Merge branch 'master' into 58763

.ci/Jenkinsfile_visual_baseline

@@ -6,13 +6,15 @@ kibanaLibrary.load()
 kibanaPipeline(timeoutMinutes: 120) {
   catchError {
     parallel([
-      workers.base(name: 'oss-visualRegression', label: 'linux && immutable') {
-        kibanaPipeline.buildOss()
-        kibanaPipeline.functionalTestProcess('oss-visualRegression', './test/scripts/jenkins_visual_regression.sh')
+      'oss-visualRegression': {
+        workers.ci(name: 'oss-visualRegression', label: 'linux && immutable', ramDisk: false) {
+          kibanaPipeline.functionalTestProcess('oss-visualRegression', './test/scripts/jenkins_visual_regression.sh')(1)
+        }
       },
-      workers.base(name: 'xpack-visualRegression', label: 'linux && immutable') {
-        kibanaPipeline.buildXpack()
-        kibanaPipeline.functionalTestProcess('xpack-visualRegression', './test/scripts/jenkins_xpack_visual_regression.sh')
+      'xpack-visualRegression': {
+        workers.ci(name: 'xpack-visualRegression', label: 'linux && immutable', ramDisk: false) {
+          kibanaPipeline.functionalTestProcess('xpack-visualRegression', './test/scripts/jenkins_xpack_visual_regression.sh')(1)
+        }
       },
     ])
   }

.github/CODEOWNERS

@@ -132,6 +132,7 @@
 /src/legacy/server/logging/ @elastic/kibana-platform
 /src/legacy/server/saved_objects/  @elastic/kibana-platform
 /src/legacy/server/status/ @elastic/kibana-platform
+/src/plugins/status_page/ @elastic/kibana-platform
 /src/dev/run_check_core_api_changes.ts @elastic/kibana-platform
 
 # Security

.github/workflows/pr-project-assigner.yml

@@ -13,8 +13,9 @@ jobs:
         with:
           issue-mappings: |
             [
-              { "label": "Team:AppArch", "projectName": "kibana-app-arch", "columnId": 6173897 },
-              { "label": "Feature:Lens", "projectName": "Lens", "columnId": 6219362 },
-              { "label": "Team:Canvas", "projectName": "canvas", "columnId": 6187580 }
             ]
           ghToken: ${{ secrets.PROJECT_ASSIGNER_TOKEN }}
+
+#              { "label": "Team:AppArch", "projectName": "kibana-app-arch", "columnId": 6173897 },
+#              { "label": "Feature:Lens", "projectName": "Lens", "columnId": 6219362 },
+#              { "label": "Team:Canvas", "projectName": "canvas", "columnId": 6187580 }

docs/development/core/server/kibana-plugin-server.authnothandled.md

@@ -0,0 +1,19 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthNotHandled](./kibana-plugin-server.authnothandled.md)
+
+## AuthNotHandled interface
+
+
+<b>Signature:</b>
+
+```typescript
+export interface AuthNotHandled 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [type](./kibana-plugin-server.authnothandled.type.md) | <code>AuthResultType.notHandled</code> |  |
+

docs/development/core/server/kibana-plugin-server.authnothandled.type.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthNotHandled](./kibana-plugin-server.authnothandled.md) &gt; [type](./kibana-plugin-server.authnothandled.type.md)
+
+## AuthNotHandled.type property
+
+<b>Signature:</b>
+
+```typescript
+type: AuthResultType.notHandled;
+```

docs/development/core/server/kibana-plugin-server.authredirected.md

@@ -0,0 +1,19 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthRedirected](./kibana-plugin-server.authredirected.md)
+
+## AuthRedirected interface
+
+
+<b>Signature:</b>
+
+```typescript
+export interface AuthRedirected extends AuthRedirectedParams 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [type](./kibana-plugin-server.authredirected.type.md) | <code>AuthResultType.redirected</code> |  |
+

docs/development/core/server/kibana-plugin-server.authredirected.type.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthRedirected](./kibana-plugin-server.authredirected.md) &gt; [type](./kibana-plugin-server.authredirected.type.md)
+
+## AuthRedirected.type property
+
+<b>Signature:</b>
+
+```typescript
+type: AuthResultType.redirected;
+```

docs/development/core/server/kibana-plugin-server.authredirectedparams.headers.md

@@ -0,0 +1,15 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthRedirectedParams](./kibana-plugin-server.authredirectedparams.md) &gt; [headers](./kibana-plugin-server.authredirectedparams.headers.md)
+
+## AuthRedirectedParams.headers property
+
+Headers to attach for auth redirect. Must include "location" header
+
+<b>Signature:</b>
+
+```typescript
+headers: {
+        location: string;
+    } & ResponseHeaders;
+```

docs/development/core/server/kibana-plugin-server.authredirectedparams.md

@@ -0,0 +1,20 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthRedirectedParams](./kibana-plugin-server.authredirectedparams.md)
+
+## AuthRedirectedParams interface
+
+Result of auth redirection.
+
+<b>Signature:</b>
+
+```typescript
+export interface AuthRedirectedParams 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [headers](./kibana-plugin-server.authredirectedparams.headers.md) | <code>{</code><br/><code>        location: string;</code><br/><code>    } &amp; ResponseHeaders</code> | Headers to attach for auth redirect. Must include "location" header |
+

docs/development/core/server/kibana-plugin-server.authresult.md

@@ -8,5 +8,5 @@
 <b>Signature:</b>
 
 ```typescript
-export declare type AuthResult = Authenticated;
+export declare type AuthResult = Authenticated | AuthNotHandled | AuthRedirected;
 ```

docs/development/core/server/kibana-plugin-server.authresultparams.md

@@ -4,7 +4,7 @@
 
 ## AuthResultParams interface
 
-Result of an incoming request authentication.
+Result of successful authentication.
 
 <b>Signature:</b>
 

docs/development/core/server/kibana-plugin-server.authresulttype.md

@@ -16,4 +16,6 @@ export declare enum AuthResultType
 |  Member | Value | Description |
 |  --- | --- | --- |
 |  authenticated | <code>&quot;authenticated&quot;</code> |  |
+|  notHandled | <code>&quot;notHandled&quot;</code> |  |
+|  redirected | <code>&quot;redirected&quot;</code> |  |
 

docs/development/core/server/kibana-plugin-server.authtoolkit.md

@@ -17,4 +17,6 @@ export interface AuthToolkit
 |  Property | Type | Description |
 |  --- | --- | --- |
 |  [authenticated](./kibana-plugin-server.authtoolkit.authenticated.md) | <code>(data?: AuthResultParams) =&gt; AuthResult</code> | Authentication is successful with given credentials, allow request to pass through |
+|  [notHandled](./kibana-plugin-server.authtoolkit.nothandled.md) | <code>() =&gt; AuthResult</code> | User has no credentials. Allows user to access a resource when authRequired: 'optional' Rejects a request when authRequired: true |
+|  [redirected](./kibana-plugin-server.authtoolkit.redirected.md) | <code>(headers: {</code><br/><code>        location: string;</code><br/><code>    } &amp; ResponseHeaders) =&gt; AuthResult</code> | Redirect user to IdP when authRequired: true Allows user to access a resource without redirection when authRequired: 'optional' |
 

docs/development/core/server/kibana-plugin-server.authtoolkit.nothandled.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthToolkit](./kibana-plugin-server.authtoolkit.md) &gt; [notHandled](./kibana-plugin-server.authtoolkit.nothandled.md)
+
+## AuthToolkit.notHandled property
+
+User has no credentials. Allows user to access a resource when authRequired: 'optional' Rejects a request when authRequired: true
+
+<b>Signature:</b>
+
+```typescript
+notHandled: () => AuthResult;
+```

docs/development/core/server/kibana-plugin-server.authtoolkit.redirected.md

@@ -0,0 +1,15 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthToolkit](./kibana-plugin-server.authtoolkit.md) &gt; [redirected](./kibana-plugin-server.authtoolkit.redirected.md)
+
+## AuthToolkit.redirected property
+
+Redirect user to IdP when authRequired: true Allows user to access a resource without redirection when authRequired: 'optional'
+
+<b>Signature:</b>
+
+```typescript
+redirected: (headers: {
+        location: string;
+    } & ResponseHeaders) => AuthResult;
+```

docs/development/core/server/kibana-plugin-server.kibanarequest.auth.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [KibanaRequest](./kibana-plugin-server.kibanarequest.md) &gt; [auth](./kibana-plugin-server.kibanarequest.auth.md)
+
+## KibanaRequest.auth property
+
+<b>Signature:</b>
+
+```typescript
+readonly auth: {
+        isAuthenticated: boolean;
+    };
+```

docs/development/core/server/kibana-plugin-server.kibanarequest.md

@@ -22,6 +22,7 @@ export declare class KibanaRequest<Params = unknown, Query = unknown, Body = unk
 
 |  Property | Modifiers | Type | Description |
 |  --- | --- | --- | --- |
+|  [auth](./kibana-plugin-server.kibanarequest.auth.md) |  | <code>{</code><br/><code>        isAuthenticated: boolean;</code><br/><code>    }</code> |  |
 |  [body](./kibana-plugin-server.kibanarequest.body.md) |  | <code>Body</code> |  |
 |  [events](./kibana-plugin-server.kibanarequest.events.md) |  | <code>KibanaRequestEvents</code> | Request events [KibanaRequestEvents](./kibana-plugin-server.kibanarequestevents.md) |
 |  [headers](./kibana-plugin-server.kibanarequest.headers.md) |  | <code>Headers</code> | Readonly copy of incoming request headers. |

docs/development/core/server/kibana-plugin-server.md

@@ -53,7 +53,10 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [AssistanceAPIResponse](./kibana-plugin-server.assistanceapiresponse.md) |  |
 |  [AssistantAPIClientParams](./kibana-plugin-server.assistantapiclientparams.md) |  |
 |  [Authenticated](./kibana-plugin-server.authenticated.md) |  |
-|  [AuthResultParams](./kibana-plugin-server.authresultparams.md) | Result of an incoming request authentication. |
+|  [AuthNotHandled](./kibana-plugin-server.authnothandled.md) |  |
+|  [AuthRedirected](./kibana-plugin-server.authredirected.md) |  |
+|  [AuthRedirectedParams](./kibana-plugin-server.authredirectedparams.md) | Result of auth redirection. |
+|  [AuthResultParams](./kibana-plugin-server.authresultparams.md) | Result of successful authentication. |
 |  [AuthToolkit](./kibana-plugin-server.authtoolkit.md) | A tool set defining an outcome of Auth interceptor for incoming request. |
 |  [CallAPIOptions](./kibana-plugin-server.callapioptions.md) | The set of options that defines how API call should be made and result be processed. |
 |  [Capabilities](./kibana-plugin-server.capabilities.md) | The read-only set of capabilities available for the current UI session. Capabilities are simple key-value pairs of (string, boolean), where the string denotes the capability ID, and the boolean is a flag indicating if the capability is enabled or disabled. |

docs/development/core/server/kibana-plugin-server.routeconfigoptions.authrequired.md

@@ -4,12 +4,12 @@
 
 ## RouteConfigOptions.authRequired property
 
-A flag shows that authentication for a route: `enabled` when true `disabled` when false
+Defines authentication mode for a route: - true. A user has to have valid credentials to access a resource - false. A user can access a resource without any credentials. - 'optional'. A user can access a resource if has valid credentials or no credentials at all. Can be useful when we grant access to a resource but want to identify a user if possible.
 
-Enabled by default.
+Defaults to `true` if an auth mechanism is registered.
 
 <b>Signature:</b>
 
 ```typescript
-authRequired?: boolean;
+authRequired?: boolean | 'optional';
 ```

docs/development/core/server/kibana-plugin-server.routeconfigoptions.md

@@ -16,7 +16,7 @@ export interface RouteConfigOptions<Method extends RouteMethod>
 
 |  Property | Type | Description |
 |  --- | --- | --- |
-|  [authRequired](./kibana-plugin-server.routeconfigoptions.authrequired.md) | <code>boolean</code> | A flag shows that authentication for a route: <code>enabled</code> when true <code>disabled</code> when false<!-- -->Enabled by default. |
+|  [authRequired](./kibana-plugin-server.routeconfigoptions.authrequired.md) | <code>boolean &#124; 'optional'</code> | Defines authentication mode for a route: - true. A user has to have valid credentials to access a resource - false. A user can access a resource without any credentials. - 'optional'. A user can access a resource if has valid credentials or no credentials at all. Can be useful when we grant access to a resource but want to identify a user if possible.<!-- -->Defaults to <code>true</code> if an auth mechanism is registered. |
 |  [body](./kibana-plugin-server.routeconfigoptions.body.md) | <code>Method extends 'get' &#124; 'options' ? undefined : RouteConfigOptionsBody</code> | Additional body options [RouteConfigOptionsBody](./kibana-plugin-server.routeconfigoptionsbody.md)<!-- -->. |
 |  [tags](./kibana-plugin-server.routeconfigoptions.tags.md) | <code>readonly string[]</code> | Additional metadata tag strings to attach to the route. |
 |  [xsrfRequired](./kibana-plugin-server.routeconfigoptions.xsrfrequired.md) | <code>Method extends 'get' ? never : boolean</code> | Defines xsrf protection requirements for a route: - true. Requires an incoming POST/PUT/DELETE request to contain <code>kbn-xsrf</code> header. - false. Disables xsrf protection.<!-- -->Set to true by default |