Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding a warning header when a license is about to expire #64948 #65900

Merged
merged 3 commits into from
Dec 5, 2020

Conversation

BigPandaToo
Copy link
Contributor

This implementation will add the warning header
if the license is going to expire in less than
{LICENSE_EXPIRATION_WARNING_PERIOD} days.
The messages added:

Warning: 299 Elasticsearch-8.0.0-###"Your license will expire in [N] days. Contact your administrator or update your license for continued use of features"

or

Warning: 299 Elasticsearch-8.0.0-### "Your license expires today. Contact your administrator or update your license for continued use of features"

If license has expired less than
{GRACE_PERIOD_DURATION} days ago following
warning is added:

Warning: 299 Elasticsearch-8.0.0-### "Your license expired on ["EEEE, MMMM dd, yyyy" ]. Contact your administrator or update your license for continued use of features"

Both {LICENSE_EXPIRATION_WARNING_PERIOD}
and {GRACE_PERIOD_DURATION} are currently 7 days.

The message will be added to each request unless
authentication fails.
Note: with this change all warning headers will be removed
from a response if authentication fails.

#backport #64948

BigPandaToo and others added 2 commits December 4, 2020 18:00
)

* This change adds a warning header when a license is about to expire

Resolves elastic#60562

* This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs

Resolves elastic#53161

* Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm}

Related to elastic#49018

* Adding a warning header when a license is about to expire

Resolves elastic#60562

* Addressing the PR feedback

* Switching back to adding the header during featureCheck to allow
warnings when authentication is disabled as well. Adding filterHeader
implementation to SecurityRestFilter exception handling to remove all
the warnings if authentication fails.

* Changing the wording for "expired" message to be consistent with the log
 messages; changing "today" calculation; adding a test case for failing
 authN to make sure we remove the warning header

* Small changes in the way we verify header in tests

* Nit changes

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
@BigPandaToo BigPandaToo added :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) backport labels Dec 4, 2020
@elasticmachine elasticmachine added the Team:Security Meta label for security team label Dec 4, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@BigPandaToo
Copy link
Contributor Author

@elasticmachine update branch

@BigPandaToo BigPandaToo merged commit e0b75c9 into elastic:7.x Dec 5, 2020
@BigPandaToo BigPandaToo deleted the Warning_headers7 branch April 19, 2021 13:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants