This commit adds a new `source_node` field to all marvel documents that holds various information (node's name/ip/host/id/transport address) about the node that emitted the document.
(cherry picked from commit elastic/x-pack@29a411a931)
Original commit: elastic/x-pack-elasticsearch@66e057d334
If elasticsearch merges https://github.com/elastic/elasticsearch/pull/16413
then the build will fail catastrophically without this. The goal here is to
opt these files out of the line length checks while they don't pass and we
can get them passing as time permits and opt them back in. In the mean time
all files that pass the line length check will have the check enforced.
This also gives you a spot to add x-plugins opt outs for core's checkstyle
rules in case you have generated files or something like that.
Original commit: elastic/x-pack-elasticsearch@63a1ad2f79
This change registers all filtered settings up-front and removes all
the unnecessary wrappers around SettingsFilter. This is a pretty big
change and needs some review but after all things are generally simplified and
settings are always filtered even if shield is not enabled which is the right thing
todo.
Relates to elastic/elasticsearchelastic/elasticsearch#16425
Original commit: elastic/x-pack-elasticsearch@c7df85492b
The lang-mustache module has been extended to meet Watcher's needs:
* The ability to refer the specific slots in arrays.
* An `content_type` option controls whether json string escaping is used. Otherwise there is no escaping.
Closeselastic/elasticsearch#1116
Other changes:
* I changed tests that were just using mustache just because it was around to not use mustache
* I moved tests to `test-xpack-with-mustache` module that were testing mustache with Watcher
* added smoke test for watcher and mustache
* moved some tests around
* instead of using DefaultTextTemplateEngine in watcher tests use MockTextTemplateEngine
* added a mock mustache script engine
* Cleanup some messy tests to not rely on mustache and move them back into xpack module
* moved array access test to smoke test watcher with mustache module
* test: simplified the condition search test to take the time component out of it, while still simulation a condition
* removed the mustache dependency in the messy-test-watcher-with-groovy module
Original commit: elastic/x-pack-elasticsearch@6a2a4e885f
- Consolidated `InternalMarvelUser`, `InternalWatcherUser` and `InternalShieldUser` into a single `XPackUser` - this is the single internal user for xpack that has all the permissions internally required by xpack (for marvel, watcher and shield)
- Renamed `InternalSystemUser` to `SystemUser`
- Removed the notion of "reserved roles". Now that we have a single internal user we know its role. The authz service now checks to see if the current user is the internal xpack user, and if so, it just uses its role (and not trying to resolve it from the role store). With this model, it's no longer possible for outside users to use the internal role (it's fully internal)
- Consolidated the notion of an `InternalClient` (in Marvel it was knows as the `SecuredClient`). This is an ES client that xpack is using to manage itself. If shield is enabled, it will execute all request on behalf of the internal xpack user.
- Removed the verification of the license plugin on plugin installation - no need to do it anymore as the license plugin is part of the distribution.
Original commit: elastic/x-pack-elasticsearch@c851410f93
This commit cleans up the hack we had forcefully switching the request to execute under the system
user when a internal action gets triggered from a system request. The authorization service now tracks
the originating request in the context to allow us to validate if the request should be run as the system
user.
The system user should be used only when a user action causes an internal action, which needs to
be run by the system user.
Closeselastic/elasticsearch#1403
Original commit: elastic/x-pack-elasticsearch@4972df459f
- removed `/_shield/roles` and `/_shield/users` endpoints (only keeping the singular forms)
- fixed `ClearRealmsCacheTests` to use the correct endpoint for clearing the realms cache
- used action name constants where possible in `InternalShieldUser`
Original commit: elastic/x-pack-elasticsearch@d1481de389
- Moved all role action classes to live under `o.e.s.action.role`
- Moved all realm related action classes (for now just the clear cache) to live under `o.e.s.action.realm`
- Moved all user action classes to live under `o.e.s.action.user`
- Moved all the rest actions to live under `o.e.s.rest.action`
- Changed the `clear role cache` endpoint to `/_shield/role/{id}/_clear_cache` (aligned with all other role endpoints)
- Changed `InternalShieldUserHolder` to the `InternalShieldUser` singleton user... to be aligned with `InternalMarvelUser` and `InternalWatcherUser`.
- Removed the dedicated audit log user. The new `InternalShieldUser` is now the user that manages and writes to the audit log indices
- Extracted the `User.System` class to a top level `InternalSystemUser` class (to be aligned with the other internal user classes)
- Removed the `SystemRole` class (the `InternalSystemUser` class now holds all the needed info/logic)
Original commit: elastic/x-pack-elasticsearch@cf82b257d1