Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Monitoring] Check for security feature first when entering setup mode #73821

Merged
merged 3 commits into from
Jul 31, 2020
Merged

[Monitoring] Check for security feature first when entering setup mode #73821

merged 3 commits into from
Jul 31, 2020

Conversation

chrisronline
Copy link
Contributor

Fixes #73740
Relates to #62973

This PR fixes an issue where we aren't checking for all permutations of errors that ES can return when security is disabled when we execute an API call to a _security/ endpoint. We added an additional message check, as well as just checking if security is enabled before making the call.

cc @elastic/kibana-security - I want to say one of you recommended against checking for the security plugin, but I don't recall why exactly so just lemme know if this is not recommended.

@chrisronline chrisronline requested a review from a team July 30, 2020 15:33
@chrisronline chrisronline self-assigned this Jul 30, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/stack-monitoring (Team:Monitoring)

legrego
legrego reviewed Jul 30, 2020
View reviewed changes
Copy link
Member

@legrego legrego left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tl;dr what you have here will work!

The "canonical" way to test this in Kibana is to add an optional dependency on the security plugin, and check like so:

// Your plugin's setup method
public setup(core, plugins) {
  const securityLicense = plugins.security?.license;
}

// Elsewhere in your code
const isSecurityEnabled = securityLicense?.isEnabled() ?? false;

The caveat here is that a cluster with security enabled on ES but explicitly disabled in Kibana will give you an incorrect result, so if this is something you are concerned about, then what you have will be more accurate. However, this is a setup that we want to start discouraging, and prevent altogether in the next major release: #54023

@chrisronline
Copy link
Contributor Author

@legrego Thanks for the input!

Unfortunately, we are interested in the settings on a potentially different cluster than the main one configured through Kibana, so I don't think we can rely on the security plugin (which I'm assuming has no knowledge of this other cluster).

On the bright side, this code is going away in 8.0.0 (or most of it at least) as it's only here to help users migrate before 8.0.0

@spalger spalger added v7.9.0 and removed 7.9.0 labels Jul 30, 2020
@chrisronline
Copy link
Contributor Author

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Build metrics

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

igoristic
igoristic approved these changes Jul 30, 2020
View reviewed changes
Copy link
Contributor

@igoristic igoristic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 👍

@chrisronline chrisronline merged commit 3793ae5 into elastic:master Jul 31, 2020
@chrisronline chrisronline deleted the monitoring/security_message branch July 31, 2020 13:57
This was referenced Jul 31, 2020
Merged
Merged
chrisronline added a commit to chrisronline/kibana that referenced this pull request Jul 31, 2020
@chrisronline @elasticmachine
Check for security first (elastic#73821)
a9ce1c2 
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
chrisronline added a commit that referenced this pull request Jul 31, 2020
@chrisronline @elasticmachine
Check for security first (#73821) (#73934)
6de8764 
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
chrisronline added a commit that referenced this pull request Jul 31, 2020
@chrisronline @elasticmachine
Check for security first (#73821) (#73935)
7fa3a18 
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
@chrisronline
Copy link
Contributor Author

Backport:

7.x: 6de8764
7.9: 7fa3a18

@bradvido
Copy link

bradvido commented Jun 3, 2021

Was this backported to 7.8.1? I have this exact issue w/ a fresh download of Kibana 7.8.1 today.

@igoristic
Copy link
Contributor

Unfortunately no, sorry

Doesn't look like there will be any more 7.8.x minors either

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@legrego legrego legrego left review comments

@igoristic igoristic igoristic approved these changes

Assignees

@chrisronline chrisronline

Labels
release_note:fix review Team:Monitoring Stack Monitoring team v7.9.0 v7.10.0 v8.0.0
Projects
None yet
Milestone
No milestone
7 participants
@chrisronline @elasticmachine @kibanamachine @bradvido @igoristic @legrego @spalger