Merge remote-tracking branch 'upstream/main' into session-view-updated

docs/api/cases.asciidoc

@@ -6,9 +6,8 @@ these APIs:
 
 * {security-guide}/cases-api-add-comment.html[Add comment]
 * <<cases-api-create>>
-* {security-guide}/cases-api-delete-case.html[Delete case]
-* {security-guide}/cases-api-delete-all-comments.html[Delete all comments]
-* {security-guide}/cases-api-delete-comment.html[Delete comment]
+* <<cases-api-delete-cases>>
+* <<cases-api-delete-comments>>
 * {security-guide}/cases-api-find-alert.html[Find all alerts attached to a case]
 * <<cases-api-find-cases>>
 * {security-guide}/cases-api-find-cases-by-alert.html[Find cases by alert]
@@ -29,8 +28,11 @@ these APIs:
 
 //CREATE
 include::cases/cases-api-create.asciidoc[leveloffset=+1]
+//DELETE
+include::cases/cases-api-delete-cases.asciidoc[leveloffset=+1]
+include::cases/cases-api-delete-comments.asciidoc[leveloffset=+1]
 //FIND
 include::cases/cases-api-find-cases.asciidoc[leveloffset=+1]
 include::cases/cases-api-find-connectors.asciidoc[leveloffset=+1]
 //UPDATE
-include::cases/cases-api-update.asciidoc[leveloffset=+1]
+include::cases/cases-api-update.asciidoc[leveloffset=+1]

docs/api/cases/cases-api-delete-cases.asciidoc

@@ -0,0 +1,52 @@
+[[cases-api-delete-cases]]
+== Delete cases API
+++++
+<titleabbrev>Delete cases</titleabbrev>
+++++
+
+Deletes one or more cases.
+
+=== Request
+
+`DELETE <kibana host>:<port>/api/cases?ids=["<case ID1>","<case ID2>"]`
+
+`DELETE <kibana host>:<port>/s/<space_id>/api/cases?ids=["<case ID1>","<case ID2>"]`
+
+=== Prerequisite
+
+You must have `all` privileges for the *Cases* feature in the *Management*,
+*{observability}*, or *Security* section of the
+<<kibana-feature-privileges,{kib} feature privileges>>, depending on the
+`owner` of the cases you're deleting.
+
+=== Path parameters
+
+`<space_id>`::
+(Optional, string) An identifier for the space. If it is not specified, the
+default space is used.
+
+=== Query parameters
+
+`ids`::
+(Required, string) The cases that you want to remove. To retrieve case IDs, use
+<<cases-api-find-cases>>.
++
+NOTE: All non-ASCII characters must be URL encoded.
+
+==== Response code
+
+`204`::
+   Indicates a successful call.
+
+=== Example
+
+Delete cases with these IDs:
+
+* `2e3a54f0-6754-11ea-a1c2-e3a8bc9f7aca`
+* `40b9a450-66a0-11ea-be1b-2bd3fef48984`
+
+[source,console]
+--------------------------------------------------
+DELETE api/cases?ids=%5B%222e3a54f0-6754-11ea-a1c2-e3a8bc9f7aca%22%2C%2240b9a450-66a0-11ea-be1b-2bd3fef48984%22%5D
+--------------------------------------------------
+// KIBANA

docs/api/cases/cases-api-delete-comments.asciidoc

@@ -0,0 +1,63 @@
+[[cases-api-delete-comments]]
+== Delete comments from case API
+++++
+<titleabbrev>Delete comments</titleabbrev>
+++++
+
+Deletes one or all comments from a case.
+
+=== Request
+
+`DELETE <kibana host>:<port>/api/cases/<case_id>/comments`
+
+`DELETE <kibana host>:<port>/api/cases/<case_id>/comments/<comment_id>`
+
+`DELETE <kibana host>:<port>/s/<space_id>/api/cases/<case_id>/comments`
+
+`DELETE <kibana host>:<port>/s/<space_id>/api/cases/<case_id>/comments/<comment_id>`
+
+=== Prerequisite
+
+You must have `all` privileges for the *Cases* feature in the *Management*,
+*{observability}*, or *Security* section of the
+<<kibana-feature-privileges,{kib} feature privileges>>, depending on the
+`owner` of the cases you're updating.
+
+=== Path parameters
+
+`<case_id>`::
+(Required, string) The identifier for the case. To retrieve case IDs, use
+<<cases-api-find-cases>>.
+
+`<comment_id>`::
+(Optional, string) The identifier for the comment.
+//To retrieve comment IDs, use <<cases-api-get-all-case-comments>>. 
+If it is not specified, all comments are deleted.
+
+<space_id>::
+(Optional, string) An identifier for the space. If it is not specified, the
+default space is used.
+
+=== Response code
+
+`204`::
+   Indicates a successful call.
+
+=== Example
+
+Delete all comments from case ID `9c235210-6834-11ea-a78c-6ffb38a34414`:
+
+[source,console]
+--------------------------------------------------
+DELETE api/cases/a18b38a0-71b0-11ea-a0b2-c51ea50a58e2/comments
+--------------------------------------------------
+// KIBANA
+
+Delete comment ID `71ec1870-725b-11ea-a0b2-c51ea50a58e2` from case ID
+`a18b38a0-71b0-11ea-a0b2-c51ea50a58e2`:
+
+[source,sh]
+--------------------------------------------------
+DELETE api/cases/a18b38a0-71b0-11ea-a0b2-c51ea50a58e2/comments/71ec1870-725b-11ea-a0b2-c51ea50a58e2
+--------------------------------------------------
+// KIBANA

docs/developer/plugin-list.asciidoc

@@ -432,7 +432,7 @@ security and spaces filtering.
 
 |{kib-repo}blob/{branch}/x-pack/plugins/event_log/README.md[eventLog]
 |The event log plugin provides a persistent history of alerting and action
-actitivies.
+activities.
 
 
 |{kib-repo}blob/{branch}/x-pack/plugins/features/README.md[features]

docs/user/security/audit-logging.asciidoc

@@ -155,6 +155,15 @@ Refer to the corresponding {es} logs for potential write errors.
 | `unknown` | User is updating an alert.
 | `failure` | User is not authorized to update an alert.
 
+.2+| `rule_snooze`
+| `unknown` | User is snoozing a rule.
+| `failure` | User is not authorized to snooze a rule.
+
+.2+| `rule_unsnooze`
+| `unknown` | User is unsnoozing a rule.
+| `failure` | User is not authorized to unsnooze a rule.
+
+
 3+a|
 ====== Type: deletion
 

package.json

@@ -108,7 +108,7 @@
     "@elastic/charts": "45.0.1",
     "@elastic/datemath": "link:bazel-bin/packages/elastic-datemath",
     "@elastic/elasticsearch": "npm:@elastic/[email protected]",
-    "@elastic/ems-client": "8.1.0",
+    "@elastic/ems-client": "8.2.0",
     "@elastic/eui": "51.1.0",
     "@elastic/filesaver": "1.1.2",
     "@elastic/node-crypto": "1.2.1",
@@ -849,7 +849,7 @@
     "mochawesome-merge": "^4.2.1",
     "mock-fs": "^5.1.2",
     "mock-http-server": "1.3.0",
-    "ms-chromium-edge-driver": "^0.4.3",
+    "ms-chromium-edge-driver": "^0.5.1",
     "multimatch": "^4.0.0",
     "mutation-observer": "^1.0.3",
     "ncp": "^2.0.0",

packages/kbn-es-query/src/index.ts

@@ -104,6 +104,7 @@ export {
   nodeBuilder,
   nodeTypes,
   toElasticsearchQuery,
+  escapeKuery,
 } from './kuery';
 
 export {

packages/kbn-es-query/src/kuery/index.ts

@@ -23,5 +23,6 @@ export const toElasticsearchQuery = (...params: Parameters<typeof astToElasticse
 export { KQLSyntaxError } from './kuery_syntax_error';
 export { nodeTypes, nodeBuilder } from './node_types';
 export { fromKueryExpression } from './ast';
+export { escapeKuery } from './utils';
 export type { FunctionTypeBuildNode, NodeTypes } from './node_types';
 export type { DslQuery, KueryNode, KueryQueryOptions, KueryParseOptions } from './types';

packages/kbn-es-query/src/kuery/utils/escape_kuery.test.ts

@@ -0,0 +1,60 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { escapeKuery } from './escape_kuery';
+
+describe('escapeKuery', () => {
+  test('should escape special characters', () => {
+    const value = `This \\ has (a lot of) <special> characters, don't you *think*? "Yes."`;
+    const expected = `This \\\\ has \\(a lot of\\) \\<special\\> characters, don't you \\*think\\*? \\"Yes.\\"`;
+
+    expect(escapeKuery(value)).toBe(expected);
+  });
+
+  test('should escape keywords', () => {
+    const value = 'foo and bar or baz not qux';
+    const expected = 'foo \\and bar \\or baz \\not qux';
+
+    expect(escapeKuery(value)).toBe(expected);
+  });
+
+  test('should escape keywords next to each other', () => {
+    const value = 'foo and bar or not baz';
+    const expected = 'foo \\and bar \\or \\not baz';
+
+    expect(escapeKuery(value)).toBe(expected);
+  });
+
+  test('should not escape keywords without surrounding spaces', () => {
+    const value = 'And this has keywords, or does it not?';
+    const expected = 'And this has keywords, \\or does it not?';
+
+    expect(escapeKuery(value)).toBe(expected);
+  });
+
+  test('should escape uppercase keywords', () => {
+    const value = 'foo AND bar';
+    const expected = 'foo \\AND bar';
+
+    expect(escapeKuery(value)).toBe(expected);
+  });
+
+  test('should escape both keywords and special characters', () => {
+    const value = 'Hello, world, and <nice> to meet you!';
+    const expected = 'Hello, world, \\and \\<nice\\> to meet you!';
+
+    expect(escapeKuery(value)).toBe(expected);
+  });
+
+  test('should escape newlines and tabs', () => {
+    const value = 'This\nhas\tnewlines\r\nwith\ttabs';
+    const expected = 'This\\nhas\\tnewlines\\r\\nwith\\ttabs';
+
+    expect(escapeKuery(value)).toBe(expected);
+  });
+});

packages/kbn-es-query/src/kuery/utils/escape_kuery.ts

@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { flow } from 'lodash';
+
+/**
+ * Escapes a Kuery node value to ensure that special characters, operators, and whitespace do not result in a parsing error or unintended
+ * behavior when using the value as an argument for the `buildNode` function.
+ */
+export const escapeKuery = flow(escapeSpecialCharacters, escapeAndOr, escapeNot, escapeWhitespace);
+
+// See the SpecialCharacter rule in kuery.peg
+function escapeSpecialCharacters(str: string) {
+  return str.replace(/[\\():<>"*]/g, '\\$&'); // $& means the whole matched string
+}
+
+// See the Keyword rule in kuery.peg
+function escapeAndOr(str: string) {
+  return str.replace(/(\s+)(and|or)(\s+)/gi, '$1\\$2$3');
+}
+
+function escapeNot(str: string) {
+  return str.replace(/not(\s+)/gi, '\\$&');
+}
+
+// See the Space rule in kuery.peg
+function escapeWhitespace(str: string) {
+  return str.replace(/\t/g, '\\t').replace(/\r/g, '\\r').replace(/\n/g, '\\n');
+}

packages/kbn-es-query/src/kuery/utils/index.ts

@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+export { escapeKuery } from './escape_kuery';

packages/kbn-shared-ux-components/src/index.ts

@@ -94,3 +94,20 @@ export const LazyIconButtonGroup = React.lazy(() =>
  * The IconButtonGroup component that is wrapped by the `withSuspence` HOC.
  */
 export const IconButtonGroup = withSuspense(LazyIconButtonGroup);
+
+/**
+ * The Lazily-loaded `KibanaSolutionAvatar` component.  Consumers should use `React.Suspense` or
+ * the withSuspense` HOC to load this component.
+ */
+export const KibanaSolutionAvatarLazy = React.lazy(() =>
+  import('./solution_avatar').then(({ KibanaSolutionAvatar }) => ({
+    default: KibanaSolutionAvatar,
+  }))
+);
+
+/**
+ * A `KibanaSolutionAvatar` component that is wrapped by the `withSuspense` HOC. This component can
+ * be used directly by consumers and will load the `KibanaPageTemplateSolutionNavAvatarLazy` component lazily with
+ * a predefined fallback and error boundary.
+ */
+export const KibanaSolutionAvatar = withSuspense(KibanaSolutionAvatarLazy);

packages/kbn-shared-ux-components/src/redirect_app_links/index.ts

@@ -9,7 +9,6 @@
 
 import { RedirectAppLinks } from './redirect_app_links';
 export type { RedirectAppLinksProps } from './redirect_app_links';
-
 export { RedirectAppLinks } from './redirect_app_links';
 
 /**

packages/kbn-shared-ux-components/src/solution_avatar/index.tsx

@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+export { KibanaSolutionAvatar } from './solution_avatar';

packages/kbn-shared-ux-components/src/solution_avatar/solution_avatar.scss

@@ -0,0 +1,14 @@
+.kbnSolutionAvatar {
+  @include euiBottomShadowSmall;
+
+  &--xxl {
+    @include euiBottomShadowMedium;
+    @include size(100px);
+    line-height: 100px;
+    border-radius: 100px;
+    display: inline-block;
+    background: $euiColorEmptyShade url('/assets/texture.svg') no-repeat;
+    background-size: cover, 125%;
+    text-align: center;
+  }
+}