Merge branch '7.15' into backport/7.15/pr-110609

Author: kibanamachine

docs/settings/reporting-settings.asciidoc

@@ -279,16 +279,15 @@ NOTE: This setting exists for backwards compatibility, but is unused and hardcod
 [[reporting-advanced-settings]]
 ==== Security settings
 
-[[xpack-reporting-roles-enabled]] `xpack.reporting.roles.enabled`::
-deprecated:[7.14.0,This setting must be set to `false` in 8.0.] When `true`, grants users access to the {report-features} by assigning reporting roles, specified by `xpack.reporting.roles.allow`. Granting access to users this way is deprecated. Set to `false` and use {kibana-ref}/kibana-privileges.html[{kib} privileges] instead. Defaults to `true`.
+With Security enabled, Reporting has two forms of access control: each user can only access their own reports, and custom roles determine who has privilege to generate reports. When Reporting is configured with <<kibana-privileges, {kib} application privileges>>, you can control the spaces and applications where users are allowed to generate reports.
 
 [NOTE]
 ============================================================================
-In 7.x, the default value of `xpack.reporting.roles.enabled` is `true`. To migrate users to the
-new method of securing access to *Reporting*, you must set `xpack.reporting.roles.enabled: false`. In the next major version of {kib}, `false` will be the only valid configuration.
+The `xpack.reporting.roles` settings are for a deprecated system of access control in Reporting. It does not allow API Keys to generate reports, and it doesn't allow {kib} application privileges. We recommend you explicitly turn off reporting's deprecated access control feature by adding `xpack.reporting.roles.enabled: false` in kibana.yml. This will enable application privileges for reporting, as described in <<grant-user-access, granting users access to reporting>>.
 ============================================================================
 
-`xpack.reporting.roles.allow`::
-deprecated:[7.14.0,This setting will be removed in 8.0.] Specifies the roles, in addition to superusers, that can generate reports, using the {ref}/security-api.html#security-role-apis[{es} role management APIs]. Requires `xpack.reporting.roles.enabled` to be `true`. Granting access to users this way is deprecated. Use {kibana-ref}/kibana-privileges.html[{kib} privileges] instead. Defaults to `[ "reporting_user" ]`.
+[[xpack-reporting-roles-enabled]] `xpack.reporting.roles.enabled`::
+deprecated:[7.14.0,The default for this setting will be `false` in an upcoming version of {kib}.] Sets access control to a set of assigned reporting roles, specified by `xpack.reporting.roles.allow`. Defaults to `true`.
 
-NOTE: Each user has access to only their own reports.
+`xpack.reporting.roles.allow`::
+deprecated:[7.14.0] In addition to superusers, specifies the roles that can generate reports using the {ref}/security-api.html#security-role-apis[{es} role management APIs]. Requires `xpack.reporting.roles.enabled` to be `true`. Defaults to `[ "reporting_user" ]`.

docs/setup/configuring-reporting.asciidoc

@@ -41,11 +41,16 @@ To troubleshoot the problem, start the {kib} server with environment variables t
 [float]
 [[grant-user-access]]
 === Grant users access to reporting
+When security is enabled, you grant users access to generate reports with <<kibana-privileges, {kib} application privileges>>, which allow you to create custom roles that control the spaces and applications where users generate reports.
 
-When security is enabled, access to the {report-features} is controlled by roles and <<kibana-privileges, privileges>>. With privileges, you can define custom roles that grant *Reporting* privileges as sub-features of {kib} applications. To grant users permission to generate reports and view their reports in *Reporting*, create and assign the reporting role.
-
-[[reporting-app-users]]
-NOTE: In 7.12.0 and earlier, you grant access to the {report-features} by assigning users the `reporting_user` role in {es}. 
+. Enable application privileges in Reporting. To enable, turn off the default user access control features in `kibana.yml`:
++
+[source,yaml]
+------------------------------------
+xpack.reporting.roles.enabled: false
+------------------------------------
++
+NOTE: If you use the default settings, you can still create a custom role that grants reporting privileges. The default role is `reporting_user`. This behavior is being deprecated and does not allow application-level access controls for {report-features}, and does not allow API keys or authentication tokens to authorize report generation. Refer to <<reporting-advanced-settings, reporting security settings>> for information and caveats about the deprecated access control features.
 
 . Create the reporting role. 
 
@@ -90,10 +95,12 @@ If the *Reporting* option is unavailable, contact your administrator, or <<repor
 
 .. Click *Update user*.
 
+Granting the privilege to generate reports also grants the user the privilege to view their reports in *Stack Management > Reporting*. Users can only access their own reports.
+
 [float]
 [[reporting-roles-user-api]]
 ==== Grant access with the role API
-You can also use the {ref}/security-api-put-role.html[role API] to grant access to the reporting features. Grant the reporting role to users in combination with other roles that grant read access to the data in {es}, and at least read access in the applications where users can generate reports.
+With <<grant-user-access, {kib} application privileges>> enabled in Reporting, you can also use the {ref}/security-api-put-role.html[role API] to grant access to the {report-features}. Grant custom reporting roles to users in combination with other roles that grant read access to the data in {es}, and at least read access in the applications where users can generate reports.
 
 [source, sh]
 ---------------------------------------------------------------

src/core/server/elasticsearch/client/client_config.ts

@@ -55,6 +55,9 @@ export function parseClientOptions(
       ...DEFAULT_HEADERS,
       ...config.customHeaders,
     },
+    // do not make assumption on user-supplied data content
+    // fixes https://github.com/elastic/kibana/issues/101944
+    disablePrototypePoisoningProtection: true,
   };
 
   if (config.pingTimeout != null) {

x-pack/plugins/ml/public/application/components/controls/checkbox_showcharts/checkbox_showcharts.tsx

@@ -8,34 +8,22 @@
 import React, { FC, useCallback, useMemo } from 'react';
 import { EuiCheckbox, htmlIdGenerator } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n/react';
-import { useExplorerUrlState } from '../../../explorer/hooks/use_explorer_url_state';
 
-const SHOW_CHARTS_DEFAULT = true;
-
-export const useShowCharts = (): [boolean, (v: boolean) => void] => {
-  const [explorerUrlState, setExplorerUrlState] = useExplorerUrlState();
-
-  const showCharts = explorerUrlState?.mlShowCharts ?? SHOW_CHARTS_DEFAULT;
-
-  const setShowCharts = useCallback(
-    (v: boolean) => {
-      setExplorerUrlState({ mlShowCharts: v });
-    },
-    [setExplorerUrlState]
-  );
-
-  return [showCharts, setShowCharts];
-};
+export interface CheckboxShowChartsProps {
+  showCharts: boolean;
+  setShowCharts: (update: boolean) => void;
+}
 
 /*
  * React component for a checkbox element to toggle charts display.
  */
-export const CheckboxShowCharts: FC = () => {
-  const [showCharts, setShowCharts] = useShowCharts();
-
-  const onChange = (e: React.ChangeEvent<HTMLInputElement>) => {
-    setShowCharts(e.target.checked);
-  };
+export const CheckboxShowCharts: FC<CheckboxShowChartsProps> = ({ showCharts, setShowCharts }) => {
+  const onChange = useCallback(
+    (e: React.ChangeEvent<HTMLInputElement>) => {
+      setShowCharts(e.target.checked);
+    },
+    [setShowCharts]
+  );
 
   const id = useMemo(() => htmlIdGenerator()(), []);
 

x-pack/plugins/ml/public/application/components/controls/checkbox_showcharts/index.ts

@@ -5,4 +5,4 @@
  * 2.0.
  */
 
-export { useShowCharts, CheckboxShowCharts } from './checkbox_showcharts';
+export { CheckboxShowCharts } from './checkbox_showcharts';

x-pack/plugins/ml/public/application/explorer/explorer.js

@@ -498,7 +498,10 @@ export class ExplorerUI extends React.Component {
                   </EuiFlexItem>
                   {chartsData.seriesToPlot.length > 0 && selectedCells !== undefined && (
                     <EuiFlexItem grow={false}>
-                      <CheckboxShowCharts />
+                      <CheckboxShowCharts
+                        showCharts={showCharts}
+                        setShowCharts={explorerService.setShowCharts}
+                      />
                     </EuiFlexItem>
                   )}
                 </EuiFlexGroup>

x-pack/plugins/ml/public/application/explorer/explorer_constants.ts

@@ -34,6 +34,7 @@ export const EXPLORER_ACTION = {
   SET_VIEW_BY_PER_PAGE: 'setViewByPerPage',
   SET_VIEW_BY_FROM_PAGE: 'setViewByFromPage',
   SET_SWIM_LANE_SEVERITY: 'setSwimLaneSeverity',
+  SET_SHOW_CHARTS: 'setShowCharts',
 };
 
 export const FILTER_ACTION = {

x-pack/plugins/ml/public/application/explorer/explorer_dashboard_service.ts

@@ -83,6 +83,10 @@ const explorerAppState$: Observable<ExplorerAppState> = explorerState$.pipe(
         appState.mlExplorerSwimlane.severity = state.swimLaneSeverity;
       }
 
+      if (state.showCharts !== undefined) {
+        appState.mlShowCharts = state.showCharts;
+      }
+
       if (state.filterActive) {
         appState.mlExplorerFilter.influencersFilterQuery = state.influencersFilterQuery;
         appState.mlExplorerFilter.filterActive = state.filterActive;
@@ -168,6 +172,9 @@ export const explorerService = {
   setSwimLaneSeverity: (payload: number) => {
     explorerAction$.next({ type: EXPLORER_ACTION.SET_SWIM_LANE_SEVERITY, payload });
   },
+  setShowCharts: (payload: boolean) => {
+    explorerAction$.next({ type: EXPLORER_ACTION.SET_SHOW_CHARTS, payload });
+  },
 };
 
 export type ExplorerService = typeof explorerService;

x-pack/plugins/ml/public/application/explorer/reducers/explorer_reducer/reducer.ts

@@ -158,6 +158,13 @@ export const explorerReducer = (state: ExplorerState, nextAction: Action): Explo
       };
       break;
 
+    case EXPLORER_ACTION.SET_SHOW_CHARTS:
+      nextState = {
+        ...state,
+        showCharts: payload,
+      };
+      break;
+
     default:
       nextState = state;
   }

x-pack/plugins/ml/public/application/explorer/reducers/explorer_reducer/state.ts

@@ -59,6 +59,7 @@ export interface ExplorerState {
   viewBySwimlaneOptions: string[];
   swimlaneLimit?: number;
   swimLaneSeverity?: number;
+  showCharts: boolean;
 }
 
 function getDefaultIndexPattern() {
@@ -112,5 +113,6 @@ export function getExplorerDefaultState(): ExplorerState {
     viewByPerPage: SWIM_LANE_DEFAULT_PAGE_SIZE,
     viewByFromPage: 1,
     swimlaneLimit: undefined,
+    showCharts: true,
   };
 }