-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Reporting] Clarify deprecation changes of the roles settings #121349
Changes from 1 commit
197fa77
25b15aa
294db45
eb92a78
65a7142
260b1ee
dd356f2
7880ec4
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -30,38 +30,32 @@ export const config: PluginConfigDescriptor<ReportingConfigType> = { | |
configPath: `${fromPath}.roles.enabled`, | ||
level: 'warning', | ||
title: i18n.translate('xpack.reporting.deprecations.reportingRoles.title', { | ||
defaultMessage: 'Setting "{fromPath}.roles" is deprecated', | ||
defaultMessage: 'The [{fromPath}.roles] setting is deprecated', | ||
values: { fromPath }, | ||
}), | ||
// TODO: once scheduled reports is released, restate this to say that we have no access to scheduled reporting. | ||
// https://github.com/elastic/kibana/issues/79905 | ||
message: i18n.translate('xpack.reporting.deprecations.reportingRoles.description', { | ||
defaultMessage: | ||
`Use Kibana application privileges to grant reporting privileges.` + | ||
` Using "{fromPath}.roles.allow" to grant reporting privileges` + | ||
` is deprecated.` + | ||
` The "{fromPath}.roles.enabled" setting will default to false` + | ||
` in a future release.`, | ||
values: { fromPath }, | ||
`The default mechanism for Reporting privilege will work differently in future versions,` + | ||
` which will affect the behavior of this cluster. Set [xpack.reporting.roles.enabled] to` + | ||
` [false] to adopt the future behavior before upgrading.`, | ||
}), | ||
correctiveActions: { | ||
manualSteps: [ | ||
i18n.translate('xpack.reporting.deprecations.reportingRoles.manualStepOne', { | ||
defaultMessage: `Set "xpack.reporting.roles.enabled" to "false" in kibana.yml.`, | ||
}), | ||
i18n.translate('xpack.reporting.deprecations.reportingRoles.manualStepOnePartOne', { | ||
defaultMessage: `Remove "xpack.reporting.roles.allow" to "false" in kibana.yml, if present.`, | ||
defaultMessage: `Set [xpack.reporting.roles.enabled] to [false] in kibana.yml.`, | ||
}), | ||
i18n.translate('xpack.reporting.deprecations.reportingRoles.manualStepTwo', { | ||
defaultMessage: `Remove [xpack.reporting.roles.allow] in kibana.yml, if present.`, | ||
}), | ||
i18n.translate('xpack.reporting.deprecations.reportingRoles.manualStepThree', { | ||
defaultMessage: | ||
`Create one or more roles that grant the Kibana application` + | ||
` privilege for reporting from **Management > Security > Roles**.`, | ||
}), | ||
i18n.translate('xpack.reporting.deprecations.reportingRoles.manualStepThree', { | ||
defaultMessage: | ||
`Grant reporting privileges to users by assigning one of the new roles.` + | ||
` Users assigned a reporting role specified in "xpack.reporting.roles.allow"` + | ||
` will no longer have reporting privileges, they must be assigned an application privilege based role.`, | ||
i18n.translate('xpack.reporting.deprecations.reportingRoles.manualStepFour', { | ||
defaultMessage: `Grant reporting privileges to users by assigning one of the new roles.`, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is it clear to users what the new roles are? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. the new roles must be created by the admin |
||
}), | ||
], | ||
}, | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -57,32 +57,39 @@ async function getUsersDeprecations( | |
): Promise<DeprecationsDetails[]> { | ||
const usingDeprecatedConfig = !reportingCore.getContract().usesUiCapabilities(); | ||
const strings = { | ||
title: i18n.translate('xpack.reporting.deprecations.reportingRoleUsersTitle', { | ||
title: i18n.translate('xpack.reporting.deprecations.reportingRoleUsers.title', { | ||
defaultMessage: 'The "{reportingUserRoleName}" role is deprecated: check user roles', | ||
values: { reportingUserRoleName: REPORTING_USER_ROLE_NAME }, | ||
}), | ||
message: i18n.translate('xpack.reporting.deprecations.reportingRoleUsersMessage', { | ||
message: i18n.translate('xpack.reporting.deprecations.reportingRoleUsers.description', { | ||
defaultMessage: | ||
'Existing users have their Reporting privilege granted by a deprecated setting.', | ||
`The default mechanism for Reporting privilege will work differently in future versions, and` + | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same comment as above. Singular or plural for Reporting privilege. |
||
` this cluster contains users who have a deprecated role for this privilege.` + | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. "has" instead of "contains"? contains makes me think that users are inside of the clusters. |
||
` Set [xpack.reporting.roles.enabled] to [false] to adopt the future behavior before upgrading.`, | ||
}), | ||
manualSteps: (usersRoles: string) => [ | ||
...(usingDeprecatedConfig | ||
? [ | ||
i18n.translate('xpack.reporting.deprecations.reportingRoleUsers.manualStepOne', { | ||
defaultMessage: 'Set "xpack.reporting.roles.enabled: false" in kibana.yml.', | ||
defaultMessage: 'Set [xpack.reporting.roles.enabled] to [false] in kibana.yml.', | ||
}), | ||
i18n.translate('xpack.reporting.deprecations.reportingRoleUsers.manualStepTwo', { | ||
defaultMessage: 'Remove "xpack.reporting.roles.allow" in kibana.yml, if present.', | ||
defaultMessage: 'Remove [xpack.reporting.roles.allow] in kibana.yml, if present.', | ||
}), | ||
] | ||
: []), | ||
|
||
i18n.translate('xpack.reporting.deprecations.reportingRoleUsers.manualStepThree', { | ||
defaultMessage: 'Create a custom role with Kibana privileges to grant access to Reporting.', | ||
defaultMessage: | ||
`Create one or more roles that grant the Kibana application` + | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Would this work? Go to Management > Security > Roles to create or more roles that grant the Kibana application privilege for Reporting. Elsewhere, you use Reporting (capital R). Is that correct here? |
||
` privilege for reporting from **Management > Security > Roles**.`, | ||
}), | ||
i18n.translate('xpack.reporting.deprecations.reportingRoleUsers.manualStepFour', { | ||
defaultMessage: `Grant reporting privileges to users by assigning one of the new roles.`, | ||
}), | ||
i18n.translate('xpack.reporting.deprecations.reportingRoleUsers.manualStepFive', { | ||
defaultMessage: | ||
'Remove the "reporting_user" role from all users and add the custom role. The affected users are: {usersRoles}.', | ||
'Remove the "reporting_user" role from all users and add the custom role. The affected users are: [{usersRoles}].', | ||
values: { usersRoles }, | ||
}), | ||
], | ||
|
@@ -136,18 +143,21 @@ async function getRoleMappingsDeprecations( | |
): Promise<DeprecationsDetails[]> { | ||
const usingDeprecatedConfig = !reportingCore.getContract().usesUiCapabilities(); | ||
const strings = { | ||
title: i18n.translate('xpack.reporting.deprecations.reportingRoleMappingsTitle', { | ||
title: i18n.translate('xpack.reporting.deprecations.reportingRoleMappings.title', { | ||
defaultMessage: 'The "{reportingUserRoleName}" role is deprecated: check role mappings', | ||
values: { reportingUserRoleName: REPORTING_USER_ROLE_NAME }, | ||
}), | ||
message: i18n.translate('xpack.reporting.deprecations.reportingRoleMappingsMessage', { | ||
defaultMessage: 'Existing roles are mapped to a deprecated role for Reporting privileges', | ||
message: i18n.translate('xpack.reporting.deprecations.reportingRoleMappings.description', { | ||
defaultMessage: | ||
`The default mechanism for Reporting privilege will work differently in future versions, and` + | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same comment as above. Singular or plural? |
||
` this cluster contains role mappings that are mapped to a deprecated role for this privilege.` + | ||
` Set [xpack.reporting.roles.enabled] to [false] to adopt the future behavior before upgrading.`, | ||
}), | ||
manualSteps: (roleMappings: string) => [ | ||
...(usingDeprecatedConfig | ||
? [ | ||
i18n.translate('xpack.reporting.deprecations.reportingRoleMappings.manualStepOne', { | ||
defaultMessage: 'Set "xpack.reporting.roles.enabled: false" in kibana.yml.', | ||
defaultMessage: `Set [xpack.reporting.roles.enabled] to [false] in kibana.yml.`, | ||
}), | ||
i18n.translate('xpack.reporting.deprecations.reportingRoleMappings.manualStepTwo', { | ||
defaultMessage: 'Remove "xpack.reporting.roles.allow" in kibana.yml, if present.', | ||
|
@@ -156,11 +166,17 @@ async function getRoleMappingsDeprecations( | |
: []), | ||
|
||
i18n.translate('xpack.reporting.deprecations.reportingRoleMappings.manualStepThree', { | ||
defaultMessage: 'Create a custom role with Kibana privileges to grant access to Reporting.', | ||
defaultMessage: | ||
`Create one or more roles that grant the Kibana application` + | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same comment as above. |
||
` privilege for reporting from **Management > Security > Roles**.`, | ||
}), | ||
i18n.translate('xpack.reporting.deprecations.reportingRoleMappings.manualStepFour', { | ||
defaultMessage: `Grant reporting privileges to users by assigning one of the new roles.`, | ||
}), | ||
i18n.translate('xpack.reporting.deprecations.reportingRoleMappings.manualStepFive', { | ||
defaultMessage: | ||
'Remove the "reporting_user" role from all role mappings and add the custom role. The affected role mappings are: {roleMappings}.', | ||
'Remove the "reporting_user" role from all role mappings and add the custom role.' + | ||
' The affected role mappings are: {roleMappings}.', | ||
values: { roleMappings }, | ||
}), | ||
], | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
either "the Reporting privilege" or "Reporting privileges"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. I'll go with
Reporting privileges