Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use "critical" deprecation level for elasticsearch.username: elastic configuration #122704

Closed
jportner opened this issue Jan 11, 2022 · 1 comment · Fixed by #122717
Closed

Use "critical" deprecation level for elasticsearch.username: elastic configuration #122704

jportner opened this issue Jan 11, 2022 · 1 comment · Fixed by #122717
Labels
chore Feature:Upgrade Assistant impact:needs-assessment Product and/or Engineering needs to evaluate the impact of the change. loe:small Small Level of Effort Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@jportner
Copy link
Contributor

jportner commented Jan 11, 2022

In #51101, we outlined our intent to prevent Kibana from authenticating to Elasticsearch using the elastic superuser in production. (We already prevent this in dev mode)

At first we'd hoped to make that breaking change in the 8.0 release, but we decided to defer it along with several other planned breaking changes.

Now, elastic/elasticsearch#81400 will change the superuser role to remove write access to system indices. That will implicitly prevent Kibana from using the elastic superuser to authenticate to Elasticsearch, since Kibana needs to be able to write to system indices.

In #115241, we made a change to treat this as a "warning" deprecation level in the Upgrade Assistant. We need to instead treat it as a "critical" deprecation level in the 7.17 release, because this configuration will no longer work starting in 8.0.

@jportner jportner added chore Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! Feature:Upgrade Assistant labels Jan 11, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
chore Feature:Upgrade Assistant impact:needs-assessment Product and/or Engineering needs to evaluate the impact of the change. loe:small Small Level of Effort Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants