Deprecate transport profile security type setting (#43237)

jaymode · tvernum · commit 1e0f67fb384d · 2019-07-03T19:31:55.000+10:00
This commit deprecates the `transport.profiles.*.xpack.security.type`
setting. This setting is used to configure a profile that would only
allow client actions. With the upcoming removal of the transport client
the setting should also be deprecated so that it may be removed in
a future version.
diff --git a/docs/reference/security/securing-communications/separating-node-client-traffic.asciidoc b/docs/reference/security/securing-communications/separating-node-client-traffic.asciidoc
@@ -2,6 +2,8 @@
 [[separating-node-client-traffic]]
 === Separating node-to-node and client traffic
 
+deprecated[7.3.0, Transport Client is deprecated and will be removed]
+
 Elasticsearch has the feature of so called 
 {ref}/modules-transport.html[TCP transport profiles]
 that allows it to bind to several ports and addresses. The {es}
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportInterceptor.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportInterceptor.java
@@ -13,6 +13,7 @@
 import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.common.CheckedConsumer;
 import org.elasticsearch.common.settings.Setting;
+import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.AbstractRunnable;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
@@ -56,7 +57,7 @@ public class SecurityServerTransportInterceptor implements TransportInterceptor
             return v;
         }
         throw new IllegalArgumentException("type must be one of [client, node]");
-    }, Setting.Property.NodeScope);
+    }, Setting.Property.NodeScope, Property.Deprecated);
     private static final String TRANSPORT_TYPE_SETTING_KEY = "xpack.security.type";
     private static final Logger logger = LogManager.getLogger(SecurityServerTransportInterceptor.class);
 
@@ -187,7 +188,8 @@ private Map<String, ServerTransportFilter> initializeProfileFilters(DestructiveO
         for (Map.Entry<String, SSLConfiguration> entry : profileConfigurations.entrySet()) {
             final SSLConfiguration profileConfiguration = entry.getValue();
             final boolean extractClientCert = transportSSLEnabled && sslService.isSSLClientAuthEnabled(profileConfiguration);
-            final String type = TRANSPORT_TYPE_PROFILE_SETTING.getConcreteSettingForNamespace(entry.getKey()).get(settings);
+            final Setting<String> transportType = TRANSPORT_TYPE_PROFILE_SETTING.getConcreteSettingForNamespace(entry.getKey());
+            final String type = transportType.get(settings);
             switch (type) {
                 case "client":
                     profileFilters.put(entry.getKey(), new ServerTransportFilter.ClientProfile(authcService, authzService,
