Commit Graph

3936 Commits

Author SHA1 Message Date
jaymode 26c1da4230 security: roles.yml is empty and add built in monitoring users
This change removes all default roles from the roles.yml file that is distributed with xpack and
adds built in roles for monitoring users and remote monitoring agents.

Closes elastic/elasticsearch#3122

Original commit: elastic/x-pack-elasticsearch@b04508bd56
2016-08-23 15:11:28 -04:00
jaymode 334aa94946 security: simplify lookup of files inside the config dir
This commit simplifies the code used for resolving the files used for security to always
resolve against the `config` file. Elasticsearch no longer offers a way to disable the security
manager, so the files read by x-pack should not really be configurable and only exist in their
default locations since that is what can be read by the process.

As part of this, the documentation was updated to indicate that these files should always be in
the default location and the settings to change the locations have been removed. Also, a bug
was fixed in a few places where settings were still using `shield.` instead of `xpack.security.`.
Finally, some outdated and unused files were deleted from the repository.

Closes elastic/elasticsearch#305

Original commit: elastic/x-pack-elasticsearch@3884f080a0
2016-08-23 14:54:18 -04:00
Ryan Ernst 1aa72336a0 Merge pull request elastic/elasticsearch#3191 from rjernst/api_jar
Build: Add api jar and client jar for xpack

Original commit: elastic/x-pack-elasticsearch@7743f43e23
2016-08-23 11:51:05 -07:00
jaymode 7536acdc9f security: cleanup logging and other minor enhancements/fixes
This change cleans up some of the log messages and levels that could now be considered misleading.

While performing these cleanups, the following was done:

* remove creation of dummy user for gradle run as we have the `elastic` user
* Request interceptors are not bound if field and document level security is disabled
* FLS/DLS interceptors skip execution if document and field level security is disabled by the license state
* The roles store that loaded the role is logged at the TRACE level
* The TransportXPackUsageAction was using the incorrect action name when registering a handler

Closes elastic/elasticsearch#2096
Closes elastic/elasticsearch#1861
Closes elastic/elasticsearch#2229
See elastic/elasticsearch#1879

Original commit: elastic/x-pack-elasticsearch@ac16b21c0c
2016-08-23 14:35:23 -04:00
jaymode 507196dca5 security: allow superusers access to the security index
This change allows users with the superuser role to access the security index. We previously allowed
the XPackUser to access this with the intent that the XPackUser was also the `elastic` user. When the
`elastic` user was split out into the ElasticUser, we did not update the check to allow this user access
to the security index.

Original commit: elastic/x-pack-elasticsearch@fa556d9845
2016-08-23 14:24:43 -04:00
jaymode 9c76211393 security: do not use hidden filenames when generating certs
This commit changes how we get the file and directory name for certificates in the tool. The
tool now prompts the user for the filename. If the provided instance name will result in a
valid filename, this is provided as a default. Otherwise the user must provide a valid
filename.

Closes elastic/elasticsearch#2854

Original commit: elastic/x-pack-elasticsearch@3c923d736b
2016-08-23 14:11:04 -04:00
Jack Conradson feefd070ef Make Painless the default scripting language.
Closes elastic/elasticsearch#3124

Original commit: elastic/x-pack-elasticsearch@7e458c07a6
2016-08-22 17:41:18 -07:00
Ryan Ernst f28f77f73c Build: Add api jar and client jar for xpack
This adds back (again) building a transport client plugin jar for
x-pack, and also adds producing an "api" jar which extension authors can
build against. For now, both these jars are exactly the same, but
eventually they could differ, and be reduced to less than the real
x-pack jar.

see elastic/stackelastic/elasticsearch#7

Original commit: elastic/x-pack-elasticsearch@0a989de18b
2016-08-22 15:40:46 -07:00
Jonathan Budzenski 5936e8da29 Merge pull request elastic/elasticsearch#2949 from jbudz/issues/2566
monitoring ui:  concat metric descriptions, display in tooltip

Original commit: elastic/x-pack-elasticsearch@6a4bfee04d
2016-08-22 13:52:40 -05:00
Jonathan Budzenski 8a96d38b98 Merge pull request elastic/elasticsearch#2950 from jbudz/metric-descriptions
monitoring ui: metric descriptions

Original commit: elastic/x-pack-elasticsearch@16334e9d8f
2016-08-22 13:51:29 -05:00
Areek Zillur e28c2a8c94 Merge pull request elastic/elasticsearch#3178 from areek/fix/3177
Fix license expiry logging

Original commit: elastic/x-pack-elasticsearch@29d9f90af2
2016-08-22 13:16:05 -04:00
Areek Zillur 87eb69fdc6 Fix license expiry logging
Original commit: elastic/x-pack-elasticsearch@51580eaba7
2016-08-22 12:20:21 -04:00
Clinton Gormley e8e2522426 Merge pull request elastic/elasticsearch#3159 from elastic/version_annotations
Remove old version annotations in X-Pack docs

Original commit: elastic/x-pack-elasticsearch@9f710921f1
2016-08-22 14:17:22 +02:00
Martijn van Groningen f10fbeeb70 watcher: remove WatchScript class
Original commit: elastic/x-pack-elasticsearch@fb2f9a28f1
2016-08-22 09:39:13 +02:00
Ryan Ernst 8ae939fec7 Remove client jar
This reverts building a separate client jar for xpack. It is not
necessary because we already build x-pack as a jar and publish to
elastic maven, since extension authors need that.

Original commit: elastic/x-pack-elasticsearch@2fab06b42c
2016-08-19 16:17:54 -07:00
Shaunak Kashyap 3d04f3e78e Merge pull request elastic/elasticsearch#3138 from ycombinator/bug/gh-3129
Remove dependency on a Security service from Reporting

Original commit: elastic/x-pack-elasticsearch@73c34b5eba
2016-08-19 11:49:26 -07:00
Ryan Ernst 9586e68470 Merge pull request elastic/elasticsearch#3165 from rjernst/client_jar
Build: Enable x-pack to build a transport client plugin jar

Original commit: elastic/x-pack-elasticsearch@a36305d736
2016-08-19 09:29:47 -07:00
Ryan Ernst aa4fad9009 Build: Enable x-pack to build a transport client plugin jar
Original commit: elastic/x-pack-elasticsearch@f42f7a1cd2
2016-08-19 09:15:54 -07:00
Martijn van Groningen 64eec5afb3 security: Prohibit the use of `terms` query with lookup, `geo_shape` with indexed shapes, `has_child`, `has_parent` and `percolator` query inside DLS role query.
Closes elastic/elasticsearch#3145
Closes elastic/elasticsearch#613

Original commit: elastic/x-pack-elasticsearch@5962089b6c
2016-08-19 16:59:36 +02:00
Tanguy Leroux 30eab329a1 Muted HipChatServiceTests
These tests failed regularly. It seems that the user_account authentification token is not accepted anymore by the HipChat service that respond with a 401 HTTP code.

    See https://github.com/elastic/x-plugins/issues/3162

Original commit: elastic/x-pack-elasticsearch@793ad494d3
2016-08-19 16:48:44 +02:00
Tanguy Leroux 56be936ace Watcher: Use search template in Search Input/Transform REST tests
These tests would have caught the regression (introduced in elastic/x-pack@95a29c6a42 and fixed by elastic/x-pack@9b834b5f50) that cause search template to have "groovy" lang by default instead of "mustache"

Original commit: elastic/x-pack-elasticsearch@e27e5ae821
2016-08-19 09:30:24 +02:00
CJ Cenizal 4843e0248e Merge pull request elastic/elasticsearch#2931 from cjcenizal/7467/app-switcher-link-collapsible-nav
Update nav_control to work with collapsible side nav.

Original commit: elastic/x-pack-elasticsearch@eaa9d7a097
2016-08-18 12:52:40 -07:00
Ryan Ernst f92b576661 Merge pull request elastic/elasticsearch#3142 from rjernst/deguice20
Remove SecurityTransportModule

Original commit: elastic/x-pack-elasticsearch@e609503c7b
2016-08-18 08:03:31 -07:00
Ryan Ernst 9da4d827c1 Rename transport service method to clarify a user is always used, but
not necessarily the system user

Original commit: elastic/x-pack-elasticsearch@0357d3718d
2016-08-18 08:03:31 -07:00
Tanguy Leroux 5b2c7dd503 Fix watrcher script parsing tests
closes elastic/elasticsearch#3135, elastic/elasticsearch#3134, elastic/elasticsearch#3136

Original commit: elastic/x-pack-elasticsearch@a1b0402be4
2016-08-18 10:06:05 +02:00
Ryan Ernst 49ac29f2e3 Remove SecurityTransportModule
SecurityTransportModule handled binding two things in guice. First, IPFilter,
for which createComponents already had the necessary dependencies. The
second was ClientTransportFilter. For transport clients, this was a
noop and could be removed. For nodes, this just attaches the system
user, which could be done directly from SecurityServerTransportService.

Original commit: elastic/x-pack-elasticsearch@da327de476
2016-08-18 00:09:31 -07:00
Chris Earle 572869087d Change use of generics in test
Original commit: elastic/x-pack-elasticsearch@39473681b2
2016-08-17 15:50:20 -04:00
Chris Earle c16860e901 Fix Watcher REST test
Original commit: elastic/x-pack-elasticsearch@7cb5b08948
2016-08-17 15:35:18 -04:00
Jason Tedor 76319495b6 Mark failing Watcher REST test as awaits fix
This commit marks a failing Watcher REST test with seed 97AAFD9CA37864EE
as awaits fix.

Original commit: elastic/x-pack-elasticsearch@5e19f0169c
2016-08-17 15:13:26 -04:00
jaymode 934b69b0c6 test: use valid names to prevent false test failures
In some cases, the random ascii value could match a forbidden name, which will cause this
test to fail as it expects valid names. This changes ensures the names are valid.

Original commit: elastic/x-pack-elasticsearch@c79f8fc4cc
2016-08-17 14:31:17 -04:00
Jason Tedor de4851329d Mark WUT#testDeserializeSearchRequests awaits fix
This commit marks WatcherUtilsTests#testDeserializeSearchRequest which
is failing with seed 2203D3AD59DB5223 as awaits fix.

Original commit: elastic/x-pack-elasticsearch@4b6cbe544b
2016-08-17 13:43:12 -04:00
Jason Tedor ca896d2dca Mark STT#testParser as awaits fix
This commit marks SearchTransformTests#testParser which is failing with
seed 97BC9E2543410D55 as awaits fix.

Original commit: elastic/x-pack-elasticsearch@3d69e9648c
2016-08-17 13:13:10 -04:00
Jason Tedor bed5cc5882 Mark WUT#testSerializeSearchRequest as awaits fix
This commit marks WatcherUtilsTests#testSerializeSearchRequest which is
failing with seed 97BC9E2543410D55 as awaits fix.

Original commit: elastic/x-pack-elasticsearch@45a174c1f2
2016-08-17 13:10:42 -04:00
Tanguy Leroux c2dbd5ed4a Watcher: Use Mustache as default search template lang
With the latest clean ups and changes in Watcher, the default search template lang has been switched to WatcherScript.DEFAULT_LANG which points to "groovy" but it should be "mustache" instead.

Original commit: elastic/x-pack-elasticsearch@1d9ef1963e
2016-08-17 18:16:30 +02:00
Chris Earle 53d022a20a [Watcher] Add Condition to Action
This adds a "condition" to every action (via the ActionWrapper) that prevents execution of the action if the condition fails. An action-level condition is only useful when there is more than one action, but nothing checks to ensure that it's only used in that scenario.

Original commit: elastic/x-pack-elasticsearch@704cfb1a86
2016-08-17 11:45:43 -04:00
Martijn van Groningen 101d791ec4 move test to the right package
Original commit: elastic/x-pack-elasticsearch@0693b8657d
2016-08-17 10:40:26 +02:00
Martijn van Groningen f291f292bf watcher: Watcher search templates shouldn't serialize SearchSourceBuilder to a string, template that and turn it back into a SearchSourceBuilder
Instead watcher search template should be agnostic of SearchSourceBuilder and just work with BytesReference, so that serializing to a string before templating isn't needed.

Original commit: elastic/x-pack-elasticsearch@36d21ec819
2016-08-17 09:52:07 +02:00
Ryan Ernst 175867088d Merge pull request elastic/elasticsearch#3121 from rjernst/license_tools_zip
Build: Add task to build zip of license tools

Original commit: elastic/x-pack-elasticsearch@402805e46f
2016-08-16 14:26:45 -07:00
Ryan Ernst 7aa557d8f0 Build: Add task to build zip of license tools
This roughly matches what was done in 2.x for the license tools (except
without any dependency exclusions).

Original commit: elastic/x-pack-elasticsearch@4e1f07b5fa
2016-08-16 14:23:56 -07:00
Ryan Ernst 8e3640e77f Merge pull request elastic/elasticsearch#3112 from rjernst/search_parser
Use consolidated search parsers container

Original commit: elastic/x-pack-elasticsearch@ff9b62b7dd
2016-08-16 11:29:34 -07:00
Ryan Ernst e4e2601b11 Merge branch 'master' into search_parser
Original commit: elastic/x-pack-elasticsearch@c347445a69
2016-08-16 11:29:19 -07:00
Ryan Ernst 4dac802c5d Use consolidated search parsers container
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#20000, using the new
SearchRequestParsers.

Original commit: elastic/x-pack-elasticsearch@d7cee93a8f
2016-08-16 02:01:56 -07:00
Nik Everett 8ee190d741 Handle moving rest support
Original commit: elastic/x-pack-elasticsearch@99076b2936
2016-08-15 22:41:43 -04:00
Lukas Olson 64cf62a53d Merge pull request elastic/elasticsearch#2938 from lukasolson/fix/basic-auth
[security-ui] Allow basic auth to work as an alternative authentication strategy

Original commit: elastic/x-pack-elasticsearch@ef693cda09
2016-08-15 15:24:28 -07:00
Chris Earle af28d05515 Disabling local test while it awaits a fix
Original commit: elastic/x-pack-elasticsearch@3a8afb331f
2016-08-12 23:44:28 -04:00
Chris Earle e7ae3fa1f5 Give a longer timeout for test
Original commit: elastic/x-pack-elasticsearch@461d7eee8f
2016-08-12 17:18:44 -04:00
Chris Earle 3c9749b2b8 [Monitoring] Add Empty Ingest Pipeline to Future Proof Monitoring Documents
This adds an empty _ingest/pipeline named after the _current_ version of the Monitoring API (currently 2) from both exporters.

This allows us to eventually change the API version (to 3, 4, etc.) and go _back_ and modify the pipeline that exists. The modified pipeline would then "fix" the documents as best as possible and rename the index. As a result, different versions (starting with 5.0) will be able to report to the same monitoring cluster regardless of the running API version.

Note: This has no impact on stale data (e.g., the day before the upgrade) _and_ it implies that the monitoring cluster should always be updated first. A simple reindexing script can be supplied for old data, which can be done at the discretion of the user.

Original commit: elastic/x-pack-elasticsearch@45df5ee87b
2016-08-12 11:50:39 -04:00
jaymode 72f580c82d test: fix concurrency bug in SSLConfigurationReloaderTests
The SSLConfigurationReloaderTests rarely failed during some local runs. This turned out to be due to
signaling that the reload happened before we actually reloaded. This led to a race condition where we
attempted to validate the config was reloaded properly and actually reloading. This change fixes the
ordering of operations and uses a CountDownLatch instead of a AtomicInteger and awaitBusy.

Original commit: elastic/x-pack-elasticsearch@9615f225d6
2016-08-12 08:50:53 -04:00
jaymode a3e7536205 fix serialization of XPackFeatureSet.Usage
The XPackFeatureSet.Usage writeTo method failed to write the name to the
StreamOutput whereas the deserialization code expected it to be the first value
present in the StreamInput. This causes xpack usage requests made to nodes
other than the master to fail.

This change fixes the serialization and adds tests to all of the feature sets to ensure
that the usage is serialized properly.

Closes elastic/elasticsearch#3072

Original commit: elastic/x-pack-elasticsearch@eccab616ca
2016-08-12 07:48:55 -04:00
Rashmi Kulkarni 4638caf4eb prefix `xpack` to the API Merge branch 'example_watch'
Original commit: elastic/x-pack-elasticsearch@b500faef24
2016-08-11 16:25:37 -07:00