SecurityTransportModule handled binding two things in guice. First, IPFilter,
for which createComponents already had the necessary dependencies. The
second was ClientTransportFilter. For transport clients, this was a
noop and could be removed. For nodes, this just attaches the system
user, which could be done directly from SecurityServerTransportService.
Original commit: elastic/x-pack-elasticsearch@da327de476
In some cases, the random ascii value could match a forbidden name, which will cause this
test to fail as it expects valid names. This changes ensures the names are valid.
Original commit: elastic/x-pack-elasticsearch@c79f8fc4cc
This commit marks WatcherUtilsTests#testDeserializeSearchRequest which
is failing with seed 2203D3AD59DB5223 as awaits fix.
Original commit: elastic/x-pack-elasticsearch@4b6cbe544b
This commit marks SearchTransformTests#testParser which is failing with
seed 97BC9E2543410D55 as awaits fix.
Original commit: elastic/x-pack-elasticsearch@3d69e9648c
This commit marks WatcherUtilsTests#testSerializeSearchRequest which is
failing with seed 97BC9E2543410D55 as awaits fix.
Original commit: elastic/x-pack-elasticsearch@45a174c1f2
With the latest clean ups and changes in Watcher, the default search template lang has been switched to WatcherScript.DEFAULT_LANG which points to "groovy" but it should be "mustache" instead.
Original commit: elastic/x-pack-elasticsearch@1d9ef1963e
This adds a "condition" to every action (via the ActionWrapper) that prevents execution of the action if the condition fails. An action-level condition is only useful when there is more than one action, but nothing checks to ensure that it's only used in that scenario.
Original commit: elastic/x-pack-elasticsearch@704cfb1a86
Instead watcher search template should be agnostic of SearchSourceBuilder and just work with BytesReference, so that serializing to a string before templating isn't needed.
Original commit: elastic/x-pack-elasticsearch@36d21ec819
This roughly matches what was done in 2.x for the license tools (except
without any dependency exclusions).
Original commit: elastic/x-pack-elasticsearch@4e1f07b5fa
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#20000, using the new
SearchRequestParsers.
Original commit: elastic/x-pack-elasticsearch@d7cee93a8f
This adds an empty _ingest/pipeline named after the _current_ version of the Monitoring API (currently 2) from both exporters.
This allows us to eventually change the API version (to 3, 4, etc.) and go _back_ and modify the pipeline that exists. The modified pipeline would then "fix" the documents as best as possible and rename the index. As a result, different versions (starting with 5.0) will be able to report to the same monitoring cluster regardless of the running API version.
Note: This has no impact on stale data (e.g., the day before the upgrade) _and_ it implies that the monitoring cluster should always be updated first. A simple reindexing script can be supplied for old data, which can be done at the discretion of the user.
Original commit: elastic/x-pack-elasticsearch@45df5ee87b
The SSLConfigurationReloaderTests rarely failed during some local runs. This turned out to be due to
signaling that the reload happened before we actually reloaded. This led to a race condition where we
attempted to validate the config was reloaded properly and actually reloading. This change fixes the
ordering of operations and uses a CountDownLatch instead of a AtomicInteger and awaitBusy.
Original commit: elastic/x-pack-elasticsearch@9615f225d6
The XPackFeatureSet.Usage writeTo method failed to write the name to the
StreamOutput whereas the deserialization code expected it to be the first value
present in the StreamInput. This causes xpack usage requests made to nodes
other than the master to fail.
This change fixes the serialization and adds tests to all of the feature sets to ensure
that the usage is serialized properly.
Closeselastic/elasticsearch#3072
Original commit: elastic/x-pack-elasticsearch@eccab616ca
This change refactors the ssl services into a single class and reduces the number of
public methods that are exposed by the class. As part of this change, ssl configurations
must be loaded during construction of the service otherwise an exception will be thrown
when trying to retrieve the configuration. Additionally, the reloading of key material and
trust material is now handled by the SSLService instead of the SSLConfiguration. The
SSLConfiguration class has been made package private as its usage has been contained
to the ssl package entirely.
See elastic/elasticsearch#2971
Original commit: elastic/x-pack-elasticsearch@46e4535bb1
Currently there are a number of helper methods, all used at various
stages of initializing xpack, for reading "enabled" settings. Almost all
of these read the setting directly rather than use the new settings
infra. This change adds an XPackSettings class to contain these settings
constants, and adds all the enabled settings to it.
Note: While there is an existing MonitoringSettings, I think we do not
have enough settings (especially for all features) to warrant a separate
class per "feature" (eg graph would have nothing). We should decide
if/when this is necessary on a case by case basis, but I think the
enabled settings should all go here in XPackSettings.
Original commit: elastic/x-pack-elasticsearch@086152d5a5
When security is disabled, we currently set the transport and HTTP type
to Netty 4. However, this is unnecessary as these are the default
settings so this commit removes these explicit settings.
Relates elastic/elasticsearch#3065
Original commit: elastic/x-pack-elasticsearch@afa360ceec
This commit reenable some Watcher tests that were muted in elastic/elasticsearch#724. It removes the Groovy dependency for tests that don't really use Groovy features and replace scripts with mocked scripts. It converts a GroovyScriptConditionIT test into a REST test and moves it in the smoke-test-watcher-with-groovy project.
closeselastic/elasticsearch#724
Original commit: elastic/x-pack-elasticsearch@f4c8161946
These mock Netty plugins were needed to assist in setting
sun.nio.ch.bugLevel. Yet, settings this property should no longer be
needed on JDK 8 and the missing privileged block when writing this
property can be fixed upstream.
Relates elastic/elasticsearch#3047
Original commit: elastic/x-pack-elasticsearch@e2aa4f6fb5
This commit updates Jackson to the 2.8.1 version, which is more strict when it comes to build objects.
Original commit: elastic/x-pack-elasticsearch@fb23208e7d
This change removes guice from creating notification componenents. It
also removes the Notification helper class, as it just makes looking at
what stuff xpack adds more obfuscated.
Original commit: elastic/x-pack-elasticsearch@69b8ea4735
When a watch is executed, but the condition is not met, it is not automatically marked as dirty.
This results in a divergence of what is displayed when someone is just getting a watch via the get
watch API (due to using the in memory store) compare to when someone is using the GET API to get the
watch via the .watches index call.
This commit sets the watch status always to dirty after a condition check, thus forcing an update.
Closeselastic/elasticsearch#2699
Original commit: elastic/x-pack-elasticsearch@e6a00260f7
Users are allowed to create query objects with an empty string value as we do
not currently validate the input against a query parser. In this case, we can ignore
the empty value when parsing the role. If we pass an empty BytesReference in
the role then trying to determine the XContentType will fail in the
SecurityIndexSearcherWrapper.
Closeselastic/elasticsearch#2997
Original commit: elastic/x-pack-elasticsearch@fc593943c4
This commit collapes some duplicated setup code in every test in the
Netty 4 security transport tests to a common method.
Original commit: elastic/x-pack-elasticsearch@0a088db78d
* master: (25 commits)
docs: remove unused file and add link to invalid role examples
Remove interfaces for notification services
Redirect to URL specified by next parameter, if it is set
Fix fixture and tests so they pass again
Update error message to be more actionable
Switch to NamedWriteable pull based extension in xpack
Fixing issue with infinite redirect loop
Toggle display of security nav controls more dynamically
Pass in xpackMainPlugin instead of xpackMainPlugin.info
Wrap the return in a Promise
Only unset the cookie if it is currently set
Clarifying intent of code
Updating tests fixtures + adding assertion for client cookie deletion
If security is disabled, do not attempt to call the authenticate ES API
Disambiguate between resolve function names
Revert to not using xpackMainPlugin.info until the xpackMainPlugin is ready
Redirect /login => / if security is disabled in ES
Register/deregister security management items depending on whether there's an auth'd user
Show/hide the username + logout button depending on whether there is an auth'd user
If security is disabled, continue without auth + delete client cookie
...
Original commit: elastic/x-pack-elasticsearch@16b92a1a59
We have 4 types of notification services, and all of them have an
interface with a single implementation class. They also all
unnecessarily are lifecycle componenets, but the only thing start does
is read the settings.
This change converts all 4 notification services to classes, and makes
them regular components instead of lifecycle services.
Original commit: elastic/x-pack-elasticsearch@897115ae65
After this commit, we have "security3" and "security4" as possible
transport and HTTP settings, we default to "security4" if it is not set,
and we randomize the selection in some of the integration tests.
Original commit: elastic/x-pack-elasticsearch@e56718911a
This commit cleans up the Netty handshake waiting handlers. We rename
the Netty 3 implementation to include "Netty3" in the name, the Netty 4
implementation is not needed, and we improve the handling of waiting for
the handshakes to complete when connecting.
Original commit: elastic/x-pack-elasticsearch@f736fdc8f0
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#19764. It converts
the one use of registering custom NamedWriteable readers in xpack for
xpack feature sets to register them up front with the new pull based
registration.
Original commit: elastic/x-pack-elasticsearch@48e2020816
Since elastic/elasticsearch#19621 MockScriptEngine is stricter and expects scripts to be defined before being used in tests. Because watcher makes heavy use of scripts without really need of custom logic, this commit changed the MockMustacheScriptEngine implementation so that it always returns the script's source as a result.
Original commit: elastic/x-pack-elasticsearch@09cffa9517
This commit moves the reloading and monitoring of files from the trust/key configuration
classes into a separate class that will reload for the whole SSLConfiguration object.
SSLContexts are loaded lazily by most of security, so a listener interface was added to
notify the reloader that there may be other paths to monitor.
Original commit: elastic/x-pack-elasticsearch@1633cc14a7
The tests have been moved back to xpack, turned into a rest test or removed.
For example testing specific inline, file or stored mustache template functionality is already covered in the `lang-mustache` module. The smoke-test-watcher-with-mustache should tests watcher mustach specific things like the if the watcher variables are available.
Original commit: elastic/x-pack-elasticsearch@e434bcd3fa
This makes use of the `registerAsDeprecatedHandler` method to automatically warn users when they're using deprecated functionality.
This will also automatically provide a `Warning` header for anyone using HTTP clients (though they have to be looking for it...).
Graph portion only
Original commit: elastic/x-pack-elasticsearch@d6452a75c1
The value of the setting name had a typo.
Also added a message to show the value of globally configured proxy on startup
to help admins spot if this is configured.
Original commit: elastic/x-pack-elasticsearch@bdc41ff733
This changes the usage stats for the realms to not use nested objects but to instead group
values by the realm type. Additionally, the realms now return the actual size of the users that
are contained or have recently logged in (in case of LDAP/AD).
Additionally, the audit section will always contain an enabled flag and a new field has been
added to capture whether anonymous access is enabled or not.
See elastic/elasticsearch#2210
Original commit: elastic/x-pack-elasticsearch@9cc2852585
There are still tests left to be cleanup, but these tests need to be turned into a rest test and moved the smoke test xpack with mustache module.
Original commit: elastic/x-pack-elasticsearch@3b88b15b97
We currently have the license:base project, as well as license:licensor.
Xpack depends on license base. This change moves all the base license
code into xpack, and makes the license-tools (previously called
licensor) depenend on x-pack.
Original commit: elastic/x-pack-elasticsearch@7fd462ad6a
In 2.x, 1.x license format in cluster state was upgraded
to the 2.x format. This commit removes the code to read
1.x license format from cluster state in 5.x, as 2.x clusters
will already upgrade the license format to 2.x format.
Original commit: elastic/x-pack-elasticsearch@77f18ffc76