaces filtering as well as performing audit logging.
+security and spaces filtering.
 
 
 |{kib-repo}blob/{branch}/x-pack/plugins/enterprise_search/README.md[enterpriseSearch]

docs/management/connectors/action-types/servicenow-sir.asciidoc

@@ -37,7 +37,7 @@ Use the <<action-settings, Action configuration settings>> to customize connecto
    actionTypeId: .servicenow-sir
    config:
      apiUrl: https://example.service-now.com/
-     isLegacy: false
+     usesTableApi: false
    secrets:
      username: testuser
      password: passwordkeystorevalue
@@ -46,9 +46,9 @@ Use the <<action-settings, Action configuration settings>> to customize connecto
 Config defines information for the connector type.
 
 `apiUrl`:: An address that corresponds to *URL*.
-`isLegacy`:: A boolean that indicates if the connector should use the Table API (legacy) or the Import Set API.
+`usesTableApi`:: A boolean that indicates if the connector uses the Table API or the Import Set API.
 
-Note: If `isLegacy` is set to false the Elastic application should be installed in ServiceNow.
+Note: If `usesTableApi` is set to false the Elastic application should be installed in ServiceNow.
 
 Secrets defines sensitive information for the connector type.
 

docs/management/connectors/action-types/servicenow.asciidoc

@@ -37,7 +37,7 @@ Use the <<action-settings, Action configuration settings>> to customize connecto
    actionTypeId: .servicenow
    config:
      apiUrl: https://example.service-now.com/
-     isLegacy: false
+     usesTableApi: false
    secrets:
      username: testuser
      password: passwordkeystorevalue
@@ -46,9 +46,9 @@ Use the <<action-settings, Action configuration settings>> to customize connecto
 Config defines information for the connector type.
 
 `apiUrl`:: An address that corresponds to *URL*.
-`isLegacy`:: A boolean that indicates if the connector should use the Table API (legacy) or the Import Set API.
+`usesTableApi`:: A boolean that indicates if the connector uses the Table API or the Import Set API.
 
-Note: If `isLegacy` is set to false the Elastic application should be installed in ServiceNow.
+Note: If `usesTableApi` is set to false the Elastic application should be installed in ServiceNow.
 
 Secrets defines sensitive information for the connector type.
 

docs/settings/security-settings.asciidoc

@@ -324,52 +324,32 @@ For more details and a reference of audit events, refer to <<xpack-security-audi
 [cols="2*<"]
 |======
 | `xpack.security.audit.enabled` {ess-icon}
-| Set to `true` _and_ configure an appender with `xpack.security.audit.appender` to enable ECS audit logging`. *Default:* `false`
+| Set to `true` to enable audit logging`. *Default:* `false`
 
 2+a| For example:
 [source,yaml]
 ----------------------------------------
 xpack.security.audit.enabled: true
-xpack.security.audit.appender:
+xpack.security.audit.appender: <1>
   type: rolling-file
-  fileName: ./audit.log
+  fileName: ./data/audit.log
   policy:
     type: time-interval
-    interval: 24h <1>
+    interval: 24h <2>
   strategy:
     type: numeric
-    max: 10 <2>
+    max: 10 <3>
   layout:
     type: json
 ----------------------------------------
-<1> Rotates log files every 24 hours.
-<2> Keeps maximum of 10 log files before deleting older ones.
+<1> This appender is the default and will be used if no `appender.*` config options are specified.
+<2> Rotates log files every 24 hours.
+<3> Keeps maximum of 10 log files before deleting older ones.
 
-[NOTE]
-============
-{ess} does not support custom log file policies. To enable audit logging on {ess} only specify:
-
-[source,yaml]
-----------------------------------------
-xpack.security.audit.enabled: true
-xpack.security.audit.appender.type: rolling-file
-----------------------------------------
-============
-
-[NOTE]
-============
-deprecated:[7.15.0,"In 8.0 and later, the legacy audit logger will be removed, and this setting will enable the ECS audit logger with a default appender."] To enable the legacy audit logger only specify:
-
-[source,yaml]
-----------------------------------------
-xpack.security.audit.enabled: true
-----------------------------------------
-============
-
-| `xpack.security.audit.appender` {ess-icon}
-| Optional. Specifies where audit logs should be written to and how they should be formatted.
+| `xpack.security.audit.appender`
+| Optional. Specifies where audit logs should be written to and how they should be formatted. If no appender is specified, a default appender will be used (see above).
 
-| `xpack.security.audit.appender.type` {ess-icon}
+| `xpack.security.audit.appender.type`
 | Required. Specifies where audit logs should be written to. Allowed values are `console`, `file`, or `rolling-file`. 
 
 Refer to <<audit-logging-file-appender>> and <<audit-logging-rolling-file-appender>> for appender specific settings.

docs/user/security/audit-logging.asciidoc

@@ -12,46 +12,15 @@ model for authentication, data index authorization, and features that are driven
 by cluster-wide privileges. For more information on enabling audit logging in
 {es}, refer to {ref}/auditing.html[Auditing security events].
 
-[IMPORTANT]
-============================================================================
-Kibana offers two audit logs: a **deprecated** legacy audit logger, and a new
-ECS-compliant audit logger. We strongly advise using the <<xpack-security-ecs-audit-logging, ECS audit logger>>,
-as the legacy audit logger will be removed in an upcoming version.
-============================================================================
-
 [NOTE]
 ============================================================================
 Audit logs are **disabled** by default. To enable this functionality, you must
-set `xpack.security.audit.enabled` to `true` in `kibana.yml`, and configure
+set `xpack.security.audit.enabled` to `true` in `kibana.yml`, and optionally configure
 an <<audit-logging-settings, appender>> to write the audit log to a location of your choosing.
 ============================================================================
 
-The legacy audit logger uses the standard {kib} logging output,
-which can be configured in `kibana.yml`. For more information, refer to <<settings>>.
-The <<xpack-security-ecs-audit-logging, ECS audit logger>> uses a separate logger and can be configured using
-the options in <<audit-logging-settings>>. 
-
-==== Legacy audit event types
-
-When you are auditing security events, each request can generate multiple audit
-events. The following is a list of the events that can be generated:
-
-|======
-| `saved_objects_authorization_success`    | Logged when a user is authorized to access a saved
-                                             objects when using a role with <<kibana-privileges>>
-| `saved_objects_authorization_failure`    | Logged when a user isn't authorized to access a saved
-                                             objects when using a role with <<kibana-privileges>>
-|======
-
 [[xpack-security-ecs-audit-logging]]
-==== ECS audit events
-
-[IMPORTANT]
-============================================================================
-The following events are only logged if the ECS audit logger is enabled.
-For information on how to configure `xpack.security.audit.appender`, refer to
-<<audit-logging-settings>>.
-============================================================================
+==== Audit events
 
 Refer to the table of events that can be logged for auditing purposes. 
 
@@ -81,6 +50,9 @@ Refer to the corresponding {es} logs for potential write errors.
 | `success` | User has logged in successfully.
 | `failure` | Failed login attempt (e.g. due to invalid credentials).
 
+| `access_agreement_acknowledged`
+| N/A | User has acknowledged the access agreement.
+
 3+a|
 ===== Category: database
 ====== Type: creation
@@ -255,7 +227,7 @@ Refer to the corresponding {es} logs for potential write errors.
 
 
 [[xpack-security-ecs-audit-schema]]
-==== ECS audit schema
+==== Audit schema
 
 Audit logs are written in JSON using https://www.elastic.co/guide/en/ecs/1.6/index.html[Elastic Common Schema (ECS)] specification.
 

packages/kbn-optimizer/BUILD.bazel

@@ -32,6 +32,7 @@ NPM_MODULE_EXTRA_FILES = [
 
 RUNTIME_DEPS = [
   "//packages/kbn-config",
+  "//packages/kbn-config-schema",
   "//packages/kbn-dev-utils",
   "//packages/kbn-std",
   "//packages/kbn-ui-shared-deps-npm",
@@ -62,6 +63,7 @@ RUNTIME_DEPS = [
 
 TYPES_DEPS = [
   "//packages/kbn-config",
+  "//packages/kbn-config-schema",
   "//packages/kbn-dev-utils",
   "//packages/kbn-std",
   "//packages/kbn-ui-shared-deps-npm",

packages/kbn-optimizer/src/babel_runtime_helpers/find_babel_runtime_helpers_in_entry_bundles.ts

@@ -0,0 +1,52 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import Path from 'path';
+
+import { run, REPO_ROOT } from '@kbn/dev-utils';
+
+import { OptimizerConfig } from '../optimizer';
+import { parseStats, inAnyEntryChunk } from './parse_stats';
+
+export async function runFindBabelHelpersInEntryBundlesCli() {
+  run(async ({ log }) => {
+    const config = OptimizerConfig.create({
+      includeCoreBundle: true,
+      repoRoot: REPO_ROOT,
+    });
+
+    const paths = config.bundles.map((b) => Path.resolve(b.outputDir, 'stats.json'));
+
+    log.info('analyzing', paths.length, 'stats files');
+    log.verbose(paths);
+
+    const imports = new Set();
+    for (const path of paths) {
+      const stats = parseStats(path);
+
+      for (const module of stats.modules) {
+        if (!inAnyEntryChunk(stats, module)) {
+          continue;
+        }
+
+        for (const { userRequest } of module.reasons) {
+          if (userRequest.startsWith('@babel/runtime/')) {
+            imports.add(userRequest);
+          }
+        }
+      }
+    }
+
+    log.success('found', imports.size, '@babel/register imports in entry bundles');
+    log.write(
+      Array.from(imports, (i) => `'${i}',`)
+        .sort()
+        .join('\n')
+    );
+  });
+}

packages/kbn-optimizer/src/babel_runtime_helpers/index.ts

@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+export * from './find_babel_runtime_helpers_in_entry_bundles';

packages/kbn-optimizer/src/babel_runtime_helpers/parse_stats.ts

@@ -0,0 +1,79 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import Fs from 'fs';
+
+import dedent from 'dedent';
+import { schema, Props, TypeOf } from '@kbn/config-schema';
+
+const partialObject = <P extends Props>(props: P) => {
+  return schema.object(props, {
+    unknowns: 'ignore',
+  });
+};
+
+export type Module = TypeOf<typeof moduleSchema>;
+const moduleSchema = partialObject({
+  identifier: schema.string(),
+  chunks: schema.arrayOf(schema.oneOf([schema.string(), schema.number()])),
+  reasons: schema.arrayOf(
+    partialObject({
+      userRequest: schema.string(),
+    })
+  ),
+});
+
+export type Chunk = TypeOf<typeof chunkSchema>;
+const chunkSchema = partialObject({
+  id: schema.oneOf([schema.string(), schema.number()]),
+  entry: schema.boolean(),
+  initial: schema.boolean(),
+});
+
+const statsSchema = partialObject({
+  chunks: schema.arrayOf(chunkSchema),
+  modules: schema.arrayOf(moduleSchema),
+});
+
+export interface Stats {
+  path: string;
+  modules: Module[];
+  chunks: Chunk[];
+}
+export function parseStats(path: string): Stats {
+  try {
+    return {
+      path,
+      ...statsSchema.validate(JSON.parse(Fs.readFileSync(path, 'utf-8'))),
+    };
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      throw new Error(dedent`
+        unable to find stats file at [${path}]. Make sure you run the following
+        before running this script:
+
+          node scripts/build_kibana_platform_plugins --dist --profile
+      `);
+    }
+
+    throw error;
+  }
+}
+
+export function inAnyEntryChunk(stats: Stats, module: Module): boolean {
+  return module.chunks.some((id) => {
+    const chunk = stats.chunks.find((c) => c.id === id);
+    if (!chunk) {
+      throw new Error(
+        `unable to find chunk ${id} for module ${module.identifier} in ${stats.path}`
+      );
+    }
+
+    return chunk.entry || chunk.initial;
+  });
+}

packages/kbn-optimizer/src/index.ts

@@ -14,3 +14,4 @@ export * from './node';
 export * from './limits';
 export * from './cli';
 export * from './report_optimizer_timings';
+export * from './babel_runtime_helpers';