Add deprecation warning when inline scripting is disabled

src/core/server/elasticsearch/deprecations/deprecation_provider.ts

@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import type { RegisterDeprecationsConfig } from '../../deprecations';
+import { getScriptingDisabledDeprecations } from './scripting_disabled_deprecation';
+
+export const getElasticsearchDeprecationsProvider = (): RegisterDeprecationsConfig => {
+  return {
+    getDeprecations: async (context) => {
+      return [...(await getScriptingDisabledDeprecations({ esClient: context.esClient }))];
+    },
+  };
+};

src/core/server/elasticsearch/deprecations/index.ts

@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+export { getElasticsearchDeprecationsProvider } from './deprecation_provider';

src/core/server/elasticsearch/deprecations/is_scripting_disabled.test.ts

@@ -0,0 +1,99 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { estypes } from '@elastic/elasticsearch';
+import { elasticsearchServiceMock } from '../../elasticsearch/elasticsearch_service.mock';
+import { isInlineScriptingDisabled } from './is_scripting_disabled';
+
+describe('isInlineScriptingDisabled', () => {
+  let client: ReturnType<typeof elasticsearchServiceMock.createElasticsearchClient>;
+
+  beforeEach(() => {
+    client = elasticsearchServiceMock.createElasticsearchClient();
+  });
+
+  const mockSettingsValue = (settings: estypes.ClusterGetSettingsResponse) => {
+    client.cluster.getSettings.mockReturnValue(
+      elasticsearchServiceMock.createSuccessTransportRequestPromise(settings)
+    );
+  };
+
+  it('returns `false` if all settings are empty', async () => {
+    mockSettingsValue({
+      transient: {},
+      persistent: {},
+      defaults: {},
+    });
+
+    expect(await isInlineScriptingDisabled({ client })).toEqual(false);
+  });
+
+  it('returns `false` if `defaults.script.allowed_types` is `inline`', async () => {
+    mockSettingsValue({
+      transient: {},
+      persistent: {},
+      defaults: {
+        'script.allowed_types': ['inline'],
+      },
+    });
+
+    expect(await isInlineScriptingDisabled({ client })).toEqual(false);
+  });
+
+  it('returns `true` if `defaults.script.allowed_types` is `none`', async () => {
+    mockSettingsValue({
+      transient: {},
+      persistent: {},
+      defaults: {
+        'script.allowed_types': ['none'],
+      },
+    });
+
+    expect(await isInlineScriptingDisabled({ client })).toEqual(true);
+  });
+
+  it('returns `true` if `defaults.script.allowed_types` is `stored`', async () => {
+    mockSettingsValue({
+      transient: {},
+      persistent: {},
+      defaults: {
+        'script.allowed_types': ['stored'],
+      },
+    });
+
+    expect(await isInlineScriptingDisabled({ client })).toEqual(true);
+  });
+
+  it('respect the persistent->defaults priority', async () => {
+    mockSettingsValue({
+      transient: {},
+      persistent: {
+        'script.allowed_types': ['inline'],
+      },
+      defaults: {
+        'script.allowed_types': ['stored'],
+      },
+    });
+
+    expect(await isInlineScriptingDisabled({ client })).toEqual(false);
+  });
+
+  it('respect the transient->persistent priority', async () => {
+    mockSettingsValue({
+      transient: {
+        'script.allowed_types': ['stored'],
+      },
+      persistent: {
+        'script.allowed_types': ['inline'],
+      },
+      defaults: {},
+    });
+
+    expect(await isInlineScriptingDisabled({ client })).toEqual(true);
+  });
+});

src/core/server/elasticsearch/deprecations/is_scripting_disabled.ts

@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { ElasticsearchClient } from '../../elasticsearch';
+
+const scriptAllowedTypesKey = 'script.allowed_types';
+
+export const isInlineScriptingDisabled = async ({
+  client,
+}: {
+  client: ElasticsearchClient;
+}): Promise<boolean> => {
+  const { body: settings } = await client.cluster.getSettings({
+    include_defaults: true,
+    flat_settings: true,
+  });
+
+  // priority: transient -> persistent -> default
+  const scriptAllowedTypes: string[] =
+    settings.transient[scriptAllowedTypesKey] ??
+    settings.persistent[scriptAllowedTypesKey] ??
+    settings.defaults![scriptAllowedTypesKey] ??
+    [];
+
+  // when unspecified, the setting as a default `[]` value that means that both scriptings are allowed.
+  const scriptAllowed = scriptAllowedTypes.length === 0 || scriptAllowedTypes.includes('inline');
+
+  return !scriptAllowed;
+};

src/core/server/elasticsearch/deprecations/scripting_disabled_deprecation.test.mocks.ts

@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+export const isInlineScriptingDisabledMock = jest.fn();
+jest.doMock('./is_scripting_disabled', () => ({
+  isInlineScriptingDisabled: isInlineScriptingDisabledMock,
+}));

src/core/server/elasticsearch/deprecations/scripting_disabled_deprecation.test.ts

@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { isInlineScriptingDisabledMock } from './scripting_disabled_deprecation.test.mocks';
+import { elasticsearchServiceMock } from '../../elasticsearch/elasticsearch_service.mock';
+import { getScriptingDisabledDeprecations } from './scripting_disabled_deprecation';
+
+describe('getScriptingDisabledDeprecations', () => {
+  let esClient: ReturnType<typeof elasticsearchServiceMock.createScopedClusterClient>;
+
+  beforeEach(() => {
+    esClient = elasticsearchServiceMock.createScopedClusterClient();
+  });
+
+  afterEach(() => {
+    isInlineScriptingDisabledMock.mockReset();
+  });
+
+  it('calls `isInlineScriptingDisabled` with the correct arguments', async () => {
+    await getScriptingDisabledDeprecations({
+      esClient,
+    });
+
+    expect(isInlineScriptingDisabledMock).toHaveBeenCalledTimes(1);
+    expect(isInlineScriptingDisabledMock).toHaveBeenCalledWith({
+      client: esClient.asInternalUser,
+    });
+  });
+
+  it('returns no deprecations if scripting is not disabled', async () => {
+    isInlineScriptingDisabledMock.mockResolvedValue(false);
+
+    const deprecations = await getScriptingDisabledDeprecations({
+      esClient,
+    });
+
+    expect(deprecations).toHaveLength(0);
+  });
+
+  it('returns a deprecation if scripting is disabled', async () => {
+    isInlineScriptingDisabledMock.mockResolvedValue(true);
+
+    const deprecations = await getScriptingDisabledDeprecations({
+      esClient,
+    });
+
+    expect(deprecations).toHaveLength(1);
+    expect(deprecations[0]).toEqual({
+      title: expect.any(String),
+      message: expect.any(String),
+      level: 'critical',
+      requireRestart: false,
+      correctiveActions: {
+        manualSteps: expect.any(Array),
+      },
+    });
+  });
+});

src/core/server/elasticsearch/deprecations/scripting_disabled_deprecation.ts

@@ -0,0 +1,44 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { i18n } from '@kbn/i18n';
+import type { DeprecationsDetails } from '../../deprecations';
+import { IScopedClusterClient } from '../../elasticsearch';
+import { isInlineScriptingDisabled } from './is_scripting_disabled';
+
+interface GetScriptingDisabledDeprecations {
+  esClient: IScopedClusterClient;
+}
+
+export const getScriptingDisabledDeprecations = async ({
+  esClient,
+}: GetScriptingDisabledDeprecations): Promise<DeprecationsDetails[]> => {
+  const deprecations: DeprecationsDetails[] = [];
+  if (await isInlineScriptingDisabled({ client: esClient.asInternalUser })) {
+    deprecations.push({
+      title: i18n.translate('core.elasticsearch.deprecations.scriptingDisabled.title', {
+        defaultMessage: 'Inline scripting is disabled on elasticsearch',
+      }),
+      message: i18n.translate('core.elasticsearch.deprecations.scriptingDisabled.message', {
+        defaultMessage:
+          'Starting in 8.0, Kibana will require inline scripting to be enabled,' +
+          'and will fail to start otherwise.',
+      }),
+      level: 'critical',
+      requireRestart: false,
+      correctiveActions: {
+        manualSteps: [
+          i18n.translate('core.elasticsearch.deprecations.scriptingDisabled.manualSteps.1', {
+            defaultMessage: 'Set `script.allowed_types=inline` in your elasticsearch config ',
+          }),
+        ],
+      },
+    });
+  }
+  return deprecations;
+};

src/core/server/elasticsearch/elasticsearch_service.test.ts

@@ -28,32 +28,39 @@ import { loggingSystemMock } from '../logging/logging_system.mock';
 import { httpServiceMock } from '../http/http_service.mock';
 import { executionContextServiceMock } from '../execution_context/execution_context_service.mock';
 import { configSchema, ElasticsearchConfig } from './elasticsearch_config';
-import { ElasticsearchService } from './elasticsearch_service';
+import { ElasticsearchService, SetupDeps } from './elasticsearch_service';
 import { elasticsearchClientMock } from './client/mocks';
+import { deprecationsServiceMock } from '../deprecations/deprecations_service.mock';
 import { duration } from 'moment';
 import { isValidConnection as isValidConnectionMock } from './is_valid_connection';
 import { pollEsNodesVersion as pollEsNodesVersionMocked } from './version_check/ensure_es_version';
+
 const { pollEsNodesVersion: pollEsNodesVersionActual } = jest.requireActual(
   './version_check/ensure_es_version'
 );
 
 const delay = async (durationMs: number) =>
   await new Promise((resolve) => setTimeout(resolve, durationMs));
 
-let elasticsearchService: ElasticsearchService;
 const configService = configServiceMock.create();
-const setupDeps = {
-  http: httpServiceMock.createInternalSetupContract(),
-  executionContext: executionContextServiceMock.createInternalSetupContract(),
-};
 
+let elasticsearchService: ElasticsearchService;
 let env: Env;
 let coreContext: CoreContext;
-
 let mockClusterClientInstance: ReturnType<typeof elasticsearchClientMock.createCustomClusterClient>;
-
 let mockConfig$: BehaviorSubject<any>;
+let setupDeps: SetupDeps;
+let deprecationsSetup: ReturnType<typeof deprecationsServiceMock.createInternalSetupContract>;
+
 beforeEach(() => {
+  deprecationsSetup = deprecationsServiceMock.createInternalSetupContract();
+
+  setupDeps = {
+    http: httpServiceMock.createInternalSetupContract(),
+    executionContext: executionContextServiceMock.createInternalSetupContract(),
+    deprecations: deprecationsSetup,
+  };
+
   env = Env.createDefault(REPO_ROOT, getEnvOptions());
 
   mockConfig$ = new BehaviorSubject({
@@ -174,6 +181,22 @@ describe('#setup', () => {
     );
   });
 
+  it('registers its deprecation provider', async () => {
+    const registry = deprecationsServiceMock.createSetupContract();
+
+    deprecationsSetup.getRegistry.mockReturnValue(registry);
+
+    await elasticsearchService.setup(setupDeps);
+
+    expect(deprecationsSetup.getRegistry).toHaveBeenCalledTimes(1);
+    expect(deprecationsSetup.getRegistry).toHaveBeenCalledWith('elasticsearch');
+
+    expect(registry.registerDeprecations).toHaveBeenCalledTimes(1);
+    expect(registry.registerDeprecations).toHaveBeenCalledWith({
+      getDeprecations: expect.any(Function),
+    });
+  });
+
   it('esNodeVersionCompatibility$ only starts polling when subscribed to', async (done) => {
     const mockedClient = mockClusterClientInstance.asInternalUser;
     mockedClient.nodes.info.mockImplementation(() =>

src/core/server/elasticsearch/elasticsearch_service.ts

@@ -18,6 +18,7 @@ import { ClusterClient, ElasticsearchClientConfig } from './client';
 import { ElasticsearchConfig, ElasticsearchConfigType } from './elasticsearch_config';
 import type { InternalHttpServiceSetup, GetAuthHeaders } from '../http';
 import type { InternalExecutionContextSetup, IExecutionContext } from '../execution_context';
+import type { InternalDeprecationsServiceSetup } from '../deprecations';
 import {
   InternalElasticsearchServicePreboot,
   InternalElasticsearchServiceSetup,
@@ -27,9 +28,11 @@ import type { NodesVersionCompatibility } from './version_check/ensure_es_versio
 import { pollEsNodesVersion } from './version_check/ensure_es_version';
 import { calculateStatus$ } from './status';
 import { isValidConnection } from './is_valid_connection';
+import { getElasticsearchDeprecationsProvider } from './deprecations';
 
-interface SetupDeps {
+export interface SetupDeps {
   http: InternalHttpServiceSetup;
+  deprecations: InternalDeprecationsServiceSetup;
   executionContext: InternalExecutionContextSetup;
 }
 
@@ -78,6 +81,10 @@ export class ElasticsearchService
     this.executionContextClient = deps.executionContext;
     this.client = this.createClusterClient('data', config);
 
+    deps.deprecations
+      .getRegistry('elasticsearch')
+      .registerDeprecations(getElasticsearchDeprecationsProvider());
+
     const esNodesCompatibility$ = pollEsNodesVersion({
       internalClient: this.client.asInternalUser,
       log: this.log,
@@ -96,6 +103,7 @@ export class ElasticsearchService
       status$: calculateStatus$(esNodesCompatibility$),
     };
   }
+
   public async start(): Promise<InternalElasticsearchServiceStart> {
     if (!this.client || !this.esNodesCompatibility$) {
       throw new Error('ElasticsearchService needs to be setup before calling start');