Merge branch 'master' of github.com:elastic/kibana into dev/state-man…

…agement/state-containers-improvements

.ci/Jenkinsfile_flaky

@@ -99,7 +99,7 @@ def getWorkerMap(agentNumber, numberOfExecutions, worker, workerFailures, maxWor
   def numberOfWorkers = Math.min(numberOfExecutions, maxWorkerProcesses)
 
   for(def i = 1; i <= numberOfWorkers; i++) {
-    def workerExecutions = numberOfExecutions/numberOfWorkers + (i <= numberOfExecutions%numberOfWorkers ? 1 : 0)
+    def workerExecutions = floor(numberOfExecutions/numberOfWorkers + (i <= numberOfExecutions%numberOfWorkers ? 1 : 0))
 
     workerMap["agent-${agentNumber}-worker-${i}"] = { workerNumber ->
       for(def j = 0; j < workerExecutions; j++) {

.eslintrc.js

@@ -82,24 +82,12 @@ module.exports = {
         'react-hooks/exhaustive-deps': 'off',
       },
     },
-    {
-      files: ['src/legacy/core_plugins/tile_map/**/*.{js,ts,tsx}'],
-      rules: {
-        'react-hooks/exhaustive-deps': 'off',
-      },
-    },
     {
       files: ['src/legacy/core_plugins/vis_type_markdown/**/*.{js,ts,tsx}'],
       rules: {
         'react-hooks/exhaustive-deps': 'off',
       },
     },
-    {
-      files: ['src/legacy/core_plugins/vis_type_metric/**/*.{js,ts,tsx}'],
-      rules: {
-        'jsx-a11y/click-events-have-key-events': 'off',
-      },
-    },
     {
       files: ['src/legacy/core_plugins/vis_type_table/**/*.{js,ts,tsx}'],
       rules: {

docs/development/core/server/kibana-plugin-server.icustomclusterclient.md

@@ -4,7 +4,7 @@
 
 ## ICustomClusterClient type
 
-Represents an Elasticsearch cluster API client created by a plugin.. It allows to call API on behalf of the internal Kibana user and the actual user that is derived from the request headers (via `asScoped(...)`<!-- -->).
+Represents an Elasticsearch cluster API client created by a plugin. It allows to call API on behalf of the internal Kibana user and the actual user that is derived from the request headers (via `asScoped(...)`<!-- -->).
 
 See [ClusterClient](./kibana-plugin-server.clusterclient.md)<!-- -->.
 

docs/development/core/server/kibana-plugin-server.kibanaresponsefactory.md

@@ -10,7 +10,7 @@ Set of helpers used to create `KibanaResponse` to form HTTP response on an incom
 
 ```typescript
 kibanaResponseFactory: {
-    custom: <T extends string | Error | Record<string, any> | Buffer | Stream | {
+    custom: <T extends string | Error | Buffer | Stream | Record<string, any> | {
         message: string | Error;
         attributes?: Record<string, any> | undefined;
     } | undefined>(options: CustomHttpResponseOptions<T>) => KibanaResponse<T>;
@@ -21,9 +21,9 @@ kibanaResponseFactory: {
     conflict: (options?: ErrorHttpResponseOptions) => KibanaResponse<ResponseError>;
     internalError: (options?: ErrorHttpResponseOptions) => KibanaResponse<ResponseError>;
     customError: (options: CustomHttpResponseOptions<ResponseError>) => KibanaResponse<ResponseError>;
-    redirected: (options: RedirectResponseOptions) => KibanaResponse<string | Record<string, any> | Buffer | Stream>;
-    ok: (options?: HttpResponseOptions) => KibanaResponse<string | Record<string, any> | Buffer | Stream>;
-    accepted: (options?: HttpResponseOptions) => KibanaResponse<string | Record<string, any> | Buffer | Stream>;
+    redirected: (options: RedirectResponseOptions) => KibanaResponse<string | Buffer | Stream | Record<string, any>>;
+    ok: (options?: HttpResponseOptions) => KibanaResponse<string | Buffer | Stream | Record<string, any>>;
+    accepted: (options?: HttpResponseOptions) => KibanaResponse<string | Buffer | Stream | Record<string, any>>;
     noContent: (options?: HttpResponseOptions) => KibanaResponse<undefined>;
 }
 ```

docs/development/core/server/kibana-plugin-server.md

@@ -177,7 +177,7 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [IBasePath](./kibana-plugin-server.ibasepath.md) | Access or manipulate the Kibana base path[BasePath](./kibana-plugin-server.basepath.md) |
 |  [IClusterClient](./kibana-plugin-server.iclusterclient.md) | Represents an Elasticsearch cluster API client created by the platform. It allows to call API on behalf of the internal Kibana user and the actual user that is derived from the request headers (via <code>asScoped(...)</code>).<!-- -->See [ClusterClient](./kibana-plugin-server.clusterclient.md)<!-- -->. |
 |  [IContextProvider](./kibana-plugin-server.icontextprovider.md) | A function that returns a context value for a specific key of given context type. |
-|  [ICustomClusterClient](./kibana-plugin-server.icustomclusterclient.md) | Represents an Elasticsearch cluster API client created by a plugin.. It allows to call API on behalf of the internal Kibana user and the actual user that is derived from the request headers (via <code>asScoped(...)</code>).<!-- -->See [ClusterClient](./kibana-plugin-server.clusterclient.md)<!-- -->. |
+|  [ICustomClusterClient](./kibana-plugin-server.icustomclusterclient.md) | Represents an Elasticsearch cluster API client created by a plugin. It allows to call API on behalf of the internal Kibana user and the actual user that is derived from the request headers (via <code>asScoped(...)</code>).<!-- -->See [ClusterClient](./kibana-plugin-server.clusterclient.md)<!-- -->. |
 |  [IsAuthenticated](./kibana-plugin-server.isauthenticated.md) | Return authentication status for a request. |
 |  [ISavedObjectsRepository](./kibana-plugin-server.isavedobjectsrepository.md) | See [SavedObjectsRepository](./kibana-plugin-server.savedobjectsrepository.md) |
 |  [IScopedClusterClient](./kibana-plugin-server.iscopedclusterclient.md) | Serves the same purpose as "normal" <code>ClusterClient</code> but exposes additional <code>callAsCurrentUser</code> method that doesn't use credentials of the Kibana internal user (as <code>callAsInternalUser</code> does) to request Elasticsearch API, but rather passes HTTP headers extracted from the current user request to the API.<!-- -->See [ScopedClusterClient](./kibana-plugin-server.scopedclusterclient.md)<!-- -->. |

docs/management/managing-licenses.asciidoc

@@ -1,28 +1,185 @@
 [[managing-licenses]]
-== License Management
+== License management
 
-When you install {kib}, it generates a Basic license
-with no expiration date.  Go to *Management > License Management* to view the 
-status of your license, start a 30-day trial, or install a new license. 
+When you install the default distribution of {kib}, you receive a basic license
+with no expiration date. For the full list of free features that are included in
+the basic license, see https://www.elastic.co/subscriptions[the subscription page].
 
-To learn more about the available license levels,
-see https://www.elastic.co/subscriptions[the subscription page]. 
+If you want to try out the full set of platinum features, you can activate a
+30-day trial license. Go to *Management > License Management* to view the 
+status of your license, start a trial, or install a new license.
 
-You can activate a 30-day trial license to try out the full set of 
-https://www.elastic.co/subscriptions[Platinum features], including machine learning, 
-advanced security, alerting, graph capabilities, and more. 
+NOTE: You can start a trial only if your cluster has not already activated a
+trial license for the current major product version. For example, if you have
+already activated a trial for v6.0, you cannot start a new trial until 
+v7.0. You can, however, contact `info@elastic.co` to request an extended trial
+license.
 
-When you activate a new license level, new features will appear in the left sidebar 
+When you activate a new license level, new features appear in the left sidebar 
 of the *Management* page.
 
 [role="screenshot"]
 image::images/management-license.png[]
 
-At the end of the trial period, the Platinum features operate in a 
-{stack-ov}/license-expiration.html[degraded mode]. You can revert to a Basic 
-license, extend the trial, or purchase a subscription. 
+At the end of the trial period, the platinum features operate in a
+<<license-expiration,degraded mode>>. You can revert to a basic license, 
+extend the trial, or purchase a subscription. 
 
+TIP: If {security-features} are enabled, before you revert to a basic license or
+install a gold or platinum license, you must configure Transport Layer Security
+(TLS) in {es}. See {ref}/encrypting-communications.html[Encrypting communications].
+{kib} and the {ref}/start-basic.html[start basic API] provide a list of all of
+the features that will no longer be supported if you revert to a basic license.
 
-TIP: If {security-features} are enabled, before you revert to a Basic license or install 
-a Gold or Platinum license, you must configure Transport Layer Security (TLS) in {es}. 
-See {ref}/encrypting-communications.html[Encrypting communications].
+[discrete]
+[[update-license]]
+=== Update your license
+
+You can update your license at runtime without shutting down your {es} nodes.
+License updates take effect immediately. The license is provided as a _JSON_
+file that you install in {kib} or by using the
+{ref}/update-license.html[update license API].
+
+TIP: If you are using a basic or trial license, {security-features} are disabled
+by default. In all other licenses, {security-features} are enabled by default;
+you must secure the {stack} or disable the {security-features}. 
+
+[discrete]
+[[license-expiration]]
+=== License expiration
+
+Your license is time based and expires at a future date. If you're using
+{monitor-features} and your license will expire within 30 days, a license
+expiration warning is displayed prominently. Warnings are also displayed on
+startup and written to the {es} log starting 30 days from the expiration date.
+These error messages tell you when the license expires and what features will be
+disabled if you do not update the license.
+
+IMPORTANT: You should update your license as soon as possible. You are
+essentially flying blind when running with an expired license. Access to the
+cluster health and stats APIs is critical for monitoring and managing an {es}
+cluster.
+
+[discrete]
+[[expiration-beats]]
+==== Beats
+
+*  Beats will continue to poll centrally-managed configuration.
+
+[discrete]
+[[expiration-elasticsearch]]
+==== {es}
+
+// Upgrade API is disabled
+* The deprecation API is disabled.
+* SQL support is disabled.
+* Aggregations provided by the analytics plugin are no longer usable.
+
+[discrete]
+[[expiration-watcher]]
+==== {stack} {alert-features}
+
+* The PUT and GET watch APIs are disabled. The DELETE watch API continues to work.
+* Watches execute and write to the history.
+* The actions of the watches do not execute.
+
+[discrete]
+[[expiration-graph]]
+==== {stack} {graph-features}
+
+* Graph explore APIs are disabled.
+
+[discrete]
+[[expiration-ml]]
+==== {stack} {ml-features}
+
+* APIs to create {anomaly-jobs}, open jobs, send data to jobs, create {dfeeds},
+and start {dfeeds} are disabled.
+* All started {dfeeds} are stopped.
+* All open {anomaly-jobs} are closed.
+* APIs to create and start {dfanalytics-jobs} are disabled. 
+* Existing {anomaly-job} and {dfanalytics-job} results continue to be available
+by using {kib} or APIs.
+
+[discrete]
+[[expiration-monitoring]]
+==== {stack} {monitor-features}
+
+* The agent stops collecting cluster and indices metrics.
+* The agent stops automatically cleaning indices older than
+`xpack.monitoring.history.duration`.
+
+[discrete]
+[[expiration-security]]
+==== {stack} {security-features}
+
+* Cluster health, cluster stats, and indices stats operations are blocked.
+* All data operations (read and write) continue to work.
+
+Once the license expires, calls to the cluster health, cluster stats, and index
+stats APIs fail with a `security_exception` and return a 403 HTTP status code.
+
+[source,sh]
+-----------------------------------------------------
+{
+  "error": {
+    "root_cause": [
+      {
+        "type": "security_exception",
+        "reason": "current license is non-compliant for [security]",
+        "license.expired.feature": "security"
+      }
+    ],
+    "type": "security_exception",
+    "reason": "current license is non-compliant for [security]",
+    "license.expired.feature": "security"
+  },
+  "status": 403
+}
+-----------------------------------------------------
+
+This message enables automatic monitoring systems to easily detect the license
+failure without immediately impacting other users.
+
+[discrete]
+[[expiration-logstash]]
+==== {ls} pipeline management
+
+* Cannot create new pipelines or edit or delete existing pipelines from the UI.
+* Cannot list or view existing pipelines from the UI.
+* Cannot run Logstash instances which are registered to listen to existing pipelines.
+//TBD: * Logstash will continue to poll centrally-managed pipelines
+
+[discrete]
+[[expiration-kibana]]
+==== {kib}
+
+* Users can still log into {kib}.
+* {kib} works for data exploration and visualization, but some features
+are disabled.
+* The license management UI is available to easily upgrade your license. See
+<<update-license>> and <<managing-licenses>>.
+
+[discrete]
+[[expiration-reporting]]
+==== {kib} {report-features}
+
+* Reporting is no longer available in {kib}.
+* Report generation URLs stop working.
+* Existing reports are no longer accessible.
+
+[discrete]
+[[expiration-rollups]]
+==== {rollups-cap}
+
+* {rollup-jobs-cap} cannot be created or started.
+* Existing {rollup-jobs} can be stopped and deleted.
+* The get rollup caps and rollup search APIs continue to function.
+
+[discrete]
+[[expiration-transforms]]
+==== {transforms-cap}
+
+* {transforms-cap} cannot be created, previewed, started, or updated.
+* Existing {transforms} can be stopped and deleted.
+* Existing {transform} results continue to be available.

docs/management/snapshot-restore/index.asciidoc

@@ -21,7 +21,7 @@ With this UI, you can:
 image:management/snapshot-restore/images/snapshot_list.png["Snapshot list"]
 
 Before using this feature, you should be familiar with how snapshots work.  
-{ref}/modules-snapshots.html[Snapshot and Restore] is a good source for 
+{ref}/snapshot-restore.html[Snapshot and Restore] is a good source for 
 more detailed information.
 
 [float]
@@ -35,9 +35,9 @@ registering one.
 {kib} supports three repository types
 out of the box: shared file system, read-only URL, and source-only.  
 For more information on these repositories and their settings, 
-see {ref}/modules-snapshots.html#snapshots-repositories[Repositories].
+see {ref}/snapshots-register-repository.html[Repositories].
 To use other repositories, such as S3, see  
-{ref}/modules-snapshots.html#_repository_plugins[Repository plugins].
+{ref}/snapshots-register-repository.html#snapshots-repository-plugins[Repository plugins].
 
 
 Once you create a repository, it is listed in the *Repositories* 
@@ -61,7 +61,7 @@ into each snapshot for further investigation.
 image:management/snapshot-restore/images/snapshot_details.png["Snapshot details"]
 
 If you don’t have any snapshots, you can create them from the {kib} <<console-kibana, Console>>. The 
-{ref}//modules-snapshots.html#snapshots-take-snapshot[snapshot API]
+{ref}/snapshots-take-snapshot.html[snapshot API]
 takes the current state and data in your index or cluster, and then saves it to a 
 shared repository. 
 
@@ -162,7 +162,7 @@ Ready to try *Snapshot and Restore*? In this tutorial, you'll learn to:
 This example shows you how to register a shared file system repository 
 and store snapshots.
 Before you begin, you must register the location of the repository in the 
-{ref}/modules-snapshots.html#_shared_file_system_repository[path.repo] setting on 
+{ref}/snapshots-register-repository.html#snapshots-filesystem-repository[path.repo] setting on 
 your master and data nodes.  You can do this in one of two ways:
 
 * Edit  your `elasticsearch.yml` to include the `path.repo` setting.
@@ -197,7 +197,7 @@ The repository currently doesn’t have any snapshots.
 
 [float]
 ==== Add a snapshot to the repository
-Use the {ref}//modules-snapshots.html#snapshots-take-snapshot[snapshot API] to create a snapshot.
+Use the {ref}/snapshots-take-snapshot.html[snapshot API] to create a snapshot.
 
 . Go to *Dev Tools > Console*.
 . Create the snapshot:
@@ -206,7 +206,7 @@ Use the {ref}//modules-snapshots.html#snapshots-take-snapshot[snapshot API] to c
 PUT /_snapshot/my_backup/2019-04-25_snapshot?wait_for_completion=true
 +
 In this example, the snapshot name is `2019-04-25_snapshot`. You can also 
-use {ref}//date-math-index-names.html[date math expression] for the snapshot name.
+use {ref}/date-math-index-names.html[date math expression] for the snapshot name.
 +
 [role="screenshot"]
 image:management/snapshot-restore/images/create_snapshot.png["Create snapshot"]

docs/settings/reporting-settings.asciidoc

@@ -54,6 +54,14 @@ The protocol for accessing Kibana, typically `http` or `https`.
 `xpack.reporting.kibanaServer.hostname`::
 The hostname for accessing {kib}, if different from the `server.host` value.
 
+[NOTE]
+============
+Reporting authenticates requests on the Kibana page only when the hostname matches the
+`xpack.reporting.kibanaServer.hostname` setting. Therefore Reporting would fail if the
+set value redirects to another server. For that reason, `"0"` is an invalid setting
+because, in the Reporting browser, it becomes an automatic redirect to `"0.0.0.0"`.
+============
+
 
 [float]
 [[reporting-job-queue-settings]]

docs/settings/security-settings.asciidoc

@@ -45,7 +45,7 @@ if this setting isn't the same for all instances of {kib}.
 
 `xpack.security.secureCookies`::
 Sets the `secure` flag of the session cookie. The default value is `false`. It
-is set to `true` if `server.ssl.certificate` and `server.ssl.key` are set. Set
+is automatically set to `true` if `server.ssl.enabled` is set to `true`. Set
 this to `true` if SSL is configured outside of {kib} (for example, you are
 routing requests through a load balancer or proxy).