Remove heuristics that enable security on trial licenses #38075
Conversation
In 6.3 trial licenses were changed to default to security disabled, and ee added some heuristics to detect when security should be automatically be enabled if `xpack.security.enabled` was not set. This change removes those heuristics, and requires that security be explicitly enabled (via the `xpack.security.enabled` setting) for trial licenses.
tvernum
added
>enhancement
>breaking
v7.0.0
:Security/Security
|
Pinging @elastic/es-security |
| @@ -271,25 +270,21 @@ private static boolean isBasic(OperationMode mode) { | |||
| private final boolean isSecurityExplicitlyEnabled; | |||
|
|
|||
| private Status status = new Status(OperationMode.TRIAL, true); | |||
| private boolean isSecurityEnabledByTrialVersion; | |||
|
|
|||
| public XPackLicenseState(Settings settings) { | |||
| this.listeners = new CopyOnWriteArrayList<>(); | |||
| this.isSecurityEnabled = XPackSettings.SECURITY_ENABLED.get(settings); | |||
| // 6.0+ requires TLS for production licenses, so if TLS is enabled and security is enabled | |||
|
|
||
| In prior versions, a trial license would automatically enable security if either | ||
|
|
||
| * `xpack.security.transport.enabled` was `true`; _or_ |
There was a problem hiding this comment.
is a semicolon syntactically needed here? or is it an asciidoc thing ? ( didn't find any references).
There was a problem hiding this comment.
Needed, no.
Semicolons within lists, and semicolons before conjunctions are both acceptable, but a little bit outdated.
I only use them when (like this case) you have a multi-line list (bullet points, or numbers) and a conjunction that relates to the overall list. In this case the ; makes clear that the or is not part of the first point (it would be grammatically incorrect if it were, but may still confuse readers) but applies to the list itself.
There was a problem hiding this comment.
I can't find any great references off hand, but here's an OK one: https://www.onlinegrammar.com.au/punctuation-in-lists/
There was a problem hiding this comment.
aha! They don't teach you that stuff at English school :) (or they did and I have forgotten) - Thanks for the clarification
In 6.x security is implicitly enabled on a trial license if transport SSL is enabled, or the trial is from pre-6.3. This is no longer true on 7.0, so this behaviour is now deprecated. Relates: elastic#38009, elastic#38075
In v6.3 trial licenses were changed to default to security
disabled, and we added some heuristics to detect when security should
be automatically be enabled if
xpack.security.enabledwas not set.This change removes those heuristics, and requires that security be
explicitly enabled (via the
xpack.security.enabledsetting) fortrial licenses.
Relates: #38009