[7.x] Expand scope of xpack.security.enabled deprecation warning (#11…

…1676) Show deprecation message not only if "xpack.security.enabled" is false, but just if it's set (no matter the value). Also improves the deprecation message to align with new guidelines. Co-authored-by: Adam Locke <adam.locke@elastic.co>
elastic · Sep 15, 2021 · a905e3a · a905e3a
1 parent fd17b59
commit a905e3a
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 7 deletions.
diff --git a/x-pack/plugins/security/server/config_deprecations.test.ts b/x-pack/plugins/security/server/config_deprecations.test.ts
@@ -391,12 +391,12 @@ describe('Config Deprecations', () => {
     expect(migrated).toEqual(config);
     expect(messages).toMatchInlineSnapshot(`
       Array [
-        "Disabling the security plugin \\"xpack.security.enabled\\" will only be supported by disable security in Elasticsearch.",
+        "Enabling or disabling the Security plugin in Kibana is deprecated. Configure security in Elasticsearch instead.",
       ]
     `);
   });
 
-  it('does not warn when the security plugin is enabled', () => {
+  it('warns when the security plugin is enabled', () => {
     const config = {
       xpack: {
         security: {
@@ -407,6 +407,23 @@ describe('Config Deprecations', () => {
     };
     const { messages, migrated } = applyConfigDeprecations(cloneDeep(config));
     expect(migrated).toEqual(config);
+    expect(messages).toMatchInlineSnapshot(`
+      Array [
+        "Enabling or disabling the Security plugin in Kibana is deprecated. Configure security in Elasticsearch instead.",
+      ]
+    `);
+  });
+
+  it("does not warn when xpack.security.enabled isn't set", () => {
+    const config = {
+      xpack: {
+        security: {
+          session: { idleTimeout: 123, lifespan: 345 },
+        },
+      },
+    };
+    const { messages, migrated } = applyConfigDeprecations(cloneDeep(config));
+    expect(migrated).toEqual(config);
     expect(messages).toHaveLength(0);
   });
 });
diff --git a/x-pack/plugins/security/server/config_deprecations.ts b/x-pack/plugins/security/server/config_deprecations.ts
@@ -136,22 +136,25 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({
     }
   },
   (settings, fromPath, addDeprecation) => {
-    if (settings?.xpack?.security?.enabled === false) {
+    if ('enabled' in (settings?.xpack?.security || {})) {
       addDeprecation({
         title: i18n.translate('xpack.security.deprecations.enabledTitle', {
-          defaultMessage: 'Disabling the security plugin "xpack.security.enabled" is deprecated',
+          defaultMessage: 'Setting "xpack.security.enabled" is deprecated',
         }),
         message: i18n.translate('xpack.security.deprecations.enabledMessage', {
           defaultMessage:
-            'Disabling the security plugin "xpack.security.enabled" will only be supported by disable security in Elasticsearch.',
+            'Enabling or disabling the Security plugin in Kibana is deprecated. Configure security in Elasticsearch instead.',
         }),
+        documentationUrl:
+          'https://www.elastic.co/guide/en/elasticsearch/reference/current/secure-cluster.html',
         correctiveActions: {
           manualSteps: [
             i18n.translate('xpack.security.deprecations.enabled.manualStepOneMessage', {
-              defaultMessage: `Remove "xpack.security.enabled" from your Kibana configuration.`,
+              defaultMessage: 'Remove "xpack.security.enabled" from kibana.yml.',
             }),
             i18n.translate('xpack.security.deprecations.enabled.manualStepTwoMessage', {
-              defaultMessage: `To turn off security features, disable them in Elasticsearch instead.`,
+              defaultMessage:
+                'Set "xpack.security.enabled" to true or false in elasticsearch.yml to enable or disable security.',
             }),
           ],
         },