diff --git a/config/kibana.yml b/config/kibana.yml
index 0780841ca057e..8725888159506 100644
--- a/config/kibana.yml
+++ b/config/kibana.yml
@@ -40,7 +40,7 @@
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
-#elasticsearch.username: "kibana"
+#elasticsearch.username: "kibana_system"
#elasticsearch.password: "pass"
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
diff --git a/docs/user/security/securing-kibana.asciidoc b/docs/user/security/securing-kibana.asciidoc
index 24aacd6a47626..f4178bacb111e 100644
--- a/docs/user/security/securing-kibana.asciidoc
+++ b/docs/user/security/securing-kibana.asciidoc
@@ -31,14 +31,14 @@ file:
[source,yaml]
-----------------------------------------------
-elasticsearch.username: "kibana"
+elasticsearch.username: "kibana_system"
elasticsearch.password: "kibanapassword"
-----------------------------------------------
The {kib} server submits requests as this user to access the cluster monitoring
APIs and the `.kibana` index. The server does _not_ need access to user indices.
-The password for the built-in `kibana` user is typically set as part of the
+The password for the built-in `kibana_system` user is typically set as part of the
{security} configuration process on {es}. For more information, see
{ref}/built-in-users.html[Built-in users].
--
diff --git a/packages/kbn-es/src/utils/native_realm.test.js b/packages/kbn-es/src/utils/native_realm.test.js
index 99c7ed1623014..54732f7136fcc 100644
--- a/packages/kbn-es/src/utils/native_realm.test.js
+++ b/packages/kbn-es/src/utils/native_realm.test.js
@@ -109,7 +109,7 @@ describe('setPasswords', () => {
mockClient.security.getUser.mockImplementation(() => ({
body: {
- kibana: {
+ kibana_system: {
metadata: {
_reserved: true,
},
@@ -138,7 +138,7 @@ describe('setPasswords', () => {
}));
await nativeRealm.setPasswords({
- 'password.kibana': 'bar',
+ 'password.kibana_system': 'bar',
});
expect(mockClient.security.changePassword.mock.calls).toMatchInlineSnapshot(`
@@ -149,7 +149,7 @@ Array [
"password": "bar",
},
"refresh": "wait_for",
- "username": "kibana",
+ "username": "kibana_system",
},
],
Array [
@@ -188,7 +188,7 @@ describe('getReservedUsers', () => {
it('returns array of reserved usernames', async () => {
mockClient.security.getUser.mockImplementation(() => ({
body: {
- kibana: {
+ kibana_system: {
metadata: {
_reserved: true,
},
@@ -206,17 +206,17 @@ describe('getReservedUsers', () => {
},
}));
- expect(await nativeRealm.getReservedUsers()).toEqual(['kibana', 'logstash_system']);
+ expect(await nativeRealm.getReservedUsers()).toEqual(['kibana_system', 'logstash_system']);
});
});
describe('setPassword', () => {
it('sets password for provided user', async () => {
- await nativeRealm.setPassword('kibana', 'foo');
+ await nativeRealm.setPassword('kibana_system', 'foo');
expect(mockClient.security.changePassword).toHaveBeenCalledWith({
body: { password: 'foo' },
refresh: 'wait_for',
- username: 'kibana',
+ username: 'kibana_system',
});
});
@@ -226,7 +226,7 @@ describe('setPassword', () => {
});
await expect(
- nativeRealm.setPassword('kibana', 'foo')
+ nativeRealm.setPassword('kibana_system', 'foo')
).rejects.toThrowErrorMatchingInlineSnapshot(`"SomeError"`);
});
});
diff --git a/src/cli/serve/serve.js b/src/cli/serve/serve.js
index 29d0fe16ee126..471939121143a 100644
--- a/src/cli/serve/serve.js
+++ b/src/cli/serve/serve.js
@@ -79,7 +79,7 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
set('optimize.watch', true);
if (!has('elasticsearch.username')) {
- set('elasticsearch.username', 'kibana');
+ set('elasticsearch.username', 'kibana_system');
}
if (!has('elasticsearch.password')) {
diff --git a/src/core/server/elasticsearch/__snapshots__/elasticsearch_config.test.ts.snap b/src/core/server/elasticsearch/__snapshots__/elasticsearch_config.test.ts.snap
index e81336c8863f5..75627f311d9a5 100644
--- a/src/core/server/elasticsearch/__snapshots__/elasticsearch_config.test.ts.snap
+++ b/src/core/server/elasticsearch/__snapshots__/elasticsearch_config.test.ts.snap
@@ -1,3 +1,3 @@
// Jest Snapshot v1, https://goo.gl/fbAQLP
-exports[`#username throws if equal to "elastic", only while running from source 1`] = `"[username]: value of \\"elastic\\" is forbidden. This is a superuser account that can obfuscate privilege-related issues. You should use the \\"kibana\\" user instead."`;
+exports[`#username throws if equal to "elastic", only while running from source 1`] = `"[username]: value of \\"elastic\\" is forbidden. This is a superuser account that can obfuscate privilege-related issues. You should use the \\"kibana_system\\" user instead."`;
diff --git a/src/core/server/elasticsearch/elasticsearch_config.test.ts b/src/core/server/elasticsearch/elasticsearch_config.test.ts
index de3f57298f461..cb4501a51e849 100644
--- a/src/core/server/elasticsearch/elasticsearch_config.test.ts
+++ b/src/core/server/elasticsearch/elasticsearch_config.test.ts
@@ -315,12 +315,21 @@ describe('deprecations', () => {
const { messages } = applyElasticsearchDeprecations({ username: 'elastic' });
expect(messages).toMatchInlineSnapshot(`
Array [
- "Setting [${CONFIG_PATH}.username] to \\"elastic\\" is deprecated. You should use the \\"kibana\\" user instead.",
+ "Setting [${CONFIG_PATH}.username] to \\"elastic\\" is deprecated. You should use the \\"kibana_system\\" user instead.",
]
`);
});
- it('does not log a warning if elasticsearch.username is set to something besides "elastic"', () => {
+ it('logs a warning if elasticsearch.username is set to "kibana"', () => {
+ const { messages } = applyElasticsearchDeprecations({ username: 'kibana' });
+ expect(messages).toMatchInlineSnapshot(`
+ Array [
+ "Setting [${CONFIG_PATH}.username] to \\"kibana\\" is deprecated. You should use the \\"kibana_system\\" user instead.",
+ ]
+ `);
+ });
+
+ it('does not log a warning if elasticsearch.username is set to something besides "elastic" or "kibana"', () => {
const { messages } = applyElasticsearchDeprecations({ username: 'otheruser' });
expect(messages).toHaveLength(0);
});
diff --git a/src/core/server/elasticsearch/elasticsearch_config.ts b/src/core/server/elasticsearch/elasticsearch_config.ts
index d3012e361b3ed..c87c94bcd0b6a 100644
--- a/src/core/server/elasticsearch/elasticsearch_config.ts
+++ b/src/core/server/elasticsearch/elasticsearch_config.ts
@@ -55,7 +55,7 @@ export const configSchema = schema.object({
if (rawConfig === 'elastic') {
return (
'value of "elastic" is forbidden. This is a superuser account that can obfuscate ' +
- 'privilege-related issues. You should use the "kibana" user instead.'
+ 'privilege-related issues. You should use the "kibana_system" user instead.'
);
}
},
@@ -131,7 +131,11 @@ const deprecations: ConfigDeprecationProvider = () => [
}
if (es.username === 'elastic') {
log(
- `Setting [${fromPath}.username] to "elastic" is deprecated. You should use the "kibana" user instead.`
+ `Setting [${fromPath}.username] to "elastic" is deprecated. You should use the "kibana_system" user instead.`
+ );
+ } else if (es.username === 'kibana') {
+ log(
+ `Setting [${fromPath}.username] to "kibana" is deprecated. You should use the "kibana_system" user instead.`
);
}
if (es.ssl?.key !== undefined && es.ssl?.certificate === undefined) {
diff --git a/x-pack/README.md b/x-pack/README.md
index 42e54aa2f50f9..744d97ca02c75 100644
--- a/x-pack/README.md
+++ b/x-pack/README.md
@@ -12,7 +12,7 @@ Elasticsearch will run with a basic license. To run with a trial license, includ
Example: `yarn es snapshot --license trial --password changeme`
-By default, this will also set the password for native realm accounts to the password provided (`changeme` by default). This includes that of the `kibana` user which `elasticsearch.username` defaults to in development. If you wish to specific a password for a given native realm account, you can do that like so: `--password.kibana=notsecure`
+By default, this will also set the password for native realm accounts to the password provided (`changeme` by default). This includes that of the `kibana_system` user which `elasticsearch.username` defaults to in development. If you wish to specify a password for a given native realm account, you can do that like so: `--password.kibana_system=notsecure`
# Testing
## Running specific tests
diff --git a/x-pack/legacy/plugins/monitoring/README.md b/x-pack/legacy/plugins/monitoring/README.md
index e9ececa8c6350..0222f06e7ae91 100644
--- a/x-pack/legacy/plugins/monitoring/README.md
+++ b/x-pack/legacy/plugins/monitoring/README.md
@@ -74,7 +74,7 @@ cluster.
% cat config/kibana.dev.yml
monitoring.ui.elasticsearch:
hosts: "http://localhost:9210"
- username: "kibana"
+ username: "kibana_system"
password: "changeme"
```
diff --git a/x-pack/plugins/monitoring/server/__tests__/deprecations.js b/x-pack/plugins/monitoring/server/__tests__/deprecations.js
index aa8008346af85..5fc5debfa139e 100644
--- a/x-pack/plugins/monitoring/server/__tests__/deprecations.js
+++ b/x-pack/plugins/monitoring/server/__tests__/deprecations.js
@@ -92,7 +92,15 @@ describe('monitoring plugin deprecations', function() {
expect(log.called).to.be(true);
});
- it('does not log a warning if elasticsearch.username is set to something besides "elastic"', () => {
+ it('logs a warning if elasticsearch.username is set to "kibana"', () => {
+ const settings = { elasticsearch: { username: 'kibana' } };
+
+ const log = sinon.spy();
+ transformDeprecations(settings, fromPath, log);
+ expect(log.called).to.be(true);
+ });
+
+ it('does not log a warning if elasticsearch.username is set to something besides "elastic" or "kibana"', () => {
const settings = { elasticsearch: { username: 'otheruser' } };
const log = sinon.spy();
diff --git a/x-pack/plugins/monitoring/server/config.ts b/x-pack/plugins/monitoring/server/config.ts
index 6e5092a112744..ad5bf95090186 100644
--- a/x-pack/plugins/monitoring/server/config.ts
+++ b/x-pack/plugins/monitoring/server/config.ts
@@ -119,7 +119,7 @@ export const configSchema = schema.object({
if (rawConfig === 'elastic') {
return (
'value of "elastic" is forbidden. This is a superuser account that can obfuscate ' +
- 'privilege-related issues. You should use the "kibana" user instead.'
+ 'privilege-related issues. You should use the "kibana_system" user instead.'
);
}
},
diff --git a/x-pack/plugins/monitoring/server/deprecations.ts b/x-pack/plugins/monitoring/server/deprecations.ts
index 3a3ec6ac799d2..d40837885e198 100644
--- a/x-pack/plugins/monitoring/server/deprecations.ts
+++ b/x-pack/plugins/monitoring/server/deprecations.ts
@@ -59,7 +59,11 @@ export const deprecations = ({
if (es) {
if (es.username === 'elastic') {
logger(
- `Setting [${fromPath}.username] to "elastic" is deprecated. You should use the "kibana" user instead.`
+ `Setting [${fromPath}.username] to "elastic" is deprecated. You should use the "kibana_system" user instead.`
+ );
+ } else if (es.username === 'kibana') {
+ logger(
+ `Setting [${fromPath}.username] to "kibana" is deprecated. You should use the "kibana_system" user instead.`
);
}
}
diff --git a/x-pack/plugins/security/common/model/user.ts b/x-pack/plugins/security/common/model/user.ts
index e1bae2fc44e58..5c852e7a8f03d 100644
--- a/x-pack/plugins/security/common/model/user.ts
+++ b/x-pack/plugins/security/common/model/user.ts
@@ -12,6 +12,8 @@ export interface User {
enabled: boolean;
metadata?: {
_reserved: boolean;
+ _deprecated?: boolean;
+ _deprecated_reason?: string;
};
}
diff --git a/x-pack/plugins/security/public/management/users/edit_user/edit_user_page.test.tsx b/x-pack/plugins/security/public/management/users/edit_user/edit_user_page.test.tsx
index be7517ff892b5..a97781ba25ea6 100644
--- a/x-pack/plugins/security/public/management/users/edit_user/edit_user_page.test.tsx
+++ b/x-pack/plugins/security/public/management/users/edit_user/edit_user_page.test.tsx
@@ -32,6 +32,14 @@ const createUser = (username: string, roles = ['idk', 'something']) => {
};
}
+ if (username === 'deprecated_user') {
+ user.metadata = {
+ _reserved: true,
+ _deprecated: true,
+ _deprecated_reason: 'beacuse I said so.',
+ };
+ }
+
return user;
};
@@ -162,6 +170,28 @@ describe('EditUserPage', () => {
expectSaveButton(wrapper);
});
+ it('warns when viewing a depreciated user', async () => {
+ const user = createUser('deprecated_user');
+ const { apiClient, rolesAPIClient } = buildClients(user);
+ const securitySetup = buildSecuritySetup();
+
+ const wrapper = mountWithIntl(
+
+ );
+
+ await waitForRender(wrapper);
+ expect(apiClient.getUser).toBeCalledTimes(1);
+ expect(securitySetup.authc.getCurrentUser).toBeCalledTimes(1);
+
+ expect(findTestSubject(wrapper, 'deprecatedUserWarning')).toHaveLength(1);
+ });
+
it('warns when user is assigned a deprecated role', async () => {
const user = createUser('existing_user', ['deprecated-role']);
const { apiClient, rolesAPIClient } = buildClients(user);
diff --git a/x-pack/plugins/security/public/management/users/edit_user/edit_user_page.tsx b/x-pack/plugins/security/public/management/users/edit_user/edit_user_page.tsx
index 1c8130029bb50..7172ff178eb6b 100644
--- a/x-pack/plugins/security/public/management/users/edit_user/edit_user_page.tsx
+++ b/x-pack/plugins/security/public/management/users/edit_user/edit_user_page.tsx
@@ -38,6 +38,7 @@ import { RolesAPIClient } from '../../roles';
import { ConfirmDeleteUsers, ChangePasswordForm } from '../components';
import { UserValidator, UserValidationResult } from './validate_user';
import { RoleComboBox } from '../../role_combo_box';
+import { isUserDeprecated, getExtendedUserDeprecationNotice, isUserReserved } from '../user_utils';
import { UserAPIClient } from '..';
interface Props {
@@ -244,7 +245,7 @@ export class EditUserPage extends Component {
return (
- {user.username === 'kibana' ? (
+ {user.username === 'kibana' || user.username === 'kibana_system' ? (
{
@@ -372,7 +373,7 @@ export class EditUserPage extends Component {
isNewUser,
showDeleteConfirmation,
} = this.state;
- const reserved = user.metadata && user.metadata._reserved;
+ const reserved = isUserReserved(user);
if (!user || !roles) {
return null;
}
@@ -427,15 +428,31 @@ export class EditUserPage extends Component {
{reserved && (
-
-
-
+
+
-
-
+ />
+
+
+
+
+ )}
+
+ {isUserDeprecated(user) && (
+
+
+
+
)}
{showDeleteConfirmation ? (
diff --git a/x-pack/plugins/security/public/management/users/user_utils.test.ts b/x-pack/plugins/security/public/management/users/user_utils.test.ts
new file mode 100644
index 0000000000000..572b94ab08037
--- /dev/null
+++ b/x-pack/plugins/security/public/management/users/user_utils.test.ts
@@ -0,0 +1,53 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { User } from '../../../common/model';
+import { isUserReserved, isUserDeprecated, getExtendedUserDeprecationNotice } from './user_utils';
+
+describe('#isUserReserved', () => {
+ it('returns false for a user with no metadata', () => {
+ expect(isUserReserved({} as User)).toEqual(false);
+ });
+
+ it('returns false for a user with the reserved flag set to false', () => {
+ expect(isUserReserved({ metadata: { _reserved: false } } as User)).toEqual(false);
+ });
+
+ it('returns true for a user with the reserved flag set to true', () => {
+ expect(isUserReserved({ metadata: { _reserved: true } } as User)).toEqual(true);
+ });
+});
+
+describe('#isUserDeprecated', () => {
+ it('returns false for a user with no metadata', () => {
+ expect(isUserDeprecated({} as User)).toEqual(false);
+ });
+
+ it('returns false for a user with the deprecated flag set to false', () => {
+ expect(isUserDeprecated({ metadata: { _deprecated: false } } as User)).toEqual(false);
+ });
+
+ it('returns true for a user with the deprecated flag set to true', () => {
+ expect(isUserDeprecated({ metadata: { _deprecated: true } } as User)).toEqual(true);
+ });
+});
+
+describe('#getExtendedUserDeprecationNotice', () => {
+ it('returns a notice when no reason is provided', () => {
+ expect(
+ getExtendedUserDeprecationNotice({ username: 'test_user' } as User)
+ ).toMatchInlineSnapshot(`"The test_user user is deprecated. "`);
+ });
+
+ it('returns a notice augmented with reason when provided', () => {
+ expect(
+ getExtendedUserDeprecationNotice({
+ username: 'test_user',
+ metadata: { _reserved: true, _deprecated_reason: 'some reason' },
+ } as User)
+ ).toMatchInlineSnapshot(`"The test_user user is deprecated. some reason"`);
+ });
+});
diff --git a/x-pack/plugins/security/public/management/users/user_utils.ts b/x-pack/plugins/security/public/management/users/user_utils.ts
index f46f6f897e23b..211aad904d466 100644
--- a/x-pack/plugins/security/public/management/users/user_utils.ts
+++ b/x-pack/plugins/security/public/management/users/user_utils.ts
@@ -4,6 +4,20 @@
* you may not use this file except in compliance with the Elastic License.
*/
+import { i18n } from '@kbn/i18n';
import { User } from '../../../common/model';
export const isUserReserved = (user: User) => user.metadata?._reserved ?? false;
+
+export const isUserDeprecated = (user: User) => user.metadata?._deprecated ?? false;
+
+export const getExtendedUserDeprecationNotice = (user: User) => {
+ const reason = user.metadata?._deprecated_reason ?? '';
+ return i18n.translate('xpack.security.management.users.extendedUserDeprecationNotice', {
+ defaultMessage: `The {username} user is deprecated. {reason}`,
+ values: {
+ username: user.username,
+ reason,
+ },
+ });
+};
diff --git a/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.test.tsx b/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.test.tsx
index 031b67d5d9122..d3b85b83ff6a4 100644
--- a/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.test.tsx
+++ b/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.test.tsx
@@ -102,6 +102,38 @@ describe('UsersGridPage', () => {
expect(findTestSubject(wrapper, 'userDisabled')).toHaveLength(1);
});
+ it('renders deprecated users', async () => {
+ const apiClientMock = userAPIClientMock.create();
+ apiClientMock.getUsers.mockImplementation(() => {
+ return Promise.resolve([
+ {
+ username: 'foo',
+ email: 'foo@bar.net',
+ full_name: 'foo bar',
+ roles: ['kibana_user'],
+ enabled: true,
+ metadata: {
+ _reserved: true,
+ _deprecated: true,
+ _deprecated_reason: 'This user is not cool anymore.',
+ },
+ },
+ ]);
+ });
+
+ const wrapper = mountWithIntl(
+
+ );
+
+ await waitForRender(wrapper);
+
+ expect(findTestSubject(wrapper, 'userDeprecated')).toHaveLength(1);
+ });
+
it('renders a warning when a user is assigned a deprecated role', async () => {
const apiClientMock = userAPIClientMock.create();
apiClientMock.getUsers.mockImplementation(() => {
diff --git a/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.tsx b/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.tsx
index 6837fcf430fe7..f8882129772f7 100644
--- a/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.tsx
+++ b/x-pack/plugins/security/public/management/users/users_grid/users_grid_page.tsx
@@ -26,8 +26,8 @@ import { FormattedMessage } from '@kbn/i18n/react';
import { NotificationsStart } from 'src/core/public';
import { User, Role } from '../../../../common/model';
import { ConfirmDeleteUsers } from '../components';
-import { isUserReserved } from '../user_utils';
-import { DisabledBadge, ReservedBadge } from '../../badges';
+import { isUserReserved, getExtendedUserDeprecationNotice, isUserDeprecated } from '../user_utils';
+import { DisabledBadge, ReservedBadge, DeprecatedBadge } from '../../badges';
import { RoleTableDisplay } from '../../role_table_display';
import { RolesAPIClient } from '../../roles';
import { UserAPIClient } from '..';
@@ -360,6 +360,7 @@ export class UsersGridPage extends Component {
private getUserStatusBadges = (user: User) => {
const enabled = user.enabled;
const reserved = isUserReserved(user);
+ const deprecated = isUserDeprecated(user);
const badges = [];
if (!enabled) {
@@ -378,9 +379,17 @@ export class UsersGridPage extends Component {
/>
);
}
+ if (deprecated) {
+ badges.push(
+
+ );
+ }
return (
-
+
{badges.map((badge, index) => (
{badge}
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index 2367265862044..710642b03e329 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -12883,7 +12883,6 @@
"xpack.security.management.users.editUser.cancelButtonLabel": "キャンセル",
"xpack.security.management.users.editUser.changePasswordButtonLabel": "パスワードを変更",
"xpack.security.management.users.editUser.changePasswordExtraStepTitle": "追加ステップが必要です",
- "xpack.security.management.users.editUser.changePasswordUpdateKibanaTitle": "Kibana ユーザーのパスワードを変更後、{kibana} ファイルを更新し Kibana を再起動する必要があります。",
"xpack.security.management.users.editUser.changingUserNameAfterCreationDescription": "ユーザー名は作成後変更できません。",
"xpack.security.management.users.editUser.confirmPasswordFormRowLabel": "パスワードの確認",
"xpack.security.management.users.editUser.createUserButtonLabel": "ユーザーを作成",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index ab7710b81d479..cf52ee6f3b515 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -12890,7 +12890,6 @@
"xpack.security.management.users.editUser.cancelButtonLabel": "取消",
"xpack.security.management.users.editUser.changePasswordButtonLabel": "更改密码",
"xpack.security.management.users.editUser.changePasswordExtraStepTitle": "需要额外的步骤",
- "xpack.security.management.users.editUser.changePasswordUpdateKibanaTitle": "更改 Kibana 用户的密码后,必须更新 {kibana} 文件并重新启动 Kibana。",
"xpack.security.management.users.editUser.changingUserNameAfterCreationDescription": "用户名一经创建,将无法更改。",
"xpack.security.management.users.editUser.confirmPasswordFormRowLabel": "确认密码",
"xpack.security.management.users.editUser.createUserButtonLabel": "创建用户",
diff --git a/x-pack/test/functional/apps/security/users.js b/x-pack/test/functional/apps/security/users.js
index 04d59334a01c4..bfc6950faecc6 100644
--- a/x-pack/test/functional/apps/security/users.js
+++ b/x-pack/test/functional/apps/security/users.js
@@ -18,15 +18,22 @@ export default function({ getService, getPageObjects }) {
await PageObjects.security.clickElasticsearchUsers();
});
- it('should show the default elastic and kibana users', async function() {
+ it('should show the default elastic and kibana_system users', async function() {
const users = indexBy(await PageObjects.security.getElasticsearchUsers(), 'username');
log.info('actualUsers = %j', users);
log.info('config = %j', config.get('servers.elasticsearch.hostname'));
if (config.get('servers.elasticsearch.hostname') === 'localhost') {
expect(users.elastic.roles).to.eql(['superuser']);
expect(users.elastic.reserved).to.be(true);
+ expect(users.elastic.deprecated).to.be(false);
+
+ expect(users.kibana_system.roles).to.eql(['kibana_system']);
+ expect(users.kibana_system.reserved).to.be(true);
+ expect(users.kibana_system.deprecated).to.be(false);
+
expect(users.kibana.roles).to.eql(['kibana_system']);
expect(users.kibana.reserved).to.be(true);
+ expect(users.kibana.deprecated).to.be(true);
} else {
expect(users.anonymous.roles).to.eql(['anonymous']);
expect(users.anonymous.reserved).to.be(true);
diff --git a/x-pack/test/functional/page_objects/security_page.js b/x-pack/test/functional/page_objects/security_page.js
index 84eb0cc378771..08895de815b39 100644
--- a/x-pack/test/functional/page_objects/security_page.js
+++ b/x-pack/test/functional/page_objects/security_page.js
@@ -235,6 +235,7 @@ export function SecurityPageProvider({ getService, getPageObjects }) {
const rolesElement = await user.findByTestSubject('userRowRoles');
// findAll is substantially faster than `find.descendantExistsByCssSelector for negative cases
const isUserReserved = (await user.findAllByTestSubject('userReserved', 1)).length > 0;
+ const isUserDeprecated = (await user.findAllByTestSubject('userDeprecated', 1)).length > 0;
return {
username: await usernameElement.getVisibleText(),
@@ -242,6 +243,7 @@ export function SecurityPageProvider({ getService, getPageObjects }) {
email: await emailElement.getVisibleText(),
roles: (await rolesElement.getVisibleText()).split('\n').map(role => role.trim()),
reserved: isUserReserved,
+ deprecated: isUserDeprecated,
};
});
}