Deprecation check for Auth realm setting structure #36664
Conversation
Adds a deprecation check for changes to the structure of authentication realm settings.
gwbrown
added
>enhancement
:Security/Authentication
|
Pinging @elastic/es-core-features |
|
Pinging @elastic/es-security |
|
Test failure is #36598, which appears to be inconsistent. @elasticmachine run gradle build tests 1 please |
|
Is this the right approach? It might be - I haven't kept up to date with our plan for ugrade checks. 6.x nodes need to use the old realm settings format, and 7.x nodes need to use the new realm format. We don't offer any upgrade option except to change the yml file when performing the upgrade. So it won't be possible to fix this warning on 6.x, you just need to be aware that there's a step you need to do during the upgrade process. |
|
@tvernum Interesting - most other breaking settings changes you are able to make before upgrading. I think we still want a warning here, but I'll add a note in the details that this needs to be done as part of the upgrade of each node to 7.x, rather than done before the upgrade like other settings changes. |
|
Oh - I didn't quite process what you were saying. Any and every configured realm will trigger this warning, with no way of resolving it before upgrading. I've simplified the check, as I think this is important to notify cluster administrators of, but there's no need for the complexity that was there. |
|
@tvernum How do you feel about this method of checking? |
|
This looks right. I'll need to double check it when I'm back at the end of next week, (I'm half asleep now, do I'd probably miss something) but it seems right. |
|
@elasticmachine run gradle build tests 1 please |
Adds a deprecation check for changes to the structure of authentication
realm settings.
Relates to #36024 and #30241