Commit Graph

197 Commits

Author SHA1 Message Date
Jason Tedor 1cd53c41e2 Do not catch throwable
Today throughout the codebase, catch throwable is used with reckless
abandon. This is dangerous because the throwable could be a fatal
virtual machine error resulting from an internal error in the JVM, or an
out of memory error or a stack overflow error that leaves the virtual
machine in an unstable and unpredictable state. This commit removes
catch throwable from the codebase and removes the temptation to use it
by modifying listener APIs to receive instances of Exception instead of
the top-level Throwable.

Relates elastic/elasticsearch#2694

Original commit: elastic/x-pack-elasticsearch@7ecdd7d978
2016-07-04 08:41:08 -04:00
Tanguy Leroux 17684f1e76 Fix order of modifiers
Original commit: elastic/x-pack-elasticsearch@1f970e78ba
2016-07-01 16:54:53 +02:00
Simon Willnauer 158a6b5588 Cleanup BytesRefrence interface (elastic/elasticsearch#2670)
This is a followup of elastic/elasticsearchelastic/elasticsearch#19196

Original commit: elastic/x-pack-elasticsearch@1d0398e89a
2016-07-01 16:09:53 +02:00
Lee Hinman 8c54887ab8 Merge remote-tracking branch 'dakrone/migrate-tool-master'
Original commit: elastic/x-pack-elasticsearch@ce82529d4b
2016-06-30 09:53:52 -06:00
Ryan Ernst b513f2bb6b Merge branch 'master' into script_service_deps
Original commit: elastic/x-pack-elasticsearch@d4269e190d
2016-06-29 23:35:29 -07:00
Lee Hinman 24d7472cea Fix compilation for missing client
Original commit: elastic/x-pack-elasticsearch@586c5d0716
2016-06-29 09:37:47 -06:00
Lee Hinman db39da77c5 Merge remote-tracking branch 'origin/master' into migrate-tool-master
Original commit: elastic/x-pack-elasticsearch@eaa4b2923f
2016-06-29 09:30:07 -06:00
Lee Hinman ca1d92409f Move setup into a @Before method
Original commit: elastic/x-pack-elasticsearch@21b8cb5be3
2016-06-29 09:29:46 -06:00
Tanguy Leroux a06f4a02fd Rename Marvel packages and directories to Monitoring
related to elastic/elasticsearch#2383

Original commit: elastic/x-pack-elasticsearch@7f4001a031
2016-06-29 09:10:25 +02:00
Ryan Ernst 2d0055de35 Make script service a cluster state listener
Original commit: elastic/x-pack-elasticsearch@dc763f3d66
2016-06-28 14:06:53 -07:00
Lee Hinman a289fbd168 Add a tool to migrate users/roles from file to native realm
This adds the `bin/shield/migrate` tool that allows migrating users and
roles from the files to the native (API-based) store.

It looks like this:

```
λ bin/shield/migrate native -U http://localhost:9200 -u test_user -p changeme -n lee,foo -r role1,role2,role3,role4,foo
starting migration of users and roles...
importing users from [/home/hinmanm/scratch/elasticsearch-2.4.0-SNAPSHOT/config/shield/users]...
found existing users: [test_user, joe3, joe2]
migrating user [lee]
{"user":{"created":true}}
no user [foo] found, skipping
importing roles from [/home/hinmanm/scratch/elasticsearch-2.4.0-SNAPSHOT/config/shield/roles.yml]...
found existing roles: [marvel_user, role_query_fields, admin_role, role3, admin, remote_marvel_agent, power_user, role_new_format_name_array, role_run_as, logstash, role_fields, role_run_as1, role_new_format, kibana4_server, user, transport_client, role1.ab, role_query]
migrating role [role1]
{"role":{"created":true}}
migrating role [role2]
{"role":{"created":true}}
role [role3] already exists, skipping
migrating role [role4]
failed to migrate role [role4] with body: {"indices":[{"names":["idx2"]},{"names":["idx2"]},{"names":["idx1"]}]}
java.io.IOException: {"error":{"root_cause":[{"type":"parse_exception","reason":"failed to parse indices privileges for role [role4]. missing required [privileges] field"}],"type":"parse_exception","reason":"failed to parse indices privileges for role [role4]. missing required [privileges] field"},"status":400}
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.postURL(ESNativeRealmMigrateTool.java:206)
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.importRoles(ESNativeRealmMigrateTool.java:389)
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.execute(ESNativeRealmMigrateTool.java:171)
  at org.elasticsearch.common.cli.CliTool.execute(CliTool.java:153)
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool.main(ESNativeRealmMigrateTool.java:91)
Caused by: java.io.IOException: Server returned HTTP response code: 400 for URL: http://localhost:9200/_shield/role/role4
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1840)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.postURL(ESNativeRealmMigrateTool.java:192)
  ... 4 more

no role [foo] found, skipping
users and roles imported.
```

Original commit: elastic/x-pack-elasticsearch@3ce47c0ffd
2016-06-27 14:20:45 -06:00
Tanguy Leroux 6ed9f50457 Fix SearchInputIT.testSearchInlineTemplate
The search type is overridden from default to query_and_fetch by the search action if the number of shards to request is equal to 1

Original commit: elastic/x-pack-elasticsearch@a9552c697c
2016-06-24 09:19:59 +02:00
Tanguy Leroux a20fb42b70 Fix SearchInputIT.testSearchIndexedTemplate
Original commit: elastic/x-pack-elasticsearch@4011a7bc9b
2016-06-23 12:33:49 +02:00
Tanguy Leroux 77a641b0fc Mute SecurityCachePermissionIT as it was before
Original commit: elastic/x-pack-elasticsearch@89c40f7bc0
2016-06-23 10:26:45 +02:00
Yannick Welsch b3ba1be659 Fix checkstyle line length limit
Original commit: elastic/x-pack-elasticsearch@717ab001d1
2016-06-23 10:01:02 +02:00
Tanguy Leroux 99ade96091 Watcher: Remove usage of SearchRequest's template support
Template support is going to be removed from the Search API to its own Search Template API in the lang-mustache module (see elastic/elasticsearch#17906, elastic/elasticsearch#18765). This commit changes Watcher's SearchInput and SearchTransform classes so that it now uses a WatcherSearchTemplateRequest that contains both the search request and the template. Search request and template are rendered using WatcherSearchTemplateRequestService before being executed.

Original commit: elastic/x-pack-elasticsearch@bfa16ab80f
2016-06-23 09:31:47 +02:00
Alexander Reelsen 5883efc976 Watcher: Remove support for _timestamp field in index action (elastic/elasticsearch#2575)
The watch index action was using the _timestamp field by default.
This functionality now needs to be configured explicitely for a special
field that is part of that document which is going to be indexed.

Relates elastic/elasticsearchelastic/elasticsearch#18980

Original commit: elastic/x-pack-elasticsearch@dfa4cf2296
2016-06-22 14:31:27 +02:00
javanna a030239c9e Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@6437c6572d
2016-06-21 16:22:25 +02:00
jaymode c024dbfc49 security: remove use of shield in files and directory names
This commit removes as much of the use of shield as possible in the source code.

See elastic/elasticsearch#2383

Original commit: elastic/x-pack-elasticsearch@00009cc06e
2016-06-20 10:26:10 -04:00
javanna 966fff2009 Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@9c8cfc915f
2016-06-17 13:50:36 +02:00
Simon Willnauer 36ad326483 Simplify ScriptModule and script registration elastic/elasticsearchelastic/elasticsearch#18903 (elastic/elasticsearch#2535)
follow up PR for elastic/elasticsearchelastic/elasticsearch#18903

Original commit: elastic/x-pack-elasticsearch@d6ab3ab141
2016-06-16 09:35:16 +02:00
javanna 82a19cda0e Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@f8d810f0e8
2016-06-15 11:49:34 +02:00
Jim Ferenczi ce8ffab7f2 Add support for a policy file (x-pack-extension-security.policy) in an x-pack extension
Fix elastic/elasticsearch#2094

Original commit: elastic/x-pack-elasticsearch@bc017064d0
2016-06-14 10:20:54 +02:00
javanna c4ea0ae34d Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@f11da04658
2016-06-09 17:44:06 +02:00
javanna 8bf2d93fac rename ElasticsearchResponse and ElasticsearchResponseException to Response and ResponseException
Original commit: elastic/x-pack-elasticsearch@edfd24f003
2016-06-09 16:55:39 +02:00
Jason Tedor 576a543a28 Register watcher thread pool
This commit register the watcher thread pool in the thread pool module
in core, and also makes the necessary changes to reflect a refactoring
that took place in core.

Relates elastic/elasticsearch#2397

Original commit: elastic/x-pack-elasticsearch@be298a7578
2016-06-06 22:09:58 -04:00
javanna a45b260244 [TEST] lower to 5s the wait for the Thread.sleep
Original commit: elastic/x-pack-elasticsearch@6efeb937cd
2016-06-04 01:10:47 +02:00
javanna db27d0ab20 rename ElasticsearchResponse#getFirstHeader to getHeader
Original commit: elastic/x-pack-elasticsearch@8ca2f6d6dd
2016-06-03 18:28:45 +02:00
javanna e240ca8043 [TEST] adapt to "create standard RestClient at first request and reuse it"
A RestClient instance is now created whenever EsIntegTestCase#getRestClient is invoked for the first time. It is then kept until the cluster is cleared (depending on the cluster scope of the test).

Renamed other two restClient methods to createRestClient, as that instance needs to be closed and managed in the tests.

Original commit: elastic/x-pack-elasticsearch@3a9d6f6e90
2016-06-03 18:09:05 +02:00
javanna ad9a64e854 [TEST] add a lot of forgotten try with resources to wrap ElasticsearchResponses
Original commit: elastic/x-pack-elasticsearch@e4634ea599
2016-06-03 16:42:06 +02:00
javanna 4e2766df11 replace some more usage of HttpClient with RestClient
Original commit: elastic/x-pack-elasticsearch@a3cb53b7a0
2016-06-03 16:13:52 +02:00
javanna e882fb3a18 Replace rest test client with low level RestClient
We still have a wrapper called RestTestClient that is very specific to Rest tests, as well as RestTestResponse etc. but all the low level bits around http connections etc. are now handled by RestClient.

Original commit: elastic/x-pack-elasticsearch@304487ecc5
2016-06-03 16:13:52 +02:00
javanna f58f347fe1 Replace HttpRequestBuilder usages with official RestClient
Original commit: elastic/x-pack-elasticsearch@7428498b47
2016-06-03 16:13:52 +02:00
Areek Zillur e996b78b04 Revert "move trigger package to top-level x-pack"
This reverts commit elastic/x-pack@bb0add9416.

Original commit: elastic/x-pack-elasticsearch@fc20c8c307
2016-06-01 21:30:08 -04:00
Areek Zillur 6ff8124640 Merge pull request elastic/elasticsearch#2388 from areek/extract_scheduler_engine_to_xpack
[refactor] extract trigger package and scheduler engine to top-level x-pack directory

Original commit: elastic/x-pack-elasticsearch@0a89cf2ca3
2016-06-01 15:27:24 -04:00
jaymode 4083bae777 test: set debug log level on the external cluster
Original commit: elastic/x-pack-elasticsearch@e23afb5fbc
2016-06-01 14:35:24 -04:00
Areek Zillur a7aa18aa17 move trigger package to top-level x-pack
Original commit: elastic/x-pack-elasticsearch@4f955a0c4a
2016-06-01 14:31:22 -04:00
jaymode fbeda210ae test: add logging to randomly failing IndexAuditIT
Original commit: elastic/x-pack-elasticsearch@3abd1ec0b5
2016-05-31 12:22:26 -04:00
Boaz Leskes 16d7f0c999 Introduce dedicated master nodes in testing infrastructure (elastic/elasticsearch#2314)
This is a companion commit to elastic/elasticsearchelastic/elasticsearch#18514, fixing issues introduced by adding dedicated master nodes to the test infra

Original commit: elastic/x-pack-elasticsearch@8c0571f2de
2016-05-27 08:45:54 +02:00
Robert Muir 21b2494c5b ScriptException -> GeneralScriptException (https://github.com/elastic/elasticsearch/pull/18600)
Original commit: elastic/x-pack-elasticsearch@0536fe9222
2016-05-26 17:51:46 -04:00
Tanguy Leroux b25c401b3c Add integration test for Delete-By-Query and Security
Closes elastic/elasticsearch#2287

Original commit: elastic/x-pack-elasticsearch@4bbb2a6f73
2016-05-25 09:39:23 +02:00
Adrien Grand 6860944f07 Use Java's Base64 instead of elasticsearch's. elastic/elasticsearch#2282
Original commit: elastic/x-pack-elasticsearch@c2e748d732
2016-05-23 11:25:31 +02:00
jaymode d552574016 test: set logger level differently after removal of support for es.* system properties
Original commit: elastic/x-pack-elasticsearch@fcaa9bbcff
2016-05-20 08:11:26 -04:00
Tanguy Leroux 5161b540a9 Move unneeded log info messages to debug
closes  elastic/elasticsearch#2228, elastic/elasticsearch#2227

Original commit: elastic/x-pack-elasticsearch@558751c424
2016-05-19 17:28:20 +02:00
Chris Earle 87c085d857 Better approach to skipping license check for subprojects
Original commit: elastic/x-pack-elasticsearch@8624ab08cc
2016-05-19 02:41:03 -04:00
Chris Earle 93ca4db1ce Remove duped plugin application from Gradle script.
Original commit: elastic/x-pack-elasticsearch@6745b39c82
2016-05-19 02:20:55 -04:00
Chris Earle c94a326f1d Split monitoring smoke tests into separate smoke tests
There is a race condition between the smoke tests that get run because of the teardown conditions of
REST tests. By splitting them, we can avoid the unrealistic scenario/race condition.

Original commit: elastic/x-pack-elasticsearch@f95ae0e595
2016-05-19 02:08:33 -04:00
Lee Hinman 91f2e94ac7 Fix scripting engines for singular type
Original commit: elastic/x-pack-elasticsearch@ed014cefc3
2016-05-13 09:29:37 -06:00
Robert Muir 3a2cfabc4d use painless syntax improvements in watcher tests and docs
Original commit: elastic/x-pack-elasticsearch@27ef31efac
2016-05-11 21:24:43 -04:00
Chris Earle 080000a595 Updating with array changed to list.
Original commit: elastic/x-pack-elasticsearch@552227458f
2016-05-06 12:26:10 -04:00
Alexander Reelsen a243647ea1 Watcher: Move urls from _watcher to _xpack/watcher
This moves the watcher base URL to _xpack/watcher. This includes
code, tests, rest-api-spec and the documentation.

Relates elastic/elasticsearch#1760

Original commit: elastic/x-pack-elasticsearch@0a44aec022
2016-05-04 09:39:47 +02:00
Alexander Reelsen 1aedda3627 X-Pack: Create notification module
In order to move things from watcher to x-pack this created a notification module in x-pack.
This also means that the HTTPClient was moved up and settings have changed from
`xpack.watcher.http` to just `xpack.http`.

Further things done:

* Move http under o.e.xpack.common
* Moved secret service to o.e.xpack.common, initializing in XpackPlugin
* Moved text template to o.e.xpack.common.text
* Moved http client initialization into xpack plugin
* Renamed xpack.watcher.encrypt_sensitive_data setting, moved into Watch class
* Moved script service proxy to common

Original commit: elastic/x-pack-elasticsearch@41eb6e6946
2016-05-04 08:53:29 +02:00
Alexander Reelsen 74edbe6332 Watcher: Refactoring, move to org.elasticsearch.xpack
This refactors the org.elasticsearch.watcher over to
org.elasticsearch.xpack.watcher

This also adds all watcher actions to the KnownActionsTests,
as watcher actions had not been taken care of until here.

Original commit: elastic/x-pack-elasticsearch@a046dc7c6a
2016-05-02 10:58:34 +02:00
jaymode 773876caee security: ssl by default on the transport layer
This commit adds the necessary changes to make SSL work on the transport layer by default. A large
portion of the SSL configuration/settings was re-worked with this change. Some notable highlights
include support for PEM cert/keys, reloadable SSL configuration, separate HTTP ssl configuration, and
separate LDAP configuration.

The following is a list of specific items addressed:

* `SSLSettings` renamed to `SSLConfiguration`
* `KeyConfig` and `TrustConfig` abstractions created. These hide the details of how `KeyManager[]` and `TrustManager[]` are loaded. These are also responsible for settings validation (ie keystore password is not null)
* Configuration fallback is changed. Previously any setting would fallback to the "global" value (`xpack.security.ssl.*`). Now a keystore path, key path, ca paths, or truststore path must be specified otherwise the configuration for that key/trust will fallback to the global configuration. In other words if you want to change part of a keystore or truststore in a profile you need to supply all the information. This could be considered breaking if a user relied on the old fallback
* JDK trusted certificates (`cacerts`) are trusted by default (breaking change). This can be disabled via a setting.
* We now monitor the SSL files for changes and enable dynamic reloading of the configuration. This will make it easier for users when they are getting set up with certificates so they do not need to restart every time. This can be disabled via a setting
* LDAP realms can now have their own SSL configurations
* HTTP can now have its own SSL configuration
* SSL is enabled by default on the transport layer only. Hostname verification is enabled as well. On startup if no global SSL settings are present and SSL is configured to be used, we auto generate one based on the default CA that is shipped. This process includes a best effort attempt to generate the subject alternative names.
* `xpack.security.ssl.hostname_verification` is deprecated in favor of `xpack.security.ssl.hostname_verification.enabled`
* added Bouncy Castle info to NOTICE
* consolidated NOTICE and LICENSE files

Closes elastic/elasticsearch#14
Closes elastic/elasticsearch#34
Closes elastic/elasticsearch#1483
Closes elastic/elasticsearch#1933
Addresses security portion of elastic/elasticsearch#673

Original commit: elastic/x-pack-elasticsearch@7c359db90b
2016-04-29 12:50:07 -04:00
Alexander Reelsen 27f0a68a28 X-Pack Notification: Settings refactoring, removed 'service'
The service part is now obsolete with moving to `xpack.notification`.

Original commit: elastic/x-pack-elasticsearch@a7907f24a5
2016-04-29 09:02:36 +02:00
jaymode 91943318bf security: cleanup authentication service
This commit removes duplicated code in the authentication service by combining
the authentication logic for rest and transport requests. As part of this we no longer
cache the authentication token since we put the user in the context and serialize the
user.

Additionally we now pass the thread context to the AuthenticationFailureHandler to
restore access to the headers and context.

Original commit: elastic/x-pack-elasticsearch@79e2375a13
2016-04-28 07:59:16 -04:00
Alexander Reelsen 91242f3a98 Tests: Increase logging for tests for randomly failing tests
Relates elastic/elasticsearch#2090

Original commit: elastic/x-pack-elasticsearch@4051354f45
2016-04-25 17:46:09 +02:00
Alexander Reelsen b47d161b9e X-Pack: Porting watcher notifications to xpack notifications (elastic/elasticsearch#2056)
This mainly moves packages over to the x-pack directory and renames the settings
from `xpack.watcher.actions.` to `xpack.notification.`

Moved services include pagerduty, hipchat, slack and email.

Closes elastic/elasticsearch#1998

Original commit: elastic/x-pack-elasticsearch@40c16fe123
2016-04-22 15:57:34 +02:00
Martijn van Groningen 358fa38cf6 test: fix id, script_lang mix up
Original commit: elastic/x-pack-elasticsearch@7c4a3152ba
2016-04-22 15:12:35 +02:00
Martijn van Groningen 4650592150 Remove LazyInitializable from ScriptServiceProxy
Closes elastic/elasticsearch#2062

Original commit: elastic/x-pack-elasticsearch@4eaf323158
2016-04-22 14:31:02 +02:00
Martijn van Groningen b9515357fa Migrated from indexed scripts to store scripts
Original commit: elastic/x-pack-elasticsearch@a0218f1c9e
2016-04-22 13:43:55 +02:00
Alexander Reelsen 98feb695ff Tests: Fixing failing history transform tests after mapping changes
Original commit: elastic/x-pack-elasticsearch@b1b13c52b0
2016-04-19 13:56:50 +02:00
Alexander Reelsen 99cff6f3b9 Watcher: Create module to test with painless scripting language
Also changed some documentation to use painless instead of groovy
to get people used to it.

Original commit: elastic/x-pack-elasticsearch@92a007cc0d
2016-04-18 09:14:31 +02:00
uboness 8aa48ffaff Introduced the X-Pack Info API
- Removed Shield's Info API
- Removed Watcher's Info API

Closes elastic/elasticsearch#2014

Original commit: elastic/x-pack-elasticsearch@6910cb1d6e
2016-04-17 13:38:19 +02:00
jaymode e4cb1f1b24 test: add missing date math to blacklist
Original commit: elastic/x-pack-elasticsearch@85fae58d74
2016-04-15 10:10:01 -04:00
Alexander Reelsen 1ef246adab Watcher: Fall back on default format color in hipchat action
Our documentation states that we have default attributes for
message.format and message.color, which in fact we do not have
as an NPE was triggered in that case.

This commit falls back to unset defaults and allows for hipchat messages
to be sent without having to configure color/format in the action
or the account.

Closes elastic/elasticsearch#1666

Original commit: elastic/x-pack-elasticsearch@bfb7e35112
2016-04-14 09:03:55 +02:00
Nik Everett 120e13148b Handle core search refactoring
Original commit: elastic/x-pack-elasticsearch@fb512063ca
2016-04-12 15:24:19 -04:00
Alexander Reelsen a1f7fff901 Watcher: Cut settings over to xpack.watcher (elastic/elasticsearch#1909)
This cuts over all settings from `watcher.` to `xpack.watcher` as
part of the settings cleanup for 5.0.

Relates elastic/elasticsearch#1441

Original commit: elastic/x-pack-elasticsearch@c82483bf25
2016-04-12 10:34:23 +02:00
Adrien Grand 5b57727b34 Replace usage of settingsBuilder with just builder.
Original commit: elastic/x-pack-elasticsearch@fe038bbc49
2016-04-08 18:09:02 +02:00
Chris Earle daa875db11 Remove hostname from NetworkAddress.format (x-plugins side)
This removes the old usage of NetworkAddress.formatAddress in favor of the updated version, which is just
the method renamed to NetworkAddress.format (replacing the old version of that method).

There is no impact to x-plugins beyond making the build work because all places were currently using that
method variant already.

Original commit: elastic/x-pack-elasticsearch@05f0dcfa90
2016-04-07 17:29:14 -04:00
jaymode 8049a82953 security: add support for main action
This commit adds support for the change in elasticsearch where the `/` rest
endpoint now delegates to an action and can be authorized.

Original commit: elastic/x-pack-elasticsearch@8ef38ce50f
2016-04-07 09:25:21 -04:00
jaymode d08446e221 security: add reserved roles and users
This commit adds reserved or built-in user and role support to x-pack. The reserved roles
cannot be modified by users. The reserved users also cannot be modified with the exception
of changing the password for a user.

In order to change the password for a user, a new API has been added. This API only supports
changing passwords for native and reserved users.

To support allowing a user to change their own password, a default role has been added to grant
access. This default role only grants access to user operations that pertain to the user that is
being authorized. In other words, the default role grants `joe` the ability to change their own password
but does not allow them to change the password of a different user.

Additionally, the authenticate API was made a transport action and is granted by the default role.

Closes elastic/elasticsearch#1727
Closes elastic/elasticsearch#1185
Closes elastic/elasticsearch#1158

Original commit: elastic/x-pack-elasticsearch@1a6689d90f
2016-04-06 18:23:18 -04:00
jaymode f888082ce6 security: remove the use of shield in settings
This commit migrates all of the `shield.` settings to `xpack.security.` and makes changes to
use the new Settings infrastructure in core.

As a cleanup, this commit also renames Shield to Security since this class is only in master
and will not affect 2.x.

See elastic/elasticsearch#1441

Original commit: elastic/x-pack-elasticsearch@a5a9798b1b
2016-04-06 14:00:46 -04:00
Tanguy Leroux c9392183d2 Monitoring: Add smoke test for Monitoring with Security
Original commit: elastic/x-pack-elasticsearch@9dc800ebcc
2016-04-01 11:17:39 +02:00
Chris Earle 6c8ec7be28 Removing test logger now that fix is in
Original commit: elastic/x-pack-elasticsearch@8d80b59ddd
2016-03-31 12:53:20 -04:00
Tanguy Leroux 4007ff44b7 Monitoring: Fix synchronization in Exporters
This commit fixes an issue in synchronization in Exporters class. The export() method is synchronized and when used with LocalExport can provoke a deadlock. LocalExporter exports data locally using bulk requests that can trigger cluster state updates for mapping updates. If a exporters settings update sneaks in, the settings update waits for the export to terminate but the export waits for the settings to be updated... and boom.

This commit removes the synchronized and refactor Exporters/LocalExporter to use state and dedicated instance of LocalBulk for each export so that synchronizing methods is not necessary anymore.

It also lower down some random settings in MonitoringBulkTests because the previous settings almost always fill the bulk thread pool.

closes elastic/elasticsearch#1769

Original commit: elastic/x-pack-elasticsearch@f50c916f8b
2016-03-31 13:47:53 +02:00
javanna 02751ffff8 Merge branch 'master' into enhancement/discovery_node_one_getter
Original commit: elastic/x-pack-elasticsearch@cf4c5bc630
2016-03-30 17:26:02 +02:00
javanna 9f87fd5fc7 Remove DiscoveryNodes#localNode in favour of existing DiscoveryNodes#getLocalNode
Original commit: elastic/x-pack-elasticsearch@fd85aa2325
2016-03-30 15:40:14 +02:00
Adrien Grand 216874881f Don't rely on fielddata being enabled by default.
See elastic/elasticsearchelastic/elasticsearch#17386.

Original commit: elastic/x-pack-elasticsearch@361af3931a
2016-03-30 14:34:54 +02:00
Alexander Reelsen e0fcbcbb51 Elasticsearch: Rename plugin from 'xpack' to 'x-pack'
This is just to be consistent with out naming, which is
supposed to be `x-pack`.

Closes elastic/elasticsearch#1759

Original commit: elastic/x-pack-elasticsearch@0697f70855
2016-03-30 09:48:46 +02:00
Chris Earle 793a6138a3 Adding logger to catch test failure. See elastic/elasticsearch#1769
Original commit: elastic/x-pack-elasticsearch@ab47c05739
2016-03-29 17:59:48 -04:00
jaymode 5ab407b2e0 test: handle update-by-query to update_by_query rename
Original commit: elastic/x-pack-elasticsearch@72ba860f3f
2016-03-29 06:34:04 -04:00
jaymode 0d1f3da353 security: rename ESUsersRealm to FileRealm
This commit is the forward port of renaming the type for esusers to file. There is no
backwards compatibility maintained here. Additionally, a few other renames and
cleanups have been made:

* `esusers` commands is now `users`
* org.elasticsearch.shield.authc.esusers -> org.elasticsearch.shield.authc.file
* Validation.ESUsers -> Validation.Users
* ESUsersTool -> UsersTool
* ESUsersToolTests -> UsersToolTests
* ESNativeUsersStore -> NativeUsersStore
* ESNativeRolesStore -> NativeRolesStore.
* org.elasticsearch.shield.authz.esnative collapsed to org.elasticsearch.shield.authz.store
*  ESNativeTests -> NativeRealmIntegTests

Closes elastic/elasticsearch#1793

Original commit: elastic/x-pack-elasticsearch@d2a0c136f3
2016-03-28 06:18:57 -04:00
Jim Ferenczi 9c6aa6353e Make xpack extensible:
* Add XPackExtension: an api class (like Plugin in core) for what a x-pack extension can do.
* Add XPackExtensionCli: a cli tool for adding, removing and listing extensions for x-pack.
* Add XPackExtensionService: loading of jars from pluginsdir/x-pack/extensions, into child classloader.
* Add bin/x-pack/extension script, similar to plugin cli, which installs an extension into pluginsdir/x-pack/extensions.
* Add XPack extension integration test.

Fixed elastic/elasticsearch#1515

Original commit: elastic/x-pack-elasticsearch@130ba03270
2016-03-22 11:41:38 +01:00
jaymode 2872acd742 remove watcher and graph privileges. manage does not include security
Original commit: elastic/x-pack-elasticsearch@da250ed842
2016-03-17 14:31:03 -04:00
jaymode cf0fd986e1 rename graph actions
Original commit: elastic/x-pack-elasticsearch@70a71d6bd6
2016-03-17 14:31:03 -04:00
jaymode a22539aca0 shield: add support for new privilege naming
This commit adds support for the privilege naming defined in elastic/elasticsearch#1342 and removes the
support for the privileges that were deprecated in 2.3. This change also includes
updates to the documentation to account for the new roles format.

Original commit: elastic/x-pack-elasticsearch@98e9afd409
2016-03-17 14:29:26 -04:00
jaymode 9e08579d4f security: file parsing only supports the new format
This commit remove the pre-existing file parsing code and replaces it with the updated
code in the RoleDescriptor class. This unifies the parsing for the files and API for roles.

Closes elastic/elasticsearch#1596

Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1
2016-03-16 12:33:05 -04:00
Tanguy Leroux 1161edca2c Monitoring: Do not expose sensitive settings
Original commit: elastic/x-pack-elasticsearch@25d81bb7b6
2016-03-16 17:14:40 +01:00
Ali Beyad 7d8149cb86 Suggester refactoring requires a Suggester to parse X-Content to Builder
As part of the search refactoring effort, we need to pass a Suggester
to the methods that parse X-Content to a SuggestBuilder in every
instance where we are parsing search/suggest requests.

Original commit: elastic/x-pack-elasticsearch@7f815c617a
2016-03-16 10:27:29 -04:00
Jason Tedor 69b69f7af1 Use setting in integration test cluster config
This commit modifies using system properties to configure an integration
test cluster and instead use settings in the generated Elasticsearch
config file.

Original commit: elastic/x-pack-elasticsearch@65211b93d0
2016-03-15 20:01:01 -04:00
Ryan Ernst 1b21f20e5b Lazily generate san string for certificates
The san string used by certificate generation for ssl tests currently
runs at gradle configuration time. This takes several seconds, and
significantly slows down gradle configuration on every invocation.
This change wraps the code into a lazy evaluator that will be invoked at
runtime, and cache the string once it is generated.

Original commit: elastic/x-pack-elasticsearch@812036f416
2016-03-14 17:55:22 -07:00
markharwood 925afa3cab Graph - port of 2.x graph API and kibana UI plugin
Closes X-plugins issue 518

Original commit: elastic/x-pack-elasticsearch@6c6371ed74
2016-03-11 14:22:31 +00:00
Nik Everett 016b9d017c Add reindex tests to shield
Original commit: elastic/x-pack-elasticsearch@fe00f317b3
2016-03-10 10:17:46 -05:00
Martijn van Groningen a3a7acd934 tests: mute ingest/70_bulk test suite for now
Original commit: elastic/x-pack-elasticsearch@5fa15106f3
2016-03-10 15:00:14 +01:00
Tanguy Leroux 146f91f730 Watcher: Rename ClientProxy to WatcherClientProxy
Original commit: elastic/x-pack-elasticsearch@84c17d1bc0
2016-03-08 14:28:39 +01:00
jaymode 2612edf4cb test: blacklist the ingest default processors rest test
This test assumes no modules are installed but the shield rest tests run with the modules
installed.

Original commit: elastic/x-pack-elasticsearch@2ba47fcd0f
2016-03-07 12:15:06 -05:00
jaymode 46cae1b2b1 test: remove check for bound addresses that fails on mac
Original commit: elastic/x-pack-elasticsearch@85c7f158ff
2016-03-04 17:47:38 -05:00
Tanguy Leroux 66e49a0546 Marvel: Add integration test for Marvel+Shield with SSL
closes elastic/elasticsearch#1467

Original commit: elastic/x-pack-elasticsearch@9dd6bf9629
2016-03-04 16:55:35 +01:00
Nik Everett 507e9ede59 Rename unit test so it looks like a unit test
Original commit: elastic/x-pack-elasticsearch@d2d39ad50b
2016-03-01 08:09:25 -05:00