add support for embeddable action

Author: alisonelizabeth

src/plugins/deprecations/server/types.ts

@@ -18,12 +18,20 @@ export interface DeprecationDependencies {
   esClient: IScopedClusterClient;
   savedObjectsClient: SavedObjectsClientContract;
 }
-
 export interface DeprecationInfo {
   message: string;
   level: 'warning' | 'critical';
   documentationUrl?: string;
-  correctionAction?: () => void;
+  correctionActions: {
+    api?: {
+      path: string;
+      method: 'POST' | 'PUT';
+      body?: {
+        [key: string]: any;
+      };
+    };
+    manualSteps?: string[];
+  };
 }
 export interface DeprecationContext {
   pluginId: string;

src/plugins/timelion/server/deprecations.ts

@@ -27,6 +27,16 @@ export const getDeprecations = async ({ savedObjectsClient }: DeprecationDepende
       documentationUrl:
         'https://www.elastic.co/guide/en/kibana/master/dashboard.html#timelion-deprecation',
       level: 'warning',
+      correctiveActions: {
+        manualSteps: [
+          'Navigate to the Kibana Dashboard and click "Create dashboard".',
+          'Select Timelion from the "New Visualization" window.',
+          'Open a new tab, open the Timelion app, select the chart you want to copy, then copy the chart expression.',
+          'Go to Timelion, paste the chart expression in the Timelion expression field, then click Update.',
+          'In the toolbar, click Save.',
+          'On the Save visualization window, enter the visualization Title, then click Save and return.',
+        ],
+      },
     });
   }
 

x-pack/plugins/security/server/deprecations/deprecations.ts

@@ -18,33 +18,71 @@ interface UserInfo {
   enabled: boolean;
 }
 
-const isUsingDeprecatedRole = (users: Record<string, UserInfo>, role: string) => {
+const getRoleDeprecations = ({
+  users,
+  deprecatedRole,
+  manualSteps,
+  apiInfo,
+}: {
+  users: Record<string, UserInfo>;
+  deprecatedRole: string;
+  manualSteps?: string[];
+  apiInfo?: {
+    newRole: string;
+  };
+}) => {
   const usersWithDeprecatedRoles = Object.keys(users).filter((user) => {
-    return users[user].roles.includes(role);
+    return users[user].roles.includes(deprecatedRole);
   });
 
   return usersWithDeprecatedRoles.map((user) => {
     const userInfo = users[user];
+    const filteredRoles = userInfo.roles.filter((userInfoRole) => userInfoRole !== deprecatedRole);
+
     return {
-      message: `User '${userInfo.username}' is using a deprecated role: '${role}'`,
-      correctiveAction: '',
-      documentationUrl: '',
+      message: `User '${userInfo.username}' is using a deprecated role: '${deprecatedRole}'`,
+      correctiveActions: {
+        api: apiInfo
+          ? {
+              path: `/internal/security/users/${userInfo.username}`,
+              method: 'POST',
+              body: {
+                ...userInfo,
+                roles: [...filteredRoles, apiInfo.newRole],
+              },
+            }
+          : undefined,
+        manualSteps,
+      },
+      documentationUrl:
+        'https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html',
       level: 'critical',
     };
   });
 };
 
-const isUsingDeprecatedUser = (users: Record<string, UserInfo>, username: string) => {
+const getUserDeprecations = ({
+  users,
+  deprecatedUser,
+  manualSteps,
+}: {
+  users: Record<string, UserInfo>;
+  deprecatedUser: string;
+  manualSteps: string[];
+}) => {
   const deprecatedUsers = Object.keys(users).filter((user) => {
-    return users[user].username === username;
+    return users[user].username === deprecatedUser;
   });
 
   return deprecatedUsers.map((user) => {
     const userInfo = users[user];
     return {
       message: `User '${userInfo.username}' has been deprecated.`,
-      correctiveAction: '',
-      documentationUrl: '',
+      correctiveActions: {
+        manualSteps,
+      },
+      documentationUrl:
+        'https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html',
       level: 'critical',
     };
   });
@@ -56,13 +94,36 @@ export const getDeprecations = async ({ esClient }: DeprecationDependencies) =>
       Record<string, UserInfo>
     >();
 
-    const usersWithDeprecatedKibanaUserRole = isUsingDeprecatedRole(usersResponse, 'kibana_user');
-    const usersWithDeprecatedDashboardRole = isUsingDeprecatedRole(
-      usersResponse,
-      'kibana_dashboard_only_user'
-    );
+    const usersWithDeprecatedKibanaUserRole = getRoleDeprecations({
+      users: usersResponse,
+      deprecatedRole: 'kibana_user',
+      apiInfo: {
+        newRole: 'kibana_admin',
+      },
+      manualSteps: [
+        'Using Kibana user management, change all users using the kibana_user role to the kibana_admin role.',
+        'Using Kibana role-mapping management, change all role-mappings which assing the kibana_user role to the kibana_admin role.',
+      ],
+    });
+
+    const usersWithDeprecatedDashboardRole = getRoleDeprecations({
+      users: usersResponse,
+      deprecatedRole: 'kibana_dashboard_only_user',
+      manualSteps: [
+        'Using Kibana role management, create a new custom role.',
+        'Assign read-only access to the Dashboard feature.',
+        'Assign this role in place of the dashboard_only role.',
+      ],
+    });
 
-    const deprecatedUsers = isUsingDeprecatedUser(usersResponse, 'kibana');
+    const deprecatedUsers = getUserDeprecations({
+      users: usersResponse,
+      deprecatedUser: 'kibana',
+      manualSteps: [
+        'Using Kibana user management, set the password for the kibana_system user',
+        'Update all kibana.yml files to use this username and password for elasticsearch.username and elasticsearch.password',
+      ],
+    });
 
     const deprecations = [
       ...usersWithDeprecatedKibanaUserRole,