Merge branch 'main' into skipped-test-navigate-to-app

.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml

@@ -63,7 +63,7 @@ steps:
           queue: n2-4-spot
         depends_on: build
         timeout_in_minutes: 60
-        parallelism: 2
+        parallelism: 4
         retry:
           automatic:
             - exit_status: '*'

.buildkite/pipelines/on_merge.yml

@@ -85,7 +85,7 @@ steps:
       queue: n2-4-spot
     depends_on: build
     timeout_in_minutes: 60
-    parallelism: 2
+    parallelism: 4
     retry:
       automatic:
         - exit_status: '*'

.buildkite/pipelines/quality-gates/pipeline.tests-qa.yaml

@@ -12,14 +12,15 @@ steps:
         EC_ENV: qa
         EC_REGION: aws-eu-west-1
       message: "${BUILDKITE_MESSAGE} (triggered by pipeline.tests-qa.yaml)"
-
-  - label: ":pipeline::female-detective::seedling: Trigger Security Solution quality gate script"
-    trigger: security-serverless-quality-gate # https://buildkite.com/elastic/security-serverless-quality-gate
-    soft_fail: true # Remove this when tests are fixed
-    build:
-      env:
-        ENVIRONMENT: ${ENVIRONMENT}
-      message: "${BUILDKITE_MESSAGE} (triggered by pipeline.tests-qa.yaml)"
+
+  # TODO: Uncomment this code when the integration is ready. 
+  # - label: ":pipeline::female-detective::seedling: Trigger Security Solution quality gate script"
+  #   trigger: security-serverless-quality-gate # https://buildkite.com/elastic/security-serverless-quality-gate
+  #   soft_fail: true # Remove this when tests are fixed
+  #   build:
+  #     env:
+  #       ENVIRONMENT: ${ENVIRONMENT}
+  #     message: "${BUILDKITE_MESSAGE} (triggered by pipeline.tests-qa.yaml)"
 
   - label: ":pipeline::ship::seedling: Trigger Fleet serverless smoke tests for ${ENVIRONMENT}"
     trigger: fleet-smoke-tests # https://buildkite.com/elastic/fleet-smoke-tests

.eslintrc.js

@@ -924,6 +924,8 @@ module.exports = {
       ],
       rules: {
         '@kbn/telemetry/event_generating_elements_should_be_instrumented': 'error',
+        '@kbn/i18n/strings_should_be_translated_with_i18n': 'warn',
+        '@kbn/i18n/strings_should_be_translated_with_formatted_message': 'warn',
       },
     },
     {

.github/CODEOWNERS

@@ -360,6 +360,7 @@ src/plugins/es_ui_shared @elastic/platform-deployment-management
 packages/kbn-eslint-config @elastic/kibana-operations
 packages/kbn-eslint-plugin-disable @elastic/kibana-operations
 packages/kbn-eslint-plugin-eslint @elastic/kibana-operations
+packages/kbn-eslint-plugin-i18n @elastic/actionable-observability
 packages/kbn-eslint-plugin-imports @elastic/kibana-operations
 packages/kbn-eslint-plugin-telemetry @elastic/actionable-observability
 x-pack/test/encrypted_saved_objects_api_integration/plugins/api_consumer_plugin @elastic/kibana-security

config/serverless.oblt.yml

@@ -27,10 +27,21 @@ xpack.apm.serverlessOnboarding: true
 
 # Fleet specific configuration
 xpack.fleet.internal.registry.capabilities: ['apm', 'observability']
+xpack.fleet.internal.registry.kibanaVersionCheckEnabled: false
 xpack.fleet.internal.registry.spec.max: '3.0'
-# Disabled until packages implement the new spec https://github.com/elastic/kibana/issues/166742
-# xpack.fleet.internal.registry.kibanaVersionCheckEnabled: false
-# xpack.fleet.internal.registry.spec.min: '3.0'
+# Temporary until all packages implement new spec https://github.com/elastic/kibana/issues/166742
+xpack.fleet.internal.registry.spec.min: '1.0'
+xpack.fleet.internal.registry.excludePackages: [
+    # Security integrations
+    'endpoint',
+    'beaconing',
+    'osquery_manager',
+    # Removed in 8.11 integrations
+    'cisco',
+    'microsoft',
+    'symantec',
+    'cyberark',
+  ]
 
 ## Required for force installation of APM Package
 xpack.fleet.packages:

config/serverless.security.yml

@@ -37,9 +37,19 @@ telemetry.labels.serverless: security
 # Fleet specific configuration
 xpack.fleet.internal.registry.capabilities: ['security']
 xpack.fleet.internal.registry.spec.max: '3.0'
-# Disabled until packages implement the new spec https://github.com/elastic/kibana/issues/166742
-# xpack.fleet.internal.registry.kibanaVersionCheckEnabled: false
-# xpack.fleet.internal.registry.spec.min: '3.0'
+xpack.fleet.internal.registry.kibanaVersionCheckEnabled: false
+# Temporary until all packages implement new spec https://github.com/elastic/kibana/issues/166742
+xpack.fleet.internal.registry.spec.min: '1.0'
+xpack.fleet.internal.registry.excludePackages: [
+    # Oblt integrations
+    'apm',
+    'synthetics',
+    # Removed in 8.11 integrations
+    'cisco',
+    'microsoft',
+    'symantec',
+    'cyberark',
+  ]
 
 xpack.ml.ad.enabled: true
 xpack.ml.dfa.enabled: true

docs/action-type-template.asciidoc

@@ -28,42 +28,9 @@ List of user-facing connector configurations. This should align with the fields
 Property1:: A short description of this property.
 Property2:: A short description of this property with format hints. This can be specified in `this specific format`.
 
-[float]
-[[preconfigured-<ACTION-TYPE>-configuration]]
-=== Create preconfigured connectors
-
-If you are running {kib} on-prem, you can define connectors by
-adding `xpack.actions.preconfigured` settings to your `kibana.yml` file.
-For example:
-
-////
-Example preconfigured format for this connector type
-////
-
-[source,text]
---
-xpack.actions.preconfigured:
-  my-<ACTION-TYPE>:
-    name: preconfigured-<ACTION-TYPE>-connector-type
-    actionTypeId: .<ACTION-TYPE>
-    config:
-      property1: value1
-      property2: value2
-    secrets:
-      property3: value3
---
-
 ////
-List of properties from the ConfigSchema and SecretsSchema for this action type.
+Add preconfigured settings for this connector type in alert-action-settings.asciidoc and an example in pre-configured-connectors.asciidoc.
 ////
-Config defines information for the connector type.
-
-`property1`:: A short description of this property.
-`property2`:: A short descriptionn of this property.
-
-Secrets defines sensitive information for the connector type.
-
-`property3`:: A short descriptionn of this property.
 
 [float]
 [[<ACTION-TYPE>-action-configuration]]

docs/management/action-types.asciidoc

@@ -7,9 +7,9 @@ Connectors provide a central place to store connection information for services
 [cols="2"]
 |===
 
-a| <<bedrock-action-type,AWS Bedrock>>
+a| <<bedrock-action-type,{bedrock}>>
 
-| Send a request to AWS Bedrock.
+| Send a request to {bedrock}.
 
 a| <<d3security-action-type,D3 Security>>
 

docs/management/cases/add-connectors.asciidoc

@@ -1,7 +1,10 @@
 [[add-case-connectors]]
 == Add connectors
 
-preview::[]
+:frontmatter-description: Configure connectors to push case details to external incident management systems.
+:frontmatter-tags-products: [kibana]
+:frontmatter-tags-content-type: [how-to] 
+:frontmatter-tags-user-goals: [configure]
 
 You can add connectors to cases to push information to these external incident
 management systems:
@@ -24,7 +27,7 @@ You can create connectors in *{stack-manage-app} > {connectors-ui}*,
 as described in <<action-types>>. Alternatively, you can create them in
 *{stack-manage-app} > Cases*:
 
-. Click *Edit external connection*.
+. Click *Settings*.
 +
 --
 [role="screenshot"]
@@ -50,7 +53,7 @@ configuration details.
 You can create additional connectors, update existing connectors, change
 the default connector, and change case closure options.
 
-. Go to *{stack-manage-app} > Cases*, click *Edit external connection*.
+. Go to *{stack-manage-app} > Cases* and click *Settings*.
 
 . To change whether cases are automatically closed after they are sent to an
 external system, update the case closure options.

docs/management/cases/cases.asciidoc

@@ -1,7 +1,9 @@
 [[cases]]
 == Cases
-
-preview::[]
+:frontmatter-description: Open and track issues in {kib} cases. 
+:frontmatter-tags-products: [kibana]
+:frontmatter-tags-content-type: [overview] 
+:frontmatter-tags-user-goals: [analyze]
 
 Cases are used to open and track issues directly in {kib}. You can add
 assignees and tags to your cases, set their severity and status, and add alerts,

docs/management/cases/manage-cases.asciidoc

@@ -6,8 +6,6 @@
 :frontmatter-tags-content-type: [how-to] 
 :frontmatter-tags-user-goals: [analyze]
 
-preview::[]
-
 [[open-case]]
 === Open a new case
 

docs/management/cases/setup-cases.asciidoc

@@ -1,7 +1,10 @@
 [[setup-cases]]
 == Configure access to cases
 
-preview::[]
+:frontmatter-description: Learn about the {kib} feature privileges required to access cases. 
+:frontmatter-tags-products: [kibana]
+:frontmatter-tags-content-type: [how-to] 
+:frontmatter-tags-user-goals: [configure]
 
 To access cases in *{stack-manage-app}*, you must have the appropriate {kib}
 privileges:

docs/management/connectors/action-types/bedrock.asciidoc

@@ -1,15 +1,15 @@
 [[bedrock-action-type]]
-== AWS Bedrock connector and action
+== {bedrock} connector and action
 ++++
-<titleabbrev>AWS Bedrock</titleabbrev>
+<titleabbrev>{bedrock}</titleabbrev>
 ++++
-:frontmatter-description: Add a connector that can send requests to AWS Bedrock.
+:frontmatter-description: Add a connector that can send requests to {bedrock}.
 :frontmatter-tags-products: [kibana] 
 :frontmatter-tags-content-type: [how-to] 
 :frontmatter-tags-user-goals: [configure]
 
 
-The AWS Bedrock connector uses https://github.com/axios/axios[axios] to send a POST request to AWS Bedrock. The connector uses the <<execute-connector-api,run connector API>> to send the request.
+The {bedrock} connector uses https://github.com/axios/axios[axios] to send a POST request to {bedrock}. The connector uses the <<execute-connector-api,run connector API>> to send the request.
 
 [float]
 [[define-bedrock-ui]]
@@ -19,18 +19,18 @@ You can create connectors in *{stack-manage-app} > {connectors-ui}*.  For exampl
 
 [role="screenshot"]
 // TODO: need logo before screenshot
-image::management/connectors/images/bedrock-connector.png[AWS Bedrock connector]
+image::management/connectors/images/bedrock-connector.png[{bedrock} connector]
 
 [float]
 [[bedrock-connector-configuration]]
 ==== Connector configuration
 
-AWS Bedrock connectors have the following configuration properties:
+{bedrock} connectors have the following configuration properties:
 
 Name::      The name of the connector.
-API URL::   The AWS Bedrock request URL.
-Default model:: The GAI model for AWS Bedrock to use. Current support is for the Anthropic Claude models, defaulting to Claude 2. The model can be set on a per request basis by including a "model" parameter alongside the request body.
-Region::   The AWS Bedrock request URL.
+API URL::   The {bedrock} request URL.
+Default model:: The GAI model for {bedrock} to use. Current support is for the Anthropic Claude models, defaulting to Claude 2. The model can be set on a per request basis by including a "model" parameter alongside the request body.
+Region::   The {bedrock} request URL.
 Access Key::   The AWS access key for authentication.
 Secret::   The secret for authentication.
 
@@ -43,11 +43,11 @@ as you're creating or editing the connector in {kib}. For example:
 
 [role="screenshot"]
 // TODO: need logo before screenshot
-image::management/connectors/images/bedrock-params.png[AWS Bedrock params test]
+image::management/connectors/images/bedrock-params.png[{bedrock} params test]
 
-The AWS Bedrock actions have the following configuration properties.
+The {bedrock} actions have the following configuration properties.
 
-Body::      A stringified JSON payload sent to the AWS Bedrock Invoke Model API URL. For example:
+Body::      A stringified JSON payload sent to the {bedrock} Invoke Model API URL. For example:
 +
 [source,text]
 --

docs/management/connectors/pre-configured-connectors.asciidoc

@@ -1,5 +1,9 @@
 [[pre-configured-connectors]]
 == Preconfigured connectors
+:frontmatter-description: Define connectors in the {kib} configuration file.
+:frontmatter-tags-products: [kibana] 
+:frontmatter-tags-content-type: [how-to] 
+:frontmatter-tags-user-goals: [configure]
 
 If you are running {kib} on-prem, you can preconfigure a connector to have all
 the information it needs prior to startup by adding it to the `kibana.yml` file.
@@ -20,6 +24,7 @@ predefined, including the connector name and ID.
 
 Add `xpack.actions.preconfigured` settings to your `kibana.yml` file. The
 settings vary depending on which type of connector you're adding.
+Refer to <<preconfigured-connector-settings>>.
 
 This example shows a valid configuration for a Slack connector and a Webhook
 connector:
@@ -107,6 +112,7 @@ Index names must start with `kibana-alert-history-` to take advantage of the pre
 [[preconfigured-connector-examples]]
 === Examples
 
+* <<preconfigured-bedrock-configuration>>
 * <<preconfigured-d3security-configuration>>
 * <<preconfigured-email-configuration>>
 * <<preconfigured-gen-ai-configuration>>
@@ -128,6 +134,30 @@ Index names must start with `kibana-alert-history-` to take advantage of the pre
 * <<preconfigured-cases-webhook-configuration>>
 * <<preconfigured-xmatters-configuration>>
 
+[float]
+[[preconfigured-bedrock-configuration]]
+==== {bedrock} connectors
+
+The following example creates an <<bedrock-action-type,{bedrock} connector>>:
+
+[source,text]
+--
+xpack.actions.preconfigured:
+  my-bedrock:
+    name: preconfigured-bedrock-connector-type
+    actionTypeId: .bedrock
+    config:
+      apiUrl: https://bedrock.us-east-1.amazonaws.com <1>
+      defaultModel: anthropic.claude-v2 <2>
+    secrets:
+      accessKey: key-value <3>
+      secret: secret-value <4>
+--
+<1> The {bedrock} request URL.
+<2> The default model to use for requests. Current support is for the Anthropic Claude models, defaulting to Claude 2.
+<3> The AWS access key for authentication.
+<4> The AWS secret for authentication.
+
 [float]
 [[preconfigured-d3security-configuration]]
 ==== D3 Security connectors
@@ -302,7 +332,7 @@ xpack.actions.preconfigured:
     secrets:
       apiKey: superlongapikey <4>
 --
-<1> The OpenAI request URL
+<1> The OpenAI request URL.
 <2> The OpenAI API provider, either `OpenAI` or `Azure OpenAI`.
 <3> The default model to use for requests. This setting is optional and applicable only when `apiProvider` is `OpenAI`.
 <4> The OpenAI or Azure OpenAI API key for authentication.

docs/settings/alert-action-settings.asciidoc

@@ -267,6 +267,7 @@ For a <<openai-action-type,OpenAI connector>>, specifies the OpenAI API provider
 A configuration URL that varies by connector:
 +
 --
+* For an <<bedrock-action-type,{bedrock} connector>>, specifies the {bedrock} request URL.
 * For a <<openai-action-type,OpenAI connector>>, specifies the OpenAI request URL.
 * For a <<resilient-action-type,{ibm-r} connector>>, specifies the {ibm-r} instance URL.
 * For a <<jira-action-type,Jira connector>>, specifies the Jira instance URL.
@@ -327,7 +328,12 @@ NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the h
 For a <<cases-webhook-action-type,{webhook-cm} connector>>, specifies a string from the response body of the create case method that corresponds to the external service identifier.
 
 `xpack.actions.preconfigured.<connector-id>.config.defaultModel`::
-For a <<openai-action-type,OpenAI connector>>, specifies the default model to use for requests. It is optional and applicable only when `xpack.actions.preconfigured.<connector-id>.config.apiProvider` is `OpenAI`.
+The default model to use for requests, which varies by connector:
++
+--
+* For an <<bedrock-action-type,{bedrock} connector>>, current support is for the Anthropic Claude models. Defaults to `anthropic.claude-v2`.
+* For a <<openai-action-type,OpenAI connector>>, it is optional and applicable only when `xpack.actions.preconfigured.<connector-id>.config.apiProvider` is `OpenAI`.
+--
 
 `xpack.actions.preconfigured.<connector-id>.config.executionTimeField`::
 For an <<index-action-type,index connector>>, a field that indicates when the document was indexed.
@@ -463,6 +469,9 @@ Sensitive configuration details, such as username, password, and keys, which are
 +
 TIP: Sensitive properties, such as passwords, should be stored in the <<creating-keystore,{kib} keystore>>.
 
+`xpack.actions.preconfigured.<connector-id>.secrets.accessKey`::
+For an <<bedrock-action-type,{bedrock} connector>>, specifies the AWS access key for authentication.
+
 `xpack.actions.preconfigured.<connector-id>.secrets.apikey`::
 An API key secret that varies by connector:
 +
@@ -517,6 +526,9 @@ For a <<servicenow-action-type,{sn-itsm}>>, <<servicenow-sir-action-type,{sn-sir
 `xpack.actions.preconfigured.<connector-id>.secrets.routingKey`::
 For a <<pagerduty-action-type,PagerDuty connector>>, specifies the 32 character PagerDuty Integration Key for an integration on a service, also referred to as the routing key.
 
+`xpack.actions.preconfigured.<connector-id>.secrets.secret`::
+For an <<bedrock-action-type,{bedrock} connector>>, specifies the AWS secret for authentication.
+
 `xpack.actions.preconfigured.<connector-id>.secrets.secretsUrl`::
 For an <<xmatters-action-type,xMatters connector>> with URL authentication, specifies the request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL.
 It is used only when `xpack.actions.preconfigured.<connector-id>.config.usesBasic` is `false`.