Sākums Izpētīt Palīdzība
Pierakstīties
lqb
/
elasticsearch
spogulis no https://gitee.com/mirrors/elasticsearch.git
1
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

Deprecate setup-passwords tool (#76902)

With Security ON by default project where the `elastic` user
password is auto-generated, we have decided to deprecate the
setup-passwords tool and consider removing it in a future version.
Users will get a password for the `elastic` built-in user when the
node starts for the first time and they can also use the newly
introduced elastisearch-reset-elastic-password tool to set or
reset that password. With credentials for the elastic user
available, the password for the rest of the built-in users can be
set using the Change Password API, or via Kibana.
Ioannis Kakavas 4 gadi atpakaļ
vecāks
6fb40a899a
revīzija
e288a1a4af
2 mainītis faili ar 21 papildinājumiem un 0 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 2 0
      docs/reference/commands/setup-passwords.asciidoc
  2. 19 0
      x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordTool.java

+ 2 - 0
docs/reference/commands/setup-passwords.asciidoc
Parādīt failu 

@@ -3,6 +3,8 @@
 
 [[setup-passwords]]
 
 == elasticsearch-setup-passwords
 
 
+deprecated[8.0, "The `elasticsearch-setup-passwords` tool is deprecated and will be removed in a future release. To manually reset the password for the `elastic` user, use the <<reset-elastic-password,`elasticsearch-reset-elastic-password` tool>>. To change passwords for other users, use either {kib} or the {es} change passwords API."]
 
+
 
 The `elasticsearch-setup-passwords` command sets the passwords for the
 
 <<built-in-users,built-in users>>.

+ 19 - 0
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/tool/SetupPasswordTool.java
Parādīt failu 

@@ -65,7 +65,11 @@ import static java.util.Arrays.asList;
 
  * mode prompts for each individual user's password. This tool only runs once,
 
  * if successful. After the elastic user password is set you have to use the
 
  * `security` API to manipulate passwords.
 
+ *
 
+ * @deprecated Use {@link ResetBuiltinPasswordTool} for setting the password of the
 
+ * elastic user and the ChangePassword API for setting the password of the rest of the built-in users when needed.
 
  */
 
+@Deprecated
 
 public class SetupPasswordTool extends LoggingAwareMultiCommand {
 
 
     private static final char[] CHARS = ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789").toCharArray();
 
@@ -134,6 +138,11 @@ public class SetupPasswordTool extends LoggingAwareMultiCommand {
 
             checkClusterHealth(terminal);
 
 
             if (shouldPrompt) {
 
+                terminal.println("******************************************************************************");
 
+                terminal.println("Note: The 'elasticsearch-setup-passwords' tool has been deprecated. This " +
 
+                                 "      command will be removed in a future release.");
 
+                terminal.println("******************************************************************************");
 
+                terminal.println("");
 
                 terminal.println("Initiating the setup of passwords for reserved users " + String.join(",", USERS) + ".");
 
                 terminal.println("The passwords will be randomly generated and printed to the console.");
 
                 boolean shouldContinue = terminal.promptYesNo("Please confirm that you would like to continue", false);
 
@@ -180,6 +189,11 @@ public class SetupPasswordTool extends LoggingAwareMultiCommand {
 
             checkClusterHealth(terminal);
 
 
             if (shouldPrompt) {
 
+                terminal.println("******************************************************************************");
 
+                terminal.println("Note: The 'elasticsearch-setup-passwords' tool has been deprecated. This " +
 
+                                 "      command will be removed in a future release.");
 
+                terminal.println("******************************************************************************");
 
+                terminal.println("");
 
                 terminal.println("Initiating the setup of passwords for reserved users " + String.join(",", USERS) + ".");
 
                 terminal.println("You will be prompted to enter passwords as the process progresses.");
 
                 boolean shouldContinue = terminal.promptYesNo("Please confirm that you would like to continue", false);
 
@@ -314,6 +328,11 @@ public class SetupPasswordTool extends LoggingAwareMultiCommand {
 
                     terminal.errorPrintln(" * Your elasticsearch node is running against a different keystore");
 
                     terminal.errorPrintln("   This tool used the keystore at " + KeyStoreWrapper.keystorePath(env.configFile()));
 
                     terminal.errorPrintln("");
 
+                    terminal.errorPrintln(
 
+                        "You can use the `elasticsearch-reset-elastic-password` CLI tool to reset the password of the '" + elasticUser
 
+                            + "' user"
 
+                    );
 
+                    terminal.errorPrintln("");
 
                     throw new UserException(ExitCodes.CONFIG, "Failed to verify bootstrap password");
 
                 } else if (httpCode != HttpURLConnection.HTTP_OK) {
 
                     terminal.errorPrintln("");