Commit Graph

736 Commits

Author SHA1 Message Date
Brian Murphy 56e422b9e8 Unify SearchRequest construction between SearchTransform and SearchInput.
This is a step between the old and elastic/elasticsearch#184 this change unifies the logic that generates the search requests from prototype for SearchTransforms and SearchInputs.
This change also adds the `executed_request` field to the `SearchTransform.Result` that was missing.
Add tests for SearchTransform.Result parsing and all different templating options for SearchTransform along with testing handling of search_type in SearchTransform which was being missed previously.

Fixes elastic/elasticsearch#311

Original commit: elastic/x-pack-elasticsearch@26e68576f5
2015-05-01 10:25:10 -04:00
Martijn van Groningen 118389bc06 shield: The rest layer can never use the Guice injected WatcherClient, but must always use the provided WatcherClient instance from the WatcherRestHandler base class.
Closes elastic/elasticsearch#316
Closes elastic/elasticsearch#317

Original commit: elastic/x-pack-elasticsearch@82df644895
2015-05-01 15:42:02 +02:00
Martijn van Groningen f66fc7575d test: moved all tests over to use source builders.
Original commit: elastic/x-pack-elasticsearch@e13e5b8b43
2015-05-01 11:54:56 +02:00
Brian Murphy 9df97fe845 Report the actual interval that was sent if less than 1000ms.
This change reports the actual interval that was used instead of just reporting the ms of the interval if the interval was less than 1000ms.

Fixes elastic/elasticsearch#301

Original commit: elastic/x-pack-elasticsearch@d625c952fe
2015-04-30 19:03:36 -04:00
Brian Murphy d0d646aa4c Remove default of 5m refresh on .watches and .watch_history* indices.
This default is far too high for normal use. It makes it very hard to build on top of watcher using the search APIs.

Fixes elastic/elasticsearch#279

Original commit: elastic/x-pack-elasticsearch@4e22d5c19e
2015-04-30 19:01:04 -04:00
Brian Murphy dad012fc2c Disable indexing of the WatchRecord.watch_exection.input_result
This input_result may contain different types for the same field names. This will cause mapping failures when we try to write the updated watch record.
This change disables this field and adds a test in the `ManualExecutionTests` to test this case.

Fixes elastic/elasticsearch#307

Original commit: elastic/x-pack-elasticsearch@5340761343
2015-04-30 18:05:16 -04:00
Brian Murphy 1819dc97f4 Throw exception when trying to use the default account but no accounts are configured.
This change throws an exception to let the user know that they are trying to send an email using the default account
but no accounts have been configured.

Fixes elastic/elasticsearch#303

Original commit: elastic/x-pack-elasticsearch@3e68bddf24
2015-04-30 16:45:36 -04:00
Brian Murphy ba3037f5fe When parsing a http request port is a required field.
The parser for http request had a bug and was accepting requests that did not specify a port.
This changes this.

Fixes elastic/elasticsearch#299

Original commit: elastic/x-pack-elasticsearch@e0eafe3787
2015-04-30 12:23:03 -04:00
uboness 67d2a39f2c [fix] fixed shield integration
- updated Shield version to 1.2.1 (final)
- Not all requests sent via the client proxy where set with the `__watcher_user`

Fixes elastic/elasticsearch#283

Original commit: elastic/x-pack-elasticsearch@3a36bd4d55
2015-04-30 02:08:27 +02:00
Martijn van Groningen 19d1e32453 restore merge mistake.
Original commit: elastic/x-pack-elasticsearch@b6e7d0ad60
2015-04-30 01:42:40 +02:00
Brian Murphy 274b01998c Do script compilation validation at parse time.
This change will attempt to compile scripts at construction time and throw an exception if a script is bad or missing.
With this change the script is compiled at Executable ctor and then the compiled script is used to get the executable.

Fixes elastic/elasticsearch#262

Original commit: elastic/x-pack-elasticsearch@b49c9debf2
2015-04-29 14:29:48 -04:00
Martijn van Groningen 5c3d94076e Made the `ticker` engine the default engine.
Original commit: elastic/x-pack-elasticsearch@f528bd5b8a
2015-04-29 20:17:35 +02:00
Martijn van Groningen 02a1c84c72 Fixed NPE when adding same job several times.
Closes elastic/elasticsearch#277

Original commit: elastic/x-pack-elasticsearch@42831113da
2015-04-29 20:17:35 +02:00
uboness 47a08171bd [cleanup] removed redundant comment in WatcherVersion
Original commit: elastic/x-pack-elasticsearch@b87b2d9bbc
2015-04-29 18:12:01 +02:00
uboness 20059d353a fixed the watcher info API
To return the right build info & version

Fixes elastic/elasticsearch#258

Original commit: elastic/x-pack-elasticsearch@53f5189978
2015-04-29 18:03:21 +02:00
Martijn van Groningen 7f24f229e2 http client: Only read response body if response code < 400.
The jdk http client will not allow reading the body if the response code >= 400.

Relates to elastic/elasticsearch#271

Original commit: elastic/x-pack-elasticsearch@08836f92ae
2015-04-29 17:39:22 +02:00
Martijn van Groningen 04f4a09feb schedules: Don't allow schedules with negative interval.
Closes elastic/elasticsearch#270

Original commit: elastic/x-pack-elasticsearch@a24941683b
2015-04-29 15:40:39 +02:00
Martijn van Groningen f4d0dc4955 http client: Don't append '?' to the url if there are no query string options defined.
Closes elastic/elasticsearch#271

Original commit: elastic/x-pack-elasticsearch@63487fad87
2015-04-29 15:07:48 +02:00
Martijn van Groningen 5bc491d359 execution service: Don't try to send empty bulk requests
Closes elastic/elasticsearch#264

Original commit: elastic/x-pack-elasticsearch@f636bfd956
2015-04-29 15:06:16 +02:00
Martijn van Groningen e438c51555 execution service: Ignore watch records that where deleted while awaiting for execution.
Closes elastic/elasticsearch#268

Original commit: elastic/x-pack-elasticsearch@dbb7160a67
2015-04-29 15:02:49 +02:00
Brian Murphy 42d49d54ef Merge pull request elastic/elasticsearch#265 from GaelTadh/api_namespace_changes
Change watcher REST API call namespace to be watcher.

Original commit: elastic/x-pack-elasticsearch@7a80eb522b
2015-04-28 23:41:03 -04:00
Martijn van Groningen 66c492192c test: fix test bug
Original commit: elastic/x-pack-elasticsearch@d747eadf2f
2015-04-29 01:28:38 +02:00
Brian Murphy 94bea8f83a Change the watch specific actions to reflect that they operate on watches.
This change changes the watch specific actions put/get/delete/execute/ack to be watcher.<action>_watch.

Original commit: elastic/x-pack-elasticsearch@86a91cb141
2015-04-28 19:08:28 -04:00
Martijn van Groningen bbdfaadfaa test: add webhook integration tests
Original commit: elastic/x-pack-elasticsearch@246888fe5e
2015-04-29 01:06:08 +02:00
Brian Murphy 4482d8d2ba Change watcher REST API call namespace to be watcher.
This change changes the API spec such that all of the watcher APIs are in the `watcher` namespace.

Original commit: elastic/x-pack-elasticsearch@f409ab4569
2015-04-28 18:50:07 -04:00
Martijn van Groningen 2f18dd8269 test: add a test that verifies that we only execute watch records that have the await_exection state during the Watcher start phase
Original commit: elastic/x-pack-elasticsearch@62ffe1c984
2015-04-28 19:08:09 +02:00
Martijn van Groningen 4ef30822ea test: improved tests that verify the loading of watches and watch records at Watcher startup time
Original commit: elastic/x-pack-elasticsearch@2ee28bdf7e
2015-04-28 17:34:51 +02:00
Brian Murphy 29d25d4440 [TEST] Enable test compilation against elasticsearch version 1.5.2
ElasticsearchIntegrationTest now has a method called httpClient with a different return type than the watcher AbstractWatcherTests httpclient.
This change renamed the `AbstractWatcherTests.httpClient` to `AbstractWatcherTests.watcherHttpClient`.

Original commit: elastic/x-pack-elasticsearch@d35f076cf2
2015-04-28 11:24:28 -04:00
uboness 280732a120 Better handling of sensitive data in registered watches and watcher settings
A watch may contain sensitive data that typically you don't want to expose in plain text. Exposing means:
 - storing it as plain text in the `.watches` and `.watch_history` indices
 - storing it in memory in plain text (can be access via mem dump)
 - returning it to the user via API in plain text

Examples of such sensitive data:
 - The `password` for the email service (can be configured on the watch itself)
 - The `password` for http input when using basic auth
 - The `passowrd` for webhook action when using basic auth

A new `SecretService` (you heard it right... secret service) was added to handel the secrets across the board. When a watch is first added to watcher, this service converts all the sensitive data to secrets. From that moment on, all sensitive data associated with the watch (whether in stored in the index or in memory) is hidden behind the secret. This service is also used to "reveal" the original sensitive data on-demand when needed (for example, when the email is sent, it is sent with the original text).

There are two implementations for the `SecretService`. The default one is "plain text" where the created secrets don't really hide anything. The second implementation is based on Shield. If Shield is installed and enabled, the `ShieldSecretService` is used which uses shield's crypto service to potentially encrypt the sensitive data (only potentially because Shield's system key must be defined for encryption to take effect, without the system key, the crypto service will not encrypt and instead return the sensitive data in plain text)

Note, even when Shield is installed, the encryption of sensitive data will only be applied if the `watcher.shield.encrypt_sensitive_data` setting is set to `true`. By default it is set to `false`.

The `get watch` and `execute watch` APIs were updated to filter out sensitive data (using special "hide secrets" parameter).

When shield is integrated, we use shield's settings filter to filter out sensitive settings from the REST nodes info API (when shield is not installed or enabled, we don't do this filtering).

For this change several other refactoring needed to take place
 - The http auth codebase was refactored to be more modular. Just like with other modular constructs in watcher, we separated `HttpAuth` from `ApplicableHttpAuth` where the former is the configuration construct and tha latter is the applicable ("executable") construct.
 - Changed `WatchStore#put` to accept a watch (instead of the watch source). That's more natural way of looking at a store. Also, a `Watch` can now create and return itself as `ByteReference`. In addition, we now don't directly store the watch source as it was sent by the user, instead, we first parse it to a watch (important step to both validate the source and convert all sensitive data to secrets) and then serialize the watch back to `ByteReference`. This way we're sure that only the secrets are stored and not the original sensitive data.
 - All `ToXContent` implementation were updated to properly propagate the `Params`

Docs were added to the Shield Integration chapter

Original commit: elastic/x-pack-elasticsearch@4490fb0ab8
2015-04-28 16:04:02 +02:00
Martijn van Groningen 735369b5f4 test: use put watch api to insert watches
test: verify that the exection queue size is 0 when Watcher isn't running

Original commit: elastic/x-pack-elasticsearch@ea16d066e5
2015-04-28 15:26:20 +02:00
Martijn van Groningen 87e3a6a41d test: after each test, ensure that watcher only runs on one node (elected master)
Original commit: elastic/x-pack-elasticsearch@c5d0d4e1d3
2015-04-28 13:41:24 +02:00
Martijn van Groningen 59218733ea test: fix forbidden api failure
Original commit: elastic/x-pack-elasticsearch@ec8c6e1d51
2015-04-28 12:37:41 +02:00
Martijn van Groningen fcb81ab76a test: added more tests for the transform feature.
Original commit: elastic/x-pack-elasticsearch@dd46dc1c42
2015-04-28 12:22:06 +02:00
Brian Murphy 877e59c80f [TEST] Add support for HEAD and DELETE to `WebhookActionTests`
Add HEAD and DELETE to the list of http methods we test in the webhook action tests.

Original commit: elastic/x-pack-elasticsearch@7a6b29bac6
2015-04-27 18:14:17 -04:00
Brian Murphy 01c80e63b0 [TEST] Add automated tests that were missing.
SearchInput using inline, indexed and on disk templates.
ScriptedCondition where the script accesses the ctx.
ScriptedCondition where the script throws an exception.
ScriptedCondition where the script doesn't return a boolean.
Webhook tests using templated body, path and parameters.
Some REST test fixes.

Original commit: elastic/x-pack-elasticsearch@d02b6d1d7b
2015-04-27 17:56:55 -04:00
Martijn van Groningen 7f6c3814b7 test: unset 'shieldEnabled' and 'scheduleEngine' after test class is completed.
Original commit: elastic/x-pack-elasticsearch@3e9332df94
2015-04-25 17:42:48 +02:00
Martijn van Groningen 5d494a7b2d test: ensure that 'shieldEnabled' field is only set once.
The HttpInputIntegrationTest sometimes unsetted the 'shieldEnabled' field for subsequent test methods, this caused http 401 errors, because the nodes were started with Shield enabled.

Original commit: elastic/x-pack-elasticsearch@b39ca9647d
2015-04-25 15:37:41 +02:00
Martijn van Groningen 4530232060 increased logging
Original commit: elastic/x-pack-elasticsearch@704c8d6132
2015-04-24 23:07:38 +02:00
Martijn van Groningen b0a16e36fd test: quicker interval
Original commit: elastic/x-pack-elasticsearch@795827db7f
2015-04-24 14:54:13 +02:00
Brian Murphy 9a044735dd [TEST] Minimize chance of thread pre-emption when testing fair locks.
Original commit: elastic/x-pack-elasticsearch@4d52f70e7f
2015-04-24 08:47:44 -04:00
Martijn van Groningen 93fee667ab test: added no master node test for a cluster with dedicated master nodes and dedicated data nodes.
Automates: https://github.com/elastic/elasticsearch-watcher-qa/issues/83

Original commit: elastic/x-pack-elasticsearch@73fac17961
2015-04-24 14:26:30 +02:00
Martijn van Groningen e1c163dba4 test: added test for http input querying api other than _search
Original commit: elastic/x-pack-elasticsearch@ebb1d802c9
2015-04-24 12:45:35 +02:00
Martijn van Groningen 3e882fce7d test: run randomily with shield again
Original commit: elastic/x-pack-elasticsearch@d55e61af71
2015-04-24 12:14:03 +02:00
Brian Murphy f39da21905 If we fail to bind to port 2500 when starting an EmailServer try the next port up.
This change employs the same kind of logic that `HttpClientTest` uses to find an open port for it's server. This should prevent the rare build failures we have seen.

Original commit: elastic/x-pack-elasticsearch@f3b68adad5
2015-04-23 21:10:04 -04:00
Brian Murphy d319fdef1b Add timeout when stopping WatchLockService
If there were many watches concurrently executing that take some time to execute it can a long time to shutdown a node. This change introduces a Timeout when stopping the WatchLockService.
Make watcher lock service timeout configurable. The configuration setting is `watcher.stop.timeout` the default is 30s.

Fixes elastic/elasticsearch#216

Original commit: elastic/x-pack-elasticsearch@06bf029a54
2015-04-23 17:45:11 -04:00
Brian Murphy a68d9018f2 Disable minimizeJar in pom.xml
The javax package finds some needed classfiles by reflection. Minimizing the shaded jar meant that these were not available.

Fixes elastic/elasticsearch#254

Original commit: elastic/x-pack-elasticsearch@7cdc3bc55b
2015-04-23 17:37:39 -04:00
Martijn van Groningen 80a766d18e test: removed unused field
Original commit: elastic/x-pack-elasticsearch@039328fccd
2015-04-23 22:11:20 +02:00
Martijn van Groningen 946df191e9 removed unused field
Original commit: elastic/x-pack-elasticsearch@1c4e94b5b2
2015-04-23 22:00:46 +02:00
Martijn van Groningen 4e8ed283e7 Renamed `WatchService` to `WatcherService` and moved it to the `org.elasticsearch.watcher` package.
Original commit: elastic/x-pack-elasticsearch@5f602ed832
2015-04-23 21:49:29 +02:00
Martijn van Groningen ec8c9046b3 Refactored life cycle starting.
* The validation happens separately from the actual starting and loading. Also the validation happens on the cluster update thread, so that we don't miss any cluster state update.
* The starting/loading part happens on a forked thread, but if it fails then it always retry after a small timeout.
* Simplified the starting code, so that we don't need the callback interface.

Closes elastic/elasticsearch#212

Original commit: elastic/x-pack-elasticsearch@b5cd48e5bb
2015-04-23 21:49:28 +02:00