elastic · mikecote · Oct 19, 2021 · Oct 15, 2021 · Oct 15, 2021 · Oct 15, 2021
diff --git a/docs/development/core/public/kibana-plugin-core-public.doclinksstart.links.md b/docs/development/core/public/kibana-plugin-core-public.doclinksstart.links.md
@@ -211,6 +211,7 @@ readonly links: {
             clusterPrivileges: string;
             elasticsearchSettings: string;
             elasticsearchEnableSecurity: string;
+            elasticsearchEnableApiKeys: string;
             indicesPrivileges: string;
             kibanaTLS: string;
             kibanaPrivileges: string;

diff --git a/docs/user/alerting/alerting-setup.asciidoc b/docs/user/alerting/alerting-setup.asciidoc
@@ -17,8 +17,7 @@ If you are using an *on-premises* Elastic Stack deployment:
 
 If you are using an *on-premises* Elastic Stack deployment with <<using-kibana-with-security, *security*>>:
 
-* You must enable Transport Layer Security (TLS) for communication <<configuring-tls-kib-es, between {es} and {kib}>>. {kib} alerting uses <<api-keys, API keys>> to secure background rule checks and actions, and API keys require {ref}/configuring-tls.html#tls-http[TLS on the HTTP interface]. A proxy will not suffice.
-* If you have enabled TLS and are still unable to access Alerting, ensure that you have not {ref}/security-settings.html#api-key-service-settings[explicitly disabled API keys].
+* If you are unable to access Alerting, ensure that you have not {ref}/security-settings.html#api-key-service-settings[explicitly disabled API keys].
 
 The Alerting framework uses queries that require the `search.allow_expensive_queries` setting to be `true`. See the scripts {ref}/query-dsl-script-query.html#_allow_expensive_queries_4[documentation]. 
 

diff --git a/src/core/public/doc_links/doc_links_service.ts b/src/core/public/doc_links/doc_links_service.ts
@@ -357,6 +357,7 @@ export class DocLinksService {
           clusterPrivileges: `${ELASTICSEARCH_DOCS}security-privileges.html#privileges-list-cluster`,
           elasticsearchSettings: `${ELASTICSEARCH_DOCS}security-settings.html`,
           elasticsearchEnableSecurity: `${ELASTICSEARCH_DOCS}configuring-stack-security.html`,
+          elasticsearchEnableApiKeys: `${ELASTICSEARCH_DOCS}security-settings.html#api-key-service-settings`,
           indicesPrivileges: `${ELASTICSEARCH_DOCS}security-privileges.html#privileges-list-indices`,
           kibanaTLS: `${ELASTICSEARCH_DOCS}security-basic-setup.html#encrypt-internode-communication`,
           kibanaPrivileges: `${KIBANA_DOCS}kibana-privileges.html`,
@@ -715,6 +716,7 @@ export interface DocLinksStart {
       clusterPrivileges: string;
       elasticsearchSettings: string;
       elasticsearchEnableSecurity: string;
+      elasticsearchEnableApiKeys: string;
       indicesPrivileges: string;
       kibanaTLS: string;
       kibanaPrivileges: string;

diff --git a/src/core/public/public.api.md b/src/core/public/public.api.md
@@ -680,6 +680,7 @@ export interface DocLinksStart {
             clusterPrivileges: string;
             elasticsearchSettings: string;
             elasticsearchEnableSecurity: string;
+            elasticsearchEnableApiKeys: string;
             indicesPrivileges: string;
             kibanaTLS: string;
             kibanaPrivileges: string;

diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
@@ -24980,15 +24980,8 @@
     "xpack.triggersActionsUI.components.healthCheck.alertsErrorAction": "方法を確認してください。",
     "xpack.triggersActionsUI.components.healthCheck.alertsErrorTitle": "アラートとアクションを有効にする必要があります",
     "xpack.triggersActionsUI.components.healthCheck.encryptionErrorAction": "方法を確認してください。",
-    "xpack.triggersActionsUI.components.healthCheck.encryptionErrorAfterKey": " kibana.ymlファイルで、暗号化された保存されたプラグインが有効になっていることを確認してください。",
     "xpack.triggersActionsUI.components.healthCheck.encryptionErrorBeforeKey": "ルールを作成するには、値を設定します ",
     "xpack.triggersActionsUI.components.healthCheck.encryptionErrorTitle": "暗号化された保存されたオブジェクトがありません",
-    "xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionError": "KibanaとElasticsearchの間でトランスポートレイヤーセキュリティを有効にし、kibana.ymlファイルで暗号化鍵を構成する必要があります。",
-    "xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionErrorAction": "方法を確認してください。",
-    "xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionErrorTitle": "追加の設定が必要です",
-    "xpack.triggersActionsUI.components.healthCheck.tlsError": "アラートはAPIキーに依存し、キーを使用するにはElasticsearchとKibanaの間にTLSが必要です。",
-    "xpack.triggersActionsUI.components.healthCheck.tlsErrorAction": "TLSを有効にする方法をご覧ください。",
-    "xpack.triggersActionsUI.components.healthCheck.tlsErrorTitle": "トランスポートレイヤーセキュリティとAPIキーを有効にする必要があります",
     "xpack.triggersActionsUI.connectors.breadcrumbTitle": "コネクター",
     "xpack.triggersActionsUI.data.coreQueryParams.aggTypeRequiredErrorMessage": "[aggType]が「{aggType}」のときには[aggField]に値が必要です",
     "xpack.triggersActionsUI.data.coreQueryParams.dateStartGTdateEndErrorMessage": "[dateStart]が[dateEnd]よりも大です",

diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
@@ -25406,15 +25406,8 @@
     "xpack.triggersActionsUI.components.healthCheck.alertsErrorAction": "了解操作方法。",
     "xpack.triggersActionsUI.components.healthCheck.alertsErrorTitle": "必须启用“告警和操作”",
     "xpack.triggersActionsUI.components.healthCheck.encryptionErrorAction": "了解操作方法。",
-    "xpack.triggersActionsUI.components.healthCheck.encryptionErrorAfterKey": " 设置值，并确保启用加密已保存对象插件。",
     "xpack.triggersActionsUI.components.healthCheck.encryptionErrorBeforeKey": "要创建规则，请在 kibana.yml 文件中为： ",
     "xpack.triggersActionsUI.components.healthCheck.encryptionErrorTitle": "加密已保存对象不可用",
-    "xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionError": "必须在 Kibana 和 Elasticsearch 之间启用传输层安全并在 kibana.yml 文件中配置加密密钥。",
-    "xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionErrorAction": "了解操作方法。",
-    "xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionErrorTitle": "需要其他设置",
-    "xpack.triggersActionsUI.components.healthCheck.tlsError": "Alerting 功能依赖于 API 密钥，这需要在 Elasticsearch 与 Kibana 之间启用 TLS。",
-    "xpack.triggersActionsUI.components.healthCheck.tlsErrorAction": "了解如何启用 TLS。",
-    "xpack.triggersActionsUI.components.healthCheck.tlsErrorTitle": "必须启用传输层安全和 API 密钥",
     "xpack.triggersActionsUI.connectors.breadcrumbTitle": "连接器",
     "xpack.triggersActionsUI.data.coreQueryParams.aggTypeRequiredErrorMessage": "[aggField]：当 [aggType] 为“{aggType}”时必须有值",
     "xpack.triggersActionsUI.data.coreQueryParams.dateStartGTdateEndErrorMessage": "[dateStart]：晚于 [dateEnd]",

diff --git a/x-pack/plugins/triggers_actions_ui/public/application/components/health_check.test.tsx b/x-pack/plugins/triggers_actions_ui/public/application/components/health_check.test.tsx
@@ -81,7 +81,7 @@ describe('health check', () => {
     expect(queryByText('should render')).toBeInTheDocument();
   });
 
-  test('renders warning if TLS is required', async () => {
+  test('renders warning if API keys are disabled', async () => {
     useKibanaMock().services.http.get = jest.fn().mockImplementation(async () => ({
       is_sufficiently_secure: false,
       has_permanent_encryption_key: true,
@@ -103,18 +103,17 @@ describe('health check', () => {
       // wait for useEffect to run
     });
 
-    const [description, action] = queryAllByText(/TLS/i);
+    const [description] = queryAllByText(/API keys/i);
+    const [action] = queryAllByText(/Learn more/i);
 
     expect(description.textContent).toMatchInlineSnapshot(
-      `"Alerting relies on API keys, which require TLS between Elasticsearch and Kibana. Learn how to enable TLS.(opens in a new tab or window)"`
+      `"You must enable API keys to use Alerting. Learn more.(opens in a new tab or window)"`
     );
 
-    expect(action.textContent).toMatchInlineSnapshot(
-      `"Learn how to enable TLS.(opens in a new tab or window)"`
-    );
+    expect(action.textContent).toMatchInlineSnapshot(`"Learn more.(opens in a new tab or window)"`);
 
     expect(action.getAttribute('href')).toMatchInlineSnapshot(
-      `"https://www.elastic.co/guide/en/elasticsearch/reference/mocked-test-branch/security-basic-setup.html#encrypt-internode-communication"`
+      `"https://www.elastic.co/guide/en/elasticsearch/reference/mocked-test-branch/security-settings.html#api-key-service-settings"`
     );
   });
 
@@ -142,11 +141,13 @@ describe('health check', () => {
 
     const description = queryByRole(/banner/i);
     expect(description!.textContent).toMatchInlineSnapshot(
-      `"To create a rule, set a value for xpack.encryptedSavedObjects.encryptionKey in your kibana.yml file and ensure the Encrypted Saved Objects plugin is enabled. Learn how.(opens in a new tab or window)"`
+      `"You must configure an encryption key to use Alerting. Learn more.(opens in a new tab or window)"`
     );
 
     const action = queryByText(/Learn/i);
-    expect(action!.textContent).toMatchInlineSnapshot(`"Learn how.(opens in a new tab or window)"`);
+    expect(action!.textContent).toMatchInlineSnapshot(
+      `"Learn more.(opens in a new tab or window)"`
+    );
     expect(action!.getAttribute('href')).toMatchInlineSnapshot(
       `"https://www.elastic.co/guide/en/kibana/mocked-test-branch/alert-action-settings-kb.html#general-alert-action-settings"`
     );
@@ -175,14 +176,16 @@ describe('health check', () => {
       // wait for useEffect to run
     });
 
-    const description = queryByText(/Transport Layer Security/i);
+    const description = queryByText(/You must enable/i);
 
     expect(description!.textContent).toMatchInlineSnapshot(
-      `"You must enable Transport Layer Security between Kibana and Elasticsearch and configure an encryption key in your kibana.yml file. Learn how.(opens in a new tab or window)"`
+      `"You must enable API keys and configure an encryption key to use Alerting. Learn more.(opens in a new tab or window)"`
     );
 
     const action = queryByText(/Learn/i);
-    expect(action!.textContent).toMatchInlineSnapshot(`"Learn how.(opens in a new tab or window)"`);
+    expect(action!.textContent).toMatchInlineSnapshot(
+      `"Learn more.(opens in a new tab or window)"`
+    );
     expect(action!.getAttribute('href')).toMatchInlineSnapshot(
       `"https://www.elastic.co/guide/en/kibana/mocked-test-branch/alerting-setup.html#alerting-prerequisites"`
     );

diff --git a/x-pack/plugins/triggers_actions_ui/public/application/components/health_check.tsx b/x-pack/plugins/triggers_actions_ui/public/application/components/health_check.tsx
@@ -13,7 +13,7 @@ import { FormattedMessage } from '@kbn/i18n/react';
 import { EuiLink, EuiSpacer } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 
-import { EuiEmptyPrompt, EuiCode } from '@elastic/eui';
+import { EuiEmptyPrompt } from '@elastic/eui';
 import { DocLinksStart } from 'kibana/public';
 import './health_check.scss';
 import { useHealthContext } from '../context/health_context';
@@ -82,11 +82,11 @@ export const HealthCheck: React.FunctionComponent<Props> = ({
         ) : !healthCheck.isAlertsAvailable ? (
           <AlertsError docLinks={docLinks} className={className} />
         ) : !healthCheck.isSufficientlySecure && !healthCheck.hasPermanentEncryptionKey ? (
-          <TlsAndEncryptionError docLinks={docLinks} className={className} />
+          <ApiKeysAndEncryptionError docLinks={docLinks} className={className} />
         ) : !healthCheck.hasPermanentEncryptionKey ? (
           <EncryptionError docLinks={docLinks} className={className} />
         ) : (
-          <TlsError docLinks={docLinks} className={className} />
+          <ApiKeysDisabledError docLinks={docLinks} className={className} />
         );
       }
     )
@@ -108,7 +108,7 @@ const EncryptionError = ({ docLinks, className }: PromptErrorProps) => (
       <h2>
         <FormattedMessage
           id="xpack.triggersActionsUI.components.healthCheck.encryptionErrorTitle"
-          defaultMessage="Encrypted saved objects are not available"
+          defaultMessage="Additional setup required"
         />
       </h2>
     }
@@ -118,22 +118,14 @@ const EncryptionError = ({ docLinks, className }: PromptErrorProps) => (
           {i18n.translate(
             'xpack.triggersActionsUI.components.healthCheck.encryptionErrorBeforeKey',
             {
-              defaultMessage: 'To create a rule, set a value for ',
-            }
-          )}
-          <EuiCode>{'xpack.encryptedSavedObjects.encryptionKey'}</EuiCode>
-          {i18n.translate(
-            'xpack.triggersActionsUI.components.healthCheck.encryptionErrorAfterKey',
-            {
-              defaultMessage:
-                ' in your kibana.yml file and ensure the Encrypted Saved Objects plugin is enabled. ',
+              defaultMessage: 'You must configure an encryption key to use Alerting. ',
             }
           )}
           <EuiLink href={docLinks.links.alerting.generalSettings} external target="_blank">
             {i18n.translate(
               'xpack.triggersActionsUI.components.healthCheck.encryptionErrorAction',
               {
-                defaultMessage: 'Learn how.',
+                defaultMessage: 'Learn more.',
               }
             )}
           </EuiLink>
@@ -143,7 +135,7 @@ const EncryptionError = ({ docLinks, className }: PromptErrorProps) => (
   />
 );
 
-const TlsError = ({ docLinks, className }: PromptErrorProps) => (
+const ApiKeysDisabledError = ({ docLinks, className }: PromptErrorProps) => (
   <EuiEmptyPrompt
     iconType="watchesApp"
     data-test-subj="actionNeededEmptyPrompt"
@@ -152,22 +144,28 @@ const TlsError = ({ docLinks, className }: PromptErrorProps) => (
     title={
       <h2>
         <FormattedMessage
-          id="xpack.triggersActionsUI.components.healthCheck.tlsErrorTitle"
-          defaultMessage="You must enable Transport Layer Security and API keys"
+          id="xpack.triggersActionsUI.components.healthCheck.apiKeysDisabledErrorTitle"
+          defaultMessage="Additional setup required"
         />
       </h2>
     }
     body={
       <div className={`${className}__body`}>
         <p role="banner">
-          {i18n.translate('xpack.triggersActionsUI.components.healthCheck.tlsError', {
-            defaultMessage:
-              'Alerting relies on API keys, which require TLS between Elasticsearch and Kibana. ',
+          {i18n.translate('xpack.triggersActionsUI.components.healthCheck.apiKeysDisabledError', {
+            defaultMessage: 'You must enable API keys to use Alerting. ',
           })}
-          <EuiLink href={docLinks.links.security.kibanaTLS} external target="_blank">
-            {i18n.translate('xpack.triggersActionsUI.components.healthCheck.tlsErrorAction', {
-              defaultMessage: 'Learn how to enable TLS.',
-            })}
+          <EuiLink
+            href={docLinks.links.security.elasticsearchEnableApiKeys}
+            external
+            target="_blank"
+          >
+            {i18n.translate(
+              'xpack.triggersActionsUI.components.healthCheck.apiKeysDisabledErrorAction',
+              {
+                defaultMessage: 'Learn more.',
+              }
+            )}
           </EuiLink>
         </p>
       </div>
@@ -206,7 +204,7 @@ const AlertsError = ({ docLinks, className }: PromptErrorProps) => (
   />
 );
 
-const TlsAndEncryptionError = ({ docLinks, className }: PromptErrorProps) => (
+const ApiKeysAndEncryptionError = ({ docLinks, className }: PromptErrorProps) => (
   <EuiEmptyPrompt
     iconType="watchesApp"
     data-test-subj="actionNeededEmptyPrompt"
@@ -215,23 +213,26 @@ const TlsAndEncryptionError = ({ docLinks, className }: PromptErrorProps) => (
     title={
       <h2>
         <FormattedMessage
-          id="xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionErrorTitle"
+          id="xpack.triggersActionsUI.components.healthCheck.apiKeysAndEncryptionErrorTitle"
           defaultMessage="Additional setup required"
         />
       </h2>
     }
     body={
       <div className={`${className}__body`}>
         <p role="banner">
-          {i18n.translate('xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionError', {
-            defaultMessage:
-              'You must enable Transport Layer Security between Kibana and Elasticsearch and configure an encryption key in your kibana.yml file. ',
-          })}
+          {i18n.translate(
+            'xpack.triggersActionsUI.components.healthCheck.apiKeysAndEncryptionError',
+            {
+              defaultMessage:
+                'You must enable API keys and configure an encryption key to use Alerting. ',
+            }
+          )}
           <EuiLink href={docLinks.links.alerting.setupPrerequisites} external target="_blank">
             {i18n.translate(
-              'xpack.triggersActionsUI.components.healthCheck.tlsAndEncryptionErrorAction',
+              'xpack.triggersActionsUI.components.healthCheck.apiKeysAndEncryptionErrorAction',
               {
-                defaultMessage: 'Learn how.',
+                defaultMessage: 'Learn more.',
               }
             )}
           </EuiLink>