[7.x] Clarify error message when unauthorized Kibana connection (#3753)

[jalvz]

Backports the following commits to 7.x:

• Clarify error message when unauthorized Kibana connection (Clarify error message when unauthorized Kibana connection #3753)

[apmmachine]

💚 Build Succeeded

Expand to view the summary

Build stats

• Build Cause: [Branch indexing]

• Start Time: 2020-05-08T18:51:52.758+0000

• Duration: 30 min 26 sec (1825574)

• Commit: af24a3e

Test stats 🧪

Test	Results
Failed	0
Passed	3014
Skipped	142
Total	3156

[axw]

Will need to wait for a new BC to test this one.

[axw]

If I don't have any kind of auth enabled in apm-server, then with invalid/missing kibana auth I get this response when querying agent config:

$ curl http://localhost:8200/config/v1/agents?service.name=foo

{                                       
  "error": "Unauthorized"         
}

I'm not sure that behaviour is quite right, but it's existing behaviour. What I'm not sure about is whether we should be suppressing the error message when the server doesn't have any auth enabled. It certainly makes sense to suppress it when it's enabled but not supplied.

If I enable secret token auth in apm-server, and send a secret token in the query, I see the full message:

$ curl -H "Authorization: Bearer hunter2" http://localhost:8200/config/v1/agents?service.name=foo

{
  "error": "APM Server is not authorized to query Kibana. Please configure apm-server.kibana.username and apm-server.kibana.password, and ensure the user has the necessary privileges."
}

[axw]

@jalvz is that behaviour expected?

[jalvz]

Yes, I followed the same logic from other cases:

apm-server/beater/api/config/agent/handler.go

Line 177 in 6270692

func extractInternalError(c *request.Context, err error, withAuth bool) {

(authErrMsg)