maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/docs/migration/migrate_8_0.asciidoc
Jonathan Budzenski 94ef03dbd3
Move kibana-keystore from data/ to config/ (#57856) 
* Move kibana-keystore from data/ to config/

This is a breaking change to move the location of kibana-keystore.
Keystores in other stack products live in the config directory, so this
updates our current path to be consistent.

Closes #25746

* add breaking changes

* update comment

* wip

* fix docs

* read from both keystore locations, write priority to non-deprecated

* note data directory fallback

* add tests for get_keystore

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2020-07-13 10:56:25 -05:00

159 lines
7.2 KiB
Plaintext
Raw Blame History

[[breaking-changes-8.0]]
== Breaking changes in 8.0
++++
<titleabbrev>8.0</titleabbrev>
++++
This section discusses the changes that you need to be aware of when migrating
your application to Kibana 8.0.
coming[8.0.0]
See also <<whats-new>> and <<release-notes>>.
* <<breaking_80_index_pattern_changes>>
* <<breaking_80_setting_changes>>
//NOTE: The notable-breaking-changes tagged regions are re-used in the
//Installation and Upgrade Guide
[float]
[[breaking_80_index_pattern_changes]]
=== Index pattern changes
[float]
==== Removed support for time-based internal index patterns
*Details:* Time-based interval index patterns were deprecated in 5.x. In 6.x,
you could no longer create time-based interval index patterns, but they continued
to function as expected. Support for these index patterns has been removed in 8.0.
*Impact:* You must migrate your time_based index patterns to a wildcard pattern,
for example, `logstash-*`.
[float]
[[breaking_80_setting_changes]]
=== Settings changes
// tag::notable-breaking-changes[]
[float]
==== Legacy browsers are now rejected by default
*Details:* `csp.strict` is now enabled by default, so Kibana will fail to load for older, legacy browsers that do not enforce basic Content Security Policy protections - notably Internet Explorer 11.
*Impact:* To allow Kibana to function for these legacy browsers, set `csp.strict: false`. Since this is about enforcing a security protocol, we *strongly discourage* disabling `csp.strict` unless it is critical that you support Internet Explorer 11.
[float]
==== Default logging timezone is now the system's timezone
*Details:* In prior releases the timezone used in logs defaulted to UTC. We now use the host machine's timezone by default.
*Impact:* To restore the previous behavior, in kibana.yml set `logging.timezone: UTC`.
[float]
==== Responses are never logged by default
*Details:* Previously responses would be logged if either `logging.json` was true, `logging.dest` was specified, or a `TTY` was detected.
*Impact:* To restore the previous behavior, in kibana.yml set `logging.events.response=*`.
[float]
==== `xpack.security.authProviders` is no longer valid
*Details:* The deprecated `xpack.security.authProviders` setting in the `kibana.yml` file has been removed.
*Impact:* Use `xpack.security.authc.providers` instead.
[float]
==== `xpack.security.authc.providers` has changed value format
*Details:* `xpack.security.authc.providers` setting in the `kibana.yml` has changed value format.
*Impact:* Array of provider types as a value is no longer supported, use extended object format instead.
[float]
==== `xpack.security.authc.saml` is no longer valid
*Details:* The deprecated `xpack.security.authc.saml` setting in the `kibana.yml` file has been removed.
*Impact:* Configure SAML authentication providers using `xpack.security.authc.providers.saml.{provider unique name}.*` settings instead.
[float]
==== `xpack.security.authc.oidc` is no longer valid
*Details:* The deprecated `xpack.security.authc.oidc` setting in the `kibana.yml` file has been removed.
*Impact:* Configure OpenID Connect authentication providers using `xpack.security.authc.providers.oidc.{provider unique name}.*` settings instead.
[float]
==== `xpack.security.public` is no longer valid
*Details:* Previously Kibana was choosing the appropriate Elasticsearch SAML realm automatically using the `Assertion Consumer Service`
URL that it derived from the actual server address and `xpack.security.public` setting. Starting in 8.0.0, the deprecated `xpack.security.public` setting in the `kibana.yml` file has been removed and the Elasticsearch SAML realm name that Kibana will use should be specified explicitly.
*Impact:* Define `xpack.security.authc.providers.saml.{provider unique name}.realm` when using the SAML authentication providers instead.
[float]
==== `/api/security/v1/saml` endpoint is no longer supported
*Details:* The deprecated `/api/security/v1/saml` endpoint is no longer supported.
*Impact:* Rely on `/api/security/saml/callback` endpoint when using SAML instead. This change should be reflected in Elasticsearch and Identity Provider SAML settings.
[float]
==== `/api/security/v1/oidc` endpoint is no longer supported
*Details:* The deprecated `/api/security/v1/oidc` endpoint is no longer supported.
*Impact:* Rely on `/api/security/oidc/callback` endpoint when using OpenID Connect instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.
[float]
==== `/api/security/v1/oidc` endpoint is no longer supported for Third Party initiated login
*Details:* The deprecated `/api/security/v1/oidc` endpoint is no longer supported for Third Party initiated login.
*Impact:* Rely on `/api/security/oidc/initiate_login` endpoint when using Third Party initiated OpenID Connect login instead. This change should be reflected in Elasticsearch and OpenID Connect Provider settings.
[float]
==== `/api/security/v1/oidc/implicit` endpoint is no longer supported
*Details:* The deprecated `/api/security/v1/oidc/implicit` endpoint is no longer supported.
*Impact:* Rely on `/api/security/oidc/implicit` endpoint when using OpenID Connect Implicit Flow instead. This change should be reflected in OpenID Connect Provider settings.
[float]
=== `optimize` directory is now in the `data` folder
*Details:* Generated bundles have moved to the configured `path.data` folder.
*Impact:* Any workflow that involved manually clearing generated bundles will have to be updated with the new path.
[float]]
=== kibana.keystore has moved from the `data` folder to the `config` folder
*Details:* By default, kibana.keystore has moved from the configured `path.data` folder to `<root>/config` for archive distributions
and `/etc/kibana` for package distributions. If a pre-existing keystore exists in the data directory that path will continue to be used.
[float]
[[breaking_80_user_role_changes]]
=== User role changes
[float]
=== `kibana_user` role has been removed and `kibana_admin` has been added.
*Details:* The `kibana_user` role has been removed and `kibana_admin` has been added to better
reflect its intended use. This role continues to grant all access to every
{kib} feature. If you wish to restrict access to specific features, create
custom roles with {kibana-ref}/kibana-privileges.html[{kib} privileges].
*Impact:* Any users currently assigned the `kibana_user` role will need to
instead be assigned the `kibana_admin` role to maintain their current
access level.
[float]
[[breaking_80_reporting_changes]]
=== Reporting changes
[float]
==== Legacy job parameters are no longer supported
*Details:* POST URL snippets that were copied in Kibana 6.2 or earlier are no longer supported. These logs have
been deprecated with warnings that have been logged throughout 7.x. Please use Kibana UI to re-generate the
POST URL snippets if you depend on these for automated PDF reports.
[float]
=== Configurations starting with `xpack.telemetry` are no longer valid
*Details:*
The `xpack.` prefix has been removed for all telemetry configurations.
*Impact:*
For any configurations beginning with `xpack.telemetry`, remove the `xpack` prefix. Use {kibana-ref}/telemetry-settings-kbn.html#telemetry-general-settings[`telemetry.enabled`] instead.
// end::notable-breaking-changes[]
Reference in a new issue View git blame Copy permalink