Can someone clarify the difference between "not supported" and "won't work"
in this case please?
If I have a plugin that is critical to the way I use elasticsearch (e.g. a
plugin that adds a custom analyzer), is that page saying that Elasticsearch.com will not support an installation containing both shield
and this analysis plugin? So that just means that anyone using third party
plugins cannot use Shield at all? Is there any plan to change that?
Can someone clarify the difference between "not supported" and "won't
work" in this case please?
If I have a plugin that is critical to the way I use elasticsearch (e.g. a
plugin that adds a custom analyzer), is that page saying that Elasticsearch.com will not support an installation containing both shield
and this analysis plugin? So that just means that anyone using third party
plugins cannot use Shield at all? Is there any plan to change that?
We're in the process of clarifying this in the docs (agreed that the
current description is not really clear). Let me try to clarify it a bit
here...
When it comes to third party plugins, we have no control over the plugin
code. The plugin infrastructure is extremely flexible in terms of what can
be extended in elasticsearch, from adding analyzers to adding new internal
actions and rest endpoints. While the former will have no impact on
security, the latter might have a significant impact and potentially
completely bypass the security checks in the system. For this reason, from
a company perspective, we can't really support plugins that are not under
our control (note that a lot of these plugins are developed internally in
companies and are not open source such that we can even review the code).
As far as "won't work" is concerned, it obviously depends on what the
plugin is doing. A lot of plugins will work just fine (e.g. adding
additional analyzers), but others may experience unexpected behaviour when
developed without Shield security concerns in mind.
I hope this clarifies it a bit. As mentioned above, we will fix the docs
with better explanation about it.
On Wednesday, January 28, 2015 at 10:27:20 AM UTC+1, Tim S wrote:
Can someone clarify the difference between "not supported" and "won't
work" in this case please?
If I have a plugin that is critical to the way I use elasticsearch (e.g. a
plugin that adds a custom analyzer), is that page saying that Elasticsearch.com will not support an installation containing both shield
and this analysis plugin? So that just means that anyone using third party
plugins cannot use Shield at all? Is there any plan to change that?
On Wednesday, January 28, 2015 at 10:50:17 AM UTC, uboness wrote:
Tim,
We're in the process of clarifying this in the docs (agreed that the
current description is not really clear). Let me try to clarify it a bit
here...
When it comes to third party plugins, we have no control over the plugin
code. The plugin infrastructure is extremely flexible in terms of what can
be extended in elasticsearch, from adding analyzers to adding new internal
actions and rest endpoints. While the former will have no impact on
security, the latter might have a significant impact and potentially
completely bypass the security checks in the system. For this reason, from
a company perspective, we can't really support plugins that are not under
our control (note that a lot of these plugins are developed internally in
companies and are not open source such that we can even review the code).
As far as "won't work" is concerned, it obviously depends on what the
plugin is doing. A lot of plugins will work just fine (e.g. adding
additional analyzers), but others may experience unexpected behaviour when
developed without Shield security concerns in mind.
I hope this clarifies it a bit. As mentioned above, we will fix the docs
with better explanation about it.
On Wednesday, January 28, 2015 at 10:27:20 AM UTC+1, Tim S wrote:
Can someone clarify the difference between "not supported" and "won't
work" in this case please?
If I have a plugin that is critical to the way I use elasticsearch (e.g.
a plugin that adds a custom analyzer), is that page saying that Elasticsearch.com will not support an installation containing both shield
and this analysis plugin? So that just means that anyone using third party
plugins cannot use Shield at all? Is there any plan to change that?
As a plugin author, is there any chance to use something like a suite of
tests or a compatibility kit in order to validate a plugin for being
compatible with Shield / a specific Shield version?
We're in the process of clarifying this in the docs (agreed that the
current description is not really clear). Let me try to clarify it a bit
here...
When it comes to third party plugins, we have no control over the plugin
code. The plugin infrastructure is extremely flexible in terms of what can
be extended in elasticsearch, from adding analyzers to adding new internal
actions and rest endpoints. While the former will have no impact on
security, the latter might have a significant impact and potentially
completely bypass the security checks in the system. For this reason, from
a company perspective, we can't really support plugins that are not under
our control (note that a lot of these plugins are developed internally in
companies and are not open source such that we can even review the code).
As far as "won't work" is concerned, it obviously depends on what the
plugin is doing. A lot of plugins will work just fine (e.g. adding
additional analyzers), but others may experience unexpected behaviour when
developed without Shield security concerns in mind.
I hope this clarifies it a bit. As mentioned above, we will fix the docs
with better explanation about it.
On Wednesday, January 28, 2015 at 10:27:20 AM UTC+1, Tim S wrote:
Can someone clarify the difference between "not supported" and "won't
work" in this case please?
If I have a plugin that is critical to the way I use elasticsearch (e.g.
a plugin that adds a custom analyzer), is that page saying that Elasticsearch.com will not support an installation containing both shield
and this analysis plugin? So that just means that anyone using third party
plugins cannot use Shield at all? Is there any plan to change that?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.