Commit Graph

6254 Commits

Author SHA1 Message Date
Karel Minarik 5514201d4d Fixed typo in `esusers` command description
Closes 

Original commit: elastic/x-pack-elasticsearch@223e76fc3f
2014-10-10 12:08:26 +02:00
Areek Zillur f05ccaa3f9 Added Service Interfaces; start trial license impl; spec out licensesService
Original commit: elastic/x-pack-elasticsearch@1e5b311113
2014-10-09 17:20:38 -04:00
javanna c20e4efe2d Improve error message when the cluster has no indices
When the indices are empty, replaced the error message `IndexMissingException[[[]] missing]` with `IndexMissingException[[[_all]] missing]`

Closes 

Original commit: elastic/x-pack-elasticsearch@b590547722
2014-10-09 16:32:01 +02:00
Areek Zillur 90466deb0c remove redundant code
Original commit: elastic/x-pack-elasticsearch@d61cb5554c
2014-10-08 23:26:50 -04:00
Areek Zillur d7ec84afd7 Major refactoring of LicenseManager; Initial integration with LicenseService; still a lot of TODOs
Original commit: elastic/x-pack-elasticsearch@880984062a
2014-10-08 23:19:06 -04:00
Areek Zillur 0bcdb016be added setup section to README
Original commit: elastic/x-pack-elasticsearch@4c842072f6
2014-10-07 13:56:23 -04:00
Areek Zillur 68eb791965 added setup section to README
Original commit: elastic/x-pack-elasticsearch@dbf593ef16
2014-10-07 13:54:55 -04:00
Areek Zillur 85a72ee3b5 update Transport tests
Original commit: elastic/x-pack-elasticsearch@1623939755
2014-10-07 13:15:38 -04:00
Areek Zillur 0306614c00 cleanup
Original commit: elastic/x-pack-elasticsearch@03d4ae524c
2014-10-07 13:10:40 -04:00
c-a-m 7f77627396 Merge branch 'mrsolo-enhance/static'
Original commit: elastic/x-pack-elasticsearch@c62fc1e081
2014-10-07 11:07:59 -06:00
Bill Hwang 0cb46872cf [CI] Added custom pmd xml file
Add missing file

Original commit: elastic/x-pack-elasticsearch@2939191b32
2014-10-07 11:06:35 -06:00
Bill Hwang 2a1ce81960 [CI] Added static analysis dependencies
Modified pom.xml to do static analysis without Jenkins

'mvn -DskipTests=true -Pstatic clean compile site' to start analysis
The reports are at target/site/project-reports.html.

Original commit: elastic/x-pack-elasticsearch@ddec28e8d0
2014-10-07 11:06:35 -06:00
Areek Zillur 533220e15a fix circular dependency on LicensesService
Original commit: elastic/x-pack-elasticsearch@d419878c35
2014-10-07 13:04:13 -04:00
Areek Zillur a034f96497 Merge branch 'dev' into es_integration
Original commit: elastic/x-pack-elasticsearch@7b3a74f175
2014-10-07 12:38:24 -04:00
Alexander Reelsen aec86a060e incorporated review comments
Original commit: elastic/x-pack-elasticsearch@f4c8ed918f
2014-10-07 18:10:08 +02:00
Alexander Reelsen 994f785715 Logging: Stop logging closed channel exceptions by default
Original commit: elastic/x-pack-elasticsearch@c563ecaafb
2014-10-07 18:10:08 +02:00
Areek Zillur 58c266ce13 update es 1.4 snapshot
Original commit: elastic/x-pack-elasticsearch@ec23733d6e
2014-10-07 12:03:50 -04:00
javanna 11ff005dc3 Internal: replace wildcard expressions and _all with matching indices that the current user is authorized for
Two reasons for this:
1) automatically convert the _all to its matching indices, in the context of the current user is authorized for, instead of resolving wildcards and then throwing authorization exception because the wildcard exp matches indices that the user is not authorized for
2) this makes the wildcards resolution secure, meaning that there is a single place that resolve wildcards. If it happened in shield while authorizing and in core while actually executing the operation, there would be mismatches which would allow to execute operation on indices that the user is not authorized for, if they get created with the "right" timing.

Closes 
Closes 

Original commit: elastic/x-pack-elasticsearch@a02c6fbccf
2014-10-07 17:16:55 +02:00
Alexander Reelsen c02277283c Add .esvmrc file to start SSL configured cluster fast
esvm is small commandline tool to start different cluster in a fast way.
This commit adds a preconfigured .esvmrc for starting a SSL enabled cluster
in no time.

All you need to do is to build the package and run

esvm shield

This starts a two node cluster with SSL enabled on HTTP and transport

Original commit: elastic/x-pack-elasticsearch@f701fd1134
2014-10-07 17:08:53 +02:00
Areek Zillur 1da4b89311 minor fixes and improvements; incorporated feedback
Original commit: elastic/x-pack-elasticsearch@ed4bff2ce4
2014-10-07 11:02:12 -04:00
javanna 6f4acfa93b [TEST] customize test global cluster for REST tests only if REST tests are enabled
Closes 

Original commit: elastic/x-pack-elasticsearch@55eea46460
2014-10-06 12:22:23 +02:00
Alexander Reelsen 0d702c2fbc HTTPS: Do not require client auth by default
Original commit: elastic/x-pack-elasticsearch@795d40a705
2014-10-06 09:11:53 +02:00
Alexander Reelsen fe7d79384f CLI: Fix esusers tool to not create bogus role entry
If a user was created, but the user was not supplied roles on the commandline,
a bogus 'user:' was added to the roles file. This fix checks, if roles were
supplied when creating a user and only changes the roles file in that case.

Original commit: elastic/x-pack-elasticsearch@286951c016
2014-10-06 09:09:55 +02:00
Areek Zillur 319dc9c88b tests pass; second iterations; still a lot of TODOs
Original commit: elastic/x-pack-elasticsearch@0e1e409c6f
2014-10-05 23:44:44 -04:00
Areek Zillur 593b8ca18f minor cleanups
Original commit: elastic/x-pack-elasticsearch@44572eea2a
2014-10-03 10:47:24 -04:00
Areek Zillur bee849d5f4 second iteration
Original commit: elastic/x-pack-elasticsearch@bc5725d804
2014-10-03 10:39:50 -04:00
javanna 14fed747fb Restore indices authorization for composite indices requests
Original commit: elastic/x-pack-elasticsearch@64ae3bf5c1
2014-10-02 16:43:09 +02:00
javanna 5b1dd41f23 Move to elasticsearch-1.4.0.Beta1 (no snapshot)
Original commit: elastic/x-pack-elasticsearch@18c93bcae2
2014-10-02 15:42:21 +02:00
Alexander Reelsen 2e6a8e0db8 IP filtering: Removing error messages claiming to reject all connections
Original commit: elastic/x-pack-elasticsearch@2fe77515e7
2014-10-02 11:06:32 +02:00
Alexander Reelsen 464bc0a752 Ip Filtering: Change default rule to allow
In order to prevent confusion when starting up nodes (so they can join easily together)
and adding some usability connections are not denied by default on the server side.

Original commit: elastic/x-pack-elasticsearch@6ffe3a7df2
2014-10-02 09:17:00 +02:00
Areek Zillur 8ffcc4f18f maven fix for running license verification tests
Original commit: elastic/x-pack-elasticsearch@650adfadc8
2014-10-02 01:57:47 -04:00
Areek Zillur 01af8a39e6 Initial skeleton
Original commit: elastic/x-pack-elasticsearch@8a6bf64904
2014-10-02 01:55:51 -04:00
c-a-m a47de7539c ldap: Changed LdapSslSocketFactory method of setting the static factory, plus miscellaneous cleanup
Original commit: elastic/x-pack-elasticsearch@1e1ba2aa7d
2014-10-01 15:11:26 -06:00
c-a-m 2ed4dd7fb6 ldap: Adds OpenLdap and Active Directory tests, and refactors SSLConfig
SSLConfig is split into SSLConfig and SSLTrustConfig.

OpenLdapTests and ActiveDirectory tests connect via TLS to EC2 instances.

Original commit: elastic/x-pack-elasticsearch@ea38e58dea
2014-10-01 15:11:26 -06:00
Areek Zillur 59d517f6b5 added README file
Original commit: elastic/x-pack-elasticsearch@4a6aefd91e
2014-10-01 16:51:55 -04:00
Paul Echeverri 7788c833e0 Merge branch 'doc-draft'
Merging Issue 

Original commit: elastic/x-pack-elasticsearch@4ddbcb6e30
2014-10-01 13:00:05 -07:00
Paul Echeverri a0a7b9b7ff Merge branch 'master' into doc-draft
Merging PR  per Uri

Original commit: elastic/x-pack-elasticsearch@022a898a9f
2014-10-01 12:59:20 -07:00
Areek Zillur 4dc2344bb0 incorporate first round of feedback; minor cleanup & fixes
Original commit: elastic/x-pack-elasticsearch@1058049d44
2014-10-01 15:53:46 -04:00
Paul Echeverri 5137b21742 Merge pull request from elasticsearch/doc-draft
Draft docs for Shield

Original commit: elastic/x-pack-elasticsearch@91492a4cf6
2014-10-01 11:55:19 -07:00
Areek Zillur 67d776f30a Added keypair generator, license generator and licene verification tools to interface with internal license server
Original commit: elastic/x-pack-elasticsearch@96fc01391e
2014-10-01 11:39:01 -04:00
Areek Zillur 73b3dc5b44 Initial commit
Original commit: elastic/x-pack-elasticsearch@c28e6e0199
2014-10-01 10:37:58 -04:00
Michael McCandless 3b1ae0b593 Upgrade to Lucene 4.10.1
Original commit: elastic/x-pack-elasticsearch@31273b6769
2014-10-01 05:15:49 -04:00
Alexander Reelsen 2fbf4436aa Dependencies: Updating to elasticsearch 1.4.0.Beta1
Original commit: elastic/x-pack-elasticsearch@66cc907790
2014-10-01 11:11:33 +02:00
Alexander Reelsen f5589cffb2 SSL: Added more default ciphers
Original commit: elastic/x-pack-elasticsearch@c419eccec2
2014-10-01 11:03:08 +02:00
uboness 637a9e773c Added user authentication on rest requests
The authc service will now authenticate the user on the rest layer as well, meaning there will only be a single authentication process no matter what is then entry point to ES (for example, if a rest handler executes two internal requests... like some of the _cat APIs, there'll still be a single authentication process)

 In addition, the audit logs will now log REST authentication failures such that the remote address and the rest endpoint will show up in the logs as well.

Original commit: elastic/x-pack-elasticsearch@07af440147
2014-09-30 16:51:27 +02:00
c-a-m bd38b5237c Revert "passwordfix: This removes the password clearing from the authentication service"
This reverts commit elastic/x-pack@29462b494f.

Original commit: elastic/x-pack-elasticsearch@50e42933f0
2014-09-29 10:27:16 -06:00
javanna a57eae4f1f Internal: return better error message in SecurityFilter and InternalKeyService & share signing code
Closes 

Original commit: elastic/x-pack-elasticsearch@a1dcd9c5aa
2014-09-29 11:50:38 +02:00
c-a-m 402749e12b passwordfix: This removes the password clearing from the authentication service
This fixes a bug when the UsernamePasswordToken is cached in the userContext and reused after it's cleared.

Original commit: elastic/x-pack-elasticsearch@9aab1d8530
2014-09-27 11:23:38 -06:00
c-a-m da3aacf107 Passwords: SecuredString to lock down and clear password usage.
SecuredString encapsulates handling of passwords and clearing them when done.  This change
includes changing everywhere passwords are used.  After authentication the authentication service will
clear the token - which will clear the password.  This avoids using any passwords in String objects.

This also adds commentary to BCrypt to show how it changed from the original external resource.  It moves utility methods to CharArrays.

Original commit: elastic/x-pack-elasticsearch@d0ffbae5c8
2014-09-26 10:39:04 -06:00
javanna f3164f1d24 [TEST] add system key to node settings in ShieldRestTests
Original commit: elastic/x-pack-elasticsearch@76be4c240a
2014-09-26 08:44:50 +02:00