Merge remote-tracking branch 'upstream/main' into sharedux-chrome-nav…

…/replace-v1

config/README.md

@@ -5,9 +5,12 @@ this configuration, pass `--serverless={mode}` or run `yarn serverless-{mode}`
 valid modes are currently: `es`, `oblt`, and `security`
 
 configuration is applied in the following order, later values override
- 1. kibana.yml
- 2. serverless.yml
- 3. serverless.{mode}.yml
+ 1. serverless.yml (serverless configs go first)
+ 2. serverless.{mode}.yml (serverless configs go first)
+ 3. base config, in this preference order:
+  - my-config.yml(s) (set by --config)
+  - env-config.yml (described by `env.KBN_CONFIG_PATHS`)
+  - kibana.yml (default @ `env.KBN_PATH_CONF`/kibana.yml)
  4. kibana.dev.yml
  5. serverless.dev.yml
  6. serverless.{mode}.dev.yml

docs/management/action-types.asciidoc

@@ -83,6 +83,10 @@ a| <<gen-ai-action-type,Generative AI>>
 
 | Send a request to OpenAI.
 
+a| <<d3security-action-type,D3 Security>>
+
+| Send a request to D3 Security.
+
 |===
 
 [NOTE]

docs/management/connectors/action-types/d3security.asciidoc

@@ -0,0 +1,91 @@
+[[d3security-action-type]]
+== D3 Security connector and action
+++++
+<titleabbrev>D3 Security</titleabbrev>
+++++
+
+The D3 Security connector uses https://github.com/axios/axios[axios] to send a POST request to a D3 Security endpoint. The connector uses the <<execute-connector-api,run connector API>> to send the request. You can use the connector for rule actions.
+
+[float]
+[[d3security-connector-prerequisites]]
+=== Prerequisites
+
+To use a D3 Security connector, you must first configure a webhook key in your D3 SOAR environment. To generate an API URL and a token in D3 Security:
+1. Log in to your D3 SOAR environment.
+2. Navigate to Configuration.
+3. Navigate to Integration > Search for “Kibana”. Click “Fetch Event”.
+4. Select the "Enable Webhook" checkbox.
+5. Click Set up Webhook Keys.
+6. Under Event Ingestion, Click +. Select the site for the webhook integration, then click Generate.
+7. Copy the Request URL and Request Header Value to configure the Kibana connector
+
+[float]
+[[define-d3security-ui]]
+=== Create connectors in {kib}
+
+You can create connectors in *{stack-manage-app} > {connectors-ui}*.  For example:
+
+[role="screenshot"]
+image::management/connectors/images/d3security-connector.png[D3 Security connector]
+
+[float]
+[[d3security-connector-configuration]]
+==== Connector configuration
+
+D3 Security connectors have the following configuration properties:
+
+Name::      The name of the connector.
+URL::   The D3 Security API request URL.
+Token::   The D3 Security token
+
+[float]
+[[preconfigured-d3security-configuration]]
+=== Create preconfigured connectors
+
+If you are running {kib} on-prem, you can define connectors by
+adding `xpack.actions.preconfigured` settings to your `kibana.yml` file.
+For example:
+
+[source,text]
+--
+xpack.actions.preconfigured:
+  my-d3security:
+    name: preconfigured-d3security-connector-type
+    actionTypeId: .d3security
+    config:
+      url: https://testurl.com/elasticsearch/VSOC/api/Data/Kibana/Security%20Operations/CreateEvents
+    secrets:
+      token: superlongtoken
+--
+
+Config defines information for the connector type.
+
+`url`:: A URL string that corresponds to the *D3 Security API URL*.
+
+Secrets defines sensitive information for the connector type.
+
+`token`:: A string that corresponds to *D3 Security API Token*.
+
+[float]
+[[d3security-action-configuration]]
+=== Test connectors
+
+You can test connectors with the <<execute-connector-api,run connector API>> or
+as you're creating or editing the connector in {kib}. For example:
+
+[role="screenshot"]
+image::management/connectors/images/d3security-params-test.png[D3 Security params test]
+
+The D3 Security actions have the following configuration properties.
+
+Body::      A typeless payload sent to the D3 Security API URL. For example:
++
+[source,text]
+--
+this can be any type, it is not validated
+--
+[float]
+[[d3security-connector-networking-configuration]]
+=== Connector networking configuration
+
+Use the <<action-settings, Action configuration settings>> to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use `xpack.actions.customHostSettings` to set per-host configurations.

docs/management/connectors/index.asciidoc

@@ -17,4 +17,5 @@ include::action-types/webhook.asciidoc[leveloffset=+1]
 include::action-types/cases-webhook.asciidoc[leveloffset=+1]
 include::action-types/xmatters.asciidoc[leveloffset=+1]
 include::action-types/gen-ai.asciidoc[leveloffset=+1]
+include::action-types/d3security.asciidoc[leveloffset=+1]
 include::pre-configured-connectors.asciidoc[leveloffset=+1]

docs/settings/alert-action-settings.asciidoc

@@ -138,7 +138,7 @@ WARNING: This feature is available in {kib} 7.17.4 and 8.3.0 onwards but is not
 A boolean value indicating that a footer with a relevant link should be added to emails sent as alerting actions. Default: true.
 
 `xpack.actions.enabledActionTypes` {ess-icon}::
-A list of action types that are enabled. It defaults to `[*]`, enabling all types. The names for built-in {kib} action types are prefixed with a `.` and include: `.email`, `.index`, `.jira`, `.opsgenie`, `.pagerduty`, `.resilient`, `.server-log`, `.servicenow`, .`servicenow-itom`, `.servicenow-sir`, `.slack`, `.swimlane`, `.teams`, `.tines`, `.torq`, `.xmatters`,  `.gen-ai`, and `.webhook`. An empty list `[]` will disable all action types.
+A list of action types that are enabled. It defaults to `[*]`, enabling all types. The names for built-in {kib} action types are prefixed with a `.` and include: `.email`, `.index`, `.jira`, `.opsgenie`, `.pagerduty`, `.resilient`, `.server-log`, `.servicenow`, .`servicenow-itom`, `.servicenow-sir`, `.slack`, `.swimlane`, `.teams`, `.tines`, `.torq`, `.xmatters`,  `.gen-ai`,  `.d3security`, and `.webhook`. An empty list `[]` will disable all action types.
 +
 Disabled action types will not appear as an option when creating new connectors, but existing connectors and actions of that type will remain in {kib} and will not function.
 

packages/core/root/core-root-server-internal/src/bootstrap.test.mocks.ts

@@ -21,5 +21,6 @@ jest.doMock('@kbn/config', () => ({
 jest.doMock('./root', () => ({
   Root: jest.fn(() => ({
     shutdown: jest.fn(),
+    logger: { get: () => ({ info: jest.fn(), debug: jest.fn() }) },
   })),
 }));

packages/core/root/core-root-server-internal/src/bootstrap.ts

@@ -78,6 +78,9 @@ export async function bootstrap({ configs, cliArgs, applyConfigOverrides }: Boot
   }
 
   const root = new Root(rawConfigService, env, onRootShutdown);
+  const cliLogger = root.logger.get('cli');
+
+  cliLogger.debug('Kibana configurations evaluated in this order: ' + env.configs.join(', '));
 
   process.on('SIGHUP', () => reloadConfiguration());
 
@@ -93,7 +96,6 @@ export async function bootstrap({ configs, cliArgs, applyConfigOverrides }: Boot
   });
 
   function reloadConfiguration(reason = 'SIGHUP signal received') {
-    const cliLogger = root.logger.get('cli');
     cliLogger.info(`Reloading Kibana configuration (reason: ${reason}).`, { tags: ['config'] });
 
     try {

packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/helpers/validation.test.ts

@@ -0,0 +1,95 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { loggerMock, type MockedLogger } from '@kbn/logging-mocks';
+import { SavedObjectsType } from '@kbn/core-saved-objects-server';
+import { type SavedObjectSanitizedDoc } from '@kbn/core-saved-objects-server';
+import { ValidationHelper } from './validation';
+import { typedef, typedef1, typedef2 } from './validation_fixtures';
+import { SavedObjectTypeRegistry } from '@kbn/core-saved-objects-base-server-internal';
+
+const defaultVersion = '8.10.0';
+const modelVirtualVersion = '10.1.0';
+const typeA = 'my-typeA';
+const typeB = 'my-typeB';
+const typeC = 'my-typeC';
+
+describe('Saved Objects type validation helper', () => {
+  let helper: ValidationHelper;
+  let logger: MockedLogger;
+  let typeRegistry: SavedObjectTypeRegistry;
+
+  const createMockObject = (
+    type: string,
+    attr: Partial<SavedObjectSanitizedDoc>
+  ): SavedObjectSanitizedDoc => ({
+    type,
+    id: 'test-id',
+    references: [],
+    attributes: {},
+    ...attr,
+  });
+  const registerType = (name: string, parts: Partial<SavedObjectsType>) => {
+    typeRegistry.registerType({
+      name,
+      hidden: false,
+      namespaceType: 'single',
+      mappings: { properties: {} },
+      ...parts,
+    });
+  };
+  beforeEach(() => {
+    logger = loggerMock.create();
+    typeRegistry = new SavedObjectTypeRegistry();
+  });
+
+  afterEach(() => {
+    jest.resetAllMocks();
+  });
+
+  describe('validation helper', () => {
+    beforeEach(() => {
+      registerType(typeA, typedef);
+      registerType(typeB, typedef1);
+      registerType(typeC, typedef2);
+    });
+
+    it('should validate objects against stack versions', () => {
+      helper = new ValidationHelper({
+        logger,
+        registry: typeRegistry,
+        kibanaVersion: defaultVersion,
+      });
+      const data = createMockObject(typeA, { attributes: { foo: 'hi', count: 1 } });
+      expect(() => helper.validateObjectForCreate(typeA, data)).not.toThrowError();
+    });
+
+    it('should validate objects against model versions', () => {
+      helper = new ValidationHelper({
+        logger,
+        registry: typeRegistry,
+        kibanaVersion: modelVirtualVersion,
+      });
+      const data = createMockObject(typeB, { attributes: { foo: 'hi', count: 1 } });
+      expect(() => helper.validateObjectForCreate(typeB, data)).not.toThrowError();
+    });
+
+    it('should fail validation against invalid objects when version requested does not support a field', () => {
+      helper = new ValidationHelper({
+        logger,
+        registry: typeRegistry,
+        kibanaVersion: defaultVersion,
+      });
+      const validationError = new Error(
+        '[attributes.count]: definition for this key is missing: Bad Request'
+      );
+      const data = createMockObject(typeC, { attributes: { foo: 'hi', count: 1 } });
+      expect(() => helper.validateObjectForCreate(typeC, data)).toThrowError(validationError);
+    });
+  });
+});

packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/helpers/validation.ts

@@ -9,7 +9,10 @@
 import type { PublicMethodsOf } from '@kbn/utility-types';
 import type { Logger } from '@kbn/logging';
 import type { ISavedObjectTypeRegistry } from '@kbn/core-saved-objects-server';
-import { SavedObjectsTypeValidator } from '@kbn/core-saved-objects-base-server-internal';
+import {
+  SavedObjectsTypeValidator,
+  modelVersionToVirtualVersion,
+} from '@kbn/core-saved-objects-base-server-internal';
 import {
   SavedObjectsErrorHelpers,
   type SavedObjectSanitizedDoc,
@@ -91,7 +94,7 @@ export class ValidationHelper {
     }
     const validator = this.getTypeValidator(type);
     try {
-      validator.validate(doc, this.kibanaVersion);
+      validator.validate(doc);
     } catch (error) {
       throw SavedObjectsErrorHelpers.createBadRequestError(error.message);
     }
@@ -100,10 +103,30 @@ export class ValidationHelper {
   private getTypeValidator(type: string): SavedObjectsTypeValidator {
     if (!this.typeValidatorMap[type]) {
       const savedObjectType = this.registry.getType(type);
+
+      const stackVersionSchemas =
+        typeof savedObjectType?.schemas === 'function'
+          ? savedObjectType.schemas()
+          : savedObjectType?.schemas ?? {};
+
+      const modelVersionCreateSchemas =
+        typeof savedObjectType?.modelVersions === 'function'
+          ? savedObjectType.modelVersions()
+          : savedObjectType?.modelVersions ?? {};
+
+      const combinedSchemas = { ...stackVersionSchemas };
+      Object.entries(modelVersionCreateSchemas).reduce((map, [key, modelVersion]) => {
+        if (modelVersion.schemas?.create) {
+          const virtualVersion = modelVersionToVirtualVersion(key);
+          combinedSchemas[virtualVersion] = modelVersion.schemas!.create!;
+        }
+        return map;
+      }, {});
+
       this.typeValidatorMap[type] = new SavedObjectsTypeValidator({
         logger: this.logger.get('type-validator'),
         type,
-        validationMap: savedObjectType!.schemas ?? {},
+        validationMap: combinedSchemas,
         defaultVersion: this.kibanaVersion,
       });
     }