Commit Graph

7341 Commits

Author SHA1 Message Date
Areek Zillur 50fb5250ee LicensesService:
- notification management
  - dont notify when NOT_RECOVERED_BLOCK is on
  - clean up & fixes
 - improve tests

Original commit: elastic/x-pack-elasticsearch@907af6d308
2014-10-29 23:14:17 -04:00
Areek Zillur d1b39f2c8e Improved LicensesServiceTests (include randomized stress tests, multiple client registrations)
- minor pom fixing

Original commit: elastic/x-pack-elasticsearch@6a0a141eca
2014-10-29 19:45:40 -04:00
Martijn van Groningen 3e45310877 make more readable
Original commit: elastic/x-pack-elasticsearch@c7727618ac
2014-10-29 14:08:06 +01:00
Martijn van Groningen 12a6de0a57 Moved alert loading to use scan scroll instead of a single normal search
Original commit: elastic/x-pack-elasticsearch@06e70836ec
2014-10-29 10:20:36 +01:00
Martijn van Groningen 1e7fc84f06 Forgot to parse field
Original commit: elastic/x-pack-elasticsearch@23512bce74
2014-10-29 09:46:39 +01:00
Areek Zillur 9a64f00802 Refactored & improved LicensesTransportTests
Ensure that invalid licenses never make it to clusterState

Original commit: elastic/x-pack-elasticsearch@c6dfb6226d
2014-10-28 23:11:36 -04:00
Areek Zillur d431c8b532 thorough plugin integration tests
Original commit: elastic/x-pack-elasticsearch@ff361ee49c
2014-10-28 22:25:41 -04:00
Areek Zillur c2c1eeeb97 increase disable notification timeout for test
Original commit: elastic/x-pack-elasticsearch@59b9fce0bf
2014-10-28 21:44:21 -04:00
Areek Zillur d7c9a2c8fc LicensesService cleanup; test fix
Original commit: elastic/x-pack-elasticsearch@bc6b2fdce9
2014-10-28 21:27:30 -04:00
uboness df3956fafe Changed the realm authentication failure logging
Now it logs the failure on debug and on trace it also logs the full stack trace. There's no point in logging it on info as a lot of the failures that will be logged are just fine (e.g. esusers will fail to authenticate and log the failure, but LDAP will succeed). This logging should only be applied for debugging purposes... for normal logging we have the audit logs

While at it, also cleaned up the Ldap realm code... change java.lang.SecurityException to shield's LdapException

Closes elastic/elasticsearch#281

Original commit: elastic/x-pack-elasticsearch@d5f0ad2efb
2014-10-29 01:41:29 +01:00
Martijn van Groningen 3625b5bc91 Moved over the streaming parsing.
Original commit: elastic/x-pack-elasticsearch@10bd127df5
2014-10-29 00:54:18 +01:00
Areek Zillur 05c5e7f48e WIP: improve plugin integration test; minor changes
Original commit: elastic/x-pack-elasticsearch@39888be13a
2014-10-28 18:58:47 -04:00
Igor Motov 783970f0e7 Fix license metadata serialization
Original commit: elastic/x-pack-elasticsearch@4c838f18d4
2014-10-28 16:45:27 -04:00
Areek Zillur 8d6e0fc164 WIP:
- handle Invalid license case at REST layer
 - improve notification mechanism
 - improve notification tests

Original commit: elastic/x-pack-elasticsearch@a6c26e1601
2014-10-28 14:33:44 -04:00
uboness c5cbd58909 Clearing the realm caches on file updates
- Changed the behaviour of esusers realm so that whenever the `users` or the `users_roles` file are updated, the realm's cache expunges
- Changed LDAP realm such that when the `role_mapping.yml` file is updated, the realm's cache expunges

Also, cleaned up unused code (mainly around esusers and the different stores)

Original commit: elastic/x-pack-elasticsearch@3f093207da
2014-10-28 18:54:40 +01:00
Martijn van Groningen 6b2fbe400e Introduced AlertsStore that is responsible for maintaining / storing / parsing etc of alerts
Original commit: elastic/x-pack-elasticsearch@40aae7dc30
2014-10-28 18:49:23 +01:00
Areek Zillur 68270bb454 Merge branch 'es_integration' of github.com:elasticsearch/elasticsearch-license into es_integration
Original commit: elastic/x-pack-elasticsearch@5a0ea5ba10
2014-10-28 12:08:45 -04:00
Igor Motov 82fa8badeb Fix handling of the local flag on get licenses request
Original commit: elastic/x-pack-elasticsearch@50bb6dc9c3
2014-10-28 12:07:40 -04:00
Areek Zillur 3445af6d93 improve internal feature handling
Original commit: elastic/x-pack-elasticsearch@4b088cb64c
2014-10-28 12:04:55 -04:00
Martijn van Groningen 34c359281a Added a todo
Original commit: elastic/x-pack-elasticsearch@56f5b1326b
2014-10-28 16:35:41 +01:00
Igor Motov 4d1b4ccdec Fix handling of the local flag on get licenses request
Original commit: elastic/x-pack-elasticsearch@4273827728
2014-10-28 10:38:00 -04:00
Brian Murphy 879d88edac Merge pull request elastic/elasticsearch#21 from elasticsearch/alerthistory/jobqueue
Alerthistory/jobqueue

Original commit: elastic/x-pack-elasticsearch@87154dca40
2014-10-28 13:55:14 +00:00
Brian Murphy 4da8f9fec7 AlertActionManager: Add alert action job queue
This change adds the AlertActionManager and AlertActionEntry. The old AlertActionManager has become the AlertActionRegistry.
This means that now the results of Alerts are queued up in a job queue and executed in separate threads.
The AlertActionManager is a composite member of the AlertManager.
Change the BasicTest to just run on a single node to fix the action registration if the action happens on a different node.
Threads are not directly constructed but now the threadpool is used.
The ClusterStateListener in AlertManager is responsible now for starting the job queue.

Original commit: elastic/x-pack-elasticsearch@a73c6b60f8
2014-10-28 13:49:04 +00:00
uboness 3ab8f57f34 [Fix] - Return 401 on any authentication error
Fixes a bug where the wrong exception and wrong error status code (500) were returned when the user sent the wrong username/password. This fixes this beahviour to return an `AuhthenticationException` with a 401 status code.

Fixes elastic/elasticsearch#271

Original commit: elastic/x-pack-elasticsearch@0a120caeae
2014-10-28 14:39:49 +01:00
Areek Zillur 9947dab389 explicit UTC date parsing
Original commit: elastic/x-pack-elasticsearch@80a3f01ab1
2014-10-27 23:35:20 -04:00
Igor Motov 351288b3dc Remove LicenseSpecs
Original commit: elastic/x-pack-elasticsearch@ccdbe41261
2014-10-27 22:38:39 -04:00
Areek Zillur 5a63b6bb8b prefix endpoints with _
Original commit: elastic/x-pack-elasticsearch@b300803aa5
2014-10-27 22:20:15 -04:00
Areek Zillur 021974fb22 Make Type & SubscriptionType strings instead of enums
Original commit: elastic/x-pack-elasticsearch@e48ebc447d
2014-10-27 21:58:00 -04:00
Areek Zillur a82a0a4e6a licensesService cleanup
Original commit: elastic/x-pack-elasticsearch@a1c136d3bb
2014-10-27 21:37:16 -04:00
Areek Zillur 79f430ebaf remove comment
Original commit: elastic/x-pack-elasticsearch@e55d3bebb4
2014-10-27 21:35:14 -04:00
Igor Motov 61b1750058 Refactor license serialization/deserialization
Original commit: elastic/x-pack-elasticsearch@ac0bb4a147
2014-10-27 20:04:09 -04:00
Areek Zillur a57164ec67 REFACTOR: convert internal license feature to json blob
Original commit: elastic/x-pack-elasticsearch@21d99b2219
2014-10-27 17:57:52 -04:00
Paul Echeverri 1f540dbc50 Adds intro text to Clients page, general fixes elsewhere
Original commit: elastic/x-pack-elasticsearch@6a8bd1a4a2
2014-10-27 13:30:28 -07:00
uboness 4c2df8ff3e Cleaned up roles.xml
Also updated the default roles test (to include marvel)

Original commit: elastic/x-pack-elasticsearch@5fb320273f
2014-10-27 21:26:49 +01:00
uboness c7e927734c Fixed a bug in Cluster privileges where resolve failed for template APIs
We now moved from the logic of checking `indices:` and `cluster:` prefixes to determine whether an action is an indices or a cluster action... instead we use the index/cluster privielge `all` privilege to determine that (which is more accurate in the context of shield, as it enables us to move actions between the two categories while keeping their logical name intact)

Also updated the docs to reflect that template related actions are infact cluster actions.

Original commit: elastic/x-pack-elasticsearch@8027334105
2014-10-27 19:31:21 +01:00
Paul Echeverri 647e545c79 Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback
Conflicts:
	docs/public/02-architecture.asciidoc
	docs/public/04-authorization.asciidoc
	docs/public/07-securing-nodes.asciidoc
	docs/public/clients/kibana.asciidoc
	docs/public/clients/logstash.asciidoc
	docs/public/clients/marvel.asciidoc

Original commit: elastic/x-pack-elasticsearch@57efef1bf6
2014-10-27 11:16:58 -07:00
Areek Zillur 7f11de275f minor fix: LicenseSpecs
Original commit: elastic/x-pack-elasticsearch@5c9e0b3ad0
2014-10-27 13:18:36 -04:00
uboness 25d21570d6 Better shield user configuration
Added `shield.user` setting so that the clients won't need to go through the unnatural and tedious process of configuring the `Authorization` header directly (that also requires the user to applicat the base64(username:password) logic.

Now, the user can just set the following settings to bind a user to the client:

```yaml
shield.user: 'username:password'
```

Original commit: elastic/x-pack-elasticsearch@94be3abd92
2014-10-27 18:07:36 +01:00
Areek Zillur d1afd77bde nuked LicenseSpec; merge to ESLicense
Original commit: elastic/x-pack-elasticsearch@f7dc1b7c9c
2014-10-27 12:49:18 -04:00
Areek Zillur 93607c8403 remove trial package
Original commit: elastic/x-pack-elasticsearch@0b194a31a1
2014-10-27 11:30:53 -04:00
Areek Zillur c5c6de5864 Changes:
- nuked TrailLicense
 - Move license expiry enforcement logic to LicensesService
 - clean up ESLicenseManager
 - make notification scheduling logic as lazy as possible
 - make sure to notify from cluster changed only if needed
 - added tests for notification

Original commit: elastic/x-pack-elasticsearch@e31b682f41
2014-10-27 11:27:38 -04:00
Igor Motov b480d1f23c Convert LicenseVerificationTests to use date math
Original commit: elastic/x-pack-elasticsearch@481b9eb821
2014-10-27 10:34:44 -04:00
uboness 99ddffe510 esusers tool - added warnings when using unknown roles
When assigning roles to users, we now show a warning if the assigned roles don't exist.

Closes elastic/elasticsearch#209

Original commit: elastic/x-pack-elasticsearch@c2e9bf03eb
2014-10-26 04:11:27 +01:00
Martijn van Groningen a23487cd38 Fixed build by:
* Using cluster state listener to clear alerts when .alerts index is removed. (when running on multiple nodes the .alerts index is scattered so indices listener doesn't work).
* Remove the starting / loading thread and move the initial loading to cluster state listener.

Original commit: elastic/x-pack-elasticsearch@b8f41db2ea
2014-10-25 23:37:05 +02:00
uboness 33b89301fb Enforces cluster permission checks for all cluster actions
Enforcing means that cluster actions will not be evaluated (as a fallback) by Index permissions. This enables us to move what typically would be considered indices actions and put them under the cluster privileges (a good example for this are all the template management APIs... we want to enforce cluster admin privileges over them).

Original commit: elastic/x-pack-elasticsearch@ee870954f2
2014-10-25 23:17:18 +02:00
Paul Echeverri 4dc8a524f5 Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback
Conflicts:
	docs/public/clients/java.asciidoc

Original commit: elastic/x-pack-elasticsearch@6478165c72
2014-10-24 15:10:26 -07:00
Areek Zillur 41e9d5db6d added node tests
Original commit: elastic/x-pack-elasticsearch@c3957ea221
2014-10-24 16:35:39 -04:00
Areek Zillur e98336872c fix cluster license propagation logic; add logging
Original commit: elastic/x-pack-elasticsearch@854197169f
2014-10-24 14:13:23 -04:00
Bill Hwang 266a53d913 [CI] Add jacoco coverage profile
Original commit: elastic/x-pack-elasticsearch@1f9a665e8f
2014-10-24 10:16:03 -07:00
Martijn van Groningen 449edcda1d * Throw a understandle error if an alert action doesn't exist
* Moved over to a copy on write map instead of a hash map that is protected by synchronized blocks

Original commit: elastic/x-pack-elasticsearch@285515d585
2014-10-24 18:50:47 +02:00