Deprecate transport profile security type setting (#43237)

This commit deprecates the `transport.profiles.*.xpack.security.type` setting. This setting is used to configure a profile that would only allow client actions. With the upcoming removal of the transport client the setting should also be deprecated so that it may be removed in a future version.
2025-03-25 17:38:44 +00:00 · 2019-07-03 03:31:55 -06:00 · 2019-07-03 03:31:55 -06:00 · 1e0f67fb38
commit 1e0f67fb38
parent 455b12a4fb
2 changed files with 6 additions and 2 deletions
--- a/docs/reference/security/securing-communications/separating-node-client-traffic.asciidoc
+++ b/docs/reference/security/securing-communications/separating-node-client-traffic.asciidoc
@ -2,6 +2,8 @@
 [[separating-node-client-traffic]]
 === Separating node-to-node and client traffic

+deprecated[7.3.0, Transport Client is deprecated and will be removed]
+
 Elasticsearch has the feature of so called 
 {ref}/modules-transport.html[TCP transport profiles]
 that allows it to bind to several ports and addresses. The {es}
--- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportInterceptor.java
+++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportInterceptor.java
@ -13,6 +13,7 @@ import org.elasticsearch.action.support.DestructiveOperations;
 import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.common.CheckedConsumer;
 import org.elasticsearch.common.settings.Setting;
+import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.AbstractRunnable;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
@ -56,7 +57,7 @@ public class SecurityServerTransportInterceptor implements TransportInterceptor
            return v;
        }
        throw new IllegalArgumentException("type must be one of [client, node]");
-    }, Setting.Property.NodeScope);
+    }, Setting.Property.NodeScope, Property.Deprecated);
    private static final String TRANSPORT_TYPE_SETTING_KEY = "xpack.security.type";
    private static final Logger logger = LogManager.getLogger(SecurityServerTransportInterceptor.class);

@ -187,7 +188,8 @@ public class SecurityServerTransportInterceptor implements TransportInterceptor
        for (Map.Entry<String, SSLConfiguration> entry : profileConfigurations.entrySet()) {
            final SSLConfiguration profileConfiguration = entry.getValue();
            final boolean extractClientCert = transportSSLEnabled && sslService.isSSLClientAuthEnabled(profileConfiguration);
-            final String type = TRANSPORT_TYPE_PROFILE_SETTING.getConcreteSettingForNamespace(entry.getKey()).get(settings);
+            final Setting<String> transportType = TRANSPORT_TYPE_PROFILE_SETTING.getConcreteSettingForNamespace(entry.getKey());
+            final String type = transportType.get(settings);
            switch (type) {
                case "client":
                    profileFilters.put(entry.getKey(), new ServerTransportFilter.ClientProfile(authcService, authzService,