-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Monitoring] Check for security feature first when entering setup mode #73821
[Monitoring] Check for security feature first when entering setup mode #73821
Conversation
Pinging @elastic/stack-monitoring (Team:Monitoring) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tl;dr what you have here will work!
The "canonical" way to test this in Kibana is to add an optional dependency on the security
plugin, and check like so:
// Your plugin's setup method
public setup(core, plugins) {
const securityLicense = plugins.security?.license;
}
// Elsewhere in your code
const isSecurityEnabled = securityLicense?.isEnabled() ?? false;
The caveat here is that a cluster with security enabled on ES but explicitly disabled in Kibana will give you an incorrect result, so if this is something you are concerned about, then what you have will be more accurate. However, this is a setup that we want to start discouraging, and prevent altogether in the next major release: #54023
@legrego Thanks for the input! Unfortunately, we are interested in the settings on a potentially different cluster than the main one configured through Kibana, so I don't think we can rely on the security plugin (which I'm assuming has no knowledge of this other cluster). On the bright side, this code is going away in 8.0.0 (or most of it at least) as it's only here to help users migrate before 8.0.0 |
@elasticmachine merge upstream |
💚 Build SucceededBuild metrics
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good 👍
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Was this backported to 7.8.1? I have this exact issue w/ a fresh download of Kibana 7.8.1 today. |
Unfortunately no, sorry Doesn't look like there will be any more 7.8.x minors either |
Fixes #73740
Relates to #62973
This PR fixes an issue where we aren't checking for all permutations of errors that ES can return when security is disabled when we execute an API call to a
_security/
endpoint. We added an additional message check, as well as just checking if security is enabled before making the call.cc @elastic/kibana-security - I want to say one of you recommended against checking for the security plugin, but I don't recall why exactly so just lemme know if this is not recommended.