94ef03dbd3
* Move kibana-keystore from data/ to config/ This is a breaking change to move the location of kibana-keystore. Keystores in other stack products live in the config directory, so this updates our current path to be consistent. Closes #25746 * add breaking changes * update comment * wip * fix docs * read from both keystore locations, write priority to non-deprecated * note data directory fallback * add tests for get_keystore Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
158 lines
7.2 KiB
Text
158 lines
7.2 KiB
Text
[[breaking-changes-8.0]]
|
|
== Breaking changes in 8.0
|
|
++++
|
|
<titleabbrev>8.0</titleabbrev>
|
|
++++
|
|
|
|
This section discusses the changes that you need to be aware of when migrating
|
|
your application to Kibana 8.0.
|
|
|
|
coming[8.0.0]
|
|
|
|
See also <<whats-new>> and <<release-notes>>.
|
|
|
|
* <<breaking_80_index_pattern_changes>>
|
|
* <<breaking_80_setting_changes>>
|
|
|
|
//NOTE: The notable-breaking-changes tagged regions are re-used in the
|
|
//Installation and Upgrade Guide
|
|
|
|
[float]
|
|
[[breaking_80_index_pattern_changes]]
|
|
=== Index pattern changes
|
|
|
|
[float]
|
|
==== Removed support for time-based internal index patterns
|
|
*Details:* Time-based interval index patterns were deprecated in 5.x. In 6.x,
|
|
you could no longer create time-based interval index patterns, but they continued
|
|
to function as expected. Support for these index patterns has been removed in 8.0.
|
|
|
|
*Impact:* You must migrate your time_based index patterns to a wildcard pattern,
|
|
for example, `logstash-*`.
|
|
|
|
|
|
[float]
|
|
[[breaking_80_setting_changes]]
|
|
=== Settings changes
|
|
|
|
// tag::notable-breaking-changes[]
|
|
[float]
|
|
==== Legacy browsers are now rejected by default
|
|
*Details:* `csp.strict` is now enabled by default, so Kibana will fail to load for older, legacy browsers that do not enforce basic Content Security Policy protections - notably Internet Explorer 11.
|
|
|
|
*Impact:* To allow Kibana to function for these legacy browsers, set `csp.strict: false`. Since this is about enforcing a security protocol, we *strongly discourage* disabling `csp.strict` unless it is critical that you support Internet Explorer 11.
|
|
|
|
[float]
|
|
==== Default logging timezone is now the system's timezone
|
|
*Details:* In prior releases the timezone used in logs defaulted to UTC. We now use the host machine's timezone by default.
|
|
|
|
*Impact:* To restore the previous behavior, in kibana.yml set `logging.timezone: UTC`.
|
|
|
|
[float]
|
|
==== Responses are never logged by default
|
|
*Details:* Previously responses would be logged if either `logging.json` was true, `logging.dest` was specified, or a `TTY` was detected.
|
|
|
|
*Impact:* To restore the previous behavior, in kibana.yml set `logging.events.response=*`.
|
|
|
|
[float]
|
|
==== `xpack.security.authProviders` is no longer valid
|
|
*Details:* The deprecated `xpack.security.authProviders` setting in the `kibana.yml` file has been removed.
|
|
|
|
*Impact:* Use `xpack.security.authc.providers` instead.
|
|
|
|
[float]
|
|
==== `xpack.security.authc.providers` has changed value format
|
|
*Details:* `xpack.security.authc.providers` setting in the `kibana.yml` has changed value format.
|
|
|
|
*Impact:* Array of provider types as a value is no longer supported, use extended object format instead.
|
|
|
|
[float]
|
|
==== `xpack.security.authc.saml` is no longer valid
|
|
*Details:* The deprecated `xpack.security.authc.saml` setting in the `kibana.yml` file has been removed.
|
|
|
|
*Impact:* Configure SAML authentication providers using `xpack.security.authc.providers.saml.{provider unique name}.*` settings instead.
|
|
|
|
[float]
|
|
==== `xpack.security.authc.oidc` is no longer valid
|
|
*Details:* The deprecated `xpack.security.authc.oidc` setting in the `kibana.yml` file has been removed.
|
|
|
|
*Impact:* Configure OpenID Connect authentication providers using `xpack.security.authc.providers.oidc.{provider unique name}.*` settings instead.
|
|
|
|
[float]
|
|
==== `xpack.security.public` is no longer valid
|
|
*Details:* Previously Kibana was choosing the appropriate Elasticsearch SAML realm automatically using the `Assertion Consumer Service`
|
|
URL that it derived from the actual server address and `xpack.security.public` setting. Starting in 8.0.0, the deprecated `xpack.security.public` setting in the `kibana.yml` file has been removed and the Elasticsearch SAML realm name that Kibana will use should be specified explicitly.
|
|
|
|
*Impact:* Define `xpack.security.authc.providers.saml.{provider unique name}.realm` when using the SAML authentication providers instead.
|
|
|
|
[float]
|
|
==== `/api/security/v1/saml` endpoint is no longer supported
|
|
*Details:* The deprecated `/api/security/v1/saml` endpoint is no longer supported.
|
|
|
|
*Impact:* Rely on `/api/security/saml/callback` endpoint when using SAML instead. This change should be reflected in Elasticsearch and Identity Provider SAML settings.
|
|
|
|
[float]
|
|
==== `/api/security/v1/oidc` endpoint is no longer supported
|
|
*Details:* The deprecated `/api/security/v1/oidc` endpoint is no longer supported.
|
|
|
|
*Impact:* Rely on `/api/security/oidc/callback` endpoint when using OpenID Connect instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.
|
|
|
|
[float]
|
|
==== `/api/security/v1/oidc` endpoint is no longer supported for Third Party initiated login
|
|
*Details:* The deprecated `/api/security/v1/oidc` endpoint is no longer supported for Third Party initiated login.
|
|
|
|
*Impact:* Rely on `/api/security/oidc/initiate_login` endpoint when using Third Party initiated OpenID Connect login instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.
|
|
|
|
[float]
|
|
==== `/api/security/v1/oidc/implicit` endpoint is no longer supported
|
|
*Details:* The deprecated `/api/security/v1/oidc/implicit` endpoint is no longer supported.
|
|
|
|
*Impact:* Rely on `/api/security/oidc/implicit` endpoint when using OpenID Connect Implicit Flow instead. This change should be reflected in OpenID Connect Provider settings.
|
|
|
|
[float]
|
|
=== `optimize` directory is now in the `data` folder
|
|
*Details:* Generated bundles have moved to the configured `path.data` folder.
|
|
|
|
*Impact:* Any workflow that involved manually clearing generated bundles will have to be updated with the new path.
|
|
|
|
[float]]
|
|
=== kibana.keystore has moved from the `data` folder to the `config` folder
|
|
*Details:* By default, kibana.keystore has moved from the configured `path.data` folder to `<root>/config` for archive distributions
|
|
and `/etc/kibana` for package distributions. If a pre-existing keystore exists in the data directory that path will continue to be used.
|
|
|
|
[float]
|
|
[[breaking_80_user_role_changes]]
|
|
=== User role changes
|
|
|
|
[float]
|
|
=== `kibana_user` role has been removed and `kibana_admin` has been added.
|
|
|
|
*Details:* The `kibana_user` role has been removed and `kibana_admin` has been added to better
|
|
reflect its intended use. This role continues to grant all access to every
|
|
{kib} feature. If you wish to restrict access to specific features, create
|
|
custom roles with {kibana-ref}/kibana-privileges.html[{kib} privileges].
|
|
|
|
*Impact:* Any users currently assigned the `kibana_user` role will need to
|
|
instead be assigned the `kibana_admin` role to maintain their current
|
|
access level.
|
|
|
|
[float]
|
|
[[breaking_80_reporting_changes]]
|
|
=== Reporting changes
|
|
|
|
[float]
|
|
==== Legacy job parameters are no longer supported
|
|
*Details:* POST URL snippets that were copied in Kibana 6.2 or earlier are no longer supported. These logs have
|
|
been deprecated with warnings that have been logged throughout 7.x. Please use Kibana UI to re-generate the
|
|
POST URL snippets if you depend on these for automated PDF reports.
|
|
|
|
[float]
|
|
=== Configurations starting with `xpack.telemetry` are no longer valid
|
|
|
|
*Details:*
|
|
The `xpack.` prefix has been removed for all telemetry configurations.
|
|
|
|
*Impact:*
|
|
For any configurations beginning with `xpack.telemetry`, remove the `xpack` prefix. Use {kibana-ref}/telemetry-settings-kbn.html#telemetry-general-settings[`telemetry.enabled`] instead.
|
|
|
|
// end::notable-breaking-changes[]
|