java.lang.Object
org.elasticsearch.xpack.core.security.transport.ProfileConfigurations

public final class ProfileConfigurations extends Object
Settings for a transport profile usually begin with "transport.profiles.NAME." The settings can be either of the two categories: 1. Networking - e.g. `transport.profiles.NAME.tcp.keep_alive: true` 2. SSL - e.g. `transport.profiles.NAME.xpack.security.ssl.client_authentication: none` This class is responsible for building SSL configuration for transport profiles. Among the transport profiles, two of them are special: "default" and "_remote_cluster". The "default" profile has dedicated settings for both networking (e.g. `transport.tcp.keep_alive`) and SSL (e.g. `xpack.security.transport.ssl.client_authentication`). It also accepts networking settings specified with its transport profile name, e.g. `transport.profiles.default.tcp.keep_alive` is valid configuration. But it does *not* allow SSL settings to be specified with its transport profile name, e.g. `transport.profiles.default.xpack.security.ssl.client_authentication` is NOT valid configuration. The "_remote_cluster" profile also has dedicated settings for both networking (e.g. `remote_cluster.tcp.keep_alive`) and SSL (e.g. `xpack.security.remote_cluster_server.ssl.client_authentication`). This profile is completely synthetic in that it does NOT accept either networking or SSL settings with its transport profile name. NOTE the "_remote_cluster" profile name is special ONLY when the remote cluster port is enabled. If the remote cluster port is not enabled, this profile name will be treated just as a normal profile (for BWC). When building SSL configurations for the transport profiles, assuming SSL is enabled, this class builds a map that contains a configuration for each of the configured transport profiles (keyed by its name). The map also contains an entry that has the special key "default" and value being the SSL configuration for the "default" profile. If remote cluster is enabled, the map will also contain an entry that has the special key "_remote_cluster" with the value being the SSL configuration of the synthetic "_remote_cluster" profile. NOTE the "_remote_cluster" profile only applies to the new remote cluster model. The legacy remote cluster model mostly just uses the "default" transport profile.
  • Method Summary

    Modifier and Type
    Method
    Description
    static Map<String,org.elasticsearch.common.ssl.SslConfiguration>
    get(Settings settings, SSLService sslService, boolean sslEnabledOnly)
    Builds SSL configuration for transport profiles, including the default profile, any explicitly configured profiles and synthetic profiles such as _remote_cluster.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Method Details

    • get

      public static Map<String,org.elasticsearch.common.ssl.SslConfiguration> get(Settings settings, SSLService sslService, boolean sslEnabledOnly)
      Builds SSL configuration for transport profiles, including the default profile, any explicitly configured profiles and synthetic profiles such as _remote_cluster. NOTE the method builds SSL configurations that are intended for either server usage or server/client usage, but not pure client usage.
      Parameters:
      settings - Settings of the ES node
      sslService - For resolving the SSL configuration based on its prefix
      sslEnabledOnly - If true, only include the SSL configuration if SSL is enabled for the profile. If false, SSL configuration is included for a profile regardless whether SSL is actually enabled for it.
      Returns:
      A map that contains SslConfiguration for each named transport profile as well as an entry for the "default" profile. If the remote_cluster feature is enabled, it also contains an entry for the synthetic "_remote_cluster" profile.