Merge branch 'master' into misc/ignore-unknown-keys

.github/workflows/pr-project-assigner.yml

@@ -13,8 +13,9 @@ jobs:
         with:
           issue-mappings: |
             [
-              { "label": "Team:AppArch", "projectName": "kibana-app-arch", "columnId": 6173897 },
-              { "label": "Feature:Lens", "projectName": "Lens", "columnId": 6219362 },
-              { "label": "Team:Canvas", "projectName": "canvas", "columnId": 6187580 }
             ]
           ghToken: ${{ secrets.PROJECT_ASSIGNER_TOKEN }}
+
+#              { "label": "Team:AppArch", "projectName": "kibana-app-arch", "columnId": 6173897 },
+#              { "label": "Feature:Lens", "projectName": "Lens", "columnId": 6219362 },
+#              { "label": "Team:Canvas", "projectName": "canvas", "columnId": 6187580 }

docs/development/core/server/kibana-plugin-server.authnothandled.md

@@ -0,0 +1,19 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthNotHandled](./kibana-plugin-server.authnothandled.md)
+
+## AuthNotHandled interface
+
+
+<b>Signature:</b>
+
+```typescript
+export interface AuthNotHandled 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [type](./kibana-plugin-server.authnothandled.type.md) | <code>AuthResultType.notHandled</code> |  |
+

docs/development/core/server/kibana-plugin-server.authnothandled.type.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthNotHandled](./kibana-plugin-server.authnothandled.md) &gt; [type](./kibana-plugin-server.authnothandled.type.md)
+
+## AuthNotHandled.type property
+
+<b>Signature:</b>
+
+```typescript
+type: AuthResultType.notHandled;
+```

docs/development/core/server/kibana-plugin-server.authredirected.md

@@ -0,0 +1,19 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthRedirected](./kibana-plugin-server.authredirected.md)
+
+## AuthRedirected interface
+
+
+<b>Signature:</b>
+
+```typescript
+export interface AuthRedirected extends AuthRedirectedParams 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [type](./kibana-plugin-server.authredirected.type.md) | <code>AuthResultType.redirected</code> |  |
+

docs/development/core/server/kibana-plugin-server.authredirected.type.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthRedirected](./kibana-plugin-server.authredirected.md) &gt; [type](./kibana-plugin-server.authredirected.type.md)
+
+## AuthRedirected.type property
+
+<b>Signature:</b>
+
+```typescript
+type: AuthResultType.redirected;
+```

docs/development/core/server/kibana-plugin-server.authredirectedparams.headers.md

@@ -0,0 +1,15 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthRedirectedParams](./kibana-plugin-server.authredirectedparams.md) &gt; [headers](./kibana-plugin-server.authredirectedparams.headers.md)
+
+## AuthRedirectedParams.headers property
+
+Headers to attach for auth redirect. Must include "location" header
+
+<b>Signature:</b>
+
+```typescript
+headers: {
+        location: string;
+    } & ResponseHeaders;
+```

docs/development/core/server/kibana-plugin-server.authredirectedparams.md

@@ -0,0 +1,20 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthRedirectedParams](./kibana-plugin-server.authredirectedparams.md)
+
+## AuthRedirectedParams interface
+
+Result of auth redirection.
+
+<b>Signature:</b>
+
+```typescript
+export interface AuthRedirectedParams 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [headers](./kibana-plugin-server.authredirectedparams.headers.md) | <code>{</code><br/><code>        location: string;</code><br/><code>    } &amp; ResponseHeaders</code> | Headers to attach for auth redirect. Must include "location" header |
+

docs/development/core/server/kibana-plugin-server.authresult.md

@@ -8,5 +8,5 @@
 <b>Signature:</b>
 
 ```typescript
-export declare type AuthResult = Authenticated;
+export declare type AuthResult = Authenticated | AuthNotHandled | AuthRedirected;
 ```

docs/development/core/server/kibana-plugin-server.authresultparams.md

@@ -4,7 +4,7 @@
 
 ## AuthResultParams interface
 
-Result of an incoming request authentication.
+Result of successful authentication.
 
 <b>Signature:</b>
 

docs/development/core/server/kibana-plugin-server.authresulttype.md

@@ -16,4 +16,6 @@ export declare enum AuthResultType
 |  Member | Value | Description |
 |  --- | --- | --- |
 |  authenticated | <code>&quot;authenticated&quot;</code> |  |
+|  notHandled | <code>&quot;notHandled&quot;</code> |  |
+|  redirected | <code>&quot;redirected&quot;</code> |  |
 

docs/development/core/server/kibana-plugin-server.authtoolkit.md

@@ -17,4 +17,6 @@ export interface AuthToolkit
 |  Property | Type | Description |
 |  --- | --- | --- |
 |  [authenticated](./kibana-plugin-server.authtoolkit.authenticated.md) | <code>(data?: AuthResultParams) =&gt; AuthResult</code> | Authentication is successful with given credentials, allow request to pass through |
+|  [notHandled](./kibana-plugin-server.authtoolkit.nothandled.md) | <code>() =&gt; AuthResult</code> | User has no credentials. Allows user to access a resource when authRequired: 'optional' Rejects a request when authRequired: true |
+|  [redirected](./kibana-plugin-server.authtoolkit.redirected.md) | <code>(headers: {</code><br/><code>        location: string;</code><br/><code>    } &amp; ResponseHeaders) =&gt; AuthResult</code> | Redirect user to IdP when authRequired: true Allows user to access a resource without redirection when authRequired: 'optional' |
 

docs/development/core/server/kibana-plugin-server.authtoolkit.nothandled.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthToolkit](./kibana-plugin-server.authtoolkit.md) &gt; [notHandled](./kibana-plugin-server.authtoolkit.nothandled.md)
+
+## AuthToolkit.notHandled property
+
+User has no credentials. Allows user to access a resource when authRequired: 'optional' Rejects a request when authRequired: true
+
+<b>Signature:</b>
+
+```typescript
+notHandled: () => AuthResult;
+```

docs/development/core/server/kibana-plugin-server.authtoolkit.redirected.md

@@ -0,0 +1,15 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [AuthToolkit](./kibana-plugin-server.authtoolkit.md) &gt; [redirected](./kibana-plugin-server.authtoolkit.redirected.md)
+
+## AuthToolkit.redirected property
+
+Redirect user to IdP when authRequired: true Allows user to access a resource without redirection when authRequired: 'optional'
+
+<b>Signature:</b>
+
+```typescript
+redirected: (headers: {
+        location: string;
+    } & ResponseHeaders) => AuthResult;
+```

docs/development/core/server/kibana-plugin-server.kibanarequest.auth.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-server](./kibana-plugin-server.md) &gt; [KibanaRequest](./kibana-plugin-server.kibanarequest.md) &gt; [auth](./kibana-plugin-server.kibanarequest.auth.md)
+
+## KibanaRequest.auth property
+
+<b>Signature:</b>
+
+```typescript
+readonly auth: {
+        isAuthenticated: boolean;
+    };
+```

docs/development/core/server/kibana-plugin-server.kibanarequest.md

@@ -22,6 +22,7 @@ export declare class KibanaRequest<Params = unknown, Query = unknown, Body = unk
 
 |  Property | Modifiers | Type | Description |
 |  --- | --- | --- | --- |
+|  [auth](./kibana-plugin-server.kibanarequest.auth.md) |  | <code>{</code><br/><code>        isAuthenticated: boolean;</code><br/><code>    }</code> |  |
 |  [body](./kibana-plugin-server.kibanarequest.body.md) |  | <code>Body</code> |  |
 |  [events](./kibana-plugin-server.kibanarequest.events.md) |  | <code>KibanaRequestEvents</code> | Request events [KibanaRequestEvents](./kibana-plugin-server.kibanarequestevents.md) |
 |  [headers](./kibana-plugin-server.kibanarequest.headers.md) |  | <code>Headers</code> | Readonly copy of incoming request headers. |

docs/development/core/server/kibana-plugin-server.md

@@ -53,7 +53,10 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [AssistanceAPIResponse](./kibana-plugin-server.assistanceapiresponse.md) |  |
 |  [AssistantAPIClientParams](./kibana-plugin-server.assistantapiclientparams.md) |  |
 |  [Authenticated](./kibana-plugin-server.authenticated.md) |  |
-|  [AuthResultParams](./kibana-plugin-server.authresultparams.md) | Result of an incoming request authentication. |
+|  [AuthNotHandled](./kibana-plugin-server.authnothandled.md) |  |
+|  [AuthRedirected](./kibana-plugin-server.authredirected.md) |  |
+|  [AuthRedirectedParams](./kibana-plugin-server.authredirectedparams.md) | Result of auth redirection. |
+|  [AuthResultParams](./kibana-plugin-server.authresultparams.md) | Result of successful authentication. |
 |  [AuthToolkit](./kibana-plugin-server.authtoolkit.md) | A tool set defining an outcome of Auth interceptor for incoming request. |
 |  [CallAPIOptions](./kibana-plugin-server.callapioptions.md) | The set of options that defines how API call should be made and result be processed. |
 |  [Capabilities](./kibana-plugin-server.capabilities.md) | The read-only set of capabilities available for the current UI session. Capabilities are simple key-value pairs of (string, boolean), where the string denotes the capability ID, and the boolean is a flag indicating if the capability is enabled or disabled. |

docs/development/core/server/kibana-plugin-server.routeconfigoptions.authrequired.md

@@ -4,12 +4,12 @@
 
 ## RouteConfigOptions.authRequired property
 
-A flag shows that authentication for a route: `enabled` when true `disabled` when false
+Defines authentication mode for a route: - true. A user has to have valid credentials to access a resource - false. A user can access a resource without any credentials. - 'optional'. A user can access a resource if has valid credentials or no credentials at all. Can be useful when we grant access to a resource but want to identify a user if possible.
 
-Enabled by default.
+Defaults to `true` if an auth mechanism is registered.
 
 <b>Signature:</b>
 
 ```typescript
-authRequired?: boolean;
+authRequired?: boolean | 'optional';
 ```

docs/development/core/server/kibana-plugin-server.routeconfigoptions.md

@@ -16,7 +16,7 @@ export interface RouteConfigOptions<Method extends RouteMethod>
 
 |  Property | Type | Description |
 |  --- | --- | --- |
-|  [authRequired](./kibana-plugin-server.routeconfigoptions.authrequired.md) | <code>boolean</code> | A flag shows that authentication for a route: <code>enabled</code> when true <code>disabled</code> when false<!-- -->Enabled by default. |
+|  [authRequired](./kibana-plugin-server.routeconfigoptions.authrequired.md) | <code>boolean &#124; 'optional'</code> | Defines authentication mode for a route: - true. A user has to have valid credentials to access a resource - false. A user can access a resource without any credentials. - 'optional'. A user can access a resource if has valid credentials or no credentials at all. Can be useful when we grant access to a resource but want to identify a user if possible.<!-- -->Defaults to <code>true</code> if an auth mechanism is registered. |
 |  [body](./kibana-plugin-server.routeconfigoptions.body.md) | <code>Method extends 'get' &#124; 'options' ? undefined : RouteConfigOptionsBody</code> | Additional body options [RouteConfigOptionsBody](./kibana-plugin-server.routeconfigoptionsbody.md)<!-- -->. |
 |  [tags](./kibana-plugin-server.routeconfigoptions.tags.md) | <code>readonly string[]</code> | Additional metadata tag strings to attach to the route. |
 |  [xsrfRequired](./kibana-plugin-server.routeconfigoptions.xsrfrequired.md) | <code>Method extends 'get' ? never : boolean</code> | Defines xsrf protection requirements for a route: - true. Requires an incoming POST/PUT/DELETE request to contain <code>kbn-xsrf</code> header. - false. Disables xsrf protection.<!-- -->Set to true by default |

packages/kbn-config-schema/src/byte_size_value/index.test.ts

@@ -42,19 +42,29 @@ describe('parsing units', () => {
   });
 
   test('throws an error when unsupported unit specified', () => {
-    expect(() => ByteSizeValue.parse('1tb')).toThrowErrorMatchingSnapshot();
+    expect(() => ByteSizeValue.parse('1tb')).toThrowErrorMatchingInlineSnapshot(
+      `"Failed to parse value as byte value. Value must be either number of bytes, or follow the format <count>[b|kb|mb|gb] (e.g., '1024kb', '200mb', '1gb'), where the number is a safe positive integer."`
+    );
   });
 });
 
 describe('#constructor', () => {
   test('throws if number of bytes is negative', () => {
-    expect(() => new ByteSizeValue(-1024)).toThrowErrorMatchingSnapshot();
+    expect(() => new ByteSizeValue(-1024)).toThrowErrorMatchingInlineSnapshot(
+      `"Value in bytes is expected to be a safe positive integer."`
+    );
   });
 
   test('throws if number of bytes is not safe', () => {
-    expect(() => new ByteSizeValue(NaN)).toThrowErrorMatchingSnapshot();
-    expect(() => new ByteSizeValue(Infinity)).toThrowErrorMatchingSnapshot();
-    expect(() => new ByteSizeValue(Math.pow(2, 53))).toThrowErrorMatchingSnapshot();
+    expect(() => new ByteSizeValue(NaN)).toThrowErrorMatchingInlineSnapshot(
+      `"Value in bytes is expected to be a safe positive integer."`
+    );
+    expect(() => new ByteSizeValue(Infinity)).toThrowErrorMatchingInlineSnapshot(
+      `"Value in bytes is expected to be a safe positive integer."`
+    );
+    expect(() => new ByteSizeValue(Math.pow(2, 53))).toThrowErrorMatchingInlineSnapshot(
+      `"Value in bytes is expected to be a safe positive integer."`
+    );
   });
 
   test('accepts 0', () => {

packages/kbn-config-schema/src/byte_size_value/index.ts

@@ -38,7 +38,7 @@ export class ByteSizeValue {
       const number = Number(text);
       if (typeof number !== 'number' || isNaN(number)) {
         throw new Error(
-          `Failed to parse [${text}] as byte value. Value must be either number of bytes, or follow the format <count>[b|kb|mb|gb] ` +
+          `Failed to parse value as byte value. Value must be either number of bytes, or follow the format <count>[b|kb|mb|gb] ` +
             `(e.g., '1024kb', '200mb', '1gb'), where the number is a safe positive integer.`
         );
       }
@@ -53,9 +53,7 @@ export class ByteSizeValue {
 
   constructor(private readonly valueInBytes: number) {
     if (!Number.isSafeInteger(valueInBytes) || valueInBytes < 0) {
-      throw new Error(
-        `Value in bytes is expected to be a safe positive integer, but provided [${valueInBytes}].`
-      );
+      throw new Error(`Value in bytes is expected to be a safe positive integer.`);
     }
   }
 

packages/kbn-config-schema/src/duration/index.ts

@@ -28,7 +28,7 @@ function stringToDuration(text: string) {
     const number = Number(text);
     if (typeof number !== 'number' || isNaN(number)) {
       throw new Error(
-        `Failed to parse [${text}] as time value. Value must be a duration in milliseconds, or follow the format ` +
+        `Failed to parse value as time value. Value must be a duration in milliseconds, or follow the format ` +
           `<count>[ms|s|m|h|d|w|M|Y] (e.g. '70ms', '5s', '3d', '1Y'), where the duration is a safe positive integer.`
       );
     }
@@ -43,9 +43,7 @@ function stringToDuration(text: string) {
 
 function numberToDuration(numberMs: number) {
   if (!Number.isSafeInteger(numberMs) || numberMs < 0) {
-    throw new Error(
-      `Value in milliseconds is expected to be a safe positive integer, but provided [${numberMs}].`
-    );
+    throw new Error(`Value in milliseconds is expected to be a safe positive integer.`);
   }
 
   return momentDuration(numberMs);