Update security deprecation message #82128
Conversation
bytebilly
added
>docs
|
Pinging @elastic/es-security (Team:Security) |
|
Pinging @elastic/es-docs (Team:Docs) |
| "Security is enabled by default for all licenses", | ||
| "https://ela.st/es-deprecation-7-implicitly-disabled-security", | ||
| "Security features are enabled by default for all licenses in versions 8.0 and later", | ||
| "https://ela.st/es-deprecation-7-security-basic-setup", |
There was a problem hiding this comment.
Are we sure about that change?
Our standard behaviour is for these to link to the migration guide which can then include links to other setup instructions. I'm not sure we should link straight to the basic setup guide.
There was a problem hiding this comment.
The current link points to the migration guide line:
The default behavior of disabling security on basic and trial licenses is deprecated
If users figure out that this line can be expanded by clicking on the bullet point arrow (that I don't feel is so straightforward if you are not familiar with our migration guide), they will get:
Currently, security features are disabled when operating on a basic or trial license when xpack.security.enabled has not been explicitly set to true. This behavior is now deprecated. In version 8.0.0, security features will be enabled by default for all licenses, unless explicitly disabled (by setting xpack.security.enabled to false).
I don't feel that this is enough to:
- raise awareness that security features must be enabled explicitly by the user, and where to go to get more instructions
- discourage disabling security, that would be the simplest option from this message otherwise
I'm not strongly opposed to link the migration guide, even if I found that other deprecation entries link directly to documentation so I'm not sure about the standard guideline.
If this is our choice, we should ensure that the migration guide text is solving the two issues above.
What do you think?
There was a problem hiding this comment.
I think we should put effort into fixing the migration guide so it tells people what they need to know, rather than bypassing it.
I agree that this section of the migration guide actually doesn't provide the right information, but I would hope we can fix that and then continue link to it from the deprecation logs.
The deprecation logs tell you something is changing. The "more info" section should link to something that explains what is changing and how to resolve it. The security setup instructions aren't that.
There was a problem hiding this comment.
Got it, we can improve the migration guide in a follow up PR. I restored the original link.
|
@elasticmachine update branch |
This change clarifies the deprecation message that the Upgrade Assistant shows when the
xpack.security.enabledsetting is not explicitly set.We also need to ensure that the linked migration guide clearly explains how to enable security: #82677