Setting to whitelist allowed licenses #48508
Labels
Comments
bytebilly
added
>feature
release highlight
:Security/License
|
Pinging @elastic/es-security (:Security/License) |
|
@tvernum I left a few technical questions in the first comment, and I'd like to hear from you which could be a possible approach. Given our previous discussions and priorities, we should try to add this feature in 7.6 if possible. |
Yes
No, that would defeat the purpose. The reason we want the setting is so that the orchestrator can control the license management by controlling the YML. If it's configurable via API then it is easy to by-pass the orchestrator.
No, we don't plant to do this. It is to easy to leave a cluster is a broken state. |
|
Thanks, description updated with these answers. |
This was referenced Feb 3, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
We want to introduce a new Elasticsearch setting to define which are the licenses that can be used in a specific cluster.
The main goal is to allow external coordinators (like ECK or ECE) to control which license can be installed on clusters that are centrally managed, and to avoid that inconsistent licenses are manually installed using direct access to the cluster.
Proposal
Introduce the new setting and perform the check on the license type when a new license is sent via Update license API.
The setting name is
xpack.license.upload.types.The value is a list of possible license types.
The supported use case is what is needed by Cloud, so
trial,enterpriseThe default value for this setting (if not set) is to allow any license to be used.
Questions
Is it defined in— YESelasticsearch.yml?Can it be updated via setting via API?— NOWill the check happen also on bootstrap?— NOThe text was updated successfully, but these errors were encountered: