Commit Graph

109 Commits

Author SHA1 Message Date
Jason Tedor f650e18045 Remove use of com.google.common.base.Joiner
This commit removes all uses of com.google.common.base.Joiner across
the codebase.

Relates elastic/elasticsearchelastic/elasticsearch#13224

Original commit: elastic/x-pack-elasticsearch@f69b2addca
2015-09-15 09:44:41 -04:00
Jason Tedor 08de4a4ab1 Remove use of com.google.common.collect.Iterables
This commit removes all uses of com.google.common.collect.Iterables
across the codebase.

Relates elastic/elasticsearchelastic/elasticsearch#13224

Original commit: elastic/x-pack-elasticsearch@ca517de412
2015-09-14 13:26:04 -04:00
Martijn van Groningen 2ec09c140e test: increased logging for http and improved assertion failure
Original commit: elastic/x-pack-elasticsearch@e41901f5c8
2015-09-14 14:19:30 +02:00
Martijn van Groningen 96b5558966 test: increased logging and reduced the noise by letting this test only run with 1 node.
Original commit: elastic/x-pack-elasticsearch@7c73a03d5b
2015-09-14 14:00:12 +02:00
Simon Willnauer 2032c93da1 Catch up with core changes
This commit cuts over to StandardCharset vs. guavas Charsets, removes
obsolete uses of Collections2 / Function and replaces all LoadingCaches
with simple CHM#loadIfAbsent

Original commit: elastic/x-pack-elasticsearch@7d1d607e9e
2015-09-14 13:48:50 +02:00
Martijn van Groningen cccebda245 test: added more logging
Original commit: elastic/x-pack-elasticsearch@5bb3c97e49
2015-09-14 12:22:53 +02:00
Simon Willnauer 6fb4f7817c Use method references rather than Class instances to register transport handler.
This is caused by upstream changes in core.

Original commit: elastic/x-pack-elasticsearch@67f602abd1
2015-09-14 10:07:35 +02:00
Robert Muir 53cd14deda Remove remaining uses of setAccessible
This corresponds with https://github.com/elastic/elasticsearch/pull/13539

Original commit: elastic/x-pack-elasticsearch@29d235b8ed
2015-09-12 21:11:10 -04:00
Robert Muir 61c47634bd Fix wrong access modifiers for injected ctors, setAccessible is no longer used.
See https://github.com/elastic/elasticsearch/pull/13531

Original commit: elastic/x-pack-elasticsearch@658672b5fb
2015-09-12 03:30:33 -04:00
Martijn van Groningen 54d6cb4158 docs: updated Watcher release notes
Original commit: elastic/x-pack-elasticsearch@e6f8f4ba50
2015-09-11 23:22:39 +02:00
Martijn van Groningen 16ad2edc33 fixed forbidden usage of Guava's MoreExecutors in Watcher
Original commit: elastic/x-pack-elasticsearch@5b977f9ff3
2015-09-11 23:17:31 +02:00
Martijn van Groningen 55f77fd52d test: reduce number of triggered watches being indexed
Closes elastic/elasticsearch#632

Original commit: elastic/x-pack-elasticsearch@3a7e16b897
2015-09-11 21:20:18 +02:00
jaymode ae66d4794a fix compile errors caused by cleanups in core
Original commit: elastic/x-pack-elasticsearch@a28d4b5ba0
2015-09-11 14:44:30 -04:00
Lee Hinman 3653bdc1b5 Merge remote-tracking branch 'dakrone/eclipse-jdk1.8'
Original commit: elastic/x-pack-elasticsearch@a1cdeff1d2
2015-09-11 10:00:49 -06:00
jaymode cb0f169655 update CLI tools to work with spaces in the home path
The CLI tools are launched by scripts and these scripts need to handle spaces in the
elasticsearch home path.

Closes elastic/elasticsearch#631

Original commit: elastic/x-pack-elasticsearch@6a4325d296
2015-09-11 11:15:19 -04:00
Lee Hinman 4a8df4f328 Update eclipse files for Java 1.8 move
Original commit: elastic/x-pack-elasticsearch@a2dd77ccf3
2015-09-10 10:04:31 -06:00
Martijn van Groningen 5fe198cdd5 test: removed filtered query
Original commit: elastic/x-pack-elasticsearch@39ff7ecb06
2015-09-10 15:06:28 +02:00
Martijn van Groningen 85014feab3 test: changed some more inline queries from filtered query to bool query
Original commit: elastic/x-pack-elasticsearch@d65242dd51
2015-09-10 13:41:39 +02:00
Martijn van Groningen ed3821b65b test: filtered query -> bool query
Original commit: elastic/x-pack-elasticsearch@18ba61b9e9
2015-09-10 13:18:41 +02:00
Martijn van Groningen e86813a655 test: fixed some other compile errors due to the removal of filtered query
Original commit: elastic/x-pack-elasticsearch@30ae66827a
2015-09-10 11:30:52 +02:00
DeDe Morton 3988eb638b closes elastic/elasticsearch#339
Original commit: elastic/x-pack-elasticsearch@2e607325e0
2015-09-09 18:11:12 -07:00
debadair a9f93a92aa Watcher Docs: Reworked HipChat and Slack action docs. Closes elastic/elasticsearch#511, elastic/elasticsearch#570.
Original commit: elastic/x-pack-elasticsearch@1317e8a435
2015-09-09 16:49:51 -07:00
Ryan Ernst fbbd3f6c2d Add warning suppressions
I fixed a couple more warnings and added suppressions, so that when
 elastic/elasticsearchelastic/elasticsearch#13410 lands, x-plugins will not break.

Original commit: elastic/x-pack-elasticsearch@8a19b2b71b
2015-09-09 12:45:20 -07:00
jaymode 154b10e901 add the ability to run as another user
This change adds a new permission that allows authorized users to execute a request as
another user. The flow is as follows:

1. The user making the request is authenticated
2. The user that is being impersonated is looked up
3. The requesting user is authorized for the privilege to run as the specified user
4. The impersonated user is then authorized for the given request

Additionally, the auditing has been updated to support this capability and indicates when a
user has been granted the ability to run as another user and then also indicates both the user
who is being impersonated and the requesting user when actions are granted/denied.

Closes elastic/elasticsearch#17

Original commit: elastic/x-pack-elasticsearch@00e5a6169b
2015-09-09 11:25:02 -04:00
uboness 7ea8c85e4b [docs] Update docs for version 2.0.0-beta2
Original commit: elastic/x-pack-elasticsearch@b4af10f8f0
2015-09-09 08:04:42 -07:00
uboness acd051c288 [docs] Update docs for version 2.0.0-beta1
Original commit: elastic/x-pack-elasticsearch@0206648252
2015-09-09 08:03:55 -07:00
Ryan Ernst 5dd5f525b5 Remove some warnings caught by -Xlint
Original commit: elastic/x-pack-elasticsearch@50bea927cf
2015-09-09 00:16:13 -07:00
Ryan Ernst 2ab0db4373 Fix compile issues after removal of loadConfigSettings from transport
client

Original commit: elastic/x-pack-elasticsearch@2efe4f2980
2015-09-08 17:22:54 -07:00
Martijn van Groningen c1fc6e5e62 fix TriggeredWatchStoreTests
Original commit: elastic/x-pack-elasticsearch@5837fc03be
2015-09-07 19:11:47 +02:00
Martijn van Groningen aeb4c34cc5 fix WatchStoreTests
Original commit: elastic/x-pack-elasticsearch@61d2cc95f1
2015-09-07 19:06:11 +02:00
Martijn van Groningen a65d1e3d58 test: fix docCount to only use the source builder in SearchRequestBuilder and don't use also the source on SearchRequest
Original commit: elastic/x-pack-elasticsearch@0ffcf0c5ff
2015-09-07 18:34:44 +02:00
Adrien Grand 06ec935a08 Fix x-plugins following count/scan removal from elasticsearch-core.
Original commit: elastic/x-pack-elasticsearch@ee43991a0a
2015-09-07 17:44:01 +02:00
uboness e6dfa215b6 Introducing Watch De/activateion
Today, once you add a watch to watcher, it's always active. Being "active" means that the watch is registered with the trigger engine (scheduled) and will be executed when its trigger is triggered.

Quite often, ppl want to have an option to deactivate/disable a registered watch. Such that while the watch definition still exists in watcher, it is "inactive" and is never triggered. The only way to do this today is using a "hack" where you can change the watch schedule to a cron expression targeting a really far date in the future (say somewhere around 2050). Again.. this is very hackish and it requires changing the actual definition of the watch (you loose its original trigger).

 This commit introduces the notion of an active/inactive watch.. here are the differences between the two states:

 - active: the watch is registered with watcher and with the trigger engine and will be executed when its trigger is fired by the engine
 - inactive: the watch is registered with watcher, but is not registered with the trigger engine. An inactive watch will never be fired, regardless of its trigger.

 This commit also adds two new APIs:

  - `_watcher/watch/{id}/_activate`
  - `_watcher/watch/{id}/_deactivate`

 to activate and deactivate existing watches.

 In addition, the Put Watch API now accepts an `active` parameter that indicates the initial state of the put watch (by default set to  `true`, i.e. "active").

 Closes elastic/elasticsearch#90

Original commit: elastic/x-pack-elasticsearch@37b9ab4d54
2015-09-04 21:38:34 +02:00
uboness 533c14242f Bumped the version to 3.0.0-SNAPSHOT
Original commit: elastic/x-pack-elasticsearch@0771b3e589
2015-09-04 16:30:11 +02:00
Jason Tedor 77e74a9319 Add compare condition to handle arrays
This commit adds a new compare condition called “array_compare”. This
condition enables comparing a single resolved value to an array of
resolved values. The value can be compared for equality, non-equality,
and strict and non-strict ordering; the array compare condition will
evaluate to true if the value compares to true with respect to the
specified operator against all (“all”) or at least one (“some”) of the
values in the array specified by “array_path”. Each value in the array
can be resolved to a value using “path” (e.g., “array_path”:
“cx.payload.aggregations.some_field.buckets” and “path”: “doc_count”
would resolve each value in the buckets array to its “doc_count”).

Closes elastic/elasticsearch#345

Original commit: elastic/x-pack-elasticsearch@0d74b4dc11
2015-09-03 09:46:23 -04:00
Ryan Ernst fd962ea7dc Fix test naming, Test -> Tests
Original commit: elastic/x-pack-elasticsearch@e7ad7361a5
2015-09-02 15:18:29 -07:00
Areek Zillur dc471bc0a9 Fix naming for abstract test cases
Original commit: elastic/x-pack-elasticsearch@546ac98077
2015-09-02 16:58:06 -04:00
uboness e4ffceb9ba Introducing Slack Action
- This action enables sending notifications to slack channels/users
- Utilizes the incoming webhook API of slack
- Similar to the `email` and `hipchat` actions, multiple slack accounts can be configured, each with its own URL and message defaults
- Slack actions are associated with an account, or if not, they'll be sent via the default account.
- The message itself is very flexible and enables defining simple messages to one or more users and/or one or more channels. For complex message structures, one can use `attachments` as described by the slack API.

 Closes elastic/elasticsearch#491

Original commit: elastic/x-pack-elasticsearch@9ecc69c17c
2015-09-02 19:45:54 +02:00
jaymode 22d0ba4cf9 add shield integration to the ScriptServiceProxy
This change adds support for to put the watcher user in the context that is passed to the
ScriptService when Shield is installed and watcher integration with Shield is enabled.

Original commit: elastic/x-pack-elasticsearch@7e9983df0e
2015-09-02 11:32:57 -04:00
Colin Goodheart-Smithe b4a81af254 Fixes to make x-plugins repo work in eclipse
This includes the following:

- Updated .gitignore to be the same as the elasticsearch repo so eclipse files are correctly ignored
- Fixes ambiguous method call compile error in HipChatMessageTests

Original commit: elastic/x-pack-elasticsearch@027ee0ec63
2015-09-02 16:21:09 +01:00
Martijn van Groningen 593fc30669 Fix main class runners
Original commit: elastic/x-pack-elasticsearch@28a90a19b8
2015-08-31 22:45:56 +02:00
Martijn van Groningen 39b7092185 test: removed the 'plugin.types' usages from the source code
Original commit: elastic/x-pack-elasticsearch@a94cdee31f
2015-08-31 22:45:56 +02:00
uboness 109c7f8ca3 removed ImmutableList usage in watcher
relates to elastic/elasticsearch#554

Original commit: elastic/x-pack-elasticsearch@31dfeb09db
2015-08-31 22:41:21 +02:00
Martijn van Groningen c81af81cd3 test: more fixes due to upstream changes
Original commit: elastic/x-pack-elasticsearch@92119d102c
2015-08-31 12:30:05 +02:00
Martijn van Groningen 967a3d1da2 test: if notify is not null and needs to be unequal then just invert notify
Original commit: elastic/x-pack-elasticsearch@2de9536c9c
2015-08-28 19:57:10 +02:00
Martijn van Groningen 5f01f793d5 Added document and field level security
This commit adds document and field level security to Shield.

Field level security can be enabled by adding the `fields` option to a role in the `role.yml` file.

For example:

```yaml
customer_care:
  indices:
    '*':
      privileges: read
      fields:
        - issue_id
        - description
        - customer_handle
        - customer_email
        - customer_address
        - customer_phone
```

The `fields` list is an inclusive list of fields that controls what fields should be accessible for that role. By default all meta fields (_uid, _type, _source, _ttl etc) are also included, otherwise ES or specific features stop working. The `_all` field if configured, isn't included by default, since that actually contains data from all the other fields. If the `_all` field is required then this needs to be added to the `fields` list in a role. In the case of the content of the `_source` field and `_field_names` there is special filtering in place so that only the content relevant for the role are being returned.

If no `fields` is specified then field level security is disabled for that role and all fields in an index are accessible.

Field level security can be setup per index group.

Field level security is implemented at the Lucene level by wrapping a directory index reader and hides fields away that aren't in the `field` list defined with the role of the current user. It as if the other fields never existed.

* Any `realtime` read operation from the translog is disabled. Instead this operations fall back to the Lucene index, which makes these operations compatible with field level security, but there aren't realtime.
*  If user with role A executes first and the result gets cached and then a user with role B executes the same query results from the query executed with role A would be returned. This is bad and therefore the query cache is disabled.
* For the same reason the request cache is also disabled.
* The update API is blocked. An update request needs to be executed via a role that doesn't have field level security enabled.

Document level security can be enabled by adding the `query` option to a role in the `role.yml` file:
```yaml
customer_care:
  indices:
    '*':
      privileges: read
      query:
        term:
         department_id: 12
```

Document level security is implemented as a filter that filters out documents there don't match with the query. This is like index aliases, but better, because the role query is embedded on the lowest level possible in ES (Engine level) and on all places the acquire an IndexSearcher the role query will always be included. While alias filters are applied at a higher level (after the searcher has been acquired)

Document level security can be setup per index group.

Right now like alias filters the document level security isn't applied on all APIs. Like for example the get api, term vector api, which ignore the alias filter. These apis do acquire an IndexSearcher, but don't use the IndexSearcher itself and directly use the index reader to access the inverted index and there for bypassing the role query. If it is required to these apis need document level security too the the implementation for document level security needs to change.

Closes elastic/elasticsearch#341

Original commit: elastic/x-pack-elasticsearch@fac085dca6
2015-08-27 17:54:50 +02:00
uboness f9a8c8937c fixes for hipchat integration tests
Original commit: elastic/x-pack-elasticsearch@df6311799b
2015-08-25 20:05:46 +02:00
uboness 5b363f1041 [watcher] Rename `Template` to `TextTemplate`
We have different types of templates in watcher - http request template, email template, hipchat message template, and simple text template... to avoid confusion, and clean up the codebase, this commit renames the `Template` class to `TextTemplate` to better convey what this template is about.

Original commit: elastic/x-pack-elasticsearch@8e5202019c
2015-08-25 16:19:50 +02:00
uboness 0731a98e97 Introducing HipChat Action
An action capable of sending notifications to rooms and users on hipchat. This actions support three types of HipChat APIs:

- `v1` - The (now deprecated) legacy API where a token can be registered at the group level, and the `v1` version of the API can be used. This API only supports room notification (users cannot be notified). multi-room notification is supported.

- `integration` - The basic integration that one can create in HipChat (it is using the `v2` API version), where notifications can be sent to a single room. User notification is unsupported by this API

- `user` - this API uses an API token of a specific user. An admin user can create an API token and configure it to have access to room notification and user private messaging. This API supports multi-room and multi-user notifications.

The settings for `hipchat` are very similar to the `email` infrastructure in nature. It is possible to configure multiple/different hipchat account, each is associated with the api type (a.k.a profile) - can be `v1`, `integration` or `user`, and the respective `auth_token`. When configuring the action in the watch, one can specify what hipchat account they would like to use (when not specifying an account, the `default_account` will be used). Each account can also specify its own unique `host`/`port` for the hipchat server - for full flexibility.

Closes elastic/elasticsearch#462

Original commit: elastic/x-pack-elasticsearch@9d9ee13542
2015-08-25 14:05:49 +02:00
Areek Zillur ef7d4e2579 stub out acknowledge callbacks for commercial plugins
Original commit: elastic/x-pack-elasticsearch@d16f9dc1df
2015-08-24 18:25:40 -04:00