Commit Graph

1260 Commits

Author SHA1 Message Date
Ryan Ernst dcb9145b93 Merge pull request elastic/elasticsearch#2891 from rjernst/license_service_name
Rename LicensesService to LicenseService

Original commit: elastic/x-pack-elasticsearch@e9c3058ca1
2016-07-22 08:47:06 -07:00
Alexander Reelsen efc5de782b Watcher: Refactor integration test into rest test (elastic/elasticsearch#2864)
As the specified integration tests were better suited as REST tests, I changed them into
those and removed the (partially already unused) java classes.

Original commit: elastic/x-pack-elasticsearch@f26d8d94e8
2016-07-22 17:01:57 +02:00
javanna 748962e626 Merge branch 'master' into feature/async_rest_client
Original commit: elastic/x-pack-elasticsearch@cb4f022353
2016-07-22 15:52:44 +02:00
Ryan Ernst a93a5fcd5b Rename LicensesService to LicenseService
We only have one license in 5.x. This change renames the service that
mantains the license state on each node to reflect that fact.

Original commit: elastic/x-pack-elasticsearch@bb241b30cb
2016-07-21 11:59:52 -07:00
Alexander Reelsen 81382262ec Watcher: Hardcode index names for auto index create validation (elastic/elasticsearch#2834)
This is broken in 2.x and returns a wrong index name. We should just use
the indices, that are hardcoded in the error message.

Relates elastic/elasticsearch#2831

Original commit: elastic/x-pack-elasticsearch@457be61013
2016-07-21 14:25:22 +02:00
Jim Ferenczi bd91603f6d Sort plugins in list x-pack extensions command
Fix tests that rely on deterministic order.

Original commit: elastic/x-pack-elasticsearch@324b0db514
2016-07-20 19:45:10 +02:00
Britta Weber 75362e70a3 fix compile
Original commit: elastic/x-pack-elasticsearch@d234e88c22
2016-07-20 19:24:56 +02:00
Ryan Ernst 59c76e1bc6 Merge pull request elastic/elasticsearch#2873 from rjernst/deguice11
Remove guice from authentication and authorization services

Original commit: elastic/x-pack-elasticsearch@323540a4eb
2016-07-20 08:52:25 -07:00
Jim Ferenczi 7467652b43 Add verbose mode for extension list command
This is a late follow up of https://github.com/elastic/elasticsearch/pull/18051
Closes elastic/elasticsearch#2806

Original commit: elastic/x-pack-elasticsearch@d1c9a3d7c5
2016-07-20 14:37:36 +02:00
Ryan Ernst f05005f667 Internal: Remove guice from authentication and authorization services
This change removes guice from most of the rest of security. It also
converts the last use of onModule in xpack extensions to a pull based
extension.

Original commit: elastic/x-pack-elasticsearch@9de072550e
2016-07-19 15:57:29 -07:00
Ryan Ernst 94b9b332d4 Internal: Remove interfaces for auth services
Both AuthenticationService and AuthorizationService are currently
interfaces with single implementations. This is unnecessary, and makes
it harder to deguice. This change removes the abstractions and leaves
just AuthenticationService and AuthorizationService.

Original commit: elastic/x-pack-elasticsearch@d04c897ae4
2016-07-19 14:38:51 -07:00
Ryan Ernst 6c7a9af7bf Internal: Remove use of AuditTrail interface in place of
AuditTrailService

We currently have a number of actions and components which try to write
to the audit trail. But they do so by expecting a bound AuditTrail
object. In reality, this should always be AuditTrailService, except when
security is disabled. This change removes the use of the AuditTrail
interface for that purpose, and instead makes the AuditTrailService
allow an empty list of trails, so that it is always bound when running
on a node.

Original commit: elastic/x-pack-elasticsearch@9559dbd6c1
2016-07-19 13:41:19 -07:00
jaymode 9be5c7df60 security: remove SelfReSchedulingRunnable
This commit removes the SelfReschedulingRunnable and changes the native stores
to use the threadpool for scheduling again since we have now fixed the issue in core.

Original commit: elastic/x-pack-elasticsearch@50030e31ff
2016-07-19 12:19:52 -04:00
Ryan Ernst 4552df11da Merge pull request elastic/elasticsearch#2860 from rjernst/deguice12
Internal: Simplify SecurityContext dependencies

Original commit: elastic/x-pack-elasticsearch@74d0036e80
2016-07-19 09:05:26 -07:00
javanna 63a5001837 [TEST] restore throws IOException clause on all sync performRequest callers
Original commit: elastic/x-pack-elasticsearch@d114419752
2016-07-19 16:51:07 +02:00
javanna 5c31e20746 Use ContentType constant instead of RestClient#JSON_CONTENT_TYPE
Original commit: elastic/x-pack-elasticsearch@6f3165b569
2016-07-19 16:42:32 +02:00
javanna ca557af48c Merge branch 'master' into feature/async_rest_client
Original commit: elastic/x-pack-elasticsearch@693e281d0d
2016-07-19 16:29:50 +02:00
Yannick Welsch ea7ad5d4c5 Add new transport handler introduced by elastic/elasticsearchelastic/elasticsearch#19287
Original commit: elastic/x-pack-elasticsearch@8e71782cba
2016-07-19 14:56:51 +02:00
Martijn van Groningen 7c12fa0eb6 Removed basic sanity test as it caused problems for the clients
Original commit: elastic/x-pack-elasticsearch@1bd7c82708
2016-07-19 10:59:23 +02:00
Martijn van Groningen cc7cfb7fd9 security: Added `set_security_user` ingest processor that enriches documents with user details of the current authenticated user
This is useful if an index is shared with many small customers, which are to small to have their own index or shard,
 and in order to share an index safely they will need to use document level security. This processor can then automatically
 add the username or roles of the current authenticated user to the documents being indexed, so that the DLS query can be simple. (`username: abc` only return data inserted by user abc)

Closes elastic/elasticsearch#2738

Original commit: elastic/x-pack-elasticsearch@f4df2f6d6f
2016-07-19 09:48:52 +02:00
Ryan Ernst a76a6b4e54 Internal: Simplify SecurityContext dependencies
Currently the security context is an object passed around to code
needing to check the user for the current request. Like recent
InternalClient changes, it current depends on the AuthenticationService,
but can be simplified by only knowing about the thread context and
crypto service. This change makes SecurityContext a class, instead of an
interface, and removes the dependency on AuthenticationService.

Original commit: elastic/x-pack-elasticsearch@b8af75e8cb
2016-07-18 17:00:55 -07:00
Ryan Ernst 41eea741b8 Ensure index audit trail is bound for security lifecycle service
Original commit: elastic/x-pack-elasticsearch@bbe7ec0802
2016-07-18 15:13:10 -07:00
Ryan Ernst 411b29e7fa Merge branch 'master' into deguice9
Original commit: elastic/x-pack-elasticsearch@2474231dc1
2016-07-18 14:25:49 -07:00
Ryan Ernst 30b084d372 Merge pull request elastic/elasticsearch#2843 from rjernst/plugin_default_config
Switch to new plugin configuration for integ tests

Original commit: elastic/x-pack-elasticsearch@e2a5da4144
2016-07-18 14:19:52 -07:00
Ryan Ernst f03683fb18 Internal: Remove guice from audit trail construction
This change removes guice from audit trails.

Original commit: elastic/x-pack-elasticsearch@ace1f11dc4
2016-07-18 13:59:51 -07:00
Ryan Ernst e2303f2584 Merge branch 'master' into deguice8
Original commit: elastic/x-pack-elasticsearch@8b273d3f8a
2016-07-18 13:54:43 -07:00
Ryan Ernst 07c9903e8f Merge branch 'master' into remove_script_proxy
Original commit: elastic/x-pack-elasticsearch@0046ab598a
2016-07-18 13:41:21 -07:00
jaymode 67f473a992 test: mute ldap timeout tests
See elastic/elasticsearch#2849

Original commit: elastic/x-pack-elasticsearch@318307073e
2016-07-18 11:20:52 -04:00
Simon Willnauer 12c709ea3a Move over to dedicated TransportClient implementations (elastic/elasticsearch#2819)
Followup of elastic/elasticsearchelastic/elasticsearch#19435
Relates to elastic/elasticsearchelastic/elasticsearch#19412

Original commit: elastic/x-pack-elasticsearch@60f7047ea9
2016-07-18 15:43:29 +02:00
jaymode 34d04a8c78 security: mention comma-separated for IP and DNS name prompts
Original commit: elastic/x-pack-elasticsearch@3e58fc282a
2016-07-18 08:53:17 -04:00
jaymode 59fcb205b5 security: active directory and ldap realm improvements
This commit is a combination of enhancements and fixes to the active directory
and ldap realms. The active directory realm has been enhanced to add support
for authentication against multiple domains in a forest. The ldap realm has
been updated so that:

* attributes required for group resolution are loaded eagerly if possible
* user search can now be executed using unpooled connections
* the default search filter for groups now includes posixGroup and memberUid
to avoid users needed to understand ldap filters

Finally, the UnboundID LDAP SDK was upgraded to the latest version and some
long standing AwaitsFix were addressed.

Closes elastic/elasticsearch#20
Closes elastic/elasticsearch#26
Closes elastic/elasticsearch#1950
Closes elastic/elasticsearch#2145
Closes elastic/elasticsearch#2363

Original commit: elastic/x-pack-elasticsearch@63c9be2337
2016-07-18 08:39:57 -04:00
jaymode 5be3832889 security: add metadata to roles
This commit adds the ability to define metadata for roles. This metadata is currently
only used for the API and to indicate that a role is reserved. We can continue passing
on the metadata as needed, when necessary.

Closes elastic/elasticsearch#2036

Original commit: elastic/x-pack-elasticsearch@8b5f606138
2016-07-18 08:11:43 -04:00
jaymode f42f8cf756 security: add tool to simplify creation of certificate and csr files
This commit adds a CLI tool that can be used to generate a CA and signed certificates in PEM
format. The tool only requires a name of an instance to be provided by the user; ip and dns values
are supported but optional. By default, the tool is interactive and will prompt the user for input but
an option exists to provide a yaml file that contains the necessary information to generate certificates
or signing requests.

The output is in the form of a zip file with subfolders for each instance. Neither the zip file or the PEM
files are encrypted as some parts of our stack do not support encrypted PEM files.

Original commit: elastic/x-pack-elasticsearch@3dc0f8d495
2016-07-18 07:50:17 -04:00
Alexander Reelsen c7e4f51d56 Watcher: Prioritize configured response content type in HttpInput (elastic/elasticsearch#2790)
When a HTTP input has a configured response content, then this should
always be treated as preferred over the content type that is returned
by the server in order to give the user the power to decide.

This also refactors the code a bit to make it more readable.

Closes elastic/elasticsearch#2211

Original commit: elastic/x-pack-elasticsearch@ecdb4f931c
2016-07-18 10:54:48 +02:00
Martijn van Groningen 5b5e0bd787 Updated xpack for changed in elastic/elasticsearch#19425 related to templates
Original commit: elastic/x-pack-elasticsearch@7747f92b89
2016-07-18 08:34:11 +02:00
Ryan Ernst 91441bbd2a Internal: Remove script service proxy
ScriptServiceProxy is a thin wrapper around the ScriptService which does
a runAs the xpack user when compiling. But script services know nothing
about xpack users, so this has no real effect. I believe this is a
remnant of when we had indexed scripts, where the compilation may have
done a get on the scripts index.

This change removes the ScriptServiceProxy. It also renames Script in
watcher to WatcherScript, to remove confusion between elasticsearch's
Script and watchers Script.

Original commit: elastic/x-pack-elasticsearch@4e2fdbc518
2016-07-16 00:10:17 -07:00
Ryan Ernst 525562e48f Add tests for realm construction
Original commit: elastic/x-pack-elasticsearch@a35c103726
2016-07-15 21:36:22 -07:00
Ryan Ernst 9df9957307 Remove guice from realms construction
This change makes the internal realms factories, as well as those added
by extensions, constructed directly instead of via guice. Adding realms
in extensions is now pull based. Finally, all of the generics for realms
and realm factories have been removed.

Original commit: elastic/x-pack-elasticsearch@f0de9d2340
2016-07-15 15:55:28 -07:00
Ryan Ernst 01dfb7481e Build: Switch to new plugin configuration for integ tests
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#19461

Original commit: elastic/x-pack-elasticsearch@bb29f9e948
2016-07-15 14:48:50 -07:00
Chris Earle 1311935122 [Monitoring] Add Request Cache to returned stats for tests
Original commit: elastic/x-pack-elasticsearch@9bc34609c5
2016-07-15 12:51:43 -04:00
Areek Zillur 0db0e2f0c9 Implements cloud_internal license type
"cloud_internal" license type enables dynamically updating license operation mode via a config file.

When the installed license is "cloud_internal", the node level operation mode can be updated by writing
a `license_mode` file in the x-pack config directory (config/x-pack/license_mode). The file is expected
to have a string representing the desired license mode (e.g. "gold", "basic"). In case of a failure to
read a valid license mode from the `license_mode` file, the operation mode for "cloud_internal" license
defaults to PLATINUM.
This change also ensures that the correct operation mode is reported via the _xpack endpoint.

closes elastic/elasticsearch#2042

Original commit: elastic/x-pack-elasticsearch@6a2d788e45
2016-07-15 12:08:34 -04:00
Ryan Ernst 8407f6aaf6 Remove leftover guicyness from client ssl service
Original commit: elastic/x-pack-elasticsearch@f362097ad7
2016-07-15 08:25:59 -07:00
Ryan Ernst 07bb586f1e Remove guice from ssl services
This change removes guice from the client and server ssl services.

Original commit: elastic/x-pack-elasticsearch@d60f8ca474
2016-07-15 00:25:00 -07:00
Ryan Ernst fa26d3716b Merge branch 'master' into rest_headers
Original commit: elastic/x-pack-elasticsearch@28ee29cbe6
2016-07-14 20:20:10 -07:00
Ryan Ernst 394a4fc0c1 Remove unused var
Original commit: elastic/x-pack-elasticsearch@a0dd4600c2
2016-07-14 19:55:10 -07:00
Ryan Ernst f388ef01ed Merge branch 'master' into deguice2
Original commit: elastic/x-pack-elasticsearch@2d7264c2cf
2016-07-14 19:51:58 -07:00
Ryan Ernst b562a83c0b Fix subclasses that no longer need RestController
Original commit: elastic/x-pack-elasticsearch@d762c5f0bb
2016-07-14 19:31:58 -07:00
Ryan Ernst 5d42de803c Merge branch 'master' into rest_headers
Original commit: elastic/x-pack-elasticsearch@b0d14d60e4
2016-07-14 19:04:09 -07:00
Jason Tedor 496e112c5e Rename transport-netty to transport-netty-3
This commit renames the Netty 3 transport module from transport-netty to
transport-netty3. This is to make room for a Netty 4 transport module,
transport-netty4.

Relates elastic/elasticsearch#2827

Original commit: elastic/x-pack-elasticsearch@e6487cefa2
2016-07-14 22:03:29 -04:00
Ryan Ernst 0c81f1b6ad Switch to using rest headers getting
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#19440. It adds a
getter on XPackExtension for extensions that add custom rest headers, in
addition to the headers registered for xpack itself.

Original commit: elastic/x-pack-elasticsearch@bd142b88c6
2016-07-14 18:55:28 -07:00
Jason Tedor 29387eab21 Monitoring index name resolver test awaits fix
This commit moves an awaits fix from
MonitoringIndexNameResolverTestCase#testResolver to
MonitoringIndexNameResolverTestCase#testSource as the previous commit
elastic/x-pack@98e76642ea marked the incorrect test as
awaits fix.

Original commit: elastic/x-pack-elasticsearch@62e9aaa628
2016-07-14 19:52:00 -04:00
Jason Tedor 3c0e83990b Monitoring index name resolver test awaits fix
This commit adds an awaits fix to
MonitoringIndexNameResolverTestCase#testResolver as awaits fix.

Original commit: elastic/x-pack-elasticsearch@586eb37f43
2016-07-14 19:46:05 -04:00
Ryan Ernst e3defb4dbd Internal: Remove guice cyclic dependency with InternalClient
The InternalClient is used by xpack code making requests to other nodes,
to add the xpack user to the thread context. To do this, it uses has a
dependency on the AuthenticationService, which in turn transitively
depends on InternalClient (eg IndexAuditTrail). But to add the xpack
user, the full authentication service is not necessary. Only having the
crypto service is needed in order to encrypt the header.

This change simplifes construction of InternalClient both making it a
real class instead of an interface, and removing the dependency on the
AuthenticationService. It also removes the use of
Provider<InternalClient> in users of the client.

Original commit: elastic/x-pack-elasticsearch@10f633bdf3
2016-07-14 13:46:07 -07:00
Ryan Ernst f481dea1d0 Internal: Remove use of Transport in audit trails
Both logfile and index audit trails currently depend on injection of
Transport in order to find the bound address of the local node. However,
the ClusterService provides access to information about the local node,
including the bound addresses. This change makes the audit trails use
the cluster service, and also makes the logging audit trail not use a
lifecycle.

Original commit: elastic/x-pack-elasticsearch@d747d64ee1
2016-07-14 11:22:41 -07:00
Chris Earle 4224d70986 [Monitoring UI] Use same Index Memory chart for Index page as Node page
This provides the same -- more useful -- index memory chart to the index page, instead of just "Lucene Memory", it now breaks down what it shows just like the Node page as as more generalized "Index Memory" chart. It also rolls Fielddata into the Index Memory. With Fielddata now in the Index Memory chart, I decided to add the Segment Count chart to the Index page.

Original commit: elastic/x-pack-elasticsearch@4e3490ce9c
2016-07-14 13:26:43 -04:00
Lee Hinman 7e4b200f43 [TEST] ensure "index1" is yellow before searching in MigrateToolIT
If the search runs before the primary shards are initialized for the
"index1" index, the search may fail for unrelated reasons.

Resolves elastic/elasticsearch#2818

Original commit: elastic/x-pack-elasticsearch@654ba9e142
2016-07-14 10:18:33 -06:00
Simon Willnauer 1fe0f5c7ac Followup for elastic/elasticsearchelastic/elasticsearch#19428 (elastic/elasticsearch#2815)
elastic/elasticsearchelastic/elasticsearch#19428 removes `node.mode` and `node.local` this PR
fixes xplugins to configure networking explicitly.

Original commit: elastic/x-pack-elasticsearch@ee8daa36dd
2016-07-14 13:21:27 +02:00
Ryan Ernst 7f6788af1a Fix line length
Original commit: elastic/x-pack-elasticsearch@50e9ef0667
2016-07-13 17:05:32 -07:00
Ryan Ernst f82fa65d7d Internal: Remove guice construction of most license classes
This change removes some of the complexity around licensing classes in
xpack. It removes the interfaces for registration and management so the
remaining LicensesService class is the thing that components wanting to
interact with the license should use. It also removes complexity around
the Licensee interface, removing generics and the registration at
construction time, as well as making the licensees no longer have a
lifecycle. There is still more to be done with simplification of license
classes construction, but this is a step towards a simpler world.

Original commit: elastic/x-pack-elasticsearch@5307d67b5b
2016-07-13 14:23:23 -07:00
Chris Earle 870a855827 [License] Fix expected endpoint from [_xpack/_license] to [_xpack/license]
Original commit: elastic/x-pack-elasticsearch@7a48bc674c
2016-07-13 16:06:02 -04:00
Chris Earle 2c3a0db9ec [Watcher] Fix typoed deprecated endpoint
{actions/_ack was accidentally duplicated. It should be _ack/{actions} in the first case.

Original commit: elastic/x-pack-elasticsearch@38895522b5
2016-07-13 14:57:52 -04:00
Areek Zillur b674e016cb [TEST] ensure test license registration is always acknowledged
Original commit: elastic/x-pack-elasticsearch@3a928ba54a
2016-07-13 14:29:39 -04:00
Chris Earle a7c884be61 [License] Log Deprecation Warnings for old API usage
This makes use of the registerAsDeprecatedHandler method to automatically warn users when they're using deprecated functionality.

This will also automatically provide a Warning header for anyone using HTTP clients (though they have to be looking for it...).

- This also adds deprecated `/_licenses` variants of the endpoint. Users are consistently making that mistake, and it's easy enough to support this way. Can remove it if people disagree though.

License portion only

Original commit: elastic/x-pack-elasticsearch@431c871fcf
2016-07-13 13:36:05 -04:00
Chris Earle 641caabdae [Watcher] Log Deprecation Warnings for old API usage
This makes use of the registerAsDeprecatedHandler method to automatically warn users when they're using deprecated functionality.

This will also automatically provide a Warning header for anyone using HTTP clients (though they have to be looking for it...).

- This also changes from PUT _start, _restart, _stop (Watcher endpoints) to POST _start, _restart, _stop
    - The deprecated variant still honors PUT
- Nothing about the hijack endpoints was deprecated because they did not change from 2.x

Watcher portion only

Original commit: elastic/x-pack-elasticsearch@36f87a6526
2016-07-13 13:23:10 -04:00
Karel Minarik 63add2c959 Monitoring: Added `timeout: 60s` to the setup section of "Bulk indexing of monitoring data" test
When the monitoring tests are run in isolation, they succeed. However, when the whole suite of
REST tests is being run at the same time, the "Bulk indexing of monitoring data" intermittently
fails with a timeout. Therefore, a timeout of 60 seconds has been added.

Closes elastic/elasticsearch#2809

Original commit: elastic/x-pack-elasticsearch@d11dc7a2be
2016-07-13 17:40:20 +02:00
Alexander Reelsen e124e211c9 Watcher: Move YAML test into own project to not interfere with client tests (elastic/elasticsearch#2804)
This particular test requires Elasticsearch to run on port 9400, which is not
guaranteed if the clients run their own tests, as it is a matter of configuration
in gradle.

Therefore these tests need to run in their project.

Original commit: elastic/x-pack-elasticsearch@da38407766
2016-07-13 16:08:13 +02:00
Simon Willnauer 89f98c60dc [TEST] Use valid file extension for mapping tests
Original commit: elastic/x-pack-elasticsearch@080699aeb8
2016-07-13 10:37:08 +02:00
Simon Willnauer 691bdfcf14 Merge pull request elastic/elasticsearch#2792 from elastic/modularize_netty
this is a followup for elastic/elasticsearchelastic/elasticsearch#19392 Modularizing Netty

Original commit: elastic/x-pack-elasticsearch@504c8110dd
2016-07-13 09:52:34 +02:00
Nik Everett d46f83c53b Fix compilation error
Core changed...

Original commit: elastic/x-pack-elasticsearch@c80d5fd042
2016-07-12 22:47:20 -04:00
Ryan Ernst ed3b4afca9 Sync createComponents signature with core
Original commit: elastic/x-pack-elasticsearch@7874ff411f
2016-07-12 15:06:51 -07:00
Ryan Ernst 464e1bee37 Merge branch 'master' into deguice1
Original commit: elastic/x-pack-elasticsearch@078230ed0d
2016-07-12 15:04:49 -07:00
Ryan Ernst 8b2cdebf88 Merge pull request elastic/elasticsearch#2788 from rjernst/license1
Internal: Simplify creation of trial license

Original commit: elastic/x-pack-elasticsearch@1c92544b65
2016-07-12 13:44:21 -07:00
javanna c86c433aab Rest client: move to async client under the hood
Some configuration changes are needed due to the move to the async http client

Original commit: elastic/x-pack-elasticsearch@2f28dec0a0
2016-07-12 18:25:27 +02:00
Simon Willnauer 6522f49d83 Add MockNettyPlugin to sidestep permissions assertion in pseudo integ tests
Original commit: elastic/x-pack-elasticsearch@9e7f6532fb
2016-07-12 17:56:06 +02:00
Simon Willnauer 9204920d9a fix tests to use the transport-netty plugin
Original commit: elastic/x-pack-elasticsearch@65c0cd0cf2
2016-07-12 14:35:07 +02:00
javanna 50c24ba4ce RestClient: simplify ssl configuration
Original commit: elastic/x-pack-elasticsearch@1600743249
2016-07-12 12:31:40 +02:00
javanna 107ab2d71d Rest Client: add callback to customize http client settings
The callback replaces the ability to fully replace the http client instance. By doing that, one used to lose any default that the RestClient had set for the underlying http client. Given that you'd usually override one or two things only, like a couple of timeout values, the ssl factory or the default credentials providers, it is not uder friendly if by doing that users end up replacing the whole http client instance and lose any default set by us.

Original commit: elastic/x-pack-elasticsearch@03adca6f62
2016-07-12 12:31:40 +02:00
Alexander Reelsen 4360cccad7 Watcher: Prevent NPE on chained input toXContent (elastic/elasticsearch#2776)
If a chained input was aborted with an exception, then toXContent ran
into a NPE instead of rendering.

Closes elastic/elasticsearch#2774

Original commit: elastic/x-pack-elasticsearch@a3795f2290
2016-07-12 09:33:32 +02:00
Ryan Ernst a2359d13f3 Add jar dependency on netty module
Original commit: elastic/x-pack-elasticsearch@f653855378
2016-07-11 23:57:08 -07:00
Ryan Ernst a9ace27107 Internal: Simplify creation of trial license
Currently each node monitors the cluster state for a license, and if it
does not find one, it sends a request to the master to generate a trial
license. However, the master node has this same logic. Since the master
node is the only thing that can change the cluster state, we know that
once some node becomes master, it will notice the lack of license,
generate a trial license, and send a cluster state update. The trigger
from every node telling the master to generate the trial license is not
needed.

This change removes the register_trial_license action that the non
master nodes used. It removes the need for the TransportService in the
LicensesService, which will help with deguicing.

Original commit: elastic/x-pack-elasticsearch@a71656847e
2016-07-11 22:37:23 -07:00
Ryan Ernst dd89a7b061 Remove guice from watcher http client and related classes.
This is the first deguicing for xplugins to use the new
createComponents(). The removal was very straightforward. One thing to
note is HttpAuthFactory only has one implementation (basic auth), but I
kept the registry and such for now. Also, HttpRequest.Parser is only
used in 2 tests, not at all in main code, it should probably be removed.

Original commit: elastic/x-pack-elasticsearch@839e7e4900
2016-07-11 18:05:33 -07:00
Areek Zillur 149df1fd44 [FIX] adapt licensing rest tests to new spec-api name
Original commit: elastic/x-pack-elasticsearch@c307c2afda
2016-07-11 18:27:05 -04:00
Ryan Ernst e92860f552 Plugin node modules/services rename to guice related
See elastic/elasticsearchelastic/elasticsearch#19371

Original commit: elastic/x-pack-elasticsearch@40f7e43cc5
2016-07-11 14:28:47 -07:00
Karel Minarik 87ea79bad6 License Plugin: Removed installing a special license in the delete REST test
We can rely on the automatically installed license being present.

Related: elastic/elasticsearch#2782

Original commit: elastic/x-pack-elasticsearch@a038ac71e9
2016-07-11 23:08:49 +02:00
Karel Minarik 22c19acbcf License Plugin: Added a `teardown` to put license back
Since the "Should throw 404 after license deletion" test deletes the license,
a subsequent test run fails for many tests in other components.

This patch adds a `teardown` section to install back a trial development license.

Closes elastic/elasticsearch#2782

Original commit: elastic/x-pack-elasticsearch@45ec5d4244
2016-07-11 23:08:34 +02:00
Ryan Ernst 7438177313 Internal: Create CryptoService without guice
This change creates the CryptoService during xpack plugin construction,
and also collapses the only implementation of CryptoService into a
class instead of an interface.

Original commit: elastic/x-pack-elasticsearch@7f00a5d6ef
2016-07-11 12:18:39 -07:00
jaymode 84a60d2548 test: mute audit trail test that fails periodically
Original commit: elastic/x-pack-elasticsearch@83972e5c2b
2016-07-11 15:08:32 -04:00
Ryan Ernst 2827c686bd Fix spacing in watcher test class
Original commit: elastic/x-pack-elasticsearch@49b94780d7
2016-07-11 11:48:51 -07:00
Ryan Ernst f13764dbc0 Merge branch 'master' into clock_init_without_guice
Original commit: elastic/x-pack-elasticsearch@8a1e4758c9
2016-07-11 11:48:29 -07:00
Karel Minarik 96b1bd9b64 License Plugin: Added a "setup" action to the REST test for delete
The delete test has been relying on the license already being installed
in the cluster from the other test. However, many runners run tests
in arbitrary order, so it has been failing.

This patch adds a "Trial Development" license as the first action
in the test.

Related: elastic/elasticsearch#2777

Closes elastic/elasticsearch#2778

Original commit: elastic/x-pack-elasticsearch@cd198cf67a
2016-07-11 20:46:13 +02:00
Karel Minarik d0fa318d22 License Plugin: Fixed the incorrect namespace and indentation for the REST tests
The actions in the `do` sections of tests definitions have not been indented, which
confused the Ruby YAML parser.

Also, the calls to `license.*` have not been prefixed with the `xpack` API.

Related: elastic/elasticsearch#2777

Original commit: elastic/x-pack-elasticsearch@b2da7d2703
2016-07-11 20:46:13 +02:00
Karel Minarik 28d6fbd782 License Plugin: Added the `xpack` namespace to the REST API definition
In order to be consistent with the other X-Pack APIs, the `license.*` APIs
have been prefixed with `xpack`.

Closes elastic/elasticsearch#2777

Original commit: elastic/x-pack-elasticsearch@cd35a2d4aa
2016-07-11 20:46:03 +02:00
Karel Minarik 427563132e Watcher: Added `teardown` sections to the REST tests
The tests have been failing because they haven't cleaned up the environment
after their run, leaving documents with watches behind.

This patch adds `teardown` sections which delete the documents
created by tests.

Related: elastic/elasticsearch#2648

Closes elastic/elasticsearch#2690

Original commit: elastic/x-pack-elasticsearch@e34e40d879
2016-07-11 18:47:30 +02:00
Karel Minarik ec3b11d802 Watcher: Changed check for `_status.version` in the REST tests
The check is failing, because even when the document is deleted before
the test, the version of the document in Elasticsearch sticks around
for a while.

I have changed the test to use the `is_true` operator to check for
the presence of the field only.

Original commit: elastic/x-pack-elasticsearch@308ffe34f0
2016-07-11 18:47:26 +02:00
Karel Minarik 4fae88f943 Watcher: Fixed YAML syntax for `xpack.watcher.stats` calls in REST tests
The shorthand format has been failing in the Ruby runner. Not sure if
this is particular to the Ruby YAML library, but I think there's no
harm in making the syntax standard.

Original commit: elastic/x-pack-elasticsearch@d753cad64a
2016-07-11 18:47:16 +02:00
Karel Minarik dc6e78a62c Graph: Moved the index creation to a `setup` section in the REST test
Closes elastic/elasticsearch#2679

Original commit: elastic/x-pack-elasticsearch@51a4a5e530
2016-07-11 18:42:03 +02:00
Karel Minarik 0b3c97c083 Graph: Fixed incorrect API call in the REST test
Related: elastic/elasticsearch#2678

Original commit: elastic/x-pack-elasticsearch@3157c97ca2
2016-07-11 18:42:03 +02:00
Karel Minarik 7d6a68fd0a Graph: Added the `xpack` namespace to the Graph API JSON specification
The `graph.explore` API has not been prefixed with `xpack`, as the other X-Pack APIs.

Closes elastic/elasticsearch#2678

Original commit: elastic/x-pack-elasticsearch@4501fb5b63
2016-07-11 18:39:03 +02:00
Ryan Ernst 5ea799cf51 Merge pull request elastic/elasticsearch#2772 from rjernst/remove_secret_service
Internal: Remove SecretService

Original commit: elastic/x-pack-elasticsearch@65981535dc
2016-07-11 09:06:33 -07:00
Chris Earle 16b3056b1f [Monitoring] Change xpack.monitoring.agent to xpack.monitoring.collection
This changes the xpack.monitoring.agent.* settings so that they fall under xpack.monitoring.collection.*.

- This also changes Kibana's equivalent data_collection to collection.

Original commit: elastic/x-pack-elasticsearch@a69bc18055
2016-07-11 12:03:01 -04:00
Ryan Ernst b862db93d0 Ensure CryptoService is not null for node only services
Original commit: elastic/x-pack-elasticsearch@b17e3620b5
2016-07-11 08:38:12 -07:00
Ryan Ernst eade405b8f Merge pull request elastic/elasticsearch#2770 from rjernst/simpler_crypto_api
Internal: Simplify CryptoService api

Original commit: elastic/x-pack-elasticsearch@de3f270cbb
2016-07-11 08:36:13 -07:00
jaymode c364a71310 test: output users array on anonymous failure
See elastic/elasticsearch#2773

Original commit: elastic/x-pack-elasticsearch@24871ee1ea
2016-07-11 09:49:26 -04:00
Simon Willnauer 9dab9eb762 Followup from elastic/elasticsearchelastic/elasticsearch#19332
Added missing IOException and simplified filtering out mock transports
for security integration tests.

Relates to elastic/elasticseachelastic/elasticsearch#19332

Original commit: elastic/x-pack-elasticsearch@8a5c015c3d
2016-07-11 12:16:53 +02:00
javanna f783dc1db8 Fix some SSL related deprecation warnings
Original commit: elastic/x-pack-elasticsearch@311e3d626b
2016-07-11 09:37:49 +02:00
javanna 86d1805d40 Rest Client: use short performRequest methods when possible
Original commit: elastic/x-pack-elasticsearch@088d6c7ad8
2016-07-11 09:37:49 +02:00
Ryan Ernst 6bcf79dd6c Internal: Remove SecretService
The SecretService implements a subset of the api provided by the
CryptoService. Currently the CryptoService is simply bound to null when
in the transport client or when security is disabled. This change
converts all users of the SecretService to the CryptoService, and any
tests using SecretService.Insecure to simply using null.

Original commit: elastic/x-pack-elasticsearch@8251c65ffe
2016-07-11 00:04:14 -07:00
Ryan Ernst 1c10efc60f Internal: Simplify CryptoService api
The CryptoService currently has a lot of variations of methods that are
unused. It really only uses sign/unsign, encrypt/decrypt. This change
trims the api down to those needed methods.

Original commit: elastic/x-pack-elasticsearch@92e83efeb7
2016-07-10 14:47:48 -07:00
Ryan Ernst 4d72a29b63 Security: Load system key at startup only
This change removes the polling xpack did for changes to the system key.

closes elastic/elasticsearch#2768

Original commit: elastic/x-pack-elasticsearch@fe009071a8
2016-07-09 15:25:08 -07:00
Ryan Ernst 6b5aea138f Internal: Initialize Clock directly instead of with guice
The Clock interface, which basically allows testing in watcher to "time
warp" is currently constructed using guice. This change constructs it
using a protected method on XPackPlugin which can be overriden in tests.
This allows removing the ClockModule. For now, the Clock still needs to
be bound in guice, but this at least removes one guice construction, and
shows how other things can be overriden for tests.

Original commit: elastic/x-pack-elasticsearch@7addaea086
2016-07-08 08:54:23 -07:00
Areek Zillur 005304afa9 Merge branch 'master' into simplify_license_service_scheduling
Original commit: elastic/x-pack-elasticsearch@91258f1a3c
2016-07-07 17:54:46 -04:00
Areek Zillur adce8215ab Removed redundant tests from the days when license was a separate plugin
Original commit: elastic/x-pack-elasticsearch@def1c5092a
2016-07-07 17:38:29 -04:00
Nik Everett 87e84bf9e1 Handle core's cleanup of terms aggregation
Original commit: elastic/x-pack-elasticsearch@c764d11867
2016-07-07 17:06:07 -04:00
Areek Zillur 57544b8688 incorporate feedback
Original commit: elastic/x-pack-elasticsearch@f10ea80143
2016-07-07 16:22:42 -04:00
Chris Earle d1e08c5dd4 [Security] Log Deprecation Warnings for old API usage
This makes use of the registerAsDeprecatedHandler method to automatically warn users when they're using deprecated functionality.

This will also automatically provide a Warning header for anyone using HTTP clients (though they have to be looking for it...).

Security portion only

Original commit: elastic/x-pack-elasticsearch@ab1a50fe06
2016-07-07 12:10:35 -04:00
Robert Muir 0b52cedf60 Merge pull request elastic/elasticsearch#2736 from rmuir/fls_cache
support lucene query cache when using FLS

Original commit: elastic/x-pack-elasticsearch@5b7054b702
2016-07-07 12:06:31 -04:00
Robert Muir 3a0aa13127 support lucene query cache when using FLS
Original commit: elastic/x-pack-elasticsearch@d1e8b9605d
2016-07-07 10:28:10 -04:00
Alexander Reelsen a4fe1da401 Tests: Fix xpack usage stats rest test
Original commit: elastic/x-pack-elasticsearch@cc6d2b9a35
2016-07-07 15:50:51 +02:00
Tanguy Leroux f861bb1661 MockScriptEngine and associated plugin has changed in ES core
Original commit: elastic/x-pack-elasticsearch@bb31b7b7c9
2016-07-07 15:27:04 +02:00
Alexander Reelsen 2c31e343b0 Watcher: Add usage stats
This adds the following stats to the usage stats

* Across all active watches
  * Number of triggers per type
  * Number of inputs per type
  * Number of transforms per type
  * Number of conditions per type
  * Number of actions per type
* Total number of watches
* Total number of active watches
* Per action
  * Execution time total
  * Execution time mean
  * Invocation count
* Total use of watch metadata

Internally this uses a `Counters` helper class, so that creating counters does not require
you to decide about the map structure.

Relates elastic/elasticsearch#2210

Original commit: elastic/x-pack-elasticsearch@e6f95ba290
2016-07-07 14:45:00 +02:00
Areek Zillur 7e3fac9b35 add comment regarding scheduling license with future issue date
Original commit: elastic/x-pack-elasticsearch@7d4094da1e
2016-07-06 17:29:10 -04:00
Areek Zillur c67beb1359 add expiry callback documentation
Original commit: elastic/x-pack-elasticsearch@03326406d1
2016-07-06 17:19:46 -04:00
Areek Zillur 827d68c7b0 initialize scheduler in constructor
Original commit: elastic/x-pack-elasticsearch@283ddf3aa3
2016-07-06 17:11:08 -04:00
Areek Zillur 3150bfa876 Simplify expiry callback code
Original commit: elastic/x-pack-elasticsearch@56e8e19048
2016-07-06 17:09:20 -04:00
Robert Muir 2583e9cd97 support negated set (denied fields) in FieldSubsetReader
Original commit: elastic/x-pack-elasticsearch@0a54417175
2016-07-06 16:58:03 -04:00
Chris Earle dbe189b064 [Monitoring] Decouple Kibana Stats Publishing from Application Version
This changes the way that Kibana (and future applications) send their monitoring stats to Elasticsearch.

Instead of sending their payloads with the System ID (e.g., "kibana") and System Version (e.g., "5.0.0-alpha4"), it now expects the System ID and System _API_ Version (e.g., "2"). This means a few things:

- Future releases are automatically compatible with previous releases as long as the API version doesn't change.
- Users don't have to update Kibana at the exact same time as their cluster (which technically means rolling updates were temporarily blockers of Kibana monitoring before).
- We can accept old API versions (if we need to make a breaking change) and automatically up-convert them to the latest API version. (We are in full control of how far back we choose to accept)

In general, this change implies that users should be updating their Monitoring cluster before their _monitored_ cluster(s) to get the best opportunity of monitoring backwards compatibility. That way if any API change does occur, then it can up-convert as needed. Then, any ES node should be updated, and only then should Kibana be updated. This is not required in any way, but it will give the smoothest experience.

Original commit: elastic/x-pack-elasticsearch@d3c24936e1
2016-07-06 11:24:22 -04:00
Chris Earle acaefe89fa [Security] Check CryptoService for null before using
While testing another PR, I noticed that when Security is disabled, the _xpack/usage API throws a NullPointerException.

This checks for null before using it, and adds tests to verify behavior.

Original commit: elastic/x-pack-elasticsearch@6474af6569
2016-07-06 11:20:03 -04:00
Ryan Ernst dec8319d77 Merge branch 'master' into less_drugs
Original commit: elastic/x-pack-elasticsearch@fde8483759
2016-07-05 20:48:12 -07:00
Areek Zillur b1886ce978 address feedback
Original commit: elastic/x-pack-elasticsearch@f6b1d58c5b
2016-07-05 16:07:50 -04:00
Jason Tedor 3577389f95 Rename writeThrowable to writeException
This commit is a response to upstream change
elastic/elasticsearch@96f283c195.

Original commit: elastic/x-pack-elasticsearch@2e485d4e76
2016-07-05 14:46:50 -04:00
Areek Zillur ce10289540 update to master
Original commit: elastic/x-pack-elasticsearch@9bc098f879
2016-07-05 11:29:30 -04:00
Areek Zillur d88e1ddb27 Merge branch 'master' into simplify_license_service_scheduling
Original commit: elastic/x-pack-elasticsearch@faa20465e4
2016-07-05 10:51:40 -04:00
Areek Zillur 3c5fca12ba cleanup unit tests
Original commit: elastic/x-pack-elasticsearch@f759f45b7f
2016-07-05 10:15:01 -04:00
Adrien Grand 5533470959 master is now 5.0.0-alpha5
Original commit: elastic/x-pack-elasticsearch@ce2a255cde
2016-07-05 15:27:27 +02:00
jaymode e861608c59 security: extend usage stats
This commit extends the usage stats to include the usage of ssl, ip filtering, auditing,
system key, field and document level security, and the number of roles.

See elastic/elasticsearch#2210

Original commit: elastic/x-pack-elasticsearch@e44c5748ba
2016-07-05 08:57:25 -04:00
Alexander Reelsen e8c1e7f9d8 Watcher: Dont hide exceptions during watch execution
When a painless exception is raised in the script condition, it was not bubbled up due to
catching exceptions on during execution. This removes the different catching of exceptions
and allows the watch record construct to contain an exception that is also serialized correctly
so that it can be stored in the watch history but also returned in the execute watch API.

This also updates the watch history template, so that exceptions are not indexed, but logged.

Relates elastic/elasticsearch#2587

Original commit: elastic/x-pack-elasticsearch@4dffb672bf
2016-07-05 09:33:44 +02:00
Jason Tedor f1670a3845 Rename UserError
The top-level class Throwable represents all errors and exceptions in
Java. This hierarchy is divided into Error and Exception, the former
being serious problems that applications should not try to catch and the
latter representing exceptional conditions that an application might
want to catch and handle. This commit renames
org.elasticsearch.cli.UserError to org.elasticsearch.UserException to
make its name consistent with where it falls in this hierarchy.

Relates elastic/elasticsearch#2701

Original commit: elastic/x-pack-elasticsearch@589e159ec0
2016-07-04 19:22:46 -04:00
Boaz Leskes 8cc49b5b30 Remove DummyTransportAddress (elastic/elasticsearch#2048)
this is a partner PR to elastic/elasticsearchelastic/elasticsearch#17811

Original commit: elastic/x-pack-elasticsearch@1db11e4340
2016-07-04 21:09:53 +02:00
Tanguy Leroux bd0cf521aa Enable Checkstyle RedundantModifier
Original commit: elastic/x-pack-elasticsearch@7455e88dce
2016-07-04 15:17:50 +02:00
Jason Tedor 1cd53c41e2 Do not catch throwable
Today throughout the codebase, catch throwable is used with reckless
abandon. This is dangerous because the throwable could be a fatal
virtual machine error resulting from an internal error in the JVM, or an
out of memory error or a stack overflow error that leaves the virtual
machine in an unstable and unpredictable state. This commit removes
catch throwable from the codebase and removes the temptation to use it
by modifying listener APIs to receive instances of Exception instead of
the top-level Throwable.

Relates elastic/elasticsearch#2694

Original commit: elastic/x-pack-elasticsearch@7ecdd7d978
2016-07-04 08:41:08 -04:00
Colin Goodheart-Smithe b008a4de74 fixes package declarations in security tests
Original commit: elastic/x-pack-elasticsearch@09ed28aee3
2016-07-04 10:28:13 +01:00
Nik Everett 98f34c1120 Handle core removing addField
It is addStoredField now.

Original commit: elastic/x-pack-elasticsearch@c42c18894f
2016-07-04 09:36:36 +02:00
Ryan Ernst 03cbf82101 Remove WatcherSettingsValidation service
This looks like it predates settings validation in core, and only had a
single use inside the watcher ExecutionService. This change moves the
settings inside ExecutionService to be validated settings, and removes
the watcher specific validation.

Original commit: elastic/x-pack-elasticsearch@82843ce56c
2016-07-02 15:51:09 -07:00
Ryan Ernst d6ff6211eb Merge pull request elastic/elasticsearch#2685 from rjernst/uninject_htmlsanitizer
Uninject HtmlSanitizer

Original commit: elastic/x-pack-elasticsearch@4a6c8cdee6
2016-07-01 16:26:57 -07:00
Ryan Ernst 9f52066bdb Removed generics from LifecycleComponent
This is the xplugins side of elastic/elasticsearch#19225

Original commit: elastic/x-pack-elasticsearch@845a945552
2016-07-01 16:23:13 -07:00
Ryan Ernst 09c8418a50 Fix xpack tests with node info ctor changes
Original commit: elastic/x-pack-elasticsearch@c741a2d231
2016-07-01 14:15:19 -07:00
Ryan Ernst 36a8c24b6b Uninject HtmlSanitizer
This is just a utility used by the email action and does not need to be
injected.

Original commit: elastic/x-pack-elasticsearch@4555db634c
2016-07-01 13:45:16 -07:00
Tanguy Leroux 561fc86585 Fix checkstyle violations
Original commit: elastic/x-pack-elasticsearch@187f1cbd35
2016-07-01 17:13:08 +02:00
Tanguy Leroux 17684f1e76 Fix order of modifiers
Original commit: elastic/x-pack-elasticsearch@1f970e78ba
2016-07-01 16:54:53 +02:00
Simon Willnauer 158a6b5588 Cleanup BytesRefrence interface (elastic/elasticsearch#2670)
This is a followup of elastic/elasticsearchelastic/elasticsearch#19196

Original commit: elastic/x-pack-elasticsearch@1d0398e89a
2016-07-01 16:09:53 +02:00
Alexander Reelsen 6527683e48 Licensing: Return HTTP 403 forbidden instead of 401 in exception (elastic/elasticsearch#2673)
When a license exception is raised, we returned 401 as HTTP error code
in there. However this seems to have triggered some browsers to actually
ask for login credentials, which wont have any impact here.

Closes elastic/elasticsearch#1863

Original commit: elastic/x-pack-elasticsearch@cc63abdac8
2016-07-01 14:32:42 +02:00
javanna 4eb21f4c01 [TEST] eagerly parse response body at ObjectPath initialization and read content type from response headers
We are going to parse the body anyways whenever it's in json format as it is going to be stashed. It is not useful to lazily parse it anymore. Also this allows us to not rely on automatic detection of the xcontent type based on the content of the response, but rather read the content type from the response headers.

Original commit: elastic/x-pack-elasticsearch@11be4684ae
2016-07-01 09:49:47 +02:00
javanna 579baa2bca [TEST] make JsonPath independent of data format, rename to ObjectPath
The internal representation of the object that JsonPath gives access to is a map. That is independent of the initial input format, which is json but could also be yaml etc.
This commit renames JsonPath to ObjectPath and adds a static method to create an ObjectPath from an XContent

Original commit: elastic/x-pack-elasticsearch@bc84c68161
2016-07-01 09:49:47 +02:00
Ryan Ernst 8d6d96d2f8 Merge pull request elastic/elasticsearch#2658 from rjernst/rest_handler_client
Change rest handler interface to use NodeClient

Original commit: elastic/x-pack-elasticsearch@82da58cc0c
2016-06-30 11:00:14 -07:00
Jay Modi 060120b53d Merge pull request elastic/elasticsearch#2660 from jaymode/rest_test_teardown
test: move teardown logic into the rest tests

Original commit: elastic/x-pack-elasticsearch@81a273a4c7
2016-06-30 12:03:07 -04:00
Boaz Leskes 7c1bc0c8de adapt randomFrom to not use null as a first param, in preparation for https://github.com/elastic/elasticsearch/pull/19172
Original commit: elastic/x-pack-elasticsearch@50296d6cfc
2016-06-30 17:55:17 +02:00
Lee Hinman 8c54887ab8 Merge remote-tracking branch 'dakrone/migrate-tool-master'
Original commit: elastic/x-pack-elasticsearch@ce82529d4b
2016-06-30 09:53:52 -06:00
jaymode 4999f3a38c test: remove unnecessary teardown section in license test
Original commit: elastic/x-pack-elasticsearch@b457404452
2016-06-30 11:39:37 -04:00
Lee Hinman 238eed2075 Throw correct exception type, reduce boilerplate in boolean statement
Original commit: elastic/x-pack-elasticsearch@1e33c4d8f2
2016-06-30 09:34:08 -06:00
Ryan Ernst 82e4330e87 Merge branch 'master' into rest_handler_client
Original commit: elastic/x-pack-elasticsearch@7fcc120767
2016-06-30 08:16:50 -07:00
jaymode d1b945d1f2 security: remove user/role deletion logic in XPackRestTestCase
Original commit: elastic/x-pack-elasticsearch@d6064e520a
2016-06-30 11:15:05 -04:00
Karel Minarik 67706a9a19 [SECURITY] Changed the setup/teardown YAML structure in the integration test for roles
Related: 176fd6a

Original commit: elastic/x-pack-elasticsearch@90e210dbc2
2016-06-30 11:15:05 -04:00
Karel Minarik 6d535043f8 [SECURITY] Added a `teardown` section to the integration test for roles
Currently, the REST tests for security (and possibly others) don't clean up the environment
after they have run, eg. they don't delete the users and roles they create. This leads to
test failures, because in a subsequent run, a user or role already exists, so eg. a test
like `match: { role: { created: true } }` fails.

This patch adds a `teardown` section to the test, with `do` actions which are to be
executed _after_ the test runs.

This patch assumes that REST tests runners for all languages support the `teardown` directive
in a xUnimt nomenclature -- similarly to the `setup` directive, which they already support.

Original commit: elastic/x-pack-elasticsearch@70d0ff4ee9
2016-06-30 11:15:05 -04:00
Simon Willnauer 30dd9ab09c Follup PR fore elastic/elasticsearchelastic/elasticsearch#19096 (elastic/elasticsearch#2656)
This PR is a cleanup / follup for elastic/elasticsearchelastic/elasticsearch#19096

Original commit: elastic/x-pack-elasticsearch@052b9a85a7
2016-06-30 13:42:09 +02:00
Martijn van Groningen 7c988b78e1 test: test that DLS is applied before FLS
Original commit: elastic/x-pack-elasticsearch@c7c12cc8d6
2016-06-30 12:32:37 +02:00
Ryan Ernst b513f2bb6b Merge branch 'master' into script_service_deps
Original commit: elastic/x-pack-elasticsearch@d4269e190d
2016-06-29 23:35:29 -07:00
Ryan Ernst 0fcb52a794 Merge branch 'master' into rest_handler_client
Original commit: elastic/x-pack-elasticsearch@429edeea84
2016-06-29 17:03:27 -07:00
Ryan Ernst 7822f28d7b Simplify rest handler constructors
This is the xplugins side of moving the client dependency for rest
handlers to the handleRequest method

Original commit: elastic/x-pack-elasticsearch@ce66e35e7b
2016-06-29 16:30:55 -07:00
Nik Everett 672d91f2a4 Move rest handler registration to ActionPlugin
Original commit: elastic/x-pack-elasticsearch@b3bc7d4a9f
2016-06-29 18:32:58 -04:00
Lee Hinman 92637d2eec Use client http ssl settings if applicable
Original commit: elastic/x-pack-elasticsearch@c74116d40a
2016-06-29 15:00:39 -06:00
Lee Hinman 4d7d9ad5b9 get the SSL status from the node settings
Original commit: elastic/x-pack-elasticsearch@6fff3e6ce1
2016-06-29 10:07:23 -06:00
Lee Hinman 27fb1e036e switch to RoleDescriptor jsonification, rename esusersSettings -> fileRealmSettings
Original commit: elastic/x-pack-elasticsearch@a7181a329a
2016-06-29 09:56:52 -06:00
jaymode b06249279e security: REST spec cleanup and authenticate tests create user
This change cleans up the rest API specs and changes the documentation field to a link. Additionally,
the integration tests for xpack now use the elastic user rather than a dummy user from a file realm.

Closes elastic/elasticsearch#2458
Closes elastic/elasticsearch#2437

Original commit: elastic/x-pack-elasticsearch@8059a0d856
2016-06-29 11:42:44 -04:00
Lee Hinman b4c19734ac Fail hard if retrieving user/role fails or adding user/role fails
Original commit: elastic/x-pack-elasticsearch@d641dab31c
2016-06-29 09:37:59 -06:00
Lee Hinman 24d7472cea Fix compilation for missing client
Original commit: elastic/x-pack-elasticsearch@586c5d0716
2016-06-29 09:37:47 -06:00
Lee Hinman db39da77c5 Merge remote-tracking branch 'origin/master' into migrate-tool-master
Original commit: elastic/x-pack-elasticsearch@eaa4b2923f
2016-06-29 09:30:07 -06:00
Lee Hinman ca1d92409f Move setup into a @Before method
Original commit: elastic/x-pack-elasticsearch@21b8cb5be3
2016-06-29 09:29:46 -06:00
Lee Hinman 26000c324d Move comment to be in correct place
Original commit: elastic/x-pack-elasticsearch@51fb594e9b
2016-06-29 09:29:38 -06:00
Tanguy Leroux a06f4a02fd Rename Marvel packages and directories to Monitoring
related to elastic/elasticsearch#2383

Original commit: elastic/x-pack-elasticsearch@7f4001a031
2016-06-29 09:10:25 +02:00
Ryan Ernst 2d0055de35 Make script service a cluster state listener
Original commit: elastic/x-pack-elasticsearch@dc763f3d66
2016-06-28 14:06:53 -07:00
Areek Zillur 0e39df71f6 Merge branch 'master' into simplify_license_service_scheduling
Original commit: elastic/x-pack-elasticsearch@2f32594297
2016-06-28 13:11:52 -04:00
Yannick Welsch 1762d1d96c Fix wrong logger usages
Relates to elastic/elasticsearchelastic/elasticsearch#19126

Original commit: elastic/x-pack-elasticsearch@e644f2bd9c
2016-06-28 16:46:31 +02:00
Nik Everett 6f6426b444 Switch plugin action registration to pull
Original commit: elastic/x-pack-elasticsearch@2154918b6e
2016-06-28 08:56:54 -04:00
Jason Tedor b378ff780b Modify poll interval setting in native realm test
This commit modifies the construction of the poll interval setting in
the native realm tests in response to upstream change
elastic/elasticsearchelastic/elasticsearch#2f638b5a23597967a98b1ced1deac91d64af5a44.

Original commit: elastic/x-pack-elasticsearch@c6f60f51f4
2016-06-27 18:43:33 -04:00
Lee Hinman a289fbd168 Add a tool to migrate users/roles from file to native realm
This adds the `bin/shield/migrate` tool that allows migrating users and
roles from the files to the native (API-based) store.

It looks like this:

```
λ bin/shield/migrate native -U http://localhost:9200 -u test_user -p changeme -n lee,foo -r role1,role2,role3,role4,foo
starting migration of users and roles...
importing users from [/home/hinmanm/scratch/elasticsearch-2.4.0-SNAPSHOT/config/shield/users]...
found existing users: [test_user, joe3, joe2]
migrating user [lee]
{"user":{"created":true}}
no user [foo] found, skipping
importing roles from [/home/hinmanm/scratch/elasticsearch-2.4.0-SNAPSHOT/config/shield/roles.yml]...
found existing roles: [marvel_user, role_query_fields, admin_role, role3, admin, remote_marvel_agent, power_user, role_new_format_name_array, role_run_as, logstash, role_fields, role_run_as1, role_new_format, kibana4_server, user, transport_client, role1.ab, role_query]
migrating role [role1]
{"role":{"created":true}}
migrating role [role2]
{"role":{"created":true}}
role [role3] already exists, skipping
migrating role [role4]
failed to migrate role [role4] with body: {"indices":[{"names":["idx2"]},{"names":["idx2"]},{"names":["idx1"]}]}
java.io.IOException: {"error":{"root_cause":[{"type":"parse_exception","reason":"failed to parse indices privileges for role [role4]. missing required [privileges] field"}],"type":"parse_exception","reason":"failed to parse indices privileges for role [role4]. missing required [privileges] field"},"status":400}
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.postURL(ESNativeRealmMigrateTool.java:206)
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.importRoles(ESNativeRealmMigrateTool.java:389)
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.execute(ESNativeRealmMigrateTool.java:171)
  at org.elasticsearch.common.cli.CliTool.execute(CliTool.java:153)
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool.main(ESNativeRealmMigrateTool.java:91)
Caused by: java.io.IOException: Server returned HTTP response code: 400 for URL: http://localhost:9200/_shield/role/role4
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1840)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.postURL(ESNativeRealmMigrateTool.java:192)
  ... 4 more

no role [foo] found, skipping
users and roles imported.
```

Original commit: elastic/x-pack-elasticsearch@3ce47c0ffd
2016-06-27 14:20:45 -06:00
Nik Everett a673c44036 Support IndicesModule list constructor
Original commit: elastic/x-pack-elasticsearch@c88e2b82b7
2016-06-27 15:04:17 -04:00
Boaz Leskes 62a46a2e8d revert elastic/x-pack@0513ff4168 as https://github.com/elastic/elasticsearch/pull/18992 was reverted as well
Original commit: elastic/x-pack-elasticsearch@febaaff840
2016-06-27 20:19:20 +02:00
Luca Cavanna b5bb2d2fdc Merge pull request elastic/elasticsearch#2576 from javanna/fix/xpack-rest-testcase-watcher
[TEST] remove start and stop watcher from XPackRestTestCase

Original commit: elastic/x-pack-elasticsearch@192be0db8b
2016-06-27 14:52:39 +02:00
Alexander Reelsen ebf00cc9e5 Dependencies: Upgrade jimfs to 1.1 removed unneeded guava calls (elastic/elasticsearch#2614)
Guava should only be used by the HTML sanitizer and no other code

Original commit: elastic/x-pack-elasticsearch@6a20674768
2016-06-27 11:07:15 +02:00
Alexander Reelsen 32c9f86124 Watcher: Support for inline attachments (elastic/elasticsearch#2601)
If an attachment is configured of disposition type INLINE, and is referred to
in HTML body parts, then some email clients can display images inside of an HTML
email and refer to those attachments.

Watcher already had support for inlined attachments, however this could not be configured
from a watch, but just via the Java API. Also it was not tested.

This commit changes the attachment to decide on creation if it should be inline or a regular
attachment and adds a test.

Relates elastic/elasticsearch#2381
Relates elastic/elasticsearch#2464
Closes elastic/elasticsearch#2557

Original commit: elastic/x-pack-elasticsearch@84935ffb18
2016-06-27 10:45:10 +02:00
Lee Hinman 4990296a5c Remove too-strict validation of role names
When parsing the privileges, we now no longer throw an exception if
there haven't been any names parsed out. This is not an issue though,
because we validate that the `names` array is not empty when we parse
it, and that it's not `null` before returning from the function.

Adds a rest test that sends things out of order to test this still
works.

Resolves elastic/elasticsearch#2606

Original commit: elastic/x-pack-elasticsearch@62a38bea8f
2016-06-24 12:00:24 -06:00
Alexander Reelsen f78f848681 Watcher: Fix acknowledgement REST API endpoints
Add new REST API endpoint to acknoweldging actions. The old endpoints
have not been removed as part of this PR, but can be in the next major
version.

Update the documentation to remove the parameter based example, and
mention that the old endpoints are going to be removed in the future.

Closes elastic/elasticsearch#2517

Original commit: elastic/x-pack-elasticsearch@e2558e9e1f
2016-06-24 16:50:35 +02:00
Tanguy Leroux 6ed9f50457 Fix SearchInputIT.testSearchInlineTemplate
The search type is overridden from default to query_and_fetch by the search action if the number of shards to request is equal to 1

Original commit: elastic/x-pack-elasticsearch@a9552c697c
2016-06-24 09:19:59 +02:00
Yannick Welsch 74efdd4a94 Disable failing test NodeStatsTests.testNodeStats
Original commit: elastic/x-pack-elasticsearch@954badc4a4
2016-06-23 13:36:06 +02:00
Tanguy Leroux a20fb42b70 Fix SearchInputIT.testSearchIndexedTemplate
Original commit: elastic/x-pack-elasticsearch@4011a7bc9b
2016-06-23 12:33:49 +02:00
Tanguy Leroux 77a641b0fc Mute SecurityCachePermissionIT as it was before
Original commit: elastic/x-pack-elasticsearch@89c40f7bc0
2016-06-23 10:26:45 +02:00
Yannick Welsch b3ba1be659 Fix checkstyle line length limit
Original commit: elastic/x-pack-elasticsearch@717ab001d1
2016-06-23 10:01:02 +02:00
Tanguy Leroux 99ade96091 Watcher: Remove usage of SearchRequest's template support
Template support is going to be removed from the Search API to its own Search Template API in the lang-mustache module (see elastic/elasticsearch#17906, elastic/elasticsearch#18765). This commit changes Watcher's SearchInput and SearchTransform classes so that it now uses a WatcherSearchTemplateRequest that contains both the search request and the template. Search request and template are rendered using WatcherSearchTemplateRequestService before being executed.

Original commit: elastic/x-pack-elasticsearch@bfa16ab80f
2016-06-23 09:31:47 +02:00
Alexander Reelsen f6abf979ce Fixed compilation issue
Relates elastic/elasticsearchelastic/elasticsearch#18914

Original commit: elastic/x-pack-elasticsearch@35b6960b9e
2016-06-23 09:06:02 +02:00
Nik Everett 9aecf6330a Handle core removing addField
It is addStoredField now.

Original commit: elastic/x-pack-elasticsearch@265d716b31
2016-06-22 12:45:25 -04:00
javanna ffae647b8b [TEST] remove start and stop watcher from XPackRestTestCase
We were ignoring the response code which is always 401 because the license is not good to start watcher. Plus all tests run fine without these methods.

Original commit: elastic/x-pack-elasticsearch@f93e1c2777
2016-06-22 15:51:53 +02:00
Alexander Reelsen 5883efc976 Watcher: Remove support for _timestamp field in index action (elastic/elasticsearch#2575)
The watch index action was using the _timestamp field by default.
This functionality now needs to be configured explicitely for a special
field that is part of that document which is going to be indexed.

Relates elastic/elasticsearchelastic/elasticsearch#18980

Original commit: elastic/x-pack-elasticsearch@dfa4cf2296
2016-06-22 14:31:27 +02:00
javanna 1ea3397956 Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@cb39e935d5
2016-06-22 09:50:28 +02:00
Alexander Reelsen 4f55896af8 Tests: Fix ManualPublicSmtpServersTester to make it work again
Original commit: elastic/x-pack-elasticsearch@8cf12ed485
2016-06-22 08:40:25 +02:00
javanna a030239c9e Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@6437c6572d
2016-06-21 16:22:25 +02:00
Martijn van Groningen 52bdda62c7 fixed compile error caused by change in core
Original commit: elastic/x-pack-elasticsearch@92e4939d8f
2016-06-21 09:38:25 +02:00
Daniel Mitterdorfer d5e7536766 Adjust line length in ChainTransformTests to 140 chars
Original commit: elastic/x-pack-elasticsearch@bbced70aa7
2016-06-21 07:28:00 +02:00
Simon Willnauer a54d3bc3d5 Remove LazyInitializable and friends (elastic/elasticsearch#2558)
This class should have never existed, I fixed all places where we messed aroudn with this
and resolved dependencies or let guice deal with it.

Original commit: elastic/x-pack-elasticsearch@6a42c4153d
2016-06-20 17:25:30 +02:00
jaymode c024dbfc49 security: remove use of shield in files and directory names
This commit removes as much of the use of shield as possible in the source code.

See elastic/elasticsearch#2383

Original commit: elastic/x-pack-elasticsearch@00009cc06e
2016-06-20 10:26:10 -04:00
Simon Willnauer 0fcbf8c6ca Cleanup unnecessary modules and use current version across the board (elastic/elasticsearch#2556)
Followup for elastic/elasticsearchelastic/elasticsearch#18969

Original commit: elastic/x-pack-elasticsearch@c86a5969c7
2016-06-20 12:15:32 +02:00
Tanguy Leroux 24e9baeefb Remove scriptRemoved() method
Related to elastic/elasticsearch@18572

Original commit: elastic/x-pack-elasticsearch@ec43b58111
2016-06-20 10:33:18 +02:00
Tim Sullivan a2637da78a Merge pull request elastic/elasticsearch#2512 from elastic/monitoring-ui-kibana
Monitoring UI: Kibana Dashboards

Original commit: elastic/x-pack-elasticsearch@4279ab9601
2016-06-17 11:02:25 -07:00
jaymode dd7a43a93f security: optimize field level security for match all fields
This commit handles the use of `*` as a field in a role as effectively disabling field level
security. We do this to take advantage of caches that we disable when field level security
is active.

See elastic/elasticsearch#2407

Original commit: elastic/x-pack-elasticsearch@d96e18d57c
2016-06-17 11:49:36 -04:00
Areek Zillur b15753f0cc Merge branch 'enhancement/rollover_api'
Original commit: elastic/x-pack-elasticsearch@2d5bd5959e
2016-06-17 11:32:02 -04:00
Simon Willnauer 5e300fc1e4 Cleanup ClusterService dependencies and detached from Guice (elastic/elasticsearch#2542)
followup for elastic/elasticsearchelastic/elasticsearch#18941

Original commit: elastic/x-pack-elasticsearch@6b8680b5e9
2016-06-17 17:07:22 +02:00
Areek Zillur 384861ef75 Merge branch 'master' into enhancement/rollover_api
Original commit: elastic/x-pack-elasticsearch@0217fa2a12
2016-06-17 10:32:47 -04:00
Areek Zillur 568bf49578 add rollover to known actions
Original commit: elastic/x-pack-elasticsearch@296e4ea4c2
2016-06-17 10:32:28 -04:00
jaymode eeb964c886 security: default role checks authenticating realm
This change makes the default role check the authenticating realm when authorizing
a request for the current user (or run as user) where the user is trying to change their
own password. We need to do this, otherwise we open up the potential of a user in one
realm changing the password of a user in another realm.

As part of this work, the authentication service has been refactored and simplified. A
new object, Authentication, is now returned when authenticating. Currently, this object
contains the user, authenticating realm information, and if it is a run as request the
information of the realm that looked up the user.

Closes elastic/elasticsearch#2089

Original commit: elastic/x-pack-elasticsearch@3fd9c37a16
2016-06-17 10:31:54 -04:00
javanna 966fff2009 Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@9c8cfc915f
2016-06-17 13:50:36 +02:00
jaymode 27958cc708 security: add charset to the WWW-Authenticate header
The WWW-Authenticate header can optionally specify the charset that the server uses after
decoding credentials. If this is not specified, most clients will limit the available characters to
ISO-8859-1, which causes issues for certain characters.

See RFC 7617

Closes elastic/elasticsearch#2290

Original commit: elastic/x-pack-elasticsearch@44411eebe7
2016-06-17 07:44:44 -04:00
Ryan Ernst e985159f65 Merge branch 'master' into plugin_name_api
Original commit: elastic/x-pack-elasticsearch@ddc161e695
2016-06-16 14:34:23 -07:00
Areek Zillur 09b8495974 Merge branch 'master' into enhancement/rollover_api
Original commit: elastic/x-pack-elasticsearch@f7a6e27f12
2016-06-16 17:28:14 -04:00
Timothy Sullivan f231341f90 monitoring ui: add heap.size_limit to Kibana stats
Original commit: elastic/x-pack-elasticsearch@c74e90c34e
2016-06-16 12:24:52 -07:00
Jonathan Budzenski e07d73e91c monitoring ui: add overall and plugin statuses to ops data
Original commit: elastic/x-pack-elasticsearch@9dff2cf9ae
2016-06-16 12:24:52 -07:00
Simon Willnauer b2c944a480 Cut over settings registration to a pull model elastic/elasticsearchelastic/elasticsearch#18890 (elastic/elasticsearch#2538)
Followup for elastic/elasticsearchelastic/elasticsearch#18890

Original commit: elastic/x-pack-elasticsearch@a65ee6913f
2016-06-16 15:53:01 +02:00
Simon Willnauer 36ad326483 Simplify ScriptModule and script registration elastic/elasticsearchelastic/elasticsearch#18903 (elastic/elasticsearch#2535)
follow up PR for elastic/elasticsearchelastic/elasticsearch#18903

Original commit: elastic/x-pack-elasticsearch@d6ab3ab141
2016-06-16 09:35:16 +02:00
Ryan Ernst 7cb7f85709 Remove name() and description() from plugin api
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#18906

Original commit: elastic/x-pack-elasticsearch@b47422fe91
2016-06-15 17:11:34 -07:00
Areek Zillur d8d5bb3683 xpack fixes for elasticsearchelastic/elasticsearch#18732
Original commit: elastic/x-pack-elasticsearch@fdb1cea1db
2016-06-15 15:48:21 -04:00
Nik Everett f92314ba00 Disable field stats cache if field level security
Field level security poisons that cache.

Closes elastic/elasticsearch#2528

Original commit: elastic/x-pack-elasticsearch@12ca4a2ef4
2016-06-15 15:17:06 -04:00
jaymode f8ba97c42f test: mute test until we can fix the field stats caching
Original commit: elastic/x-pack-elasticsearch@06ce7da477
2016-06-15 08:52:22 -04:00
javanna 82a19cda0e Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@f8d810f0e8
2016-06-15 11:49:34 +02:00
Nik Everett 1c170fb081 Make task/get known
Original commit: elastic/x-pack-elasticsearch@ce4bca4b86
2016-06-14 13:38:04 -04:00
jaymode 3c1218ac1c security: don't iterate over realms if authentication is not enabled
This changes the realms iterator call to alway return a empty iterator when we have a basic license
otherwise an exception would be thrown.

Closes elastic/elasticsearch#2474

Original commit: elastic/x-pack-elasticsearch@168cab9e1d
2016-06-14 06:41:58 -04:00
Jim Ferenczi ce8ffab7f2 Add support for a policy file (x-pack-extension-security.policy) in an x-pack extension
Fix elastic/elasticsearch#2094

Original commit: elastic/x-pack-elasticsearch@bc017064d0
2016-06-14 10:20:54 +02:00
Martijn van Groningen 1ecebab0aa security: Add `_field_names` field to the list of meta fields that are always allowed visible
The logic that filters `_field_names` field's terms is encapsulated in `FieldSubsetReader.java`,
but that doesn't kick in if `_field_names` is an allowed field.

Closes elastic/elasticsearch#2504

Original commit: elastic/x-pack-elasticsearch@d81ec9477a
2016-06-13 21:36:37 +02:00
Martijn van Groningen eb5248d127 fix test compile error
Original commit: elastic/x-pack-elasticsearch@61c4a8eb9a
2016-06-13 21:15:58 +02:00
Alexander Reelsen acc692bf68 Watcher: Putting a watch now stores its state correctly
The active state was not serialized in the PutWatchRequest leading to
to always setting it to active, when a different node than the master
node was hit with a put watch request.

Closes elastic/elasticsearch#2490

Original commit: elastic/x-pack-elasticsearch@060c0fa35f
2016-06-13 15:34:22 +02:00
jaymode aa292561c0 test: remove AwaitsFix for field stats API test
This was fixed in core but the awaits fix was not removed here.

Original commit: elastic/x-pack-elasticsearch@357a797b5e
2016-06-13 09:30:22 -04:00
Nik Everett 2dd6cfae2b Handle core changing TimeValue to Writeable
Original commit: elastic/x-pack-elasticsearch@72e33d6e52
2016-06-10 15:48:54 -04:00
Adrien Grand 8a03988c03 Upgrade code for Lucene 6.1.
Original commit: elastic/x-pack-elasticsearch@282299cebe
2016-06-10 18:57:31 +02:00
javanna c4ea0ae34d Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@f11da04658
2016-06-09 17:44:06 +02:00
javanna 8bf2d93fac rename ElasticsearchResponse and ElasticsearchResponseException to Response and ResponseException
Original commit: elastic/x-pack-elasticsearch@edfd24f003
2016-06-09 16:55:39 +02:00
Nik Everett a334ea57fc Replace setRefresh with setRefreshPolicy
setRefresh is being removed from core.

Original commit: elastic/x-pack-elasticsearch@b865d06c6d
2016-06-08 13:41:28 -04:00
markharwood 294fabb817 Graph refactored package name to new xpack convention as per issue 2383
Original commit: elastic/x-pack-elasticsearch@ae798f64e8
2016-06-07 14:04:04 +01:00
jaymode 370406bdc0 test: update active directory certificate
This change removes the old active directory certificate and replaces it with the AD
CA certificate that is valid until 2029 instead of needing to be changed yearly.

Closes elastic/elasticsearch#2440

Original commit: elastic/x-pack-elasticsearch@2f05bdfd01
2016-06-07 08:56:42 -04:00
Boaz Leskes 41ea6ee515 AwaitFix ActiveDirectoryGroupsResolverTests
Original commit: elastic/x-pack-elasticsearch@00f1052212
2016-06-07 14:37:02 +02:00
Jason Tedor 576a543a28 Register watcher thread pool
This commit register the watcher thread pool in the thread pool module
in core, and also makes the necessary changes to reflect a refactoring
that took place in core.

Relates elastic/elasticsearch#2397

Original commit: elastic/x-pack-elasticsearch@be298a7578
2016-06-06 22:09:58 -04:00
Nik Everett dacc22f57a Handle core's block_until_refresh
s/request.setRefresh/request.setRefreshPolicy/

setRefresh is still supported on the builder for backwards
compatibility but not on the request itself.

Original commit: elastic/x-pack-elasticsearch@8763e2e65f
2016-06-06 10:43:14 -04:00
Alexander Reelsen ad53f0080a X-pack: Fix xpack usage action name to not use info action name
Original commit: elastic/x-pack-elasticsearch@a26e913521
2016-06-06 12:00:10 +02:00
javanna a45b260244 [TEST] lower to 5s the wait for the Thread.sleep
Original commit: elastic/x-pack-elasticsearch@6efeb937cd
2016-06-04 01:10:47 +02:00
javanna 359bc7b028 fix line length issue
Original commit: elastic/x-pack-elasticsearch@e9afa504a5
2016-06-03 23:14:33 +02:00
javanna db27d0ab20 rename ElasticsearchResponse#getFirstHeader to getHeader
Original commit: elastic/x-pack-elasticsearch@8ca2f6d6dd
2016-06-03 18:28:45 +02:00
javanna e240ca8043 [TEST] adapt to "create standard RestClient at first request and reuse it"
A RestClient instance is now created whenever EsIntegTestCase#getRestClient is invoked for the first time. It is then kept until the cluster is cleared (depending on the cluster scope of the test).

Renamed other two restClient methods to createRestClient, as that instance needs to be closed and managed in the tests.

Original commit: elastic/x-pack-elasticsearch@3a9d6f6e90
2016-06-03 18:09:05 +02:00
javanna 601169833b [TEST] remove usage of deprecated apis
Original commit: elastic/x-pack-elasticsearch@4f4af3f5c5
2016-06-03 17:09:43 +02:00
javanna ad9a64e854 [TEST] add a lot of forgotten try with resources to wrap ElasticsearchResponses
Original commit: elastic/x-pack-elasticsearch@e4634ea599
2016-06-03 16:42:06 +02:00
javanna 4e2766df11 replace some more usage of HttpClient with RestClient
Original commit: elastic/x-pack-elasticsearch@a3cb53b7a0
2016-06-03 16:13:52 +02:00
javanna 57f8063c3a update XPackRestTestCase to use low level RestClient
Original commit: elastic/x-pack-elasticsearch@8c16c9b06e
2016-06-03 16:13:52 +02:00
javanna e882fb3a18 Replace rest test client with low level RestClient
We still have a wrapper called RestTestClient that is very specific to Rest tests, as well as RestTestResponse etc. but all the low level bits around http connections etc. are now handled by RestClient.

Original commit: elastic/x-pack-elasticsearch@304487ecc5
2016-06-03 16:13:52 +02:00
javanna f58f347fe1 Replace HttpRequestBuilder usages with official RestClient
Original commit: elastic/x-pack-elasticsearch@7428498b47
2016-06-03 16:13:52 +02:00
Christoph Büscher 9774e5472a Adapt to api changes in es core, inner query parsing now return Optional<QueryBuilder>
Changes relate to elastic/elasticsearch#17624

Original commit: elastic/x-pack-elasticsearch@bd9d31a9ff
2016-06-02 18:37:30 +02:00
Areek Zillur e996b78b04 Revert "move trigger package to top-level x-pack"
This reverts commit elastic/x-pack@bb0add9416.

Original commit: elastic/x-pack-elasticsearch@fc20c8c307
2016-06-01 21:30:08 -04:00
Areek Zillur 51144b3330 Revert "move trigger tests to top-level x-pack test directory"
This reverts commit elastic/x-pack@1615d496d5.

Original commit: elastic/x-pack-elasticsearch@bcc2ae8e26
2016-06-01 21:29:43 -04:00
Areek Zillur 42b8d33ea7 awaitfix integ license expiry and grace notification tests
Original commit: elastic/x-pack-elasticsearch@bb03eb0e73
2016-06-01 16:48:50 -04:00
Areek Zillur c9a7052133 add license service unit tests
Original commit: elastic/x-pack-elasticsearch@08e8652c25
2016-06-01 15:31:26 -04:00
Areek Zillur d350073f4b simplify license service to use schedule engine for license notification
Original commit: elastic/x-pack-elasticsearch@81ccb56406
2016-06-01 15:31:17 -04:00
Areek Zillur 91c03c4423 modify license manager interface to return current license state
Original commit: elastic/x-pack-elasticsearch@9fee416239
2016-06-01 15:31:08 -04:00
Areek Zillur 3693fc6fc3 extract expiration callback
Original commit: elastic/x-pack-elasticsearch@7e9f150aef
2016-06-01 15:30:56 -04:00
Areek Zillur 95631d955e use clock interface for license service
Original commit: elastic/x-pack-elasticsearch@f7d4795926
2016-06-01 15:30:45 -04:00
Areek Zillur 9a398b9413 remove redundant license update response
Original commit: elastic/x-pack-elasticsearch@ef2aea8324
2016-06-01 15:30:04 -04:00
Areek Zillur 6ff8124640 Merge pull request elastic/elasticsearch#2388 from areek/extract_scheduler_engine_to_xpack
[refactor] extract trigger package and scheduler engine to top-level x-pack directory

Original commit: elastic/x-pack-elasticsearch@0a89cf2ca3
2016-06-01 15:27:24 -04:00
Areek Zillur f9c214ac1c move trigger tests to top-level x-pack test directory
Original commit: elastic/x-pack-elasticsearch@d29aeddae8
2016-06-01 15:04:05 -04:00
jaymode 4083bae777 test: set debug log level on the external cluster
Original commit: elastic/x-pack-elasticsearch@e23afb5fbc
2016-06-01 14:35:24 -04:00
Areek Zillur a7aa18aa17 move trigger package to top-level x-pack
Original commit: elastic/x-pack-elasticsearch@4f955a0c4a
2016-06-01 14:31:22 -04:00
Areek Zillur 58a0d42ff8 Merge branch 'master' into extract_scheduler_engine_to_xpack
Original commit: elastic/x-pack-elasticsearch@1fef4b9a31
2016-06-01 12:34:34 -04:00
Areek Zillur a818fc50f3 cleanup redundant schedules array
Original commit: elastic/x-pack-elasticsearch@30ec462545
2016-06-01 11:42:12 -04:00
Areek Zillur 54215ae4d5 Merge pull request elastic/elasticsearch#2386 from areek/move_clock_module_to_xpack
[refactor] move clock module to x-pack package

Original commit: elastic/x-pack-elasticsearch@750d3962cb
2016-06-01 11:22:30 -04:00
jaymode d5e64a0524 test: lowercase index name
Original commit: elastic/x-pack-elasticsearch@3e037eca8a
2016-06-01 10:02:51 -04:00
Yannick Welsch 11908868c5 Remove handlers that have been removed from core
Removes handlers internal:cluster/node/index/deleted and internal:cluster/node/index_store/deleted that have been removed in core as part of elastic/elasticsearchelastic/elasticsearch#18602

Original commit: elastic/x-pack-elasticsearch@e040871e5a
2016-06-01 15:23:18 +02:00
jaymode 9d1ed22def security: add delete permissions to kibana_user role
Closes elastic/elasticsearch#2393

Original commit: elastic/x-pack-elasticsearch@4a096befd0
2016-06-01 08:09:01 -04:00
jaymode a2f3f304d3 test: update Kibana role integ tests to use built in role
Original commit: elastic/x-pack-elasticsearch@89f3104a4b
2016-06-01 07:24:14 -04:00
Jason Tedor b046a08842 Fix version compatability test
This commit fixes the version compatability test by updating the version
to reflect the current version in core.

Original commit: elastic/x-pack-elasticsearch@0bb6dbc1c3
2016-05-31 22:08:56 -04:00
Areek Zillur 961656932c extract schedule engine to x-pack package
Original commit: elastic/x-pack-elasticsearch@f968882306
2016-05-31 16:35:56 -04:00
Areek Zillur dab72186e5 move clock module to x-pack package
Original commit: elastic/x-pack-elasticsearch@6f0ecb5518
2016-05-31 16:29:18 -04:00
jaymode a58ed3ed32 security: rename /authenticate /_authenticate
We use the _ to indicate actions in endpoint names. It appears that the _authenticate API was
incorrectly removed in elastic/elasticsearch#2174. This adds it back.

Original commit: elastic/x-pack-elasticsearch@0a0b85d05a
2016-05-31 12:37:07 -04:00
jaymode fbeda210ae test: add logging to randomly failing IndexAuditIT
Original commit: elastic/x-pack-elasticsearch@3abd1ec0b5
2016-05-31 12:22:26 -04:00
jaymode 8d6b279bf2 test: catch socketexception which may also be thrown
We need to catch SocketException as this can be thrown during the handshake we expect
to fail if the server closes the socket during the handshake.

Closes elastic/elasticsearch#2378

Original commit: elastic/x-pack-elasticsearch@45c4b93ab6
2016-05-31 10:29:31 -04:00
Alexander Reelsen 0aec22d0ca Tests: Add shrink action to known actions
Original commit: elastic/x-pack-elasticsearch@a3f583c11b
2016-05-31 11:46:07 +02:00
Boaz Leskes fc5edc242d add assertBusy to testEmptyGetLicense as trial license is added async
Original commit: elastic/x-pack-elasticsearch@8dea3c54f9
2016-05-31 09:49:17 +02:00
jaymode 2a7e2a6cd6 security: add a built in kibana_user role
This commit adds a `kibana_user` role that can be used to grant the minimum
set of privileges necessary to access kibana.

Closes elastic/elasticsearch#2166

Original commit: elastic/x-pack-elasticsearch@00e129e342
2016-05-27 07:18:14 -04:00
Alexander Reelsen 28f89314cb Watcher: Fix certain chained input usages not written to history
If a chained input was used, and inside of this a search input was
used, that hat dots in its field names somewhere (like when sorting
or using a compare condition), then storing this in the history failed.

The reason for this was the broken watch history template, that did not take
nested requests bodies into account and thus tried to create an index mapping
for requests that were inside of a chained input.

This commit fixes the watch history index template.

Closes elastic/elasticsearch#2338

Original commit: elastic/x-pack-elasticsearch@d9f48234d3
2016-05-27 10:19:52 +02:00
Boaz Leskes 16d7f0c999 Introduce dedicated master nodes in testing infrastructure (elastic/elasticsearch#2314)
This is a companion commit to elastic/elasticsearchelastic/elasticsearch#18514, fixing issues introduced by adding dedicated master nodes to the test infra

Original commit: elastic/x-pack-elasticsearch@8c0571f2de
2016-05-27 08:45:54 +02:00
Robert Muir 21b2494c5b ScriptException -> GeneralScriptException (https://github.com/elastic/elasticsearch/pull/18600)
Original commit: elastic/x-pack-elasticsearch@0536fe9222
2016-05-26 17:51:46 -04:00
jaymode ab3438cbc4 test: IndexAuditTrailTests use the proper timestamp to resolve the index name
This changes the IndexAuditTrailTests to use the actual timestamp of the message being indexed to determine
the index name. Some build failures occurred due to running right at the change of an hour and the rollover was
set to hourly. So the message was indexed in one index and the test expected a different index.

Original commit: elastic/x-pack-elasticsearch@9dd5012a73
2016-05-26 09:47:59 -04:00
Alexander Reelsen 13f9c931b6 Release: Fix smoke test script to cope with latest changes in master
Original commit: elastic/x-pack-elasticsearch@0966d8b05f
2016-05-26 12:32:16 +02:00
Alexander Reelsen 72c3dbd3bc Watcher: Allow more tags for HTML sanitizer in tables (elastic/elasticsearch#2350)
This allows the colspan/rowspan attr on td/tr as well as
border/cellpadding attrs on table elements.

Original commit: elastic/x-pack-elasticsearch@e0b989f0ac
2016-05-26 11:10:31 +02:00
jaymode cc66740683 add back randomization of global/per realm SSL configuration
Original commit: elastic/x-pack-elasticsearch@8dedc9ad45
2016-05-25 13:47:07 -04:00
jaymode c248d7b5da security: remove auto ssl and disable transport ssl by default
This commit removes the code to auto generate a ssl certificate on startup and disables ssl
on the transport layer by default.

Original commit: elastic/x-pack-elasticsearch@1dc9b17842
2016-05-25 12:03:28 -04:00
Tanguy Leroux eec4ed90d2 Fix unclosed objects & arrays
Original commit: elastic/x-pack-elasticsearch@d4b317a9c6
2016-05-25 16:46:38 +02:00
Martijn van Groningen 47d83d37d8 test: remove percolator asserts
Original commit: elastic/x-pack-elasticsearch@52469798e2
2016-05-25 16:07:27 +02:00
Tanguy Leroux b25c401b3c Add integration test for Delete-By-Query and Security
Closes elastic/elasticsearch#2287

Original commit: elastic/x-pack-elasticsearch@4bbb2a6f73
2016-05-25 09:39:23 +02:00
Martijn van Groningen f44a3c4ced test: fixed compile issue
Original commit: elastic/x-pack-elasticsearch@233883531f
2016-05-24 21:47:14 +02:00
Areek Zillur 7d232e4133 Merge pull request elastic/elasticsearch#2259 from areek/fix/2231
Fix license expiry log message

Original commit: elastic/x-pack-elasticsearch@280ba28095
2016-05-24 13:21:25 -04:00
Areek Zillur c14f40ff73 Merge branch 'master' into fix/x_pack_prefix_license
Original commit: elastic/x-pack-elasticsearch@4f8abd3021
2016-05-24 12:12:37 -04:00
Areek Zillur 3794c3260a update smoke test to point to renamed license endpoint
Original commit: elastic/x-pack-elasticsearch@4a8fb3c86e
2016-05-24 11:37:11 -04:00
Areek Zillur 352cd80c2c Add _xpack prefix to license endpoints
Original commit: elastic/x-pack-elasticsearch@7af3ea2450
2016-05-24 11:15:25 -04:00
Martijn van Groningen 8e25536a0b test: removed checking for percolator actions
This api now just redirects to search api. All the special percolator logic has been replaced by a query that uses the Lucene index. (no caching of queries upon loading shards)
So verifying these deprecated actions is no longer needed

Original commit: elastic/x-pack-elasticsearch@da6d66fcb4
2016-05-24 14:30:53 +02:00
Martijn van Groningen 0fd936610a test: removed percolator api tests
This api now just redirects to search api. All the special percolator logic has been replaced by a query that uses the Lucene index. (no caching of queries upon loading shards)
So these special tests are no longer needed

Original commit: elastic/x-pack-elasticsearch@335d6554fb
2016-05-24 13:31:05 +02:00
uboness 9b11ae85d2 Fixed test
Original commit: elastic/x-pack-elasticsearch@9fe6158aa4
2016-05-24 01:23:08 +02:00
Ryan Ernst 045b255a05 Remove unnecessary use of return value for assertBusy
Original commit: elastic/x-pack-elasticsearch@79fd5fc5e6
2016-05-23 16:17:12 -07:00
jaymode 8e1a9603e3 security: add .reporting-* and s/.kibana/.kibana* access for the KibanaRole
This commit adds access to the reporting indices for the role that the Kibana server role has
access to. This needed so that the server can use the async queue. Additionally the kibana
server should have access to .kibana*

Closes elastic/elasticsearch#2323

Original commit: elastic/x-pack-elasticsearch@e930e9d872
2016-05-23 19:02:59 -04:00
Adrien Grand 6860944f07 Use Java's Base64 instead of elasticsearch's. elastic/elasticsearch#2282
Original commit: elastic/x-pack-elasticsearch@c2e748d732
2016-05-23 11:25:31 +02:00
Luca Cavanna a0f826c8ed fix xpack.usage api name and add a basic REST test for it (elastic/elasticsearch#2308)
There were two api with same name, depending on the platform one or the other was being loaded first, hence the xpack info tests may fail due to unsupported params being used.

Original commit: elastic/x-pack-elasticsearch@bd44eef3cc
2016-05-23 10:01:03 +02:00
uboness 80db81e320 Fix test
Closes elastic/elasticsearch#2313

Original commit: elastic/x-pack-elasticsearch@3729849cbe
2016-05-23 00:35:57 +02:00
uboness 12102f433d Separated the `elastic` user from the internal xpack user
Also,

- changed the anonymous username to `_anonymous` (used to be `__es_anonymous_user` which I found needlessly, overly, redundantly and not to mention unnecessarily complex 🤷)
- changed the system username and role name to `_system` (used to be `__es_system_user` and `__es_system_role`... it introduced gratuitous and totally un-called for naming complexity 🤦)

Closes elastic/elasticsearch#2079

Original commit: elastic/x-pack-elasticsearch@63b6de2bba
2016-05-22 23:42:19 +02:00
Boaz Leskes 1f6b401b9d awaitFix on OpenLdapTests.testUsageStats
Original commit: elastic/x-pack-elasticsearch@e077dc4449
2016-05-22 15:57:12 +02:00
Ryan Ernst b5dc201f5a Add thirdparty excludes for javax.activation classes
Original commit: elastic/x-pack-elasticsearch@d60891f56f
2016-05-21 22:42:15 -07:00
Ryan Ernst 7838304324 Add comment about added security permission
Original commit: elastic/x-pack-elasticsearch@0ef9337378
2016-05-21 15:19:12 -07:00
Ryan Ernst 09f6138b77 Merge branch 'master' into java9
Original commit: elastic/x-pack-elasticsearch@8a5736fcd5
2016-05-21 14:36:25 -07:00
Ryan Ernst f5bbe1858c Make java 9 work
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#18496
Most of the changes here are related to javax.activation.

Original commit: elastic/x-pack-elasticsearch@2a47f94ab5
2016-05-21 14:28:52 -07:00
Lee Hinman 5d93b51472 Fix compilation for ScriptMode removal
See: https://github.com/elastic/elasticsearch/pull/18502

Original commit: elastic/x-pack-elasticsearch@b0422d13df
2016-05-20 15:23:11 -06:00
uboness 27db7c40b1 addressed review comments
Original commit: elastic/x-pack-elasticsearch@01552f5e82
2016-05-20 13:11:41 +01:00
uboness 084179f457 Added security realm feature usage stats
- if active, `file` realm size
- if active, `native` realm size
- if active, `ldap` realm size, whether SSL is used, load balance type used, user search used
- if active, `active_directory` realm size, whether SSL is used, load balance type used

 `size` is scale estimation based on the local cache. Scales are: `small` (under 10 users), `medium` (under 50 users), `large` (under 250 users) and `x-large` (above 250 users).

Original commit: elastic/x-pack-elasticsearch@c6efb17aa4
2016-05-20 13:11:41 +01:00
uboness 9dbbfd09f8 Introducing infrastructure for feature usage API
- Each `XPackFeatureSet` can now return a `Usage` object that encapsulates the feature usage stats of the set
- A new `/_xpack/usage` REST API is introduced to access the usage stats of all features
- Intentionally not explicitly exposing the API in the `XPackClient` as this API is primarily meant for use by Kibana X-Pack (that said, it is still possible to call this API from the transport client using the `XPathUsageRequestBuilder`)
- For now the usage stats that are returned are minimal, once this infrastructure is in, we'll start adding more stats

Relates to elastic/elasticsearch#2210

Original commit: elastic/x-pack-elasticsearch@d651fe4b01
2016-05-20 13:11:41 +01:00
jaymode d552574016 test: set logger level differently after removal of support for es.* system properties
Original commit: elastic/x-pack-elasticsearch@fcaa9bbcff
2016-05-20 08:11:26 -04:00
jaymode 71b78579a1 test: ensure address is resolvable in CertUtilsTests#testSubjectAlternativeNames
We check for an expected length but this is only valid if the address can be resolved and on some systems
127.0.0.1 may not map to a name.

Original commit: elastic/x-pack-elasticsearch@2f7c8da242
2016-05-20 08:10:55 -04:00
Areek Zillur 26a07766f0 fix license notification test bug
Original commit: elastic/x-pack-elasticsearch@ec1257d3e1
2016-05-19 18:20:01 -04:00
Areek Zillur a2a267d68d Merge branch 'master' into fix/remove-license
Original commit: elastic/x-pack-elasticsearch@d5c6e64ced
2016-05-19 17:19:50 -04:00
Areek Zillur a2993810f9 Fix rest test to adapt to license removal behaviour
Now we explicitly install a license in rest test cluster

Original commit: elastic/x-pack-elasticsearch@59cc837d0f
2016-05-19 17:15:04 -04:00
Jason Tedor ded4c2278c Remove settings and system properties entanglement
This commit removals the usage of system properties as settings from the
command scripts and the commands themselves.

Relates elastic/elasticsearch#2206

Original commit: elastic/x-pack-elasticsearch@b0a3b895b1
2016-05-19 14:09:49 -04:00
Tanguy Leroux 5161b540a9 Move unneeded log info messages to debug
closes  elastic/elasticsearch#2228, elastic/elasticsearch#2227

Original commit: elastic/x-pack-elasticsearch@558751c424
2016-05-19 17:28:20 +02:00
Ali Beyad d6179855bd Renamed AggregatorBuilder to AggregationBuilder, applying the changes to
x-plugins.

Closes elastic/elasticsearch#2263
Relates elastic/elasticsearch#18377

Original commit: elastic/x-pack-elasticsearch@6d1a698669
2016-05-19 09:28:53 -04:00
Chris Earle 87c085d857 Better approach to skipping license check for subprojects
Original commit: elastic/x-pack-elasticsearch@8624ab08cc
2016-05-19 02:41:03 -04:00
Chris Earle 93ca4db1ce Remove duped plugin application from Gradle script.
Original commit: elastic/x-pack-elasticsearch@6745b39c82
2016-05-19 02:20:55 -04:00
Chris Earle c94a326f1d Split monitoring smoke tests into separate smoke tests
There is a race condition between the smoke tests that get run because of the teardown conditions of
REST tests. By splitting them, we can avoid the unrealistic scenario/race condition.

Original commit: elastic/x-pack-elasticsearch@f95ae0e595
2016-05-19 02:08:33 -04:00
Areek Zillur 703dfda921 Merge branch 'master' into fix/remove-license
Original commit: elastic/x-pack-elasticsearch@1e84c8431d
2016-05-18 16:16:53 -04:00
Chris Earle ecf4c30979 Rename /_x-pack/monitoring/* to /_xpack/monitoring/*
This PR just drops the - in the existing REST API name by changing the base MonitoringRestHandler to extend
XPackRestHandler instead of BaseRestHandler directly, and using its URI_BASE.

Original commit: elastic/x-pack-elasticsearch@1bed2dba31
2016-05-18 13:26:00 -04:00
Jason Tedor 5bf3b7054c Fix compilation from FsInfo#<init> change in core
This commit fixes some test compilation issues due to upstream changes
in core that added I/O statistics on Linux.

Original commit: elastic/x-pack-elasticsearch@a0877aa0aa
2016-05-17 20:51:54 -04:00
Areek Zillur a134ec613d Merge pull request elastic/elasticsearch#2258 from areek/fix/2230
Fix license log message levels

Original commit: elastic/x-pack-elasticsearch@c1fe244dd8
2016-05-17 15:09:05 -04:00
Jonathan Budzenski 294a939d9d Merge pull request elastic/elasticsearch#2264 from jbudz/ui-kibana-mappings
monitoring: add kibana mappings

Original commit: elastic/x-pack-elasticsearch@c105aca8b8
2016-05-17 13:15:31 -05:00
Tanguy Leroux a8ed2fa69c Monitoring: Update REST/test namespace
Related to elastic/elasticsearch#1702

Original commit: elastic/x-pack-elasticsearch@6000fd4010
2016-05-17 09:35:25 +02:00
Chris Earle 18919115c1 Updating test to try to get it to actually run Monitoring. This should not have any effect, but the test passes locally 100% of the time and fails remotely 100% of the time...
Original commit: elastic/x-pack-elasticsearch@c3b16b8238
2016-05-16 18:41:26 -04:00
Jonathan Budzenski b469eef1a2 monitoring ui: change mappings double -> float
Original commit: elastic/x-pack-elasticsearch@6c7c166aec
2016-05-16 16:55:01 -05:00
Jonathan Budzenski 92a58c7c07 monitoring ui: update mappings, align agent version with elasticsearch version
Original commit: elastic/x-pack-elasticsearch@1a9a4fc96e
2016-05-16 15:30:56 -05:00
Jonathan Budzenski bf229d0090 monitoring ui: update mappings
Original commit: elastic/x-pack-elasticsearch@ae5703f10a
2016-05-16 15:21:58 -05:00
Areek Zillur 3ffe341f48 Fix license expiry log message
- change license expiration message from error to warn
 - start logging expiry message from 25 days instead of 30

closes elastic/elasticsearch#2231

Original commit: elastic/x-pack-elasticsearch@6c88066c1f
2016-05-15 21:00:11 -04:00
Areek Zillur 81e14c5617 Fix license log message levels
Now we log license expiry, invalid and grace message as warn and log license valid message as debug

closes elastic/elasticsearch#2230

Original commit: elastic/x-pack-elasticsearch@569c169136
2016-05-15 20:45:10 -04:00
Chris Earle 946cbfb997 Remove default index code from _x-pack/monitoring/_bulk
With the API no longer accepting {index}, we no longer need the code that supported it.

Original commit: elastic/x-pack-elasticsearch@5d0ae37caa
2016-05-14 15:10:04 -04:00
Chris Earle 73ba90b863 Disallow {index} being specified at the top level of _xpack/monitoring/_bulk
The general use case is to provide only the {type} to the bulk and even that may not be specified. However,
by setting it up as

/_x-pack/monitoring/{type}/_bulk
/_x-pack/monitoring/{index}/{type}/_bulk

it fails to properly recognize the {type} parameter because the PathTrie that gets generated sees two wildcards
at the same location and the last one specified wins -- {index}. As a result, it's impossible to only set the
{type} without making the PathTrie logic convoluted for a niche use case (a list to try instead of a single path).

his fixes the issue by removing the completely unused option: you can no longer specify {index} outside of
individual bulk indexing operations. If we see a need to bring it back, then we can add it as an API param, but
that is an unusual place for the index field and I do not expect it to be needed that frequently.

Original commit: elastic/x-pack-elasticsearch@40d0d05404
2016-05-13 18:12:04 -04:00
Robert Muir 91426062c1 update mock script engines to take name parameter
Original commit: elastic/x-pack-elasticsearch@c6c48eca39
2016-05-13 15:42:23 -04:00
Lee Hinman 2f43179dda Fix compilation for only one script language extension
Relates to https://github.com/elastic/elasticsearch/pull/18332

Original commit: elastic/x-pack-elasticsearch@32f0bd6c4f
2016-05-13 10:29:35 -06:00
Lee Hinman 91f2e94ac7 Fix scripting engines for singular type
Original commit: elastic/x-pack-elasticsearch@ed014cefc3
2016-05-13 09:29:37 -06:00
Lee Hinman fd6cf7d3d3 Register engines with a default of `ScriptMode.ON`
Original commit: elastic/x-pack-elasticsearch@d367b4028e
2016-05-13 09:29:37 -06:00
Lee Hinman 6e70856cf5 Fix Watcher tests for 'sandbox' option removal
Relates to https://github.com/elastic/elasticsearch/pull/18226

Original commit: elastic/x-pack-elasticsearch@b30d623dfb
2016-05-13 09:29:37 -06:00
Daniel Mitterdorfer a37cc72329 Exclude specific transport actions from request size limit check
Relates elastic/elasticsearchelastic/elasticsearch#17951

Original commit: elastic/x-pack-elasticsearch@07d2165643
2016-05-13 14:26:14 +02:00
Areek Zillur 01b3fc8768 Differentiate between null license and license tombstone in cluster state
Currently, license notification scheme treats no license (before trial license is auto-generated)
and a license tombstone in the cluster state in the same way. This caused a bug where licencees
were not notified of explicit license removal. Now, the notification scheme explicitly handles
license tombstone to notify the licensees and handles the case for no license in cluster state
as before.

Original commit: elastic/x-pack-elasticsearch@c90ec23398
2016-05-12 15:24:36 -04:00
uboness 06a0a9cbb5 [fix] Removing license did not update the Licensees
- Introduced a `MISSING` operation mode
- now when the license is removed (and a tombstone license is placed), the licensees get notified with a `MISSING` license status
- the monitoring, security and watcher licensees were updated

Original commit: elastic/x-pack-elasticsearch@650d940666
2016-05-12 15:24:36 -04:00
Tanguy Leroux 233c64e942 Monitoring: Fix cleaner tests
Some changes in elastic/x-pack@d13557c517 change the testIgnoreTimestampedIndicesInOtherVersions method and it now sometime fails.
 This commit revert the previous behavior of the test and ensures that at least 1 index is cleaned up/deleted in each test.

Original commit: elastic/x-pack-elasticsearch@3c6acb4ff8
2016-05-12 12:19:10 +02:00
Robert Muir 3a2cfabc4d use painless syntax improvements in watcher tests and docs
Original commit: elastic/x-pack-elasticsearch@27ef31efac
2016-05-11 21:24:43 -04:00
Chris Earle 5c9d18fc34 Adding {index} option for _xpack/monitoring/_bulk
This adds it so that a system can specify "_data" as the index to index into the
data index (without having to know its name). _Not_ supplying an index will use
the timestamped index. Any other index name (including wrong case) is invalid.

Original commit: elastic/x-pack-elasticsearch@6eeadfb3c8
2016-05-11 15:05:06 -04:00
Jason Tedor 6a3aef32d6 Switch scripts to use bash
This commit switches the command-line scripts to use bash instead of sh
so that we can take advantage of features that bash provides like
arrays.

Relates elastic/elasticsearch#2214

Original commit: elastic/x-pack-elasticsearch@826c10ef04
2016-05-10 15:07:04 -04:00
Yannick Welsch ee406e9c3f Use immutable ShardRouting
Relates to elastic/elasticsearchelastic/elasticsearch#17821

Original commit: elastic/x-pack-elasticsearch@92a9581327
2016-05-10 19:07:53 +02:00
markharwood e7b70794b6 Prefix Graph REST endpoint with _xpack. Partial fix for issue 1760
Original commit: elastic/x-pack-elasticsearch@53ceb1c20d
2016-05-10 13:45:07 +01:00
Adrien Grand 7a6025784d Use Versions.MATCH_ANY rather than NOT_SET now that NOT_SET is gone.
Original commit: elastic/x-pack-elasticsearch@14694aea60
2016-05-10 08:23:32 +02:00
Daniel Mitterdorfer 828b1902c5 Merge remote-tracking branch 'danielmitterdorfer/free-request-bytes'
Original commit: elastic/x-pack-elasticsearch@91867432c2
2016-05-09 16:01:21 +02:00
Tanguy Leroux 8f097d24e4 Mute XPackRestIT.test {p0=bulk/10_basic/Bulk indexing of monitoring data}
Original commit: elastic/x-pack-elasticsearch@e3a889222e
2016-05-09 13:27:54 +02:00
Daniel Mitterdorfer c5aa644048 Free bytes reserved on request breaker
With this commit we free all bytes reserved on the request circuit breaker.

Relates elastic/elasticsearchelastic/elasticsearch#18144

Original commit: elastic/x-pack-elasticsearch@3986436b8c
2016-05-09 11:22:42 +02:00
Chris Earle 68728e6bee Use Strict version check for VersionCompatibilityTests
This changes the loose usage of onOrBefore to equals so that when we add beta1, this test fails
again.

Original commit: elastic/x-pack-elasticsearch@fe4f2cbdf0
2016-05-06 15:08:40 -04:00
Chris Earle fd62b2308e Updating with ES-side abstract method addition
Original commit: elastic/x-pack-elasticsearch@0d075b433b
2016-05-06 12:26:10 -04:00
Chris Earle 080000a595 Updating with array changed to list.
Original commit: elastic/x-pack-elasticsearch@552227458f
2016-05-06 12:26:10 -04:00
Chris Earle ec0a4646ea Add Failure Details to every NodesResponse (x-plugins side)
Original commit: elastic/x-pack-elasticsearch@9ffb88caaf
2016-05-06 12:26:10 -04:00
Jason Tedor 35121bc206 Add handshake to list of known handlers for tests
This commit adds internal:transport/handshake to the list of known
handlers for tests.

Closes elastic/elasticsearch#2183

Original commit: elastic/x-pack-elasticsearch@c4b415367b
2016-05-06 09:17:44 -04:00
Tanguy Leroux 330e427f40 Monitoring: Add Points stats to node and index segments stats
Original commit: elastic/x-pack-elasticsearch@7df2538068
2016-05-06 10:10:25 +02:00
Adrien Grand 5db861d14b Remove generics from QueryBuilder.
Related to elastic/elasticsearchelastic/elasticsearch#18133.

Original commit: elastic/x-pack-elasticsearch@bd8ca4f061
2016-05-06 09:06:30 +02:00
Adrien Grand 22c4fb9a32 Make compilation pass.
Note: tests are still failing.

Original commit: elastic/x-pack-elasticsearch@827d129876
2016-05-06 09:05:45 +02:00
Areek Zillur bd04cc9d1f Extend tribe integ test infra to test on master and client nodes
Original commit: elastic/x-pack-elasticsearch@5826fb4161
2016-05-05 15:28:04 -04:00
Areek Zillur 3f0acdd70e refactor tribe integ tests to test monitoring transport actions
Original commit: elastic/x-pack-elasticsearch@4c8735d4a8
2016-05-05 15:28:04 -04:00
Areek Zillur f808b251b5 Disable monitoring transport and rest actions on tribe node
Original commit: elastic/x-pack-elasticsearch@a9d97b4f64
2016-05-05 15:27:45 -04:00
Areek Zillur d9e9f7dfd0 Disable licensing services and management APIs for tribe node
closes elastic/elasticsearch#1426

Original commit: elastic/x-pack-elasticsearch@d8a312b1b5
2016-05-05 15:10:05 -04:00
Alexander Reelsen 2cd7c74bc7 Security: Replace `_shield/` urls with `_xpack/security` (elastic/elasticsearch#2174)
This changes the security endpoints to _xpack/security, fixes the rest api spec to also use
the xpack.security prefix and adds documentation and tests.

Original commit: elastic/x-pack-elasticsearch@7977575f0e
2016-05-04 21:42:11 +02:00
Jason Tedor ed26294916 Fix HttpExporterTemplateTests from string split
This commit fixes an issue in HttpExporterTemplateTests caused by the
migration from Strings#splitStringToArray to String#split. Namely, the
previous would split a string like "/x/y/z/" into { "x", "y", "z" } but
the former will split this into { "", "x", "y", "z" }. This commit
modifies the test logic to respond to this change.

Original commit: elastic/x-pack-elasticsearch@c567b17180
2016-05-04 11:29:50 -04:00
Jason Tedor 5b12eef2d3 Fix ObjectPath#evalContext edge cases
This commit fixes an issue that was introduced in ObjectPath#evalContext
when refactoring from Strings#splitStringToArray to
String#split. Namely, the former would return an empty array when
receiving a null or empty string as input but the latter will NPE on a
null string and return an array containing the empty string on an empty
string input.

Original commit: elastic/x-pack-elasticsearch@2f509f9fa0
2016-05-04 11:21:58 -04:00
Christoph Büscher 357f0178e9 Adapt to changes in QueryShardContext
Original commit: elastic/x-pack-elasticsearch@36b97cac75
2016-05-04 16:42:52 +02:00
Jason Tedor 4a1591f2a8 Remove Strings#splitStringToArray
This commit replaces the uses of Strings#splitStringToArray in favor of
String#split as this method has been removed from core.

Relates elastic/elasticsearch#2175

Original commit: elastic/x-pack-elasticsearch@97ec094fa0
2016-05-04 10:39:05 -04:00
Alexander Reelsen a243647ea1 Watcher: Move urls from _watcher to _xpack/watcher
This moves the watcher base URL to _xpack/watcher. This includes
code, tests, rest-api-spec and the documentation.

Relates elastic/elasticsearch#1760

Original commit: elastic/x-pack-elasticsearch@0a44aec022
2016-05-04 09:39:47 +02:00
Alexander Reelsen 1aedda3627 X-Pack: Create notification module
In order to move things from watcher to x-pack this created a notification module in x-pack.
This also means that the HTTPClient was moved up and settings have changed from
`xpack.watcher.http` to just `xpack.http`.

Further things done:

* Move http under o.e.xpack.common
* Moved secret service to o.e.xpack.common, initializing in XpackPlugin
* Moved text template to o.e.xpack.common.text
* Moved http client initialization into xpack plugin
* Renamed xpack.watcher.encrypt_sensitive_data setting, moved into Watch class
* Moved script service proxy to common

Original commit: elastic/x-pack-elasticsearch@41eb6e6946
2016-05-04 08:53:29 +02:00
Daniel Mitterdorfer 7eebacc884 Disable HTTP compression by default when HTTPS is enabled.
With elastic/elasticsearchelastic/elasticsearch#7309 we enable HTTP compression by
default. However, this can pose a security risk for HTTPS
traffic (e.g. BREACH attack). Hence, we disable HTTP compression
by default again if HTTPS enabled (note that this still allows the
user to explicitly enable HTTP compression if they want to).

Relates elastic/elaticsearchelastic/elasticsearch#7309

Original commit: elastic/x-pack-elasticsearch@8da100c9a5
2016-05-03 08:54:57 +02:00
Alexander Reelsen 23ebbed95a Watcher: Expose HTTP response headers in payload
This exposes the headers (all lower-cased) in the payload, so
that the can be accessed in the conditions.

Closes elastic/elasticsearch#1560

Original commit: elastic/x-pack-elasticsearch@c9b08558fe
2016-05-02 15:06:38 +02:00
Alexander Reelsen 74edbe6332 Watcher: Refactoring, move to org.elasticsearch.xpack
This refactors the org.elasticsearch.watcher over to
org.elasticsearch.xpack.watcher

This also adds all watcher actions to the KnownActionsTests,
as watcher actions had not been taken care of until here.

Original commit: elastic/x-pack-elasticsearch@a046dc7c6a
2016-05-02 10:58:34 +02:00
jaymode 773876caee security: ssl by default on the transport layer
This commit adds the necessary changes to make SSL work on the transport layer by default. A large
portion of the SSL configuration/settings was re-worked with this change. Some notable highlights
include support for PEM cert/keys, reloadable SSL configuration, separate HTTP ssl configuration, and
separate LDAP configuration.

The following is a list of specific items addressed:

* `SSLSettings` renamed to `SSLConfiguration`
* `KeyConfig` and `TrustConfig` abstractions created. These hide the details of how `KeyManager[]` and `TrustManager[]` are loaded. These are also responsible for settings validation (ie keystore password is not null)
* Configuration fallback is changed. Previously any setting would fallback to the "global" value (`xpack.security.ssl.*`). Now a keystore path, key path, ca paths, or truststore path must be specified otherwise the configuration for that key/trust will fallback to the global configuration. In other words if you want to change part of a keystore or truststore in a profile you need to supply all the information. This could be considered breaking if a user relied on the old fallback
* JDK trusted certificates (`cacerts`) are trusted by default (breaking change). This can be disabled via a setting.
* We now monitor the SSL files for changes and enable dynamic reloading of the configuration. This will make it easier for users when they are getting set up with certificates so they do not need to restart every time. This can be disabled via a setting
* LDAP realms can now have their own SSL configurations
* HTTP can now have its own SSL configuration
* SSL is enabled by default on the transport layer only. Hostname verification is enabled as well. On startup if no global SSL settings are present and SSL is configured to be used, we auto generate one based on the default CA that is shipped. This process includes a best effort attempt to generate the subject alternative names.
* `xpack.security.ssl.hostname_verification` is deprecated in favor of `xpack.security.ssl.hostname_verification.enabled`
* added Bouncy Castle info to NOTICE
* consolidated NOTICE and LICENSE files

Closes elastic/elasticsearch#14
Closes elastic/elasticsearch#34
Closes elastic/elasticsearch#1483
Closes elastic/elasticsearch#1933
Addresses security portion of elastic/elasticsearch#673

Original commit: elastic/x-pack-elasticsearch@7c359db90b
2016-04-29 12:50:07 -04:00
markharwood 29b996ea1d Test fix - graph test occasionally failed to fail on all shards due to random nature of indexing. Tightened test class logic to deal with partial failures.
Original commit: elastic/x-pack-elasticsearch@b2dcdd7600
2016-04-29 14:45:15 +01:00
jaymode de48b2426b change how audit user is compared, do not setDaemon, test cleanup
This commit makes a few modifications to the IndexAuditTrail class:

* Use `InternalAuditUser#is` to determine if the principal is the auditor when we have a user
and simply compare `InternalAuditUser#NAME` when only a string principal is available
* Remove the `Thread#setDaemon` call in the QueueConsumer as this thread should be terminated
as part of the shutdown of the node

In terms of tests, there are some issues and changes to how we test certain aspects. The muted tests
were not accurate since the tests immediately checked for the existence of an index and did not poll or
wait and this operation is asynchronous so the index could be created after the exists request was
executed. These tests were removed and a new class was added to test the muted behavior. In these
tests we override the audit trails implementation of a queue, which will set a flag to indicate a message
has been added to the queue. This is a synchronous operation so it can be checked immediately.

The other tests in the IndexAuditTrail tests remain but a few changes have been made to the execution.

* ensureYellow is called for the index we expect to be created before searching for documents
* the remote cluster is only setup at the beginning of the suite rather than before every test to ensure
quicker execution
* the maximum number of shards has been reduced to three since we do not really need up to 10 shards
for a single document

Original commit: elastic/x-pack-elasticsearch@501b6ce9da
2016-04-29 09:08:10 -04:00
Alexander Reelsen 27f0a68a28 X-Pack Notification: Settings refactoring, removed 'service'
The service part is now obsolete with moving to `xpack.notification`.

Original commit: elastic/x-pack-elasticsearch@a7907f24a5
2016-04-29 09:02:36 +02:00
Ryan Ernst 4be1266616 Fix xpack rest test with new xpack info output (timestamp instead of date)
Original commit: elastic/x-pack-elasticsearch@ccb89481cf
2016-04-28 11:46:31 -07:00
Ryan Ernst 09a0276a56 Merge pull request elastic/elasticsearch#2123 from rjernst/build_info
Build: use jar metadata instead of expecting a properties file for xpack build info

Original commit: elastic/x-pack-elasticsearch@a7238cf527
2016-04-28 08:58:52 -07:00
jaymode c39b3ba2fc security: add the proper behavior for the standard license
This change adds the proper behavior for the standard license which is:

* authentication is enabled but only the reserved, native and file realms are available
* authorization is enabled

Features that are disabled:

* auditing
* ip filtering
* custom realms
* LDAP, Active Directory, PKI realms

See elastic/elasticsearch#1263

Original commit: elastic/x-pack-elasticsearch@920c045bf1
2016-04-28 09:33:57 -04:00
markharwood 077599b63f X-plugin tests - added testing for Standard licence in graph plugin. See https://github.com/elastic/x-plugins/issues/1263
Original commit: elastic/x-pack-elasticsearch@6773ead0fc
2016-04-28 13:51:43 +01:00
jaymode 91943318bf security: cleanup authentication service
This commit removes duplicated code in the authentication service by combining
the authentication logic for rest and transport requests. As part of this we no longer
cache the authentication token since we put the user in the context and serialize the
user.

Additionally we now pass the thread context to the AuthenticationFailureHandler to
restore access to the headers and context.

Original commit: elastic/x-pack-elasticsearch@79e2375a13
2016-04-28 07:59:16 -04:00
jaymode 4f7dad8da2 security: handle null values for full name and email
This commit adds logic so that we properly handle null tokens for full name and
email.

Closes elastic/elasticsearch#1887

Original commit: elastic/x-pack-elasticsearch@e03188c29f
2016-04-28 07:41:27 -04:00
Alexander Reelsen 917101f7a3 Smoke Testing: Add smoke tester for licensing
In order to prevent shipping of RCs with the wrong license, this
smoke tester downloads the internal RC, installs x-pack and puts
a license in there.

if putting is successful, we can be sure, we got the right license.

Closes elastic/elasticsearch#2087

Original commit: elastic/x-pack-elasticsearch@021d228e29
2016-04-28 08:47:31 +02:00
Ryan Ernst 4d1f4a244a Build: use jar metadata instead of expecting a properties file for xpack
build info

There are many other things that should be cleaned up around this (eg
XpackInfoResponse.BuildInfo should not exist, it is the exact same as
what XPackBuild has), but this change gets the build info output working
again.

closes elastic/elasticsearch#2116

Original commit: elastic/x-pack-elasticsearch@0730daf031
2016-04-27 13:33:42 -07:00