This commit adds a token based access mechanism that is a subset of the OAuth 2.0 protocol. The
token mechanism takes the same values as a OAuth 2 standard (defined in RFC 6749 and RFC 6750),
but differs in that we use XContent for the body instead of form encoded values. Additionally, this
PR provides a mechanism for expiration of a token; this can be used to implement logout
functionality that prevents the token from being used again.
The actual tokens are encrypted using AES-GCM, which also provides authentication. The key for
encryption is derived from a salt value and a passphrase that is stored on each node in the
secure settings store. By default, the tokens have an expiration time of 20 minutes and is
configurable up to a maximum of one hour.
Relates elastic/x-pack-elasticsearch#8
Original commit: elastic/x-pack-elasticsearch@3d201ac2bf
* [DOCS] Edits for description of ML results resource
* [DOCS] Adds Authorization section to ML API pages
Original commit: elastic/x-pack-elasticsearch@797761e7ae
This is an issue where a bucket can have both interim results and
non-interim results, a bucket should never have both at the same time.
The steps to cause this situation are:
1. Flush a running job and create interim results
2. Close that job (this does not delete interim results)
3. Re-open the job and POST data
4. The job will eventually emit a bucket result which mingles with the
existing interim results
Normally interim results are deleted by AutoDetectResultProcessor when a
bucket is parsed following a flush command. Because of the close and
re-opening of the job AutoDetectResultProcessor no longer knows that a
previous flush command creating interim results.
The fix is to always delete interim results the first time
AutoDetectResultProcessor sees a bucket.
relates elastic/x-pack-elasticsearch#1188
Original commit: elastic/x-pack-elasticsearch@5326455f54
In the SessionFactoryLoadBalancingTests, we sometime want a connection to a certain IP and Port to
fail as a way to mock an unresponsive/disconnected LDAP server. The test does this by starting up
multiple LDAP servers and then shutting some down. When the server is shut down the port that it
was bound to is open for another process or test to bind to, which can lead to sporadic failures in
CI. This change is a best effort attempt to prevent this by binding a server socket to the port and
filling its backlog so other connections should fail.
Relates elastic/x-pack-elasticsearch#1195
Original commit: elastic/x-pack-elasticsearch@b31a560c93
The DatafeedJobsIT.testRealtime test fails from time to time.
The test seems to take a long time to execute the flush action
after the lookback. This could make sense as the test produces
a few records over the span of a week with 5 minutes bucket_span.
Thus, flush will end up doing a lot of word to create results
for so many buckets.
This change increases the bucket_span to 1 hour. Hopefully, this
will stop the failures.
Relates elastic/x-pack-elasticsearch#1162
Original commit: elastic/x-pack-elasticsearch@4366907371
* [DOCS] Fix for prelertcategory
* [DOCS] _preview returns a page of data
* [DOCS] Added adv options e.g. background_persist_interval"
* [DOCS] Clarify meanings of model_snapshot params
* [DOCS] Format fixes
* [DOCS] Include _all keyword
* [DOCS] Explain retain.
* [DOCS] Further explanations for model size limits
* [DOCS] Format fixes in quick ref
* [DOCS] Update for exclude_interim
* [DOCS] Update for exclude_interim
* [DOCS] Update for exclude_interim
Original commit: elastic/x-pack-elasticsearch@cdd2fcefdd
This commit fixes the support for elliptic curve certificates that are specified as a PEM file.
These certificates and private keys can now be read properly and a integration test was added to
ensure that TLS also functions correctly with these certificates.
Original commit: elastic/x-pack-elasticsearch@6d6d579c88
This change removes the roles from the user in the remote cluster to show that the roles passed
from the source cluster are used in evaluating the user's permissions during multi-cluster search.
Original commit: elastic/x-pack-elasticsearch@35658168fb
This commit reduces spamming of the logs when a common SSL exception is encountered such as a
client not trusting the server's certificate or a plaintext request sent to a channel that expects
TLS traffic.
relates elastic/x-pack-elasticsearch#1062
Original commit: elastic/x-pack-elasticsearch@94959e79f6
* [DOCS] Add role info to ML getting started docs
* [DOCS] Getting started with sample ML data
* [DOCS] Getting started with server-metrics sample data
Original commit: elastic/x-pack-elasticsearch@2f268f87b4
Adds a gradle build for documentation testing, partially stolen from the xpack meta repo. Updated to make work with the current setup
index.asciidoc was updated/enabled as a test, and various pre-existing tests appear to be working. There are a large number of tests still ignored due to missing proper // CONSOLE tags
Original commit: elastic/x-pack-elasticsearch@1d596f0be3
This change prevents the situation where cleanup of ML indices immediately
after deleting a job leaves the audit notification in limbo because the index
it was due to be indexed into has been deleted.
Relates elastic/x-pack-elasticsearch#1142
Original commit: elastic/x-pack-elasticsearch@300e9c36ce
Ordinary Kibana users should not have access to the cluster state of ES,
and therefore they should not be able to access ML jobs without explicit
permission.
Original commit: elastic/x-pack-elasticsearch@77273d561a