Shield expands wildcards to concrete names (aliases or indices) before each request gets executed in es core. It never resolves aliases to concrete indices though, as permissions may be set against aliases rather than indices. During this resolution, it also looks at the state of the indices and the current indices options (expand_wildcards) to expand only to indices with the relevant state. When it comes to aliases though, they may point to multiple indices each one having a different state, so it always expands ignoring expand_wildcards. At that point the request will contain the explicit name of the alias, no wildcards, thus the expand_wildcards option will have no effect in core. ignore_unavailable could be used instead when interacting with shield, which would affect how aliases are resolved to multiple indices. In this case we can only blacklist the test in shield, as it will return both the closed index and the open one.
Original commit: elastic/x-pack-elasticsearch@54c11dfc31
Due to lingering threads when shutting down when running this in CI
this disables watcher in this tests. It is really hard to reproduce
to get the correct order of start/stop. The reason here is, that watcher
is still starting and not finished, when stop is called on the plugin.
Original commit: elastic/x-pack-elasticsearch@2de85bcba6
In elastic/elasticsearchelastic/elasticsearch#15907, we changed the load average
structure to also include 5 and 15 minute load averages. This
commit adjusts the expected JSON structure for
NodeStatsRendererTests.
Original commit: elastic/x-pack-elasticsearch@59f6a1e9d9
When debugging role mapping it is useful to know the actual user DN, which is only logged
when something is actually mapped to the DN. Since this is logged at debug level, we should
always log it.
Original commit: elastic/x-pack-elasticsearch@b690c757d3
Previously we only exposed the use of a single URL for LDAP realms, while the code supported
multiple URLs. Internally we always used a failover server set, which would have provided failover
to another LDAP server if multiple existed. This change introduces a new setting `load_balance.type`
on the realm that indicates the type of load balancing. Valid options are:
* `failover` - the first server in the list will be used until it fails and then additional servers will be tried until
one succeeds. The first successful server will be used from now on. This is the default.
* `round_robin` - continuously iterates through the list of servers for each new connection. If a server is down,
the iteration will continue until a successful connection is made. The downfall here is that the list does not
get reordered on a down server, so there is overhead for always trying the servers in order.
* `dns_failover` - This server set takes a single URL that uses a DNS that will resolve to multiple IP addresses.
Connections will be consistently attempted to servers in the order they are retrieved from the name service; there
is no re-ordering and the first successful connection will be used.
* `dns_round_robin` - This server set takes a single URL that uses a DNS that will resolve to multiple IP addresses.
The addresses retrieved from the name service will connected to in the same order as `round_robin`.
Closeselastic/elasticsearch#31
Original commit: elastic/x-pack-elasticsearch@9ce9a1bf23
In order to correctly check for equality in an EmailAction, all the email
attachments have to implement equals/hashCode methods.
This has already been added to the 2.x branch in elastic/x-pack@ebde22507f
Original commit: elastic/x-pack-elasticsearch@bb980ea934
This feature is mainly done for the integration with the commercial reporting, but can be used
for anything else as well.
This adds a `attachments` to the email configuration, which can be used like this
```
"attachments" : {
"some_id" : {
"http" : {
"request" : {
"url" : "http://example.org/foo.pdf"
}
}
},
"other_id" : {
"data" : {
"format" : "json"
}
}
}
```
The main reason to pick this format is extensibility. If we would like to support another
attachment type, like an file reader, we could do so easily from an API point of view.
Closeselastic/elasticsearch#870
Original commit: elastic/x-pack-elasticsearch@66d14be965
This commit removes the current implementation in HttpExporter so that it does not automatically clean indices anymore.
Original commit: elastic/x-pack-elasticsearch@7d30338355
In order to have a shortcut for the execution of a watch and
specifying the record_execution and ignore_condition booleans,
so are now supported in the HTTP request parameters as well.
Closeselastic/elasticsearch#918
Original commit: elastic/x-pack-elasticsearch@bed5da40b7
* This action enables sending notifications to pager duty services.
* Utilizes pager duty's REST API
* Similar to the `email`, `hipchat` and `slack` actions, multiple `pagerduty` accounts can be configured, each with its own Service API key
* A `pagerduty` account is roughly mapped to a service in your pagerduty service.
* `pagerduty` actions are associated with an account, or if not, their events will be sent via the default account.
* An incident can be acknowledged, resolved or triggered
Closeselastic/elasticsearch#492
Original commit: elastic/x-pack-elasticsearch@72cc21d119
This commit merge the ClusterInfoCollector in the ClusterStatsCollector so that cluster stats are retrieved only once.
Original commit: elastic/x-pack-elasticsearch@fe70149210
This commit changes the templates so that they are now versionned using a number (starting from 1). This number is used in index templates names (ex: .marvel-es-data-1, .marvel-es-1) as well as in indices names (ex: .marvel-es-1-2015-12-30, .marvel-es-data-1).
If the template does not exist, it is created. Otherwise nothing (no update) is done.
Original commit: elastic/x-pack-elasticsearch@66c1a8bed0
This commit enable tribe nodes support for Marvel. It avoid ElasticsearchSecurityException when a tribe node is connected to a cluster that has been configured for both Shield and Marvel by loading the MarvelShieldIntegration support on tribe node even if marvel.enabled is set to false. It also allows tribe nodes to be monitored using Marvel with their own marvel settings.
closeselastic/elasticsearch#1088
Original commit: elastic/x-pack-elasticsearch@e0401c1288
Instead of having to specify `scheme`, `host`, `port`, `path` and `params` each
one can now use the `url` field and specify something like `http://example.org/foo?bar=baz`
This works for HttpRequest and HttpRequestTemplate
Original commit: elastic/x-pack-elasticsearch@8c052cf419
Because of specifying the concrete implementations in WatcherPlugin.nodeServices(),
all of those services got created twice for each node (guice requires the interface here).
This resulted in NPEs as the first instantiation did not run doStart() and thus had empty
settings, that resulted in a NPE.
Closeselastic/elasticsearch#1179
Original commit: elastic/x-pack-elasticsearch@c6a1f5093f
* allow bulk requests with updates if fls/dls isn't configured for targetted index
* throw a hard error if the current call can't resolve an associated transport request
marvel: node stats collector should use the client instead of the internal apis, because otherwise the index searcher wrapper can't locate the transport request that is associated with current call and would then throw an exception, which then prevents the marvel agent from collecting stats.
* if both field or document level security is enabled then all forbidden operations should fail
Original commit: elastic/x-pack-elasticsearch@b2c40d6559
The REST authenticate API can be used to test credentials and retrieve details about the
user that has been authenticated. This currently includes retrieving the user's username
and roles.
Closeselastic/elasticsearch#1019
Original commit: elastic/x-pack-elasticsearch@117a226187
My previous change only fixed it when it resolves to something different than localhost.
But in some cases, it does not resolve at all, we must specify the IP.
Original commit: elastic/x-pack-elasticsearch@547eb4c42f
This commit removes usage of Collections#shuffle(List) as this is a
forbidden method in upstream Elasticsearch.
Relates elastic/elasticsearchelastic/elasticsearch#15287, relates elastic/elasticsearchelastic/elasticsearch#15299
Original commit: elastic/x-pack-elasticsearch@2943569ee1
This commit simplifies xcontent usage in x-pack in a way that is compatible with
elastic/elasticsearchelastic/elasticsearch#15358.
Original commit: elastic/x-pack-elasticsearch@0d6ce5f22f
Squashed commit of the following:
commit 54de841112778b01e817e465d2f59840970bb4f3
Author: Robert Muir <rmuir@apache.org>
Date: Thu Dec 10 08:47:12 2015 -0500
see exactly how far MessyTestPlugin can go (unit tests depend on both groovy and mustache!)
commit 743b5a4e0cc9a05e307339dfcb4569feed31f337
Author: Robert Muir <rmuir@apache.org>
Date: Thu Dec 10 08:35:03 2015 -0500
fix x-pack compile/tests to work with https://github.com/elastic/elasticsearch/pull/15328
Original commit: elastic/x-pack-elasticsearch@4307bb163b
This commit update the Local & Http exporters so that they have the same behavior. Exporters now try to update the mappings of the current marvel indices if they exist (only new document types will be added)
It also adds dedicated tests to verify that the Marvel template is correctly updated depending of the current template version.
Original commit: elastic/x-pack-elasticsearch@ac650f5aba
When the logging audit trail is configured to add the node hostname or ip address
as a prefix, the logging audit trail can invoke guice dependency injection issues since
the transport that is injected is a proxy. This change makes the logging audit trail a
lifecycle component and waits for the transport to be started before initializing the
prefix.
Closeselastic/elasticsearch#1104
Original commit: elastic/x-pack-elasticsearch@3b19283969
In order to be able to send emails, the thread context classs loader
must be set to the watcher plugin class loader (and reset afterwards),
otherwise some javax.activation classes needed to create mime attachments
cannot be found.
In addition the activation jar dependency has been removed.
Closeselastic/elasticsearch#1066Closeselastic/elasticsearch#708
Original commit: elastic/x-pack-elasticsearch@10042375ec
This commit disables marvel when running the watcher with groovy tests. Marvel creates
indices and expect the cluster to be green, which won't happen with the marvel indices
existing and expecting a replica.
See elastic/elasticsearch#1087
Original commit: elastic/x-pack-elasticsearch@8d163a53b7
Since we combined all of the plugins marvel will also be enabled and will cause
the cluster to never get to a green state since we only have a single node.
Original commit: elastic/x-pack-elasticsearch@60fbfa97f1
* move static initialization hack for UnboundID Debug to XPackPlugin
* cleanup bundlePlugin calls in build file
* properly disable watcher and marvel for shield core tests
Original commit: elastic/x-pack-elasticsearch@2b89cf2225
This commit fixes the integration tests and qa test after the reorganization to be
packaged as a single plugin.
Original commit: elastic/x-pack-elasticsearch@d6f488627f
- added the license-plugin dir as a src dir
- Made XPackPlugin customizable for tests. Now tests that need to plug in different behaviours (e.g. a custom license plugin) can do that by simply resetting the relevant delegee plugins (i.e. shield, marvel, license, watcher) in the ctor of a new XPackPlugin.
Original commit: elastic/x-pack-elasticsearch@ab83104955