From 8aa7b32075c2361c6e7064b664b0d14770ddbf1e Mon Sep 17 00:00:00 2001 From: Joe Portner <5295965+jportner@users.noreply.github.com> Date: Mon, 30 Aug 2021 15:35:41 -0400 Subject: [PATCH] Change legacy audit logger deprecation warning This is currently showing as a "Critical" issue in the upgrade assistant. However, we have decided not to remove the legacy audit logger in the 8.0 release. So I am leaving this deprecated in the docs "for an upcoming version", but removing the deprecation warning in the config, since we cannot currently mark this as a non-critical issue. --- docs/settings/security-settings.asciidoc | 2 +- .../server/config_deprecations.test.ts | 65 ------------------- .../security/server/config_deprecations.ts | 17 ----- 3 files changed, 1 insertion(+), 83 deletions(-) diff --git a/docs/settings/security-settings.asciidoc b/docs/settings/security-settings.asciidoc index 69f255f36105e..dbeab8aa81407 100644 --- a/docs/settings/security-settings.asciidoc +++ b/docs/settings/security-settings.asciidoc @@ -371,7 +371,7 @@ xpack.security.audit.appender.type: rolling-file [NOTE] ============ -deprecated:[7.15.0,"In 8.0 and later, the legacy audit logger will be removed, and this setting will enable the ECS audit logger with a default appender."] To enable the legacy audit logger only specify: +deprecated:[7.15.0,"The legacy audit logger will be removed in an upcoming version, and this setting will enable the ECS audit logger with a default appender."] To enable the legacy audit logger only specify: [source,yaml] ---------------------------------------- diff --git a/x-pack/plugins/security/server/config_deprecations.test.ts b/x-pack/plugins/security/server/config_deprecations.test.ts index 2043eb9a183c2..51cc60edb9135 100644 --- a/x-pack/plugins/security/server/config_deprecations.test.ts +++ b/x-pack/plugins/security/server/config_deprecations.test.ts @@ -205,71 +205,6 @@ describe('Config Deprecations', () => { `); }); - it('warns when using the legacy audit logger', () => { - const config = { - xpack: { - security: { - session: { idleTimeout: 123, lifespan: 345 }, - audit: { - enabled: true, - }, - }, - }, - }; - const { messages, migrated } = applyConfigDeprecations(cloneDeep(config)); - expect(migrated.xpack.security.audit.appender).not.toBeDefined(); - expect(messages).toMatchInlineSnapshot(` - Array [ - "The legacy audit logger is deprecated in favor of the new ECS-compliant audit logger.", - ] - `); - }); - - it('does not warn when using the ECS audit logger', () => { - const config = { - xpack: { - security: { - session: { idleTimeout: 123, lifespan: 345 }, - audit: { - enabled: true, - appender: { - type: 'file', - fileName: './audit.log', - }, - }, - }, - }, - }; - const { messages, migrated } = applyConfigDeprecations(cloneDeep(config)); - expect(migrated).toEqual(config); - expect(messages).toHaveLength(0); - }); - - it('does not warn about using the legacy logger when using the ECS audit logger, even when using the deprecated ECS appender config', () => { - const config = { - xpack: { - security: { - session: { idleTimeout: 123, lifespan: 345 }, - audit: { - enabled: true, - appender: { - type: 'file', - path: './audit.log', - }, - }, - }, - }, - }; - const { messages, migrated } = applyConfigDeprecations(cloneDeep(config)); - expect(migrated.xpack.security.audit.appender.path).not.toBeDefined(); - expect(migrated.xpack.security.audit.appender.fileName).toEqual('./audit.log'); - expect(messages).toMatchInlineSnapshot(` - Array [ - "\\"xpack.security.audit.appender.path\\" is deprecated and has been replaced by \\"xpack.security.audit.appender.fileName\\"", - ] - `); - }); - it(`warns that 'authorization.legacyFallback.enabled' is unused`, () => { const config = { xpack: { diff --git a/x-pack/plugins/security/server/config_deprecations.ts b/x-pack/plugins/security/server/config_deprecations.ts index 828625a95c291..9bd46302ba0ab 100644 --- a/x-pack/plugins/security/server/config_deprecations.ts +++ b/x-pack/plugins/security/server/config_deprecations.ts @@ -22,23 +22,6 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({ unused('authorization.legacyFallback.enabled'), unused('authc.saml.maxRedirectURLSize'), - // Deprecation warning for the legacy audit logger. - (settings, fromPath, addDeprecation) => { - const auditLoggingEnabled = settings?.xpack?.security?.audit?.enabled ?? false; - const legacyAuditLoggerEnabled = !settings?.xpack?.security?.audit?.appender; - if (auditLoggingEnabled && legacyAuditLoggerEnabled) { - addDeprecation({ - message: `The legacy audit logger is deprecated in favor of the new ECS-compliant audit logger.`, - documentationUrl: - 'https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#audit-logging-settings', - correctiveActions: { - manualSteps: [ - `Declare an audit logger "appender" via "xpack.security.audit.appender" to enable the ECS audit logger.`, - ], - }, - }); - } - }, // Deprecation warning for the old array-based format of `xpack.security.authc.providers`. (settings, fromPath, addDeprecation) => { if (Array.isArray(settings?.xpack?.security?.authc?.providers)) {