-
Notifications
You must be signed in to change notification settings - Fork 25k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setting to whitelist allowed licenses #48508
Comments
Pinging @elastic/es-security (:Security/License) |
@tvernum I left a few technical questions in the first comment, and I'd like to hear from you which could be a possible approach. Given our previous discussions and priorities, we should try to add this feature in 7.6 if possible. |
Yes
No, that would defeat the purpose. The reason we want the setting is so that the orchestrator can control the license management by controlling the YML. If it's configurable via API then it is easy to by-pass the orchestrator.
No, we don't plant to do this. It is to easy to leave a cluster is a broken state. |
Thanks, description updated with these answers. |
Description
We want to introduce a new Elasticsearch setting to define which are the licenses that can be used in a specific cluster.
The main goal is to allow external coordinators (like ECK or ECE) to control which license can be installed on clusters that are centrally managed, and to avoid that inconsistent licenses are manually installed using direct access to the cluster.
Proposal
Introduce the new setting and perform the check on the license type when a new license is sent via Update license API.
The setting name is
xpack.license.upload.types
.The value is a list of possible license types.
The supported use case is what is needed by Cloud, so
trial,enterprise
The default value for this setting (if not set) is to allow any license to be used.
Questions
Is it defined in— YESelasticsearch.yml
?Can it be updated via setting via API?— NOWill the check happen also on bootstrap?— NOThe text was updated successfully, but these errors were encountered: