elastic
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 1 addition & 0 deletions b/‎.github/CODEOWNERS‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/setup/settings.asciidoc‎
Lines changed: 12 additions & 10 deletions b/‎docs/setup/settings.asciidoc‎
Lines changed: 12 additions & 10 deletions
diff --git a/‎docs/user/security/securing-communications/index.asciidoc‎
Lines changed: 21 additions & 9 deletions b/‎docs/user/security/securing-communications/index.asciidoc‎
Lines changed: 21 additions & 9 deletions
diff --git a/‎src/core/MIGRATION.md‎
Lines changed: 2 additions & 1 deletion b/‎src/core/MIGRATION.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/core/MIGRATION_EXAMPLES.md‎
Lines changed: 83 additions & 2 deletions b/‎src/core/MIGRATION_EXAMPLES.md‎
Lines changed: 83 additions & 2 deletions
diff --git a/‎src/dev/build/tasks/os_packages/docker_generator/resources/bin/kibana-docker‎
Lines changed: 0 additions & 1 deletion b/‎src/dev/build/tasks/os_packages/docker_generator/resources/bin/kibana-docker‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎src/legacy/core_plugins/kibana/public/dashboard/np_ready/dashboard_app_controller.tsx‎
Lines changed: 10 additions & 7 deletions b/‎src/legacy/core_plugins/kibana/public/dashboard/np_ready/dashboard_app_controller.tsx‎
Lines changed: 10 additions & 7 deletions
diff --git a/‎src/legacy/core_plugins/kibana/public/discover/np_ready/angular/discover.js‎
Lines changed: 4 additions & 2 deletions b/‎src/legacy/core_plugins/kibana/public/discover/np_ready/angular/discover.js‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎src/legacy/core_plugins/kibana/public/visualize/np_ready/editor/editor.js‎
Lines changed: 4 additions & 2 deletions b/‎src/legacy/core_plugins/kibana/public/visualize/np_ready/editor/editor.js‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎x-pack/legacy/plugins/actions/server/lib/action_executor.test.ts‎
Lines changed: 2 additions & 0 deletions b/‎x-pack/legacy/plugins/actions/server/lib/action_executor.test.ts‎
Lines changed: 2 additions & 0 deletions
@@ -129,6 +129,7 @@
 # Kibana Alerting Services
 /x-pack/legacy/plugins/alerting/ @elastic/kibana-alerting-services
 /x-pack/legacy/plugins/actions/ @elastic/kibana-alerting-services
+/x-pack/plugins/event_log/ @elastic/kibana-alerting-services
 /x-pack/plugins/task_manager/ @elastic/kibana-alerting-services
 /x-pack/test/alerting_api_integration/ @elastic/kibana-alerting-services
 /x-pack/test/plugin_api_integration/plugins/task_manager/ @elastic/kibana-alerting-services
 
@@ -229,23 +229,25 @@ Kibana, the server needs to be CORS-enabled so Kibana can download the file.
 The following example shows a valid regionmap configuration.
 +
 --
-    map.regionmap:
+    map
       includeElasticMapsService: false
-      layers:
-         - name: "Departments of France"
-           url: "http://my.cors.enabled.server.org/france_departements.geojson"
-           attribution: "INRAP"
-           fields:
-              - name: "department"
+      regionmap:
+        layers:
+          - name: "Departments of France"
+            url: "http://my.cors.enabled.server.org/france_departements.geojson"
+            attribution: "INRAP"
+            fields:
+               - name: "department"
                 description: "Full department name"
-              - name: "INSEE"
+               - name: "INSEE"
                 description: "INSEE numeric identifier"
 --
 
-[[regionmap-ES-map]]`map.regionmap.includeElasticMapsService:`:: Turns on or off
+[[regionmap-ES-map]]`map.includeElasticMapsService:`:: Turns on or off
 whether layers from the Elastic Maps Service should be included in the vector
 layer option list. Supported on Elastic Cloud Enterprise. By turning this off,
-only the layers that are configured here will be included. The default is `true`.
+only the layers that are configured here will be included. The default is `true`. 
+This also affects whether tile-service from the Elastic Maps Service will be available.
 
 [[regionmap-attribution]]`map.regionmap.layers[].attribution:`:: Optional.
 References the originating source of the geojson file. Supported on {ece}.
 
@@ -4,8 +4,9 @@
 <titleabbrev>Encrypting communications</titleabbrev>
 ++++
 
-{kib} supports Transport Layer Security (TLS/SSL) encryption for all forms of data-in-transit. Browsers send traffic to {kib} and {kib}
-sends traffic to {es}. These communications are configured separately.
+{kib} supports Transport Layer Security (TLS/SSL) encryption for all forms of
+data-in-transit. Browsers send traffic to {kib} and {kib} sends traffic to {es}.
+These communications are configured separately.
 
 [[configuring-tls-browser-kib]]
 ==== Encrypting traffic between the browser and {kib}
@@ -78,15 +79,18 @@ NOTE: To perform this step, you must
 {ref}/configuring-security.html[enable the {es} {security-features}] or you 
 must have a proxy that provides an HTTPS endpoint for {es}. 
 
-. Specify the HTTPS URL in the `elasticsearch.hosts` setting in the {kib} configuration file, `kibana.yml`:
+. Specify the HTTPS URL in the `elasticsearch.hosts` setting in the {kib}
+configuration file, `kibana.yml`:
 +
 --
 [source,yaml]
 --------------------------------------------------------------------------------
 elasticsearch.hosts: ["https://<your_elasticsearch_host>.com:9200"]
 --------------------------------------------------------------------------------
 
-Using the HTTPS protocol results in a default `elasticsearch.ssl.verificationMode` option of `full`, which utilizes hostname verification.
+Using the HTTPS protocol results in a default
+`elasticsearch.ssl.verificationMode` option of `full`, which utilizes hostname
+verification.
 
 For more information, see <<settings,{kib} configuration settings>>. 
 --
@@ -95,24 +99,32 @@ For more information, see <<settings,{kib} configuration settings>>.
 +
 --
 
-If you are using your own CA to sign certificates for {es}, then you need to specify the CA certificate chain in {kib} to properly establish
-trust in TLS connections. If your CA certificate chain is contained in a PKCS #12 trust store, specify it like so:
+If you are using your own CA to sign certificates for {es}, then you need to
+specify the CA certificate chain in {kib} to properly establish trust in TLS
+connections. If your CA certificate chain is contained in a PKCS #12 trust store,
+specify it like so:
 
 [source,yaml]
 --------------------------------------------------------------------------------
 elasticsearch.ssl.truststore.path: "/path/to/your/truststore.p12"
 elasticsearch.ssl.truststore.password: "optional decryption password"
 --------------------------------------------------------------------------------
 
-Otherwise, if your CA certificate chain is in PEM format, specify each certificate like so:
+Otherwise, if your CA certificate chain is in PEM format, specify each
+certificate like so:
 
 [source,yaml]
 --------------------------------------------------------------------------------
 elasticsearch.ssl.certificateAuthorities: ["/path/to/your/cacert1.pem", "/path/to/your/cacert2.pem"]
 --------------------------------------------------------------------------------
 
+TIP: You can use the {ref}/certutil.html[`elasticsearch-certutil http` command]
+to generate a PEM format x.509 certificate for the {es} CA. It also provides
+detailed configuration details in readme files.
+ 
 --
 
-. (Optional) If the Elastic {monitor-features} are enabled, configure {kib} to connect to the {es} monitoring cluster via HTTPS. The steps
-are the same as above, but each setting is prefixed by `xpack.monitoring.`. For example, `xpack.monitoring.elasticsearch.hosts`,
+. (Optional) If the Elastic {monitor-features} are enabled, configure {kib} to
+connect to the {es} monitoring cluster via HTTPS. The steps are the same as
+above, but each setting is prefixed by `xpack.monitoring.`. For example, `xpack.monitoring.elasticsearch.hosts`,
 `xpack.monitoring.elasticsearch.ssl.truststore.path`, etc.
@@ -1193,10 +1193,11 @@ In server code, `core` can be accessed from either `server.newPlatform` or `kbnS
 | ----------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- |
 | `server.config()`                                                             | [`initializerContext.config.create()`](/docs/development/core/server/kibana-plugin-server.plugininitializercontext.config.md)                                                                                                                                                                               | Must also define schema. See _[how to configure plugin](#configure-plugin)_ |
 | `server.route`                                                                | [`core.http.createRouter`](/docs/development/core/server/kibana-plugin-server.httpservicesetup.createrouter.md)                                                                                                                                                                                             | [Examples](./MIGRATION_EXAMPLES.md#route-registration)                      |
+| `server.renderApp()` / `server.renderAppWithDefaultConfig()`                  | [`context.rendering.render()`](/docs/development/core/server/kibana-plugin-server.iscopedrenderingclient.render.md)                                                                                                                                                                                         | [Examples](./MIGRATION_EXAMPLES.md#render-html-content)                     |
 | `request.getBasePath()`                                                       | [`core.http.basePath.get`](/docs/development/core/server/kibana-plugin-server.httpservicesetup.basepath.md)                                                                                                                                                                                                 |                                                                             |
 | `server.plugins.elasticsearch.getCluster('data')`                             | [`context.elasticsearch.dataClient`](/docs/development/core/server/kibana-plugin-server.iscopedclusterclient.md)                                                                                                                                                                                            |                                                                             |
 | `server.plugins.elasticsearch.getCluster('admin')`                            | [`context.elasticsearch.adminClient`](/docs/development/core/server/kibana-plugin-server.iscopedclusterclient.md)                                                                                                                                                                                           |                                                                             |
-| `server.plugins.elasticsearch.createCluster(...)`                            | [`core.elasticsearch.createClient`](/docs/development/core/server/kibana-plugin-server.elasticsearchservicesetup.createclient.md)                                                                                                                                                                                           |                                                                             |
+| `server.plugins.elasticsearch.createCluster(...)`                             | [`core.elasticsearch.createClient`](/docs/development/core/server/kibana-plugin-server.elasticsearchservicesetup.createclient.md)                                                                                                                                                                           |                                                                             |
 | `server.savedObjects.setScopedSavedObjectsClientFactory`                      | [`core.savedObjects.setClientFactory`](/docs/development/core/server/kibana-plugin-server.savedobjectsservicesetup.setclientfactory.md)                                                                                                                                                                     |                                                                             |
 | `server.savedObjects.addScopedSavedObjectsClientWrapperFactory`               | [`core.savedObjects.addClientWrapper`](/docs/development/core/server/kibana-plugin-server.savedobjectsservicesetup.addclientwrapper.md)                                                                                                                                                                     |                                                                             |
 | `server.savedObjects.getSavedObjectsRepository`                               | [`core.savedObjects.createInternalRepository`](/docs/development/core/server/kibana-plugin-server.savedobjectsservicesetup.createinternalrepository.md) [`core.savedObjects.createScopedRepository`](/docs/development/core/server/kibana-plugin-server.savedobjectsservicesetup.createscopedrepository.md) |                                                                             |
 
@@ -16,7 +16,9 @@ APIs to their New Platform equivalents.
     - [Accessing Services](#accessing-services)
   - [Chrome](#chrome)
     - [Updating an application navlink](#updating-application-navlink)
-  
+  - [Chromeless Applications](#chromeless-applications)
+  - [Render HTML Content](#render-html-content)
+
 ## Configuration
 
 ### Declaring config schema
@@ -518,4 +520,83 @@ export class MyPlugin implements Plugin {
       },
     });
   }
-```
+```
+
+## Chromeless Applications
+
+In Kibana, a "chromeless" application is one where the primary Kibana UI components
+such as header or navigation can be hidden. In the legacy platform these were referred to
+as "hidden" applications, and were set via the `hidden` property in a Kibana plugin.
+Chromeless applications are also not displayed in the left navbar.
+
+To mark an application as chromeless, specify `chromeless: false` when registering your application
+to hide the chrome UI when the application is mounted:
+
+```ts
+application.register({
+  id: 'chromeless',
+  chromeless: true,
+  async mount(context, params) {
+    /* ... */
+  },
+});
+```
+
+If you wish to render your application at a route that does not follow the `/app/${appId}` pattern,
+this can be done via the `appRoute` property. Doing this currently requires you to register a server
+route where you can return a bootstrapped HTML page for your application bundle. Instructions on
+registering this server route is covered in the next section: [Render HTML Content](#render-html-content).
+
+```ts
+application.register({
+  id: 'chromeless',
+  appRoute: '/chromeless',
+  chromeless: true,
+  async mount(context, params) {
+    /* ... */
+  },
+});
+```
+
+## Render HTML Content
+
+You can return a blank HTML page bootstrapped with the core application bundle from an HTTP route handler
+via the `rendering` context. You may wish to do this if you are rendering a chromeless application with a
+custom application route or have other custom rendering needs.
+
+```ts
+router.get(
+  { path: '/chromeless', validate: false },
+  (context, request, response) => {
+    const { http, rendering } = context.core;
+
+    return response.ok({
+      body: await rendering.render(), // generates an HTML document
+      headers: {
+        'content-security-policy': http.csp.header,
+      },
+    });
+  }
+);
+```
+
+You can also specify to exclude user data from the bundle metadata. User data
+comprises all UI Settings that are *user provided*, then injected into the page.
+You may wish to exclude fetching this data if not authorized or to slim the page
+size.
+
+```ts
+router.get(
+  { path: '/', validate: false },
+  (context, request, response) => {
+    const { http, rendering } = context.core;
+
+    return response.ok({
+      body: await rendering.render({ includeUserSettings: false }),
+      headers: {
+        'content-security-policy': http.csp.header,
+      },
+    });
+  }
+);
+```
@@ -59,7 +59,6 @@ kibana_vars=(
     path.data
     pid.file
     regionmap
-    regionmap.includeElasticMapsService
     server.basePath
     server.customResponseHeaders
     server.defaultRoute
 
@@ -480,18 +480,21 @@ export class DashboardAppController {
           language:
             localStorage.get('kibana.userQueryLanguage') || config.get('search:queryLanguage'),
         },
-        []
+        queryFilter.getGlobalFilters()
       );
       // Making this method sync broke the updates.
       // Temporary fix, until we fix the complex state in this file.
-      setTimeout(queryFilter.removeAll, 0);
+      setTimeout(() => {
+        queryFilter.setFilters(queryFilter.getGlobalFilters());
+      }, 0);
     };
 
     const updateStateFromSavedQuery = (savedQuery: SavedQuery) => {
-      dashboardStateManager.applyFilters(
-        savedQuery.attributes.query,
-        savedQuery.attributes.filters || []
-      );
+      const savedQueryFilters = savedQuery.attributes.filters || [];
+      const globalFilters = queryFilter.getGlobalFilters();
+      const allFilters = [...globalFilters, ...savedQueryFilters];
+
+      dashboardStateManager.applyFilters(savedQuery.attributes.query, allFilters);
       if (savedQuery.attributes.timefilter) {
         timefilter.setTime({
           from: savedQuery.attributes.timefilter.from,
@@ -504,7 +507,7 @@ export class DashboardAppController {
       // Making this method sync broke the updates.
       // Temporary fix, until we fix the complex state in this file.
       setTimeout(() => {
-        queryFilter.setFilters(savedQuery.attributes.filters || []);
+        queryFilter.setFilters(allFilters);
       }, 0);
     };
 
 
@@ -1000,15 +1000,17 @@ function discoverController(
       query: '',
       language: localStorage.get('kibana.userQueryLanguage') || config.get('search:queryLanguage'),
     };
-    filterManager.removeAll();
+    filterManager.setFilters(filterManager.getGlobalFilters());
     $state.save();
     $scope.fetch();
   };
 
   const updateStateFromSavedQuery = savedQuery => {
     $state.query = savedQuery.attributes.query;
     $state.save();
-    filterManager.setFilters(savedQuery.attributes.filters || []);
+    const savedQueryFilters = savedQuery.attributes.filters || [];
+    const globalFilters = filterManager.getGlobalFilters();
+    filterManager.setFilters([...globalFilters, ...savedQueryFilters]);
 
     if (savedQuery.attributes.timefilter) {
       timefilter.setTime({
 
@@ -501,7 +501,7 @@ function VisualizeAppController(
       language:
         localStorage.get('kibana.userQueryLanguage') || uiSettings.get('search:queryLanguage'),
     };
-    queryFilter.removeAll();
+    queryFilter.setFilters(queryFilter.getGlobalFilters());
     $state.save();
     $scope.fetch();
   };
@@ -510,7 +510,9 @@ function VisualizeAppController(
     $state.query = savedQuery.attributes.query;
     $state.save();
 
-    queryFilter.setFilters(savedQuery.attributes.filters || []);
+    const savedQueryFilters = savedQuery.attributes.filters || [];
+    const globalFilters = queryFilter.getGlobalFilters();
+    queryFilter.setFilters([...globalFilters, ...savedQueryFilters]);
 
     if (savedQuery.attributes.timefilter) {
       timefilter.setTime({
 
@@ -13,6 +13,7 @@ import {
   savedObjectsClientMock,
   loggingServiceMock,
 } from '../../../../../../src/core/server/mocks';
+import { createEventLoggerMock } from '../../../../../plugins/event_log/server/event_logger.mock';
 
 const actionExecutor = new ActionExecutor();
 const savedObjectsClient = savedObjectsClientMock.create();
@@ -58,6 +59,7 @@ actionExecutor.initialize({
   getServices,
   actionTypeRegistry,
   encryptedSavedObjectsPlugin,
+  eventLogger: createEventLoggerMock(),
 });
 
 beforeEach(() => jest.resetAllMocks());