Skip to content

Remove heuristics that enable security on trial licenses#38075

Merged
tvernum merged 5 commits intoelastic:masterfrom
tvernum:split-tls-security
Feb 1, 2019
Merged

Remove heuristics that enable security on trial licenses#38075
tvernum merged 5 commits intoelastic:masterfrom
tvernum:split-tls-security

Conversation

@tvernum
Copy link
Copy Markdown
Contributor

@tvernum tvernum commented Jan 31, 2019
edited
Loading

In v6.3 trial licenses were changed to default to security
disabled, and we added some heuristics to detect when security should
be automatically be enabled if xpack.security.enabled was not set.

This change removes those heuristics, and requires that security be
explicitly enabled (via the xpack.security.enabled setting) for
trial licenses.

Relates: #38009

@tvernum
Require explicit setting for security on trial
fc557c7 
In 6.3 trial licenses were changed to default to security
disabled, and ee added some heuristics to detect when security should
be automatically be enabled if `xpack.security.enabled` was not set.

This change removes those heuristics, and requires that security be
explicitly enabled (via the `xpack.security.enabled` setting) for
trial licenses.
@tvernum
Add trial + security behaviour to breaking changes
2e91e84
@tvernum
Merge branch 'master' into split-tls-security
317c32d
@tvernum
Merge branch 'master' into split-tls-security
87c04fc
@tvernum tvernum added >enhancement >breaking v7.0.0 :Security/Security Security issues without another label labels Jan 31, 2019
@tvernum tvernum requested review from jaymode and jkakavas January 31, 2019 08:14
@elasticmachine
Copy link
Copy Markdown
Collaborator

elasticmachine commented Jan 31, 2019

Pinging @elastic/es-security

jaymode
jaymode approved these changes Jan 31, 2019
View reviewed changes
Copy link
Copy Markdown
Member

@jaymode jaymode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

x-pack/plugin/core/src/main/java/org/elasticsearch/license/XPackLicenseState.java Outdated
public XPackLicenseState(Settings settings) {
this.listeners = new CopyOnWriteArrayList<>();
this.isSecurityEnabled = XPackSettings.SECURITY_ENABLED.get(settings);
// 6.0+ requires TLS for production licenses, so if TLS is enabled and security is enabled
Copy link
Copy Markdown
Member

@jaymode jaymode Jan 31, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can remove this comment

jkakavas
jkakavas approved these changes Jan 31, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@jkakavas jkakavas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

docs/reference/migration/migrate_7_0/settings.asciidoc

In prior versions, a trial license would automatically enable security if either

* `xpack.security.transport.enabled` was `true`; _or_
Copy link
Copy Markdown
Contributor

@jkakavas jkakavas Jan 31, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is a semicolon syntactically needed here? or is it an asciidoc thing ? ( didn't find any references).

Copy link
Copy Markdown
Contributor Author

@tvernum tvernum Feb 1, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needed, no.

Semicolons within lists, and semicolons before conjunctions are both acceptable, but a little bit outdated.
I only use them when (like this case) you have a multi-line list (bullet points, or numbers) and a conjunction that relates to the overall list. In this case the ; makes clear that the or is not part of the first point (it would be grammatically incorrect if it were, but may still confuse readers) but applies to the list itself.

Copy link
Copy Markdown
Contributor Author

@tvernum tvernum Feb 1, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't find any great references off hand, but here's an OK one: https://www.onlinegrammar.com.au/punctuation-in-lists/

Copy link
Copy Markdown
Contributor

@jkakavas jkakavas Feb 1, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aha! They don't teach you that stuff at English school :) (or they did and I have forgotten) - Thanks for the clarification

@tvernum tvernum merged commit 6fcbd07 into elastic:master Feb 1, 2019
tvernum added a commit to tvernum/elasticsearch that referenced this pull request Feb 4, 2019
@tvernum
Deprecate implicit security on trial licenses
961a015 
In 6.x security is implicitly enabled on a trial license if transport
SSL is enabled, or the trial is from pre-6.3.

This is no longer true on 7.0, so this behaviour is now deprecated.

Relates: elastic#38009, elastic#38075
@tvernum tvernum mentioned this pull request Feb 4, 2019
Merged
tvernum added a commit that referenced this pull request Feb 5, 2019
@tvernum
Deprecate implicit security on trial licenses (#38295)
34aede6 
In 6.x security is implicitly enabled on a trial license if transport
SSL is enabled, or the trial is from pre-6.3.

This is no longer true on 7.0, so this behaviour is now deprecated.

Relates: #38009, #38075
@tvernum tvernum mentioned this pull request Feb 5, 2019
Closed
@tvernum tvernum mentioned this pull request May 21, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkakavas jkakavas jkakavas approved these changes

@jaymode jaymode jaymode approved these changes

Assignees

No one assigned

Labels

>breaking >enhancement :Security/Security Security issues without another label v7.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@tvernum @elasticmachine @jaymode @jkakavas @colings86