Block developers from running Kibana as superuser

[kobelb]

It's historically been quite common for developers to run the Kibana server as the elastic user. This practice ignores any issues with the kibana_system reserved role not having the necessary privileges in Elasticsearch, and has caused us to catch these issues incredibly late and have to rush in a fix.

Telling developers they shouldn't be doing this hasn't worked, so we should consider taking a more aggressive approach. The most obvious solution is to prevent the use of elasticsearch.username: elastic when in dev-mode. However, I'm open to alternatives.

[elasticmachine]

Pinging @elastic/kibana-security

[legrego]

The most obvious solution is to prevent the use of elasticsearch.username: elastic when in dev-mode. However, I'm open to alternatives.

This is likely the simplest answer, as we can enforce this with a schema validation and prevent startup altogether. Otherwise, we'll need to have the security plugin (or perhaps the dev server?) make an authenticate call after Kibana starts up and connects.

Another idea is to have the security plugin log frequent and annoying warnings when it detects this condition. This is potentially something we could keep in production (but less frequent/annoying), as we should be warning users when they're running Kibana as a severely over-privileged user.