This change allows for messages to be signed when message signing is enabled and a system
key is not present. This is accomplished by generating a random key on startup and then using
HKDF with HmacSHA1 to generate the keying material to be used to sign the messages. The random
key from the originating node is added to the signed message so that the signing key can be
derived on the receiving node.
When a system key is present, the system key is used for signing and the preexisting behavior
is maintained.
Closeselastic/elasticsearch#711
Original commit: elastic/x-pack-elasticsearch@c41fdc0ac3
This change removes obsolete forbidden API usage, cuts over
from an interface to an abstract class for IndexSearcherWrapper and
delegates all core cache keys to the wrapped reader.
Relates to elastic/elasticsearch#774
Original commit: elastic/x-pack-elasticsearch@3799bab0d9
Shield now supports the ability to disable or enable individual features based on the type of
license that is currently installed. The change replaces the LicenseService in shield with a
ShieldLicensee that is notified on changes to the license. The ShieldLicensee then updates
a ShieldLicenseState object, which contains the logic and methods to check for features being
enabled or disabled. The ShieldLicenseState object is used by consumers to check the status
of a feature. The decoupling of the feature enablement from the ShieldLicensee class was done
to work around circular dependency issues.
Closeselastic/elasticsearch#689
Original commit: elastic/x-pack-elasticsearch@442514496d
The DataAttachmentsTests used the default line separator for checking
JSON syntax and indendation. This is not working anymore due to
elastic/elasticsearchelastic/elasticsearch#13816 and thus fails on windows.
This commit just uses `\n` everywhere as Elasticsearch does as well.
Closeselastic/elasticsearch#728
Original commit: elastic/x-pack-elasticsearch@dce572e272
This commit removes Guava as a dependency. Note that Guava will remain
as a test-only dependency (transitively through Elasticsearch through
Jimfs).
Relates elastic/elasticsearchelastic/elasticsearch#13224
Original commit: elastic/x-pack-elasticsearch@fe23d5f25f
- Added the notion of `Licensee.Status` (holds both the `License.OperationMode` and the `LicenseState`)
- Added a support base class for all `Licensee` implementations. The idea behind this is that implementations will centralized the licensing logic in one class (same as `MarvelLicensee` does), but if there's a requirement for more "proactiveness" on license status change, different components can register a `Licensee.Listener` to be notified on license changes.
- Since we introduced `License.OperationMode` as part of the license refactoring, there's no need anymore for Marvel's `Mode` enum.
Closeselastic/elasticsearch#690
Original commit: elastic/x-pack-elasticsearch@8a66bc163f
This commit catches up with master which removed the shard level injector
and changed the logic how the SearcherWrapper works and is installed.
The way we now install it is via a package private onModule(IndexModule) call.
There is no public API for this anymore.
The wrapper also doesn't need to watch the IndexShards state since now it will only
be used when the shard is STARTED or RECOVERED.
Original commit: elastic/x-pack-elasticsearch@42b9eeef3d