Description
This was raised by the ingest team. They were attempting to register a trial license that was not updated to the current version (VERSION_CRYPTO_ALGORITHMS). When this happens, there is a cluster state listener that notices that the license is of type trial and is an outdated version.
LicenseService.java
if (currentClusterState.getNodes().isLocalNodeElectedMaster() &&
(noLicense || LicenseUtils.licenseNeedsExtended(currentLicense) || LicenseUtils.signatureNeedsUpdate(currentLicense))) {
registerOrUpdateSelfGeneratedLicense();
}
LicenseUtils.signatureNeedsUpdate(currentLicense) is the operative line.
That schedules the StartupSelfGeneratedLicenseTask.
This task updates the license to the newer version. In order to do this it takes the issue date and adds the self generated expiration milliseconds (30 days). However, this license was created in 2014 and expires in 2030. So it is overwritten with a self generated license that has already expired (30 days from the issue date in 2014).
I do not know the specific behavior that we want here (I am not familiar with the LicenseUtils.signatureNeedsUpdate work). Do we want to be replacing registered trial licenses with self generated trial licenses? Maybe if the license is not self generated, we want to reuse the expiration date opposed to the issue date + self generated duration (30 days)?
@elastic/es-security
Assigning @jkakavas because he introduced the LicenseUtils.signatureNeedsUpdate work.