github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

Removing deprecated SSL settings (#28622)

Browse source 
* Removing deprecated SSL settings

* Updating breaking changes doc

* Fixing documentation typo

* Fixing LegacyObjectToConfigAdapter tests

* Fixing transformDeprecations tests

* Updating docs

Co-Authored-By: kobelb <brandon.kobel@gmail.com>
This commit is contained in:
Brandon Kobel 2019-01-14 12:37:58 -08:00 committed by GitHub
parent 17c0cbd174
commit fe5a083509
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 15 additions and 149 deletions
Download patch file Download diff file Expand all files Collapse all files

13
docs/migration/migrate_7_0.asciidoc
View file

@ -103,3 +103,16 @@ The port is now protocol dependent: https ports will use 443, and http ports wil
`server.ssl.supportedProtocols`
*Impact:* Users relying upon TLSv1 will be unable to use Kibana unless `server.ssl.supportedProtocols` is explicitly set.
[float]
=== kibana.yml setting `server.ssl.cert` is no longer valid
*Details:* This deprecated setting has been removed and `server.ssl.certificate` should be used instead.
*Impact:* Users with `server.ssl.cert` set should use `server.ssl.certificate` instead
[float]
=== kibana.yml `server.ssl.enabled` must be set to `true` to enable SSL
*Details:* Previously, if `server.ssl.certificate` and `server.ssl.key` were set, SSL would automatically be enabled.
It's now required that the user sets `server.ssl.enabled` to true for this to occur.
*Impact:* Users with both `server.ssl.certificate` and `server.ssl.key` set must now also set `server.ssl.enabled` to enable SSL.

34
src/core/server/legacy_compat/config/__snapshots__/legacy_object_to_config_adapter.test.ts.snap
View file

@ -17,40 +17,6 @@ Object {
}
`;
exports[`#get correctly handles server config.: deprecated missing ssl.enabled 1`] = `
Object {
"autoListen": true,
"basePath": "/abc",
"cors": false,
"host": "host",
"maxPayload": 1000,
"port": 1234,
"rewriteBasePath": false,
"ssl": Object {
"certificate": "cert",
"enabled": true,
"key": "key",
},
}
`;
exports[`#get correctly handles server config.: deprecated ssl.cert 1`] = `
Object {
"autoListen": true,
"basePath": "/abc",
"cors": false,
"host": "host",
"maxPayload": 1000,
"port": 1234,
"rewriteBasePath": false,
"ssl": Object {
"certificate": "deprecated-cert",
"enabled": true,
"key": "key",
},
}
`;
exports[`#get correctly handles server config.: disabled ssl 1`] = `
Object {
"autoListen": true,

32
src/core/server/legacy_compat/config/legacy_object_to_config_adapter.test.ts
View file

@ -90,40 +90,8 @@ describe('#get', () => {
},
});
const configAdapterWithCert = new LegacyObjectToConfigAdapter({
server: {
autoListen: true,
basePath: '/abc',
cors: false,
host: 'host',
maxPayloadBytes: 1000,
port: 1234,
rewriteBasePath: false,
ssl: { enabled: true, cert: 'deprecated-cert', key: 'key' },
someNotSupportedValue: 'val',
},
});
const configAdapterWithoutSSLEnabled = new LegacyObjectToConfigAdapter({
server: {
autoListen: true,
basePath: '/abc',
cors: false,
host: 'host',
maxPayloadBytes: 1000,
port: 1234,
rewriteBasePath: false,
ssl: { certificate: 'cert', key: 'key' },
someNotSupportedValue: 'val',
},
});
expect(configAdapter.get('server')).toMatchSnapshot('default');
expect(configAdapterWithDisabledSSL.get('server')).toMatchSnapshot('disabled ssl');
expect(configAdapterWithCert.get('server')).toMatchSnapshot('deprecated ssl.cert');
expect(configAdapterWithoutSSLEnabled.get('server')).toMatchSnapshot(
'deprecated missing ssl.enabled'
);
});
});

18
src/core/server/legacy_compat/config/legacy_object_to_config_adapter.ts
View file

@ -67,26 +67,10 @@ export class LegacyObjectToConfigAdapter extends ObjectToConfigAdapter {
maxPayload: configValue.maxPayloadBytes,
port: configValue.port,
rewriteBasePath: configValue.rewriteBasePath,
ssl: configValue.ssl && LegacyObjectToConfigAdapter.transformSSL(configValue.ssl),
ssl: configValue.ssl,
};
}
private static transformSSL(configValue: Record<string, any>) {
// `server.ssl.cert` is deprecated, legacy platform will issue deprecation warning.
if (configValue.cert) {
configValue.certificate = configValue.cert;
delete configValue.cert;
}
// Enabling ssl by only specifying server.ssl.certificate and server.ssl.key is deprecated,
// legacy platform will issue deprecation warning.
if (typeof configValue.enabled !== 'boolean' && configValue.certificate && configValue.key) {
configValue.enabled = true;
}
return configValue;
}
private static transformPlugins(configValue: Record<string, any>) {
// This property is the only one we use from the existing `plugins` config node
// since `scanDirs` and `paths` aren't respected by new platform plugin discovery.

14
src/server/config/transform_deprecations.js
View file

@ -17,22 +17,12 @@
* under the License.
*/
import _, { partial, set } from 'lodash';
import _, { set } from 'lodash';
import { createTransform, Deprecations } from '../../deprecation';
import { unset } from '../../utils';
const { rename, unused } = Deprecations;
const serverSslEnabled = (settings, log) => {
const has = partial(_.has, settings);
const set = partial(_.set, settings);
if (!has('server.ssl.enabled') && has('server.ssl.certificate') && has('server.ssl.key')) {
set('server.ssl.enabled', true);
log('Enabling ssl by only specifying server.ssl.certificate and server.ssl.key is deprecated. Please set server.ssl.enabled to true');
}
};
const savedObjectsIndexCheckTimeout = (settings, log) => {
if (_.has(settings, 'savedObjects.indexCheckTimeout')) {
log('savedObjects.indexCheckTimeout is no longer necessary.');
@ -67,7 +57,6 @@ const loggingTimezone = (settings, log) => {
const deprecations = [
//server
rename('server.ssl.cert', 'server.ssl.certificate'),
unused('server.xsrf.token'),
unused('uiSettings.enabled'),
rename('optimize.lazy', 'optimize.watch'),
@ -76,7 +65,6 @@ const deprecations = [
rename('optimize.lazyPrebuild', 'optimize.watchPrebuild'),
rename('optimize.lazyProxyTimeout', 'optimize.watchProxyTimeout'),
rename('i18n.defaultLocale', 'i18n.locale'),
serverSslEnabled,
savedObjectsIndexCheckTimeout,
rewriteBasePath,
loggingTimezone,

53
src/server/config/transform_deprecations.test.js
View file

@ -22,59 +22,6 @@ import { transformDeprecations } from './transform_deprecations';
describe('server/config', function () {
describe('transformDeprecations', function () {
describe('server.ssl.enabled', function () {
it('sets enabled to true when certificate and key are set', function () {
const settings = {
server: {
ssl: {
certificate: '/cert.crt',
key: '/key.key'
}
}
};
const result = transformDeprecations(settings);
expect(result.server.ssl.enabled).toBe(true);
});
it('logs a message when automatically setting enabled to true', function () {
const settings = {
server: {
ssl: {
certificate: '/cert.crt',
key: '/key.key'
}
}
};
const log = sinon.spy();
transformDeprecations(settings, log);
expect(log.calledOnce).toBe(true);
});
it(`doesn't set enabled when key and cert aren't set`, function () {
const settings = {
server: {
ssl: {}
}
};
const result = transformDeprecations(settings);
expect(result.server.ssl.enabled).toBe(undefined);
});
it(`doesn't log a message when not automatically setting enabled`, function () {
const settings = {
server: {
ssl: {}
}
};
const log = sinon.spy();
transformDeprecations(settings, log);
expect(log.called).toBe(false);
});
});
describe('savedObjects.indexCheckTimeout', () => {
it('removes the indexCheckTimeout and savedObjects properties', () => {