Commit Graph

171 Commits

Author SHA1 Message Date
Simon Willnauer 1c5d04c99b Cleanup settings filtering after elastic/elasticsearchelastic/elasticsearch#16425
This change registers all filtered settings up-front and removes all
the unnecessary wrappers around SettingsFilter. This is a pretty big
change and needs some review but after all things are generally simplified and
settings are always filtered even if shield is not enabled which is the right thing
todo.

Relates to elastic/elasticsearchelastic/elasticsearch#16425

Original commit: elastic/x-pack-elasticsearch@c7df85492b
2016-02-03 21:53:08 +01:00
Simon Willnauer 11d4e69267 Add missing setting
Original commit: elastic/x-pack-elasticsearch@59db7b52fd
2016-02-03 14:09:42 +01:00
Simon Willnauer 610bd8c820 Merge branch 'master' into migrate_to_strict_settings
Original commit: elastic/x-pack-elasticsearch@608c37fa4c
2016-02-03 13:22:27 +01:00
Martijn van Groningen 3bf5dc14f9 revert change: 'test: fix tests to not use mustache' and instead moved these test to qa module
Original commit: elastic/x-pack-elasticsearch@502d877c24
2016-02-03 12:56:54 +01:00
Simon Willnauer 422163445e Converte to strict settings infrastructure elastic/elasticsearchelastic/elasticsearch#16365
Original commit: elastic/x-pack-elasticsearch@c877a21e2d
2016-02-03 11:28:17 +01:00
Martijn van Groningen 4d30dadba9 test: fix tests to not use mustache
Original commit: elastic/x-pack-elasticsearch@4a88d0d458
2016-02-03 10:47:35 +01:00
Martijn van Groningen e617d8365f watcher: Removed custom xmustache script and use mustache script engine in lang-mustache module
The lang-mustache module has been extended to meet Watcher's needs:
* The ability to refer the specific slots in arrays.
* An `content_type` option controls whether json string escaping is used. Otherwise there is no escaping.

Closes elastic/elasticsearch#1116

Other changes:
* I changed tests that were just using mustache just because it was around to not use mustache
* I moved tests to `test-xpack-with-mustache` module that were testing mustache with Watcher
* added smoke test for watcher and mustache
* moved some tests around
* instead of using DefaultTextTemplateEngine in watcher tests use MockTextTemplateEngine
* added a mock mustache script engine
* Cleanup some messy tests to not rely on mustache and move them back into xpack module
* moved array access test to smoke test watcher with mustache module
* test: simplified the condition search test to take the time component out of it, while still simulation a condition
* removed the mustache dependency in the messy-test-watcher-with-groovy module

Original commit: elastic/x-pack-elasticsearch@6a2a4e885f
2016-02-03 09:18:50 +01:00
uboness 266917e1bc fix build
More places where String.format was missing a Locale

Original commit: elastic/x-pack-elasticsearch@6e3df91526
2016-02-03 00:16:24 +01:00
uboness db003cd2a4 fix build
Added Local to String.format

Original commit: elastic/x-pack-elasticsearch@2c7368c3de
2016-02-02 23:12:36 +01:00
uboness ffab6da42d fix build with latest core changes
`Terminal.println(..)` doesn't support varargs arguments anymore

Original commit: elastic/x-pack-elasticsearch@533a4f7919
2016-02-02 20:57:05 +01:00
uboness e039ef412f Shield refactoring for 5.0
- Consolidated `InternalMarvelUser`, `InternalWatcherUser` and `InternalShieldUser` into a single `XPackUser` - this is the single internal user for xpack that has all the permissions internally required by xpack (for marvel, watcher and shield)

 - Renamed `InternalSystemUser` to `SystemUser`

 - Removed the notion of "reserved roles". Now that we have a single internal user we know its role. The authz service now checks to see if the current user is the internal xpack user, and if so, it just uses its role (and not trying to resolve it from the role store). With this model, it's no longer possible for outside users to use the internal role (it's fully internal)

 - Consolidated the notion of an `InternalClient` (in Marvel it was knows as the `SecuredClient`). This is an ES client that xpack is using to manage itself. If shield is enabled, it will execute all request on behalf of the internal xpack user.

 - Removed the verification of the license plugin on plugin installation - no need to do it anymore as the license plugin is part of the distribution.

Original commit: elastic/x-pack-elasticsearch@c851410f93
2016-02-02 18:05:01 +01:00
Tanguy Leroux 766fc3273b Fix compilation errors
From elasticsearch core commit 10b5ffcda5

Original commit: elastic/x-pack-elasticsearch@d77909332f
2016-02-02 10:31:21 +01:00
Ryan Ernst 7519d035a7 Switch to UserError for cli tools
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#16359

Original commit: elastic/x-pack-elasticsearch@547b3f50e0
2016-02-01 17:38:42 -08:00
jaymode c3b6146a72 shield: clean up hack to force switching to the system user for internal action
This commit cleans up the hack we had forcefully switching the request to execute under the system
user when a internal action gets triggered from a system request. The authorization service now tracks
the originating request in the context to allow us to validate if the request should be run as the system
user.

The system user should be used only when a user action causes an internal action, which needs to
be run by the system user.

Closes elastic/elasticsearch#1403

Original commit: elastic/x-pack-elasticsearch@4972df459f
2016-02-01 14:07:15 -05:00
uboness c9d54c0c83 Cleanup and refactoring
- removed `/_shield/roles` and `/_shield/users` endpoints (only keeping the singular forms)
 - fixed `ClearRealmsCacheTests` to use the correct endpoint for clearing the realms cache
 - used action name constants where possible in `InternalShieldUser`

Original commit: elastic/x-pack-elasticsearch@d1481de389
2016-02-01 19:51:43 +01:00
Ryan Ernst 3893ad9c5f Merge branch 'master' into remove_multicast
Original commit: elastic/x-pack-elasticsearch@7d107e88fc
2016-02-01 07:26:21 -08:00
uboness 96b2930ac7 Cleanup and refactoring
- Moved all role action classes to live under `o.e.s.action.role`
 - Moved all realm related action classes (for now just the clear cache) to live under `o.e.s.action.realm`
 - Moved all user action classes to live under `o.e.s.action.user`
 - Moved all the rest actions to live under `o.e.s.rest.action`
 - Changed the `clear role cache` endpoint to `/_shield/role/{id}/_clear_cache` (aligned with all other role endpoints)
 - Changed `InternalShieldUserHolder` to the `InternalShieldUser` singleton user... to be aligned with `InternalMarvelUser` and `InternalWatcherUser`.
 - Removed the dedicated audit log user. The new `InternalShieldUser` is now the user that manages and writes to the audit log indices
 - Extracted the `User.System` class to a top level `InternalSystemUser` class (to be aligned with the other internal user classes)
 - Removed the `SystemRole` class (the `InternalSystemUser` class now holds all the needed info/logic)

Original commit: elastic/x-pack-elasticsearch@cf82b257d1
2016-02-01 13:08:38 +01:00
Alexander Reelsen c226590e77 Watcher tests: Fix imports resulting in checkstyle exceptions
Original commit: elastic/x-pack-elasticsearch@1e55ca7bf1
2016-02-01 11:14:30 +01:00
Simon Willnauer 2698441770 Fix test compilation failures
Original commit: elastic/x-pack-elasticsearch@5d166a63fa
2016-02-01 10:54:18 +01:00
Simon Willnauer 9c0ae6411c Fix test compilation failures
Original commit: elastic/x-pack-elasticsearch@303df9b9dd
2016-02-01 10:51:49 +01:00
Boaz Leskes d27b9b4b41 Migrate the rest of NettyTransport settings to the new infra
Also does some consistency clean up, renaming trasnport.netty.* settings to transport.*

Closes elastic/elasticsearch#1397

Relates to https://github.com/elastic/elasticsearch/pull/16307

Original commit: elastic/x-pack-elasticsearch@4a128ff68c
2016-02-01 10:41:16 +01:00
Alexander Reelsen 0fe7716459 HttpClient: Prevent NPE when no path is specified
Original commit: elastic/x-pack-elasticsearch@47f26a5850
2016-02-01 10:37:51 +01:00
Simon Willnauer 6287a1300a Catch IOExcption after core change
Original commit: elastic/x-pack-elasticsearch@1fa5a3dc82
2016-02-01 10:27:33 +01:00
Alexander Reelsen 4a686f04cf Watcher: Do not encode URLs in HttpClient
When using a path like `"/<logstash-{now%2Fd}>/_search"` in the
http webhook. The already escaped slash (%2F) got escaped twice
and thus did not work any more.

The escaping happened when the code created an URI and was done
as part of that constructor. This is now switched to an URL (which
is used at the end anyway) which does not do the escaping, even though
this was required for the query string, which is now done when constructing.

Closes elastic/elasticsearch#1364

Original commit: elastic/x-pack-elasticsearch@861b6d2378
2016-02-01 09:19:07 +01:00
Ryan Ernst 131fd679b9 Remove multicast references
Xplugins side of elastic/elasticsearch#16326

Original commit: elastic/x-pack-elasticsearch@10d3ec2ebb
2016-01-31 17:44:18 -08:00
Jason Tedor e13a5e695a Uppercase ells ('L') in long literals
This commit removes all lowercase ells ('l') in long literals because
they are often hard to distinguish from the digit representing one
('1').

Closes elastic/elasticsearch#1414

Original commit: elastic/x-pack-elasticsearch@98b38705fb
2016-01-30 22:18:02 -05:00
Tanguy Leroux 970c95b6a8 Marvel: various tests fixes
Two regressions have been introduced in elastic/x-pack@156d9e4d5b: marvel index templates should not be deleted between tests and checking for marvel indices existence should not fail with IndexNotFoundException when the indices are not yet created and Shield enabled.

closes elastic/elasticsearch#1396 elastic/elasticsearch#1394 elastic/elasticsearch#1382

In MultiNodesStatsTests.java, multiple nodes are started in async: the first node may collect marvel data multiple times when the last one just started. So we should not check for exact 1 doc per node but at least 1 doc per node.

closes elastic/elasticsearch#1370

In HttpExporterTemplateTests.java, we must compare a long count with a long value.

Original commit: elastic/x-pack-elasticsearch@732fef995a
2016-01-29 17:25:07 +01:00
Alexander Reelsen 4e1d44110b Marvel: Fix compilation issues in tests
Original commit: elastic/x-pack-elasticsearch@9ffc4c501b
2016-01-29 15:15:25 +01:00
Alexander Reelsen 7147354525 Marvel: Fix compilation problem
Original commit: elastic/x-pack-elasticsearch@4db33fc6ab
2016-01-29 15:12:18 +01:00
Alexander Reelsen 8635d264ae Shield: Give native stores possibility to exit poller loop
Similar to the lifecycle services, stopping the shield lifecycle should
also ensure that the poller threads are stopped, which is tricky, in case
they run through huge user/role lists.

Original commit: elastic/x-pack-elasticsearch@7a48f19853
2016-01-29 10:16:15 +01:00
Ali Beyad e2feb61297 IndexStatsTests.testIndexStats awaits a fix on elastic/elasticsearch#1396
Original commit: elastic/x-pack-elasticsearch@0db738f324
2016-01-28 17:32:53 -05:00
jaymode 4b6ac7ceb8 shield: restore non-empty original contexts
Restoring empty contexts causes issues with searches, but failure to restore the
original context when executing index requests that auto-create results in a
the index operation being tried by the system user.

See elastic/elasticsearch#1380

Original commit: elastic/x-pack-elasticsearch@522f857de7
2016-01-28 14:07:59 -05:00
jaymode 1b4bac8203 shield: only restore the original if we forcefully replaced it
Original commit: elastic/x-pack-elasticsearch@347a4dba3f
2016-01-28 12:50:46 -05:00
Tanguy Leroux 19545596cf Marvel: Fix NodeStatsRendererTests and NodeStatsTests on Windows
Load average is not available anymore on Windows, the tests should not check the presence of the field. Also, "node_stats.json" file is hard to maintain and quite useless so this commit removes it.

Original commit: elastic/x-pack-elasticsearch@74d2e0dce6
2016-01-28 16:59:05 +01:00
jaymode 75894e6b38 shield: also restore original context to transport handlers
See elastic/elasticsearch#1380

Original commit: elastic/x-pack-elasticsearch@afbd964f18
2016-01-28 10:54:45 -05:00
jaymode 9c080681d8 shield: restore the original context when the listener is called
Also, restores running the watcher tests.

See elastic/elasticsearch#1380

Original commit: elastic/x-pack-elasticsearch@0e0c748c04
2016-01-28 09:48:26 -05:00
Boaz Leskes 0b73e3ef33 Update to incorporate changes made in Netty settings in elasticsearch elastic/elasticsearch#16200
Original commit: elastic/x-pack-elasticsearch@0e54a24519
2016-01-28 15:24:59 +01:00
Boaz Leskes dfb9068e33 Update Index usage to elasticsearchelastic/elasticsearch#16217
elasticsearchelastic/elasticsearch#16217 changed the Index class to also include index UUIDs . This commit adapts the code for it.

Closes elastic/elasticsearch#1377

Original commit: elastic/x-pack-elasticsearch@87c909c15a
2016-01-28 08:38:44 +01:00
jaymode 4012b4c7c6 test: mute watcher tests for now until. See elastic/elasticsearch#1380
Original commit: elastic/x-pack-elasticsearch@f8d9053ef6
2016-01-27 18:14:11 -05:00
jaymode 634b3edf4e only set the client instance once in the proxy
Original commit: elastic/x-pack-elasticsearch@55eb6288db
2016-01-27 14:24:41 -05:00
jaymode 7645698070 go back to setting the shield user header
Original commit: elastic/x-pack-elasticsearch@0921bd27a9
2016-01-27 13:48:51 -05:00
jaymode dcf9074c4f fix compile after change to Client settings in core
Original commit: elastic/x-pack-elasticsearch@ab069484a6
2016-01-27 12:33:35 -05:00
Jay Modi d587ace5f1 Merge pull request elastic/elasticsearch#1374 from jaymode/request_context
replace ContextAndHeaders with ThreadContext

Original commit: elastic/x-pack-elasticsearch@469ab3f5a1
2016-01-27 11:30:00 -05:00
jaymode ee7a109827 add comments about client wrapping and add ClientWithUser
Original commit: elastic/x-pack-elasticsearch@472c6dbd80
2016-01-27 10:16:14 -05:00
jaymode ed7c4273c3 test: remove check in ClearRolesCacheTests that is prone to failure
This removes a check in the ClearRolesCacheTests that is prone to failure due to the
possibility of the cache poller running while we modify documents and updating cached
values prior to the test issuing the get roles call.

See elastic/elasticsearch#1354

Original commit: elastic/x-pack-elasticsearch@ba0b803466
2016-01-27 09:25:59 -05:00
jaymode e82c969959 migrate from ContextAndHeaders to ThreadContext
This change migrates all of the xpack code to use the new ThreadContext when
dealing with headers and context data. For the most part this is a simple
cutover, but there are some things that required special casing. The internal
actions that executed by a user's requests need to forcefully drop the context
and set the system user. The workaround for this will be improved in a followup.
Additionally, the RequestContext still lives on due to the OptOutQueryCache,
which requires some core changes to fix this issue.

Original commit: elastic/x-pack-elasticsearch@87d2966d93
2016-01-27 08:02:01 -05:00
Jason Tedor d02ddece8f Merge pull request elastic/elasticsearch#1375 from jasontedor/script-settings
Script settings

Original commit: elastic/x-pack-elasticsearch@a2f4da6784
2016-01-27 06:54:24 -05:00
Simon Willnauer 6c290d22c1 Fix renamed constant
Original commit: elastic/x-pack-elasticsearch@709cd849b2
2016-01-27 11:55:15 +01:00
Adrien Grand 11125797bc Fix mapping definitions.
Original commit: elastic/x-pack-elasticsearch@609f12602e
2016-01-27 09:26:05 +01:00
Jason Tedor 8eb97c5509 Script settings
This commit is the x-plugins side of the refactoring of script settings.

Relates elastic/elasticsearchelastic/elasticsearch#16197

Original commit: elastic/x-pack-elasticsearch@4c429933b9
2016-01-26 21:13:29 -05:00