[Meta] Platform Security team - 8.0 upgrade work

[jportner]

This is a meta-issue to describe all of the user-facing work that needs to be done by our team for the 8.0 upgrade. There are two main things:

1. 7.x branch: Ensure that the 8.0 upgrade assistant accurately reflects all of the deprecations
   • Each deprecation should be set at the appropriate level (critical if it blocks the upgrade, warning if not)
   • Each deprecation should correctly describe when the breaking change will take effect (8.0, or a future version)
   • The copy (text) should be reviewed with the docs team
   • Any automation to fix the problem (correctiveActions.api registered in the DeprecationsService) should be implemented and tested
2. master branch: Ensure that, for breaking changes that take effect in 8.0, all appropriate code is removed

Assigned	What's breaking	When	Issues	PRs	7.x done	master done
@watson / @legrego	Remove legacy audit logging	8.0	#82578	#114995 #116191 #116282	✅	✅
@watson / @jportner	Prevent disabling the spaces plugin	8.0	#82467	#112242 #115283	✅	✅
@watson	Prevent disabling the security plugin	8.0	#54023	#111676 #111681	✅	✅
Core team	Prevent disabling the encryptedSavedObjects plugin	8.0	#89584	#112602 #113495	✅	✅
@watson @legrego / @XavierM	Include ML feature in base privileges	8.0	#71422	#115445 #115444	✅	✅
@XavierM	Change Cases sub-feature to be a top-level feature	8.0	#109158	#113172 #113151 #112980 #113573 #115992	✅	✅
@azasypkin	Add defaults for xpack.security.session.{lifespan,idleTimeout}	8.0	#81747	#106061 #106673 #115020	✅	✅
@azasypkin	Remove kibana_dashboard_only_user role in favor of Kibana feature privileges	8.0	#54755	#108103 #110960	✅	✅
@azasypkin	Remove kibana_user role in favor of kibana_admin role	Future	#42853 #81674	#110960	✅	N/A
@jportner	Remove old authentication config	Future	#82113	#110835 #115241	✅	N/A
@jportner	Forbid using elasticsearch.ssl.certificate without elasticsearch.ssl.key and vice versa	Future	#81746	#115241	✅	N/A
@jportner	Remove kibana user in favor of kibana_system user	Future	#81680	#115241	✅	N/A
@jportner	Forbid elasticsearch.username: elastic in production	Future	#51101	#115241	✅	N/A

See also, Stack Management team's meta-issue: #109166

Note, there are other deprecations that we have (such as SAML API callback routes) but since they don't need any changes to 7.x or master for the 8.0 release, they are not listed here.

Blocked by:

• [Deprecation service] Expose level field to config deprecations #110603 <-- this will allow us to set a config deprecation to the warning level

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)

[watson]

FYI: Just assigned y'all so it's easier to find this issue by just looking at your assigned issues - hope it's ok 😄

[jportner]

We have all the required changes in, we can finally close this issue! Thanks to everyone who contributed!