Commit Graph

45 Commits

Author SHA1 Message Date
Michael Basnight c7fea95476 Revert " Add "client-api-objects" dependency for xpack plugin and transport-client (elastic/x-pack-elasticsearch#2995)" (elastic/x-pack-elasticsearch#3083)
This reverts commit elastic/x-pack-elasticsearch@a6d83299d0.

Original commit: elastic/x-pack-elasticsearch@ca55ee747c
2017-11-28 09:05:00 -06:00
Jay Modi 0a683a0e18 Remove InternalClient and InternalSecurityClient (elastic/x-pack-elasticsearch#3054)
This change removes the InternalClient and the InternalSecurityClient. These are replaced with
usage of the ThreadContext and a transient value, `action.origin`, to indicate which component the
request came from. The security code has been updated to look for this value and ensure the
request is executed as the proper user. This work comes from elastic/x-pack-elasticsearch#2808 where @s1monw suggested
that we do this.

While working on this, I came across index template registries and rather than updating them to use
the new method, I replaced the ML one with the template upgrade framework so that we could
remove this template registry. The watcher template registry is still needed as the template must be
updated for rolling upgrades to work (see elastic/x-pack-elasticsearch#2950).

Original commit: elastic/x-pack-elasticsearch@7dbf2f263e
2017-11-22 08:35:18 -07:00
Michael Basnight 316da9a970 Move the CLI into its own subproject (elastic/x-pack-elasticsearch#3032)
relates elastic/elasticsearch#27114

Original commit: elastic/x-pack-elasticsearch@70e8488223
2017-11-18 21:43:25 -06:00
Lee Hinman 889b008298 Add "client-api-objects" dependency for xpack plugin and transport-client (elastic/x-pack-elasticsearch#2995)
* Add "client-api-objects" dependency for xpack plugin and transport-client

This adds another gradle project, "client-api-objects" which is intended to be a
common dependency so that the xpack plugin and transport-client can share the
same Request and Response objects.

Relates to elastic/x-pack-elasticsearch#2925

Original commit: elastic/x-pack-elasticsearch@a6d83299d0
2017-11-15 09:49:00 -07:00
Jay Modi 5888174f24 Cleanup leftover tribe references in the plugin build.gradle file (elastic/x-pack-elasticsearch#2987)
In elastic/x-pack-elasticsearch#2901, the dependency on the tribe module was removed but a few leftover references were missed
in the build.gradle file of the x-pack-elasticsearch plugin. This commit removes these leftover
references.

Original commit: elastic/x-pack-elasticsearch@03f1cae1f5
2017-11-14 08:11:21 -07:00
Ryan Ernst 9a2ae4b7f2 Update security policy to use versionless codebase properties (elastic/x-pack-elasticsearch#2602)
This is the xpack side of
https://github.com/elastic/elasticsearch/pull/26756

Original commit: elastic/x-pack-elasticsearch@a219f5b6c0
2017-11-10 11:00:34 -08:00
Jay Modi e29649a7bc Remove the xpack plugin's dependency on the tribe module (elastic/x-pack-elasticsearch#2901)
This change removes the xpack plugin's dependency on the tribe module, which is not a published
artifact. For the most part this just involves moving some test classes around, but for the
security and tribe integration the usage of constant settings was removed and replaced with the
string names. This is a bit unfortunate, but a test was added in a QA project that depends on tribe
that will alert us if a new setting is added that we need to be aware of.

relates elastic/x-pack-elasticsearch#2656

Original commit: elastic/x-pack-elasticsearch@649a8033e4
2017-11-08 12:39:02 -07:00
Albert Zaharovits 98347088f9 Fix LDAP Authc connections deadlock (elastic/x-pack-elasticsearch#2587)
Do not execute bind on on the LDAP reader thread

Each LDAP connection has a single associated thread, executing the handlers for async requests; this is managed by the LDAP library. The bind operation is blocking for the connection. It is a deadlock to call bind, if on the LDAP reader thread for the same connection, because waiting for the bind response blocks the thread processing responses (for this connection).
This will execute the bind operation (and the subsequent runnable) on a thread pool after checking for the conflict above.

Closes: elastic/x-pack-elasticsearch#2570, elastic/x-pack-elasticsearch#2620

Original commit: elastic/x-pack-elasticsearch@404a3d8737
2017-10-09 13:06:12 +03:00
Albert Zaharovits 6b51f5e6ca Update BouncyCastle version from 1.55 to 1.58 (elastic/x-pack-elasticsearch#2548)
Update BouncyCastle version from 1.55 to 1.58

Requires regeneration of .project and .classpath files, e.g.
gradle cleanEclipse & gradle eclipse

Closes: elastic/x-pack-elasticsearch#2332

Original commit: elastic/x-pack-elasticsearch@5806fd4204
2017-09-21 11:30:42 +03:00
Tal Levy 8b1021ccad blacklist two license rest tests when build.snapshot=false (elastic/x-pack-elasticsearch#2559)
There are two rest tests that rely on hardcoded license
signatures that use the dev public key. These tests fail
when tests are run with build.snapshot=false. This Commit
blacklists these two tests in that scenario

relates elastic/x-pack-elasticsearch#2527.

Original commit: elastic/x-pack-elasticsearch@7581e8d699
2017-09-19 16:56:11 -07:00
jaymode 8997792875 Test: use TLS for plugin integ tests
Original commit: elastic/x-pack-elasticsearch@99971d7256
2017-09-14 15:57:28 -06:00
Simon Willnauer 2f5aeb6c6f Remove token passphrase setting (elastic/x-pack-elasticsearch#2318)
This change removes `xpack.security.authc.token.passphrase` entirely since from
6.0 onwards we use randomly generated keys by the master there is no need for
this setting anymore. This setting will be deprecated from 6.0 onwards.

Original commit: elastic/x-pack-elasticsearch@37ba90359e
2017-09-12 15:34:41 +02:00
Ryan Ernst 13672dad13 Build: Set xpack to require keystore
See https://github.com/elastic/elasticsearch/pull/26329

Original commit: elastic/x-pack-elasticsearch@e77361a6d5
2017-08-24 14:09:07 -07:00
Albert Zaharovits 026729e911 TOKEN_SERVICE_ENABLED_SETTING enabled if HTTP_SSL_ENABLED (elastic/x-pack-elasticsearch#2321)
`authc.token.enabled` is true unless `http.ssl.enabled` is `false` and `http.enabled` is `true`.

* TokenService default enabled if HTTP_ENABLED == false

* Fixed tests that need TokenService explicitly enabled

* [DOC] Default value for `xpack.security.authc.token.enabled`

Original commit: elastic/x-pack-elasticsearch@bd154d16eb
2017-08-23 13:21:30 +03:00
Yannick Welsch b4353b55ad Allow build to directly run under JDK 9 (elastic/x-pack-elasticsearch#2320)
With Gradle 4.1 and newer JDK versions, we can finally invoke Gradle directly using a JDK9 JAVA_HOME without requiring a JDK8 to "bootstrap" the build. As the thirdPartyAudit task runs within the JVM that Gradle runs in, it needs to be adapted now to be JDK9 aware.

Relates to elastic/elasticsearch#25859

Original commit: elastic/x-pack-elasticsearch@4bf266e0b0
2017-08-22 14:46:37 +09:30
Simon Willnauer 8b23f133c7 Create security bootstrap checks early to access secure settings safely (elastic/x-pack-elasticsearch#2282)
We close the secure settings in core before we pull bootstrap checks.
This means if a bootstrap check like the `TokenPassphraseBootstrapCheck`
accesses a secure setting that late it will fail due to an exception in
the `PKCS12KeyStore`. This change moves the bootstrap check creation
to the plugin constructor and adds a dummy setting to the integTest
that triggers the bootstrap checks.

Original commit: elastic/x-pack-elasticsearch@2b20865d1c
2017-08-16 13:01:52 +02:00
Yannick Welsch 51e87bf290 Move tribe to a module (elastic/x-pack-elasticsearch#2088)
Companion PR to elastic/elasticsearch#25778

Original commit: elastic/x-pack-elasticsearch@a3355802e9
2017-07-28 11:23:52 +02:00
Tim Brooks 1abc40c645 Rename elastic bootstrap password setting (elastic/x-pack-elasticsearch#2009)
This is related to elastic/x-pack-elasticsearch#1991.

Original commit: elastic/x-pack-elasticsearch@b265211e4a
2017-07-14 16:41:42 -05:00
Tim Brooks 6d04eacdec Require elastic password be bootstrapped (elastic/x-pack-elasticsearch#1962)
This is related to elastic/x-pack-elasticsearch#1217. This commit requires that the elastic password
be bootstrapped for the user to be authenticated. As a result it removes
the special "setup" mode that allowed the user to be authenticated from
localhost.

Additionally, this commit updates the tests to work with this
functionality.

Original commit: elastic/x-pack-elasticsearch@d0d5d697a7
2017-07-13 19:59:50 -05:00
Luca Cavanna 56cfaf8cb9 Rename client artifacts (elastic/x-pack-elasticsearch#1985)
Adapt to upstream rename of rest and sniffer artifacts

Original commit: elastic/x-pack-elasticsearch@f43368b3fb
2017-07-13 09:44:53 +02:00
Tim Brooks f2cbe20ea0 Remove default passwords from reserved users (elastic/x-pack-elasticsearch#1665)
This is related to elastic/x-pack-elasticsearch#1217. This PR removes the default password of
"changeme" from the reserved users.

This PR adds special behavior for authenticating the reserved users. No
ReservedRealm user can be authenticated until its password is set. The
one exception to this is the elastic user. The elastic user can be
authenticated with an empty password if the action is a rest request
originating from localhost. In this scenario where an elastic user is
authenticated with a default password, it will have metadata indicating
that it is in setup mode. An elastic user in setup mode is only
authorized to execute a change password request.

Original commit: elastic/x-pack-elasticsearch@e1e101a237
2017-06-29 15:27:57 -05:00
Martijn van Groningen 9dddce2e08 Add analysis-common as test dependency to xpack plugin module.
Original commit: elastic/x-pack-elasticsearch@2472585037
2017-06-15 20:50:31 +02:00
Ryan Ernst bb71839b85 Build: Switch ml snapshot dependency to a local project (elastic/x-pack-elasticsearch#1559)
This commit adds an internal project call ml-cpp-snapshot which when
built will pull the ml cpp zip file from the prelert bucket. The GET
request has retries added to handle the dynamic aws creds eventual
consistency.

Original commit: elastic/x-pack-elasticsearch@1bba7d0f08
2017-05-26 01:15:12 -07:00
David Roberts fa95474ab8 [BUILD] Change ordering of Java compilation and ML C++ notice extraction
May help to avoid problems with the speed of temporary AWS credentials
propagation (see elastic/x-pack-logstash#73)

Original commit: elastic/x-pack-elasticsearch@c78e00cda5
2017-05-19 13:36:40 +01:00
Jim Ferenczi de1d98b135 Adapt x-pack after the parent/child modularisation (elastic/x-pack-elasticsearch#1407)
This is the x-pack side of elastic/elasticsearch#24634
The hasChild, hasParent queries and the children agg are now in a module.

Original commit: elastic/x-pack-elasticsearch@e9b1296fc3
2017-05-12 15:59:40 +02:00
Simon Willnauer 891c2a6c3f Replace XPacks delete_by_query impl with the core impl (elastic/x-pack-elasticsearch#1378)
This can now be shared with core once elastic/elasticsearch#24578

Original commit: elastic/x-pack-elasticsearch@42bbd75aee
2017-05-11 20:23:55 +02:00
Jason Tedor 718518fe85 Disable setting available processors in tests
Within the same JVM, setting the number of processors available to Netty
can only be done once. However, tests randomize the number of processors
and so without intervention would attempt to set this value multiple
times. Therefore, we need to use a flag that prevents setting this value
in tests.

Relates elastic/x-pack-elasticsearch#1266

Original commit: elastic/x-pack-elasticsearch@d127149725
2017-05-01 19:27:45 -04:00
Dimitrios Athanasiou 1f9ddb6937 [TEST] Increase ml datafeed logging to understand test failure
DatafeedJobsIT has been failing. This change increases logging
to investigate those failures.

Original commit: elastic/x-pack-elasticsearch@0c7c29ac29
2017-04-20 17:18:11 +01:00
David Roberts 99def2bd33 [ML] Increase the wait time for AWS credentials to propagate
This was timing out a lot yesterday from the London office

Original commit: elastic/x-pack-elasticsearch@a0989c2a0f
2017-04-20 09:54:00 +01:00
David Kyle 468507e788 Revert "Muted test."
This reverts commit elastic/x-pack-elasticsearch@a4d8a72023.

Original commit: elastic/x-pack-elasticsearch@a2d5100ed2
2017-04-13 14:16:32 +01:00
Martijn van Groningen 272d1b269e Muted test.
Original commit: elastic/x-pack-elasticsearch@a4d8a72023
2017-04-12 09:08:06 +02:00
David Roberts e8337344a6 [ML] Include C++ 3rd party notices in X-Pack combined NOTICES file (elastic/x-pack-elasticsearch#953)
relates elastic/x-pack-elasticsearch#620

Original commit: elastic/x-pack-elasticsearch@5d73bd340c
2017-04-10 12:40:07 +01:00
Jay Modi cdfcfc5540 Do not contact AWS in offline mode (elastic/x-pack-elasticsearch#1001)
This commit restores the ability to build x-pack-elasticsearch without issues when running without
access to the internet. When the `--offline` flag is used, we will not try to contact vault and the
aws apis to retrieve the ml-cpp binaries but instead gradle will use a cached version even though
it may be expired.

relates elastic/x-pack-elasticsearch#726

Original commit: elastic/x-pack-elasticsearch@b0915d8fa9
2017-04-08 07:08:28 -06:00
Tanguy Leroux 4f1115d7f5 [Test] Reenable Monitoring Bulk tests (elastic/x-pack-elasticsearch#908)
This commit reenables the Monitoring Bulk Api REST tests. The XPackRestIT
now enables/disables the local default exporter before executing the monitoring
 tests, and also waits for the monitoring service to be started before executing
 the test.

Original commit: elastic/x-pack-elasticsearch@10b696198c
2017-04-04 14:44:40 +02:00
Jason Tedor eac00c6a9d Mark x-pack plugin as having native controller
This commit marks the x-pack plugin as having a native controller. This
is now a requirement in core for any plugin that forks a native process
to display a warning to the user when they install the plugin.

Relates elastic/x-pack-elasticsearch#839

Original commit: elastic/x-pack-elasticsearch@3529250023
2017-03-27 15:53:03 -04:00
Alexander Reelsen ce0391f3c7 Watcher: Update dependencies (elastic/x-pack-elasticsearch#613)
Updated dependencies for javax.activation and mail to latest versions.

Original commit: elastic/x-pack-elasticsearch@d73529f98f
2017-03-21 10:28:20 +01:00
Dimitrios Athanasiou 3e8b45f2a2 Revert "[TEST] Muted failing tests, see elastic/x-pack-elasticsearch#771"
This reverts commit elastic/x-pack-elasticsearch@014ae38d5b.

Original commit: elastic/x-pack-elasticsearch@c34a5bcc60
2017-03-20 12:06:14 +00:00
David Roberts aa02fa85da [ML] Reduce caching time for native code dependency to 0 (elastic/x-pack-elasticsearch#772)
Prior to this change the integration tests could fail for up to 24
hours after a change to the C++ output format

Original commit: elastic/x-pack-elasticsearch@b8d9fa0adb
2017-03-19 15:58:19 +00:00
Martijn van Groningen a76232f5e4 [TEST] Muted failing tests, see elastic/x-pack-elasticsearch#771
Original commit: elastic/x-pack-elasticsearch@014ae38d5b
2017-03-18 12:26:07 +01:00
Ryan Ernst 8c01d6ea69 Tests: Add cluster health check to xpack integ wait conditions (elastic/x-pack-elasticsearch#740)
The wait condition used for integ tests by default calls the cluster
health api with wait_for_nodes nd wait_for_status. However, xpack
overrides the wait condition to add auth, but most of these conditions
still looked at the root ES url, which means the tests are susceptible
to race conditions with the check and node startup. This change modifies
the url for the authenticated wait condtion to check the health api,
with the appropriate wait_for_nodes and wait_for_status.

Original commit: elastic/x-pack-elasticsearch@0b23ef528f
2017-03-15 10:23:26 -07:00
Ryan Ernst c92562e9d9 Build: Enable notice generation for x-pack (elastic/x-pack-elasticsearch#695)
The only tricky thing here was what to do about ES jars. We now ignore them for the jar sha checking, and the base elasticsearch license and notice is copied here, and elasticsearch jars are mapped to those license/notice files.

Original commit: elastic/x-pack-elasticsearch@a6373cfe4e
2017-03-02 19:06:15 -08:00
Ryan Ernst 8527bc2415 Build: Convert integ test dsl to new split cluster/runner dsl
This is the xpack side of elastic/elasticsearch#23304

Original commit: elastic/x-pack-elasticsearch@8eddd7fb0d
2017-02-22 00:56:52 -08:00
Jason Tedor 1b4fec642c Enforce Java version
The Elastic Secrets vault is served via HTTPS with a Let's Encrypt
certificate. The root certificate that cross-signed the Let's Encrypt
certificates were not trusted by the JDK until 8u101. This commit adds a
version check at the start of the build to make it clear the cause of
the underlying issue, and what the fix is.

Relates elastic/x-pack-elasticsearch#541

Original commit: elastic/x-pack-elasticsearch@6bf8076cb6
2017-02-11 12:12:26 -05:00
Ryan Ernst 2571921605 Rename x-pack project names to new names with split repo
Original commit: elastic/x-pack-elasticsearch@5a908f5dcc
2017-02-10 11:02:42 -08:00
Ryan Ernst 1fb742a0ad Rename core plugin and transport dirs
Original commit: elastic/x-pack-elasticsearch@1844685f77
2017-02-10 11:02:42 -08:00