Additional validation for elasticsearch username #48247
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jportner
added
release_note:deprecation
Team:Security
|
Pinging @elastic/kibana-security (Team:Security) |
jportner
commented
Oct 15, 2019
| @@ -160,7 +177,7 @@ export class ElasticsearchConfig { | |||
| */ | |||
| public readonly customHeaders: ElasticsearchConfigType['customHeaders']; | |||
|
|
|||
| constructor(rawConfig: ElasticsearchConfigType) { | |||
| constructor(rawConfig: ElasticsearchConfigType, log?: Logger) { | |||
There was a problem hiding this comment.
Since passing the logger to this constructor is temporary (shouldn't be needed when #40255 is resolved), I left the param as optional -- to avoid TypeScript errors in test files and to avoid changing those files.
|
Note: as discussed with @legrego, this change also affects OSS users -- even though OSS has no concept of the "superuser" (paraphrasing here). We couldn't think of any way to add this validation without any impact to OSS users though. |
💔 Build Failed
|
💔 Build Failed
|
💔 Build Failed
|
💔 Build Failed
|
💔 Build Failed
|
|
Spoke to @azasypkin and @jkakavas about this-- |
|
@elasticmachine merge upstream |
💔 Build Failed
|
jportner
force-pushed
the
issue-45973-prohibit-kibana-superuser
branch
from
fa84842 to
947ac8b
Compare
💔 Build Failed
|
jportner
force-pushed
the
issue-45973-prohibit-kibana-superuser
branch
from
947ac8b to
9dc0949
Compare
💔 Build Failed
|
jportner
force-pushed
the
issue-45973-prohibit-kibana-superuser
branch
from
9dc0949 to
58d3358
Compare
💚 Build Succeeded
|
|
This is awesome, nicework! Just one nit, and a question/suggestion. |
kobelb
reviewed
Nov 14, 2019
azasypkin
reviewed
Nov 14, 2019
jportner
force-pushed
the
issue-45973-prohibit-kibana-superuser
branch
from
58d3358 to
1664a13
Compare
💚 Build Succeeded
|
kobelb
approved these changes
Nov 15, 2019
pgayvallet
approved these changes
Nov 15, 2019
If "elastic" user is set in config: * In dev mode, throws an error * In prod mode, logs a deprecation warning
Revert "Fix user for functional tests" and "Fix user for plugin functional tests in Jenkinsfile"
Now uses "kibana" user instead of "elastic" user
jportner
force-pushed
the
issue-45973-prohibit-kibana-superuser
branch
from
1664a13 to
c6daad1
Compare
💚 Build Succeeded |
jportner
added a commit
to jportner/kibana
that referenced
this pull request
Nov 18, 2019
* Additional validation for elasticsearch username If "elastic" user is set in config: * In dev mode, throws an error * In prod mode, logs a deprecation warning * Fix user for functional tests * Revert last two commits Revert "Fix user for functional tests" and "Fix user for plugin functional tests in Jenkinsfile" * Change elasticsearch creds for test server Now uses "kibana" user instead of "elastic" user * Fix plugin API functional tests * Fix PKI API integration test * Change log messages, now conditional on `dist: false` not `dev: true`
jportner
added a commit
that referenced
this pull request
Nov 18, 2019
* Additional validation for elasticsearch username If "elastic" user is set in config: * In dev mode, throws an error * In prod mode, logs a deprecation warning * Fix user for functional tests * Revert last two commits Revert "Fix user for functional tests" and "Fix user for plugin functional tests in Jenkinsfile" * Change elasticsearch creds for test server Now uses "kibana" user instead of "elastic" user * Fix plugin API functional tests * Fix PKI API integration test * Change log messages, now conditional on `dist: false` not `dev: true`
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Nov 18, 2019
…-fallback * 'master' of github.com:elastic/kibana: (116 commits) [Maps] move apply global filter settting from layer to source (elastic#50523) [SIEM] Fix: Empty `Source` / `Destination` shown when only ports are populated (elastic#50843) [Maps] Delay vector tile layer syncing until spritesheet is loaded (elastic#48955) [Maps] prevent users from overflowing URL when filtering by shape (elastic#50747) [DOCS] Mark Beats central management as discontinued (elastic#49423) [page_objects/common_page] convert to ts (elastic#50771) [NP Kibana Migrations ] kibana plugin home (elastic#50444) [DOCS] Shareables naming convention (elastic#50497) [ML] DF Analytics - auto-populate model_memory_limit (elastic#50714) Increase alerting test stability and reduce flakiness (elastic#50246) [ML] Remaning new_job_new folder (elastic#50917) [Telemetry] Show opt-in changes for OSS users (elastic#50831) [ML] Fix lat_long anomalies table links menu and value formatting (elastic#50916) [Dev] Fix serialising a really big string (elastic#50915) Better explanation about the Prettier recommendation (extension vs. NPM module) (elastic#50629) [Monitoring] Use a basic monitoring user for tests (elastic#47865) [Monitoring] Gracefully handle issue with filebeat indices (elastic#48929) [Monitoring] Improve permissions required around setup mode (elastic#50421) Additional validation for elasticsearch username (elastic#48247) Revert changes to use_kibana_ui_setting (elastic#50877) ... # Conflicts: # src/legacy/core_plugins/console/server/request.test.ts
This was referenced Aug 31, 2021
Closed
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
If "elastic" user is set in config:
Resolves: #45973
"Release Note: Deprecated the use of the 'elastic' superuser for Kibana."
Checklist
Use
strikethroughsto remove checklist items you don't feel are applicable to this PR.[ ] This was checked for cross-browser compatibility, including a check against IE11[ ] Documentation was added for features that require explanation or tutorials[ ] This was checked for keyboard-only and screenreader accessibilityFor maintainers