Commit Graph

1612 Commits

Author SHA1 Message Date
Areek Zillur 900ea3cd20 fix XContextSerialization test failure
Original commit: elastic/x-pack-elasticsearch@f2e1b19214
2015-05-29 16:29:13 -04:00
jaymode ba1001a3a4 update BCrypt implementation to version 0.4
This updates the BCrypt implementation that we use to version 0.4, which
corrects an integer overflow bug when a large number of rounds are used.

Closes elastic/elasticsearch#865

Original commit: elastic/x-pack-elasticsearch@2f9a07e7c8
2015-05-29 13:52:39 -04:00
jaymode 2e4f3e8d23 make TLSv1.2 the default protocol
This commit makes TLSv1.2 the default protocol for better security. The
old value of TLS would only pick a TLSv1.0 supporting context and cause
client connections to be negotiated using that protocol when TLSv1.2 is
supported and considered an improved protocol.

Closes elastic/elasticsearch#867

Original commit: elastic/x-pack-elasticsearch@1f062f6dde
2015-05-29 13:46:48 -04:00
jaymode 44017711e2 remove DHE cipher from default list
This commit removes the DHE cipher from our list of enabled ciphers
due to the recently published Logjam attack. The default configuration
is not susceptible to the Logjam attack, but since we support Java 7
the maximum prime size (768 bit) is considered too weak. Java 8 supports
1024 bit primes, but these are also not ideal and this cipher should not be
used with a prime smaller than 2048 bits.

Closes elastic/elasticsearch#862

Original commit: elastic/x-pack-elasticsearch@9785bf47cf
2015-05-29 13:33:54 -04:00
jaymode c01eef8863 Test: update with new core actions and upgrade api changes
Original commit: elastic/x-pack-elasticsearch@0189cf850f
2015-05-29 09:16:31 -04:00
uboness 6175b9efda Disallow negative time value settings
- Consolidated setting validation under `WatcherSettingsValidation`
- `WatcherSettingsException` is now only used for settings errors

We need this consolidation as Guice doesn't deal well with exceptions in constructors. So instead, `WatcherSettingsValidation` can be injected and used as a registry for settings errors and then, since it's a service, if there any registered errors, it'll throw `WatcherSettingsException` when it's started.

Fixes elastic/elasticsearch#539

Original commit: elastic/x-pack-elasticsearch@2c1895d18c
2015-05-28 23:24:18 +02:00
Martijn van Groningen f66f460313 test: removed @Seed
Original commit: elastic/x-pack-elasticsearch@aafc29f3b1
2015-05-28 12:40:33 +02:00
jaymode 9643ec2c62 add support for separate keystore and truststore in HttpClient
The HttpClient class tried to use the truststore as a keystore for watcher with Shield fallback.
This is trappy because in Shield, the default is to only have a keystore that also acts as the
truststore, so the fallback would probably fail in most cases. Additionally, support was missing
for a keystore that had a separate key password.

The new behavior allows for specifying both a keystore and a truststore. If only a keystore is
specified, it will also be used as the truststore. If neither is defined, the system truststore will
be used. All settings fallback to shield settings.

Closes elastic/elasticsearch#480

Original commit: elastic/x-pack-elasticsearch@ad02814806
2015-05-28 06:04:40 -04:00
uboness 45d0fdf3de Changed Execute Watch API response format
- the response now returns the id of the stored watch record
- update/fixed the docs

Closes elastic/elasticsearch#538

Original commit: elastic/x-pack-elasticsearch@5df7d166f4
2015-05-27 21:18:16 +02:00
uboness fb893e774a Add the ability to ack specific actions
- now it's possible to ack specific actions via the `Ack Watch API`
- Added tests for acking specific actions
- Changed the watch status structure such that the action ack state can be referred to by `status.actions.<action_id>.ack` (instead of `status.actions.<action_id>.ack_status`... removed the extra redundant "_status")
- As part of this work, also added validation for watch/action ids, such that we disallow having whitespaces in them.
- Updated the docs around acking & throttling of watch actions

Closes elastic/elasticsearch#531
Closes elastic/elasticsearch#537

Original commit: elastic/x-pack-elasticsearch@813e601bf5
2015-05-27 19:29:46 +02:00
jaymode 84c5115889 Test: use URI so paths work on Windows
Original commit: elastic/x-pack-elasticsearch@3e6a185ac4
2015-05-27 06:55:19 -04:00
jaymode fb7cbbe581 fix compilation due to renamed transport actions
Original commit: elastic/x-pack-elasticsearch@fca64087dd
2015-05-27 06:42:42 -04:00
jaymode 24d63b1eef fix compilation after renamed transport actions
Original commit: elastic/x-pack-elasticsearch@3deb3b184f
2015-05-27 06:31:29 -04:00
jaymode 7c4ce5760f Test: workaround JNA being required on windows now
Adds JNA as a test time dependency to work around it being required on
windows in elasticsearch core.

Original commit: elastic/x-pack-elasticsearch@b8fc70a051
2015-05-26 15:26:01 -04:00
jaymode 39915f92bc update shield to depend on elasticsearch 2.0
This commit is a squashed commit of work done in conjunction with @rmuir to make
shield work properly with elasticsearch 2.0. This includes ensuring all tests
pass when running with the security manager and updating the code to be compatible
with the latest core forbidden apis.

Shield is now a child project of elasticsearch-parent and inherits a lot of common
build, test, and static coverage functionality from that project resulting in a much
smaller and simpler pom.xml for shield. As part of this work, Shield can now read
rest tests from the elasticsearch jar so the rest tests are run automatically when
running the slow tests.

Original commit: elastic/x-pack-elasticsearch@2ebbf4284a
2015-05-26 13:57:58 -04:00
uboness 6acc3f2616 Added support for headers in HttpClient
- HttpResponse now holds the response headers
- Added specific support for content type of the response, based on which we create the xcontent payload.

Original commit: elastic/x-pack-elasticsearch@beae27f576
2015-05-26 16:53:05 +02:00
Brian Murphy 46c111b016 Add execution_duration to watch history records.
This change add the actual length of time a watch spends executing. This is useful to find watches that take long to execute to pinpoint those watches that may be candidates for throttling.
Add the execution_duration as a number of milliseconds rather than a timevalue so it can be aggregated from the watch_history index.

Original commit: elastic/x-pack-elasticsearch@0036468f55
2015-05-26 10:34:24 -04:00
Areek Zillur b21494d95d FIX: Absorb ImmutableSettings into Settings
Original commit: elastic/x-pack-elasticsearch@f0f70f39f1
2015-05-26 00:36:20 -04:00
Robert Muir 6e557b82da simplify license header checking
Original commit: elastic/x-pack-elasticsearch@d48ce3f7bf
2015-05-22 18:44:56 -04:00
uboness 2f48d980b3 Fixing issues after master rebase
Original commit: elastic/x-pack-elasticsearch@d3dfa53483
2015-05-22 20:57:51 +02:00
uboness 33bc0761e7 fixed bad rebase merge
Original commit: elastic/x-pack-elasticsearch@a6793fedf8
2015-05-22 20:57:51 +02:00
uboness 575208c338 Centralized xcontent parsing of time values
- Renamed `WatcherDateUtils` to `WatcherDateTimeUtils`

Original commit: elastic/x-pack-elasticsearch@6b5557058a
2015-05-22 20:57:51 +02:00
uboness e0a70722e0 Move acking/throttling to the action level
Until now, acking and throttling functionality was applied at the watch level. This has major drawbacks in different aspects:

- When multiple actions are defined on a watch, acking a watch effectively acks all the actions. This is conceptually wrong. Say you have two actions: `email` and `index`. It's very likely you'd like to ack the email action (to avoid receiving too many emails) but at the same time continue indexing the data in the `index` action. Right now it's not possible.

- Different actions types may require different throttling. An `email` action probably needs a longer throttle period compared to an `index` action. Also for different `webhook` actions, the throttling is ultimately determined by the 3rd party system that is called.

This commit changes how we do throttling & acking. Moving this functionality to the action level. Now, when acking, each action in the watch will be acked separately. During executiong, each action will determine whether it needs to be throttled or not. The throttler is not associated with the action, not with the watch.

The throttle period was enhanced. There is a default throttle period that is configured for watcher as a whole (using the `watcher.execution.default_throttle_period` setting. Next to that, each `watch` can define its own `throttle_period` that can serve as the default throttle period for the actions in the watch. Lastly, each action can have its own throttle period set.

Since the throttler is now an action "thing", the `throttle` package was renamed to `throttler` and moved under the `actions` package. Also, `WatchThrottler` was renamed to `ActionThrottler`.

With this change, the `Watch Execute API` changed as well. Now, when executing a watch, you can define an execution mode per action. The execution mode offers 4 types of execution:
- `execute`: executes the watch normally (actually executing the action and it may be throttled)
- `force_execute`: skips/ignores throttling and executes the watch
- `simulate`: simulates the watch execution yet it may be throttled
- `force_simulate`: skips/ignores throttling and simulates the watch execution

As part of this change, the structure of the watch status changed along with the xconent representing the `watch_record`. A new `ActionStatus` was introduced (as part of the `WatchStatus`) and is always set for every action in the watch. This status holds:
 - the current state of the action (`ackable`, `awaits_successful_execution`, `acked`)
 - the last execution state (success/failure + reason)
 - the last successful execution state
 - the last throttle state (timestamp + reason)

Original commit: elastic/x-pack-elasticsearch@32c2985ed8
2015-05-22 20:57:51 +02:00
uboness ea91c1e617 third attempt to fix the failing tests windows
Original commit: elastic/x-pack-elasticsearch@30bb93ce4a
2015-05-22 11:39:09 +02:00
Robert Muir 8ea126de90 switch to plugin pom
Original commit: elastic/x-pack-elasticsearch@6fcfa52959
2015-05-21 23:01:57 -04:00
uboness 8e13a03069 fixing failing test on windows... now for realz
Original commit: elastic/x-pack-elasticsearch@159144f18c
2015-05-22 00:41:32 +02:00
Robert Muir 19e1b5597c Merge pull request elastic/elasticsearch#50 from rmuir/parent_cleanups_forbidden
Sync up with elasticsearch-parent changes:

Original commit: elastic/x-pack-elasticsearch@420b0cbd3e
2015-05-21 17:15:35 -04:00
Robert Muir b34b18be3f Remove duplicate test config
Original commit: elastic/x-pack-elasticsearch@2acd8bdf8c
2015-05-21 17:13:28 -04:00
uboness 47e50008a0 fixing failing test on windows
Original commit: elastic/x-pack-elasticsearch@5af44b88d2
2015-05-21 22:00:41 +02:00
Robert Muir 6d66e0f4f5 Resolve paths against environment
Original commit: elastic/x-pack-elasticsearch@7e30f66bc0
2015-05-21 12:25:20 -04:00
Robert Muir e3270183ef Fix this in a simpler way
Original commit: elastic/x-pack-elasticsearch@40bbb991d1
2015-05-21 12:15:36 -04:00
Robert Muir 5f1cfd025c restore executions section here
Original commit: elastic/x-pack-elasticsearch@0ed3d2c5af
2015-05-21 12:05:04 -04:00
Robert Muir e8ee650694 Sync up with elasticsearch-parent changes:
* removes lots of duplicate pom logic
* removes duplicate forbidden API logic
* fixes new forbidden API violations

Original commit: elastic/x-pack-elasticsearch@1fc5c6f79e
2015-05-21 11:49:33 -04:00
Martijn van Groningen 1bdd84bcb2 test: Add a simple runner that allows to run Watcher from the IDE and work out of the box with Sense.
Original commit: elastic/x-pack-elasticsearch@8c4100258e
2015-05-21 14:44:13 +02:00
Martijn van Groningen bbcfecbe90 test: added 'cluster:monitor/nodes/info' role for the test user
Original commit: elastic/x-pack-elasticsearch@78144d3313
2015-05-21 13:35:19 +02:00
Martijn van Groningen 39f83974ef test: added missing roles for the test user
Original commit: elastic/x-pack-elasticsearch@36f6d36817
2015-05-21 12:41:30 +02:00
Martijn van Groningen 2861f8ce21 test: Add more Shield related tests for testing the Watcher roles.
Original commit: elastic/x-pack-elasticsearch@482d8fe65c
2015-05-21 12:05:44 +02:00
Martijn van Groningen 284a60e16d stats: fix npe during serialization
Original commit: elastic/x-pack-elasticsearch@3233836d0b
2015-05-21 11:38:24 +02:00
Martijn van Groningen 60c7e92ced stats: fix serialization error
Original commit: elastic/x-pack-elasticsearch@5210ca9ee7
2015-05-21 11:29:32 +02:00
Martijn van Groningen 283445b9d8 stats: fix npe in rest layer
Original commit: elastic/x-pack-elasticsearch@43b3fcf3e7
2015-05-21 11:12:52 +02:00
Martijn van Groningen c3dd74df7f Expose the current executing watches as part of the Watcher stats API.
The following additional information will be shown per watch that is executing:  `watch_id`, `watch_execution_id`, `triggered_time`, `execution_time`, `execution_phase` (whether it is execution an input, condition or an action) and `stack_trace` (useful for us when a customer reports an issue :) ).

The stats api will by default include the executing watches in the response. In order to control this, a `metric` option has been added, which can be specified as query string argument or as last path element in the stats api url. By default the watcher stats API will only return the basic statistics that are already there.

The `metric` option has the following values:
* `current_watches` - Include the current executing watches in the response.
* `_all` - Include all metrics in the stats response. Not very useful now, but when we expose more metrics in this api it will be more useful.

Original commit: elastic/x-pack-elasticsearch@093bef9bb3
2015-05-21 10:51:51 +02:00
Chris Cowan 1c92b3976b Adding fielddata utilization
Original commit: elastic/x-pack-elasticsearch@f92ef0e38d
2015-05-20 08:57:42 -07:00
Brian Murphy 81d19d3468 [REST-TEST] Remove check for snapshot.
This change removes the check for snapshot in the info test.

Original commit: elastic/x-pack-elasticsearch@5eb0618b56
2015-05-20 09:58:05 -04:00
uboness 7d12d314ad moving version to 2.0.0-SNAPSHOT
Original commit: elastic/x-pack-elasticsearch@58e7b38de5
2015-05-20 15:29:52 +02:00
uboness 0a3c85803c moving version to 1.0.0-Beta1
Original commit: elastic/x-pack-elasticsearch@d88dd97379
2015-05-20 14:23:05 +02:00
uboness 68d0420dd2 Added maven deployment profiles
Original commit: elastic/x-pack-elasticsearch@37a867aa26
2015-05-20 13:36:36 +02:00
uboness 8218170711 Added `execution_result.condition.met` field
Until today we could not search on the `met` field in the condition result. The reason for that is that this field was index as part of the condition result type only, and we disable the indexing for all condition results (to avoid mapping conflicts).

 This commit pulls the `met` condition one level higher and enables its mapping. For now (beta1) we can live with the duplication of the condition result source (were the `met` is not placed in both the condition result type and on the condition result itself). Later we should remove the duplication though.

 An example of a  "compare" condition result now looks like:

 ```
 "condition": {
    "met": true,
    "compare": {
       "met": true,
       "resolved_value": 1
    }
 }
 ```

Original commit: elastic/x-pack-elasticsearch@74a3372c25
2015-05-20 09:46:42 +02:00
Chris Cowan 848b90a720 Adding file descriptors to watcher examples
Original commit: elastic/x-pack-elasticsearch@9d5ee156e8
2015-05-19 14:22:10 -07:00
Martijn van Groningen 2ede3c29d8 test: removed unused method
Original commit: elastic/x-pack-elasticsearch@465bf69daa
2015-05-19 16:58:08 +02:00
uboness 9aef7bb52b Added `compare` condition
A simple `condition` that compares a path into the model in the execution context to a value. The comparison is based on the following possible operators: `eq`, `not_eq`, `lt`, `lte`, `gt`, `gte`.

The following example shows a `compare` condition that checks if the total hits in the payload is greater or equal to 5.

```
{
	"compare" : {
		"ctx.payload.hits.total" : { "gte" :  "5" }
	}
}
```

Original commit: elastic/x-pack-elasticsearch@6d4f2bbf10
2015-05-19 04:17:12 +02:00