-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[7.x] Expand scope of xpack.security.enabled deprecation warning #111676
[7.x] Expand scope of xpack.security.enabled deprecation warning #111676
Conversation
Show deprecation message not only if "xpack.security.enabled" is false, but just if it's set (no matter the value). Also improves the deprecation message to align with new guidelines.
}), | ||
documentationUrl: | ||
'https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#general-security-settings', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once v8.0.0 is released current
is going to refer to this version, in which we'll probably remove the section of the documentation we're linking to here. Shouldn't we instead update this link to be "fixed" to the 7.x
branch somehow? For example:
'https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#general-security-settings', | |
'https://www.elastic.co/guide/en/kibana/7.x/security-settings-kb.html#general-security-settings', |
The downside of this is that it will show this warning in the top of the page:
Alternatively we could set it to 7.16
instead, but that will be 404 until that version is released 🤷
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, normally I'd say you should use the DocLinksService, but there is no server-side counterpart for that plugin.
It looks like this just uses the branch
from the packageInfo
to generate these URLs. You can get this in the security plugin like this:
diff --git a/x-pack/plugins/security/server/plugin.ts b/x-pack/plugins/security/server/plugin.ts
index 1873ca42324..85a21b42074 100644
--- a/x-pack/plugins/security/server/plugin.ts
+++ b/x-pack/plugins/security/server/plugin.ts
@@ -188,6 +188,7 @@ export class SecurityPlugin
constructor(private readonly initializerContext: PluginInitializerContext) {
this.logger = this.initializerContext.logger.get();
+ const branch = this.initializerContext.env.packageInfo.branch;
}
public setup(
then you'll need to pass that variable down to the config deprecations to use it there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The URLs need to be pinned to the branch. Hardcoding links to master or 7.x is like linking to quicksand.
I'm concerned that we have links that are hardcoded in place. Is it possible to move this (and similar links) to a resource file so that we can test them as part of the doc build? Otherwise, it's entirely possible for doc changes to cause links like this that appear in Kibana to 404.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it's worth linking to this topic, TBH. It doesn't tell them anything about what they need to do. Sending them to the top of the Security docs would be more helpful. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/secure-cluster.html
@lockewritesdocs is actively working on the story around Security being on by default in 8.0. This might be an area where we need to provide explicit info about handling the changes between 7.16 and 8.0. (Which would then be an ideal target for this link.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My intent with this link was to send users to a doc explaining how to configure Elasticsearch to do what the deprecated config option in Kibana is doing. I know that technically I link to the Kibana docs and that you have to click a link there to go to the corresponding Elasticsearch docs, but I thought it would then be telling the whole story that way (this is the page they would end up on if they followed the link in the Kibana docs: https://www.elastic.co/guide/en/elasticsearch/reference/7.14/security-settings.html#general-security-settings)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jportner -- apologies, I crossed my wires on this one. Been working on 8.0 stuff. Yes, for 7.16 we should link to the 7.16 version of that page, which we will update to indicate that security is not enabled by default, and that users should explicitly configure it. We're updating all of the product Download pages for 7.15 with this same message, and a link to the docs for how to configure security. Security wasn't ever on by default (even before 7.15), but we basically want to say, "Security isn't enabled. We suggest that you enable it, because that keeps your data and anything connected to Elasticsearch safer. Here's a link to go enable security, unless you really don't want to." I'm going to get a PR in place for that change now and mark it for 7.15, and also apply to 7.x.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest that I update this URL to point to what we want in "current" and then make an issue to expose the current branch to ConfigDeprecationProvider
functions in general as this isn't something that's only needed for this file. Then that will not be a blocker for this PR - and since we already have several URLs in this file that link to "current", we're not really making it any worse by adding this one either.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, according with my comment above, I've now updated the URL to be:
https://www.elastic.co/guide/en/elasticsearch/reference/current/secure-cluster.html
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We spoke offline but I wanted to mention here that
I suggest that I update this URL to point to what we want in "current" and then make an issue to expose the current branch to
ConfigDeprecationProvider
functions in general as this isn't something that's only needed for this file. Then that will not be a blocker for this PR - and since we already have several URLs in this file that link to "current", we're not really making it any worse by adding this one either.
👍 👍 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've created an issue for it now: #112221
I wasn't sure which team to assign it to, so I've left that blank for now.
}), | ||
documentationUrl: | ||
'https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#general-security-settings', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The URLs need to be pinned to the branch. Hardcoding links to master or 7.x is like linking to quicksand.
I'm concerned that we have links that are hardcoded in place. Is it possible to move this (and similar links) to a resource file so that we can test them as part of the doc build? Otherwise, it's entirely possible for doc changes to cause links like this that appear in Kibana to 404.
}), | ||
documentationUrl: | ||
'https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#general-security-settings', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it's worth linking to this topic, TBH. It doesn't tell them anything about what they need to do. Sending them to the top of the Security docs would be more helpful. https://www.elastic.co/guide/en/elasticsearch/reference/7.x/secure-cluster.html
@lockewritesdocs is actively working on the story around Security being on by default in 8.0. This might be an area where we need to provide explicit info about handling the changes between 7.16 and 8.0. (Which would then be an ideal target for this link.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@watson, I suggested some changes to move the user actions (updating the yml files) to the Fix manually steps. The introductory sentences can then be more general. Thank you for iterating!
Co-authored-by: Adam Locke <adam.locke@elastic.co>
💚 Build SucceededMetrics [docs]
History
To update your PR or re-run it, just comment with: cc @watson |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🥳 Looks great!
* [DOCS] Adds 7.16.0 release notes * Updates aggregation-based link * Updates aggregation-based link * Updates aggregation-based link * Updates aggregation-based link * Adds #119079 to bug fixes * Updates aggregation-based link * Link fix * Update docs/CHANGELOG.asciidoc Co-authored-by: Greg Back <1045796+gtback@users.noreply.github.com> * Fixes breaking changes links * Adds Osquery breaking change * Links * Edits ML PR list * More ML edits * Updates with review comments * Removes #111676 * Update docs/CHANGELOG.asciidoc Co-authored-by: DeDe Morton <dede.morton@elastic.co> * Update docs/CHANGELOG.asciidoc Co-authored-by: DeDe Morton <dede.morton@elastic.co> * Update docs/CHANGELOG.asciidoc Co-authored-by: DeDe Morton <dede.morton@elastic.co> * Update docs/CHANGELOG.asciidoc Co-authored-by: DeDe Morton <dede.morton@elastic.co> * Update docs/CHANGELOG.asciidoc Co-authored-by: DeDe Morton <dede.morton@elastic.co> * Observability review comments * Update docs/CHANGELOG.asciidoc Co-authored-by: Brandon Morelli <bmorelli25@gmail.com> * Update docs/CHANGELOG.asciidoc Co-authored-by: Brandon Morelli <bmorelli25@gmail.com> * Update docs/CHANGELOG.asciidoc Co-authored-by: Brandon Morelli <bmorelli25@gmail.com> * Update docs/CHANGELOG.asciidoc Co-authored-by: Brandon Morelli <bmorelli25@gmail.com> * Fixes deprecation link Co-authored-by: Greg Back <1045796+gtback@users.noreply.github.com> Co-authored-by: lcawl <lcawley@elastic.co> Co-authored-by: DeDe Morton <dede.morton@elastic.co> Co-authored-by: Brandon Morelli <bmorelli25@gmail.com>
This PR takes care of the 7.x part of #54023.
Show deprecation message not only if
xpack.security.enabled
isfalse
, but just if it's set (no matter the value).Also improves the deprecation message to align with new guidelines.
Release note
Deprecates setting the xpack.security.enabled config option for Kibana. This should instead be controlled via the similarly named config option in Elasticsearch.