-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Breaking change] Forbid using elasticsearch.ssl.certificate
without elasticsearch.ssl.key
and vice versa
#81746
Labels
Breaking Change
loe:medium
Medium Level of Effort
NeededFor:Security
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Comments
legrego
added
Team:Kibana Management
Dev Tools, Index Management, Upgrade Assistant, ILM, Ingest Node Pipelines, and more
Feature:Upgrade Assistant
Breaking Change
labels
Oct 27, 2020
Pinging @elastic/es-ui (Team:Elasticsearch UI) |
legrego
added
the
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
label
Oct 27, 2020
Pinging @elastic/kibana-security (Team:Security) |
kobelb
added
NeededFor:Security
and removed
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
labels
Oct 28, 2020
legrego
added
the
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
label
Nov 3, 2020
I'm going to remove the |
alisonelizabeth
removed
the
Team:Kibana Management
Dev Tools, Index Management, Upgrade Assistant, ILM, Ingest Node Pipelines, and more
label
Apr 19, 2021
exalate-issue-sync
bot
added
impact:low
Addressing this issue will have a low level of impact on the quality/strength of our product.
loe:small
Small Level of Effort
labels
Aug 5, 2021
exalate-issue-sync
bot
added
loe:medium
Medium Level of Effort
and removed
loe:small
Small Level of Effort
labels
Sep 29, 2021
legrego
removed
EnableJiraSync
impact:low
Addressing this issue will have a low level of impact on the quality/strength of our product.
labels
Aug 18, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Breaking Change
loe:medium
Medium Level of Effort
NeededFor:Security
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Change description
Which release will ship the breaking change?
8.0(Edit Joe 9/1/21: this is deprecated but we are not sure when we will break it)Describe the change. How will it manifest to users?
Starting in 8.0, we should prevent Kibana from starting if elasticsearch.ssl.certificate without elasticsearch.ssl.key and vice versa. This configuration will not enable TLS client authentication to Elasticsearch, and is unsupported.
Starting in 7.6, we're warning the user via deprecation logs (see #54392), so we are safe to enforce this in 8.0 after properly documenting it as a breaking change.
How many users will be affected?
What can users do to address the change manually?
Update their
kibana.yml
to either remove the offending setting, or add the missing setting (depending on their intent).How could we make migration easier with the Upgrade Assistant?
I don't think this is something that warrants a custom UI, but having the deprecation warning appear in the UA would be beneficial.
Are there any edge cases?
Test Data
Provide test data. We can’t build a solution without data to test it against.
Cross links
Cross-link to relevant Elasticsearch breaking changes.
elasticsearch.ssl.certificate
withoutelasticsearch.ssl.key
and vice versa #54537The text was updated successfully, but these errors were encountered: