Merge branch 'main' into infra-ui-fix-lazy-public-imports

.bazelrc.common

@@ -132,6 +132,9 @@ coverage --instrument_test_targets
 # Metadata settings
 build --workspace_status_command="node ./src/dev/bazel_workspace_status.js"
 
+# Load remote cache settings, if they exist
+try-import %workspace%/.bazelrc.cache
+
 # Load any settings specific to the current user.
 # .bazelrc.user should appear in .gitignore so that settings are not shared with team members
 # This needs to be last statement in this

.buildkite/scripts/common/env.sh

@@ -22,6 +22,9 @@ KIBANA_PKG_BRANCH="$(jq -r .branch "$KIBANA_DIR/package.json")"
 export KIBANA_PKG_BRANCH
 export KIBANA_BASE_BRANCH="$KIBANA_PKG_BRANCH"
 
+KIBANA_PKG_VERSION="$(jq -r .version "$KIBANA_DIR/package.json")"
+export KIBANA_PKG_VERSION
+
 export GECKODRIVER_CDNURL="https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache"
 export CHROMEDRIVER_CDNURL="https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache"
 export RE2_DOWNLOAD_MIRROR="https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache"

.buildkite/scripts/lifecycle/pre_command.sh

@@ -92,6 +92,15 @@ export KIBANA_DOCKER_USERNAME
 KIBANA_DOCKER_PASSWORD="$(retry 5 5 vault read -field=password secret/kibana-issues/dev/container-registry)"
 export KIBANA_DOCKER_PASSWORD
 
+SYNTHETICS_SERVICE_USERNAME="$(retry 5 5 vault read -field=username secret/kibana-issues/dev/kibana-ci-synthetics-credentials)"
+export SYNTHETICS_SERVICE_USERNAME
+
+SYNTHETICS_SERVICE_PASSWORD="$(retry 5 5 vault read -field=password secret/kibana-issues/dev/kibana-ci-synthetics-credentials)"
+export SYNTHETICS_SERVICE_PASSWORD
+
+SYNTHETICS_SERVICE_MANIFEST="$(retry 5 5 vault read -field=manifest secret/kibana-issues/dev/kibana-ci-synthetics-credentials)"
+export SYNTHETICS_SERVICE_MANIFEST
+
 # Setup Failed Test Reporter Elasticsearch credentials
 {
   TEST_FAILURES_ES_CLOUD_ID=$(retry 5 5 vault read -field=cloud_id secret/kibana-issues/dev/failed_tests_reporter_es)

.buildkite/scripts/steps/package_testing/build.sh

@@ -4,9 +4,10 @@ set -euo pipefail
 
 .buildkite/scripts/bootstrap.sh
 
-echo "--- Build Kibana Distribution"
 node scripts/build --all-platforms --debug --skip-docker-cloud --skip-docker-ubi --skip-docker-contexts
 
+DOCKER_FILE="kibana-$KIBANA_PKG_VERSION-SNAPSHOT-docker-image.tar.gz"
+
 cd target
-buildkite-agent artifact upload "./*-docker-image.tar.gz;./*.deb;./*.rpm"
+buildkite-agent artifact upload "./$DOCKER_FILE;./*.deb;./*.rpm"
 cd ..

.buildkite/scripts/steps/package_testing/test.sh

@@ -15,7 +15,7 @@ elif [[ "$TEST_PACKAGE" == "rpm" ]]; then
   buildkite-agent artifact download 'kibana-*.rpm' . --build "${KIBANA_BUILD_ID:-$BUILDKITE_BUILD_ID}"
   KIBANA_IP_ADDRESS="192.168.50.6"
 elif [[ "$TEST_PACKAGE" == "docker" ]]; then
-  buildkite-agent artifact download 'kibana-*-docker-image.tar.gz' . --build "${KIBANA_BUILD_ID:-$BUILDKITE_BUILD_ID}"
+  buildkite-agent artifact download "kibana-$KIBANA_PKG_VERSION-SNAPSHOT-docker-image.tar.gz" . --build "${KIBANA_BUILD_ID:-$BUILDKITE_BUILD_ID}"
   KIBANA_IP_ADDRESS="192.168.50.7"
 fi
 cd ..

.gitignore

@@ -87,8 +87,9 @@ report.asciidoc
 /bazel
 /bazel-*
 .bazelrc.user
+.bazelrc.cache
 
 elastic-agent-*
 fleet-server-*
 elastic-agent.yml
-fleet-server.yml
+fleet-server.yml

docs/apm/troubleshooting.asciidoc

@@ -47,37 +47,14 @@ This section can help with any of the following:
 There are a number of factors that could be at play here.
 One important thing to double-check first is your index template.
 
-*Index template*
-An APM index template must exist for the APM app to work correctly.
-By default, this index template is created by APM Server on startup.
-However, this only happens if `setup.template.enabled` is `true` in `apm-server.yml`.
-You can create the index template manually by running `apm-server setup`.
+*Index templates*
+For the APM app to work correctly, an index template must exist for each APM data stream.
+By default, {fleet} sets up APM index templates when the APM integration is installed.
 Take note that index templates *cannot* be applied retroactively -- they are only applied at index creation time.
 More information is available in {apm-guide-ref}/apm-server-configuration.html[Set up and configure].
 
-You can check for the existence of an APM index template using the
-{ref}/indices-get-template.html[Get index template API].
-If you're using the default index naming pattern, that request would be:
-
-[source,js]
---------------------------------------------------
-GET /_template/apm-{version}
---------------------------------------------------
-// CONSOLE
-
-*Using Logstash, Kafka, etc.*
-If you're not outputting data directly from APM Server to Elasticsearch (perhaps you're using Logstash or Kafka),
-then the index template will not be set up automatically. Instead, you'll need to
-{apm-guide-ref}/apm-server-template.html[load the template manually].
-
-*Using a custom index names*
-This problem can also occur if you've customized the index name that you write APM data to.
-If you change the default, you must also configure the `setup.template.name` and `setup.template.pattern` options.
-See {apm-guide-ref}/configuration-template.html[Load the Elasticsearch index template].
-If the Elasticsearch index template has already been successfully loaded to the index,
-you can customize the indices that the APM app uses to display data.
-Navigate to *APM* > *Settings* > *Indices*, and change all `xpack.apm.indices.*` values to
-include the new index pattern. For example: `customIndexName-*`.
+You can check for the existence of APM index templates in Kibana.
+Go to **Stack Management** > **Index Management** > **Index Templates** and search for `apm`.
 
 [float]
 [[troubleshooting-too-many-transactions]]
@@ -164,39 +141,34 @@ You can also use the Agent's public API to manually set a name for the transacti
 === Fields are not searchable
 
 In Elasticsearch, index templates are used to define settings and mappings that determine how fields should be analyzed.
-The recommended index template file for APM Server is installed by the APM Server packages.
-This template, by default, enables and disables indexing on certain fields.
+The recommended index templates for APM are installed by {fleet} when the Elastic APM integration is installed.
+These templates, by default, enable and disable indexing on certain fields.
 
 As an example, some agents store cookie values in `http.request.cookies`.
 Since `http.request` has disabled dynamic indexing, and `http.request.cookies` is not declared in a custom mapping,
 the values in `http.request.cookies` are not indexed and thus not searchable.
 
-*Ensure an index pattern exists*
-As a first step, you should ensure the correct index pattern exists.
-Open the main menu, then click *Stack Management > Index Patterns*.
-In the pattern list, you should see an apm index pattern; The default is `apm-*`.
-If you don't, the index pattern doesn't exist. See <<no-apm-data-found>> for information on how to fix this problem.
+*Ensure an APM data view exists*
+As a first step, you should ensure the correct data view exists.
+In {kib}, go to *Stack Management* > *Data views*.
+You should see the APM data view--the default is
+`traces-apm*,apm-*,logs-apm*,apm-*,metrics-apm*,apm-*`.
+If you don't, the data view doesn't exist.
+To fix this, navigate to the APM app in {kib} and select *Add data*.
+In the APM tutorial, click *Load Kibana objects* to create the APM data view.
 
-Selecting the `apm-*` index pattern shows a listing of every field defined in the pattern.
+If creating an APM data view doesn't solve the problem,
+see <<no-apm-data-found>> for further troubleshooting.
 
 *Ensure a field is searchable*
 There are two things you can do to if you'd like to ensure a field is searchable:
 
 1. Index your additional data as {apm-guide-ref}/metadata.html[labels] instead.
 These are dynamic by default, which means they will be indexed and become searchable and aggregatable.
 
-2. Use the `append_fields` feature. As an example,
-adding the following to `apm-server.yml` will enable dynamic indexing for `http.request.cookies`:
-
-[source,yml]
-----
-setup.template.enabled: true
-setup.template.overwrite: true
-setup.template.append_fields:
-  - name: http.request.cookies
-    type: object
-    dynamic: true
-----
+2. Create a custom mapping for the field.
+// link will be added in a later PR.
+// docs will be added in https://github.com/elastic/apm-server/pull/6940
 
 [float]
 [[service-map-rum-connections]]

docs/development/core/public/kibana-plugin-core-public.doclinksstart.links.md

@@ -147,6 +147,7 @@ readonly links: {
             readonly significant_terms: string;
             readonly terms: string;
             readonly terms_doc_count_error: string;
+            readonly rare_terms: string;
             readonly avg: string;
             readonly avg_bucket: string;
             readonly max_bucket: string;

docs/development/core/server/kibana-plugin-core-server.elasticsearchservicesetup.md

@@ -16,4 +16,5 @@ export interface ElasticsearchServiceSetup
 |  Property | Type | Description |
 |  --- | --- | --- |
 |  [legacy](./kibana-plugin-core-server.elasticsearchservicesetup.legacy.md) | { readonly config$: Observable<ElasticsearchConfig>; } |  |
+|  [setUnauthorizedErrorHandler](./kibana-plugin-core-server.elasticsearchservicesetup.setunauthorizederrorhandler.md) | (handler: UnauthorizedErrorHandler) =&gt; void | Register a handler that will be called when unauthorized (401) errors are returned from any API call to elasticsearch performed on behalf of a user via a [scoped cluster client](./kibana-plugin-core-server.iscopedclusterclient.md)<!-- -->. |
 

docs/development/core/server/kibana-plugin-core-server.elasticsearchservicesetup.setunauthorizederrorhandler.md

@@ -0,0 +1,35 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [ElasticsearchServiceSetup](./kibana-plugin-core-server.elasticsearchservicesetup.md) &gt; [setUnauthorizedErrorHandler](./kibana-plugin-core-server.elasticsearchservicesetup.setunauthorizederrorhandler.md)
+
+## ElasticsearchServiceSetup.setUnauthorizedErrorHandler property
+
+Register a handler that will be called when unauthorized (401) errors are returned from any API call to elasticsearch performed on behalf of a user via a [scoped cluster client](./kibana-plugin-core-server.iscopedclusterclient.md)<!-- -->.
+
+<b>Signature:</b>
+
+```typescript
+setUnauthorizedErrorHandler: (handler: UnauthorizedErrorHandler) => void;
+```
+
+## Remarks
+
+The handler will only be invoked for scoped client bound to real [request](./kibana-plugin-core-server.kibanarequest.md) instances.
+
+## Example
+
+
+```ts
+const handler: UnauthorizedErrorHandler = ({ request, error }, toolkit) => {
+  const reauthenticationResult = await authenticator.reauthenticate(request, error);
+  if (reauthenticationResult.succeeded()) {
+    return toolkit.retry({
+      authHeaders: reauthenticationResult.authHeaders,
+    });
+  }
+  return toolkit.notHandled();
+}
+
+coreSetup.elasticsearch.setUnauthorizedErrorHandler(handler);
+```
+

docs/development/core/server/kibana-plugin-core-server.md

@@ -230,6 +230,11 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [UiSettingsParams](./kibana-plugin-core-server.uisettingsparams.md) | UiSettings parameters defined by the plugins. |
 |  [UiSettingsServiceSetup](./kibana-plugin-core-server.uisettingsservicesetup.md) |  |
 |  [UiSettingsServiceStart](./kibana-plugin-core-server.uisettingsservicestart.md) |  |
+|  [UnauthorizedErrorHandlerNotHandledResult](./kibana-plugin-core-server.unauthorizederrorhandlernothandledresult.md) |  |
+|  [UnauthorizedErrorHandlerOptions](./kibana-plugin-core-server.unauthorizederrorhandleroptions.md) |  |
+|  [UnauthorizedErrorHandlerResultRetryParams](./kibana-plugin-core-server.unauthorizederrorhandlerresultretryparams.md) |  |
+|  [UnauthorizedErrorHandlerRetryResult](./kibana-plugin-core-server.unauthorizederrorhandlerretryresult.md) |  |
+|  [UnauthorizedErrorHandlerToolkit](./kibana-plugin-core-server.unauthorizederrorhandlertoolkit.md) | Toolkit passed to a [UnauthorizedErrorHandler](./kibana-plugin-core-server.unauthorizederrorhandler.md) used to generate responses from the handler |
 |  [UserProvidedValues](./kibana-plugin-core-server.userprovidedvalues.md) | Describes the values explicitly set by user. |
 
 ## Variables
@@ -329,4 +334,7 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [SharedGlobalConfig](./kibana-plugin-core-server.sharedglobalconfig.md) |  |
 |  [StartServicesAccessor](./kibana-plugin-core-server.startservicesaccessor.md) | Allows plugins to get access to APIs available in start inside async handlers. Promise will not resolve until Core and plugin dependencies have completed <code>start</code>. This should only be used inside handlers registered during <code>setup</code> that will only be executed after <code>start</code> lifecycle. |
 |  [UiSettingsType](./kibana-plugin-core-server.uisettingstype.md) | UI element type to represent the settings. |
+|  [UnauthorizedError](./kibana-plugin-core-server.unauthorizederror.md) |  |
+|  [UnauthorizedErrorHandler](./kibana-plugin-core-server.unauthorizederrorhandler.md) | A handler used to handle unauthorized error returned by elasticsearch |
+|  [UnauthorizedErrorHandlerResult](./kibana-plugin-core-server.unauthorizederrorhandlerresult.md) |  |
 

docs/development/core/server/kibana-plugin-core-server.unauthorizederror.md

@@ -0,0 +1,14 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [UnauthorizedError](./kibana-plugin-core-server.unauthorizederror.md)
+
+## UnauthorizedError type
+
+
+<b>Signature:</b>
+
+```typescript
+export declare type UnauthorizedError = errors.ResponseError & {
+    statusCode: 401;
+};
+```

docs/development/core/server/kibana-plugin-core-server.unauthorizederrorhandler.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [UnauthorizedErrorHandler](./kibana-plugin-core-server.unauthorizederrorhandler.md)
+
+## UnauthorizedErrorHandler type
+
+A handler used to handle unauthorized error returned by elasticsearch
+
+<b>Signature:</b>
+
+```typescript
+export declare type UnauthorizedErrorHandler = (options: UnauthorizedErrorHandlerOptions, toolkit: UnauthorizedErrorHandlerToolkit) => MaybePromise<UnauthorizedErrorHandlerResult>;
+```

docs/development/core/server/kibana-plugin-core-server.unauthorizederrorhandlernothandledresult.md

@@ -0,0 +1,19 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [UnauthorizedErrorHandlerNotHandledResult](./kibana-plugin-core-server.unauthorizederrorhandlernothandledresult.md)
+
+## UnauthorizedErrorHandlerNotHandledResult interface
+
+
+<b>Signature:</b>
+
+```typescript
+export interface UnauthorizedErrorHandlerNotHandledResult 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [type](./kibana-plugin-core-server.unauthorizederrorhandlernothandledresult.type.md) | 'notHandled' |  |
+

docs/development/core/server/kibana-plugin-core-server.unauthorizederrorhandlernothandledresult.type.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [UnauthorizedErrorHandlerNotHandledResult](./kibana-plugin-core-server.unauthorizederrorhandlernothandledresult.md) &gt; [type](./kibana-plugin-core-server.unauthorizederrorhandlernothandledresult.type.md)
+
+## UnauthorizedErrorHandlerNotHandledResult.type property
+
+<b>Signature:</b>
+
+```typescript
+type: 'notHandled';
+```

docs/development/core/server/kibana-plugin-core-server.unauthorizederrorhandleroptions.error.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [UnauthorizedErrorHandlerOptions](./kibana-plugin-core-server.unauthorizederrorhandleroptions.md) &gt; [error](./kibana-plugin-core-server.unauthorizederrorhandleroptions.error.md)
+
+## UnauthorizedErrorHandlerOptions.error property
+
+<b>Signature:</b>
+
+```typescript
+error: UnauthorizedError;
+```

docs/development/core/server/kibana-plugin-core-server.unauthorizederrorhandleroptions.md

@@ -0,0 +1,20 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [UnauthorizedErrorHandlerOptions](./kibana-plugin-core-server.unauthorizederrorhandleroptions.md)
+
+## UnauthorizedErrorHandlerOptions interface
+
+
+<b>Signature:</b>
+
+```typescript
+export interface UnauthorizedErrorHandlerOptions 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [error](./kibana-plugin-core-server.unauthorizederrorhandleroptions.error.md) | UnauthorizedError |  |
+|  [request](./kibana-plugin-core-server.unauthorizederrorhandleroptions.request.md) | KibanaRequest |  |
+

docs/development/core/server/kibana-plugin-core-server.unauthorizederrorhandleroptions.request.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [UnauthorizedErrorHandlerOptions](./kibana-plugin-core-server.unauthorizederrorhandleroptions.md) &gt; [request](./kibana-plugin-core-server.unauthorizederrorhandleroptions.request.md)
+
+## UnauthorizedErrorHandlerOptions.request property
+
+<b>Signature:</b>
+
+```typescript
+request: KibanaRequest;
+```

docs/development/core/server/kibana-plugin-core-server.unauthorizederrorhandlerresult.md

@@ -0,0 +1,12 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [UnauthorizedErrorHandlerResult](./kibana-plugin-core-server.unauthorizederrorhandlerresult.md)
+
+## UnauthorizedErrorHandlerResult type
+
+
+<b>Signature:</b>
+
+```typescript
+export declare type UnauthorizedErrorHandlerResult = UnauthorizedErrorHandlerRetryResult | UnauthorizedErrorHandlerNotHandledResult;
+```

docs/development/core/server/kibana-plugin-core-server.unauthorizederrorhandlerresultretryparams.authheaders.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [UnauthorizedErrorHandlerResultRetryParams](./kibana-plugin-core-server.unauthorizederrorhandlerresultretryparams.md) &gt; [authHeaders](./kibana-plugin-core-server.unauthorizederrorhandlerresultretryparams.authheaders.md)
+
+## UnauthorizedErrorHandlerResultRetryParams.authHeaders property
+
+<b>Signature:</b>
+
+```typescript
+authHeaders: AuthHeaders;
+```

docs/development/core/server/kibana-plugin-core-server.unauthorizederrorhandlerresultretryparams.md

@@ -0,0 +1,19 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [UnauthorizedErrorHandlerResultRetryParams](./kibana-plugin-core-server.unauthorizederrorhandlerresultretryparams.md)
+
+## UnauthorizedErrorHandlerResultRetryParams interface
+
+
+<b>Signature:</b>
+
+```typescript
+export interface UnauthorizedErrorHandlerResultRetryParams 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [authHeaders](./kibana-plugin-core-server.unauthorizederrorhandlerresultretryparams.authheaders.md) | AuthHeaders |  |
+