Commit Graph

4899 Commits

Author SHA1 Message Date
Brian Murphy 3f4d469d4a FIX: Fixes after merge fail.
Original commit: elastic/x-pack-elasticsearch@6bab2d2640
2014-12-04 15:10:18 +00:00
Brian Murphy 4e825e7fac Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-alerts
Original commit: elastic/x-pack-elasticsearch@0707d65b2c
2014-12-04 14:55:26 +00:00
Brian Murphy f175b298b4 Add payload search test
Original commit: elastic/x-pack-elasticsearch@9fba7e97d1
2014-12-04 14:55:08 +00:00
Brian Murphy b68d7e5554 Changes for payload merge.
Original commit: elastic/x-pack-elasticsearch@7989471378
2014-12-04 14:54:20 +00:00
Brian Murphy 14ca6ec300 Add payload search and response to AlertActionEntry.
Original commit: elastic/x-pack-elasticsearch@b88b63e8a9
2014-12-04 14:31:14 +00:00
Brian Murphy 8375788839 Merge result from rebase.
Original commit: elastic/x-pack-elasticsearch@7e091273da
2014-12-04 14:30:04 +00:00
uboness 970dbaec77 Updated the min es compatibility to 1.4.0
Original commit: elastic/x-pack-elasticsearch@6aa954c3bb
2014-12-04 15:01:47 +01:00
Alexander Reelsen 2aafcf40dd Performance: Only iterate ip filter rules per profile
This is a little cleanup to only iterate IP filter rules for each
profile instead of iterating all of them and check for the profile
inside of the rule.

Original commit: elastic/x-pack-elasticsearch@6774f1f165
2014-12-04 14:16:10 +01:00
Martijn van Groningen e09fface02 adjust formatting
Original commit: elastic/x-pack-elasticsearch@aeabde439e
2014-12-04 13:53:09 +01:00
Martijn van Groningen 83f7fba1e1 Docs: Moved getting started to dedicated asciidoc file and added some more general documentation.
Original commit: elastic/x-pack-elasticsearch@2cddf76cd6
2014-12-04 12:53:18 +01:00
uboness 150ac97ffe Reduced audit logs
- Moved ACCESS_GRANTED logging of internal actions to TRACE level

Original commit: elastic/x-pack-elasticsearch@fe9bd3e64d
2014-12-04 10:25:40 +01:00
Areek Zillur a8cf41d78f Update version to 1.0.0-beta1
Original commit: elastic/x-pack-elasticsearch@77cf9d460d
2014-12-03 20:15:21 -05:00
Areek Zillur 134c278336 Add LicenseVersion to track version
closes elastic/elasticsearch#23

Original commit: elastic/x-pack-elasticsearch@d606beeb14
2014-12-03 19:38:16 -05:00
Areek Zillur b08f459c57 [LICENSOR] use Paths and Files instead of File
Original commit: elastic/x-pack-elasticsearch@1aefc6867d
2014-12-03 12:54:31 -05:00
Areek Zillur 99806cbd27 Move build tool configs to dev-tools
Original commit: elastic/x-pack-elasticsearch@d4aa77b55d
2014-12-03 12:54:31 -05:00
Alexander Reelsen 347374b56d Cleanup: Removed leftover and unused ip_filter.yml
Also fixed a minor tabbing issue

Original commit: elastic/x-pack-elasticsearch@cc761fd278
2014-12-03 15:39:52 +01:00
uboness 2bd541e40f Added EULA
Original commit: elastic/x-pack-elasticsearch@dd9ebdd082
2014-12-03 14:09:55 +01:00
javanna 847fc21def [TEST] temporarily log the default locale in REST tests
The locale is being randomized but never printed out for now (fixed upstream but we still depend on 1.4.0). We need to temporarily log it out manually to debug some test failures that might be related to the locale randomization (in combination with build machines settings).

Original commit: elastic/x-pack-elasticsearch@6f7e9625d1
2014-12-02 19:24:12 +01:00
uboness eac85eda10 [Cleanup] - FileRolesStore no longer depends on AuthorizationService
It used to be required, but since elastic/x-pack@607fabbade it's no longer needed.

Original commit: elastic/x-pack-elasticsearch@3c60798c2e
2014-12-02 19:04:25 +01:00
javanna 452851be6a [TEST] fixed tests repeatability issue
Every random call should happen all the time on all platforms (unless randomized!), otherwise tests won't reproduce on different platforms.

Original commit: elastic/x-pack-elasticsearch@d5b2d2079c
2014-12-02 18:43:43 +01:00
Alexander Reelsen 1d4422fc79 Profiles: Add client server transport filter
This PR allows to configure different ServerTransportFilters per profile.
By default there is a `server` transport filter, that does authentication
and a `client` on that rejects internal actions and shard actions.

Closes elastic/elasticsearch#312

Original commit: elastic/x-pack-elasticsearch@1ce66495a5
2014-12-02 16:59:20 +01:00
Alexander Reelsen dca9f3115e IP Filtering: Add support for having on filters on HTTP transport
In order to fix elastic/elasticsearch#378 a problem was revealed, that the ip filter for HTTP was
always the one for the default profile, which lead to failed tests (along
with wrong socket connections, which made the test go green irregularly).

This commit fixes the tests and allow to configure own HTTP ip filters, adding
the following settings

* shield.http.filter.enabled
* shield.http.filter.allow
* shield.http.filter.deny

If not specific settings are configured, the one of the default profile are used.

Closes elastic/elasticsearch#378

Original commit: elastic/x-pack-elasticsearch@89dbaefe9a
2014-12-02 16:44:15 +01:00
uboness 63a483e77e [Cleanup] - refactored out N2NAuthenticator
N2NAuthenticator was not really used. Only the ip filtering authenticator was used, and was used directory (no use for a generic interface). `IPFilteringN2NAuthenticator` is now `IPFilter` and all relevant classes were moved to `shield.transport.filter` package.

Original commit: elastic/x-pack-elasticsearch@43f6faeb4b
2014-12-02 14:27:54 +01:00
Alexander Reelsen 8bcbc690ce SSL: Re-enabling configuration option to disable client auth
In order to not require client side SSL certs for transport clients
another option was added in the profile configuration to enable
or disable client side certs. The same option has also been added
for HTTP.

Original commit: elastic/x-pack-elasticsearch@9658598bdc
2014-12-02 14:01:50 +01:00
uboness 1c54bf0d2e Added validation for esusers username, password and role name
Force validation of eusers username & password, and the role names.

role names and usernames follow the following validation rule:
```
A valid name must be at least 1 characher and no longer than 30 characters. It must begin with a letter (`a-z` or `A-Z`)
or an underscore (`_`). Subsequent characters can be letters, underscores (`_`), digits (`0-9`) or any of the following
symbols `@`, `-` or `$`
```

passwords must be at least 6 characters long.

Closes elastic/elasticsearch#399

Original commit: elastic/x-pack-elasticsearch@e6be51b357
2014-12-02 12:49:10 +01:00
javanna d7478b188e [TEST] restored `gateway: local` settings in ClusterDiscoveryConfiguration fork and clarify version assert (now for real)
Local gateway has been removed in core, but it's a master only change. If we don't set it to local in our settings, we end up using the none gateway and KnownActionsTests fails because the local gateway endpoint are not registered to core.

Original commit: elastic/x-pack-elasticsearch@9bb550329f
2014-12-02 11:07:05 +01:00
javanna 731feff48f [TEST] restored `gateway: local` settings in ClusterDiscoveryConfiguration fork and clarify version assert
Local gateway has been removed in core, but it's a master only change. If we don't set it to local in our settings, we end up using the none gateway and KnownActionsTests fails because the local gateway endpoint are not registered to core.

Original commit: elastic/x-pack-elasticsearch@c3bc37df4b
2014-12-02 11:06:29 +01:00
javanna 16929a0da7 [TEST] sync our fork of ClusterDiscoveryConfiguration with core
This class will be deleted when we'll depend on the next version, for now we forked it and we have to keep it up-to-date

Original commit: elastic/x-pack-elasticsearch@0d7cfdfe3d
2014-12-02 10:33:23 +01:00
javanna 45f5bd1967 [TEST] randomly enable/disable ssl on the transport layer
We currently run with ssl always on on the transport layer, which means that we never test with ssl off. We found bugs in the past caused by the ssl classes being loaded even when ssl was disabled, those should be caught by this new randomization.

Added method to override whether ssl is enabled or not for SUITE and TEST tests, called sslTransportEnabled(). A couple of tests do require ssl always on, thus they enable it through that method, which means that both nodes and transport client will have the keystore configured and ssl enabled on the transport.

Note that ssl on http is not touched here, that stays off by default unless enabled specifically in SUITE or TEST tests.

Closes elastic/elasticsearch#396

Original commit: elastic/x-pack-elasticsearch@63061b97ff
2014-12-02 09:52:35 +01:00
Areek Zillur 01439e42cd [Plugin] Ensure a consumer plugin registers only once to LicensesClientService
closes elastic/elasticsearch#8

Original commit: elastic/x-pack-elasticsearch@6f4a0a71ce
2014-12-01 22:18:37 -05:00
Areek Zillur be26fd7c49 Expose plugin name in a public constant
closes elastic/elasticsearch#27

Original commit: elastic/x-pack-elasticsearch@3410ca2e3d
2014-12-01 22:08:25 -05:00
jaymode 7a6a3d072f Fix password comparison in UsernamePasswordToken.equals
The password comparison in the UsernamePasswordToken compares the
instances password to itself instead of the other instances password.

Closes elastic/elasticsearch#405

Original commit: elastic/x-pack-elasticsearch@3cb5658edf
2014-12-01 19:08:35 -05:00
jaymode c1cac5887a Add ip filtering output to the audit trail
This replaces the use of the logger in the IPFilteringN2NAuthenticator with the
AuditTrail, so that the connection granted or denied messages will now be seen
with the rest of the audit output.

Closes elastic/elasticsearch#101

Original commit: elastic/x-pack-elasticsearch@10218a45a9
2014-12-01 18:27:23 -05:00
uboness da430a5143 Fixes lazy loading issues in the codebase
- SSLService needs to be lazy loaded (only loaded when required). Guice provider doesn't seem to work as all singleton bindings are forced to be loaded eagerly. For this reason, a new `SSLServiceProvider` is introduced and is injected wherever the SSLService might be needed (SSLService is never injected directly)

 - `IPFilteringN2NAuthenticator` is now always injected and used. enabling/disabling the filtering is handled within the `IPFilteringN2NAuthenticator` and the `SecuredMessageChannelHandler` on the transport is always set. Although we add another handler to netty's event chain (even while having ip filtering disabled), the overhead of this handler is negligible and this will also enabled enabling/disabling filtering at runtime (if we choose to support it) via API later on.

Original commit: elastic/x-pack-elasticsearch@cd44ecd6ac
2014-12-01 11:21:56 -08:00
Martijn van Groningen d3dcecbd77 Changed visibility of setters and made naming of setters and getters consistent
Original commit: elastic/x-pack-elasticsearch@c9cc736012
2014-12-01 18:52:02 +01:00
Martijn van Groningen 8e8d360fd2 Test: ensure a no action entry has been fired
Original commit: elastic/x-pack-elasticsearch@0e6d915669
2014-11-28 16:32:09 +01:00
Martijn van Groningen 8910a1f284 Let the xcontent type of alert history documents be based on the xcontent type of alert documents.
Closes elastic/elasticsearch#54

Original commit: elastic/x-pack-elasticsearch@e03bf5d3bf
2014-11-28 15:54:32 +01:00
Martijn van Groningen c094430584 Moved the stopping log info message
Original commit: elastic/x-pack-elasticsearch@0391704846
2014-11-28 15:36:34 +01:00
javanna 123d577a88 Remove benchmark privileges and actions from codebase and docs
Closes elastic/elasticsearch#384

Original commit: elastic/x-pack-elasticsearch@13cdefd585
2014-11-28 13:41:51 +01:00
Martijn van Groningen b883641b01 Also check if the refresh was successful on all the shards it was supposed to execute.
Original commit: elastic/x-pack-elasticsearch@ab867346e4
2014-11-28 12:49:51 +01:00
javanna ac2b30f150 [TEST] delete the temp folder if already existing (this time for real)
Original commit: elastic/x-pack-elasticsearch@618fcd4dbd
2014-11-28 10:11:38 +01:00
Areek Zillur 4ba17be1e6 minor edit
Original commit: elastic/x-pack-elasticsearch@da50e65388
2014-11-27 18:54:48 -05:00
Areek Zillur 3bbc666b82 Update Readme for multi-module setup
Original commit: elastic/x-pack-elasticsearch@65895002b5
2014-11-27 18:53:20 -05:00
Areek Zillur 43284305b6 Make elasticsearch-license multi-module:
- core-shaded - has CryptUtils (used by core and can be shared with consumer plugins)
 - core - License data structures & verifier
 - licensor - License Signer along with key-pair and license generation, verification
 - plugin - Enforce licensing on a deployment

Original commit: elastic/x-pack-elasticsearch@041ef3a9f1
2014-11-27 13:14:54 -05:00
Martijn van Groningen 737e9567b9 Alert action manager: Start the queue reader thread with self maintained thread instead of using thread pool.
This gives us more control over interrupting and joining this thread during stopping, so we have a good moment in time to clear the queue.

Original commit: elastic/x-pack-elasticsearch@ed3f85fa75
2014-11-27 17:22:22 +01:00
Martijn van Groningen 0ec1f66c60 Test: Run refresh before the search on metadata occurs.
Original commit: elastic/x-pack-elasticsearch@2097f01458
2014-11-27 17:20:32 +01:00
Martijn van Groningen ac715134b3 Increased logging
Original commit: elastic/x-pack-elasticsearch@39093540fd
2014-11-27 15:46:41 +01:00
Brian Murphy fbec93d941 This adds metadata to alerts that are copied to the action entries for this alert.
Original commit: elastic/x-pack-elasticsearch@0abfc22421
2014-11-27 14:00:28 +00:00
Martijn van Groningen b54aea7c14 Test: We can't be sure how often an alert has been fired, so these asserts should by in the atleast mindset.
Original commit: elastic/x-pack-elasticsearch@d4195eb3c0
2014-11-27 14:27:56 +01:00
Martijn van Groningen c29e3c9611 But we still need to clear if loading fails
Original commit: elastic/x-pack-elasticsearch@69bf786e81
2014-11-27 14:07:20 +01:00