Commit Graph

4416 Commits

Author SHA1 Message Date
Nik Everett c597d37fbb Hande SearchExtParsers replaced by namedObject
Original commit: elastic/x-pack-elasticsearch@9691f9b772
2017-01-09 08:22:01 -05:00
jaymode a0090ac556 test: ensure the roles store is called when verifying mock interations
The CompositeRolesStoreTests#testNegativeLookupsAreCached test had a bug where it was expected to
retrieve the superuser role but the mockito verification on the call failed. This was because there
is also randomization on the number of times to call, which could be 0.

Closes elastic/elasticsearch#4562

Original commit: elastic/x-pack-elasticsearch@5c62df15b7
2017-01-09 08:05:59 -05:00
Tanguy Leroux a86b112f1e [Watcher] Delete JIRA issues after integration tests execution (elastic/elasticsearch#4552)
This commit delete the JIRA issues after the integration test execution. All issues from the testing project XWT are deleted, even if they have not been created during this specific test execution.

closes elastic/elasticsearch#4535

Original commit: elastic/x-pack-elasticsearch@0362463633
2017-01-09 10:41:48 +01:00
Tim Vernum 525364cf0e Add TRACE logging for LDAP traffic (elastic/elasticsearch#4551)
We frequently have support requests to diagnose LDAP realm problems.
One of the tools that would be useful in those cases is to be able to turn on trace logging and be able to see the LDAP searches and their results

Original commit: elastic/x-pack-elasticsearch@632d8e4f19
2017-01-09 11:26:22 +11:00
Jason Tedor c1d44d7d71 Mark failing action throttle test as awaits fix
This commit marks ActionThrottleTests#testFailingActionDoesGetThrottled
as awaits fix as this test fails reliably.

Original commit: elastic/x-pack-elasticsearch@465c48b603
2017-01-08 16:47:54 -05:00
javanna 8d31827f28 Migrate ToXContent impls to ToXContentObject
Original commit: elastic/x-pack-elasticsearch@b09f537ef4
2017-01-06 23:32:05 +01:00
javanna 0b93bc98bf WatchSourceBuilder to extend ToXContentToBytes
Original commit: elastic/x-pack-elasticsearch@b97ad8f92c
2017-01-06 23:32:05 +01:00
javanna c23de42f29 Adapt to ToXContentObject introduction
Changes required are for two reasons:

1) SearchResponse is a self contained valid object which doesn't need to be wrapped in a new object anymore
2) RestToXContentBuilderListener requires ToXContentObject, hence GraphExploreResponse needs to be moved over

Original commit: elastic/x-pack-elasticsearch@12277d0220
2017-01-06 23:32:05 +01:00
Tanguy Leroux 19cbab4ac3 [Watcher] Update triggering interval in Jira integration tests
In Jira integration tests, some watches are triggered every second whereas they are executed using the watch execute API. This commit increases the triggering interval to 1d so that the watches are not executed on slow machines.

Original commit: elastic/x-pack-elasticsearch@4d0462bc00
2017-01-05 21:00:53 +01:00
javanna 80dc895450 remove ParseFieldMatcher usages from Script parsing code
Original commit: elastic/x-pack-elasticsearch@4be5f83084
2017-01-05 19:33:15 +01:00
Tim B f71733ec4d Replace com.sun.net.httpserver.Http/Https server usages with MockHttpServer. (elastic/elasticsearch#4476)
Original commit: elastic/x-pack-elasticsearch@4b2d184f53
2017-01-05 11:29:31 -06:00
Tanguy Leroux b72dd8a2d1 [Monitoring] Schedule data collection instead of sleeping (elastic/elasticsearch#4266)
This commit renames the current AgentService into MonitoringService and changes the way it works: it was previously based on thread sleeping and it now use thread scheduling instead. 

At every given time interval, a MonitoringExecution is executed. It first checks if monitoring data can be collected and if so it will collect data from Collectors and then export the data using the Exporters. There are cases where the data cannot be collected: when the service is stopping, when the interval has been set to -1 after the MonitoringExecution has been scheduled, or when the previous data collection is not yet terminated. In this last case, MonitoringExecution will still be executed at the given interval but will not collect any data.

All tasks are executed on the generic thread pool.

closes elastic/elasticsearch#2866

Original commit: elastic/x-pack-elasticsearch@d37b4d3731
2017-01-05 17:45:17 +01:00
Tanguy Leroux 3d2d1d49b6 [Watcher] Move Jira integration tests to smoke-test-watcher (elastic/elasticsearch#4534)
This commit moves the Jira rest integration tests from the smoke-test-watcher-with-mustache project to the smoke-test-watcher project.

Original commit: elastic/x-pack-elasticsearch@c6b03d557f
2017-01-05 15:22:59 +01:00
Alexander Reelsen 63f4bbba98 Watcher: Use Apache HttpClient for internal Watcher HttpClient (elastic/elasticsearch#4434)
Watcher: Use Apache HttpClient for internal Watcher HttpClient

The current implementation based on URLConnection has several drawbacks.

* If server returned HTTP header but then got stuck, no timeout would help, the connection remained stuck
* GET requests with a body were not supported, the method was silently changed to POST
* More complex handling of input/error stream handling, the body could not be read from a single input stream

NOTE: This is a BWC breaker. From now on every part of the URL needs to be encoded properly before it is configured in the requeust builder. This requires an upgrade of all watches.

Closes elastic/elasticsearch#1141

Original commit: elastic/x-pack-elasticsearch@bbc8f85dd8
2017-01-05 14:25:58 +01:00
Tanguy Leroux 125a2c9c03 [Watcher] Enable Jira integration tests (elastic/elasticsearch#4331)
This commit enables the Jira integration tests with the Jira project and account provided by Edward Sy.

closes elastic/infraelastic/elasticsearch#1498

Original commit: elastic/x-pack-elasticsearch@78d1005064
2017-01-05 13:44:04 +01:00
Alexander Reelsen 9f43a5320e Watcher: Fix test failure in case watch alias was created before
An integration test was failing due to the possibility of the
.watch index being an alias (which only happens rarely).

Original commit: elastic/x-pack-elasticsearch@d53a4ebdd4
2017-01-05 11:44:41 +01:00
Nik Everett 93b16f0615 Fix another qa project
Original commit: elastic/x-pack-elasticsearch@9609036dde
2017-01-05 10:56:09 +01:00
Nik Everett f2ae490b32 Switch from standalone-test to standalone-rest-test
standalone-rest-test doesn't configure unit tests and for these
integTest only projects that is what we want.

Original commit: elastic/x-pack-elasticsearch@f576dfdfbb
2017-01-05 10:56:09 +01:00
Nik Everett 5b6bfffa9a Require either BuildPlugin or StandaloneTestBasePlugin to use RestTestPlugin
It used to be that RestTestPlugin "came with" StandaloneTestBasePlugin
but we'd like to use it with BuildPlugin for the high level rest client.

Also fix some license headers.

Original commit: elastic/x-pack-elasticsearch@3d5549d170
2017-01-05 10:56:09 +01:00
Alexander Reelsen cb7f916485 Watcher: Remove async code in sync code block (elastic/elasticsearch#4506)
Watcher: Remove async code in sync code block

When removing the watch store this code snippet sneaked in.
A call to get a watch in order to find out if it exists was async, but
the code checking the result was called immediately afterwards without
waiting for the result, thus always using the default value.

This also removes some unused code in TriggeredWatchStore.

Original commit: elastic/x-pack-elasticsearch@c47e70bf8a
2017-01-05 10:24:17 +01:00
Tim Vernum c64ad22579 Use Version.compareTo when calculating minimum version (elastic/elasticsearch#4505)
Results from elasticsearch change elastic/elasticsearch#22378 (6ad5486)

Original commit: elastic/x-pack-elasticsearch@73c09657bb
2017-01-05 17:43:10 +11:00
Tim Vernum ca3bbc7da0 [TESTS] Test resolving ldap groups with preloaded attributes (elastic/elasticsearch#4530)
Add a test for the `UserAttributeGroupsResolver` when using attributes provided as a parameter.

(ported from commit elastic/x-pack@ebc62b7, elastic/elasticsearch#4522)

Original commit: elastic/x-pack-elasticsearch@6502fdb801
2017-01-05 17:42:28 +11:00
Chris Earle 3c68e6dd23 Ignore 5m and 15m system load averages in resolver tests so that Mac users can run them
Original commit: elastic/x-pack-elasticsearch@4a2a75b046
2017-01-04 11:59:05 -05:00
Chris Earle 35b405d029 [Monitoring] Add 'logstash' type to old .monitoring-data-2 indices (elastic/elasticsearch#4517)
Add `logstash`, in addition to `kibana` type mappings if they are missing from the _existing_ .monitoring-data-2 indices. This allows existing indices to be upgraded in place to support the Logstash monitoring feature added in 5.2 without having to delete the .monitoring-data-2 index.

Original commit: elastic/x-pack-elasticsearch@864343a116
2017-01-04 00:43:30 -05:00
Thomas Neirynck b799c1603b Merge pull request elastic/elasticsearch#3480 from thomasneirynck/enhancement-tileurl
Add license id when retrieving map metadata

Original commit: elastic/x-pack-elasticsearch@ff50a72fb4
2017-01-03 19:15:09 -05:00
Chris Earle 0d62207f8f [Monitoring] BWC Allow New Types to be added to .monitoring-data-2 index (elastic/elasticsearch#4504)
* [Monitoring] BWC Allow New Types to be added to .monitoring-data-2 index

This adds the new Logstash (and technically Kibana) types to the index mapping if they're not already there. Pre-existing indices will be blocked from creating new types in the index due to the index setting. The index setting cannot be flipped without opening/closing the index, so manually adding the new types is easier.

Original commit: elastic/x-pack-elasticsearch@e85e800335
2017-01-03 16:47:09 -05:00
javanna cd2e608ecc Remove unused ParseFieldMatcher argument from SearchInput and SearchTransform parse methods
Original commit: elastic/x-pack-elasticsearch@6cf7323961
2017-01-03 22:39:48 +01:00
javanna 4359a0508f remove unused ParseFieldMatcher imports
Original commit: elastic/x-pack-elasticsearch@c5c4834a8b
2017-01-03 22:26:17 +01:00
Jay Modi e41b53c344 roles with FLS and/or DLS are ignored when unlicensed (elastic/elasticsearch#4481)
Currently, roles making use of field or document level security are still applied when
the license level does not enable field and document level security. There is no indication
that these roles are not being applied so it is misleading to users. This change prevents
these roles for applying to authorization and also adds a transient metadata to the response
that indicates which features of a role is unlicensed.

Additionally, this PR prevents the addition or modification of roles to include field or
document level security.

Closes elastic/elasticsearch#2472

Original commit: elastic/x-pack-elasticsearch@c9455958f5
2017-01-03 12:06:33 -05:00
Chris Earle f4b9e794e8 [Monitoring] Fix test that fails with Cgroups missing on some machines
Original commit: elastic/x-pack-elasticsearch@23b7c2a25a
2017-01-03 12:02:12 -05:00
javanna 33653a8865 Remove ParseFieldMatcher usage from SearchRequest
Original commit: elastic/x-pack-elasticsearch@e1b08ab801
2017-01-03 14:48:13 +01:00
Daniel Mitterdorfer dd26c93f68 Eliminate unneccessary declaration of IOException
Original commit: elastic/x-pack-elasticsearch@9f71ff4b55
2017-01-03 12:41:06 +01:00
Christoph Büscher 63baf5a86a Remove Getters and Setters for "minimumNumberShouldMatch" in BoolQueryBuilder
The interval value set is "minimumShouldMatch" and also the documented query dsl
parameter is `minimum_should_match` so we can deprecate
`minimum_number_should_match` and its getters/setters in 5.x and remove them in 6.

Original commit: elastic/x-pack-elasticsearch@53ce64b7b3
2017-01-03 11:29:54 +01:00
Luca Cavanna 3532e34aaa Remove some usages of ParseFieldMatcher in favour of using ParseField directly (elastic/elasticsearch#4495)
Relates to elastic/elasticsearch#19552
Relates to elastic/elasticsearch#22130

Original commit: elastic/x-pack-elasticsearch@85d2a4cdbf
2016-12-31 09:24:35 +01:00
Chris Earle d210213fc9 [Monitoring] Use Cgroup Data from _nodes/stats (elastic/elasticsearch#4484)
* [Monitoring] Use Cgroup Data from _nodes/stats

This adds Cgroup data from _nodes/stats.

- This also adds 5m and 15m from system load, which are sent from ES, but
  were not recorded. Kibana does record/report those values though.

Original commit: elastic/x-pack-elasticsearch@8e04452c60
2016-12-30 18:55:51 -05:00
Chris Earle 2bce702f62 [Monitoring] Add Logstash monitoring feature
This PR adds UI for visualizing Logstash internal metrics with contributions from @ph, @jsvd and @pickypg

Changes include:

* x-pack component for Logstash which installs a monitoring exporter plugin to Logstash core. This periodically ships
  monitoring data to the monitoring bulk API endpoint.
* Adds xpack.monitoring.* setting to logstash.yml when x-pack is installed.
* UI changes to graph Logstash monitoring data. Logstash processes are called nodes. They send separate monitoring info
  which gets aggregated and displayed at cluster level and also at individual node level.
* Adds gradle build support for Logstash x-pack which can be controled via `xpack.logstash.build=false`

Fixes elastic/elasticsearch#4169

Original commit: elastic/x-pack-elasticsearch@f58ef406c1
2016-12-30 10:36:11 -08:00
Luca Cavanna 37a29c0387 Remove some usages of ParseFieldMatcher in favour of using ParseField directly (elastic/elasticsearch#4492)
Relates to elastic/elasticsearch#19552
Relates to elastic/elasticsearch#22130

Original commit: elastic/x-pack-elasticsearch@28f8e3cca4
2016-12-30 18:58:03 +01:00
Jay Modi 39263d83d2 ldap and ad realms should obey the verification_mode setting (elastic/elasticsearch#4486)
When migrating realms to use the new settings for SSL, the removal of the
hostname_verification setting was missed in addition to actually using the
ssl.verification_mode setting. This change deprecates the
hostname_verification and enables the use of the ssl.verification_mode setting.

Original commit: elastic/x-pack-elasticsearch@ea24e83fd3
2016-12-30 10:04:56 -05:00
Jay Modi 18a2cf23d4 Build a single role that represents a user's permissions (elastic/elasticsearch#4449)
This PR changes how we use roles and how we look at the roles of a user. Previously we looked up each role individually, parsed each into their own `Role` object, and had a wrapper that essentially served as an iterator over the roles. The same pattern was also followed for the permissions that composed a role (ClusterPermission, IndicesPermission, and RunAsPermission). This resulted in a lot of code that was hard to follow and could be inefficient. 

Now, we look up the roles for a user in bulk and only get the RoleDescriptor for each role. Once all role descriptors have been retrieved, we build a single Role that represents the user's permissions and we also cache this combination for better performance as authorization can happen many times for a single top level request as we authorize the top level request and any sub requests, which could be a large number in the case of shard requests.

This change also enabled a large cleanup of our permission and privilege classes, which should reduce the footprint of what needs to be followed. Some of the notable changes are:

* Consolidation of GeneralPrivilege and AbstractAutomatonPrivilege into the Privilege class
* The DefaultRole class has been removed and the permissions it provided were moved into the AuthorizationService
* The GlobalPermission class was removed as there is a single role that represents a user's permissions
* The Global inner classes for the various permissions were removed
* The Core inner class was removed and ClusterPermission, IndexPermission, RunAsPermission became final classes instead of interfaces
* The Permission interface has been removed. The isEmpty() method defined by this interface is not needed as we can simply evaluate the permission to get the same effect
* The ClusterPermission#check method only takes the action name again
* The AutomatonPredicate class was removed and replaced by Automatons#predicate
* IndicesAccessControl objects no longer need to be merged when evaluating permissions
* MergedFieldPermissions has been removed
* The Name class that was used to hold an array of strings has been removed and replaced with the use of a Set
* Privilege resolution is more efficient by only combining automata once

Other items:
* NativeRolesStore no longer does caching, so the RoleAndVersion class could be removed
* FileRolesStore doesn't need to be an AbstractLifecycleComponent

Relates elastic/elasticsearch#4327

Original commit: elastic/x-pack-elasticsearch@c1901bc82e
2016-12-30 09:27:49 -05:00
jaymode 9c09b88e9f watcher: do not continue execution when get result doesn't exist
When attempting to a get a watch that does not exist, the listener is called once inside
an if statement and the execution of the method continues as if the watch existed. This
causes failures to happen including a NPE. This commit wraps the execution in a if-else
to prevent this.

Original commit: elastic/x-pack-elasticsearch@27f09852e7
2016-12-30 08:34:39 -05:00
Adrien Grand 2b92ee71bc Fix compilation.
Original commit: elastic/x-pack-elasticsearch@8e845fe3b3
2016-12-30 10:54:20 +01:00
Igor Motov 7597fa8ae9 Use java.nio.charset.StandardCharsets instead of com.google.common.base.Charsets
We are trying to get rid of guava, so it doesn't make much sense to use it as a dependency unless we really need to.

Original commit: elastic/x-pack-elasticsearch@e2e2d58fba
2016-12-29 10:49:40 -05:00
Tim Vernum 22a32c8748 Add logstash_system user to X-Pack security reserved realm
The `logstash_system` user/role are used by logstash internals (e.g. monitoring), and work similarly to the Kibana user and role

Included features:  
- New logstash_system user/role (elastic/elasticsearch#4350, elastic/elasticsearch#4021)
- We no longer hide the reserved roles in the API (applies to both kibana and logstash_system)
- Automatically Disable logstash_system user on upgrade. If upgrading from a pre-5.2.0 version, automatically set the `logstash_system` user to disabled so that the system stays locked down. (elastic/elasticsearch#4445, elastic/elasticsearch#4394)

Closes: elastic/elasticsearch#4021
Closes: elastic/elasticsearch#4394 

Original commit: elastic/x-pack-elasticsearch@a9e6d1f216
2016-12-29 12:36:47 +11:00
Igor Motov 576a512ef2 Remove PROTO-based custom cluster state components
Switches custom cluster state components from PROTO-based de-serialization to named objects based de-serialization

Original commit: elastic/x-pack-elasticsearch@e1be8597ee
2016-12-28 12:38:03 -05:00
Yannick Welsch 505ed14c97 Separate cluster update tasks that are published from those that are not
Companion commit to elastic/elasticsearchelastic/elasticsearch#21912

Original commit: elastic/x-pack-elasticsearch@4ba569f8da
2016-12-23 12:21:59 +01:00
Jason Tedor 935eec54c5 Enable assertions in integration tests
This commit fixes some bugs that were found after enabling assertions in
integration tests.

Relates elastic/elasticsearch#4443

Original commit: elastic/x-pack-elasticsearch@4fdd84166d
2016-12-22 20:14:02 -05:00
Nik Everett 4ff6279865 Remove exception from client suite
Original commit: elastic/x-pack-elasticsearch@51e94561d9
2016-12-22 09:10:42 -05:00
Areek Zillur 84db1b8731 x-pack changes for elasticsearchelastic/elasticsearch#21964
In https://github.com/elastic/elasticsearch/pull/21964, index
and delete operations are executed as single item bulk requests
internally. This means index and delete operations use the
bulk transport endpoints (indices:data/write/bulk[s][p] and
indices:data/write/bulk[s][r]).

This PR adds bulk transport endpoint to 'write' and 'delete'
index privilages and adds index and delete action as composite
actions to delay the authentication to the shard level.

Original commit: elastic/x-pack-elasticsearch@2305fc9ca0
2016-12-22 02:35:35 -05:00
Jason Tedor d5db68702c Adapt to method name change in core
This commit adapts to the change of the method name
ESTestCase#randomPostivieLong to ESTestCase#randomNonNegativeLong.

Original commit: elastic/x-pack-elasticsearch@689429cb54
2016-12-21 23:19:52 -05:00
jaymode 880808c428 test: disable security manager for custom realm integration tests
Original commit: elastic/x-pack-elasticsearch@4bcd7675b2
2016-12-21 16:05:43 -05:00