Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ObsAIAssistant] Persist settings in ES instead of local storage #19

Closed
wants to merge 10,000 commits into from

Conversation

sorenlouv
Copy link
Owner

Depends on elastic#179235

  • Update AI Assistant settings to be stored in ES via "UI Settings" instead of persisting in local storage.
  • Add setting for logs indices
image

alexwizp and others added 30 commits March 14, 2024 09:02
… must not be nested (elastic#178023)

Closes: elastic/security-team#8611

## Description

The [axe browser plugin](https://deque.com/axe) is reporting a nested
button (interactive control)in the shared exception list accordion(s).
The accordion has a button to open/close and a link to the list detail
view. Screenshot attached below.

### Steps to recreate

1. Open the Security Dashboards, then click Rules > Shared Exception
Lists
2. Run an axe browser scan in Chrome, Edge, or Firefox
3. Verify the nested control error

### What was done? 

1. Solution proposed by EUI team was applied. See
elastic/eui#7545
2. The component `ExceptionsListCard` has been slightly changed to make
it more responsive.
       Before: 

       After: 


https://github.com/elastic/kibana/assets/20072247/dd6c6681-980c-40ed-98cf-29a71f896bc2




### Screen

#### AXE Report 


![image](https://github.com/elastic/kibana/assets/20072247/43313005-b7ec-49d1-9eed-30bfacbb5ecc)
closes elastic#177313

## 📝  Summary

This PR adds a namespace filter above the dataset quality table to allow
filtering the table using namespaces. The selected filters are synced
with the URL as well.

## 🎥 Demo


https://github.com/elastic/kibana/assets/11225826/c7bce62d-6e0c-4039-9a30-78c7978ae3c6
## Summary

Skipping e2e tests consistently failing on MKI elastic#178733

---------

Co-authored-by: Robert Oskamp <traeluki@gmail.com>
closes elastic#178614

## 📝  Summary

This PR aligns the size column units format to match the format of the
one in the summary panel.

<img width="1472" alt="Screenshot 2024-03-14 at 15 52 41"
src="https://github.com/elastic/kibana/assets/11225826/3e54d54d-5c8e-41af-afaa-5d63bfd5b1cf">
…d of custom query. (elastic#178699)

## Summary

Part of elastic#178606.

As of elastic/elasticsearch#103651 there is a
new field caps option `include_empty_fields`. This PR updates AIOps Log
Rate Analysis to make use of this option instead of a custom query and
code that identified populated fields.

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5482
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
…rless from read privileges route (elastic#178580)

## Summary

Serverless environments do not have as many privileges available as ESS.
As such, the hasPrivileges API on serverless rejects requests that
include privileges that exist on ESS but not serverless. We request a
large number of privileges in our hasPrivileges request, but many of the
results are never actually used.

This PR removes the ESS-only privileges from our hasPrivileges call so
it will work without errors in both ESS and serverless. None of the
removed privileges are necessary for either environment.

## Related Info

https://docs.google.com/document/d/1IAPLqldS0xEZ_JHHE_Si5VA7xHnXpRAxkH_5FFTrtIo/edit#heading=h.pjo9lsbolpjv
…UnifiedSearch (elastic#178638)

Part of elastic#178630

PR cleans up PublishesUnifiedSearch, removing reference to `local`.

PR removes `getFallbackTimeRange` from interface. To get this value use
`api.parentApi.timeRange.value`

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…ing/unmounting (elastic#178770)

## Summary

Related issue: elastic#178697

Clearing the state of analyzer completely when this hook dismounts is
not actually needed, as analyzer will refetch data with any new
parameters are passed from the security solution code, and doing so also
caused the related bug. Removing this line fixes the problem.


![fullscreen_back](https://github.com/elastic/kibana/assets/56408403/e1e53e02-c402-4560-b4bc-a021c21093bb)



### Checklist


- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
…formance to correctly classify journey e2e files (elastic#178340)

The source code classifier we currently have was incorrectly classifying
e2e journey files as `non-package` instead of `tests or mocks` as it was
not using the name standards we used for FTR files.

We could have created a `functional-tests` package for the performance
folder (which is what we want to do in the future) but because we don't
have the feature to create ownerless packages it would not be easy to
find a given owner for that folder.

As such I'm just opting for a second solution which is applying the same
name standards to this journeys folder as we have for FTR and changing a
little the classifier to recognise it.

This should fix the problem found at
elastic#178017.

Co-authored-by: Alex Szabo <alex.szabo@elastic.co>
Fixes elastic#178579

## Before

![Screenshot 2024-03-12 at 21 59
09](https://github.com/elastic/kibana/assets/2852703/a10d7a39-de03-455f-86a2-df7c36619d23)


## After
<img width="1444" alt="Screenshot 2024-03-12 at 22 55 57"
src="https://github.com/elastic/kibana/assets/2852703/39891b69-4812-4ca3-b706-268f4762e6f3">

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
- Followup for elastic#174585

## Summary

This PR hides only `null`, `undefined` values and keeps `false`, `0`,
`(empty)`.

Before:
<img width="500" alt="Screenshot 2024-03-14 at 10 07 13"
src="https://github.com/elastic/kibana/assets/1415710/c5d49362-09e3-48f2-9ecc-247560950d68">

After:
<img width="500" alt="Screenshot 2024-03-14 at 10 06 25"
src="https://github.com/elastic/kibana/assets/1415710/3c1adcfd-bec9-4b4a-b94f-78b1d916e9dd">
…178724)

## Summary

Per @rylnd requirement, we are extending our es_archiver cypress task in
order to be capable to use archives placed in
`x-pack/test/functional/es_archives/security_solution` in Cypress.

## Archives living in our Cypress directory

Use the following commands to load and unload the archive in your test.

```typescript
    cy.task('esArchiverLoad', { archiveName: 'timeline' });
    cy.task('esArchiverUnload', { archiveName: 'timeline' });
```


## Archives living in
`x-pack/test/functional/es_archives/security_solution`

Use the following commands to load and unload the archive in your test.

```typescript
    cy.task('esArchiverLoad', { archiveName: 'alias', type: 'ftr' });
    cy.task('esArchiverUnload', { archiveName: 'alias', type: 'ftr' });
```

In this PR we are also adding the
`/^x-pack/test/functional/es_archives/security_solution` route as a
dependency when executing tests in buildkite to make sure that changes
there are not breaking the Security Solution Cypress tests.

---------

Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…block install or uninstall of package (elastic#177380)

## Summary

This PR fixes so that certain exceptions from Transforms will no longer
cause error when installing or uninstalling a package.

```
Error installing fleet package: Error installing endpoint 8.11.0: resource_not_found_exception
      	Root causes:
      		resource_not_found_exception: Transform with id [endpoint.metadata_united-default-8.11.0] could not be found
  endpoint_security_test.go:371: 
 ```

```
Error installing fleet package: Error installing endpoint 8.11.0:
runtime_exception
      	Caused by:
version_conflict_engine_exception:
[data_frame_transform_state_and_stats-endpoint.metadata_current-default-8.11.0]:
version conflict, document already exists (current version [1])
      	Root causes:
runtime_exception: Failed to persist transform statistics for transform
[endpoint.metadata_current-default-8.11.0]
```

These errors might happen when the policies and packages are installed or uninstalled in rapid succession.

 
### Checklist

Delete any items that are not applicable to this PR.

- [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials
- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
- [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers)


### Risk Matrix

Delete this section if it is not applicable to this PR.

Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.

When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:

| Risk                      | Probability | Severity | Mitigation/Notes        |
|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces&mdash;unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. |
| Multiple nodes&mdash;Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. |
| Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. |
| [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |


### For maintainers

- [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

Closes elastic/elastic-agent#4158

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Implements contextual actions. With this change, consumers of the
Observability AI Assistant can add contextual actions to screen context,
which are functions that are executed on the client. Its results are
then pushed back to the API and the LLM to continue the conversation.
This allows consumers to do things like:

- have the LLM navigate the app
- push component/browser state to the LLM
- provide functions that make the most sense in a specific UI context

Additionally, this also opens up the possibility for consumers of the
complete API to implement their own functions.

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…c#178825)

## Summary

This PR fixes test failures that came up when the serverless
observability functional tests for dataset quality and ingest pipelines
were run against the same project.

### Details

The problem that we saw:
* The dataset quality tests are calling
`PageObjects.observabilityLogsExplorer.setupInitialIntegrations()`,
which sets up a list of integrations, including many ingest pipelines.
However, there was no cleanup of these installed integrations so the
test suite left all the integrations and ingest pipelines behind.
* The ingest pipelines tests were looking for a newly created pipeline
in the list, but only checking the first page of 50 items in the UI,
assuming that there are less than 50 pipelines existing. With the many
pipelines left behind by the dataset quality tests, this suite failed as
it couldn't find the created pipeline.

How this PR fixes it:
* The ingest pipeline tests have been stabilized so they can deal with
more existing pipelines by adding an optional `searchFor` parameter to
`getPipelinesList`. If this parameter is provided, the pipeline list
will be searched for the provided search term before returning the list
items. That way long lists can be filtered down to the items relevant to
the test.
* The dataset quality tests (stateful and serverless version) have been
updated to include
`PageObjects.observabilityLogsExplorer.removeInstalledPackages()` in the
`after` method of the suite so they don't leave integrations behind.

Flaky test runner for the three impacted configurations:
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5492
- passed ✔️
…lastic#178605)

## Summary

Closes elastic/ingest-dev#2522

Added `unhealthy_reason` aggregation when querying agent metrics.

The [mapping
change](elastic/elasticsearch#106246) and
[fleet-server change](elastic/fleet-server#3338)
is needed to be merged first to verify end to end.

Steps to verify:
- enroll an agent with docker
- add endpoint integration, expect an input and output unit error status
on the agent doc
- wait a few seconds so that the agent metrics are published
- verify that the agent metrics include `unhealthy_reason`, using the
query below

```
GET metrics-fleet_server.agent_status-default/_search
{
  "_source": ["fleet.agents"]
}

  "hits": [
      {
        "_index": ".ds-metrics-fleet_server.agent_status-default-2024.03.11-000001",
        "_id": "3JdPioUh-9j8DxQrAAABjjclRhU",
        "_score": 1,
        "_source": {
          "fleet": {
            "agents": {
              "enrolled": 12,
              "healthy": 0,
              "inactive": 0,
              "offline": 11,
              "total": 13,
              "unenrolled": 1,
              "unhealthy": 1,
              "updating": 0,
              "upgrading_step": {
                "downloading": 0,
                "extracting": 0,
                "failed": 0,
                "replacing": 0,
                "requested": 0,
                "restarting": 0,
                "rollback": 0,
                "scheduled": 0,
                "watching": 0
              },
              "unhealthy_reason": {
                  "input": 1,
                  "output": 1
                }
            }
          }
        }
      },
```


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
sabarasaba and others added 3 commits March 25, 2024 14:00
…ient (elastic#179253)

## Summary

Allows rule executors to determine whether an alert is tracked from a
previous execution.

Co-authored-by: Maryam Saeidi <maryam.saeidi@elastic.co>
…ic#179235)

This PR moves the AI Assistant Management plugin into x-pack to
co-locate it with the other assistant plugins and to make it possible to
statically import from the other assistant plugins. This is not
currently possible because the Management plugin is in OSS and the other
plugins are in xpack.
);
})}
{!isEmpty(unsavedChanges) && (
<BottomBarActions
Copy link

@clintandrewhall clintandrewhall Mar 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.


const FieldRow = withSuspense(LazyFieldRow);

export function PersistedSettings() {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should make https://github.com/elastic/kibana/blob/main/packages/kbn-management/settings/components/form/form.tsx more generic, so we don't reinvent the wheel. I could do that for you in this PR.

Copy link
Owner Author

@sorenlouv sorenlouv Mar 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would be much appreciated! Let me know what I can do. Feel free to push to this pr.

sabarasaba and others added 20 commits March 25, 2024 14:42
## Summary

For ES|QL charts the formula api should be redundant. This is going to
make the api lighter as there is no need to import the lens plugin if
you want to use the builder to create ES|QL charts.
…s on MKI (elastic#179249)

## Summary

In this PR we are introducing several changes to make sure we have a
green execution of Cypress tests on MKI environments.

- Split `entity_analytics.cy.ts` between different spec files
- Skipped managed data section test on MKI
- Refactor of `installRiskScoreModule` method 


#### Split `entity_analytics.cy.ts` between different spec files

The original spec file has a big execution time, what makes from time to
time in MKI environment to perform a log off.

To try to avoid that, we have splited the spec file in 3 new ones inside
the `entity_analytics` folder.

* anomalies.cy.ts
* legacy_risk_score.cy.ts
* new_risk_score.cy.ts


#### Skipped managed data section test on MKI

It has been skipped just on MKI (the test will be executed in PRs for
both serverless and ESS) since I don't know how to fix it. A
[ticket](elastic#179248) has been
created to track it. It is now responsability of the team to investigate
what is happening (I can give support with that).


#### Refactor of `installRiskScoreModule` method 

That method is returning a `401` on MKI, to fix it, we refactored to use
`rootRequest` instead since it uses the basic API authentication by
default.
…stic#176803)

## Summary

Address elastic#169734 .

We're currently storing information about _Saved Object_ types in the
`<index>.mapping._meta`.
More specifically, we're storing hashes of the mappings of each type,
under the `migrationMappingPropertyHashes` property.
This allows us to detect which types' mappings have changed, in order to
_update and pick up_ changes only for those types.

**The problem is that `md5` cannot be used if we want to be FIPS
compliant.**

Thus, the idea is to stop using hashes to track changes in the SO
mappings.
Instead, we're going to use the same `modelVersions` introduced by ZDT:

Whenever mappings change for a given SO type, the corresponding
`modelVersion` will change too, so `modelVersions` can be used to
determine if mappings have changed.

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…ic#178354)

## Summary

This PR adds heartbeat-like data for MongoDB in the `fake_stack` dataset
so users can express an SLO for that service. This also changes some of
the details in the Nginx data to allow for group-by on the same domain
names to be used in testing SLO alert dependencies.
If the call to `ObservabilityAIAssistantAppService.start` fails, show an
error toast to notify the user.

<img width="354" alt="Screenshot 2024-03-25 at 12 23 46"
src="https://github.com/elastic/kibana/assets/2564140/021d442c-ec34-4acf-b441-6005acde1666">
## Summary

Close elastic#179001
Close elastic#178924

The logs from the failures indicate that jobs were still in "processing"
status at the end of their timeout. The expectation was that processing
would be finished at that the result would be "failed." This change adds
more time to the timeout limit so the jobs can progress beyond
"processing" and hit the "failed" state.

Flaky test runner job:
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5546
…78961)

## Summary

Part of:
- elastic/security-team#8040

With the introduction of Agentless when a user enters smth in the JSON
credentials field in Agentless and then switches to Agent-based with the
Cloud Shell option selected by default, the JSON credentials value was
not reset. This was causing incorrect credentials data saved in the
policy.

This PR introduces the logic similar to what we already have for AWS and
Azure to make sure the default credentials types match the setup method
selected

GCP is different though in a way that the credentials type is a
combination of two vars: `setup_access` (values are `google_cloud_shell`
and `manual`) and `gcp.credentials.type` (values are `credentials-json`
and `credentials-file`) which is relevant only for `manual` setup
access. I introduce a new value `credentials-none` for
`gcp.credentials.type` which is set when `setup_access =
google_cloud_shell`. This allows to safely clean up credentials in the
fleet callback
…lastic#178761)

## Summary

In elastic#170234, we added user input
validations in the settings fields. The validation functionality uses
the `schema` object from the settings definition. This PR adds more
detailed documentation of the `schema` property to make people more
aware of the validation functionality when registering a new setting.
…lastic#179179)

## Summary

We're adding a new performance optimization in 8.14.0 that will make
malware on-write and file event processing completely asynchronous. This
PR adds an Advanced Policy option so users can out out, reverting to the
old behavior.

### Checklist

Delete any items that are not applicable to this PR.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
… Cypress test on MKI (elastic#179347)

## Summary

The current way we are using in our Cypress tests to saved queries, is
not working on MKI environments. This is because we are trying to modify
internal indexes directly, something that is completely forbidden in
real Serverless projects.

To solve the issue, we are using our APIs to perform the deletion
actions.
## Summary

Fix an issue with committing too much into the ES|QL grammar PR job.
Now it targets only grammar files without anything else.
Towards: elastic#169867

This PR onboards Log Threshold rule type with FAAD.

### To verify

Create a log threshold rule.
Example:
```
POST kbn:/api/alerting/rule
{
  "params": {
    "logView": {
      "logViewId": "Default",
      "type": "log-view-reference"
    },
    "timeSize": 5,
    "timeUnit": "m",
    "count": {
      "value": -1,
      "comparator": "more than"
    },
    "criteria": [
      {
        "field": "log.level",
        "comparator": "equals",
        "value": "error"
      }
    ]
  },
  "consumer": "alerts",
  "schedule": {
    "interval": "1m"
  },
  "tags": [],
  "name": "test",
  "rule_type_id": "logs.alert.document.count",
  "notify_when": "onActionGroupChange",
  "actions": []
}
```
Your rule should create an alert and should saved it in
`.internal.alerts-observability.metrics.alerts-default-000001`
Example:
```
GET .internal.alerts-*/_search
```
Then set `count.value: 75`

The alert should be recovered and the AAD in the above index should be
updated `kibana.alert.status: recovered`.
@sorenlouv sorenlouv changed the base branch from move-ai-assistant-mgtm-to-xpack-only to main March 25, 2024 18:28
@sorenlouv sorenlouv force-pushed the persist-assistant-settings-in-es branch from 7643d77 to c973800 Compare March 25, 2024 18:31
@sorenlouv
Copy link
Owner Author

Replaced by elastic#179380

@sorenlouv sorenlouv closed this Mar 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.