Update security deprecation messages (#115241)
This commit is contained in:
Joe Portner
GitHub
parent
0f1c7ccc98
commit
6792bdfc6d
|
|
@ -322,7 +322,7 @@ describe('deprecations', () => {
|
|||
const { messages } = applyElasticsearchDeprecations({ username: 'elastic' });
|
||||
expect(messages).toMatchInlineSnapshot(`
|
||||
Array [
|
||||
"Setting [${CONFIG_PATH}.username] to \\"elastic\\" is deprecated. You should use the \\"kibana_system\\" user instead.",
|
||||
"Kibana is configured to authenticate to Elasticsearch with the \\"elastic\\" user. Use a service account token instead.",
|
||||
]
|
||||
`);
|
||||
});
|
||||
|
|
@ -331,7 +331,7 @@ describe('deprecations', () => {
|
|||
const { messages } = applyElasticsearchDeprecations({ username: 'kibana' });
|
||||
expect(messages).toMatchInlineSnapshot(`
|
||||
Array [
|
||||
"Setting [${CONFIG_PATH}.username] to \\"kibana\\" is deprecated. You should use the \\"kibana_system\\" user instead.",
|
||||
"Kibana is configured to authenticate to Elasticsearch with the \\"kibana\\" user. Use a service account token instead.",
|
||||
]
|
||||
`);
|
||||
});
|
||||
|
|
@ -350,7 +350,7 @@ describe('deprecations', () => {
|
|||
const { messages } = applyElasticsearchDeprecations({ ssl: { key: '' } });
|
||||
expect(messages).toMatchInlineSnapshot(`
|
||||
Array [
|
||||
"Setting [${CONFIG_PATH}.ssl.key] without [${CONFIG_PATH}.ssl.certificate] is deprecated. This has no effect, you should use both settings to enable TLS client authentication to Elasticsearch.",
|
||||
"Use both \\"elasticsearch.ssl.key\\" and \\"elasticsearch.ssl.certificate\\" to enable Kibana to use Mutual TLS authentication with Elasticsearch.",
|
||||
]
|
||||
`);
|
||||
});
|
||||
|
|
@ -359,7 +359,7 @@ describe('deprecations', () => {
|
|||
const { messages } = applyElasticsearchDeprecations({ ssl: { certificate: '' } });
|
||||
expect(messages).toMatchInlineSnapshot(`
|
||||
Array [
|
||||
"Setting [${CONFIG_PATH}.ssl.certificate] without [${CONFIG_PATH}.ssl.key] is deprecated. This has no effect, you should use both settings to enable TLS client authentication to Elasticsearch.",
|
||||
"Use both \\"elasticsearch.ssl.certificate\\" and \\"elasticsearch.ssl.key\\" to enable Kibana to use Mutual TLS authentication with Elasticsearch.",
|
||||
]
|
||||
`);
|
||||
});
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
|
||||
import { schema, TypeOf } from '@kbn/config-schema';
|
||||
import { readPkcs12Keystore, readPkcs12Truststore } from '@kbn/crypto';
|
||||
import { i18n } from '@kbn/i18n';
|
||||
import { Duration } from 'moment';
|
||||
import { readFileSync } from 'fs';
|
||||
import { ConfigDeprecationProvider } from 'src/core/server';
|
||||
|
|
@ -171,49 +172,82 @@ export const configSchema = schema.object({
|
|||
});
|
||||
|
||||
const deprecations: ConfigDeprecationProvider = () => [
|
||||
(settings, fromPath, addDeprecation) => {
|
||||
(settings, fromPath, addDeprecation, { branch }) => {
|
||||
const es = settings[fromPath];
|
||||
if (!es) {
|
||||
return;
|
||||
}
|
||||
if (es.username === 'elastic') {
|
||||
|
||||
if (es.username === 'elastic' || es.username === 'kibana') {
|
||||
const username = es.username;
|
||||
addDeprecation({
|
||||
configPath: `${fromPath}.username`,
|
||||
message: `Setting [${fromPath}.username] to "elastic" is deprecated. You should use the "kibana_system" user instead.`,
|
||||
title: i18n.translate('core.deprecations.elasticsearchUsername.title', {
|
||||
defaultMessage: 'Using "elasticsearch.username: {username}" is deprecated',
|
||||
values: { username },
|
||||
}),
|
||||
message: i18n.translate('core.deprecations.elasticsearchUsername.message', {
|
||||
defaultMessage:
|
||||
'Kibana is configured to authenticate to Elasticsearch with the "{username}" user. Use a service account token instead.',
|
||||
values: { username },
|
||||
}),
|
||||
level: 'warning',
|
||||
documentationUrl: `https://www.elastic.co/guide/en/elasticsearch/reference/${branch}/service-accounts.html`,
|
||||
correctiveActions: {
|
||||
manualSteps: [`Replace [${fromPath}.username] from "elastic" to "kibana_system".`],
|
||||
},
|
||||
});
|
||||
} else if (es.username === 'kibana') {
|
||||
addDeprecation({
|
||||
configPath: `${fromPath}.username`,
|
||||
message: `Setting [${fromPath}.username] to "kibana" is deprecated. You should use the "kibana_system" user instead.`,
|
||||
correctiveActions: {
|
||||
manualSteps: [`Replace [${fromPath}.username] from "kibana" to "kibana_system".`],
|
||||
manualSteps: [
|
||||
i18n.translate('core.deprecations.elasticsearchUsername.manualSteps1', {
|
||||
defaultMessage:
|
||||
'Use the elasticsearch-service-tokens CLI tool to create a new service account token for the "elastic/kibana" service account.',
|
||||
}),
|
||||
i18n.translate('core.deprecations.elasticsearchUsername.manualSteps2', {
|
||||
defaultMessage: 'Add the "elasticsearch.serviceAccountToken" setting to kibana.yml.',
|
||||
}),
|
||||
i18n.translate('core.deprecations.elasticsearchUsername.manualSteps3', {
|
||||
defaultMessage:
|
||||
'Remove "elasticsearch.username" and "elasticsearch.password" from kibana.yml.',
|
||||
}),
|
||||
],
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
const addSslDeprecation = (existingSetting: string, missingSetting: string) => {
|
||||
addDeprecation({
|
||||
configPath: existingSetting,
|
||||
title: i18n.translate('core.deprecations.elasticsearchSSL.title', {
|
||||
defaultMessage: 'Using "{existingSetting}" without "{missingSetting}" has no effect',
|
||||
values: { existingSetting, missingSetting },
|
||||
}),
|
||||
message: i18n.translate('core.deprecations.elasticsearchSSL.message', {
|
||||
defaultMessage:
|
||||
'Use both "{existingSetting}" and "{missingSetting}" to enable Kibana to use Mutual TLS authentication with Elasticsearch.',
|
||||
values: { existingSetting, missingSetting },
|
||||
}),
|
||||
level: 'warning',
|
||||
documentationUrl: `https://www.elastic.co/guide/en/kibana/${branch}/elasticsearch-mutual-tls.html`,
|
||||
correctiveActions: {
|
||||
manualSteps: [
|
||||
i18n.translate('core.deprecations.elasticsearchSSL.manualSteps1', {
|
||||
defaultMessage: 'Add the "{missingSetting}" setting to kibana.yml.',
|
||||
values: { missingSetting },
|
||||
}),
|
||||
i18n.translate('core.deprecations.elasticsearchSSL.manualSteps2', {
|
||||
defaultMessage:
|
||||
'Alternatively, if you don\'t want to use Mutual TLS authentication, remove "{existingSetting}" from kibana.yml.',
|
||||
values: { existingSetting },
|
||||
}),
|
||||
],
|
||||
},
|
||||
});
|
||||
};
|
||||
|
||||
if (es.ssl?.key !== undefined && es.ssl?.certificate === undefined) {
|
||||
addDeprecation({
|
||||
configPath: `${fromPath}.ssl.key`,
|
||||
message: `Setting [${fromPath}.ssl.key] without [${fromPath}.ssl.certificate] is deprecated. This has no effect, you should use both settings to enable TLS client authentication to Elasticsearch.`,
|
||||
correctiveActions: {
|
||||
manualSteps: [
|
||||
`Set [${fromPath}.ssl.certificate] in your kibana configs to enable TLS client authentication to Elasticsearch.`,
|
||||
],
|
||||
},
|
||||
});
|
||||
addSslDeprecation(`${fromPath}.ssl.key`, `${fromPath}.ssl.certificate`);
|
||||
} else if (es.ssl?.certificate !== undefined && es.ssl?.key === undefined) {
|
||||
addDeprecation({
|
||||
configPath: `${fromPath}.ssl.certificate`,
|
||||
message: `Setting [${fromPath}.ssl.certificate] without [${fromPath}.ssl.key] is deprecated. This has no effect, you should use both settings to enable TLS client authentication to Elasticsearch.`,
|
||||
correctiveActions: {
|
||||
manualSteps: [
|
||||
`Set [${fromPath}.ssl.key] in your kibana configs to enable TLS client authentication to Elasticsearch.`,
|
||||
],
|
||||
},
|
||||
});
|
||||
} else if (es.logQueries === true) {
|
||||
addSslDeprecation(`${fromPath}.ssl.certificate`, `${fromPath}.ssl.key`);
|
||||
}
|
||||
|
||||
if (es.logQueries === true) {
|
||||
addDeprecation({
|
||||
configPath: `${fromPath}.logQueries`,
|
||||
message: `Setting [${fromPath}.logQueries] is deprecated and no longer used. You should set the log level to "debug" for the "elasticsearch.queries" context in "logging.loggers".`,
|
||||
|
|
|
|||
|
|
@ -67,64 +67,6 @@ describe('monitoring plugin deprecations', function () {
|
|||
});
|
||||
});
|
||||
|
||||
describe('elasticsearch.username', function () {
|
||||
it('logs a warning if elasticsearch.username is set to "elastic"', () => {
|
||||
const settings = { elasticsearch: { username: 'elastic' } };
|
||||
|
||||
const addDeprecation = jest.fn();
|
||||
transformDeprecations(settings, fromPath, addDeprecation);
|
||||
expect(addDeprecation).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('logs a warning if elasticsearch.username is set to "kibana"', () => {
|
||||
const settings = { elasticsearch: { username: 'kibana' } };
|
||||
|
||||
const addDeprecation = jest.fn();
|
||||
transformDeprecations(settings, fromPath, addDeprecation);
|
||||
expect(addDeprecation).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('does not log a warning if elasticsearch.username is set to something besides "elastic" or "kibana"', () => {
|
||||
const settings = { elasticsearch: { username: 'otheruser' } };
|
||||
|
||||
const addDeprecation = jest.fn();
|
||||
transformDeprecations(settings, fromPath, addDeprecation);
|
||||
expect(addDeprecation).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('does not log a warning if elasticsearch.username is unset', () => {
|
||||
const settings = { elasticsearch: { username: undefined } };
|
||||
|
||||
const addDeprecation = jest.fn();
|
||||
transformDeprecations(settings, fromPath, addDeprecation);
|
||||
expect(addDeprecation).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('logs a warning if ssl.key is set and ssl.certificate is not', () => {
|
||||
const settings = { elasticsearch: { ssl: { key: '' } } };
|
||||
|
||||
const addDeprecation = jest.fn();
|
||||
transformDeprecations(settings, fromPath, addDeprecation);
|
||||
expect(addDeprecation).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('logs a warning if ssl.certificate is set and ssl.key is not', () => {
|
||||
const settings = { elasticsearch: { ssl: { certificate: '' } } };
|
||||
|
||||
const addDeprecation = jest.fn();
|
||||
transformDeprecations(settings, fromPath, addDeprecation);
|
||||
expect(addDeprecation).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('does not log a warning if both ssl.key and ssl.certificate are set', () => {
|
||||
const settings = { elasticsearch: { ssl: { key: '', certificate: '' } } };
|
||||
|
||||
const addDeprecation = jest.fn();
|
||||
transformDeprecations(settings, fromPath, addDeprecation);
|
||||
expect(addDeprecation).not.toHaveBeenCalled();
|
||||
});
|
||||
});
|
||||
|
||||
describe('xpack_api_polling_frequency_millis', () => {
|
||||
it('should call rename for this renamed config key', () => {
|
||||
const settings = { xpack_api_polling_frequency_millis: 30000 };
|
||||
|
|
|
|||
|
|
@ -59,56 +59,13 @@ export const deprecations = ({
|
|||
}
|
||||
return config;
|
||||
},
|
||||
(config, fromPath, addDeprecation) => {
|
||||
const es: Record<string, any> = get(config, 'elasticsearch');
|
||||
if (es) {
|
||||
if (es.username === 'elastic') {
|
||||
addDeprecation({
|
||||
configPath: 'elasticsearch.username',
|
||||
message: `Setting [${fromPath}.username] to "elastic" is deprecated. You should use the "kibana_system" user instead.`,
|
||||
correctiveActions: {
|
||||
manualSteps: [`Replace [${fromPath}.username] from "elastic" to "kibana_system".`],
|
||||
},
|
||||
});
|
||||
} else if (es.username === 'kibana') {
|
||||
addDeprecation({
|
||||
configPath: 'elasticsearch.username',
|
||||
message: `Setting [${fromPath}.username] to "kibana" is deprecated. You should use the "kibana_system" user instead.`,
|
||||
correctiveActions: {
|
||||
manualSteps: [`Replace [${fromPath}.username] from "kibana" to "kibana_system".`],
|
||||
},
|
||||
});
|
||||
}
|
||||
}
|
||||
return config;
|
||||
},
|
||||
(config, fromPath, addDeprecation) => {
|
||||
const ssl: Record<string, any> = get(config, 'elasticsearch.ssl');
|
||||
if (ssl) {
|
||||
if (ssl.key !== undefined && ssl.certificate === undefined) {
|
||||
addDeprecation({
|
||||
configPath: 'elasticsearch.ssl.key',
|
||||
message: `Setting [${fromPath}.key] without [${fromPath}.certificate] is deprecated. This has no effect, you should use both settings to enable TLS client authentication to Elasticsearch.`,
|
||||
correctiveActions: {
|
||||
manualSteps: [
|
||||
`Set [${fromPath}.ssl.certificate] in your kibana configs to enable TLS client authentication to Elasticsearch.`,
|
||||
],
|
||||
},
|
||||
});
|
||||
} else if (ssl.certificate !== undefined && ssl.key === undefined) {
|
||||
addDeprecation({
|
||||
configPath: 'elasticsearch.ssl.certificate',
|
||||
message: `Setting [${fromPath}.certificate] without [${fromPath}.key] is deprecated. This has no effect, you should use both settings to enable TLS client authentication to Elasticsearch.`,
|
||||
correctiveActions: {
|
||||
manualSteps: [
|
||||
`Set [${fromPath}.ssl.key] in your kibana configs to enable TLS client authentication to Elasticsearch.`,
|
||||
],
|
||||
},
|
||||
});
|
||||
}
|
||||
}
|
||||
return config;
|
||||
},
|
||||
rename('xpack_api_polling_frequency_millis', 'licensing.api_polling_frequency'),
|
||||
|
||||
// TODO: Add deprecations for "monitoring.ui.elasticsearch.username: elastic" and "monitoring.ui.elasticsearch.username: kibana".
|
||||
// TODO: Add deprecations for using "monitoring.ui.elasticsearch.ssl.certificate" without "monitoring.ui.elasticsearch.ssl.key", and
|
||||
// vice versa.
|
||||
// ^ These deprecations should only be shown if they are explicitly configured for monitoring -- we should not show Monitoring
|
||||
// deprecations for these settings if they are inherited from the Core elasticsearch settings.
|
||||
// See the Core implementation: src/core/server/elasticsearch/elasticsearch_config.ts
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -312,7 +312,7 @@ describe('Config Deprecations', () => {
|
|||
const { messages, configPaths } = applyConfigDeprecations(cloneDeep(config));
|
||||
expect(messages).toMatchInlineSnapshot(`
|
||||
Array [
|
||||
"\\"xpack.security.authc.providers.saml.<provider-name>.maxRedirectURLSize\\" is no longer used.",
|
||||
"This setting is no longer used.",
|
||||
]
|
||||
`);
|
||||
|
||||
|
|
@ -333,7 +333,7 @@ describe('Config Deprecations', () => {
|
|||
expect(migrated).toEqual(config);
|
||||
expect(messages).toMatchInlineSnapshot(`
|
||||
Array [
|
||||
"\\"xpack.security.authc.providers\\" accepts an extended \\"object\\" format instead of an array of provider types.",
|
||||
"Use the new object format instead of an array of provider types.",
|
||||
]
|
||||
`);
|
||||
});
|
||||
|
|
@ -352,8 +352,8 @@ describe('Config Deprecations', () => {
|
|||
expect(migrated).toEqual(config);
|
||||
expect(messages).toMatchInlineSnapshot(`
|
||||
Array [
|
||||
"\\"xpack.security.authc.providers\\" accepts an extended \\"object\\" format instead of an array of provider types.",
|
||||
"Enabling both \\"basic\\" and \\"token\\" authentication providers in \\"xpack.security.authc.providers\\" is deprecated. Login page will only use \\"token\\" provider.",
|
||||
"Use the new object format instead of an array of provider types.",
|
||||
"Use only one of these providers. When both providers are set, Kibana only uses the \\"token\\" provider.",
|
||||
]
|
||||
`);
|
||||
});
|
||||
|
|
|
|||
|
|
@ -13,22 +13,23 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({
|
|||
renameFromRoot,
|
||||
unused,
|
||||
}) => [
|
||||
rename('sessionTimeout', 'session.idleTimeout'),
|
||||
rename('authProviders', 'authc.providers'),
|
||||
rename('sessionTimeout', 'session.idleTimeout', { level: 'warning' }),
|
||||
rename('authProviders', 'authc.providers', { level: 'warning' }),
|
||||
|
||||
rename('audit.appender.kind', 'audit.appender.type'),
|
||||
rename('audit.appender.layout.kind', 'audit.appender.layout.type'),
|
||||
rename('audit.appender.policy.kind', 'audit.appender.policy.type'),
|
||||
rename('audit.appender.strategy.kind', 'audit.appender.strategy.type'),
|
||||
rename('audit.appender.path', 'audit.appender.fileName'),
|
||||
rename('audit.appender.kind', 'audit.appender.type', { level: 'warning' }),
|
||||
rename('audit.appender.layout.kind', 'audit.appender.layout.type', { level: 'warning' }),
|
||||
rename('audit.appender.policy.kind', 'audit.appender.policy.type', { level: 'warning' }),
|
||||
rename('audit.appender.strategy.kind', 'audit.appender.strategy.type', { level: 'warning' }),
|
||||
rename('audit.appender.path', 'audit.appender.fileName', { level: 'warning' }),
|
||||
|
||||
renameFromRoot(
|
||||
'security.showInsecureClusterWarning',
|
||||
'xpack.security.showInsecureClusterWarning'
|
||||
'xpack.security.showInsecureClusterWarning',
|
||||
{ level: 'warning' }
|
||||
),
|
||||
|
||||
unused('authorization.legacyFallback.enabled'),
|
||||
unused('authc.saml.maxRedirectURLSize'),
|
||||
unused('authorization.legacyFallback.enabled', { level: 'warning' }),
|
||||
unused('authc.saml.maxRedirectURLSize', { level: 'warning' }),
|
||||
// Deprecation warning for the legacy audit logger.
|
||||
(settings, fromPath, addDeprecation, { branch }) => {
|
||||
const auditLoggingEnabled = settings?.xpack?.security?.audit?.enabled ?? false;
|
||||
|
|
@ -57,30 +58,33 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({
|
|||
},
|
||||
|
||||
// Deprecation warning for the old array-based format of `xpack.security.authc.providers`.
|
||||
(settings, fromPath, addDeprecation) => {
|
||||
(settings, _fromPath, addDeprecation, { branch }) => {
|
||||
if (Array.isArray(settings?.xpack?.security?.authc?.providers)) {
|
||||
addDeprecation({
|
||||
configPath: 'xpack.security.authc.providers',
|
||||
title: i18n.translate('xpack.security.deprecations.authcProvidersTitle', {
|
||||
defaultMessage:
|
||||
'Defining "xpack.security.authc.providers" as an array of provider types is deprecated',
|
||||
defaultMessage: 'The array format for "xpack.security.authc.providers" is deprecated',
|
||||
}),
|
||||
message: i18n.translate('xpack.security.deprecations.authcProvidersMessage', {
|
||||
defaultMessage:
|
||||
'"xpack.security.authc.providers" accepts an extended "object" format instead of an array of provider types.',
|
||||
defaultMessage: 'Use the new object format instead of an array of provider types.',
|
||||
}),
|
||||
level: 'warning',
|
||||
documentationUrl: `https://www.elastic.co/guide/en/kibana/${branch}/security-settings-kb.html#authentication-security-settings`,
|
||||
correctiveActions: {
|
||||
manualSteps: [
|
||||
i18n.translate('xpack.security.deprecations.authcProviders.manualStepOneMessage', {
|
||||
i18n.translate('xpack.security.deprecations.authcProviders.manualSteps1', {
|
||||
defaultMessage:
|
||||
'Use the extended object format for "xpack.security.authc.providers" in your Kibana configuration.',
|
||||
'Remove the "xpack.security.authc.providers" setting from kibana.yml.',
|
||||
}),
|
||||
i18n.translate('xpack.security.deprecations.authcProviders.manualSteps2', {
|
||||
defaultMessage: 'Add your authentication providers using the new object format.',
|
||||
}),
|
||||
],
|
||||
},
|
||||
});
|
||||
}
|
||||
},
|
||||
(settings, fromPath, addDeprecation) => {
|
||||
(settings, _fromPath, addDeprecation, { branch }) => {
|
||||
const hasProviderType = (providerType: string) => {
|
||||
const providers = settings?.xpack?.security?.authc?.providers;
|
||||
if (Array.isArray(providers)) {
|
||||
|
|
@ -93,31 +97,35 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({
|
|||
};
|
||||
|
||||
if (hasProviderType('basic') && hasProviderType('token')) {
|
||||
const basicProvider = 'basic';
|
||||
const tokenProvider = 'token';
|
||||
addDeprecation({
|
||||
configPath: 'xpack.security.authc.providers',
|
||||
title: i18n.translate('xpack.security.deprecations.basicAndTokenProvidersTitle', {
|
||||
defaultMessage:
|
||||
'Both "basic" and "token" authentication providers are enabled in "xpack.security.authc.providers"',
|
||||
'Using both "{basicProvider}" and "{tokenProvider}" providers in "xpack.security.authc.providers" has no effect',
|
||||
values: { basicProvider, tokenProvider },
|
||||
}),
|
||||
message: i18n.translate('xpack.security.deprecations.basicAndTokenProvidersMessage', {
|
||||
defaultMessage:
|
||||
'Enabling both "basic" and "token" authentication providers in "xpack.security.authc.providers" is deprecated. Login page will only use "token" provider.',
|
||||
'Use only one of these providers. When both providers are set, Kibana only uses the "{tokenProvider}" provider.',
|
||||
values: { tokenProvider },
|
||||
}),
|
||||
level: 'warning',
|
||||
documentationUrl: `https://www.elastic.co/guide/en/kibana/${branch}/security-settings-kb.html#authentication-security-settings`,
|
||||
correctiveActions: {
|
||||
manualSteps: [
|
||||
i18n.translate(
|
||||
'xpack.security.deprecations.basicAndTokenProviders.manualStepOneMessage',
|
||||
{
|
||||
defaultMessage:
|
||||
'Remove either the "basic" or "token" auth provider in "xpack.security.authc.providers" from your Kibana configuration.',
|
||||
}
|
||||
),
|
||||
i18n.translate('xpack.security.deprecations.basicAndTokenProviders.manualSteps1', {
|
||||
defaultMessage:
|
||||
'Remove the "{basicProvider}" provider from "xpack.security.authc.providers" in kibana.yml.',
|
||||
values: { basicProvider },
|
||||
}),
|
||||
],
|
||||
},
|
||||
});
|
||||
}
|
||||
},
|
||||
(settings, fromPath, addDeprecation) => {
|
||||
(settings, _fromPath, addDeprecation, { branch }) => {
|
||||
const samlProviders = (settings?.xpack?.security?.authc?.providers?.saml ?? {}) as Record<
|
||||
string,
|
||||
any
|
||||
|
|
@ -131,17 +139,18 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({
|
|||
configPath: `xpack.security.authc.providers.saml.${foundProvider[0]}.maxRedirectURLSize`,
|
||||
title: i18n.translate('xpack.security.deprecations.maxRedirectURLSizeTitle', {
|
||||
defaultMessage:
|
||||
'"xpack.security.authc.providers.saml.<provider-name>.maxRedirectURLSize" is deprecated',
|
||||
'"xpack.security.authc.providers.saml.<provider-name>.maxRedirectURLSize" has no effect',
|
||||
}),
|
||||
message: i18n.translate('xpack.security.deprecations.maxRedirectURLSizeMessage', {
|
||||
defaultMessage:
|
||||
'"xpack.security.authc.providers.saml.<provider-name>.maxRedirectURLSize" is no longer used.',
|
||||
defaultMessage: 'This setting is no longer used.',
|
||||
}),
|
||||
level: 'warning',
|
||||
documentationUrl: `https://www.elastic.co/guide/en/kibana/${branch}/security-settings-kb.html#authentication-security-settings`,
|
||||
correctiveActions: {
|
||||
manualSteps: [
|
||||
i18n.translate('xpack.security.deprecations.maxRedirectURLSize.manualStepOneMessage', {
|
||||
i18n.translate('xpack.security.deprecations.maxRedirectURLSize.manualSteps1', {
|
||||
defaultMessage:
|
||||
'Remove "xpack.security.authc.providers.saml.<provider-name>.maxRedirectURLSize" from your Kibana configuration.',
|
||||
'Remove "xpack.security.authc.providers.saml.<provider-name>.maxRedirectURLSize" from kibana.yml.',
|
||||
}),
|
||||
],
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in a new issue