Adding a warning header when a license is about to expire #64948 #65900
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
) * This change adds a warning header when a license is about to expire Resolves elastic#60562 * This change adds realm name of the realm used to perform authentication to the responses of _security/oidc/authenticate and _security/oidc/authenticate APIs Resolves elastic#53161 * Adding doc for the new API introduced by elastic#64517 - /_security/saml/metadata/{realm} Related to elastic#49018 * Adding a warning header when a license is about to expire Resolves elastic#60562 * Addressing the PR feedback * Switching back to adding the header during featureCheck to allow warnings when authentication is disabled as well. Adding filterHeader implementation to SecurityRestFilter exception handling to remove all the warnings if authentication fails. * Changing the wording for "expired" message to be consistent with the log messages; changing "today" calculation; adding a test case for failing authN to make sure we remove the warning header * Small changes in the way we verify header in tests * Nit changes Co-authored-by: Elastic Machine <[email protected]>
…nction Fixing unused imports
BigPandaToo
added
:Security/Authentication
|
Pinging @elastic/es-security (Team:Security) |
|
@elasticmachine update branch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This implementation will add the warning header
if the license is going to expire in less than
{LICENSE_EXPIRATION_WARNING_PERIOD} days.
The messages added:
Warning: 299 Elasticsearch-8.0.0-###"Your license will expire in [N] days. Contact your administrator or update your license for continued use of features"
or
Warning: 299 Elasticsearch-8.0.0-### "Your license expires today. Contact your administrator or update your license for continued use of features"
If license has expired less than
{GRACE_PERIOD_DURATION} days ago following
warning is added:
Warning: 299 Elasticsearch-8.0.0-### "Your license expired on ["EEEE, MMMM dd, yyyy" ]. Contact your administrator or update your license for continued use of features"
Both {LICENSE_EXPIRATION_WARNING_PERIOD}
and {GRACE_PERIOD_DURATION} are currently 7 days.
The message will be added to each request unless
authentication fails.
Note: with this change all warning headers will be removed
from a response if authentication fails.
#backport #64948