Here's the problem:
- User finds out ES doesn't do authentication out of the box.
- User googles ES auth, finds X-Pack
- User installs X-Pack, auth starts to work.
- Trial license expires, user gets a free basic license
- Warning states that "some features" are subject to payment and not included in the basic license.
- ES is public again.
I appreciate that you guys put in an acknowledge mechanism so users have to ack that some features are not included in the basic license.
I do not appreciate that you do not mention clearly in your documentation that this pertains ALL AUTHENTICATION.
Here's what the documentation states:
https://www.elastic.co/guide/en/x-pack/current/license-expiration.html
# License [will expire] on [Friday, December 30, 2016]. If you have a new license, please update it.
# Otherwise, please reach out to your support contact.
#
# Commercial plugins operate with reduced functionality on license expiration:
# - security
# -- Cluster health, cluster stats and indices stats operations are blocked
# -- All data operations (read and write) continue to work
# - watcher
# -- PUT / GET watch APIs are disabled, DELETE watch API continues to work
# -- Watches execute and write to the history
# -- The actions of the watches don't execute
# - monitoring
# -- The agent will stop collecting cluster and indices metrics
# -- The agent will stop automatically cleaning indices older than [xpack.monitoring.history.duration]
# - graph
# -- Graph explore APIs are disabled
Notice the indentation underneath "- security"? (I added two dashes because the post formatter eats the extra space)
This indentation means "security" is listed as a category of items to be listed underneath. The two items ("Cluster health, cluster stats and indices stats operations are blocked", "All data operations (read and write) continue to work") do NOT adequately transport the message that this main feature of X-Pack is actually not working anymore.
Here's how you fix this: Either
a) Put up a big notice that makes it absolutely clear that authentication is not included in the free basic license, or
b) Consider adding auth to the free license tier. It is not something you can reasonably expect to charge money for. It is easily achieved via other means, so why not aim for robustness instead and offer everyone the benefits of a basic functionality like this. You may think it's a smart business idea, but to people outside your company it just looks like a cash grab.
We've been hit by this as well, but our data was easily reindexed. However, this just makes ES look immature. This would be an awesome time to turn this into a PR advantage, and react by adding auth support to either the free x-pack license, or even just include it in the main program.