diff --git a/docs/reference/security/securing-communications/separating-node-client-traffic.asciidoc b/docs/reference/security/securing-communications/separating-node-client-traffic.asciidoc index 2eab8e0ae5adb..9acb0e9b3ef8d 100644 --- a/docs/reference/security/securing-communications/separating-node-client-traffic.asciidoc +++ b/docs/reference/security/securing-communications/separating-node-client-traffic.asciidoc @@ -2,6 +2,8 @@ [[separating-node-client-traffic]] === Separating node-to-node and client traffic +deprecated[7.3.0, Transport Client is deprecated and will be removed] + Elasticsearch has the feature of so called {ref}/modules-transport.html[TCP transport profiles] that allows it to bind to several ports and addresses. The {es} diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportInterceptor.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportInterceptor.java index d05e1572a1776..6cc243e18c330 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportInterceptor.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportInterceptor.java @@ -13,6 +13,7 @@ import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.CheckedConsumer; import org.elasticsearch.common.settings.Setting; +import org.elasticsearch.common.settings.Setting.Property; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.AbstractRunnable; import org.elasticsearch.common.util.concurrent.ThreadContext; @@ -56,7 +57,7 @@ public class SecurityServerTransportInterceptor implements TransportInterceptor return v; } throw new IllegalArgumentException("type must be one of [client, node]"); - }, Setting.Property.NodeScope); + }, Setting.Property.NodeScope, Property.Deprecated); private static final String TRANSPORT_TYPE_SETTING_KEY = "xpack.security.type"; private static final Logger logger = LogManager.getLogger(SecurityServerTransportInterceptor.class); @@ -182,7 +183,8 @@ private Map initializeProfileFilters(DestructiveO for (Map.Entry entry : profileConfigurations.entrySet()) { final SSLConfiguration profileConfiguration = entry.getValue(); final boolean extractClientCert = transportSSLEnabled && sslService.isSSLClientAuthEnabled(profileConfiguration); - final String type = TRANSPORT_TYPE_PROFILE_SETTING.getConcreteSettingForNamespace(entry.getKey()).get(settings); + final Setting transportType = TRANSPORT_TYPE_PROFILE_SETTING.getConcreteSettingForNamespace(entry.getKey()); + final String type = transportType.get(settings); switch (type) { case "client": profileFilters.put(entry.getKey(), new ServerTransportFilter.ClientProfile(authcService, authzService,