Open Distro for Elasticsearch using Search Guard?

#1

Hi there,

Just looking for some clarity on this - it seems like Amazon’s recent Open Distro for Elasticsearch is using Search Guard code for its auth and TLS support, and also appears to include Enterprise features like LDAP and Kibana Multi-tenancy.

I don’t see any reference to Search Guard in any docs or licensing, but there is a mention of floragunn GmbH in /usr/share/elasticsearch/plugins/opendistro_security/plugin-security.policy and /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/elasticsearch.yml.example in the Docker image.

Does use of Enterprise features in Open Distro for Elasticsearch require licensing through Search Guard? Are they even working with you guys on this?

0 Likes

#2

I came here to ask this same question. It seems like Amazon took your code but didn’t attribute you anywhere. Another example I found is their obvious find/replace mistake which missed “SeachGuard”: https://github.com/opendistro-for-elasticsearch/security/blob/b69e821a360a774ec2e94dc01390cd61521562d2/src/test/java/com/amazon/opendistroforelasticsearch/security/test/SingleClusterTest.java#L77

0 Likes

#3

I take that back, Amazon did attribute “floragunn GmbH” specifically: https://github.com/opendistro-for-elasticsearch/security/search?q=floragunn&unscoped_q=floragunn
For each file they took, they referenced the original Search Guard license, as is a stated requirement by the original license: https://github.com/floragunncom/search-guard/blob/master/LICENSE#L90-L122

I’m no lawyer, but whether Amazon worked with Search Guard or not, it seems what they did was “legal”

0 Likes

#4

That still doesn’t explain whether there are any licensing issues around what appear to be Search Guard Enterprise features, and how any possible subscription would look for those.

I agree that Amazon have just lifted the core Search Guard code for their own purposes and somewhat obfuscated any attribution to those, but it doesn’t explain how they have an almost exact feature match to those of Search Guard Enterprise.

···

On Friday, 15 March 2019 07:03:27 UTC+13, chris.mo...@code42.com wrote:

I take that back, Amazon did attribute “floragunn GmbH” specifically: https://github.com/opendistro-for-elasticsearch/security/search?q=floragunn&unscoped_q=floragunn
For each file they took, they referenced the original Search Guard license, as is a stated requirement by the original license: https://github.com/floragunncom/search-guard/blob/master/LICENSE#L90-L122

I’m no lawyer, but whether Amazon worked with Search Guard or not, it seems what they did was “legal”

0 Likes

#5

Agreed. Hopefully we get some clarity here…

···

On Thu, Mar 14, 2019 at 6:31 PM CK posthamster@gmail.com wrote:

That still doesn’t explain whether there are any licensing issues around what appear to be Search Guard Enterprise features, and how any possible subscription would look for those.

I agree that Amazon have lust lifted the core Search Guard code for their own purposes and somewhat obfuscated any attribution to those, but it doesn’t explain how they have an almost exact feature match to those of Search Guard Enterprise.

On Friday, 15 March 2019 07:03:27 UTC+13, chris.mo...@code42.com wrote:

I take that back, Amazon did attribute “floragunn GmbH” specifically: https://github.com/opendistro-for-elasticsearch/security/search?q=floragunn&unscoped_q=floragunn
For each file they took, they referenced the original Search Guard license, as is a stated requirement by the original license: https://github.com/floragunncom/search-guard/blob/master/LICENSE#L90-L122

I’m no lawyer, but whether Amazon worked with Search Guard or not, it seems what they did was “legal”

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/37807611-746e-4a92-884f-dd716716edbd%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

0 Likes

#6

Any update? Complete silence on this seems a bit weird.

0 Likes

#7

I’d be interested to understand this as well.

Audit logging is included in Amazon Open Distro but I would have to pay for a SearchGuard Enterprise license to use it with the open source version. Doesn’t make sense.

0 Likes

#8

We have posted a statement on the ‘OpenDistro’ forum which you can find here: https://discuss.opendistrocommunity.dev/t/why-no-attribution-to-searchguard/131/5?u=ckressin

0 Likes

#9

So those features that customers for SearchGuard Enterprise license paid for are now given away for fee to Amazon Open Distro. Why would I continue to use and pay for the SearchGuard Enterprise license?

0 Likes