make the download URL consistent:
- changed from elasticsearch-license to just license.
- file name will be "shield-{version}.zip".
- download location will be https://download.elasticsearch.org/elasticsearch/shield/{filename}
- update URL for license download.
- update esvmrc to account for license plugin name change
- update error message for license plugin name change
Original commit: elastic/x-pack-elasticsearch@bebde15b4f
We need to assume the license is enabled until we're told otherwise by the license plugin. It's required as we should allow the execution of APIs (like cluster health) on a node that just started and didn't receive the cluster state yet.
Original commit: elastic/x-pack-elasticsearch@ce5fa68bfa
A NullPointerException was triggered in InternalAuthenticationService
in case a user did not exist because of trying to access the non-existing user.
While fixing this, a test added in IndexPrivilegeTests uncovered lots of wrong
assumptions about HTTP error codes, which have been fixed as well (a successful
operation now is expected to have a non 4XX/5XX HTTP return code). Also made sure
that certain preconditions are fulfilled before going on.
Fixeselastic/elasticsearch#646
Original commit: elastic/x-pack-elasticsearch@c4ed759e16
As Elasticsearch 1.4.2 and below do not copy the headers in
TransportSnapshotsStatusAction, we need to allow the system user
to execute this in action, in order to see snapshots being currently
in progress.
This should be removed once we support elasticsearch 1.4.3
Closeselastic/elasticsearch#640
Original commit: elastic/x-pack-elasticsearch@00adf3dacf
This test adds an amount of users with different privileges, and
then goes on to not only test if the user is allowed to execute requests
but also if other requests are rejected as intended.
Closes elasticsearch/elasticsearch-shield-qaelastic/elasticsearch#17
Original commit: elastic/x-pack-elasticsearch@213a219c78
The randomization of the `network.host` property on OSX only
could lead to connecting to the wrong HTTP port in our functional
tests.
As this randomization is not really needed, we can simply remove it
Closeselastic/elasticsearch#586
Original commit: elastic/x-pack-elasticsearch@fb16bd8644
Changed form `bcrypt5` to `bcrypt4`. Also added more bcrypt hash algorithms to choose from when configuring it (added `bcrypt4`, `bcrypt6`, `bcrypt8` and `bcrypt9`)
Original commit: elastic/x-pack-elasticsearch@64bc26cafe
* Fix: `ShieldFiles.openAtomicMoveWriter()` always changed permissions to 600
now changes back to original perms
* Fix: Required log message change by @skearns
* Improvement: When permissions change, before/after perms are now shown
* Improvement: Added more CheckFileCommand tests
Closeselastic/elasticsearch#634
Original commit: elastic/x-pack-elasticsearch@e44495aaff
Introduced three new hasher implementations:
- `bcrypt5` - a bcrypt hasher configured with a salt generated with 5 iterations
- `bcrypt7` - a bcrypt hasher configured with a salt generated with 7 iterations
- `noop` - a hasher that doesn't hash and works with the original text
Also, due to poor performance and based on the external security audit review feedback, the default realm caching hash is now changed to `bcrypt5` (used to be `sha2`).
Original commit: elastic/x-pack-elasticsearch@53d4f40564
Instead of creating an automaton predicate on each request (very expensive) we now have a static create_index matcher (predicate) that is reused.
Original commit: elastic/x-pack-elasticsearch@f70dae13ac
- on license expiration, we only block cluster stats/health and indices stats.
- depend on the latest snapshot of the licensing plugin that supports registrations of expiration callbacks
- registering expiration callbacks to periodically log and warn about license expiration (pre and post expiration)
Original commit: elastic/x-pack-elasticsearch@5aee30fac4
removed the `artifactory-private` and `deploy-public` profile. We only need to keep the `deploy-internal` profile as the license jar is not required by any client publicly.
Original commit: elastic/x-pack-elasticsearch@7695cfc2b6
This updates .esvmrc to get the latest license plugin, marvel, and reflects the latest configuration.
This sets the bind host and publish host to 127.0.0.1 so that hostname verification succeeds.
Original commit: elastic/x-pack-elasticsearch@a51046d130
Changes reflect the restructuring of elasticsearch maven repo
- changed the repository names (for consistency sake)
- elasticsearch repositories now point to `/releases` and `/snapshots`
- added `deploy-internal` and `deploy-public` profiles
Original commit: elastic/x-pack-elasticsearch@92709ce38a
This enhancement allows consumer plugins to configure event notifications from the licensing plugin relative to its license expiry.
Original commit: elastic/x-pack-elasticsearch@11b53dd78d
- separated `get` privilege from `search`. This should make it simpler for users to only allow search (and not get) when working with filtered aliases
- added multi search under the `search` privilege
- added the multi get under the `get` privilege
Original commit: elastic/x-pack-elasticsearch@6fafb08a2c
This commit removes the requirement that a client using the SSLService must
have defined a keystore. Now for clients both the keystore and truststore are
optional; if neither are defined the system default trust managers will be used.
Closeselastic/elasticsearch#613
Original commit: elastic/x-pack-elasticsearch@1055a9666a
- The `anonymous_access_denied` clearly indicates that the requests were denied.
- In the future, if/when we add anonymous realm, we'll add another event type - `anonymous_access_granted` - plays nice with this change
Original commit: elastic/x-pack-elasticsearch@1fead24a0d
While IndicesAliasesRequest doesn't support empty aliases, thus only explicit _all needs to resolved to all existing authorized aliases, GetAliasesRequest does support empty aliases, thus we have to treat them the same as _all.
Closeselastic/elasticsearch#606
Original commit: elastic/x-pack-elasticsearch@3e993ea2bd