diff --git a/docs/development/core/public/kibana-plugin-core-public.doclinksstart.links.md b/docs/development/core/public/kibana-plugin-core-public.doclinksstart.links.md index 73efed79324fea..01e7beae61ce8c 100644 --- a/docs/development/core/public/kibana-plugin-core-public.doclinksstart.links.md +++ b/docs/development/core/public/kibana-plugin-core-public.doclinksstart.links.md @@ -211,6 +211,7 @@ readonly links: { clusterPrivileges: string; elasticsearchSettings: string; elasticsearchEnableSecurity: string; + elasticsearchEnableApiKeys: string; indicesPrivileges: string; kibanaTLS: string; kibanaPrivileges: string; diff --git a/docs/user/alerting/alerting-setup.asciidoc b/docs/user/alerting/alerting-setup.asciidoc index 3b9868178fa8db..9aae3a27cf373f 100644 --- a/docs/user/alerting/alerting-setup.asciidoc +++ b/docs/user/alerting/alerting-setup.asciidoc @@ -17,8 +17,7 @@ If you are using an *on-premises* Elastic Stack deployment: If you are using an *on-premises* Elastic Stack deployment with <>: -* You must enable Transport Layer Security (TLS) for communication <>. {kib} alerting uses <> to secure background rule checks and actions, and API keys require {ref}/configuring-tls.html#tls-http[TLS on the HTTP interface]. A proxy will not suffice. -* If you have enabled TLS and are still unable to access Alerting, ensure that you have not {ref}/security-settings.html#api-key-service-settings[explicitly disabled API keys]. +* If you are unable to access Alerting, ensure that you have not {ref}/security-settings.html#api-key-service-settings[explicitly disabled API keys]. The Alerting framework uses queries that require the `search.allow_expensive_queries` setting to be `true`. See the scripts {ref}/query-dsl-script-query.html#_allow_expensive_queries_4[documentation]. diff --git a/src/core/public/doc_links/doc_links_service.ts b/src/core/public/doc_links/doc_links_service.ts index 91ad1854479865..87b05eeafc5684 100644 --- a/src/core/public/doc_links/doc_links_service.ts +++ b/src/core/public/doc_links/doc_links_service.ts @@ -357,6 +357,7 @@ export class DocLinksService { clusterPrivileges: `${ELASTICSEARCH_DOCS}security-privileges.html#privileges-list-cluster`, elasticsearchSettings: `${ELASTICSEARCH_DOCS}security-settings.html`, elasticsearchEnableSecurity: `${ELASTICSEARCH_DOCS}configuring-stack-security.html`, + elasticsearchEnableApiKeys: `${ELASTICSEARCH_DOCS}security-settings.html#api-key-service-settings`, indicesPrivileges: `${ELASTICSEARCH_DOCS}security-privileges.html#privileges-list-indices`, kibanaTLS: `${ELASTICSEARCH_DOCS}security-basic-setup.html#encrypt-internode-communication`, kibanaPrivileges: `${KIBANA_DOCS}kibana-privileges.html`, @@ -715,6 +716,7 @@ export interface DocLinksStart { clusterPrivileges: string; elasticsearchSettings: string; elasticsearchEnableSecurity: string; + elasticsearchEnableApiKeys: string; indicesPrivileges: string; kibanaTLS: string; kibanaPrivileges: string; diff --git a/src/core/public/public.api.md b/src/core/public/public.api.md index 508299686b0d92..353e5aa4607e4b 100644 --- a/src/core/public/public.api.md +++ b/src/core/public/public.api.md @@ -680,6 +680,7 @@ export interface DocLinksStart { clusterPrivileges: string; elasticsearchSettings: string; elasticsearchEnableSecurity: string; + elasticsearchEnableApiKeys: string; indicesPrivileges: string; kibanaTLS: string; kibanaPrivileges: string; diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index f831f3b91eaa5c..a03bcec2865166 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -24980,15 +24980,8 @@ "xpack.triggersActionsUI.components.healthCheck.alertsErrorAction": "方法を確認してください。", "xpack.triggersActionsUI.components.healthCheck.alertsErrorTitle": "アラートとアクションを有効にする必要があります", "xpack.triggersActionsUI.components.healthCheck.encryptionErrorAction": "方法を確認してください。", - "xpack.triggersActionsUI.components.healthCheck.encryptionErrorAfterKey": " kibana.ymlファイルで、暗号化された保存されたプラグインが有効になっていることを確認してください。", "xpack.triggersActionsUI.components.healthCheck.encryptionErrorBeforeKey": "ルールを作成するには、値を設定します ", "xpack.triggersActionsUI.components.healthCheck.encryptionErrorTitle": "暗号化された保存されたオブジェクトがありません", - "xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionError": "KibanaとElasticsearchの間でトランスポートレイヤーセキュリティを有効にし、kibana.ymlファイルで暗号化鍵を構成する必要があります。", - "xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionErrorAction": "方法を確認してください。", - "xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionErrorTitle": "追加の設定が必要です", - "xpack.triggersActionsUI.components.healthCheck.tlsError": "アラートはAPIキーに依存し、キーを使用するにはElasticsearchとKibanaの間にTLSが必要です。", - "xpack.triggersActionsUI.components.healthCheck.tlsErrorAction": "TLSを有効にする方法をご覧ください。", - "xpack.triggersActionsUI.components.healthCheck.tlsErrorTitle": "トランスポートレイヤーセキュリティとAPIキーを有効にする必要があります", "xpack.triggersActionsUI.connectors.breadcrumbTitle": "コネクター", "xpack.triggersActionsUI.data.coreQueryParams.aggTypeRequiredErrorMessage": "[aggType]が「{aggType}」のときには[aggField]に値が必要です", "xpack.triggersActionsUI.data.coreQueryParams.dateStartGTdateEndErrorMessage": "[dateStart]が[dateEnd]よりも大です", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 5fbcd26340be3a..1b7b6ec4764b25 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -25406,15 +25406,8 @@ "xpack.triggersActionsUI.components.healthCheck.alertsErrorAction": "了解操作方法。", "xpack.triggersActionsUI.components.healthCheck.alertsErrorTitle": "必须启用“告警和操作”", "xpack.triggersActionsUI.components.healthCheck.encryptionErrorAction": "了解操作方法。", - "xpack.triggersActionsUI.components.healthCheck.encryptionErrorAfterKey": " 设置值,并确保启用加密已保存对象插件。", "xpack.triggersActionsUI.components.healthCheck.encryptionErrorBeforeKey": "要创建规则,请在 kibana.yml 文件中为: ", "xpack.triggersActionsUI.components.healthCheck.encryptionErrorTitle": "加密已保存对象不可用", - "xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionError": "必须在 Kibana 和 Elasticsearch 之间启用传输层安全并在 kibana.yml 文件中配置加密密钥。", - "xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionErrorAction": "了解操作方法。", - "xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionErrorTitle": "需要其他设置", - "xpack.triggersActionsUI.components.healthCheck.tlsError": "Alerting 功能依赖于 API 密钥,这需要在 Elasticsearch 与 Kibana 之间启用 TLS。", - "xpack.triggersActionsUI.components.healthCheck.tlsErrorAction": "了解如何启用 TLS。", - "xpack.triggersActionsUI.components.healthCheck.tlsErrorTitle": "必须启用传输层安全和 API 密钥", "xpack.triggersActionsUI.connectors.breadcrumbTitle": "连接器", "xpack.triggersActionsUI.data.coreQueryParams.aggTypeRequiredErrorMessage": "[aggField]:当 [aggType] 为“{aggType}”时必须有值", "xpack.triggersActionsUI.data.coreQueryParams.dateStartGTdateEndErrorMessage": "[dateStart]:晚于 [dateEnd]", diff --git a/x-pack/plugins/triggers_actions_ui/public/application/components/health_check.test.tsx b/x-pack/plugins/triggers_actions_ui/public/application/components/health_check.test.tsx index ff5992a6542b7b..4192ee1a75a8f5 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/components/health_check.test.tsx +++ b/x-pack/plugins/triggers_actions_ui/public/application/components/health_check.test.tsx @@ -81,7 +81,7 @@ describe('health check', () => { expect(queryByText('should render')).toBeInTheDocument(); }); - test('renders warning if TLS is required', async () => { + test('renders warning if API keys are disabled', async () => { useKibanaMock().services.http.get = jest.fn().mockImplementation(async () => ({ is_sufficiently_secure: false, has_permanent_encryption_key: true, @@ -103,18 +103,17 @@ describe('health check', () => { // wait for useEffect to run }); - const [description, action] = queryAllByText(/TLS/i); + const [description] = queryAllByText(/API keys/i); + const [action] = queryAllByText(/Learn more/i); expect(description.textContent).toMatchInlineSnapshot( - `"Alerting relies on API keys, which require TLS between Elasticsearch and Kibana. Learn how to enable TLS.(opens in a new tab or window)"` + `"You must enable API keys to use Alerting. Learn more.(opens in a new tab or window)"` ); - expect(action.textContent).toMatchInlineSnapshot( - `"Learn how to enable TLS.(opens in a new tab or window)"` - ); + expect(action.textContent).toMatchInlineSnapshot(`"Learn more.(opens in a new tab or window)"`); expect(action.getAttribute('href')).toMatchInlineSnapshot( - `"https://www.elastic.co/guide/en/elasticsearch/reference/mocked-test-branch/security-basic-setup.html#encrypt-internode-communication"` + `"https://www.elastic.co/guide/en/elasticsearch/reference/mocked-test-branch/security-settings.html#api-key-service-settings"` ); }); @@ -142,11 +141,13 @@ describe('health check', () => { const description = queryByRole(/banner/i); expect(description!.textContent).toMatchInlineSnapshot( - `"To create a rule, set a value for xpack.encryptedSavedObjects.encryptionKey in your kibana.yml file and ensure the Encrypted Saved Objects plugin is enabled. Learn how.(opens in a new tab or window)"` + `"You must configure an encryption key to use Alerting. Learn more.(opens in a new tab or window)"` ); const action = queryByText(/Learn/i); - expect(action!.textContent).toMatchInlineSnapshot(`"Learn how.(opens in a new tab or window)"`); + expect(action!.textContent).toMatchInlineSnapshot( + `"Learn more.(opens in a new tab or window)"` + ); expect(action!.getAttribute('href')).toMatchInlineSnapshot( `"https://www.elastic.co/guide/en/kibana/mocked-test-branch/alert-action-settings-kb.html#general-alert-action-settings"` ); @@ -175,14 +176,16 @@ describe('health check', () => { // wait for useEffect to run }); - const description = queryByText(/Transport Layer Security/i); + const description = queryByText(/You must enable/i); expect(description!.textContent).toMatchInlineSnapshot( - `"You must enable Transport Layer Security between Kibana and Elasticsearch and configure an encryption key in your kibana.yml file. Learn how.(opens in a new tab or window)"` + `"You must enable API keys and configure an encryption key to use Alerting. Learn more.(opens in a new tab or window)"` ); const action = queryByText(/Learn/i); - expect(action!.textContent).toMatchInlineSnapshot(`"Learn how.(opens in a new tab or window)"`); + expect(action!.textContent).toMatchInlineSnapshot( + `"Learn more.(opens in a new tab or window)"` + ); expect(action!.getAttribute('href')).toMatchInlineSnapshot( `"https://www.elastic.co/guide/en/kibana/mocked-test-branch/alerting-setup.html#alerting-prerequisites"` ); diff --git a/x-pack/plugins/triggers_actions_ui/public/application/components/health_check.tsx b/x-pack/plugins/triggers_actions_ui/public/application/components/health_check.tsx index f990e12ed76e58..835c64ee0a05b6 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/components/health_check.tsx +++ b/x-pack/plugins/triggers_actions_ui/public/application/components/health_check.tsx @@ -13,7 +13,7 @@ import { FormattedMessage } from '@kbn/i18n/react'; import { EuiLink, EuiSpacer } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; -import { EuiEmptyPrompt, EuiCode } from '@elastic/eui'; +import { EuiEmptyPrompt } from '@elastic/eui'; import { DocLinksStart } from 'kibana/public'; import './health_check.scss'; import { useHealthContext } from '../context/health_context'; @@ -82,11 +82,11 @@ export const HealthCheck: React.FunctionComponent = ({ ) : !healthCheck.isAlertsAvailable ? ( ) : !healthCheck.isSufficientlySecure && !healthCheck.hasPermanentEncryptionKey ? ( - + ) : !healthCheck.hasPermanentEncryptionKey ? ( ) : ( - + ); } ) @@ -108,7 +108,7 @@ const EncryptionError = ({ docLinks, className }: PromptErrorProps) => (

} @@ -118,22 +118,14 @@ const EncryptionError = ({ docLinks, className }: PromptErrorProps) => ( {i18n.translate( 'xpack.triggersActionsUI.components.healthCheck.encryptionErrorBeforeKey', { - defaultMessage: 'To create a rule, set a value for ', - } - )} - {'xpack.encryptedSavedObjects.encryptionKey'} - {i18n.translate( - 'xpack.triggersActionsUI.components.healthCheck.encryptionErrorAfterKey', - { - defaultMessage: - ' in your kibana.yml file and ensure the Encrypted Saved Objects plugin is enabled. ', + defaultMessage: 'You must configure an encryption key to use Alerting. ', } )} {i18n.translate( 'xpack.triggersActionsUI.components.healthCheck.encryptionErrorAction', { - defaultMessage: 'Learn how.', + defaultMessage: 'Learn more.', } )} @@ -143,7 +135,7 @@ const EncryptionError = ({ docLinks, className }: PromptErrorProps) => ( /> ); -const TlsError = ({ docLinks, className }: PromptErrorProps) => ( +const ApiKeysDisabledError = ({ docLinks, className }: PromptErrorProps) => ( ( title={

} body={

- {i18n.translate('xpack.triggersActionsUI.components.healthCheck.tlsError', { - defaultMessage: - 'Alerting relies on API keys, which require TLS between Elasticsearch and Kibana. ', + {i18n.translate('xpack.triggersActionsUI.components.healthCheck.apiKeysDisabledError', { + defaultMessage: 'You must enable API keys to use Alerting. ', })} - - {i18n.translate('xpack.triggersActionsUI.components.healthCheck.tlsErrorAction', { - defaultMessage: 'Learn how to enable TLS.', - })} + + {i18n.translate( + 'xpack.triggersActionsUI.components.healthCheck.apiKeysDisabledErrorAction', + { + defaultMessage: 'Learn more.', + } + )}

@@ -206,7 +204,7 @@ const AlertsError = ({ docLinks, className }: PromptErrorProps) => ( /> ); -const TlsAndEncryptionError = ({ docLinks, className }: PromptErrorProps) => ( +const ApiKeysAndEncryptionError = ({ docLinks, className }: PromptErrorProps) => ( ( title={

@@ -223,15 +221,18 @@ const TlsAndEncryptionError = ({ docLinks, className }: PromptErrorProps) => ( body={

- {i18n.translate('xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionError', { - defaultMessage: - 'You must enable Transport Layer Security between Kibana and Elasticsearch and configure an encryption key in your kibana.yml file. ', - })} + {i18n.translate( + 'xpack.triggersActionsUI.components.healthCheck.apiKeysAndEncryptionError', + { + defaultMessage: + 'You must enable API keys and configure an encryption key to use Alerting. ', + } + )} {i18n.translate( - 'xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionErrorAction', + 'xpack.triggersActionsUI.components.healthCheck.apiKeysAndEncryptionErrorAction', { - defaultMessage: 'Learn how.', + defaultMessage: 'Learn more.', } )}