From 47214426e91023dd9b754f37ef4be45d067939b0 Mon Sep 17 00:00:00 2001 From: Simon Willnauer Date: Mon, 18 Sep 2017 19:25:08 +0200 Subject: [PATCH 1/6] Use InputStreamStreamInputs validation to limit size of tokens (elastic/x-pack-elasticsearch#2537) Relates to elastic/elasticsearch#26692 relates elastic/x-pack-elasticsearch#2493 Original commit: elastic/x-pack-elasticsearch@8e23868743c2bf62bc257664438ea3eb123555dc --- .../elasticsearch/xpack/security/authc/TokenService.java | 4 ++-- .../xpack/security/authc/AuthenticationServiceTests.java | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java index ee2943a8bfd..a907c722df3 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java @@ -221,8 +221,8 @@ public final class TokenService extends AbstractComponent { void decodeToken(String token, ActionListener listener) throws IOException { // We intentionally do not use try-with resources since we need to keep the stream open if we need to compute a key! - StreamInput in = new InputStreamStreamInput( - Base64.getDecoder().wrap(new ByteArrayInputStream(token.getBytes(StandardCharsets.UTF_8)))); + byte[] bytes = token.getBytes(StandardCharsets.UTF_8); + StreamInput in = new InputStreamStreamInput(Base64.getDecoder().wrap(new ByteArrayInputStream(bytes)), bytes.length); if (in.available() < MINIMUM_BASE64_BYTES) { logger.debug("invalid token"); listener.onResponse(null); diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java b/plugin/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java index 0aade415557..ba6b61d91d7 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java @@ -17,6 +17,7 @@ import java.util.Map; import java.util.concurrent.CountDownLatch; import java.util.concurrent.atomic.AtomicBoolean; +import org.apache.lucene.util.ArrayUtil; import org.apache.lucene.util.SetOnce; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchSecurityException; @@ -840,6 +841,11 @@ public class AuthenticationServiceTests extends ESTestCase { assertEquals(expected, result); latch.countDown(); }, this::logAndFail)); + } catch (IllegalArgumentException ex) { + assertThat(ex.getMessage(), containsString("array length must be <= to " + ArrayUtil.MAX_ARRAY_LENGTH + " but was: ")); + } catch (NegativeArraySizeException ex) { + assertThat(ex.getMessage(), containsString("array size must be positive but was: ")); + } // we need to use a latch here because the key computation goes async on another thread! From f71dc549a56651d95f052ba6f8500fc4275290ee Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Mon, 18 Sep 2017 11:20:18 -0700 Subject: [PATCH 2/6] [DOCS] Update X-Pack installation re TLS changes (elastic/x-pack-elasticsearch#2523) * [DOCS] Update xpack installation re TLS changes * [DOCS] Clarify multi-node TLS requirement Original commit: elastic/x-pack-elasticsearch@a961488fa1585f01a8d9813341a8be054fc05ddf --- docs/en/installing-xes.asciidoc | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/docs/en/installing-xes.asciidoc b/docs/en/installing-xes.asciidoc index 8390b053abf..e59f322d81d 100644 --- a/docs/en/installing-xes.asciidoc +++ b/docs/en/installing-xes.asciidoc @@ -139,11 +139,17 @@ the correct value for your environment, you may consider setting the value to ============================================================================= . Configure passwords and SSL/TLS. -.. If you have more than one node or a single node that listens on an external -interface, you must configure SSL/TLS for inter-node communication. Single-node -instances that use a loopback interface do not have this requirement. For more +.. If you have a non-trial license and you want to use {security}, you must +configure SSL/TLS for internode-communication. ++ +-- +NOTE: This requirement applies to clusters with more than one node and to +clusters with a single node that listens on an external interface. Single-node +clusters that use a loopback interface do not have this requirement. For more information, see {xpack-ref}/encrypting-communications.html[Encrypting Communications]. + +-- ... Generate node certificates. For example, you can use the `certgen` command line tool to generate a certificate authority and signed certificates for your nodes. From 3ff175b541ded96997459555ad7ca8b32e1385e3 Mon Sep 17 00:00:00 2001 From: lcawley Date: Mon, 18 Sep 2017 12:22:45 -0700 Subject: [PATCH 3/6] [DOCS] Remove old certgen examples Original commit: elastic/x-pack-elasticsearch@f97d0ab00cc85648e9eab4450a998d8ac66273d2 --- docs/en/commands/certgen.asciidoc | 119 ------------------------------ 1 file changed, 119 deletions(-) diff --git a/docs/en/commands/certgen.asciidoc b/docs/en/commands/certgen.asciidoc index 5d2fd8f2ef3..f0aabee30f8 100644 --- a/docs/en/commands/certgen.asciidoc +++ b/docs/en/commands/certgen.asciidoc @@ -101,125 +101,6 @@ which can be blank. This parameter cannot be used with the `-csr` parameter. [float] === Examples -//// -The tool can be used interactively: - -[source,shell] --------------------------------------------------- -bin/x-pack/certgen --------------------------------------------------- -This tool assists you in the generation of X.509 certificates and certificate -signing requests for use with SSL in the Elastic stack. Depending on the command -line option specified, you may be prompted for the following: - -* The path to the output file - * The output file is a zip file containing the signed certificates and - private keys for each instance. If a Certificate Authority was generated, - the certificate and private key will also be included in the output file. -* Information about each instance - * An instance is any piece of the Elastic Stack that requires a SSL certificate. - Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats - may all require a certificate and private key. - * The minimum required value for each instance is a name. This can simply be the - hostname, which will be used as the Common Name of the certificate. A full - distinguished name may also be used. - * IP addresses and DNS names are optional. Multiple values can be specified as a - comma separated string. If no IP addresses or DNS names are provided, you may - disable hostname verification in your SSL configuration. -* Certificate Authority private key password - * The password may be left empty if desired. - -Let's get started... - -Please enter the desired output file [/home/es/config/x-pack/certificate-bundle.zip]: -Enter instance name: node01 -Enter name for directories and files [node01]: -Enter IP Addresses for instance (comma-separated if more than one) []: 10.10.0.1 -Enter DNS names for instance (comma-separated if more than one) []: node01.mydomain.com,node01 -Would you like to specify another instance? Press 'y' to continue entering instance information: y -Enter instance name: node02 -Enter name for directories and files [node02]: -Enter IP Addresses for instance (comma-separated if more than one) []: 10.10.0.2 -Enter DNS names for instance (comma-separated if more than one) []: node02.mydomain.com -Would you like to specify another instance? Press 'y' to continue entering instance information: -Certificates written to /home/es/config/x-pack/certificate-bundle.zip - -This file should be properly secured as it contains the private keys for all -instances and the certificate authority. - -After unzipping the file, there will be a directory for each instance containing -the certificate and private key. Copy the certificate, key, and CA certificate -to the configuration directory of the Elastic product that they will be used for -and follow the SSL configuration instructions in the product guide. - -For client applications, you may only need to copy the CA certificate and -configure the client to trust this certificate. -.... --------------------------------------------------- - -In this example, the command generates a zip file with the CA certificate, -private key, two signed certificates and keys in PEM format for `node01` and -`node02`. -//// -//// -When using a commercial or organization specific CA, the `certgen` tool can be -used to generate certificate signing requests (CSR) for the nodes in your -cluster: - -[source,shell] --------------------------------------------------- -.... -bin/x-pack/certgen -csr -This tool assists you in the generation of X.509 certificates and certificate -signing requests for use with SSL in the Elastic stack. Depending on the command -line option specified, you may be prompted for the following: - -* The path to the output file - * The output file is a zip file containing the certificate signing requests - and private keys for each instance. -* Information about each instance - * An instance is any piece of the Elastic Stack that requires a SSL certificate. - Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats - may all require a certificate and private key. - * The minimum required value for each instance is a name. This can simply be the - hostname, which will be used as the Common Name of the certificate. A full - distinguished name may also be used. - * IP addresses and DNS names are optional. Multiple values can be specified as a - comma separated string. If no IP addresses or DNS names are provided, you may - disable hostname verification in your SSL configuration. - -Let's get started... - -Please enter the desired output file [/home/es/config/x-pack/csr-bundle.zip]: -Enter instance name: node01 -Enter name for directories and files [node01]: -Enter IP Addresses for instance (comma-separated if more than one) []: 10.10.0.1 -Enter DNS names for instance (comma-separated if more than one) []: node01.mydomain.com,node01 -Would you like to specify another instance? Press 'y' to continue entering instance information: y -Enter instance name: node02 -Enter name for directories and files [node02]: -Enter IP Addresses for instance (comma-separated if more than one) []: 10.10.0.2 -Enter DNS names for instance (comma-separated if more than one) []: node02.mydomain.com -Would you like to specify another instance? Press 'y' to continue entering instance information: -Certificate signing requests written to /Users/jmodi/dev/tmp/elasticsearch-5.0.0-alpha5-SNAPSHOT/config/x-pack/csr-bundle.zip - -This file should be properly secured as it contains the private keys for all -instances. - -After unzipping the file, there will be a directory for each instance containing -the certificate signing request and the private key. Provide the certificate -signing requests to your certificate authority. Once you have received the -signed certificate, copy the signed certificate, key, and CA certificate to the -configuration directory of the Elastic product that they will be used for and -follow the SSL configuration instructions in the product guide. -.... --------------------------------------------------- - -In this case, the command generates a zip file with two CSRs and private -keys. The CSRs should be provided to the CA in order to obtain the signed -certificates. The signed certificates will need to be in PEM format in order to -be used. -//// [float] [[certgen-silent]] ==== Using `certgen` in Silent Mode From 3a9aad5ecea71b6062661c5402765534e558452e Mon Sep 17 00:00:00 2001 From: Suyog Rao Date: Wed, 30 Aug 2017 20:34:11 -0700 Subject: [PATCH 4/6] [Logstash] Remove version field from config mgmt relates elastic/x-pack-elasticsearch#2405 Original commit: elastic/x-pack-elasticsearch@5bfd1b7a6da450a5aa091735b6718b95aed5063a --- plugin/src/main/resources/logstash-index-template.json | 3 --- .../test/resources/wrong-version-logstash-index-template.json | 3 --- 2 files changed, 6 deletions(-) diff --git a/plugin/src/main/resources/logstash-index-template.json b/plugin/src/main/resources/logstash-index-template.json index 3ed13d3a994..d70b5b4f5f4 100644 --- a/plugin/src/main/resources/logstash-index-template.json +++ b/plugin/src/main/resources/logstash-index-template.json @@ -30,9 +30,6 @@ } } }, - "version":{ - "type":"keyword" - }, "pipeline":{ "type":"text" }, diff --git a/plugin/src/test/resources/wrong-version-logstash-index-template.json b/plugin/src/test/resources/wrong-version-logstash-index-template.json index b9603a00857..95d588737d9 100644 --- a/plugin/src/test/resources/wrong-version-logstash-index-template.json +++ b/plugin/src/test/resources/wrong-version-logstash-index-template.json @@ -30,9 +30,6 @@ } } }, - "version":{ - "type":"keyword" - }, "pipeline":{ "type":"text" }, From 5a090c14c1a25ed240956a1f250c63ba04337bbf Mon Sep 17 00:00:00 2001 From: Tal Levy Date: Mon, 18 Sep 2017 13:20:02 -0700 Subject: [PATCH 5/6] convert more request objects to writeable (elastic/x-pack-elasticsearch#2457) * convert more to writeable * migrate streamable tests to writeable tests Original commit: elastic/x-pack-elasticsearch@56794e5760bb378cac4eea90d339c5b9017cfc0c --- .../license/GetLicenseRequest.java | 7 ++ .../license/TransportGetLicenseAction.java | 4 +- .../deprecation/DeprecationInfoAction.java | 22 +++-- .../xpack/ml/action/GetDatafeedsAction.java | 34 ++++--- .../ml/action/GetDatafeedsStatsAction.java | 34 ++++--- .../xpack/ml/action/GetJobsAction.java | 38 +++---- .../upgrade/actions/IndexUpgradeAction.java | 22 +++-- .../actions/IndexUpgradeInfoAction.java | 26 ++--- .../actions/WatcherTransportAction.java | 7 +- .../actions/ack/AckWatchRequest.java | 26 ++--- .../activate/ActivateWatchRequest.java | 24 +++-- .../actions/execute/ExecuteWatchRequest.java | 99 ++++++++++--------- .../actions/get/GetWatchRequest.java | 20 ++-- .../actions/put/PutWatchRequest.java | 32 +++--- .../DeprecationInfoActionRequestTests.java | 9 +- .../GetDatafeedStatsActionRequestTests.java | 10 +- .../GetDatafeedsActionRequestTests.java | 10 +- .../ml/action/GetJobsActionRequestTests.java | 9 +- .../IndexUpgradeActionRequestTests.java | 9 +- .../IndexUpgradeInfoActionRequestTests.java | 9 +- .../action/WatchRequestValidationTests.java | 4 +- .../execute/ExecuteWatchRequestTests.java | 3 +- .../put/PutWatchSerializationTests.java | 7 +- 23 files changed, 257 insertions(+), 208 deletions(-) diff --git a/plugin/src/main/java/org/elasticsearch/license/GetLicenseRequest.java b/plugin/src/main/java/org/elasticsearch/license/GetLicenseRequest.java index 965308de0e4..914e18772af 100644 --- a/plugin/src/main/java/org/elasticsearch/license/GetLicenseRequest.java +++ b/plugin/src/main/java/org/elasticsearch/license/GetLicenseRequest.java @@ -7,6 +7,9 @@ package org.elasticsearch.license; import org.elasticsearch.action.ActionRequestValidationException; import org.elasticsearch.action.support.master.MasterNodeReadRequest; +import org.elasticsearch.common.io.stream.StreamInput; + +import java.io.IOException; public class GetLicenseRequest extends MasterNodeReadRequest { @@ -14,6 +17,10 @@ public class GetLicenseRequest extends MasterNodeReadRequest public GetLicenseRequest() { } + public GetLicenseRequest(StreamInput in) throws IOException { + super(in); + } + @Override public ActionRequestValidationException validate() { return null; diff --git a/plugin/src/main/java/org/elasticsearch/license/TransportGetLicenseAction.java b/plugin/src/main/java/org/elasticsearch/license/TransportGetLicenseAction.java index c5085b54765..20502e0fb48 100644 --- a/plugin/src/main/java/org/elasticsearch/license/TransportGetLicenseAction.java +++ b/plugin/src/main/java/org/elasticsearch/license/TransportGetLicenseAction.java @@ -27,8 +27,8 @@ public class TransportGetLicenseAction extends TransportMasterNodeReadAction extends HandledTransportAction { @@ -28,8 +27,8 @@ public abstract class WatcherTransportAction request) { - super(settings, actionName, threadPool, transportService, actionFilters, indexNameExpressionResolver, request); + XPackLicenseState licenseState, Writeable.Reader request) { + super(settings, actionName, threadPool, transportService, actionFilters, request, indexNameExpressionResolver); this.licenseState = licenseState; } diff --git a/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/ack/AckWatchRequest.java b/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/ack/AckWatchRequest.java index 30ef7f26e6f..4544db90a0f 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/ack/AckWatchRequest.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/ack/AckWatchRequest.java @@ -25,7 +25,7 @@ public class AckWatchRequest extends ActionRequest { private String[] actionIds = Strings.EMPTY_ARRAY; public AckWatchRequest() { - this(null); + this(null, (String[]) null); } public AckWatchRequest(String watchId, String... actionIds) { @@ -33,6 +33,19 @@ public class AckWatchRequest extends ActionRequest { this.actionIds = actionIds; } + public AckWatchRequest(StreamInput in) throws IOException { + super(in); + watchId = in.readString(); + actionIds = in.readStringArray(); + } + + @Override + public void writeTo(StreamOutput out) throws IOException { + super.writeTo(out); + out.writeString(watchId); + out.writeStringArray(actionIds); + } + /** * @return The id of the watch to be acked */ @@ -78,16 +91,7 @@ public class AckWatchRequest extends ActionRequest { @Override public void readFrom(StreamInput in) throws IOException { - super.readFrom(in); - watchId = in.readString(); - actionIds = in.readStringArray(); - } - - @Override - public void writeTo(StreamOutput out) throws IOException { - super.writeTo(out); - out.writeString(watchId); - out.writeStringArray(actionIds); + throw new UnsupportedOperationException("usage of Streamable is to be replaced by Writeable"); } @Override diff --git a/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/activate/ActivateWatchRequest.java b/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/activate/ActivateWatchRequest.java index bb57aae17cd..1559240836a 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/activate/ActivateWatchRequest.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/activate/ActivateWatchRequest.java @@ -31,6 +31,19 @@ public class ActivateWatchRequest extends ActionRequest { this.activate = activate; } + public ActivateWatchRequest(StreamInput in) throws IOException { + super(in); + watchId = in.readString(); + activate = in.readBoolean(); + } + + @Override + public void writeTo(StreamOutput out) throws IOException { + super.writeTo(out); + out.writeString(watchId); + out.writeBoolean(activate); + } + /** * @return The id of the watch to be acked */ @@ -59,16 +72,7 @@ public class ActivateWatchRequest extends ActionRequest { @Override public void readFrom(StreamInput in) throws IOException { - super.readFrom(in); - watchId = in.readString(); - activate = in.readBoolean(); - } - - @Override - public void writeTo(StreamOutput out) throws IOException { - super.writeTo(out); - out.writeString(watchId); - out.writeBoolean(activate); + throw new UnsupportedOperationException("usage of Streamable is to be replaced by Writeable"); } @Override diff --git a/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/execute/ExecuteWatchRequest.java b/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/execute/ExecuteWatchRequest.java index 4d9da648770..92d74098e31 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/execute/ExecuteWatchRequest.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/execute/ExecuteWatchRequest.java @@ -51,6 +51,56 @@ public class ExecuteWatchRequest extends ActionRequest { this.id = id; } + public ExecuteWatchRequest(StreamInput in) throws IOException { + super(in); + id = in.readOptionalString(); + ignoreCondition = in.readBoolean(); + recordExecution = in.readBoolean(); + if (in.readBoolean()){ + alternativeInput = in.readMap(); + } + if (in.readBoolean()) { + triggerData = in.readMap(); + } + long actionModesCount = in.readLong(); + actionModes = new HashMap<>(); + for (int i = 0; i < actionModesCount; i++) { + actionModes.put(in.readString(), ActionExecutionMode.resolve(in.readByte())); + } + if (in.readBoolean()) { + watchSource = in.readBytesReference(); + xContentType = XContentType.readFrom(in); + } + debug = in.readBoolean(); + } + + @Override + public void writeTo(StreamOutput out) throws IOException { + super.writeTo(out); + out.writeOptionalString(id); + out.writeBoolean(ignoreCondition); + out.writeBoolean(recordExecution); + out.writeBoolean(alternativeInput != null); + if (alternativeInput != null) { + out.writeMap(alternativeInput); + } + out.writeBoolean(triggerData != null); + if (triggerData != null) { + out.writeMap(triggerData); + } + out.writeLong(actionModes.size()); + for (Map.Entry entry : actionModes.entrySet()) { + out.writeString(entry.getKey()); + out.writeByte(entry.getValue().id()); + } + out.writeBoolean(watchSource != null); + if (watchSource != null) { + out.writeBytesReference(watchSource); + xContentType.writeTo(out); + } + out.writeBoolean(debug); + } + /** * @return The id of the watch to be executed */ @@ -221,54 +271,7 @@ public class ExecuteWatchRequest extends ActionRequest { @Override public void readFrom(StreamInput in) throws IOException { - super.readFrom(in); - id = in.readOptionalString(); - ignoreCondition = in.readBoolean(); - recordExecution = in.readBoolean(); - if (in.readBoolean()){ - alternativeInput = in.readMap(); - } - if (in.readBoolean()) { - triggerData = in.readMap(); - } - long actionModesCount = in.readLong(); - actionModes = new HashMap<>(); - for (int i = 0; i < actionModesCount; i++) { - actionModes.put(in.readString(), ActionExecutionMode.resolve(in.readByte())); - } - if (in.readBoolean()) { - watchSource = in.readBytesReference(); - xContentType = XContentType.readFrom(in); - } - debug = in.readBoolean(); - } - - - @Override - public void writeTo(StreamOutput out) throws IOException { - super.writeTo(out); - out.writeOptionalString(id); - out.writeBoolean(ignoreCondition); - out.writeBoolean(recordExecution); - out.writeBoolean(alternativeInput != null); - if (alternativeInput != null) { - out.writeMap(alternativeInput); - } - out.writeBoolean(triggerData != null); - if (triggerData != null) { - out.writeMap(triggerData); - } - out.writeLong(actionModes.size()); - for (Map.Entry entry : actionModes.entrySet()) { - out.writeString(entry.getKey()); - out.writeByte(entry.getValue().id()); - } - out.writeBoolean(watchSource != null); - if (watchSource != null) { - out.writeBytesReference(watchSource); - xContentType.writeTo(out); - } - out.writeBoolean(debug); + throw new UnsupportedOperationException("usage of Streamable is to be replaced by Writeable"); } @Override diff --git a/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/get/GetWatchRequest.java b/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/get/GetWatchRequest.java index af4a5907085..3b7b7748493 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/get/GetWatchRequest.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/get/GetWatchRequest.java @@ -31,6 +31,17 @@ public class GetWatchRequest extends ActionRequest { this.id = id; } + public GetWatchRequest(StreamInput in) throws IOException { + super(in); + id = in.readString(); + } + + @Override + public void writeTo(StreamOutput out) throws IOException { + super.writeTo(out); + out.writeString(id); + } + GetWatchRequest setId(String id) { this.id = id; return this; @@ -58,14 +69,7 @@ public class GetWatchRequest extends ActionRequest { @Override public void readFrom(StreamInput in) throws IOException { - super.readFrom(in); - id = in.readString(); - } - - @Override - public void writeTo(StreamOutput out) throws IOException { - super.writeTo(out); - out.writeString(id); + throw new UnsupportedOperationException("usage of Streamable is to be replaced by Writeable"); } @Override diff --git a/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/put/PutWatchRequest.java b/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/put/PutWatchRequest.java index d26e6ecf5c7..e14bfaf6f88 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/put/PutWatchRequest.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/put/PutWatchRequest.java @@ -42,6 +42,23 @@ public class PutWatchRequest extends ActionRequest { this.xContentType = xContentType; } + public PutWatchRequest(StreamInput in) throws IOException { + super(in); + id = in.readString(); + source = in.readBytesReference(); + active = in.readBoolean(); + xContentType = XContentType.readFrom(in); + } + + @Override + public void writeTo(StreamOutput out) throws IOException { + super.writeTo(out); + out.writeString(id); + out.writeBytesReference(source); + out.writeBoolean(active); + xContentType.writeTo(out); + } + /** * @return The name that will be the ID of the indexed document */ @@ -115,19 +132,6 @@ public class PutWatchRequest extends ActionRequest { @Override public void readFrom(StreamInput in) throws IOException { - super.readFrom(in); - id = in.readString(); - source = in.readBytesReference(); - active = in.readBoolean(); - xContentType = XContentType.readFrom(in); - } - - @Override - public void writeTo(StreamOutput out) throws IOException { - super.writeTo(out); - out.writeString(id); - out.writeBytesReference(source); - out.writeBoolean(active); - xContentType.writeTo(out); + throw new UnsupportedOperationException("usage of Streamable is to be replaced by Writeable"); } } diff --git a/plugin/src/test/java/org/elasticsearch/xpack/deprecation/DeprecationInfoActionRequestTests.java b/plugin/src/test/java/org/elasticsearch/xpack/deprecation/DeprecationInfoActionRequestTests.java index 2eade4b5b2e..dcee63597c5 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/deprecation/DeprecationInfoActionRequestTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/deprecation/DeprecationInfoActionRequestTests.java @@ -5,9 +5,10 @@ */ package org.elasticsearch.xpack.deprecation; -import org.elasticsearch.test.AbstractStreamableTestCase; +import org.elasticsearch.common.io.stream.Writeable; +import org.elasticsearch.test.AbstractWireSerializingTestCase; -public class DeprecationInfoActionRequestTests extends AbstractStreamableTestCase { +public class DeprecationInfoActionRequestTests extends AbstractWireSerializingTestCase { @Override protected DeprecationInfoAction.Request createTestInstance() { @@ -15,7 +16,7 @@ public class DeprecationInfoActionRequestTests extends AbstractStreamableTestCas } @Override - protected DeprecationInfoAction.Request createBlankInstance() { - return new DeprecationInfoAction.Request(); + protected Writeable.Reader instanceReader() { + return DeprecationInfoAction.Request::new; } } diff --git a/plugin/src/test/java/org/elasticsearch/xpack/ml/action/GetDatafeedStatsActionRequestTests.java b/plugin/src/test/java/org/elasticsearch/xpack/ml/action/GetDatafeedStatsActionRequestTests.java index bab8d6f4b19..62bf1a0039e 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/ml/action/GetDatafeedStatsActionRequestTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/ml/action/GetDatafeedStatsActionRequestTests.java @@ -6,10 +6,11 @@ package org.elasticsearch.xpack.ml.action; import org.elasticsearch.cluster.metadata.MetaData; -import org.elasticsearch.test.AbstractStreamableTestCase; +import org.elasticsearch.common.io.stream.Writeable; +import org.elasticsearch.test.AbstractWireSerializingTestCase; import org.elasticsearch.xpack.ml.action.GetDatafeedsStatsAction.Request; -public class GetDatafeedStatsActionRequestTests extends AbstractStreamableTestCase { +public class GetDatafeedStatsActionRequestTests extends AbstractWireSerializingTestCase { @Override protected Request createTestInstance() { @@ -19,8 +20,7 @@ public class GetDatafeedStatsActionRequestTests extends AbstractStreamableTestCa } @Override - protected Request createBlankInstance() { - return new Request(); + protected Writeable.Reader instanceReader() { + return Request::new; } - } diff --git a/plugin/src/test/java/org/elasticsearch/xpack/ml/action/GetDatafeedsActionRequestTests.java b/plugin/src/test/java/org/elasticsearch/xpack/ml/action/GetDatafeedsActionRequestTests.java index 50275379935..dff10b92731 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/ml/action/GetDatafeedsActionRequestTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/ml/action/GetDatafeedsActionRequestTests.java @@ -6,10 +6,11 @@ package org.elasticsearch.xpack.ml.action; import org.elasticsearch.cluster.metadata.MetaData; -import org.elasticsearch.test.AbstractStreamableTestCase; +import org.elasticsearch.common.io.stream.Writeable; +import org.elasticsearch.test.AbstractWireSerializingTestCase; import org.elasticsearch.xpack.ml.action.GetDatafeedsAction.Request; -public class GetDatafeedsActionRequestTests extends AbstractStreamableTestCase { +public class GetDatafeedsActionRequestTests extends AbstractWireSerializingTestCase { @Override protected Request createTestInstance() { @@ -19,8 +20,7 @@ public class GetDatafeedsActionRequestTests extends AbstractStreamableTestCase instanceReader() { + return Request::new; } - } diff --git a/plugin/src/test/java/org/elasticsearch/xpack/ml/action/GetJobsActionRequestTests.java b/plugin/src/test/java/org/elasticsearch/xpack/ml/action/GetJobsActionRequestTests.java index e4cddeaffcf..b75ff8aed50 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/ml/action/GetJobsActionRequestTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/ml/action/GetJobsActionRequestTests.java @@ -6,10 +6,11 @@ package org.elasticsearch.xpack.ml.action; import org.elasticsearch.cluster.metadata.MetaData; -import org.elasticsearch.test.AbstractStreamableTestCase; +import org.elasticsearch.common.io.stream.Writeable; +import org.elasticsearch.test.AbstractWireSerializingTestCase; import org.elasticsearch.xpack.ml.action.GetJobsAction.Request; -public class GetJobsActionRequestTests extends AbstractStreamableTestCase { +public class GetJobsActionRequestTests extends AbstractWireSerializingTestCase { @Override protected Request createTestInstance() { @@ -19,7 +20,7 @@ public class GetJobsActionRequestTests extends AbstractStreamableTestCase instanceReader() { + return Request::new; } } diff --git a/plugin/src/test/java/org/elasticsearch/xpack/upgrade/actions/IndexUpgradeActionRequestTests.java b/plugin/src/test/java/org/elasticsearch/xpack/upgrade/actions/IndexUpgradeActionRequestTests.java index fccb8143f1e..f711713d964 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/upgrade/actions/IndexUpgradeActionRequestTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/upgrade/actions/IndexUpgradeActionRequestTests.java @@ -5,17 +5,18 @@ */ package org.elasticsearch.xpack.upgrade.actions; -import org.elasticsearch.test.AbstractStreamableTestCase; +import org.elasticsearch.common.io.stream.Writeable; +import org.elasticsearch.test.AbstractWireSerializingTestCase; import org.elasticsearch.xpack.upgrade.actions.IndexUpgradeAction.Request; -public class IndexUpgradeActionRequestTests extends AbstractStreamableTestCase { +public class IndexUpgradeActionRequestTests extends AbstractWireSerializingTestCase { @Override protected Request createTestInstance() { return new Request(randomAlphaOfLength(10)); } @Override - protected Request createBlankInstance() { - return new Request(); + protected Writeable.Reader instanceReader() { + return Request::new; } } diff --git a/plugin/src/test/java/org/elasticsearch/xpack/upgrade/actions/IndexUpgradeInfoActionRequestTests.java b/plugin/src/test/java/org/elasticsearch/xpack/upgrade/actions/IndexUpgradeInfoActionRequestTests.java index 005abbe5130..7c083ae5375 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/upgrade/actions/IndexUpgradeInfoActionRequestTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/upgrade/actions/IndexUpgradeInfoActionRequestTests.java @@ -6,10 +6,11 @@ package org.elasticsearch.xpack.upgrade.actions; import org.elasticsearch.action.support.IndicesOptions; -import org.elasticsearch.test.AbstractStreamableTestCase; +import org.elasticsearch.common.io.stream.Writeable; +import org.elasticsearch.test.AbstractWireSerializingTestCase; import org.elasticsearch.xpack.upgrade.actions.IndexUpgradeInfoAction.Request; -public class IndexUpgradeInfoActionRequestTests extends AbstractStreamableTestCase { +public class IndexUpgradeInfoActionRequestTests extends AbstractWireSerializingTestCase { @Override protected Request createTestInstance() { int indexCount = randomInt(4); @@ -25,7 +26,7 @@ public class IndexUpgradeInfoActionRequestTests extends AbstractStreamableTestCa } @Override - protected Request createBlankInstance() { - return new Request(); + protected Writeable.Reader instanceReader() { + return Request::new; } } diff --git a/plugin/src/test/java/org/elasticsearch/xpack/watcher/transport/action/WatchRequestValidationTests.java b/plugin/src/test/java/org/elasticsearch/xpack/watcher/transport/action/WatchRequestValidationTests.java index 8991a934814..f34444993d6 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/watcher/transport/action/WatchRequestValidationTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/watcher/transport/action/WatchRequestValidationTests.java @@ -93,7 +93,7 @@ public class WatchRequestValidationTests extends ESTestCase { } public void testGetWatchNullId() { - ActionRequestValidationException e = new GetWatchRequest(null).validate(); + ActionRequestValidationException e = new GetWatchRequest((String) null).validate(); assertThat(e, is(notNullValue())); assertThat(e.validationErrors(), hasItem("watch id is missing")); } @@ -105,7 +105,7 @@ public class WatchRequestValidationTests extends ESTestCase { } public void testExecuteWatchMissingWatchIdNoSource() { - ActionRequestValidationException e = new ExecuteWatchRequest(null).validate(); + ActionRequestValidationException e = new ExecuteWatchRequest((String) null).validate(); assertThat(e, is(notNullValue())); assertThat(e.validationErrors(), hasItem("a watch execution request must either have a watch id or an inline watch source, but both are missing")); diff --git a/plugin/src/test/java/org/elasticsearch/xpack/watcher/transport/action/execute/ExecuteWatchRequestTests.java b/plugin/src/test/java/org/elasticsearch/xpack/watcher/transport/action/execute/ExecuteWatchRequestTests.java index 798b473fc67..6c4f03bddec 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/watcher/transport/action/execute/ExecuteWatchRequestTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/watcher/transport/action/execute/ExecuteWatchRequestTests.java @@ -25,8 +25,7 @@ public class ExecuteWatchRequestTests extends ESTestCase { BytesStreamOutput out = new BytesStreamOutput(); request.writeTo(out); StreamInput in = StreamInput.wrap(out.bytes().toBytesRef().bytes); - ExecuteWatchRequest serialized = new ExecuteWatchRequest(); - serialized.readFrom(in); + ExecuteWatchRequest serialized = new ExecuteWatchRequest(in); assertEquals(XContentType.JSON, serialized.getXContentType()); assertEquals("{}", serialized.getWatchSource().utf8ToString()); } diff --git a/plugin/src/test/java/org/elasticsearch/xpack/watcher/transport/action/put/PutWatchSerializationTests.java b/plugin/src/test/java/org/elasticsearch/xpack/watcher/transport/action/put/PutWatchSerializationTests.java index f6c0b71b03b..01d451594ec 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/watcher/transport/action/put/PutWatchSerializationTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/watcher/transport/action/put/PutWatchSerializationTests.java @@ -29,8 +29,7 @@ public class PutWatchSerializationTests extends ESTestCase { BytesStreamOutput streamOutput = new BytesStreamOutput(); request.writeTo(streamOutput); - PutWatchRequest readRequest = new PutWatchRequest(); - readRequest.readFrom(streamOutput.bytes().streamInput()); + PutWatchRequest readRequest = new PutWatchRequest(streamOutput.bytes().streamInput()); assertThat(readRequest.isActive(), is(request.isActive())); assertThat(readRequest.getId(), is(request.getId())); assertThat(readRequest.getSource(), is(request.getSource())); @@ -49,9 +48,7 @@ public class PutWatchSerializationTests extends ESTestCase { BytesStreamOutput streamOutput = new BytesStreamOutput(); request.writeTo(streamOutput); - PutWatchRequest readRequest = new PutWatchRequest(); - StreamInput input = streamOutput.bytes().streamInput(); - readRequest.readFrom(input); + PutWatchRequest readRequest = new PutWatchRequest(streamOutput.bytes().streamInput()); assertThat(readRequest.isActive(), is(request.isActive())); assertThat(readRequest.getId(), is(request.getId())); assertThat(readRequest.getSource(), is(request.getSource())); From 679ef6a744d06d8399019c23543c1898efb6ecc1 Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Mon, 18 Sep 2017 13:32:11 -0700 Subject: [PATCH 6/6] [DOCS] Added _xpack_security internal user (elastic/x-pack-elasticsearch#2541) Original commit: elastic/x-pack-elasticsearch@d1c87af3356680e60dbff7f817f799ee41701fda --- docs/en/security/authentication.asciidoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/en/security/authentication.asciidoc b/docs/en/security/authentication.asciidoc index 5e20a80cab2..3674e3951e7 100644 --- a/docs/en/security/authentication.asciidoc +++ b/docs/en/security/authentication.asciidoc @@ -154,11 +154,11 @@ be set before the user can be used. [[internal-users]] === Internal Users -{security} has two _internal_ users (`_system` and `_xpack`) that are -responsible for the operations that take place inside an Elasticsearch cluster. +{security} has three _internal_ users (`_system`, `_xpack`, and `_xpack_security`) +that are responsible for the operations that take place inside an {es} cluster. These users are only used by requests that originate from within the cluster. -For this reason, they cannot be used to authenticate against the API, and there +For this reason, they cannot be used to authenticate against the API and there is no password to manage or reset. From time-to-time you may find a reference to one of these users inside your