Merge branch '8.x' into upgrade_assistant/filter_kibana_deprecations_…

…by_status

.buildkite/ftr_security_stateful_configs.yml

@@ -104,4 +104,4 @@ enabled:
   - x-pack/test/cloud_security_posture_functional/config.agentless.ts
   - x-pack/test/cloud_security_posture_functional/data_views/config.ts
   - x-pack/test/automatic_import_api_integration/apis/config_basic.ts
-  - x-pack/test/automatic_import_api_integration/apis/config_graphs.ts
+  - x-pack/test/automatic_import_api_integration/apis/config_graphs.ts

.github/CODEOWNERS

@@ -1961,6 +1961,7 @@ x-pack/plugins/osquery @elastic/security-defend-workflows
 
 # Cloud Security Posture
 x-pack/packages/kbn-cloud-security-posture @elastic/kibana-cloud-security-posture
+<<<<<<< HEAD
 /x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.* @elastic/kibana-cloud-security-posture
 /x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture @elastic/kibana-cloud-security-posture
 /x-pack/test/api_integration/apis/cloud_security_posture/ @elastic/kibana-cloud-security-posture
@@ -1977,6 +1978,42 @@ x-pack/packages/kbn-cloud-security-posture @elastic/kibana-cloud-security-postur
 /x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture @elastic/kibana-cloud-security-posture
 /x-pack/test/security_solution_cypress/cypress/e2e/cloud_security_posture/misconfiguration_contextual_flyout.cy.ts @elastic/kibana-cloud-security-posture
 /x-pack/test/security_solution_cypress/cypress/e2e/cloud_security_posture/vulnerabilities_contextual_flyout.cy.ts @elastic/kibana-cloud-security-posture
+=======
+## Plugins
+x-pack/plugins/cloud_defend @elastic/kibana-cloud-security-posture
+x-pack/plugins/cloud_security_posture @elastic/kibana-cloud-security-posture
+x-pack/plugins/kubernetes_security @elastic/kibana-cloud-security-posture
+## Security Solution sub teams
+x-pack/solutions/security/plugins/security_solution/public/common/components/sessions_viewer @elastic/kibana-cloud-security-posture
+x-pack/solutions/security/plugins/security_solution/public/cloud_defend @elastic/kibana-cloud-security-posture
+x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture @elastic/kibana-cloud-security-posture
+x-pack/solutions/security/plugins/security_solution/public/kubernetes @elastic/kibana-cloud-security-posture
+x-pack/solutions/security/plugins/security_solution/server/lib/asset_inventory @elastic/kibana-cloud-security-posture
+
+## Fleet plugin (co-owned with Fleet team)
+x-pack/platform/plugins/shared/fleet/public/components/cloud_security_posture @elastic/fleet @elastic/kibana-cloud-security-posture
+x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/components/cloud_security_posture @elastic/fleet @elastic/kibana-cloud-security-posture
+x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.* @elastic/fleet @elastic/kibana-cloud-security-posture
+x-pack/platform/plugins/shared/fleet/public/applications/integrations/sections/epm/screens/detail/components/cloud_posture_third_party_support_callout.* @elastic/fleet @elastic/kibana-cloud-security-posture
+## Kubernetes Security tests
+x-pack/test/functional/es_archives/kubernetes_security @elastic/kibana-cloud-security-posture
+x-pack/test/kubernetes_security @elastic/kibana-cloud-security-posture
+## SessionView tests
+x-pack/test/functional/es_archives/session_view @elastic/kibana-cloud-security-posture
+x-pack/test/session_view @elastic/kibana-cloud-security-posture # Assigned per https://github.com/elastic/kibana/blob/main/api_docs/session_view.mdx#L18
+## CSP tests
+x-pack/test/api_integration/apis/cloud_security_posture/ @elastic/kibana-cloud-security-posture
+x-pack/test/cloud_security_posture_functional/ @elastic/kibana-cloud-security-posture
+x-pack/test/cloud_security_posture_api/ @elastic/kibana-cloud-security-posture
+## CSP Serverless tests
+x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.* @elastic/kibana-cloud-security-posture
+x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/ @elastic/kibana-cloud-security-posture
+x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/ @elastic/kibana-cloud-security-posture
+## CSP e2e tests
+x-pack/test/security_solution_cypress/cypress/e2e/cloud_security_posture/misconfiguration_contextual_flyout.cy.ts @elastic/kibana-cloud-security-posture
+x-pack/test/security_solution_cypress/cypress/e2e/cloud_security_posture/vulnerabilities_contextual_flyout.cy.ts @elastic/kibana-cloud-security-posture
+x-pack/test/security_solution_cypress/cypress/e2e/asset_inventory @elastic/kibana-cloud-security-posture
+>>>>>>> f5c9529e37e (Deprecate universal entity)
 
 # Security Solution onboarding tour
 /x-pack/solutions/security/plugins/security_solution/public/common/components/guided_onboarding @elastic/security-threat-hunting-explore

oas_docs/output/kibana.serverless.yaml

@@ -47985,7 +47985,6 @@ components:
         - user
         - host
         - service
-        - universal
       type: string
     Security_Entity_Analytics_API_HostEntity:
       type: object
@@ -48061,7 +48060,6 @@ components:
         - host.name
         - user.name
         - service.name
-        - related.entity
       type: string
     Security_Entity_Analytics_API_IndexPattern:
       type: string

oas_docs/output/kibana.yaml

@@ -36375,7 +36375,6 @@ components:
         - user
         - host
         - service
-        - universal
       type: string
     Security_Entity_Analytics_API_HostEntity:
       type: object
@@ -36451,7 +36450,6 @@ components:
         - host.name
         - user.name
         - service.name
-        - related.entity
       type: string
     Security_Entity_Analytics_API_IndexPattern:
       type: string

package.json

@@ -95,7 +95,7 @@
     "@storybook/react-docgen-typescript-plugin": "1.0.6--canary.9.cd77847.0",
     "@types/react": "~18.2.0",
     "@types/react-dom": "~18.2.0",
-    "@xstate5/react/**/xstate": "^5.18.1",
+    "@xstate5/react/**/xstate": "^5.19.2",
     "globby/fast-glob": "^3.3.2"
   },
   "dependencies": {
@@ -1077,7 +1077,7 @@
     "@turf/helpers": "6.0.1",
     "@turf/length": "^6.0.2",
     "@xstate/react": "^3.2.2",
-    "@xstate5/react": "npm:@xstate/react@^4.1.2",
+    "@xstate5/react": "npm:@xstate/react@^5.0.2",
     "@xyflow/react": "^12.4.1",
     "adm-zip": "^0.5.9",
     "ai": "^4.0.18",
@@ -1305,7 +1305,7 @@
     "whatwg-fetch": "^3.0.0",
     "xml2js": "^0.5.0",
     "xstate": "^4.38.2",
-    "xstate5": "npm:xstate@^5.18.1",
+    "xstate5": "npm:xstate@^5.19.2",
     "xterm": "^5.3.0",
     "yaml": "^2.5.1",
     "yauzl": "^2.10.0",

packages/kbn-scout/src/playwright/runner/run_tests.ts

@@ -8,6 +8,9 @@
  */
 
 import { resolve } from 'path';
+import { exec } from 'child_process';
+import { promisify } from 'util';
+const execPromise = promisify(exec);
 
 import { ToolingLog } from '@kbn/tooling-log';
 import { withProcRunner } from '@kbn/dev-proc-runner';
@@ -28,7 +31,21 @@ export async function runTests(log: ToolingLog, options: RunTestsOptions) {
   const playwrightGrepTag = getPlaywrightGrepTag(config);
   const playwrightConfigPath = options.configPath;
 
+  const cmd = resolve(REPO_ROOT, './node_modules/.bin/playwright');
+  const cmdArgs = ['test', `--config=${playwrightConfigPath}`, `--grep=${playwrightGrepTag}`];
+
   await withProcRunner(log, async (procs) => {
+    log.info(`scout: Validate Playwright config has tests`);
+    try {
+      // '--list' flag tells Playwright to collect all the tests, but do not run it
+      const result = await execPromise(`${cmd} ${cmdArgs.join(' ')} --list`);
+      const lastLine = result.stdout.trim().split('\n').pop();
+      log.info(`scout: ${lastLine}`);
+    } catch (err) {
+      log.error(`scout: No tests found in [${playwrightConfigPath}]`);
+      process.exit(2); // code "2" means no tests found
+    }
+
     const abortCtrl = new AbortController();
 
     const onEarlyExit = (msg: string) => {
@@ -60,13 +77,8 @@ export async function runTests(log: ToolingLog, options: RunTestsOptions) {
 
       // Running 'npx playwright test --config=${playwrightConfigPath}'
       await procs.run(`playwright`, {
-        cmd: resolve(REPO_ROOT, './node_modules/.bin/playwright'),
-        args: [
-          'test',
-          `--config=${playwrightConfigPath}`,
-          `--grep=${playwrightGrepTag}`,
-          ...(options.headed ? ['--headed'] : []),
-        ],
+        cmd,
+        args: [...cmdArgs, ...(options.headed ? ['--headed'] : [])],
         cwd: resolve(REPO_ROOT),
         env: {
           ...process.env,

src/platform/packages/private/kbn-esql-editor/src/esql_editor.tsx

@@ -249,9 +249,9 @@ export const ESQLEditor = memo(function ESQLEditor({
 
   const showSuggestionsIfEmptyQuery = useCallback(() => {
     if (editorModel.current?.getValueLength() === 0) {
-      setImmediate(() => {
+      setTimeout(() => {
         editor1.current?.trigger(undefined, 'editor.action.triggerSuggest', {});
-      });
+      }, 0);
     }
   }, []);
 

src/platform/packages/shared/kbn-doc-links/src/get_doc_links.ts

@@ -512,6 +512,9 @@ export const getDocLinks = ({ kibanaBranch, buildFlavor }: GetDocLinkOptions): D
       privileges: `${SECURITY_SOLUTION_DOCS}endpoint-management-req.html`,
       manageDetectionRules: `${SECURITY_SOLUTION_DOCS}rules-ui-management.html`,
       createDetectionRules: `${SECURITY_SOLUTION_DOCS}rules-ui-create.html`,
+      updatePrebuiltDetectionRules: isServerless
+        ? `${SERVERLESS_DOCS}security-prebuilt-rules-management.html#update-prebuilt-rules`
+        : `${SECURITY_SOLUTION_DOCS}prebuilt-rules-management.html#update-prebuilt-rules`,
       createEsqlRuleType: `${SECURITY_SOLUTION_DOCS}rules-ui-create.html#create-esql-rule`,
       ruleUiAdvancedParams: `${SECURITY_SOLUTION_DOCS}rules-ui-create.html#rule-ui-advanced-params`,
       entityAnalytics: {

src/platform/packages/shared/kbn-doc-links/src/types.ts

@@ -375,6 +375,7 @@ export interface DocLinks {
     readonly privileges: string;
     readonly manageDetectionRules: string;
     readonly createDetectionRules: string;
+    readonly updatePrebuiltDetectionRules: string;
     readonly createEsqlRuleType: string;
     readonly ruleUiAdvancedParams: string;
     readonly entityAnalytics: {

src/platform/packages/shared/kbn-esql-validation-autocomplete/README.md

@@ -335,7 +335,7 @@ They look like this
 testSuggestions('from a | eval a = 1 year /', [
   ',',
   '| ',
-  ...getFunctionSignaturesByReturnType('eval', 'any', { builtin: true, skipAssign: true }, [
+  ...getFunctionSignaturesByReturnType('eval', 'any', { operators: true, skipAssign: true }, [
     'time_interval',
   ]),
 ]);

src/platform/packages/shared/kbn-esql-validation-autocomplete/index.ts

@@ -68,7 +68,7 @@ export {
 } from './src/shared/helpers';
 export { ENRICH_MODES } from './src/definitions/settings';
 export { timeUnits } from './src/definitions/literals';
-export { aggregationFunctionDefinitions } from './src/definitions/generated/aggregation_functions';
+export { aggFunctionDefinitions } from './src/definitions/generated/aggregation_functions';
 export { getFunctionSignatures } from './src/definitions/helpers';
 
 export {

src/platform/packages/shared/kbn-esql-validation-autocomplete/scripts/generate_function_definitions.ts

@@ -17,6 +17,7 @@ import {
   FunctionParameterType,
   FunctionReturnType,
   Signature,
+  FunctionDefinitionTypes,
 } from '../src/definitions/types';
 import { FULL_TEXT_SEARCH_FUNCTIONS } from '../src/shared/constants';
 const aliasTable: Record<string, string[]> = {
@@ -91,7 +92,7 @@ const excludedFunctions = new Set(['case']);
 
 const extraFunctions: FunctionDefinition[] = [
   {
-    type: 'scalar',
+    type: FunctionDefinitionTypes.SCALAR,
     name: 'case',
     description:
       'Accepts pairs of conditions and values. The function returns the value that belongs to the first condition that evaluates to `true`. If the number of arguments is odd, the last argument is the default value which is returned when no condition matches.',
@@ -286,6 +287,12 @@ const functionEnrichments: Record<string, RecursivePartial<FunctionDefinition>>
   count: {
     signatures: [{ params: [{ supportsWildcard: true }] }],
   },
+  qstr: {
+    customParametersSnippet: `"""$0"""`,
+  },
+  kql: {
+    customParametersSnippet: `"""$0"""`,
+  },
 };
 
 const convertDateTime = (s: string) => (s === 'datetime' ? 'date' : s);
@@ -301,7 +308,7 @@ function getFunctionDefinition(ESFunctionDefinition: Record<string, any>): Funct
     FunctionDefinition,
     'supportedCommands' | 'supportedOptions'
   > =
-    ESFunctionDefinition.type === 'scalar'
+    ESFunctionDefinition.type === FunctionDefinitionTypes.SCALAR
       ? scalarSupportedCommandsAndOptions
       : aggregationSupportedCommandsAndOptions;
 
@@ -330,7 +337,7 @@ function getFunctionDefinition(ESFunctionDefinition: Record<string, any>): Funct
           description: undefined,
           ...(FULL_TEXT_SEARCH_FUNCTIONS.includes(ESFunctionDefinition.name)
             ? // Default to false. If set to true, this parameter does not accept a function or literal, only fields.
-              idx === 0
+              param.name === 'field'
               ? { fieldsOnly: true }
               : { constantOnly: true }
             : {}),
@@ -759,8 +766,7 @@ const enrichOperators = (
       // so we are overriding to add proper support
       supportedCommands,
       supportedOptions,
-      // @TODO: change to operator type
-      type: 'builtin' as const,
+      type: FunctionDefinitionTypes.OPERATOR,
       validate: validators[op.name],
       ...(isNotOperator ? { ignoreAsSuggestion: true } : {}),
     };
@@ -769,7 +775,7 @@ const enrichOperators = (
 
 function printGeneratedFunctionsFile(
   functionDefinitions: FunctionDefinition[],
-  functionsType: 'aggregation' | 'scalar' | 'operators' | 'grouping'
+  functionsType: FunctionDefinitionTypes
 ) {
   /**
    * Deals with asciidoc internal cross-references in the function descriptions
@@ -811,7 +817,8 @@ function printGeneratedFunctionsFile(
     functionDefinition: FunctionDefinition,
     functionNames: string[]
   ) => {
-    const { type, name, description, alias, signatures, operator } = functionDefinition;
+    const { type, name, description, alias, signatures, operator, customParametersSnippet } =
+      functionDefinition;
 
     let functionName = operator?.toLowerCase() ?? name.toLowerCase();
     if (functionName.includes('not')) {
@@ -822,7 +829,7 @@ function printGeneratedFunctionsFile(
     }
     return `// Do not edit this manually... generated by scripts/generate_function_definitions.ts
     const ${getDefinitionName(name)}: FunctionDefinition = {
-    type: '${type}',
+    type: FunctionDefinitionTypes.${type.toUpperCase()},
     name: '${functionName}',
     description: i18n.translate('kbn-esql-validation-autocomplete.esql.definitions.${name}', { defaultMessage: ${JSON.stringify(
       removeAsciiDocInternalCrossReferences(removeInlineAsciiDocLinks(description), functionNames)
@@ -833,7 +840,11 @@ function printGeneratedFunctionsFile(
     supportedCommands: ${JSON.stringify(functionDefinition.supportedCommands)},
     supportedOptions: ${JSON.stringify(functionDefinition.supportedOptions)},
     validate: ${functionDefinition.validate || 'undefined'},
-    examples: ${JSON.stringify(functionDefinition.examples || [])},
+    examples: ${JSON.stringify(functionDefinition.examples || [])},${
+      customParametersSnippet
+        ? `\ncustomParametersSnippet: ${JSON.stringify(customParametersSnippet)},`
+        : ''
+    }
 }`;
   };
 
@@ -857,14 +868,18 @@ function printGeneratedFunctionsFile(
  */
 
 import { i18n } from '@kbn/i18n';
-import type { FunctionDefinition } from '../types';
+import { type FunctionDefinition, FunctionDefinitionTypes } from '../types';
 ${
-  functionsType === 'scalar'
+  functionsType === FunctionDefinitionTypes.SCALAR
     ? `import type { ESQLFunction } from '@kbn/esql-ast';
 import { isLiteralItem } from '../../shared/helpers';`
     : ''
 }
-${functionsType === 'operators' ? `import { isNumericType } from '../../shared/esql_types';` : ''}
+${
+  functionsType === FunctionDefinitionTypes.OPERATOR
+    ? `import { isNumericType } from '../../shared/esql_types';`
+    : ''
+}
 
 
 
@@ -917,17 +932,20 @@ ${functionsType === 'operators' ? `import { isNumericType } from '../../shared/e
     const isLikeOperator = functionDefinition.name.toLowerCase().includes('like');
 
     if (functionDefinition.name.toLowerCase() === 'match') {
-      scalarFunctionDefinitions.push({ ...functionDefinition, type: 'scalar' });
+      scalarFunctionDefinitions.push({
+        ...functionDefinition,
+        type: FunctionDefinitionTypes.SCALAR,
+      });
       continue;
     }
-    if (functionDefinition.type === 'operator' || isLikeOperator) {
+    if (functionDefinition.type === FunctionDefinitionTypes.OPERATOR || isLikeOperator) {
       operatorDefinitions.push(functionDefinition);
     }
-    if (functionDefinition.type === 'scalar' && !isLikeOperator) {
+    if (functionDefinition.type === FunctionDefinitionTypes.SCALAR && !isLikeOperator) {
       scalarFunctionDefinitions.push(functionDefinition);
-    } else if (functionDefinition.type === 'agg') {
+    } else if (functionDefinition.type === FunctionDefinitionTypes.AGG) {
       aggFunctionDefinitions.push(functionDefinition);
-    } else if (functionDefinition.type === 'grouping') {
+    } else if (functionDefinition.type === FunctionDefinitionTypes.GROUPING) {
       groupingFunctionDefinitions.push(functionDefinition);
     }
   }
@@ -936,18 +954,24 @@ ${functionsType === 'operators' ? `import { isNumericType } from '../../shared/e
 
   await writeFile(
     join(__dirname, '../src/definitions/generated/scalar_functions.ts'),
-    printGeneratedFunctionsFile(scalarFunctionDefinitions, 'scalar')
+    printGeneratedFunctionsFile(scalarFunctionDefinitions, FunctionDefinitionTypes.SCALAR)
   );
   await writeFile(
     join(__dirname, '../src/definitions/generated/aggregation_functions.ts'),
-    printGeneratedFunctionsFile(aggFunctionDefinitions, 'aggregation')
+    printGeneratedFunctionsFile(aggFunctionDefinitions, FunctionDefinitionTypes.AGG)
   );
   await writeFile(
     join(__dirname, '../src/definitions/generated/operators.ts'),
-    printGeneratedFunctionsFile(enrichOperators(operatorDefinitions), 'operators')
+    printGeneratedFunctionsFile(
+      enrichOperators(operatorDefinitions),
+      FunctionDefinitionTypes.OPERATOR
+    )
   );
   await writeFile(
     join(__dirname, '../src/definitions/generated/grouping_functions.ts'),
-    printGeneratedFunctionsFile(enrichGrouping(groupingFunctionDefinitions), 'grouping')
+    printGeneratedFunctionsFile(
+      enrichGrouping(groupingFunctionDefinitions),
+      FunctionDefinitionTypes.GROUPING
+    )
   );
 })();