diff --git a/server/src/main/java/org/elasticsearch/transport/TransportService.java b/server/src/main/java/org/elasticsearch/transport/TransportService.java index 4ae74abdbff8e..32fa1c7615a25 100644 --- a/server/src/main/java/org/elasticsearch/transport/TransportService.java +++ b/server/src/main/java/org/elasticsearch/transport/TransportService.java @@ -70,7 +70,7 @@ public class TransportService extends AbstractLifecycleComponent private static final Logger logger = LogManager.getLogger(TransportService.class); - private static final String PERMIT_HANDSHAKES_FROM_INCOMPATIBLE_BUILDS_KEY = "es.unsafely_permit_handshake_from_incompatible_builds"; + public static final String PERMIT_HANDSHAKES_FROM_INCOMPATIBLE_BUILDS_KEY = "es.unsafely_permit_handshake_from_incompatible_builds"; private static final boolean PERMIT_HANDSHAKES_FROM_INCOMPATIBLE_BUILDS; static { diff --git a/x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/DeprecationChecks.java b/x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/DeprecationChecks.java index 08f286b274f89..a026823656c6d 100644 --- a/x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/DeprecationChecks.java +++ b/x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/DeprecationChecks.java @@ -12,6 +12,7 @@ import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackLicenseState; +import org.elasticsearch.transport.TransportService; import org.elasticsearch.xpack.core.XPackSettings; import java.util.Arrays; @@ -97,6 +98,10 @@ private DeprecationChecks() { NodeDeprecationChecks::checkImplicitlyDisabledSecurityOnBasicAndTrial, NodeDeprecationChecks::checkSearchRemoteSettings, NodeDeprecationChecks::checkMonitoringExporterPassword, + NodeDeprecationChecks::checkClusterRoutingAllocationIncludeRelocationsSetting, + (settings, pluginsAndModules, clusterState, licenseState) -> + NodeDeprecationChecks.checkNoPermitHandshakeFromIncompatibleBuilds(settings, pluginsAndModules, clusterState, + licenseState, () -> System.getProperty(TransportService.PERMIT_HANDSHAKES_FROM_INCOMPATIBLE_BUILDS_KEY)), NodeDeprecationChecks::checkTransportClientProfilesFilterSetting, NodeDeprecationChecks::checkDelayClusterStateRecoverySettings, NodeDeprecationChecks::checkFixedAutoQueueSizeThreadpool, diff --git a/x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecks.java b/x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecks.java index d58063763fac8..8478e97e00547 100644 --- a/x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecks.java +++ b/x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecks.java @@ -35,6 +35,7 @@ import org.elasticsearch.threadpool.FixedExecutorBuilder; import org.elasticsearch.transport.RemoteClusterService; import org.elasticsearch.transport.SniffConnectionStrategy; +import org.elasticsearch.transport.TransportService; import org.elasticsearch.xpack.core.XPackSettings; import org.elasticsearch.xpack.core.security.SecurityField; import org.elasticsearch.xpack.core.security.authc.RealmConfig; @@ -51,6 +52,7 @@ import java.util.Optional; import java.util.Set; import java.util.function.BiFunction; +import java.util.function.Supplier; import java.util.stream.Collectors; import static org.elasticsearch.cluster.routing.allocation.DiskThresholdSettings.CLUSTER_ROUTING_ALLOCATION_INCLUDE_RELOCATIONS_SETTING; @@ -666,6 +668,29 @@ static DeprecationIssue checkClusterRoutingAllocationIncludeRelocationsSetting(f ); } + static DeprecationIssue checkNoPermitHandshakeFromIncompatibleBuilds(final Settings settings, + final PluginsAndModules pluginsAndModules, + final ClusterState clusterState, + final XPackLicenseState licenseState, + Supplier permitsHandshakesFromIncompatibleBuildsSupplier) { + if (permitsHandshakesFromIncompatibleBuildsSupplier.get() != null) { + final String message = String.format( + Locale.ROOT, + "the [%s] system property is deprecated and will be removed in the next major release", + TransportService.PERMIT_HANDSHAKES_FROM_INCOMPATIBLE_BUILDS_KEY + ); + final String details = String.format( + Locale.ROOT, + "allowing handshakes from incompatibile builds is deprecated and will be removed in the next major release; the [%s] " + + "system property must be removed", + TransportService.PERMIT_HANDSHAKES_FROM_INCOMPATIBLE_BUILDS_KEY + ); + String url = "https://www.elastic.co/guide/en/elasticsearch/reference/master/migrating-8.0.html#breaking_80_transport_changes"; + return new DeprecationIssue(DeprecationIssue.Level.CRITICAL, message, url, details, false, null); + } + return null; + } + static DeprecationIssue checkTransportClientProfilesFilterSetting( final Settings settings, final PluginsAndModules pluginsAndModules, diff --git a/x-pack/plugin/deprecation/src/test/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecksTests.java b/x-pack/plugin/deprecation/src/test/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecksTests.java index 2806fc4553307..c58e66b0df2f7 100644 --- a/x-pack/plugin/deprecation/src/test/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecksTests.java +++ b/x-pack/plugin/deprecation/src/test/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecksTests.java @@ -21,6 +21,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.EsExecutors; import org.elasticsearch.core.Set; +import org.elasticsearch.core.SuppressForbidden; import org.elasticsearch.env.Environment; import org.elasticsearch.env.NodeEnvironment; import org.elasticsearch.gateway.GatewayService; @@ -962,6 +963,27 @@ public void testImplicitlyConfiguredSecurityOnGoldPlus() { assertThat(issues, empty()); } + @SuppressForbidden(reason = "sets and unsets es.unsafely_permit_handshake_from_incompatible_builds") + public void testCheckNoPermitHandshakeFromIncompatibleBuilds() { + final DeprecationIssue expectedNullIssue = + NodeDeprecationChecks.checkNoPermitHandshakeFromIncompatibleBuilds(Settings.EMPTY, + null, + ClusterState.EMPTY_STATE, + new XPackLicenseState(Settings.EMPTY, () -> 0), + () -> null); + assertEquals(null, expectedNullIssue); + final DeprecationIssue issue = + NodeDeprecationChecks.checkNoPermitHandshakeFromIncompatibleBuilds(Settings.EMPTY, + null, + ClusterState.EMPTY_STATE, + new XPackLicenseState(Settings.EMPTY, () -> 0), + () -> randomAlphaOfLengthBetween(1, 10)); + assertNotNull(issue.getDetails()); + assertThat(issue.getDetails(), containsString("system property must be removed")); + assertThat(issue.getUrl(), + equalTo("https://www.elastic.co/guide/en/elasticsearch/reference/master/migrating-8.0.html#breaking_80_transport_changes")); + } + public void testCheckTransportClientProfilesFilterSetting() { final int numProfiles = randomIntBetween(1, 3); final String[] profileNames = new String[numProfiles];