Merge branch 'main' into expressions/forks

.buildkite/scripts/steps/checks.sh

@@ -6,6 +6,7 @@ export DISABLE_BOOTSTRAP_VALIDATION=false
 .buildkite/scripts/bootstrap.sh
 
 .buildkite/scripts/steps/checks/commit/commit.sh
+.buildkite/scripts/steps/checks/bazel_packages.sh
 .buildkite/scripts/steps/checks/telemetry.sh
 .buildkite/scripts/steps/checks/ts_projects.sh
 .buildkite/scripts/steps/checks/jest_configs.sh

.buildkite/scripts/steps/checks/bazel_packages.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+source .buildkite/scripts/common/util.sh
+
+echo --- Check Bazel Packages Manifest
+node scripts/generate packages_build_manifest --validate

.github/CODEOWNERS

@@ -219,6 +219,7 @@
 /packages/kbn-optimizer/ @elastic/kibana-operations
 /packages/kbn-pm/ @elastic/kibana-operations
 /packages/kbn-test/ @elastic/kibana-operations
+/packages/kbn-type-summarizer/ @elastic/kibana-operations
 /packages/kbn-ui-shared-deps-npm/ @elastic/kibana-operations
 /packages/kbn-ui-shared-deps-src/ @elastic/kibana-operations
 /packages/kbn-bazel-packages/ @elastic/kibana-operations

docs/setup/configuring-reporting.asciidoc

@@ -6,7 +6,16 @@
 <titleabbrev>Configure reporting</titleabbrev>
 ++++
 
-To enable users to manually and automatically generate reports, install the reporting packages, grant users access to the {report-features}, and secure the reporting endpoints.
+For security, you grant users access to the {report-features} and secure the reporting endpoints
+with TLS/SSL encryption. Additionally, you can install graphical packages into the operating system
+to enable the {kib} server to have screenshotting capabilities.
+
+* <<install-reporting-packages>>
+* <<grant-user-access>>
+* <<reporting-roles-user-api>>
+* <<grant-user-access-basic>>
+* <<grant-user-access-external-provider>>
+* <<securing-reporting>>
 
 [float]
 [[install-reporting-packages]]
@@ -32,7 +41,7 @@ If you are using Ubuntu/Debian systems, install the following packages:
 * `libfontconfig1`
 * `libnss3`
 
-If the system is missing dependencies, *Reporting* fails in a non-deterministic way. {kib} runs a self-test at server startup, and
+If the system is missing dependencies, a screenshot report job may fail in a non-deterministic way. {kib} runs a self-test at server startup, and
 if it encounters errors, logs them in the Console. The error message does not include
 information about why Chromium failed to run. The most common error message is `Error: connect ECONNREFUSED`, which indicates
 that {kib} could not connect to the Chromium process.
@@ -53,7 +62,7 @@ xpack.reporting.roles.enabled: false
 +
 NOTE: If you use the default settings, you can still create a custom role that grants reporting privileges. The default role is `reporting_user`. This behavior is being deprecated and does not allow application-level access controls for {report-features}, and does not allow API keys or authentication tokens to authorize report generation. Refer to <<reporting-advanced-settings, reporting security settings>> for information and caveats about the deprecated access control features.
 
-. Create the reporting role. 
+. Create the reporting role.
 
 .. Open the main menu, then click *Stack Management*.
 
@@ -77,14 +86,13 @@ For more information, refer to {ref}/security-privileges.html[Security privilege
 
 .. Click *Customize*, then click *Analytics*.
 
-.. Next each application listed, click *All* or click *Read*. You will need to enable the *Customize sub-feature
-privileges* checkbox to grant reporting privileges if you select *Read*.
+.. For each application, select *All*, or to customize the privileges, select *Read* and *Customize sub-feature privileges*.
 +
-If you’ve followed the example above, you should end up on a screen defining your customized privileges that looks like this:
+NOTE: If you have a Basic license, sub-feature privileges are unavailable. For details, check out <<grant-user-access-basic>>.
 [role="screenshot"]
-image::user/reporting/images/kibana-privileges-with-reporting.png["Kibana privileges with Reporting options"]
+image::user/reporting/images/kibana-privileges-with-reporting.png["Kibana privileges with Reporting options, Gold or higher license"]
 +
-NOTE: If *Reporting* options for application features are not available, contact your administrator, or <<reporting-advanced-settings,check that xpack.reporting.roles.enabled is set to false in kibana.yml>>. 
+NOTE: If the *Reporting* options for application features are unavailable, and the cluster license is higher than Basic, contact your administrator, or <<reporting-advanced-settings,check that `xpack.reporting.roles.enabled` is set to `false` in kibana.yml>>.
 
 .. Click *Add {kib} privilege*.
 
@@ -94,7 +102,7 @@ NOTE: If *Reporting* options for application features are not available, contact
 
 .. Open the main menu, then click *Stack Management*.
 
-.. Click *Users*, then click the user you want to assign the reporting role to. 
+.. Click *Users*, then click the user you want to assign the reporting role to.
 
 .. From the *Roles* dropdown, select *custom_reporting_user*.
 
@@ -105,29 +113,43 @@ Granting the privilege to generate reports also grants the user the privilege to
 [float]
 [[reporting-roles-user-api]]
 ==== Grant access with the role API
-With <<grant-user-access, {kib} application privileges>> enabled in Reporting, you can also use the {ref}/security-api-put-role.html[role API] to grant access to the {report-features}. Grant custom reporting roles to users in combination with other roles that grant read access to the data in {es}, and at least read access in the applications where users can generate reports.
+With <<grant-user-access, {kib} application privileges>> enabled in Reporting, you can also use the {ref}/security-api-put-role.html[role API] to grant access to the {report-features}, using *All* privileges, or sub-feature privileges.
 
-[source, sh]
+NOTE: If you have a Basic license, sub-feature privileges are unavailable. For details, check out the API command to grant *All* privileges in <<grant-user-access-basic>>.
+
+Grant users custom Reporting roles, other roles that grant read access to the data in {es}, and at least read access in the applications where users can generate reports.
+
+[source, json]
 ---------------------------------------------------------------
-POST /_security/role/custom_reporting_user
+PUT localhost:5601/api/security/role/custom_reporting_user
 {
-  metadata: {},
-  elasticsearch: { cluster: [], indices: [], run_as: [] },
-  kibana: [
+  "elasticsearch": { "cluster": [], "indices": [], "run_as": [] },
+  "kibana": [
     {
-      base: [],
-      feature: {
-        dashboard: [
-          'generate_report', <1>
-          'download_csv_report' <2>
+      "base": [],
+      "feature": {
+        "dashboard": [
+          "minimal_read",
+          "generate_report", <1>
+          "download_csv_report" <2>
+        ],
+        "discover": [
+          "minimal_read",
+          "generate_report" <3>
+        ],
+        "canvas": [
+          "minimal_read",
+          "generate_report" <4>
         ],
-        discover: ['generate_report'], <3>
-        canvas: ['generate_report'], <4>
-        visualize: ['generate_report'], <5>
+        "visualize": [
+          "minimal_read",
+          "generate_report" <5>
+        ]
       },
-      spaces: ['*'],
+      "spaces": [ "*" ]
     }
-  ]
+  ],
+  "metadata": {} // optional
 }
 ---------------------------------------------------------------
 // CONSOLE
@@ -139,6 +161,41 @@ POST /_security/role/custom_reporting_user
 <5> Grants access to generate PNG and PDF reports in *Visualize Library*.
 
 [float]
+[[grant-user-access-basic]]
+=== Grant users access with a Basic license
+
+With a Basic license, you can grant users access with custom roles to {report-features} with <<kibana-privileges, {kib} application privileges>>. However, with a Basic license, sub-feature privileges are unavailable. <<grant-user-access,Create a role>>, then select *All* privileges for the applications where users can create reports.
+
+[role="screenshot"]
+image::user/reporting/images/kibana-privileges-with-reporting-basic.png["Kibana privileges with Reporting options, Basic license"]
+
+With a Basic license, sub-feature application privileges are unavailable, but you can use the {ref}/security-api-put-role.html[role API] to grant access to CSV {report-features}:
+
+[source, sh]
+---------------------------------------------------------------
+PUT localhost:5601/api/security/role/custom_reporting_user
+{
+  "elasticsearch": { "cluster": [], "indices": [], "run_as": [] },
+  "kibana": [
+    {
+      "base": [],
+      "feature": {
+        "dashboard": [ "all" ], <1>
+        "discover": [ "all" ], <2>
+      },
+      "spaces": [ "*" ]
+    }
+  ],
+  "metadata": {} // optional
+}
+---------------------------------------------------------------
+// CONSOLE
+
+<1> Grants access to generate CSV reports from saved searches in *Discover*.
+<2> Grants access to download CSV reports from saved search panels in *Dashboard*.
+
+[float]
+[[grant-user-access-external-provider]]
 ==== Grant access using an external provider
 
 If you are using an external identity provider, such as LDAP or Active Directory, you can assign roles to individual users or groups of users. Role mappings are configured in {ref}/mapping-roles.html[`config/role_mapping.yml`].

docs/user/reporting/reporting-troubleshooting.asciidoc

@@ -1,6 +1,7 @@
 [role="xpack"]
 [[reporting-troubleshooting]]
 == Reporting troubleshooting
+
 ++++
 <titleabbrev>Troubleshooting</titleabbrev>
 ++++

examples/embeddable_examples/public/list_container/list_container_component.tsx

@@ -15,6 +15,7 @@ import {
   ContainerInput,
   ContainerOutput,
   EmbeddableStart,
+  EmbeddableChildPanel,
 } from '../../../../src/plugins/embeddable/public';
 
 interface Props {
@@ -31,7 +32,6 @@ function renderList(
 ) {
   let number = 0;
   const list = Object.values(panels).map((panel) => {
-    const child = embeddable.getChild(panel.explicitInput.id);
     number++;
     return (
       <EuiPanel key={number.toString()}>
@@ -42,7 +42,11 @@ function renderList(
             </EuiText>
           </EuiFlexItem>
           <EuiFlexItem>
-            <embeddableServices.EmbeddablePanel embeddable={child} />
+            <EmbeddableChildPanel
+              PanelComponent={embeddableServices.EmbeddablePanel}
+              embeddableId={panel.explicitInput.id}
+              container={embeddable}
+            />
           </EuiFlexItem>
         </EuiFlexGroup>
       </EuiPanel>

package.json

@@ -108,7 +108,7 @@
     "@elastic/charts": "43.1.1",
     "@elastic/datemath": "link:bazel-bin/packages/elastic-datemath",
     "@elastic/elasticsearch": "npm:@elastic/[email protected]",
-    "@elastic/ems-client": "8.0.0",
+    "@elastic/ems-client": "8.1.0",
     "@elastic/eui": "48.1.1",
     "@elastic/filesaver": "1.1.2",
     "@elastic/node-crypto": "1.2.1",
@@ -233,7 +233,7 @@
     "deep-freeze-strict": "^1.1.1",
     "deepmerge": "^4.2.2",
     "del": "^5.1.0",
-    "elastic-apm-node": "^3.29.0",
+    "elastic-apm-node": "^3.30.0",
     "execa": "^4.0.2",
     "exit-hook": "^2.2.0",
     "expiry-js": "0.1.7",
@@ -650,7 +650,7 @@
     "@types/nock": "^10.0.3",
     "@types/node": "16.10.2",
     "@types/node-fetch": "^2.6.0",
-    "@types/node-forge": "^1.0.0",
+    "@types/node-forge": "^1.0.1",
     "@types/nodemailer": "^6.4.0",
     "@types/normalize-path": "^3.0.0",
     "@types/object-hash": "^1.3.0",

packages/BUILD.bazel

@@ -1,6 +1,7 @@
 ################
 ################
-## This file is automatically generated, to create a new package use `node scripts/generate package --help`
+## This file is automatically generated, to create a new package use `node scripts/generate package --help` or run
+## `node scripts/generate packages_build_manifest` to regenerate it from the current state of the repo
 ################
 ################
 

packages/kbn-bazel-packages/BUILD.bazel

@@ -40,6 +40,7 @@ RUNTIME_DEPS = [
   "//packages/kbn-utils",
   "//packages/kbn-std",
   "@npm//globby",
+  "@npm//normalize-path",
 ]
 
 # In this array place dependencies necessary to build the types, which will include the
@@ -55,7 +56,9 @@ RUNTIME_DEPS = [
 TYPES_DEPS = [
   "//packages/kbn-utils:npm_module_types",
   "//packages/kbn-std:npm_module_types",
+  "@npm//@types/normalize-path",
   "@npm//globby",
+  "@npm//normalize-path",
 ]
 
 jsts_transpiler(

packages/kbn-bazel-packages/src/bazel_package.test.ts

@@ -15,24 +15,34 @@ const OWN_BAZEL_BUILD_FILE = Fs.readFileSync(Path.resolve(__dirname, '../BUILD.b
 
 describe('hasBuildRule()', () => {
   it('returns true if there is a rule with the name "build"', () => {
-    const pkg = new BazelPackage('foo', {}, OWN_BAZEL_BUILD_FILE);
+    const pkg = new BazelPackage('foo', { name: 'foo' }, OWN_BAZEL_BUILD_FILE);
     expect(pkg.hasBuildRule()).toBe(true);
   });
 
   it('returns false if there is no rule with name "build"', () => {
-    const pkg = new BazelPackage('foo', {}, ``);
+    const pkg = new BazelPackage('foo', { name: 'foo' }, ``);
+    expect(pkg.hasBuildRule()).toBe(false);
+  });
+
+  it('returns false if there is no BUILD.bazel file', () => {
+    const pkg = new BazelPackage('foo', { name: 'foo' });
     expect(pkg.hasBuildRule()).toBe(false);
   });
 });
 
 describe('hasBuildTypesRule()', () => {
   it('returns true if there is a rule with the name "build_types"', () => {
-    const pkg = new BazelPackage('foo', {}, OWN_BAZEL_BUILD_FILE);
+    const pkg = new BazelPackage('foo', { name: 'foo' }, OWN_BAZEL_BUILD_FILE);
     expect(pkg.hasBuildTypesRule()).toBe(true);
   });
 
   it('returns false if there is no rule with name "build_types"', () => {
-    const pkg = new BazelPackage('foo', {}, ``);
+    const pkg = new BazelPackage('foo', { name: 'foo' }, ``);
+    expect(pkg.hasBuildTypesRule()).toBe(false);
+  });
+
+  it('returns false if there is no BUILD.bazel file', () => {
+    const pkg = new BazelPackage('foo', { name: 'foo' });
     expect(pkg.hasBuildTypesRule()).toBe(false);
   });
 });