Added cluster & indices monitoring privileges to System

This is required for marvel agent to collect its data.

Closes elastic/elasticsearch#137

Original commit: elastic/x-pack-elasticsearch@c1ed58aafb

src/main/java/org/elasticsearch/shield/SecurityFilter.java

@@ -59,6 +59,7 @@ public class SecurityFilter extends AbstractComponent {
 
         AuthenticationToken token = authcService.token(action, request, defaultToken);
         User user = authcService.authenticate(action, request, token);
+
         authzService.authorize(user, action, request);
         return user;
     }

src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java

@@ -62,6 +62,11 @@ public class InternalAuthenticationService extends AbstractComponent implements
         for (Realm realm : realms) {
             token = realm.token(message);
             if (token != null) {
+
+                if (logger.isTraceEnabled()) {
+                    logger.trace("Realm [{}] resolved auth token [{}] from transport request with action [{}]", realm.type(), token.principal(), action);
+                }
+
                 message.putInContext(TOKEN_CTX_KEY, token);
                 return token;
             }

src/main/java/org/elasticsearch/shield/authz/Privilege.java

@@ -76,7 +76,9 @@ public abstract class Privilege<P extends Privilege<P>> {
     public static class System extends Privilege<System> {
 
         protected static final Predicate<String> PREDICATE = new AutomatonPredicate(patterns(
-                "internal:*"
+                "internal:*",
+                "indices:monitor/*",  // added for marvel
+                "cluster:monitor/*"   // added for marvel
         ));
 
         private System() {

src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java

@@ -7,6 +7,7 @@ package org.elasticsearch.shield.authz;
 
 import com.carrotsearch.randomizedtesting.annotations.Repeat;
 import org.elasticsearch.ElasticsearchIllegalArgumentException;
+import org.elasticsearch.common.base.Predicate;
 import org.elasticsearch.shield.support.AutomatonPredicate;
 import org.elasticsearch.shield.support.Automatons;
 import org.elasticsearch.test.ElasticsearchTestCase;
@@ -147,4 +148,14 @@ public class PrivilegeTests extends ElasticsearchTestCase {
         }
     }
 
+    @Test
+    public void testSystem() throws Exception {
+        Predicate<String> predicate = Privilege.SYSTEM.predicate();
+        assertThat(predicate.apply("indices:monitor/whatever"), is(true));
+        assertThat(predicate.apply("cluster:monitor/whatever"), is(true));
+        assertThat(predicate.apply("internal:whatever"), is(true));
+        assertThat(predicate.apply("indices:whatever"), is(false));
+        assertThat(predicate.apply("cluster:whatever"), is(false));
+        assertThat(predicate.apply("whatever"), is(false));
+    }
 }

src/test/java/org/elasticsearch/shield/authz/SystemRoleTests.java

@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.shield.authz;
+
+import org.elasticsearch.test.ElasticsearchTestCase;
+import org.junit.Test;
+
+import static org.hamcrest.Matchers.*;
+
+/**
+ *
+ */
+public class SystemRoleTests extends ElasticsearchTestCase {
+
+    @Test
+    public void testCheck() throws Exception {
+        assertThat(SystemRole.INSTANCE.check("indices:monitor/whatever"), is(true));
+        assertThat(SystemRole.INSTANCE.check("cluster:monitor/whatever"), is(true));
+        assertThat(SystemRole.INSTANCE.check("internal:whatever"), is(true));
+        assertThat(SystemRole.INSTANCE.check("indices:whatever"), is(false));
+        assertThat(SystemRole.INSTANCE.check("cluster:whatever"), is(false));
+        assertThat(SystemRole.INSTANCE.check("whatever"), is(false));
+    }
+}