Skip to content

Allow reindex.remote.whitelist to be set to * #135546

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 26, 2025
Merged

Allow reindex.remote.whitelist to be set to * #135546

merged 1 commit into from
Sep 26, 2025

Conversation

@PeteGillinElastic
Copy link
Member

@PeteGillinElastic PeteGillinElastic commented Sep 26, 2025

Prior to this change, ES would refuse to start if the reindex.remote.whitelist node setting was * (or anything else which matches every string). This removes that restriction.

The logic did not provide any real security, since it would accept a setting value of *:*, which would effectively match everything since the string checked against it was always of the form <host>:<port>. It has been agreed that users should be allowed to whitelist everything if they choose, so there is no value to just making it more awkward for them to figure out how to do so.

@PeteGillinElastic
All reindex.remote.whitelist to be set to *
59a5728 
Prior to this change, ES would refuse to start if the
`reindex.remote.whitelist` node setting was `*` (or anything else
which matches every string). This removes that restriction.

The logic did not provide any real security, since it would accept a
setting value of `*:*`, which would effectively match everything since
the string checked against it was always of the form
`<host>:<port>`. It has been agreed that users should be allowed to
whitelist everything if they choose, so there is no value to just
making it more awkward for them to figure out how to do so.
@PeteGillinElastic PeteGillinElastic added >non-issue :Data Management/Indices APIs APIs to create and manage indices and templates labels Sep 26, 2025
@elasticsearchmachine elasticsearchmachine added Team:Data Management Meta label for data/management team v9.2.0 labels Sep 26, 2025
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Sep 26, 2025

Pinging @elastic/es-data-management (Team:Data Management)

@dakrone dakrone changed the title All reindex.remote.whitelist to be set to * Allow reindex.remote.whitelist to be set to * Sep 26, 2025
samxbr
samxbr approved these changes Sep 26, 2025
View reviewed changes
Copy link
Contributor

@samxbr samxbr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@PeteGillinElastic PeteGillinElastic merged commit f5e37e7 into elastic:main Sep 26, 2025
34 checks passed
@PeteGillinElastic PeteGillinElastic deleted the allow-universal-reindex-remote-whitelist branch September 26, 2025 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samxbr samxbr samxbr approved these changes

Assignees

No one assigned

Labels

:Data Management/Indices APIs APIs to create and manage indices and templates >non-issue Team:Data Management Meta label for data/management team v9.2.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@PeteGillinElastic @elasticsearchmachine @samxbr