honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enable FIPS140LicenseBootstrapCheck (#32903) 

This commit ensures that xpack.security.fips_mode.enabled: true 
cannot be set in a node that doesn't have the appropriate license.
This commit is contained in:
Ioannis Kakavas 2018-08-17 14:06:24 +03:00 committed by GitHub
parent ca54aacbb5
commit 75014a22d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
View File

@ -301,7 +301,8 @@ public class Security extends Plugin implements ActionPlugin, IngestPlugin, Netw
new TLSLicenseBootstrapCheck(),
new FIPS140SecureSettingsBootstrapCheck(settings, env),
new FIPS140JKSKeystoreBootstrapCheck(settings),
new FIPS140PasswordHashingAlgorithmBootstrapCheck(settings)));
new FIPS140PasswordHashingAlgorithmBootstrapCheck(settings),
new FIPS140LicenseBootstrapCheck(XPackSettings.FIPS_MODE_ENABLED.get(settings))));
checks.addAll(InternalRealms.getBootstrapChecks(settings, env));
this.bootstrapChecks = Collections.unmodifiableList(checks);
Automatons.updateMaxDeterminizedStates(settings);