Merge remote-tracking branch 'upstream/master' into 48180-settings-ca…

…pabilities-fix

# Conflicts:
#	x-pack/legacy/plugins/infra/public/pages/logs/index.tsx

.eslintrc.js

@@ -206,8 +206,6 @@ module.exports = {
       files: ['x-pack/legacy/plugins/ml/**/*.{js,ts,tsx}'],
       rules: {
         'react-hooks/exhaustive-deps': 'off',
-        'react-hooks/rules-of-hooks': 'off',
-        'jsx-a11y/click-events-have-key-events': 'off',
       },
     },
     {

.github/CODEOWNERS

@@ -42,7 +42,9 @@
 /x-pack/test/functional/apps/machine_learning/  @elastic/ml-ui
 /x-pack/test/functional/services/machine_learning/  @elastic/ml-ui
 /x-pack/test/functional/services/ml.ts  @elastic/ml-ui
-/x-pack/legacy/plugins/transform/  @elastic/ml-ui
+# ML team owns the transform plugin, ES team added here for visibility
+# because the plugin lives in Kibana's Elasticsearch management section.
+/x-pack/legacy/plugins/transform/  @elastic/ml-ui @elastic/es-ui 
 
 # Operations
 /renovate.json5 @elastic/kibana-operations
@@ -94,9 +96,6 @@
 /x-pack/legacy/plugins/rollup/  @elastic/es-ui
 /x-pack/legacy/plugins/searchprofiler/  @elastic/es-ui
 /x-pack/legacy/plugins/snapshot_restore/  @elastic/es-ui
-# ML team owns the transform plugin, ES team added here for visibility
-# because the plugin lives in Kibana's Elasticsearch management section.
-/x-pack/legacy/plugins/transform/  @elastic/es-ui
 /x-pack/legacy/plugins/watcher/  @elastic/es-ui
 
 # Kibana TSVB external contractors

docs/discover/kuery.asciidoc

@@ -73,3 +73,87 @@ set these terms will be matched against all fields. For example, a query for `re
 in the response field, but a query for just `200` will search for 200 across all fields in your index.
 ============
 
+===== Nested Field Support
+
+KQL supports querying on {ref}/nested.html[nested fields] through a special syntax. You can query nested fields in subtly different
+ways, depending on the results you want, so crafting nested queries requires extra thought.
+
+One main consideration is how to match parts of the nested query to the individual nested documents.
+There are two main approaches to take:
+
+* *Parts of the query may only match a single nested document.* This is what most users want when querying on a nested field.
+* *Parts of the query can match different nested documents.* This is how a regular object field works. 
+ Although generally less useful, there might be occasions where you want to query a nested field in this way.
+
+Let's take a look at the first approach. In the following document, `items` is a nested field:
+
+[source,json]
+----------------------------------
+{
+  "grocery_name": "Elastic Eats",
+  "items": [
+    {
+      "name": "banana",
+      "stock": "12",
+      "category": "fruit"
+    },
+    {
+      "name": "peach",
+      "stock": "10",
+      "category": "fruit"
+    },
+    {
+      "name": "carrot",
+      "stock": "9",
+      "category": "vegetable"
+    },
+    {
+      "name": "broccoli",
+      "stock": "5",
+      "category": "vegetable"
+    }
+  ]
+}
+----------------------------------
+
+To find stores that have more than 10 bananas in stock, you would write a query like this:
+
+`items:{ name:banana and stock > 10 }`
+
+`items` is the "nested path". Everything inside the curly braces (the "nested group") must match a single document. 
+For example, `items:{ name:banana and stock:9 }` does not match because there isn't a single nested document that 
+matches the entire query in the nested group. 
+
+What if you want to find a store with more than 10 bananas that *also* stocks vegetables? This is the second way of querying a nested field, and you can do it like this:
+
+`items:{ name:banana and stock > 10 } and items:{ category:vegetable }`
+
+The first nested group (`name:banana and stock > 10`) must still match a single document, but the `category:vegetables`
+subquery can match a different nested document because it is in a separate group.
+
+KQL's syntax also supports nested fields inside of other nested fields—you simply have to specify the full path. Suppose you
+have a document where `level1` and `level2` are both nested fields:
+
+[source,json]
+----------------------------------
+{
+  "level1": [
+    {
+      "level2": [
+        {
+          "prop1": "foo",
+          "prop2": "bar"
+        },
+        {
+          "prop1": "baz",
+          "prop2": "qux"
+        }
+      ]
+    }
+  ]
+}
+----------------------------------
+
+You can match on a single nested document by specifying the full path:
+
+`level1.level2:{ prop1:foo and prop2:bar }`

docs/user/security/authentication/index.asciidoc

@@ -138,7 +138,7 @@ xpack.security.authc.saml.maxRedirectURLSize: 1kb
 ==== OpenID Connect Single Sign-On
 
 Similar to SAML, authentication with OpenID Connect allows users to log in to {kib} using an OpenID Connect Provider such as Google, or Okta. OpenID Connect
-should also be configured in {es}, see {xpack-ref}/saml-guide.html[Configuring OpenID Connect Single-Sign-On on the Elastic Stack] for more details.
+should also be configured in {es}. For more details, see {ref}/oidc-guide.html[Configuring single sign-on to the {stack} using OpenID Connect].
 
 Set the configuration values in `kibana.yml` as follows:
 

packages/kbn-es-query/src/__fixtures__/index_pattern_response.json

@@ -161,8 +161,7 @@
       "searchable": true,
       "aggregatable": true,
       "readFromDocValues": true,
-      "parent": "machine.os",
-      "subType": "multi"
+      "subType": { "multi": { "parent": "machine.os" } }
     },
     {
       "name": "geo.src",
@@ -277,6 +276,28 @@
       "searchable": true,
       "aggregatable": true,
       "readFromDocValues": false
+    },
+    {
+      "name": "nestedField.child",
+      "type": "string",
+      "esTypes": ["text"],
+      "count": 0,
+      "scripted": false,
+      "searchable": true,
+      "aggregatable": false,
+      "readFromDocValues": false,
+      "subType": { "nested": { "path": "nestedField" } }
+    },
+    {
+      "name": "nestedField.nestedChild.doublyNestedChild",
+      "type": "string",
+      "esTypes": ["text"],
+      "count": 0,
+      "scripted": false,
+      "searchable": true,
+      "aggregatable": false,
+      "readFromDocValues": false,
+      "subType": { "nested": { "path": "nestedField.nestedChild" } }
     }
   ]
 }

packages/kbn-es-query/src/kuery/ast/__tests__/ast.js

@@ -198,6 +198,68 @@ describe('kuery AST API', function () {
       expect(actual).to.eql(expected);
     });
 
+    it('should support nested queries indicated by curly braces', () => {
+      const expected = nodeTypes.function.buildNode(
+        'nested',
+        'nestedField',
+        nodeTypes.function.buildNode('is', 'childOfNested', 'foo')
+      );
+      const actual = ast.fromKueryExpression('nestedField:{ childOfNested: foo }');
+      expect(actual).to.eql(expected);
+    });
+
+    it('should support nested subqueries and subqueries inside nested queries', () => {
+      const expected = nodeTypes.function.buildNode(
+        'and',
+        [
+          nodeTypes.function.buildNode('is', 'response', '200'),
+          nodeTypes.function.buildNode(
+            'nested',
+            'nestedField',
+            nodeTypes.function.buildNode('or', [
+              nodeTypes.function.buildNode('is', 'childOfNested', 'foo'),
+              nodeTypes.function.buildNode('is', 'childOfNested', 'bar'),
+            ])
+          )]);
+      const actual = ast.fromKueryExpression('response:200 and nestedField:{ childOfNested:foo or childOfNested:bar }');
+      expect(actual).to.eql(expected);
+    });
+
+    it('should support nested sub-queries inside paren groups', () => {
+      const expected = nodeTypes.function.buildNode(
+        'and',
+        [
+          nodeTypes.function.buildNode('is', 'response', '200'),
+          nodeTypes.function.buildNode('or', [
+            nodeTypes.function.buildNode(
+              'nested',
+              'nestedField',
+              nodeTypes.function.buildNode('is', 'childOfNested', 'foo')
+            ),
+            nodeTypes.function.buildNode(
+              'nested',
+              'nestedField',
+              nodeTypes.function.buildNode('is', 'childOfNested', 'bar')
+            ),
+          ])
+        ]);
+      const actual = ast.fromKueryExpression('response:200 and ( nestedField:{ childOfNested:foo } or nestedField:{ childOfNested:bar } )');
+      expect(actual).to.eql(expected);
+    });
+
+    it('should support nested groups inside other nested groups', () => {
+      const expected = nodeTypes.function.buildNode(
+        'nested',
+        'nestedField',
+        nodeTypes.function.buildNode(
+          'nested',
+          'nestedChild',
+          nodeTypes.function.buildNode('is', 'doublyNestedChild', 'foo')
+        )
+      );
+      const actual = ast.fromKueryExpression('nestedField:{ nestedChild:{ doublyNestedChild:foo } }');
+      expect(actual).to.eql(expected);
+    });
   });
 
   describe('fromLiteralExpression', function () {

packages/kbn-es-query/src/kuery/ast/ast.js

@@ -63,12 +63,12 @@ function fromExpression(expression, parseOptions = {}, parse = parseKuery) {
  * IndexPattern isn't required, but if you pass one in, we can be more intelligent
  * about how we craft the queries (e.g. scripted fields)
  */
-export function toElasticsearchQuery(node, indexPattern, config = {}) {
+export function toElasticsearchQuery(node, indexPattern, config = {}, context = {}) {
   if (!node || !node.type || !nodeTypes[node.type]) {
     return toElasticsearchQuery(nodeTypes.function.buildNode('and', []));
   }
 
-  return nodeTypes[node.type].toElasticsearchQuery(node, indexPattern, config);
+  return nodeTypes[node.type].toElasticsearchQuery(node, indexPattern, config, context);
 }
 
 export function doesKueryExpressionHaveLuceneSyntaxError(expression) {