Commit Graph

3757 Commits

Author SHA1 Message Date
Jason Tedor 46d7baa319 Merge pull request elastic/elasticsearch#3021 from jaymode/netty4_transport
Introduce Netty 4 security

Original commit: elastic/x-pack-elasticsearch@fb5e7fa66e
2016-08-03 14:10:52 -04:00
Alexander Reelsen 07b8bcf219 Watcher: Ensure watch status is always updated on condition check (elastic/elasticsearch#2980)
When a watch is executed, but the condition is not met, it is not automatically marked as dirty.
This results in a divergence of what is displayed when someone is just getting a watch via the get
watch API (due to using the in memory store) compare to when someone is using the GET API to get the
watch via the .watches index call.

This commit sets the watch status always to dirty after a condition check, thus forcing an update.

Closes elastic/elasticsearch#2699

Original commit: elastic/x-pack-elasticsearch@e6a00260f7
2016-08-03 18:21:57 +02:00
jaymode 60cb867d47 security: ignore empty query value in roles
Users are allowed to create query objects with an empty string value as we do
not currently validate the input against a query parser. In this case, we can ignore
the empty value when parsing the role. If we pass an empty BytesReference in
the role then trying to determine the XContentType will fail in the
SecurityIndexSearcherWrapper.

Closes elastic/elasticsearch#2997

Original commit: elastic/x-pack-elasticsearch@fc593943c4
2016-08-03 11:24:49 -04:00
Jason Tedor 33ba52e735 Merge branch 'master' into netty4_transport
* master:
  Restore interruption flag correctly in life cycle service

Original commit: elastic/x-pack-elasticsearch@5da6471c9a
2016-08-03 11:11:16 -04:00
Jason Tedor 832cb4fff2 Simplify test setup in Netty 4 transport tests
This commit collapes some duplicated setup code in every test in the
Netty 4 security transport tests to a common method.

Original commit: elastic/x-pack-elasticsearch@0a088db78d
2016-08-03 11:08:00 -04:00
Daniel Mitterdorfer 196f74984c Merge pull request elastic/elasticsearch#2969 from danielmitterdorfer/fix-interruption
Restore interruption flag correctly in life cycle service

Original commit: elastic/x-pack-elasticsearch@fe73226e47
2016-08-03 17:03:33 +02:00
jaymode b3f8495a03 clarify comments and add assert client auth type
Original commit: elastic/x-pack-elasticsearch@0e3d134bc6
2016-08-03 10:39:37 -04:00
Jason Tedor 94e7d82a20 Kill newline in SecurityNetty4HttpServerTransport
This commit removes an extra newline in
SecurityNetty4HttpServerTransport.java.

Original commit: elastic/x-pack-elasticsearch@218b29c9b6
2016-08-03 09:42:51 -04:00
Jason Tedor 4874d84f82 Merge branch 'master' into netty4_transport
* master: (25 commits)
  docs: remove unused file and add link to invalid role examples
  Remove interfaces for notification services
  Redirect to URL specified by next parameter, if it is set
  Fix fixture and tests so they pass again
  Update error message to be more actionable
  Switch to NamedWriteable pull based extension in xpack
  Fixing issue with infinite redirect loop
  Toggle display of security nav controls more dynamically
  Pass in xpackMainPlugin instead of xpackMainPlugin.info
  Wrap the return in a Promise
  Only unset the cookie if it is currently set
  Clarifying intent of code
  Updating tests fixtures + adding assertion for client cookie deletion
  If security is disabled, do not attempt to call the authenticate ES API
  Disambiguate between resolve function names
  Revert to not using xpackMainPlugin.info until the xpackMainPlugin is ready
  Redirect /login => / if security is disabled in ES
  Register/deregister security management items depending on whether there's an auth'd user
  Show/hide the username + logout button depending on whether there is an auth'd user
  If security is disabled, continue without auth + delete client cookie
  ...

Original commit: elastic/x-pack-elasticsearch@16b92a1a59
2016-08-03 09:18:42 -04:00
jaymode 00e963fef9 ensure transport is set for external cluster clients take 2
Original commit: elastic/x-pack-elasticsearch@b92943303e
2016-08-03 08:12:05 -04:00
jaymode 417bc49230 ensure transport is set for external cluster clients
Original commit: elastic/x-pack-elasticsearch@ee8aa8600a
2016-08-03 08:11:19 -04:00
jaymode 76591e54f6 mock channelhandlercontext instead of a null implementation
Original commit: elastic/x-pack-elasticsearch@e4ba6b96cc
2016-08-03 07:27:37 -04:00
jaymode 55ccd27acf ensure the transport type is a security transport
Original commit: elastic/x-pack-elasticsearch@6c7e46e103
2016-08-03 07:23:55 -04:00
Ryan Ernst d69bb4cc51 Merge pull request elastic/elasticsearch#3017 from rjernst/writeable_registry
Switch to NamedWriteable pull based extension in xpack

Original commit: elastic/x-pack-elasticsearch@e077ba2d6c
2016-08-03 01:36:43 -07:00
Ryan Ernst 5fd85104ff Merge pull request elastic/elasticsearch#3022 from rjernst/deguice17
Remove interfaces for notification services

Original commit: elastic/x-pack-elasticsearch@f2d9a55e28
2016-08-03 00:19:44 -07:00
Ryan Ernst 549a5d3e73 Remove interfaces for notification services
We have 4 types of notification services, and all of them have an
interface with a single implementation class. They also all
unnecessarily are lifecycle componenets, but the only thing start does
is read the settings.

This change converts all 4 notification services to classes, and makes
them regular components instead of lifecycle services.

Original commit: elastic/x-pack-elasticsearch@897115ae65
2016-08-03 00:07:26 -07:00
Jason Tedor dd181e3e13 Cleanup HTTP and transport security settings
After this commit, we have "security3" and "security4" as possible
transport and HTTP settings, we default to "security4" if it is not set,
and we randomize the selection in some of the integration tests.

Original commit: elastic/x-pack-elasticsearch@e56718911a
2016-08-03 00:23:58 -04:00
Jason Tedor f4ba670b25 Cleanup Netty handshake waiting handlers
This commit cleans up the Netty handshake waiting handlers. We rename
the Netty 3 implementation to include "Netty3" in the name, the Netty 4
implementation is not needed, and we improve the handling of waiting for
the handshakes to complete when connecting.

Original commit: elastic/x-pack-elasticsearch@f736fdc8f0
2016-08-02 23:55:20 -04:00
Shaunak Kashyap dda8e49c4c Merge pull request elastic/elasticsearch#2871 from ycombinator/security/dynamic-disabling-in-es
If security is disabled in ES, allow unauth'd access to Kibana

Original commit: elastic/x-pack-elasticsearch@49a369441e
2016-08-02 17:44:12 -07:00
Ryan Ernst cdae14a5b9 Switch to NamedWriteable pull based extension in xpack
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#19764. It converts
the one use of registering custom NamedWriteable readers in xpack for
xpack feature sets to register them up front with the new pull based
registration.

Original commit: elastic/x-pack-elasticsearch@48e2020816
2016-08-02 16:00:06 -07:00
Jason Tedor 8579dbf80b Remove nocommit from Security
This commit removes a nocommit from Security so that work can continue.

Original commit: elastic/x-pack-elasticsearch@4d35ef6174
2016-08-02 17:11:32 -04:00
Jason Tedor c88aea19d8 Migrate Netty 4 unit tests
This commit migrates some unit tests to Netty 4.

Original commit: elastic/x-pack-elasticsearch@a38dc82706
2016-08-02 16:43:07 -04:00
Lukas Olson 1b72c540ad Merge branch 'master' into fix/basic-auth
Original commit: elastic/x-pack-elasticsearch@9854169eff
2016-08-02 13:39:28 -07:00
jaymode c3cecad027 add channel is closed check
Original commit: elastic/x-pack-elasticsearch@04bcdf8308
2016-08-02 15:50:17 -04:00
jaymode 7a3932de94 add some debugging info to assert
Original commit: elastic/x-pack-elasticsearch@ef3c68e4db
2016-08-02 15:36:00 -04:00
jaymode fc8e787325 update security rest filter
Original commit: elastic/x-pack-elasticsearch@9a4f0bc184
2016-08-02 14:47:06 -04:00
Jason Tedor 8fa06fbab7 Security Netty 4 HTTP server implementation
This commit is a work-in-progress commit on a Netty 4-based HTTP server
implementation.

Original commit: elastic/x-pack-elasticsearch@705a202574
2016-08-02 14:33:42 -04:00
jaymode af16eec512 fix PKI cert extraction
Original commit: elastic/x-pack-elasticsearch@9c68611557
2016-08-02 14:07:16 -04:00
jaymode b525891212 Netty 4 transport working
Original commit: elastic/x-pack-elasticsearch@081e68c087
2016-08-02 13:43:16 -04:00
Jason Tedor b498fd32a2 Enable core to default networking to Netty 4
This commit enables core to set the default transport and HTTP
implementation to use transport-netty4.

Relates elastic/elasticsearch#2999

Original commit: elastic/x-pack-elasticsearch@cb0efa29ab
2016-08-02 12:19:34 -04:00
Shaunak Kashyap d2ac60c08e Merge branch 'master' into security/dynamic-disabling-in-es
Original commit: elastic/x-pack-elasticsearch@a5a3ce4851
2016-08-02 08:42:08 -07:00
Ali Beyad 287f4da0b9 Fix tests that use write consistency level in favor of ActiveShardCount
Original commit: elastic/x-pack-elasticsearch@4c463c8d7b
2016-08-02 08:59:46 -04:00
Shaunak Kashyap 8368528e82 Merge pull request elastic/elasticsearch#2802 from ycombinator/security/redirect-to-login-on-401-xhr-response
Redirect to login on 401 XHR response

Original commit: elastic/x-pack-elasticsearch@8b5763ba88
2016-08-01 16:33:07 -07:00
Shaunak Kashyap b09f7fb063 Merge branch 'master' into security/redirect-to-login-on-401-xhr-response
Original commit: elastic/x-pack-elasticsearch@94d49e29ef
2016-08-01 15:38:37 -07:00
Shaunak Kashyap b5752b9b8e Merge branch 'master' into security/redirect-to-login-on-401-xhr-response
Original commit: elastic/x-pack-elasticsearch@4242faf87b
2016-08-01 15:30:05 -07:00
Tanguy Leroux 62d3c19db5 [TEST] Make MockMustacheScriptEngine less strict
Since elastic/elasticsearch#19621 MockScriptEngine is stricter and expects scripts to be defined before being used in tests. Because watcher makes heavy use of scripts without really need of custom logic, this commit changed the MockMustacheScriptEngine implementation so that it always returns the script's source as a result.

Original commit: elastic/x-pack-elasticsearch@09cffa9517
2016-08-01 18:13:43 +02:00
Nik Everett 2297c493e4 Handle renaming DocWriteResponse.Operation
It is now DocWriteResponse.Result. The enum constants have changed a bit
as well.

Original commit: elastic/x-pack-elasticsearch@395e7c15bb
2016-08-01 10:43:15 -04:00
Nik Everett 585837dbd3 Handle core moving RestUtils
Original commit: elastic/x-pack-elasticsearch@01cda72d62
2016-07-29 20:37:01 -04:00
Nik Everett c0df62e0e9 Stop using isCreated and isFound
These are going away in core and being replaced by `getOperation`.

Original commit: elastic/x-pack-elasticsearch@7413b12911
2016-07-29 14:22:11 -04:00
Nik Everett 240a052cbf Stop using isCreated and isFound
These are going away in core and being replaced by `getOperation`.

Original commit: elastic/x-pack-elasticsearch@d02e745318
2016-07-29 13:43:02 -04:00
jaymode c82f1be386 security: move reloading of ssl configuration to its own class
This commit moves the reloading and monitoring of files from the trust/key configuration
classes into a separate class that will reload for the whole SSLConfiguration object.
SSLContexts are loaded lazily by most of security, so a listener interface was added to
notify the reloader that there may be other paths to monitor.

Original commit: elastic/x-pack-elasticsearch@1633cc14a7
2016-07-29 12:26:37 -04:00
Daniel Mitterdorfer a8017c4968 Restore interruption flag correctly in life cycle service
Original commit: elastic/x-pack-elasticsearch@c9b0754811
2016-07-29 11:08:22 +02:00
Martijn van Groningen 62353ff8bc test: removed messy xpack mustache test module
The tests have been moved back to xpack, turned into a rest test or removed.
For example testing specific inline, file or stored mustache template functionality is already covered in the `lang-mustache` module. The smoke-test-watcher-with-mustache should tests watcher mustach specific things like the if the watcher variables are available.

Original commit: elastic/x-pack-elasticsearch@e434bcd3fa
2016-07-29 11:00:42 +02:00
Nik Everett 59cb8f2271 Fix rest spec for graph explore
Original commit: elastic/x-pack-elasticsearch@293b5c9ebd
2016-07-28 16:37:30 -04:00
Chris Earle 4d81792a56 [Graph] Log Deprecation Warnings for old API usage
This makes use of the `registerAsDeprecatedHandler` method to automatically warn users when they're using deprecated functionality.

This will also automatically provide a `Warning` header for anyone using HTTP clients (though they have to be looking for it...).

Graph portion only

Original commit: elastic/x-pack-elasticsearch@d6452a75c1
2016-07-28 12:11:10 -04:00
Ryan Ernst 9d6d858449 Merge pull request elastic/elasticsearch#2958 from rjernst/move_license
Move License into xpack

Original commit: elastic/x-pack-elasticsearch@6b86ce6f14
2016-07-28 08:41:23 -07:00
Alexander Reelsen 39d614bd17 Watcher: Fix HTTP proxy port setting (elastic/elasticsearch#2961)
The value of the setting name had a typo.
Also added a message to show the value of globally configured proxy on startup
to help admins spot if this is configured.

Original commit: elastic/x-pack-elasticsearch@bdc41ff733
2016-07-28 16:10:02 +02:00
jaymode ba1ced9096 security: adapt realms usage stats output and add anonymous
This changes the usage stats for the realms to not use nested objects but to instead group
values by the realm type. Additionally, the realms now return the actual size of the users that
are contained or have recently logged in (in case of LDAP/AD).

Additionally, the audit section will always contain an enabled flag and a new field has been
added to capture whether anonymous access is enabled or not.

See elastic/elasticsearch#2210

Original commit: elastic/x-pack-elasticsearch@9cc2852585
2016-07-28 08:05:21 -04:00
Martijn van Groningen 3d3eb0fc48 test: renamed test cases
Original commit: elastic/x-pack-elasticsearch@c05bfecb97
2016-07-28 12:59:40 +02:00
Martijn van Groningen 49a1f8a4e5 test: Removed the mustache dependency on a number of tests and moved them back the xpack
There are still tests left to be cleanup, but these tests need to be turned into a rest test and moved the smoke test xpack with mustache module.

Original commit: elastic/x-pack-elasticsearch@3b88b15b97
2016-07-28 10:01:02 +02:00