This commit simplifies the code used for resolving the files used for security to always
resolve against the `config` file. Elasticsearch no longer offers a way to disable the security
manager, so the files read by x-pack should not really be configurable and only exist in their
default locations since that is what can be read by the process.
As part of this, the documentation was updated to indicate that these files should always be in
the default location and the settings to change the locations have been removed. Also, a bug
was fixed in a few places where settings were still using `shield.` instead of `xpack.security.`.
Finally, some outdated and unused files were deleted from the repository.
Closeselastic/elasticsearch#305
Original commit: elastic/x-pack-elasticsearch@3884f080a0
This change cleans up some of the log messages and levels that could now be considered misleading.
While performing these cleanups, the following was done:
* remove creation of dummy user for gradle run as we have the `elastic` user
* Request interceptors are not bound if field and document level security is disabled
* FLS/DLS interceptors skip execution if document and field level security is disabled by the license state
* The roles store that loaded the role is logged at the TRACE level
* The TransportXPackUsageAction was using the incorrect action name when registering a handler
Closeselastic/elasticsearch#2096Closeselastic/elasticsearch#1861Closeselastic/elasticsearch#2229
See elastic/elasticsearch#1879
Original commit: elastic/x-pack-elasticsearch@ac16b21c0c
This change allows users with the superuser role to access the security index. We previously allowed
the XPackUser to access this with the intent that the XPackUser was also the `elastic` user. When the
`elastic` user was split out into the ElasticUser, we did not update the check to allow this user access
to the security index.
Original commit: elastic/x-pack-elasticsearch@fa556d9845
This commit changes how we get the file and directory name for certificates in the tool. The
tool now prompts the user for the filename. If the provided instance name will result in a
valid filename, this is provided as a default. Otherwise the user must provide a valid
filename.
Closeselastic/elasticsearch#2854
Original commit: elastic/x-pack-elasticsearch@3c923d736b
This adds back (again) building a transport client plugin jar for
x-pack, and also adds producing an "api" jar which extension authors can
build against. For now, both these jars are exactly the same, but
eventually they could differ, and be reduced to less than the real
x-pack jar.
see elastic/stackelastic/elasticsearch#7
Original commit: elastic/x-pack-elasticsearch@0a989de18b
This reverts building a separate client jar for xpack. It is not
necessary because we already build x-pack as a jar and publish to
elastic maven, since extension authors need that.
Original commit: elastic/x-pack-elasticsearch@2fab06b42c
SecurityTransportModule handled binding two things in guice. First, IPFilter,
for which createComponents already had the necessary dependencies. The
second was ClientTransportFilter. For transport clients, this was a
noop and could be removed. For nodes, this just attaches the system
user, which could be done directly from SecurityServerTransportService.
Original commit: elastic/x-pack-elasticsearch@da327de476
In some cases, the random ascii value could match a forbidden name, which will cause this
test to fail as it expects valid names. This changes ensures the names are valid.
Original commit: elastic/x-pack-elasticsearch@c79f8fc4cc
This commit marks WatcherUtilsTests#testDeserializeSearchRequest which
is failing with seed 2203D3AD59DB5223 as awaits fix.
Original commit: elastic/x-pack-elasticsearch@4b6cbe544b
This commit marks SearchTransformTests#testParser which is failing with
seed 97BC9E2543410D55 as awaits fix.
Original commit: elastic/x-pack-elasticsearch@3d69e9648c
This commit marks WatcherUtilsTests#testSerializeSearchRequest which is
failing with seed 97BC9E2543410D55 as awaits fix.
Original commit: elastic/x-pack-elasticsearch@45a174c1f2
With the latest clean ups and changes in Watcher, the default search template lang has been switched to WatcherScript.DEFAULT_LANG which points to "groovy" but it should be "mustache" instead.
Original commit: elastic/x-pack-elasticsearch@1d9ef1963e
This adds a "condition" to every action (via the ActionWrapper) that prevents execution of the action if the condition fails. An action-level condition is only useful when there is more than one action, but nothing checks to ensure that it's only used in that scenario.
Original commit: elastic/x-pack-elasticsearch@704cfb1a86
Instead watcher search template should be agnostic of SearchSourceBuilder and just work with BytesReference, so that serializing to a string before templating isn't needed.
Original commit: elastic/x-pack-elasticsearch@36d21ec819
This roughly matches what was done in 2.x for the license tools (except
without any dependency exclusions).
Original commit: elastic/x-pack-elasticsearch@4e1f07b5fa
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#20000, using the new
SearchRequestParsers.
Original commit: elastic/x-pack-elasticsearch@d7cee93a8f
This adds an empty _ingest/pipeline named after the _current_ version of the Monitoring API (currently 2) from both exporters.
This allows us to eventually change the API version (to 3, 4, etc.) and go _back_ and modify the pipeline that exists. The modified pipeline would then "fix" the documents as best as possible and rename the index. As a result, different versions (starting with 5.0) will be able to report to the same monitoring cluster regardless of the running API version.
Note: This has no impact on stale data (e.g., the day before the upgrade) _and_ it implies that the monitoring cluster should always be updated first. A simple reindexing script can be supplied for old data, which can be done at the discretion of the user.
Original commit: elastic/x-pack-elasticsearch@45df5ee87b
The SSLConfigurationReloaderTests rarely failed during some local runs. This turned out to be due to
signaling that the reload happened before we actually reloaded. This led to a race condition where we
attempted to validate the config was reloaded properly and actually reloading. This change fixes the
ordering of operations and uses a CountDownLatch instead of a AtomicInteger and awaitBusy.
Original commit: elastic/x-pack-elasticsearch@9615f225d6
The XPackFeatureSet.Usage writeTo method failed to write the name to the
StreamOutput whereas the deserialization code expected it to be the first value
present in the StreamInput. This causes xpack usage requests made to nodes
other than the master to fail.
This change fixes the serialization and adds tests to all of the feature sets to ensure
that the usage is serialized properly.
Closeselastic/elasticsearch#3072
Original commit: elastic/x-pack-elasticsearch@eccab616ca