Merge branch 'main' into serverless-tags

docs/settings/reporting-settings.asciidoc

@@ -203,26 +203,40 @@ The `file:` protocol is always denied, even if no network policy is configured.
 ==== CSV settings
 
 [[xpack-reporting-csv]] `xpack.reporting.csv.maxSizeBytes` {ess-icon}::
-The maximum {byte-units}[byte size] of a CSV file before being truncated. This setting exists to prevent large exports from causing performance and storage issues. Can be specified as number of bytes. Defaults to `10mb`.
+The maximum {byte-units}[byte size] of a CSV file before being truncated. This setting exists to prevent large
+exports from causing performance and storage issues. Can be specified as number of bytes. Defaults to `250mb`.
 
 [NOTE]
 ============
-Setting `xpack.reporting.csv.maxSizeBytes` much larger than the default 10 MB limit has the potential to negatively affect the
-performance of {kib} and your {es} cluster. There is no enforced maximum for this setting, but a reasonable maximum value depends
-on multiple factors:
+We recommend using CSV reports to export moderate amounts of data only. The feature enables analysis of data in
+external tools, but it's not intended for bulk export or to backup {es} data. If you need to export more than
+250 MB of CSV, rather than increasing `xpack.reporting.csv.maxSizeBytes`, please use filters to create multiple
+smaller reports, or extract the data you need directly from {es}.
 
-* The `http.max_content_length` setting in {es}.
-* Network proxies, which are often configured by default to block large requests with a 413 error.
-* The amount of memory available to the {kib} server, which limits the size of CSV data that must be held temporarily.
+The following deployment configurations may lead to failed report jobs or incomplete reports:
 
-For information about {kib} memory limits, see <<production, using {kib} in a production environment>>.
+* Any shard needed for search is unavailable.
+* Data is stored on slow storage tiers. 
+* Network latency between nodes is high.
+* {ccs-cap} is used.
+
+To export large amounts of data we recommend using {es} APIs directly. See {ref}/point-in-time-api.html[Point
+in time API], or {ref}/sql-rest-format.html#_csv[SQL with CSV response data format].
 ============
 
 `xpack.reporting.csv.scroll.size`::
 Number of documents retrieved from {es} for each scroll iteration during a CSV export. Defaults to `500`.
+[NOTE]
+============
+You may need to lower this setting if the default number of documents creates a strain on network resources.
+============
 
 `xpack.reporting.csv.scroll.duration`::
  Amount of {time-units}[time] allowed before {kib} cleans the scroll context during a CSV export. Defaults to `30s`.
+[NOTE]
+============
+If search latency in {es} is sufficiently high, such as if you are using {ccs}, you may need to increase the setting.
+============
 
 `xpack.reporting.csv.checkForFormulas`::
 Enables a check that warns you when there's a potential formula included in the output (=, -, +, and @ chars). See OWASP: https://www.owasp.org/index.php/CSV_Injection. Defaults to `true`.
@@ -231,7 +245,11 @@ Enables a check that warns you when there's a potential formula included in the
 Escape formula values in cells with a `'`. See OWASP: https://www.owasp.org/index.php/CSV_Injection. Defaults to `true`.
 
 `xpack.reporting.csv.enablePanelActionDownload`::
-deprecated:[7.9.0,This setting has no effect.] Enables CSV export from a saved search on a dashboard. This action is available in the dashboard panel menu for the saved search. *NOTE*: This setting exists for backwards compatibility, but is unused and hardcoded to `true`. CSV export from a saved search on a dashboard is enabled when Reporting is enabled.
+deprecated:[7.9.0,This setting has no effect.] Enables CSV export from a saved search on a dashboard. This action is available in the dashboard panel menu for the saved search. 
+[NOTE]
+============
+This setting exists for backwards compatibility, and is hardcoded to `true`. CSV export from a saved search on a dashboard is enabled when Reporting is enabled.
+============
 
 `xpack.reporting.csv.useByteOrderMarkEncoding`::
 Adds a byte order mark (`\ufeff`) at the beginning of the CSV file. Defaults to `false`.

packages/core/chrome/core-chrome-browser/src/project_navigation.ts

@@ -45,7 +45,7 @@ export type AppDeepLinkId =
   | ObservabilityLink;
 
 /** @public */
-export type CloudLinkId = 'userAndRoles' | 'performance' | 'billingAndSub';
+export type CloudLinkId = 'userAndRoles' | 'performance' | 'billingAndSub' | 'deployment';
 
 export type GetIsActiveFn = (params: {
   /** The current path name including the basePath + hash value but **without** any query params */

packages/shared-ux/chrome/navigation/src/cloud_links.tsx

@@ -17,7 +17,7 @@ export type CloudLinks = {
 };
 
 export const getCloudLinks = (cloud: CloudStart): CloudLinks => {
-  const { billingUrl, performanceUrl, usersAndRolesUrl } = cloud;
+  const { billingUrl, deploymentUrl, performanceUrl, usersAndRolesUrl } = cloud;
 
   const links: CloudLinks = {};
 
@@ -54,5 +54,17 @@ export const getCloudLinks = (cloud: CloudStart): CloudLinks => {
     };
   }
 
+  if (deploymentUrl) {
+    links.deployment = {
+      title: i18n.translate(
+        'sharedUXPackages.chrome.sideNavigation.cloudLinks.deploymentLinkText',
+        {
+          defaultMessage: 'Project',
+        }
+      ),
+      href: deploymentUrl,
+    };
+  }
+
   return links;
 };

src/cli/serve/serve.js

@@ -55,11 +55,11 @@ function pathCollector() {
 const configPathCollector = pathCollector();
 const pluginPathCollector = pathCollector();
 
-function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
+export function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
   const set = _.partial(lodashSet, rawConfig);
   const get = _.partial(_.get, rawConfig);
   const has = _.partial(_.has, rawConfig);
-  const merge = _.partial(_.merge, rawConfig);
+
   if (opts.oss) {
     delete rawConfig.xpack;
   }
@@ -135,8 +135,8 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
 
   set('plugins.paths', _.compact([].concat(get('plugins.paths'), opts.pluginPath)));
 
-  merge(extraCliOptions);
-  merge(readKeystore());
+  _.mergeWith(rawConfig, extraCliOptions, mergeAndReplaceArrays);
+  _.merge(rawConfig, readKeystore());
 
   return rawConfig;
 }
@@ -257,3 +257,15 @@ export default function (program) {
     });
   });
 }
+
+function mergeAndReplaceArrays(objValue, srcValue) {
+  if (typeof srcValue === 'undefined') {
+    return objValue;
+  } else if (Array.isArray(srcValue)) {
+    // do not merge arrays, use new value instead
+    return srcValue;
+  } else {
+    // default to default merging
+    return undefined;
+  }
+}

src/cli/serve/serve.test.js

@@ -0,0 +1,81 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { applyConfigOverrides } from './serve';
+
+describe('applyConfigOverrides', () => {
+  it('merges empty objects to an empty config', () => {
+    const output = applyConfigOverrides({}, {}, {});
+    const defaultEmptyConfig = {
+      plugins: {
+        paths: [],
+      },
+    };
+
+    expect(output).toEqual(defaultEmptyConfig);
+  });
+
+  it('merges objects', () => {
+    const output = applyConfigOverrides(
+      {
+        tomato: {
+          size: 40,
+          color: 'red',
+        },
+      },
+      {},
+      {
+        tomato: {
+          weight: 100,
+        },
+      }
+    );
+
+    expect(output).toEqual({
+      tomato: {
+        weight: 100,
+        color: 'red',
+        size: 40,
+      },
+      plugins: {
+        paths: [],
+      },
+    });
+  });
+
+  it('merges objects, but not arrays', () => {
+    const output = applyConfigOverrides(
+      {
+        tomato: {
+          color: 'red',
+          arr: [1, 2, 3],
+        },
+      },
+      {},
+      {
+        xyz: 40,
+        tomato: {
+          weight: 100,
+          arr: [4, 5],
+        },
+      }
+    );
+
+    expect(output).toEqual({
+      xyz: 40,
+      tomato: {
+        weight: 100,
+        color: 'red',
+        arr: [4, 5],
+      },
+      plugins: {
+        paths: [],
+      },
+    });
+  });
+});

x-pack/plugins/cloud_security_posture/common/constants.ts

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { PostureTypes, VulnSeverity } from './types';
+import { PostureTypes, VulnSeverity, AwsCredentialsTypeFieldMap } from './types';
 
 export const STATUS_ROUTE_PATH = '/internal/cloud_security_posture/status';
 export const STATUS_API_CURRENT_VERSION = '1';
@@ -125,5 +125,14 @@ export const VULNERABILITIES_SEVERITY: Record<VulnSeverity, VulnSeverity> = {
 };
 
 export const VULNERABILITIES_ENUMERATION = 'CVE';
+
+export const AWS_CREDENTIALS_TYPE_TO_FIELDS_MAP: AwsCredentialsTypeFieldMap = {
+  assume_role: ['role_arn'],
+  direct_access_keys: ['access_key_id', 'secret_access_key'],
+  temporary_keys: ['access_key_id', 'secret_access_key', 'session_token'],
+  shared_credentials: ['shared_credential_file', 'credential_profile_name'],
+  cloud_formation: [],
+};
+
 export const SETUP_ACCESS_CLOUD_SHELL = 'google_cloud_shell';
 export const SETUP_ACCESS_MANUAL = 'manual';

x-pack/plugins/cloud_security_posture/common/types.ts

@@ -13,6 +13,17 @@ import { CspRuleTemplate } from './schemas';
 import { findCspRuleTemplateRequest } from './schemas/csp_rule_template_api/get_csp_rule_template';
 import { getComplianceDashboardSchema } from './schemas/stats';
 
+export type AwsCredentialsType =
+  | 'assume_role'
+  | 'direct_access_keys'
+  | 'temporary_keys'
+  | 'shared_credentials'
+  | 'cloud_formation';
+
+export type AwsCredentialsTypeFieldMap = {
+  [key in AwsCredentialsType]: string[];
+};
+
 export type Evaluation = 'passed' | 'failed' | 'NA';
 
 export type PostureTypes = 'cspm' | 'kspm' | 'vuln_mgmt' | 'all';