From 27b45b35bcdabb2b6a84ffb5859c828a8914a4fd Mon Sep 17 00:00:00 2001 From: James Rodewig <40268737+jrodewig@users.noreply.github.com> Date: Tue, 28 Sep 2021 13:33:24 -0400 Subject: [PATCH 1/4] [DOCS] Always enable file and native realms by default Adds an 8.0 breaking change for PR #69096. The copy is based on the 7.13 deprecation notice added with PR #69320. --- .../migration/migrate_8_0/security.asciidoc | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/docs/reference/migration/migrate_8_0/security.asciidoc b/docs/reference/migration/migrate_8_0/security.asciidoc index e9179430e16e8..fbe9dbea3aff9 100644 --- a/docs/reference/migration/migrate_8_0/security.asciidoc +++ b/docs/reference/migration/migrate_8_0/security.asciidoc @@ -6,6 +6,41 @@ //Installation and Upgrade Guide //tag::notable-breaking-changes[] +.The file and native realms are now enabled unless explicitly disabled. +[%collapsible] +==== +*Details* + +The file and native realms are now enabled unless explicitly disabled. If +explicitly disabled, the file and native realms remain disabled at all times. + +Previously, the file and native realms had the following implicit behaviors: + +* If the file and native realms were not configured, they were implicitly disabled +if any other realm was configured. + +* If no other realm was available because realms were not configured or +explicitly disabled, the file and native realms were enabled, even if explicitly +disabled. + +*Impact* + +To explicilty disable the file or native realm, set the respective +`file..enabled` or `native..enabled` setting to `false` +under the `xpack.security.authc.realms` namespace in `elasticsearch.yml`. + +The following configuration example disables the native realm, named `realm1`, +and disables the file realm, named `realm2`: + +[source,yaml] +---- +xpack.security.authc.realms: + + native.realm1.enabled: false + file.realm2.enabled: false + + ... +---- +==== + .The realm `order` setting is now required. [%collapsible] ==== From 610e8b2fd16d28e38e6d25c4abff6149d6259873 Mon Sep 17 00:00:00 2001 From: James Rodewig <40268737+jrodewig@users.noreply.github.com> Date: Tue, 28 Sep 2021 14:03:57 -0400 Subject: [PATCH 2/4] reword --- docs/reference/migration/migrate_8_0/security.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/migration/migrate_8_0/security.asciidoc b/docs/reference/migration/migrate_8_0/security.asciidoc index fbe9dbea3aff9..661fa9c025fe6 100644 --- a/docs/reference/migration/migrate_8_0/security.asciidoc +++ b/docs/reference/migration/migrate_8_0/security.asciidoc @@ -28,7 +28,7 @@ To explicilty disable the file or native realm, set the respective under the `xpack.security.authc.realms` namespace in `elasticsearch.yml`. The following configuration example disables the native realm, named `realm1`, -and disables the file realm, named `realm2`: +and the file realm, named `realm2`: [source,yaml] ---- From fdc30c6fa209c65f35e80599667af0a56c657ead Mon Sep 17 00:00:00 2001 From: James Rodewig <40268737+jrodewig@users.noreply.github.com> Date: Wed, 29 Sep 2021 08:59:47 -0400 Subject: [PATCH 3/4] Update docs/reference/migration/migrate_8_0/security.asciidoc Co-authored-by: Yang Wang --- docs/reference/migration/migrate_8_0/security.asciidoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/migration/migrate_8_0/security.asciidoc b/docs/reference/migration/migrate_8_0/security.asciidoc index 661fa9c025fe6..b6d5d17e5b9be 100644 --- a/docs/reference/migration/migrate_8_0/security.asciidoc +++ b/docs/reference/migration/migrate_8_0/security.asciidoc @@ -18,9 +18,9 @@ Previously, the file and native realms had the following implicit behaviors: * If the file and native realms were not configured, they were implicitly disabled if any other realm was configured. -* If no other realm was available because realms were not configured or -explicitly disabled, the file and native realms were enabled, even if explicitly -disabled. +* If no other realm was available because realms were either not configured, +not perrmitted by license, or explicitly disabled, the file and native realms +were enabled, even if explicitly disabled. *Impact* + To explicilty disable the file or native realm, set the respective From f6742d70c4d359b0fc58e590da533c447303ca19 Mon Sep 17 00:00:00 2001 From: James Rodewig <40268737+jrodewig@users.noreply.github.com> Date: Wed, 29 Sep 2021 08:59:51 -0400 Subject: [PATCH 4/4] Update docs/reference/migration/migrate_8_0/security.asciidoc Co-authored-by: Yang Wang --- docs/reference/migration/migrate_8_0/security.asciidoc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/reference/migration/migrate_8_0/security.asciidoc b/docs/reference/migration/migrate_8_0/security.asciidoc index b6d5d17e5b9be..9a91b4b503cbc 100644 --- a/docs/reference/migration/migrate_8_0/security.asciidoc +++ b/docs/reference/migration/migrate_8_0/security.asciidoc @@ -27,8 +27,7 @@ To explicilty disable the file or native realm, set the respective `file..enabled` or `native..enabled` setting to `false` under the `xpack.security.authc.realms` namespace in `elasticsearch.yml`. -The following configuration example disables the native realm, named `realm1`, -and the file realm, named `realm2`: +The following configuration example disables the native realm and the file realm. [source,yaml] ----