Found this text in security/securityconfig/elasticsearch.yml.example:
# Enable or disable the Open Distro Security enterprise modules
# By default enterprise modules are enabled. If you use any of the modules in production you need
# to obtain a license. If you want to use the free Community Edition, you can switch
# all enterprise features off by setting the following key to false
This seems to indicate that the “Open Distro” Elasticsearch does (or will have) some sort of tiered licensing.
I’d appreciate it if someone could clarify what is planned for “enterprise modules”.
That’s a good observation. It’s clear they’ve been working on this for awhile and have just now open sourced it. I’ve been perusing the code as well and if there is tiered licenses it would completely contradict what this whole thing is about seeing how every authentication module and even DS & FLS is labeled as enterprise. It’s more likely it’s just some old piece of the software and the direction they were heading before open sourcing it.
However, I would also like an official statement on this.
Hi @tomjohnson and @brandtj there are no additional licenses that need to be purchased for Open Distro for Elasticsearch. All plugins released with Open Distro for Elasticsearch are 100% Apache 2.0. We will update the file to reflect the Apache 2.0 license more clearly.
Thank you for the clarification.
Cool that’s what I thought. Thanks for clarifying.
The reason that they still have this flag is because the authc/authz modules are essentially renamed SearchGuard: https://search-guard.com/ where most authentication modules require a license… And I guess they didn’t remove this flag yet.
I’m surprised there’s no attribution
Very interesting, never looked at SearchGuard’s code before. You’re right the README should get corrected.
We have corrected the issue in the yml. It will show up in the next release.