elastic · legrego · Oct 25, 2021 · Sep 9, 2021 · Sep 9, 2021 · Sep 9, 2021
diff --git a/docs/settings/security-settings.asciidoc b/docs/settings/security-settings.asciidoc
@@ -12,20 +12,6 @@ You do not need to configure any additional settings to use the
 [[general-security-settings]]
 ==== General security settings
 
-[cols="2*<"]
-|===
-| `xpack.security.enabled`
-  | deprecated:[7.16.0,"In 8.0 and later, this setting will no longer be supported."]
-  By default, {kib} automatically detects whether to enable the
-  {security-features} based on the license and whether {es} {security-features}
-  are enabled. +
-  +
-  Do not set this to `false`; it disables the login form, user and role management
-  screens, and authorization using <<kibana-privileges>>. To disable
-  {security-features} entirely, see
-  {ref}/security-settings.html[{es} security settings].
-|===
-
 [float]
 [[authentication-security-settings]]
 ==== Authentication security settings

diff --git a/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker b/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker
@@ -343,7 +343,6 @@ kibana_vars=(
     xpack.security.authc.saml.realm
     xpack.security.authc.selector.enabled
     xpack.security.cookieName
-    xpack.security.enabled
     xpack.security.encryptionKey
     xpack.security.loginAssistanceMessage
     xpack.security.loginHelp

diff --git a/test/api_integration/apis/custom_integration/integrations.ts b/test/api_integration/apis/custom_integration/integrations.ts
@@ -22,7 +22,7 @@ export default function ({ getService }: FtrProviderContext) {
 
         expect(resp.body).to.be.an('array');
 
-        expect(resp.body.length).to.be(12);
+        expect(resp.body.length).to.be(33);
 
         // Test for sample data card
         expect(resp.body.findIndex((c: { id: string }) => c.id === 'sample_data_all')).to.be.above(

diff --git a/test/common/services/security/test_user.ts b/test/common/services/security/test_user.ts
@@ -71,13 +71,12 @@ export class TestUser extends FtrService {
 export async function createTestUserService(ctx: FtrProviderContext, role: Role, user: User) {
   const log = ctx.getService('log');
   const config = ctx.getService('config');
-  const kibanaServer = ctx.getService('kibanaServer');
 
-  const enabledPlugins = config.get('security.disableTestUser')
-    ? []
-    : await kibanaServer.plugins.getEnabledIds();
-
-  const enabled = enabledPlugins.includes('security') && !config.get('security.disableTestUser');
+  const enabled =
+    !config
+      .get('esTestCluster.serverArgs')
+      .some((arg: string) => arg === 'xpack.security.enabled=false') &&
+    !config.get('security.disableTestUser');
 
   if (enabled) {
     log.debug('===============creating roles and users===============');

diff --git a/test/functional/config.js b/test/functional/config.js
@@ -45,7 +45,6 @@ export default async function ({ readConfigFile }) {
         '--savedObjects.maxImportPayloadBytes=10485760',
 
         // to be re-enabled once kibana/issues/102552 is completed
-        '--xpack.security.enabled=false',
         '--xpack.reporting.enabled=false',
       ],
     },

diff --git a/x-pack/plugins/security/server/config.test.ts b/x-pack/plugins/security/server/config.test.ts
@@ -56,7 +56,6 @@ describe('config schema', () => {
           "selector": Object {},
         },
         "cookieName": "sid",
-        "enabled": true,
         "encryptionKey": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
         "loginAssistanceMessage": "",
         "public": Object {},
@@ -110,7 +109,6 @@ describe('config schema', () => {
           "selector": Object {},
         },
         "cookieName": "sid",
-        "enabled": true,
         "encryptionKey": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
         "loginAssistanceMessage": "",
         "public": Object {},
@@ -164,7 +162,6 @@ describe('config schema', () => {
           "selector": Object {},
         },
         "cookieName": "sid",
-        "enabled": true,
         "loginAssistanceMessage": "",
         "public": Object {},
         "secureCookies": false,

diff --git a/x-pack/plugins/security/server/config.ts b/x-pack/plugins/security/server/config.ts
@@ -198,7 +198,6 @@ const providersConfigSchema = schema.object(
 );
 
 export const ConfigSchema = schema.object({
-  enabled: schema.boolean({ defaultValue: true }),
   loginAssistanceMessage: schema.string({ defaultValue: '' }),
   showInsecureClusterWarning: schema.boolean({ defaultValue: true }),
   loginHelp: schema.maybe(schema.string()),

diff --git a/x-pack/plugins/security/server/config_deprecations.test.ts b/x-pack/plugins/security/server/config_deprecations.test.ts
@@ -357,34 +357,4 @@ describe('Config Deprecations', () => {
       ]
     `);
   });
-
-  it('warns when the security plugin is disabled', () => {
-    const config = {
-      xpack: {
-        security: {
-          enabled: false,
-        },
-      },
-    };
-    const { messages, migrated } = applyConfigDeprecations(cloneDeep(config));
-    expect(migrated).toEqual(config);
-    expect(messages).toMatchInlineSnapshot(`
-      Array [
-        "Disabling the security plugin \\"xpack.security.enabled\\" will only be supported by disable security in Elasticsearch.",
-      ]
-    `);
-  });
-
-  it('does not warn when the security plugin is enabled', () => {
-    const config = {
-      xpack: {
-        security: {
-          enabled: true,
-        },
-      },
-    };
-    const { messages, migrated } = applyConfigDeprecations(cloneDeep(config));
-    expect(migrated).toEqual(config);
-    expect(messages).toHaveLength(0);
-  });
 });
diff --git a/x-pack/plugins/security/server/config_deprecations.ts b/x-pack/plugins/security/server/config_deprecations.ts
@@ -157,28 +157,4 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({
       });
     }
   },
-  (settings, fromPath, addDeprecation) => {
-    if (settings?.xpack?.security?.enabled === false) {
-      addDeprecation({
-        configPath: 'xpack.security.enabled',
-        title: i18n.translate('xpack.security.deprecations.enabledTitle', {
-          defaultMessage: 'Disabling the security plugin "xpack.security.enabled" is deprecated',
-        }),
-        message: i18n.translate('xpack.security.deprecations.enabledMessage', {
-          defaultMessage:
-            'Disabling the security plugin "xpack.security.enabled" will only be supported by disable security in Elasticsearch.',
-        }),
-        correctiveActions: {
-          manualSteps: [
-            i18n.translate('xpack.security.deprecations.enabled.manualStepOneMessage', {
-              defaultMessage: `Remove "xpack.security.enabled" from your Kibana configuration.`,
-            }),
-            i18n.translate('xpack.security.deprecations.enabled.manualStepTwoMessage', {
-              defaultMessage: `To turn off security features, disable them in Elasticsearch instead.`,
-            }),
-          ],
-        },
-      });
-    }
-  },
 ];
diff --git a/x-pack/test/alerting_api_integration/common/config.ts b/x-pack/test/alerting_api_integration/common/config.ts
@@ -242,7 +242,9 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions)
               },
             },
           })}`,
-          ...disabledPlugins.map((key) => `--xpack.${key}.enabled=false`),
+          ...disabledPlugins
+            .filter((k) => k !== 'security')
+            .map((key) => `--xpack.${key}.enabled=false`),
           ...plugins.map(
             (pluginDir) =>
               `--plugin-path=${path.resolve(__dirname, 'fixtures', 'plugins', pluginDir)}`

diff --git a/x-pack/test/case_api_integration/common/config.ts b/x-pack/test/case_api_integration/common/config.ts
@@ -118,7 +118,9 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions)
           `--xpack.actions.allowedHosts=${JSON.stringify(['localhost', 'some.non.existent.com'])}`,
           `--xpack.actions.enabledActionTypes=${JSON.stringify(enabledActionTypes)}`,
           '--xpack.eventLog.logEntries=true',
-          ...disabledPlugins.map((key) => `--xpack.${key}.enabled=false`),
+          ...disabledPlugins
+            .filter((k) => k !== 'security')
+            .map((key) => `--xpack.${key}.enabled=false`),
           // Actions simulators plugin. Needed for testing push to external services.
           ...alertingPlugins.map(
             (pluginDir) =>

diff --git a/x-pack/test/lists_api_integration/common/config.ts b/x-pack/test/lists_api_integration/common/config.ts
@@ -51,7 +51,9 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions)
         ...xPackApiIntegrationTestsConfig.get('kbnTestServer'),
         serverArgs: [
           ...xPackApiIntegrationTestsConfig.get('kbnTestServer.serverArgs'),
-          ...disabledPlugins.map((key) => `--xpack.${key}.enabled=false`),
+          ...disabledPlugins
+            .filter((k) => k !== 'security')
+            .map((key) => `--xpack.${key}.enabled=false`),
           `--plugin-path=${path.join(__dirname, 'fixtures', 'plugins', 'alerts')}`,
           `--plugin-path=${path.join(__dirname, 'fixtures', 'plugins', 'actions')}`,
           `--plugin-path=${path.join(__dirname, 'fixtures', 'plugins', 'task_manager')}`,

diff --git a/x-pack/test/reporting_api_integration/reporting_without_security.config.ts b/x-pack/test/reporting_api_integration/reporting_without_security.config.ts
@@ -24,7 +24,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
     },
     kbnTestServer: {
       ...apiConfig.get('kbnTestServer'),
-      serverArgs: [...apiConfig.get('kbnTestServer.serverArgs'), `--xpack.security.enabled=false`],
+      serverArgs: [...apiConfig.get('kbnTestServer.serverArgs')],
     },
   };
 }
diff --git a/x-pack/test/reporting_functional/reporting_without_security.config.ts b/x-pack/test/reporting_functional/reporting_without_security.config.ts
@@ -17,10 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
     testFiles: [resolve(__dirname, './reporting_without_security')],
     kbnTestServer: {
       ...reportingConfig.get('kbnTestServer'),
-      serverArgs: [
-        ...reportingConfig.get('kbnTestServer.serverArgs'),
-        `--xpack.security.enabled=false`,
-      ],
+      serverArgs: [...reportingConfig.get('kbnTestServer.serverArgs')],
     },
     esTestCluster: {
       ...reportingConfig.get('esTestCluster'),

diff --git a/x-pack/test/rule_registry/common/config.ts b/x-pack/test/rule_registry/common/config.ts
@@ -79,7 +79,9 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions)
           `--xpack.actions.allowedHosts=${JSON.stringify(['localhost', 'some.non.existent.com'])}`,
           `--xpack.actions.enabledActionTypes=${JSON.stringify(enabledActionTypes)}`,
           '--xpack.eventLog.logEntries=true',
-          ...disabledPlugins.map((key) => `--xpack.${key}.enabled=false`),
+          ...disabledPlugins
+            .filter((k) => k !== 'security')
+            .map((key) => `--xpack.${key}.enabled=false`),
           // TO DO: Remove feature flags once we're good to go
           '--xpack.securitySolution.enableExperimental=["ruleRegistryEnabled"]',
           '--xpack.ruleRegistry.write.enabled=true',

diff --git a/x-pack/test/saved_object_api_integration/common/config.ts b/x-pack/test/saved_object_api_integration/common/config.ts
@@ -54,7 +54,9 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions)
           ...config.xpack.api.get('kbnTestServer.serverArgs'),
           '--server.xsrf.disableProtection=true',
           `--plugin-path=${path.join(__dirname, 'fixtures', 'saved_object_test_plugin')}`,
-          ...disabledPlugins.map((key) => `--xpack.${key}.enabled=false`),
+          ...disabledPlugins
+            .filter((k) => k !== 'security')
+            .map((key) => `--xpack.${key}.enabled=false`),
         ],
       },
     };

diff --git a/x-pack/test/spaces_api_integration/common/config.ts b/x-pack/test/spaces_api_integration/common/config.ts
@@ -61,7 +61,9 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions)
           '--status.allowAnonymous=false',
           '--server.xsrf.disableProtection=true',
           `--plugin-path=${path.join(__dirname, 'fixtures', 'spaces_test_plugin')}`,
-          ...disabledPlugins.map((key) => `--xpack.${key}.enabled=false`),
+          ...disabledPlugins
+            .filter((k) => k !== 'security')
+            .map((key) => `--xpack.${key}.enabled=false`),
         ],
       },
     };

diff --git a/x-pack/test/timeline/common/config.ts b/x-pack/test/timeline/common/config.ts
@@ -79,7 +79,9 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions)
           `--xpack.actions.allowedHosts=${JSON.stringify(['localhost', 'some.non.existent.com'])}`,
           `--xpack.actions.enabledActionTypes=${JSON.stringify(enabledActionTypes)}`,
           '--xpack.eventLog.logEntries=true',
-          ...disabledPlugins.map((key) => `--xpack.${key}.enabled=false`),
+          ...disabledPlugins
+            .filter((k) => k !== 'security')
+            .map((key) => `--xpack.${key}.enabled=false`),
           // TO DO: Remove feature flags once we're good to go
           '--xpack.securitySolution.enableExperimental=["ruleRegistryEnabled"]',
           '--xpack.ruleRegistry.write.enabled=true',

diff --git a/x-pack/test/ui_capabilities/common/config.ts b/x-pack/test/ui_capabilities/common/config.ts
@@ -42,7 +42,9 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions)
         ...xPackFunctionalTestsConfig.get('kbnTestServer'),
         serverArgs: [
           ...xPackFunctionalTestsConfig.get('kbnTestServer.serverArgs'),
-          ...disabledPlugins.map((key) => `--xpack.${key}.enabled=false`),
+          ...disabledPlugins
+            .filter((k) => k !== 'security')
+            .map((key) => `--xpack.${key}.enabled=false`),
           `--plugin-path=${path.join(__dirname, 'fixtures', 'plugins', 'foo_plugin')}`,
         ],
       },

diff --git a/x-pack/test/ui_capabilities/spaces_only/tests/catalogue.ts b/x-pack/test/ui_capabilities/spaces_only/tests/catalogue.ts
@@ -24,6 +24,13 @@ export default function catalogueTests({ getService }: FtrProviderContext) {
     'watcher',
   ];
 
+  const uiCapabilitiesExceptions = [
+    // enterprise_search plugin is loaded but disabled because security isn't enabled in ES. That means the following 3 capabilities are disabled
+    'enterpriseSearch',
+    'appSearch',
+    'workplaceSearch',
+  ];
+
   describe('catalogue', () => {
     SpaceScenarios.forEach((scenario) => {
       it(`${scenario.name}`, async () => {
@@ -33,7 +40,10 @@ export default function catalogueTests({ getService }: FtrProviderContext) {
             expect(uiCapabilities.success).to.be(true);
             expect(uiCapabilities.value).to.have.property('catalogue');
             // everything is enabled
-            const expected = mapValues(uiCapabilities.value!.catalogue, () => true);
+            const expected = mapValues(
+              uiCapabilities.value!.catalogue,
+              (enabled, catalogueId) => !uiCapabilitiesExceptions.includes(catalogueId)
+            );
             expect(uiCapabilities.value!.catalogue).to.eql(expected);
             break;
           }
@@ -55,7 +65,8 @@ export default function catalogueTests({ getService }: FtrProviderContext) {
             // only foo is disabled
             const expected = mapValues(
               uiCapabilities.value!.catalogue,
-              (value, catalogueId) => catalogueId !== 'foo'
+              (enabled, catalogueId) =>
+                !uiCapabilitiesExceptions.includes(catalogueId) && catalogueId !== 'foo'
             );
             expect(uiCapabilities.value!.catalogue).to.eql(expected);
             break;

diff --git a/x-pack/test/ui_capabilities/spaces_only/tests/nav_links.ts b/x-pack/test/ui_capabilities/spaces_only/tests/nav_links.ts
@@ -16,6 +16,13 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
   const uiCapabilitiesService: UICapabilitiesService = getService('uiCapabilities');
   const featuresService: FeaturesService = getService('features');
 
+  const uiCapabilitiesExceptions = [
+    // enterprise_search plugin is loaded but disabled because security isn't enabled in ES. That means the following 3 capabilities are disabled
+    'enterpriseSearch',
+    'appSearch',
+    'workplaceSearch',
+  ];
+
   describe('navLinks', () => {
     let navLinksBuilder: NavLinksBuilder;
     before(async () => {
@@ -30,7 +37,9 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
           case 'everything_space':
             expect(uiCapabilities.success).to.be(true);
             expect(uiCapabilities.value).to.have.property('navLinks');
-            expect(uiCapabilities.value!.navLinks).to.eql(navLinksBuilder.all());
+            expect(uiCapabilities.value!.navLinks).to.eql(
+              navLinksBuilder.except(...uiCapabilitiesExceptions)
+            );
             break;
           case 'nothing_space':
             expect(uiCapabilities.success).to.be(true);
@@ -40,7 +49,9 @@ export default function navLinksTests({ getService }: FtrProviderContext) {
           case 'foo_disabled_space':
             expect(uiCapabilities.success).to.be(true);
             expect(uiCapabilities.value).to.have.property('navLinks');
-            expect(uiCapabilities.value!.navLinks).to.eql(navLinksBuilder.except('foo'));
+            expect(uiCapabilities.value!.navLinks).to.eql(
+              navLinksBuilder.except('foo', ...uiCapabilitiesExceptions)
+            );
             break;
           default:
             throw new UnreachableError(scenario);