Now the script's params in the `script` condition are merged with the payload data into a single variable context to the script execution. The payload data is now accessed using the `payload.` prefix.
Original commit: elastic/x-pack-elasticsearch@e313a6301c
This change filters out unsupported ciphers before setting the ciphers on the
SSLEngine. The unsupported ciphers are logged in a message at the error
level. If none of the specified ciphers are supported, then an exception will
be thrown.
Closeselastic/elasticsearch#698
Original commit: elastic/x-pack-elasticsearch@68cf47ec19
In order to be able to configure ip filtering in a dynamic way, all
the ip filter related settings have been made dynamic.
This commit also fixed a bug, as the setting shield.http.filter.enabled
was not working, but mentioned in the documentation.
Documentation has been updated along the way.
Closeselastic/elasticsearch#697
Original commit: elastic/x-pack-elasticsearch@2760c47b5b
The `AlertSourceBuilder` along with a set of source builder for all the different constructs that make an alert (condition, input, transform and action), provides a structured approach for building an alert from the client side (instead of forcing the clients to use xcontent directory)
- fixed some of the tests to already use these builders (I reckon there are still quite a few that need to be converted.. but we'll do that over time).
- moved all integration tests under `test/integration` package.
- changed the `AlertsTests` to **not** be an integration test... it randomizes the alert structure and makes sure that it can serialize & deserialize itself to/from xcontent.
- fixed small bugs found by the tests
Original commit: elastic/x-pack-elasticsearch@94b76b6fc7
Before we shutdown the alert execution threadpool, which caused us to use a hacky workaround to get the thread pool started again when alerts is going to run again.
Clearing the threadpool's queue is sufficient for stopping fired alerts from being ran. Only fired alerts already being executed by TP will won't be stopped.
Also removed the volatile previousFiredAlerts field, because execution the fired alert doesn't need the AlertService anymore the purpose of this field doesn't exist any more.
Original commit: elastic/x-pack-elasticsearch@6a622b5579
tableizing means evaluation is strictly linear time O(inputLength),
but costs #states * alphabet in ram. alphabet here is unicode (64k) so it blows up huge.
With tableize=false, it just means evaluation is O(inputLength * log(numIntervals)).
This is plenty fast for our purposes.
For these same reasons lucene only tableizes ByteRunAutomaton (alphabet size=256)
by default, for CharRunAutomaton it defaults to false.
Ban the trappy RunAutomaton ctor that tableizes. Fix tests using it.
Closeselastic/elasticsearch#739.
Original commit: elastic/x-pack-elasticsearch@28ab66b0ee
A large number of recent test failures have been caused by failure to bind
a port in the range 32900 to 32999. The ports are now tested to see if they
can be bound by this JVM and if not tries to bind another port. This will
decrease the likelihood of a port bind failure but another application could
still bind a port before the node starts up.
Closeselastic/elasticsearch#737
Original commit: elastic/x-pack-elasticsearch@aaf098758f
- Also, the search template/script are not populated not just by the fired/scheduled time, but also by the payload
Original commit: elastic/x-pack-elasticsearch@7ca8331a1c
REST tests that use expressions as the script language requires the
lucene-expressions library to be loaded.
Original commit: elastic/x-pack-elasticsearch@c0f2b8a4b2
```
"input": {
"search": {
"request": {
"body": {
"query": {
"match_all": {}
}
}
}
}
},
"condition": {
"script": {
"script": "return true"
}
},
```
The result of this in the `alert_execution` looks like :
```
"input_result": {
"search": {
"payload": {
"hits": {
"total": 1,
"hits": [
{
"_type": "my-type",
"_source": {
"field": "value"
},
"_id": "AUujS61M4FTW2U3Ztz5U",
"_index": "my-index",
"_score": 0.30685282
}
],
"max_score": 0.30685282
},
"_shards": {
"total": 5,
"failed": 0,
"successful": 5
},
"timed_out": false,
"took": 1823
},
"request": {
"body": {
"query": {
"match_all": {}
}
}
}
}
}
"condition_result": {
"script": {
"met": true
}
}
```
There are two Inputs currently the `SearchInput` as shown above and a `SimpleInput` that just contains a payload that will be returned in the result.
There are three conditions, the `ScriptCondition` as shown above and an `AlwaysTrueCondition` and AlwaysFalseCondition` condition.
Original commit: elastic/x-pack-elasticsearch@0d8ac24c5a
This adds a second mode of operation to the ldap realm. This mode of operation
allows for single bind user to be specified. This bind user will be used to
search for user DNs starting from a base DN. The user DN will then be used to
authenticate via a bind operation. The bind user will then search for the user's
groups.
Closeselastic/elasticsearch#552Closeselastic/elasticsearch#323
Original commit: elastic/x-pack-elasticsearch@3338730a64
- Added additional user friendly schedules
- `hourly` - a simple to configure schedule that will fire every hour on one or more specific minutes in the hour
- `daily` - a simple to configure schedule that will fire every day on one or more specific times in the day
- `weekly` - a simple to configure schedule that will fire every week on one or more specific days + times in the week
- `monthly` - a simple to configure schedule that will fire every month on one or more specific days + times in the month
- `yearly` - a simple to configure schedule that will fire every year on one or more specific months + days + times in the year
- `interval` - a simple interval based schedule that will fire every fixed configurable interval (supported units are: seconds, minutes, hours, days and weeks)
- Added unit tests to all the schedules and the schedule registry
- Introduced `Scheduler` as an interface and `InternalScheduler` for the quartz implementation. This will help unit testing other dependent services
- `Scheduler` is now independent of `Alert`. It works with `Job` constructs (`Alert` now implements a `Job`).
- Introduced `SchedulerMock` as a simple `Scheduler` implementation that can be used for unit tests - enables manual triggering of jobs.
- introduced `@Slow` test annotation support in the `pom.xml`
Original commit: elastic/x-pack-elasticsearch@94a8f5ddea
- Introduced `Template` & `Template.Parser` interfaces
- There main template implementation is the `ScriptTemplate` and its parser is bound to `Template.Parser`
- There are also xContent templates - YAML & JSON that just render the model as xContent. (used as a fallback in webhook action)
- updated all actions to use the new template infrastructure
Also
- introduced mockito for unit testing
- removed `WebhookTest` as it was effectively testing the template functionality... we'll add a proper test for teh webhook action in a later commit
Original commit: elastic/x-pack-elasticsearch@34a90e8c2f
If tests are run on the same machine as the ldap server a bind may be
succesfull. This adds a search to the test which should take longer than
1 millisecond for the server to respond.
Original commit: elastic/x-pack-elasticsearch@f37fb912e8
Alexander Reelsen
uboness
jaymode
Martijn van Groningen
Robert Muir
Brian Murphy