As a plugin author, is there any chance to use something like a suite of tests or a compatibility kit in order to validate a plugin for being compatible with Shield / a specific Shield version?
Jörg On Wed, Jan 28, 2015 at 11:50 AM, uboness <[email protected]> wrote: > Tim, > > We're in the process of clarifying this in the docs (agreed that the > current description is not really clear). Let me try to clarify it a bit > here... > > When it comes to third party plugins, we have no control over the plugin > code. The plugin infrastructure is extremely flexible in terms of what can > be extended in elasticsearch, from adding analyzers to adding new internal > actions and rest endpoints. While the former will have no impact on > security, the latter might have a significant impact and potentially > completely bypass the security checks in the system. For this reason, from > a company perspective, we can't really support plugins that are not under > our control (note that a lot of these plugins are developed internally in > companies and are not open source such that we can even review the code). > > As far as "won't work" is concerned, it obviously depends on what the > plugin is doing. A lot of plugins will work just fine (e.g. adding > additional analyzers), but others may experience unexpected behaviour when > developed without Shield security concerns in mind. > > I hope this clarifies it a bit. As mentioned above, we will fix the docs > with better explanation about it. > > > On Wednesday, January 28, 2015 at 10:27:20 AM UTC+1, Tim S wrote: >> >> http://www.elasticsearch.org/guide/en/shield/current/limitations.html >> says that "Third-party plugins are not supported on clusters with the >> Shield security plugin installed." >> >> Can someone clarify the difference between "not supported" and "won't >> work" in this case please? >> >> If I have a plugin that is critical to the way I use elasticsearch (e.g. >> a plugin that adds a custom analyzer), is that page saying that >> Elasticsearch.com will not support an installation containing both shield >> and this analysis plugin? So that just means that anyone using third party >> plugins cannot use Shield at all? Is there any plan to change that? >> >> Thanks. >> > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/9d2661af-eb39-4cef-851c-1951d25965f2%40googlegroups.com > <https://groups.google.com/d/msgid/elasticsearch/9d2661af-eb39-4cef-851c-1951d25965f2%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAKdsXoFByTUtz%2BP%3Dutq_tQtcLVsz8EWyr1C96sopBuUXESE0EQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
