-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update security deprecation message #82128
Conversation
Pinging @elastic/es-security (Team:Security) |
Pinging @elastic/es-docs (Team:Docs) |
"Security is enabled by default for all licenses", | ||
"https://ela.st/es-deprecation-7-implicitly-disabled-security", | ||
"Security features are enabled by default for all licenses in versions 8.0 and later", | ||
"https://ela.st/es-deprecation-7-security-basic-setup", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we sure about that change?
Our standard behaviour is for these to link to the migration guide which can then include links to other setup instructions. I'm not sure we should link straight to the basic setup guide.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The current link points to the migration guide line:
The default behavior of disabling security on basic and trial licenses is deprecated
If users figure out that this line can be expanded by clicking on the bullet point arrow (that I don't feel is so straightforward if you are not familiar with our migration guide), they will get:
Currently, security features are disabled when operating on a basic or trial license when xpack.security.enabled has not been explicitly set to true. This behavior is now deprecated. In version 8.0.0, security features will be enabled by default for all licenses, unless explicitly disabled (by setting xpack.security.enabled to false).
I don't feel that this is enough to:
- raise awareness that security features must be enabled explicitly by the user, and where to go to get more instructions
- discourage disabling security, that would be the simplest option from this message otherwise
I'm not strongly opposed to link the migration guide, even if I found that other deprecation entries link directly to documentation so I'm not sure about the standard guideline.
If this is our choice, we should ensure that the migration guide text is solving the two issues above.
What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should put effort into fixing the migration guide so it tells people what they need to know, rather than bypassing it.
I agree that this section of the migration guide actually doesn't provide the right information, but I would hope we can fix that and then continue link to it from the deprecation logs.
The deprecation logs tell you something is changing. The "more info" section should link to something that explains what is changing and how to resolve it. The security setup instructions aren't that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got it, we can improve the migration guide in a follow up PR. I restored the original link.
@elasticmachine update branch |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This change clarifies the deprecation message that the Upgrade Assistant shows when the
xpack.security.enabled
setting is not explicitly set.We also need to ensure that the linked migration guide clearly explains how to enable security: #82677