Merge branch 'master' of https://github.com/elastic/kibana into np_re…

…ady_3

.github/CODEOWNERS

@@ -5,6 +5,7 @@
 # App
 /x-pack/legacy/plugins/lens/ @elastic/kibana-app
 /x-pack/legacy/plugins/graph/ @elastic/kibana-app
+/src/legacy/server/sample_data/ @elastic/kibana-app
 
 # App Architecture
 /src/plugins/data/ @elastic/kibana-app-arch
@@ -66,14 +67,25 @@
 /packages/kbn-es/ @elastic/kibana-operations
 /packages/kbn-pm/ @elastic/kibana-operations
 /packages/kbn-test/ @elastic/kibana-operations
+/src/legacy/server/keystore/ @elastic/kibana-operations
+/src/legacy/server/pid/ @elastic/kibana-operations
+/src/legacy/server/sass/ @elastic/kibana-operations
+/src/legacy/server/utils/ @elastic/kibana-operations
+/src/legacy/server/warnings/ @elastic/kibana-operations
 
 # Platform
 /src/core/  @elastic/kibana-platform
-/src/legacy/server/saved_objects/  @elastic/kibana-platform
 /config/kibana.yml @elastic/kibana-platform
 /x-pack/plugins/features/  @elastic/kibana-platform
 /x-pack/plugins/licensing/  @elastic/kibana-platform
 /packages/kbn-config-schema/ @elastic/kibana-platform
+/src/legacy/server/config/ @elastic/kibana-platform
+/src/legacy/server/csp/ @elastic/kibana-platform
+/src/legacy/server/http/ @elastic/kibana-platform
+/src/legacy/server/i18n/ @elastic/kibana-platform
+/src/legacy/server/logging/ @elastic/kibana-platform
+/src/legacy/server/saved_objects/  @elastic/kibana-platform
+/src/legacy/server/status/ @elastic/kibana-platform
 
 # Security
 /x-pack/legacy/plugins/security/  @elastic/kibana-security

.i18nrc.json

@@ -19,6 +19,7 @@
     "kbnVislibVisTypes": "src/legacy/core_plugins/kbn_vislib_vis_types",
     "kibana_react": "src/legacy/core_plugins/kibana_react",
     "kibana-react": "src/plugins/kibana_react",
+    "kibana_utils": "src/plugins/kibana_utils",
     "navigation": "src/legacy/core_plugins/navigation",
     "newsfeed": "src/plugins/newsfeed",
     "regionMap": "src/legacy/core_plugins/region_map",

docs/user/security/index.asciidoc

@@ -37,4 +37,4 @@ cause Kibana's authorization to behave unexpectedly.
 include::authorization/index.asciidoc[]
 include::authorization/kibana-privileges.asciidoc[]
 include::api-keys/index.asciidoc[]
-
+include::rbac_tutorial.asciidoc[]

docs/user/security/rbac_tutorial.asciidoc

@@ -0,0 +1,104 @@
+[[space-rbac-tutorial]]
+=== Tutorial:  Use role-based access control to customize Kibana spaces
+
+With role-based access control (RBAC), you can provide users access to data, tools,
+and Kibana spaces.  In this tutorial, you will learn how to configure roles
+that provide the right users with the right access to the data, tools, and
+Kibana spaces.
+
+[float]
+==== Scenario
+
+Our user is a web developer working on a bank's
+online mortgage service.  The web developer has these 
+three requirements:
+
+* Have access to the data for that service 
+* Build visualizations and dashboards
+* Monitor the performance of the system
+
+You'll provide the web developer with the access and privileges to get the job done.
+
+[float]
+==== Prerequisites
+
+To complete this tutorial, you'll need the following:
+
+*  **Administrative privileges**: You must have a role that grants privileges to create a space, role, and user. This is any role which grants the `manage_security` cluster privilege. By default, the `superuser` role provides this access. See the {ref}/built-in-roles.html[built-in] roles.  
+*  **A space**: In this tutorial, use `Dev Mortgage` as the space 
+name. See <<spaces-managing, spaces management>> for
+details on creating a space.
+*  **Data**:  You can use <<tutorial-sample-data, sample data>> or 
+live data.  In the steps below, Filebeat and Metricbeat data are used.
+
+[float]
+==== Steps
+
+With the requirements in mind, here are the steps that you will work 
+through in this tutorial:
+
+* Create a role named `mortgage-developer`
+* Give the role permission to access the data in the relevant indices
+* Give the role permission to create visualizations and dashboards 
+* Create the web developer's user account with the proper roles
+
+[float]
+==== Create a role
+
+Go to **Management > Roles** 
+for an overview of your roles.  This view provides actions
+for you to create, edit, and delete roles.
+
+[role="screenshot"]
+image::security/images/role-management.png["Role management"]
+
+
+You can create as many roles as you like. Click *Create role* and 
+provide a name. Use `dev-mortgage` because this role is for a developer 
+working on the bank's mortgage application.
+
+
+[float]
+==== Give the role permission to access the data
+
+Access to data in indices is an index-level privilege, so in 
+*Index privileges*, add lines for the indices that contain the 
+data for this role.  Two privileges are required: `read` and 
+`view_index_metadata`.  All privileges are detailed in the 
+https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html[security privileges] documentation.
+
+In the screenshots, Filebeat and Metricbeat data is used, but you 
+should use the index patterns for your indices.
+
+[role="screenshot"]
+image::security/images/role-index-privilege.png["Index privilege"]
+
+[float]
+==== Give the role permission to create visualizations and dashboards
+
+By default, roles do not give Kibana privileges.  Click **Add space 
+privilege** and associate this role with the `Dev Mortgage` space.
+
+To enable users with the `dev-mortgage` role to create visualizations 
+and dashboards, click *All* for *Visualize* and *Dashboard*. Also 
+assign *All* for *Discover* because it is common for developers 
+to create saved searches while designing visualizations.
+
+[role="screenshot"]
+image::security/images/role-space-visualization.png["Associate space"]
+
+[float]
+==== Create the developer's user account with the proper roles
+
+Go to **Management > Users** and click on **Create user** to create a 
+user.  Give the user the `dev-mortgage` role 
+and the `monitoring-user` role, which is required for users of **Stack Monitoring**.
+
+[role="screenshot"]
+image::security/images/role-new-user.png["Developer user"]
+
+Finally, have the developer log in and access the Dev Mortgage space 
+and create a new visualization.
+
+NOTE: If the user is assigned to only one space, they will automatically enter that space on login.
+

src/core/server/http/http_config.ts

@@ -38,7 +38,15 @@ export const config = {
           validate: match(validBasePathRegex, "must start with a slash, don't end with one"),
         })
       ),
-      defaultRoute: schema.maybe(schema.string()),
+      defaultRoute: schema.maybe(
+        schema.string({
+          validate(value) {
+            if (!value.startsWith('/')) {
+              return 'must start with a slash';
+            }
+          },
+        })
+      ),
       cors: schema.conditional(
         schema.contextRef('dev'),
         true,

src/core/server/legacy/config/legacy_object_to_config_adapter.ts

@@ -62,6 +62,7 @@ export class LegacyObjectToConfigAdapter extends ObjectToConfigAdapter {
     return {
       autoListen: configValue.autoListen,
       basePath: configValue.basePath,
+      defaultRoute: configValue.defaultRoute,
       cors: configValue.cors,
       host: configValue.host,
       maxPayload: configValue.maxPayloadBytes,

src/legacy/core_plugins/kibana/public/dashboard/legacy_imports.ts

@@ -63,6 +63,6 @@ export { confirmModalFactory } from 'ui/modals/confirm_modal';
 export { configureAppAngularModule } from 'ui/legacy_compat';
 export { stateMonitorFactory, StateMonitor } from 'ui/state_management/state_monitor_factory';
 export { ensureDefaultIndexPattern } from 'ui/legacy_compat';
-export { unhashUrl } from 'ui/state_management/state_hashing';
+export { unhashUrl } from '../../../../../plugins/kibana_utils/public';
 export { IInjector } from 'ui/chrome';
 export { SavedObjectFinder } from 'ui/saved_objects/components/saved_object_finder';

src/legacy/core_plugins/kibana/public/discover/kibana_services.ts

@@ -78,7 +78,7 @@ export { tabifyAggResponse } from 'ui/agg_response/tabify';
 // @ts-ignore
 export { vislibSeriesResponseHandlerProvider } from 'ui/vis/response_handlers/vislib';
 export { ensureDefaultIndexPattern } from 'ui/legacy_compat';
-export { unhashUrl } from 'ui/state_management/state_hashing';
+export { unhashUrl } from '../../../../../plugins/kibana_utils/public';
 
 // EXPORT types
 export { Vis } from 'ui/vis';

src/legacy/core_plugins/kibana/public/visualize/editor/editor.js

@@ -45,7 +45,7 @@ import {
   showSaveModal,
   stateMonitorFactory,
   subscribeWithScope,
-  unhashUrl,
+  unhashUrl
 } from '../kibana_services';
 
 const {

src/legacy/core_plugins/kibana/public/visualize/kibana_services.ts

@@ -103,7 +103,7 @@ export { KibanaParsedUrl } from 'ui/url/kibana_parsed_url';
 export { migrateLegacyQuery } from 'ui/utils/migrate_legacy_query';
 export { subscribeWithScope } from 'ui/utils/subscribe_with_scope';
 export { SavedObjectSaveModal } from 'ui/saved_objects/components/saved_object_save_modal';
-export { unhashUrl } from 'ui/state_management/state_hashing';
+export { unhashUrl } from '../../../../../plugins/kibana_utils/public';
 export {
   Container,
   Embeddable,

src/legacy/core_plugins/state_session_storage_redirect/public/index.js

@@ -18,7 +18,7 @@
  */
 
 import chrome from 'ui/chrome';
-import { hashUrl } from 'ui/state_management/state_hashing';
+import { hashUrl } from '../../../../plugins/kibana_utils/public';
 import uiRoutes from 'ui/routes';
 import { fatalError } from 'ui/notify';
 

src/legacy/server/http/integration_tests/default_route_provider_config.test.ts

@@ -0,0 +1,53 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import * as kbnTestServer from '../../../../test_utils/kbn_server';
+// eslint-disable-next-line @kbn/eslint/no-restricted-paths
+import { Root } from '../../../../core/server/root';
+
+describe('default route provider', () => {
+  let root: Root;
+
+  afterEach(async () => await root.shutdown());
+
+  it('redirects to the configured default route', async function() {
+    root = kbnTestServer.createRoot({
+      server: {
+        defaultRoute: '/app/some/default/route',
+      },
+    });
+
+    await root.setup();
+    await root.start();
+
+    const kbnServer = kbnTestServer.getKbnServer(root);
+
+    kbnServer.server.decorate('request', 'getSavedObjectsClient', function() {
+      return {
+        get: (type: string, id: string) => ({ attributes: {} }),
+      };
+    });
+
+    const { status, header } = await kbnTestServer.request.get(root, '/');
+
+    expect(status).toEqual(302);
+    expect(header).toMatchObject({
+      location: '/app/some/default/route',
+    });
+  });
+});

src/legacy/server/saved_objects/saved_objects_mixin.js

@@ -55,7 +55,7 @@ function getImportableAndExportableTypes({ kbnServer, visibleTypes }) {
   );
 }
 
-export async function savedObjectsMixin(kbnServer, server) {
+export function savedObjectsMixin(kbnServer, server) {
   const migrator = kbnServer.newPlatform.__internals.kibanaMigrator;
   const mappings = migrator.getActiveMappings();
   const allTypes = Object.keys(getRootPropertiesObjects(mappings));

src/legacy/ui/public/chrome/api/sub_url_hooks.js

@@ -19,18 +19,23 @@
 
 import url from 'url';
 
-import {
-  unhashUrl,
-} from '../../state_management/state_hashing';
+import { unhashUrl } from '../../../../../plugins/kibana_utils/public';
+import { toastNotifications } from '../../notify/toasts';
 
 export function registerSubUrlHooks(angularModule, internals) {
   angularModule.run(($rootScope, Private, $location) => {
     const subUrlRouteFilter = Private(SubUrlRouteFilterProvider);
 
     function updateSubUrls() {
       const urlWithHashes = window.location.href;
-      const urlWithStates = unhashUrl(urlWithHashes);
-      internals.trackPossibleSubUrl(urlWithStates);
+      let urlWithStates;
+      try {
+        urlWithStates = unhashUrl(urlWithHashes);
+      } catch (e) {
+        toastNotifications.addDanger(e.message);
+      }
+
+      internals.trackPossibleSubUrl(urlWithStates || urlWithHashes);
     }
 
     function onRouteChange($event) {

src/legacy/ui/public/state_management/__tests__/state.js

@@ -26,11 +26,11 @@ import { toastNotifications } from '../../notify';
 import * as FatalErrorNS from '../../notify/fatal_error';
 import { StateProvider } from '../state';
 import {
+  unhashQuery,
   createStateHash,
   isStateHash,
-  unhashQuery
-} from '../state_hashing';
-import { HashedItemStore } from '../../../../../plugins/kibana_utils/public';
+  HashedItemStore
+} from '../../../../../plugins/kibana_utils/public';
 import { StubBrowserStorage } from 'test_utils/stub_browser_storage';
 import { EventsProvider } from '../../events';
 

src/legacy/ui/public/state_management/state.js

@@ -35,11 +35,7 @@ import { fatalError, toastNotifications } from '../notify';
 import './config_provider';
 import { createLegacyClass } from '../utils/legacy_class';
 import { callEach } from '../utils/function';
-import { hashedItemStore } from '../../../../plugins/kibana_utils/public';
-import {
-  createStateHash,
-  isStateHash
-} from './state_hashing';
+import { hashedItemStore, isStateHash, createStateHash } from '../../../../plugins/kibana_utils/public';
 
 export function StateProvider(Private, $rootScope, $location, stateManagementConfig, config, kbnUrl, $injector) {
   const Events = Private(EventsProvider);

src/plugins/kibana_utils/public/index.ts

@@ -28,3 +28,5 @@ export * from './errors';
 export * from './field_mapping';
 export * from './storage';
 export * from './storage/hashed_item_store';
+export * from './state_management/state_hash';
+export * from './state_management/url';

src/legacy/ui/public/state_management/state_hashing/index.ts → src/plugins/kibana_utils/public/state_management/state_hash/index.ts

@@ -17,5 +17,4 @@
  * under the License.
  */
 
-export { hashUrl, unhashUrl, hashQuery, unhashQuery } from './hash_unhash_url';
-export { createStateHash, isStateHash } from './state_hash';
+export * from './state_hash';

src/legacy/ui/public/state_management/state_hashing/state_hash.test.ts → src/plugins/kibana_utils/public/state_management/state_hash/state_hash.test.ts

@@ -18,9 +18,8 @@
  */
 
 import { encode as encodeRison } from 'rison-node';
-// eslint-disable-next-line @kbn/eslint/no-restricted-paths
-import { mockStorage } from '../../../../../plugins/kibana_utils/public/storage/hashed_item_store/mock';
-import { createStateHash, isStateHash } from '../state_hashing';
+import { mockStorage } from '../../storage/hashed_item_store/mock';
+import { createStateHash, isStateHash } from './state_hash';
 
 describe('stateHash', () => {
   beforeEach(() => {

src/legacy/ui/public/state_management/state_hashing/state_hash.ts → src/plugins/kibana_utils/public/state_management/state_hash/state_hash.ts

@@ -18,7 +18,7 @@
  */
 
 import { Sha256 } from '../../../../../core/public/utils';
-import { hashedItemStore } from '../../../../../plugins/kibana_utils/public';
+import { hashedItemStore } from '../../storage/hashed_item_store';
 
 // This prefix is used to identify hash strings that have been encoded in the URL.
 const HASH_PREFIX = 'h@';