Use "critical" deprecation level for elasticsearch.username: elastic
configuration
#122704
Labels
chore
Feature:Upgrade Assistant
impact:needs-assessment
Product and/or Engineering needs to evaluate the impact of the change.
loe:small
Small Level of Effort
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
In #51101, we outlined our intent to prevent Kibana from authenticating to Elasticsearch using the
elastic
superuser in production. (We already prevent this in dev mode)At first we'd hoped to make that breaking change in the 8.0 release, but we decided to defer it along with several other planned breaking changes.
Now, elastic/elasticsearch#81400 will change the superuser role to remove write access to system indices. That will implicitly prevent Kibana from using the
elastic
superuser to authenticate to Elasticsearch, since Kibana needs to be able to write to system indices.In #115241, we made a change to treat this as a "warning" deprecation level in the Upgrade Assistant. We need to instead treat it as a "critical" deprecation level in the 7.17 release, because this configuration will no longer work starting in 8.0.
The text was updated successfully, but these errors were encountered: