- on license expiration, we only block cluster stats/health and indices stats.
- depend on the latest snapshot of the licensing plugin that supports registrations of expiration callbacks
- registering expiration callbacks to periodically log and warn about license expiration (pre and post expiration)
Original commit: elastic/x-pack-elasticsearch@5aee30fac4
Changes reflect the restructuring of elasticsearch maven repo
- changed the repository names (for consistency sake)
- elasticsearch repositories now point to `/releases` and `/snapshots`
- added `deploy-internal` and `deploy-public` profiles
Original commit: elastic/x-pack-elasticsearch@92709ce38a
This commit moves the es core dependency to 1.4.2, which becomes the minimum version required from now on.
Changes made accordingly to this decision since we can break backwards compatibility and assume es core>=1.4.2
Closeselastic/elasticsearch#562
Original commit: elastic/x-pack-elasticsearch@484b4a2528
In order to be more flexible this clean up commit splits the
TransportService into a client and server one. As part of this
we can safely remove the slightly misused TransportFilters class.
Renamed shield.type from server to node, so we can differentiate between node2node and node2client communication.
Original commit: elastic/x-pack-elasticsearch@a3a2f9bf38
Build number maven plugin requires this info to retrieve the build number and make it available as a variable, which is then published through RestShieldInfoAction, which is currently null. This commit makes sure the build number gets currently published.
Closeselastic/elasticsearch#428
Original commit: elastic/x-pack-elasticsearch@0a2bc7646b
- Added a `LicenseService` to handle license feature enable/disable events
- LicenseEventNotifier is responsible for notifying the license events to whatever registered listeners that are interested in them
- In Shield, when a license is disabled for `shield` feature, we block all read operations (done in the `ShieldActionFilter`)
- Added initial documentation around licensing
Closeselastic/elasticsearch#347
Original commit: elastic/x-pack-elasticsearch@6ba7a10cd4
tests.timezone and tests.locale are values that gets randomized all the time (even without configuring them). They don't get printed yet out with shield failures as this was only recently added to es core, but it makes sense to get ready and allow to configure them for better test repeatability.
Also removed support for es.node.mode and es.node.local as we always use network since we test with unicast discovery only.
Original commit: elastic/x-pack-elasticsearch@d03fa0c162
* Configuring the transport pipeline has changed due to adding profiles in 1.4
* Lots of tests needed to be changed in order to not leave thread pools around
* ApacheDs leaves a thread lingering around, thus a ThreadLeakFilter needed to be added
Original commit: elastic/x-pack-elasticsearch@de35362fc4
Also added a ShieldBuild class to return
* Shield version
* Shield build hash
* Shield build timestamp
Also added a '/_shield' endpoint which returns those fields.
Original commit: elastic/x-pack-elasticsearch@38928d1ef6
Modified pom.xml to do static analysis without Jenkins
'mvn -DskipTests=true -Pstatic clean compile site' to start analysis
The reports are at target/site/project-reports.html.
Original commit: elastic/x-pack-elasticsearch@ddec28e8d0
Added `ShieldRestTests` that extends `ElasticsearchRestTests` allowing to run REST tests against es+shield. Tests won't be run by default as they require additional configuration (e.g. rest tests and spec location on file system). They can be activated via `-Dtests.rest=true`. Rest tests and spec location can be provided as follows:
```
-Dtests.rest.spec=/path/to/elasticsearch/rest-api-spec/api -Dtests.rest.suite=/path/to/elasticsearch/master/rest-api-spec/test
```
Some tests need to be blacklisted at this moment as follows:
```
-Dtests.rest.blacklist=scroll/*/*,mpercolate/*/*,msearch/*/*
```
Closeselastic/elasticsearch#79
Original commit: elastic/x-pack-elasticsearch@6f3e72dd87
The automaton support changed quite a bit in 4.10 which required determinizing all the automatons used in the Privilege
Original commit: elastic/x-pack-elasticsearch@96a82f0f5d
The LDAP realm is a bind-per-user strategy and the group lookup strategy is configurable.
If a role mapping file is not defined, groups names are taken as role names.
Special configuration for active directory simplifies the configuration.
Integration Tests are using an embedded apache DS LDAP Server.
Original commit: elastic/x-pack-elasticsearch@ce20e1b3be
- Also added an overloaded version of the AuthenticationService#token method that accepts a default token and that doesn't thrown an authentication exception
- Added AuditTrail#authenticationFailed method at a higher level than the realm version. Now the realm authc failure will only be logged when trace is enabled. With this change, the audit trail logging is more consistent in its terminology (anonymous is now logged when no auth token is found)
- extended the level of audit trail logging tuning (now using all logging levels, incl. error & warn)
- Added tests for audit trails
- Added tests for authentication service
- Added mockito as a test lib (will serve as our mocking framework)
Original commit: elastic/x-pack-elasticsearch@8d21ab7484
Changed the scope of the guava dependency to prevent wrong imports and always use the shaded ones.
This required a change in the forbidden API signatures, as that tool alwyas try load the class and fail
if the class cannot be found.
Original commit: elastic/x-pack-elasticsearch@90a245423a
There are four modules:
- authc: realm based authentication module
- authz: role based privileges & permissions authorization module
- n2n: node to node authentication module (incl. IP filtering auth)
- audit: audit trail module (only includes log file audit trails for now)
Original commit: elastic/x-pack-elasticsearch@b1ec9e2923
uboness
Alexander Reelsen
javanna
Bill Hwang
Michael McCandless
c-a-m