Commit Graph

1079 Commits

Author SHA1 Message Date
Alexander Reelsen 07b8bcf219 Watcher: Ensure watch status is always updated on condition check (elastic/elasticsearch#2980)
When a watch is executed, but the condition is not met, it is not automatically marked as dirty.
This results in a divergence of what is displayed when someone is just getting a watch via the get
watch API (due to using the in memory store) compare to when someone is using the GET API to get the
watch via the .watches index call.

This commit sets the watch status always to dirty after a condition check, thus forcing an update.

Closes elastic/elasticsearch#2699

Original commit: elastic/x-pack-elasticsearch@e6a00260f7
2016-08-03 18:21:57 +02:00
jaymode 60cb867d47 security: ignore empty query value in roles
Users are allowed to create query objects with an empty string value as we do
not currently validate the input against a query parser. In this case, we can ignore
the empty value when parsing the role. If we pass an empty BytesReference in
the role then trying to determine the XContentType will fail in the
SecurityIndexSearcherWrapper.

Closes elastic/elasticsearch#2997

Original commit: elastic/x-pack-elasticsearch@fc593943c4
2016-08-03 11:24:49 -04:00
Jason Tedor 33ba52e735 Merge branch 'master' into netty4_transport
* master:
  Restore interruption flag correctly in life cycle service

Original commit: elastic/x-pack-elasticsearch@5da6471c9a
2016-08-03 11:11:16 -04:00
Jason Tedor 832cb4fff2 Simplify test setup in Netty 4 transport tests
This commit collapes some duplicated setup code in every test in the
Netty 4 security transport tests to a common method.

Original commit: elastic/x-pack-elasticsearch@0a088db78d
2016-08-03 11:08:00 -04:00
Daniel Mitterdorfer 196f74984c Merge pull request elastic/elasticsearch#2969 from danielmitterdorfer/fix-interruption
Restore interruption flag correctly in life cycle service

Original commit: elastic/x-pack-elasticsearch@fe73226e47
2016-08-03 17:03:33 +02:00
jaymode b3f8495a03 clarify comments and add assert client auth type
Original commit: elastic/x-pack-elasticsearch@0e3d134bc6
2016-08-03 10:39:37 -04:00
Jason Tedor 94e7d82a20 Kill newline in SecurityNetty4HttpServerTransport
This commit removes an extra newline in
SecurityNetty4HttpServerTransport.java.

Original commit: elastic/x-pack-elasticsearch@218b29c9b6
2016-08-03 09:42:51 -04:00
Jason Tedor 4874d84f82 Merge branch 'master' into netty4_transport
* master: (25 commits)
  docs: remove unused file and add link to invalid role examples
  Remove interfaces for notification services
  Redirect to URL specified by next parameter, if it is set
  Fix fixture and tests so they pass again
  Update error message to be more actionable
  Switch to NamedWriteable pull based extension in xpack
  Fixing issue with infinite redirect loop
  Toggle display of security nav controls more dynamically
  Pass in xpackMainPlugin instead of xpackMainPlugin.info
  Wrap the return in a Promise
  Only unset the cookie if it is currently set
  Clarifying intent of code
  Updating tests fixtures + adding assertion for client cookie deletion
  If security is disabled, do not attempt to call the authenticate ES API
  Disambiguate between resolve function names
  Revert to not using xpackMainPlugin.info until the xpackMainPlugin is ready
  Redirect /login => / if security is disabled in ES
  Register/deregister security management items depending on whether there's an auth'd user
  Show/hide the username + logout button depending on whether there is an auth'd user
  If security is disabled, continue without auth + delete client cookie
  ...

Original commit: elastic/x-pack-elasticsearch@16b92a1a59
2016-08-03 09:18:42 -04:00
jaymode 00e963fef9 ensure transport is set for external cluster clients take 2
Original commit: elastic/x-pack-elasticsearch@b92943303e
2016-08-03 08:12:05 -04:00
jaymode 417bc49230 ensure transport is set for external cluster clients
Original commit: elastic/x-pack-elasticsearch@ee8aa8600a
2016-08-03 08:11:19 -04:00
jaymode 76591e54f6 mock channelhandlercontext instead of a null implementation
Original commit: elastic/x-pack-elasticsearch@e4ba6b96cc
2016-08-03 07:27:37 -04:00
jaymode 55ccd27acf ensure the transport type is a security transport
Original commit: elastic/x-pack-elasticsearch@6c7e46e103
2016-08-03 07:23:55 -04:00
Ryan Ernst d69bb4cc51 Merge pull request elastic/elasticsearch#3017 from rjernst/writeable_registry
Switch to NamedWriteable pull based extension in xpack

Original commit: elastic/x-pack-elasticsearch@e077ba2d6c
2016-08-03 01:36:43 -07:00
Ryan Ernst 549a5d3e73 Remove interfaces for notification services
We have 4 types of notification services, and all of them have an
interface with a single implementation class. They also all
unnecessarily are lifecycle componenets, but the only thing start does
is read the settings.

This change converts all 4 notification services to classes, and makes
them regular components instead of lifecycle services.

Original commit: elastic/x-pack-elasticsearch@897115ae65
2016-08-03 00:07:26 -07:00
Jason Tedor dd181e3e13 Cleanup HTTP and transport security settings
After this commit, we have "security3" and "security4" as possible
transport and HTTP settings, we default to "security4" if it is not set,
and we randomize the selection in some of the integration tests.

Original commit: elastic/x-pack-elasticsearch@e56718911a
2016-08-03 00:23:58 -04:00
Jason Tedor f4ba670b25 Cleanup Netty handshake waiting handlers
This commit cleans up the Netty handshake waiting handlers. We rename
the Netty 3 implementation to include "Netty3" in the name, the Netty 4
implementation is not needed, and we improve the handling of waiting for
the handshakes to complete when connecting.

Original commit: elastic/x-pack-elasticsearch@f736fdc8f0
2016-08-02 23:55:20 -04:00
Ryan Ernst cdae14a5b9 Switch to NamedWriteable pull based extension in xpack
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#19764. It converts
the one use of registering custom NamedWriteable readers in xpack for
xpack feature sets to register them up front with the new pull based
registration.

Original commit: elastic/x-pack-elasticsearch@48e2020816
2016-08-02 16:00:06 -07:00
Jason Tedor 8579dbf80b Remove nocommit from Security
This commit removes a nocommit from Security so that work can continue.

Original commit: elastic/x-pack-elasticsearch@4d35ef6174
2016-08-02 17:11:32 -04:00
Jason Tedor c88aea19d8 Migrate Netty 4 unit tests
This commit migrates some unit tests to Netty 4.

Original commit: elastic/x-pack-elasticsearch@a38dc82706
2016-08-02 16:43:07 -04:00
jaymode c3cecad027 add channel is closed check
Original commit: elastic/x-pack-elasticsearch@04bcdf8308
2016-08-02 15:50:17 -04:00
jaymode 7a3932de94 add some debugging info to assert
Original commit: elastic/x-pack-elasticsearch@ef3c68e4db
2016-08-02 15:36:00 -04:00
jaymode fc8e787325 update security rest filter
Original commit: elastic/x-pack-elasticsearch@9a4f0bc184
2016-08-02 14:47:06 -04:00
Jason Tedor 8fa06fbab7 Security Netty 4 HTTP server implementation
This commit is a work-in-progress commit on a Netty 4-based HTTP server
implementation.

Original commit: elastic/x-pack-elasticsearch@705a202574
2016-08-02 14:33:42 -04:00
jaymode af16eec512 fix PKI cert extraction
Original commit: elastic/x-pack-elasticsearch@9c68611557
2016-08-02 14:07:16 -04:00
jaymode b525891212 Netty 4 transport working
Original commit: elastic/x-pack-elasticsearch@081e68c087
2016-08-02 13:43:16 -04:00
Jason Tedor b498fd32a2 Enable core to default networking to Netty 4
This commit enables core to set the default transport and HTTP
implementation to use transport-netty4.

Relates elastic/elasticsearch#2999

Original commit: elastic/x-pack-elasticsearch@cb0efa29ab
2016-08-02 12:19:34 -04:00
Ali Beyad 287f4da0b9 Fix tests that use write consistency level in favor of ActiveShardCount
Original commit: elastic/x-pack-elasticsearch@4c463c8d7b
2016-08-02 08:59:46 -04:00
Tanguy Leroux 62d3c19db5 [TEST] Make MockMustacheScriptEngine less strict
Since elastic/elasticsearch#19621 MockScriptEngine is stricter and expects scripts to be defined before being used in tests. Because watcher makes heavy use of scripts without really need of custom logic, this commit changed the MockMustacheScriptEngine implementation so that it always returns the script's source as a result.

Original commit: elastic/x-pack-elasticsearch@09cffa9517
2016-08-01 18:13:43 +02:00
Nik Everett 2297c493e4 Handle renaming DocWriteResponse.Operation
It is now DocWriteResponse.Result. The enum constants have changed a bit
as well.

Original commit: elastic/x-pack-elasticsearch@395e7c15bb
2016-08-01 10:43:15 -04:00
Nik Everett 585837dbd3 Handle core moving RestUtils
Original commit: elastic/x-pack-elasticsearch@01cda72d62
2016-07-29 20:37:01 -04:00
Nik Everett c0df62e0e9 Stop using isCreated and isFound
These are going away in core and being replaced by `getOperation`.

Original commit: elastic/x-pack-elasticsearch@7413b12911
2016-07-29 14:22:11 -04:00
Nik Everett 240a052cbf Stop using isCreated and isFound
These are going away in core and being replaced by `getOperation`.

Original commit: elastic/x-pack-elasticsearch@d02e745318
2016-07-29 13:43:02 -04:00
jaymode c82f1be386 security: move reloading of ssl configuration to its own class
This commit moves the reloading and monitoring of files from the trust/key configuration
classes into a separate class that will reload for the whole SSLConfiguration object.
SSLContexts are loaded lazily by most of security, so a listener interface was added to
notify the reloader that there may be other paths to monitor.

Original commit: elastic/x-pack-elasticsearch@1633cc14a7
2016-07-29 12:26:37 -04:00
Daniel Mitterdorfer a8017c4968 Restore interruption flag correctly in life cycle service
Original commit: elastic/x-pack-elasticsearch@c9b0754811
2016-07-29 11:08:22 +02:00
Martijn van Groningen 62353ff8bc test: removed messy xpack mustache test module
The tests have been moved back to xpack, turned into a rest test or removed.
For example testing specific inline, file or stored mustache template functionality is already covered in the `lang-mustache` module. The smoke-test-watcher-with-mustache should tests watcher mustach specific things like the if the watcher variables are available.

Original commit: elastic/x-pack-elasticsearch@e434bcd3fa
2016-07-29 11:00:42 +02:00
Nik Everett 59cb8f2271 Fix rest spec for graph explore
Original commit: elastic/x-pack-elasticsearch@293b5c9ebd
2016-07-28 16:37:30 -04:00
Chris Earle 4d81792a56 [Graph] Log Deprecation Warnings for old API usage
This makes use of the `registerAsDeprecatedHandler` method to automatically warn users when they're using deprecated functionality.

This will also automatically provide a `Warning` header for anyone using HTTP clients (though they have to be looking for it...).

Graph portion only

Original commit: elastic/x-pack-elasticsearch@d6452a75c1
2016-07-28 12:11:10 -04:00
Ryan Ernst 9d6d858449 Merge pull request elastic/elasticsearch#2958 from rjernst/move_license
Move License into xpack

Original commit: elastic/x-pack-elasticsearch@6b86ce6f14
2016-07-28 08:41:23 -07:00
Alexander Reelsen 39d614bd17 Watcher: Fix HTTP proxy port setting (elastic/elasticsearch#2961)
The value of the setting name had a typo.
Also added a message to show the value of globally configured proxy on startup
to help admins spot if this is configured.

Original commit: elastic/x-pack-elasticsearch@bdc41ff733
2016-07-28 16:10:02 +02:00
jaymode ba1ced9096 security: adapt realms usage stats output and add anonymous
This changes the usage stats for the realms to not use nested objects but to instead group
values by the realm type. Additionally, the realms now return the actual size of the users that
are contained or have recently logged in (in case of LDAP/AD).

Additionally, the audit section will always contain an enabled flag and a new field has been
added to capture whether anonymous access is enabled or not.

See elastic/elasticsearch#2210

Original commit: elastic/x-pack-elasticsearch@9cc2852585
2016-07-28 08:05:21 -04:00
Martijn van Groningen 3d3eb0fc48 test: renamed test cases
Original commit: elastic/x-pack-elasticsearch@c05bfecb97
2016-07-28 12:59:40 +02:00
Martijn van Groningen 49a1f8a4e5 test: Removed the mustache dependency on a number of tests and moved them back the xpack
There are still tests left to be cleanup, but these tests need to be turned into a rest test and moved the smoke test xpack with mustache module.

Original commit: elastic/x-pack-elasticsearch@3b88b15b97
2016-07-28 10:01:02 +02:00
Tanguy Leroux 7a6ed965b9 Update LICENSE.txt
The previous LICENSE.txt file still referred to Marvel Software. This commit updates the content of the license for X-Pack for both Elasticsearch and Kibana plugins.

closes elastic/elasticsearch#2644

Original commit: elastic/x-pack-elasticsearch@bace98250e
2016-07-28 09:24:25 +02:00
Ryan Ernst 8514b1422e Move License into xpack
We currently have the license:base project, as well as license:licensor.
Xpack depends on license base. This change moves all the base license
code into xpack, and makes the license-tools (previously called
licensor) depenend on x-pack.

Original commit: elastic/x-pack-elasticsearch@7fd462ad6a
2016-07-28 00:16:18 -07:00
Ryan Ernst fedd3b4f4a Convert FileWatchListener to an interface
Original commit: elastic/x-pack-elasticsearch@da9f6eddc1
2016-07-27 15:32:52 -07:00
Nik Everett b9e1bdfce6 Test reindex-from-remote with security
Original commit: elastic/x-pack-elasticsearch@7e3530a958
2016-07-27 14:19:01 -04:00
Chris Earle ac43e72aec [Monitoring] Change xpack.monitoring.collection.exporters to xpack.monitoring.exporters
Removes the exporters from the collection settings.

Original commit: elastic/x-pack-elasticsearch@e721e5cb6d
2016-07-27 14:05:36 -04:00
Areek Zillur 92e357f838 Remove bwc code to read 1.x licenses from cluster state
In 2.x, 1.x license format in cluster state was upgraded
to the 2.x format.  This commit removes the code to read
1.x license format from cluster state in 5.x, as 2.x clusters
will already upgrade the license format to 2.x format.

Original commit: elastic/x-pack-elasticsearch@77f18ffc76
2016-07-27 11:56:13 -04:00
Martijn van Groningen dc6672693b test: make sure that tests are actually ran
Original commit: elastic/x-pack-elasticsearch@b1a4015779
2016-07-27 15:40:21 +02:00
Alexander Reelsen 20481083e3 Watcher: Update to tests to use slack token for team slack, easier to check
Original commit: elastic/x-pack-elasticsearch@8a511a1f31
2016-07-27 11:47:24 +02:00
Ryan Ernst d53315b613 Merge branch 'master' into deguice15
Original commit: elastic/x-pack-elasticsearch@38f0a6f641
2016-07-26 15:07:20 -07:00
Ryan Ernst 4089ae0775 move license utils back to public, for now
Original commit: elastic/x-pack-elasticsearch@3e37e2a08f
2016-07-26 14:20:11 -07:00
Ryan Ernst 059bf323c4 Cleanup: Move all license related classes into a single package
This change moves all license related code in xpack under
org.elasticsearch.license. Some classes become package private (more can
become package private later with further deguicing). It also adds
package level javadocs. Note, I did not move anything from the actual
licensing jar.  This should be cleaned up in a followup.

Original commit: elastic/x-pack-elasticsearch@2413c4f288
2016-07-26 13:26:29 -07:00
Ryan Ernst b02b30ee0a Internal: Remove guice from monitoring
This change removes guice from construction of monitoring classes.
Additionally, it removes disk threshold watermark and enabled setting
from node stats collector. These were not node stats, just cluster
settings. If we want to add back actual percentage of disk threshold
used, it should be in node stats directly.

Original commit: elastic/x-pack-elasticsearch@4cd49557cf
2016-07-26 11:25:22 -07:00
Nik Everett 4d063eddbd Rename client yaml tests
Original commit: elastic/x-pack-elasticsearch@4d37d18090
2016-07-26 13:54:40 -04:00
Alexander Reelsen 462897e8c8 Watcher: Fix watch history template for failed inputs (elastic/elasticsearch#2928)
If the result of a search actions fails (i.e. because the index you queried does not exist yet),
the watch record failed to store into the Watch History because of a mapping issue, as the
template path match regular expression did not match properly.

Closes elastic/elasticsearch#2913

Original commit: elastic/x-pack-elasticsearch@3c2d4b3ca9
2016-07-26 18:22:34 +02:00
Martijn van Groningen 0bb6fed89f extend from WatcherRestTestCase to make sure watcher gets restarted after each test
Original commit: elastic/x-pack-elasticsearch@6932cfd185
2016-07-26 08:59:19 +02:00
Ryan Ernst 8e0da2602d Fix license ack tests to ensure license change always results in ack
messages

Original commit: elastic/x-pack-elasticsearch@25029eb83e
2016-07-25 20:12:42 -07:00
Ryan Ernst 3e8bc2879f Add back disabling dependency licenses check
Original commit: elastic/x-pack-elasticsearch@51b76f6f89
2016-07-25 18:06:57 -07:00
Ryan Ernst 1ca2db1d88 Merge branch 'master' into deguice2
Original commit: elastic/x-pack-elasticsearch@c4151d75e1
2016-07-25 17:49:19 -07:00
Ryan Ernst b9a3fa3079 Build: Turn on license header checks
This is dependent on elastic/elasticsearchelastic/elasticsearch#19589. It also fixes the
existing files that either were missing the license header or had the
open source license header.

Original commit: elastic/x-pack-elasticsearch@2642c20381
2016-07-25 17:09:54 -07:00
Nik Everett 3ec40d67a5 Handle core renaming ESRestTestCase
Original commit: elastic/x-pack-elasticsearch@c47a7f839d
2016-07-25 17:58:13 -04:00
Alexander Reelsen 0b2b50be94 Watcher: Put response code in payload in http input (elastic/elasticsearch#2888)
The response status code was stored in the result of an http input,
but inaccessible in the payload itself and could not be used in
scripts.

This puts the status code in the payload under the name '_status_code',
similar to the '_headers' variable, which already stores the headers.

Original commit: elastic/x-pack-elasticsearch@dff2a39535
2016-07-25 14:57:57 +02:00
Alexander Reelsen f02a9cdc35 Watcher: Ensure watch status needs to be udpated on unmet condition (elastic/elasticsearch#2863)
Background: When a watch has been acked, but the condition evaluates to false again,
the watch must be marked as dirty - which means it needs to be persisted to the watches
index - so in case of a master node switch this information is not lost.

This commit fixes the setting of the `dirty` field in the watch status, in case
the condition is not met, but some actions have been acked.

Original commit: elastic/x-pack-elasticsearch@1a55a45b14
2016-07-25 13:24:12 +02:00
Martijn van Groningen d33e639d4c security: Added templating support to DLS' role query.
Closes elastic/elasticsearch#410

Original commit: elastic/x-pack-elasticsearch@2b91ea9eed
2016-07-25 08:11:28 +02:00
Ryan Ernst 0ae6e53173 Internal: Collapse Licensee per feature into single XPackLicenseState
The license code currently has a Licensee implementation per feature,
which is updated by the license service. This meant maintaining a
listener type feature for the license service, and having an abstract
listener and such. The licensee class also mixed in stuff only needed by
the license service (acknowledgement messages).

This change collapses all the methods from licensees into
XPackLicenseState. The naming was inconsistent across licensee
implementations, so here it is standardized on `is*Allowed()`. There are
also a number of tests which should be consolidated for testing the
license service but that is left for a future change. I also removed
collector tests that were testing license: that is better left for the
direct tests of the license state in XPackLicenseStateTests.

Original commit: elastic/x-pack-elasticsearch@734871e870
2016-07-23 16:55:04 -07:00
Ryan Ernst d734d483c5 Merge pull request elastic/elasticsearch#2902 from rjernst/license_state_removal
Internal: Removed LicenseState enum

Original commit: elastic/x-pack-elasticsearch@13abacbb78
2016-07-22 14:25:19 -07:00
javanna 9b73b26b7d Merge branch 'master' into feature/async_rest_client
Original commit: elastic/x-pack-elasticsearch@e58a8d9484
2016-07-22 22:22:14 +02:00
Ryan Ernst 7fcf05dcb1 Internal: Removed LicenseState enum
The LicenseState class exists to distinguish when a license is enabled,
vs being inside its grace period. However, the consumers of this state
do not care whether the license is in the grace period, they view that
and an active license as the same thing. The only part that cares about
the grace period is in the license service which logs a warning when a
license begins its grace period.

This change removes the LicenseState enum in favor of a simple boolean
indicating whether the license is active.

Original commit: elastic/x-pack-elasticsearch@5a90a0e3d4
2016-07-22 11:30:56 -07:00
Ryan Ernst dcb9145b93 Merge pull request elastic/elasticsearch#2891 from rjernst/license_service_name
Rename LicensesService to LicenseService

Original commit: elastic/x-pack-elasticsearch@e9c3058ca1
2016-07-22 08:47:06 -07:00
Alexander Reelsen efc5de782b Watcher: Refactor integration test into rest test (elastic/elasticsearch#2864)
As the specified integration tests were better suited as REST tests, I changed them into
those and removed the (partially already unused) java classes.

Original commit: elastic/x-pack-elasticsearch@f26d8d94e8
2016-07-22 17:01:57 +02:00
javanna 748962e626 Merge branch 'master' into feature/async_rest_client
Original commit: elastic/x-pack-elasticsearch@cb4f022353
2016-07-22 15:52:44 +02:00
Ryan Ernst a93a5fcd5b Rename LicensesService to LicenseService
We only have one license in 5.x. This change renames the service that
mantains the license state on each node to reflect that fact.

Original commit: elastic/x-pack-elasticsearch@bb241b30cb
2016-07-21 11:59:52 -07:00
Alexander Reelsen 81382262ec Watcher: Hardcode index names for auto index create validation (elastic/elasticsearch#2834)
This is broken in 2.x and returns a wrong index name. We should just use
the indices, that are hardcoded in the error message.

Relates elastic/elasticsearch#2831

Original commit: elastic/x-pack-elasticsearch@457be61013
2016-07-21 14:25:22 +02:00
Jim Ferenczi bd91603f6d Sort plugins in list x-pack extensions command
Fix tests that rely on deterministic order.

Original commit: elastic/x-pack-elasticsearch@324b0db514
2016-07-20 19:45:10 +02:00
Britta Weber 75362e70a3 fix compile
Original commit: elastic/x-pack-elasticsearch@d234e88c22
2016-07-20 19:24:56 +02:00
Ryan Ernst 59c76e1bc6 Merge pull request elastic/elasticsearch#2873 from rjernst/deguice11
Remove guice from authentication and authorization services

Original commit: elastic/x-pack-elasticsearch@323540a4eb
2016-07-20 08:52:25 -07:00
Jim Ferenczi 7467652b43 Add verbose mode for extension list command
This is a late follow up of https://github.com/elastic/elasticsearch/pull/18051
Closes elastic/elasticsearch#2806

Original commit: elastic/x-pack-elasticsearch@d1c9a3d7c5
2016-07-20 14:37:36 +02:00
Ryan Ernst f05005f667 Internal: Remove guice from authentication and authorization services
This change removes guice from most of the rest of security. It also
converts the last use of onModule in xpack extensions to a pull based
extension.

Original commit: elastic/x-pack-elasticsearch@9de072550e
2016-07-19 15:57:29 -07:00
Ryan Ernst 94b9b332d4 Internal: Remove interfaces for auth services
Both AuthenticationService and AuthorizationService are currently
interfaces with single implementations. This is unnecessary, and makes
it harder to deguice. This change removes the abstractions and leaves
just AuthenticationService and AuthorizationService.

Original commit: elastic/x-pack-elasticsearch@d04c897ae4
2016-07-19 14:38:51 -07:00
Ryan Ernst 6c7a9af7bf Internal: Remove use of AuditTrail interface in place of
AuditTrailService

We currently have a number of actions and components which try to write
to the audit trail. But they do so by expecting a bound AuditTrail
object. In reality, this should always be AuditTrailService, except when
security is disabled. This change removes the use of the AuditTrail
interface for that purpose, and instead makes the AuditTrailService
allow an empty list of trails, so that it is always bound when running
on a node.

Original commit: elastic/x-pack-elasticsearch@9559dbd6c1
2016-07-19 13:41:19 -07:00
jaymode 9be5c7df60 security: remove SelfReSchedulingRunnable
This commit removes the SelfReschedulingRunnable and changes the native stores
to use the threadpool for scheduling again since we have now fixed the issue in core.

Original commit: elastic/x-pack-elasticsearch@50030e31ff
2016-07-19 12:19:52 -04:00
Ryan Ernst 4552df11da Merge pull request elastic/elasticsearch#2860 from rjernst/deguice12
Internal: Simplify SecurityContext dependencies

Original commit: elastic/x-pack-elasticsearch@74d0036e80
2016-07-19 09:05:26 -07:00
javanna 63a5001837 [TEST] restore throws IOException clause on all sync performRequest callers
Original commit: elastic/x-pack-elasticsearch@d114419752
2016-07-19 16:51:07 +02:00
javanna 5c31e20746 Use ContentType constant instead of RestClient#JSON_CONTENT_TYPE
Original commit: elastic/x-pack-elasticsearch@6f3165b569
2016-07-19 16:42:32 +02:00
javanna ca557af48c Merge branch 'master' into feature/async_rest_client
Original commit: elastic/x-pack-elasticsearch@693e281d0d
2016-07-19 16:29:50 +02:00
Yannick Welsch ea7ad5d4c5 Add new transport handler introduced by elastic/elasticsearchelastic/elasticsearch#19287
Original commit: elastic/x-pack-elasticsearch@8e71782cba
2016-07-19 14:56:51 +02:00
Martijn van Groningen 7c12fa0eb6 Removed basic sanity test as it caused problems for the clients
Original commit: elastic/x-pack-elasticsearch@1bd7c82708
2016-07-19 10:59:23 +02:00
Martijn van Groningen cc7cfb7fd9 security: Added `set_security_user` ingest processor that enriches documents with user details of the current authenticated user
This is useful if an index is shared with many small customers, which are to small to have their own index or shard,
 and in order to share an index safely they will need to use document level security. This processor can then automatically
 add the username or roles of the current authenticated user to the documents being indexed, so that the DLS query can be simple. (`username: abc` only return data inserted by user abc)

Closes elastic/elasticsearch#2738

Original commit: elastic/x-pack-elasticsearch@f4df2f6d6f
2016-07-19 09:48:52 +02:00
Ryan Ernst a76a6b4e54 Internal: Simplify SecurityContext dependencies
Currently the security context is an object passed around to code
needing to check the user for the current request. Like recent
InternalClient changes, it current depends on the AuthenticationService,
but can be simplified by only knowing about the thread context and
crypto service. This change makes SecurityContext a class, instead of an
interface, and removes the dependency on AuthenticationService.

Original commit: elastic/x-pack-elasticsearch@b8af75e8cb
2016-07-18 17:00:55 -07:00
Ryan Ernst 41eea741b8 Ensure index audit trail is bound for security lifecycle service
Original commit: elastic/x-pack-elasticsearch@bbe7ec0802
2016-07-18 15:13:10 -07:00
Ryan Ernst 411b29e7fa Merge branch 'master' into deguice9
Original commit: elastic/x-pack-elasticsearch@2474231dc1
2016-07-18 14:25:49 -07:00
Ryan Ernst 30b084d372 Merge pull request elastic/elasticsearch#2843 from rjernst/plugin_default_config
Switch to new plugin configuration for integ tests

Original commit: elastic/x-pack-elasticsearch@e2a5da4144
2016-07-18 14:19:52 -07:00
Ryan Ernst f03683fb18 Internal: Remove guice from audit trail construction
This change removes guice from audit trails.

Original commit: elastic/x-pack-elasticsearch@ace1f11dc4
2016-07-18 13:59:51 -07:00
Ryan Ernst e2303f2584 Merge branch 'master' into deguice8
Original commit: elastic/x-pack-elasticsearch@8b273d3f8a
2016-07-18 13:54:43 -07:00
Ryan Ernst 07c9903e8f Merge branch 'master' into remove_script_proxy
Original commit: elastic/x-pack-elasticsearch@0046ab598a
2016-07-18 13:41:21 -07:00
jaymode 67f473a992 test: mute ldap timeout tests
See elastic/elasticsearch#2849

Original commit: elastic/x-pack-elasticsearch@318307073e
2016-07-18 11:20:52 -04:00
Simon Willnauer 12c709ea3a Move over to dedicated TransportClient implementations (elastic/elasticsearch#2819)
Followup of elastic/elasticsearchelastic/elasticsearch#19435
Relates to elastic/elasticsearchelastic/elasticsearch#19412

Original commit: elastic/x-pack-elasticsearch@60f7047ea9
2016-07-18 15:43:29 +02:00
jaymode 34d04a8c78 security: mention comma-separated for IP and DNS name prompts
Original commit: elastic/x-pack-elasticsearch@3e58fc282a
2016-07-18 08:53:17 -04:00
jaymode 59fcb205b5 security: active directory and ldap realm improvements
This commit is a combination of enhancements and fixes to the active directory
and ldap realms. The active directory realm has been enhanced to add support
for authentication against multiple domains in a forest. The ldap realm has
been updated so that:

* attributes required for group resolution are loaded eagerly if possible
* user search can now be executed using unpooled connections
* the default search filter for groups now includes posixGroup and memberUid
to avoid users needed to understand ldap filters

Finally, the UnboundID LDAP SDK was upgraded to the latest version and some
long standing AwaitsFix were addressed.

Closes elastic/elasticsearch#20
Closes elastic/elasticsearch#26
Closes elastic/elasticsearch#1950
Closes elastic/elasticsearch#2145
Closes elastic/elasticsearch#2363

Original commit: elastic/x-pack-elasticsearch@63c9be2337
2016-07-18 08:39:57 -04:00
jaymode 5be3832889 security: add metadata to roles
This commit adds the ability to define metadata for roles. This metadata is currently
only used for the API and to indicate that a role is reserved. We can continue passing
on the metadata as needed, when necessary.

Closes elastic/elasticsearch#2036

Original commit: elastic/x-pack-elasticsearch@8b5f606138
2016-07-18 08:11:43 -04:00
jaymode f42f8cf756 security: add tool to simplify creation of certificate and csr files
This commit adds a CLI tool that can be used to generate a CA and signed certificates in PEM
format. The tool only requires a name of an instance to be provided by the user; ip and dns values
are supported but optional. By default, the tool is interactive and will prompt the user for input but
an option exists to provide a yaml file that contains the necessary information to generate certificates
or signing requests.

The output is in the form of a zip file with subfolders for each instance. Neither the zip file or the PEM
files are encrypted as some parts of our stack do not support encrypted PEM files.

Original commit: elastic/x-pack-elasticsearch@3dc0f8d495
2016-07-18 07:50:17 -04:00
Alexander Reelsen c7e4f51d56 Watcher: Prioritize configured response content type in HttpInput (elastic/elasticsearch#2790)
When a HTTP input has a configured response content, then this should
always be treated as preferred over the content type that is returned
by the server in order to give the user the power to decide.

This also refactors the code a bit to make it more readable.

Closes elastic/elasticsearch#2211

Original commit: elastic/x-pack-elasticsearch@ecdb4f931c
2016-07-18 10:54:48 +02:00
Martijn van Groningen 5b5e0bd787 Updated xpack for changed in elastic/elasticsearch#19425 related to templates
Original commit: elastic/x-pack-elasticsearch@7747f92b89
2016-07-18 08:34:11 +02:00
Ryan Ernst 91441bbd2a Internal: Remove script service proxy
ScriptServiceProxy is a thin wrapper around the ScriptService which does
a runAs the xpack user when compiling. But script services know nothing
about xpack users, so this has no real effect. I believe this is a
remnant of when we had indexed scripts, where the compilation may have
done a get on the scripts index.

This change removes the ScriptServiceProxy. It also renames Script in
watcher to WatcherScript, to remove confusion between elasticsearch's
Script and watchers Script.

Original commit: elastic/x-pack-elasticsearch@4e2fdbc518
2016-07-16 00:10:17 -07:00
Ryan Ernst 525562e48f Add tests for realm construction
Original commit: elastic/x-pack-elasticsearch@a35c103726
2016-07-15 21:36:22 -07:00
Ryan Ernst 9df9957307 Remove guice from realms construction
This change makes the internal realms factories, as well as those added
by extensions, constructed directly instead of via guice. Adding realms
in extensions is now pull based. Finally, all of the generics for realms
and realm factories have been removed.

Original commit: elastic/x-pack-elasticsearch@f0de9d2340
2016-07-15 15:55:28 -07:00
Ryan Ernst 01dfb7481e Build: Switch to new plugin configuration for integ tests
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#19461

Original commit: elastic/x-pack-elasticsearch@bb29f9e948
2016-07-15 14:48:50 -07:00
Chris Earle 1311935122 [Monitoring] Add Request Cache to returned stats for tests
Original commit: elastic/x-pack-elasticsearch@9bc34609c5
2016-07-15 12:51:43 -04:00
Areek Zillur 0db0e2f0c9 Implements cloud_internal license type
"cloud_internal" license type enables dynamically updating license operation mode via a config file.

When the installed license is "cloud_internal", the node level operation mode can be updated by writing
a `license_mode` file in the x-pack config directory (config/x-pack/license_mode). The file is expected
to have a string representing the desired license mode (e.g. "gold", "basic"). In case of a failure to
read a valid license mode from the `license_mode` file, the operation mode for "cloud_internal" license
defaults to PLATINUM.
This change also ensures that the correct operation mode is reported via the _xpack endpoint.

closes elastic/elasticsearch#2042

Original commit: elastic/x-pack-elasticsearch@6a2d788e45
2016-07-15 12:08:34 -04:00
Ryan Ernst 8407f6aaf6 Remove leftover guicyness from client ssl service
Original commit: elastic/x-pack-elasticsearch@f362097ad7
2016-07-15 08:25:59 -07:00
Ryan Ernst 07bb586f1e Remove guice from ssl services
This change removes guice from the client and server ssl services.

Original commit: elastic/x-pack-elasticsearch@d60f8ca474
2016-07-15 00:25:00 -07:00
Ryan Ernst fa26d3716b Merge branch 'master' into rest_headers
Original commit: elastic/x-pack-elasticsearch@28ee29cbe6
2016-07-14 20:20:10 -07:00
Ryan Ernst 394a4fc0c1 Remove unused var
Original commit: elastic/x-pack-elasticsearch@a0dd4600c2
2016-07-14 19:55:10 -07:00
Ryan Ernst f388ef01ed Merge branch 'master' into deguice2
Original commit: elastic/x-pack-elasticsearch@2d7264c2cf
2016-07-14 19:51:58 -07:00
Ryan Ernst b562a83c0b Fix subclasses that no longer need RestController
Original commit: elastic/x-pack-elasticsearch@d762c5f0bb
2016-07-14 19:31:58 -07:00
Ryan Ernst 5d42de803c Merge branch 'master' into rest_headers
Original commit: elastic/x-pack-elasticsearch@b0d14d60e4
2016-07-14 19:04:09 -07:00
Jason Tedor 496e112c5e Rename transport-netty to transport-netty-3
This commit renames the Netty 3 transport module from transport-netty to
transport-netty3. This is to make room for a Netty 4 transport module,
transport-netty4.

Relates elastic/elasticsearch#2827

Original commit: elastic/x-pack-elasticsearch@e6487cefa2
2016-07-14 22:03:29 -04:00
Ryan Ernst 0c81f1b6ad Switch to using rest headers getting
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#19440. It adds a
getter on XPackExtension for extensions that add custom rest headers, in
addition to the headers registered for xpack itself.

Original commit: elastic/x-pack-elasticsearch@bd142b88c6
2016-07-14 18:55:28 -07:00
Jason Tedor 29387eab21 Monitoring index name resolver test awaits fix
This commit moves an awaits fix from
MonitoringIndexNameResolverTestCase#testResolver to
MonitoringIndexNameResolverTestCase#testSource as the previous commit
elastic/x-pack@98e76642ea marked the incorrect test as
awaits fix.

Original commit: elastic/x-pack-elasticsearch@62e9aaa628
2016-07-14 19:52:00 -04:00
Jason Tedor 3c0e83990b Monitoring index name resolver test awaits fix
This commit adds an awaits fix to
MonitoringIndexNameResolverTestCase#testResolver as awaits fix.

Original commit: elastic/x-pack-elasticsearch@586eb37f43
2016-07-14 19:46:05 -04:00
Ryan Ernst e3defb4dbd Internal: Remove guice cyclic dependency with InternalClient
The InternalClient is used by xpack code making requests to other nodes,
to add the xpack user to the thread context. To do this, it uses has a
dependency on the AuthenticationService, which in turn transitively
depends on InternalClient (eg IndexAuditTrail). But to add the xpack
user, the full authentication service is not necessary. Only having the
crypto service is needed in order to encrypt the header.

This change simplifes construction of InternalClient both making it a
real class instead of an interface, and removing the dependency on the
AuthenticationService. It also removes the use of
Provider<InternalClient> in users of the client.

Original commit: elastic/x-pack-elasticsearch@10f633bdf3
2016-07-14 13:46:07 -07:00
Ryan Ernst f481dea1d0 Internal: Remove use of Transport in audit trails
Both logfile and index audit trails currently depend on injection of
Transport in order to find the bound address of the local node. However,
the ClusterService provides access to information about the local node,
including the bound addresses. This change makes the audit trails use
the cluster service, and also makes the logging audit trail not use a
lifecycle.

Original commit: elastic/x-pack-elasticsearch@d747d64ee1
2016-07-14 11:22:41 -07:00
Chris Earle 4224d70986 [Monitoring UI] Use same Index Memory chart for Index page as Node page
This provides the same -- more useful -- index memory chart to the index page, instead of just "Lucene Memory", it now breaks down what it shows just like the Node page as as more generalized "Index Memory" chart. It also rolls Fielddata into the Index Memory. With Fielddata now in the Index Memory chart, I decided to add the Segment Count chart to the Index page.

Original commit: elastic/x-pack-elasticsearch@4e3490ce9c
2016-07-14 13:26:43 -04:00
Lee Hinman 7e4b200f43 [TEST] ensure "index1" is yellow before searching in MigrateToolIT
If the search runs before the primary shards are initialized for the
"index1" index, the search may fail for unrelated reasons.

Resolves elastic/elasticsearch#2818

Original commit: elastic/x-pack-elasticsearch@654ba9e142
2016-07-14 10:18:33 -06:00
Simon Willnauer 1fe0f5c7ac Followup for elastic/elasticsearchelastic/elasticsearch#19428 (elastic/elasticsearch#2815)
elastic/elasticsearchelastic/elasticsearch#19428 removes `node.mode` and `node.local` this PR
fixes xplugins to configure networking explicitly.

Original commit: elastic/x-pack-elasticsearch@ee8daa36dd
2016-07-14 13:21:27 +02:00
Ryan Ernst 7f6788af1a Fix line length
Original commit: elastic/x-pack-elasticsearch@50e9ef0667
2016-07-13 17:05:32 -07:00
Ryan Ernst f82fa65d7d Internal: Remove guice construction of most license classes
This change removes some of the complexity around licensing classes in
xpack. It removes the interfaces for registration and management so the
remaining LicensesService class is the thing that components wanting to
interact with the license should use. It also removes complexity around
the Licensee interface, removing generics and the registration at
construction time, as well as making the licensees no longer have a
lifecycle. There is still more to be done with simplification of license
classes construction, but this is a step towards a simpler world.

Original commit: elastic/x-pack-elasticsearch@5307d67b5b
2016-07-13 14:23:23 -07:00
Chris Earle 870a855827 [License] Fix expected endpoint from [_xpack/_license] to [_xpack/license]
Original commit: elastic/x-pack-elasticsearch@7a48bc674c
2016-07-13 16:06:02 -04:00
Chris Earle 2c3a0db9ec [Watcher] Fix typoed deprecated endpoint
{actions/_ack was accidentally duplicated. It should be _ack/{actions} in the first case.

Original commit: elastic/x-pack-elasticsearch@38895522b5
2016-07-13 14:57:52 -04:00
Areek Zillur b674e016cb [TEST] ensure test license registration is always acknowledged
Original commit: elastic/x-pack-elasticsearch@3a928ba54a
2016-07-13 14:29:39 -04:00
Chris Earle a7c884be61 [License] Log Deprecation Warnings for old API usage
This makes use of the registerAsDeprecatedHandler method to automatically warn users when they're using deprecated functionality.

This will also automatically provide a Warning header for anyone using HTTP clients (though they have to be looking for it...).

- This also adds deprecated `/_licenses` variants of the endpoint. Users are consistently making that mistake, and it's easy enough to support this way. Can remove it if people disagree though.

License portion only

Original commit: elastic/x-pack-elasticsearch@431c871fcf
2016-07-13 13:36:05 -04:00
Chris Earle 641caabdae [Watcher] Log Deprecation Warnings for old API usage
This makes use of the registerAsDeprecatedHandler method to automatically warn users when they're using deprecated functionality.

This will also automatically provide a Warning header for anyone using HTTP clients (though they have to be looking for it...).

- This also changes from PUT _start, _restart, _stop (Watcher endpoints) to POST _start, _restart, _stop
    - The deprecated variant still honors PUT
- Nothing about the hijack endpoints was deprecated because they did not change from 2.x

Watcher portion only

Original commit: elastic/x-pack-elasticsearch@36f87a6526
2016-07-13 13:23:10 -04:00
Karel Minarik 63add2c959 Monitoring: Added `timeout: 60s` to the setup section of "Bulk indexing of monitoring data" test
When the monitoring tests are run in isolation, they succeed. However, when the whole suite of
REST tests is being run at the same time, the "Bulk indexing of monitoring data" intermittently
fails with a timeout. Therefore, a timeout of 60 seconds has been added.

Closes elastic/elasticsearch#2809

Original commit: elastic/x-pack-elasticsearch@d11dc7a2be
2016-07-13 17:40:20 +02:00
Alexander Reelsen e124e211c9 Watcher: Move YAML test into own project to not interfere with client tests (elastic/elasticsearch#2804)
This particular test requires Elasticsearch to run on port 9400, which is not
guaranteed if the clients run their own tests, as it is a matter of configuration
in gradle.

Therefore these tests need to run in their project.

Original commit: elastic/x-pack-elasticsearch@da38407766
2016-07-13 16:08:13 +02:00
Simon Willnauer 89f98c60dc [TEST] Use valid file extension for mapping tests
Original commit: elastic/x-pack-elasticsearch@080699aeb8
2016-07-13 10:37:08 +02:00
Simon Willnauer 691bdfcf14 Merge pull request elastic/elasticsearch#2792 from elastic/modularize_netty
this is a followup for elastic/elasticsearchelastic/elasticsearch#19392 Modularizing Netty

Original commit: elastic/x-pack-elasticsearch@504c8110dd
2016-07-13 09:52:34 +02:00
Nik Everett d46f83c53b Fix compilation error
Core changed...

Original commit: elastic/x-pack-elasticsearch@c80d5fd042
2016-07-12 22:47:20 -04:00
Ryan Ernst ed3b4afca9 Sync createComponents signature with core
Original commit: elastic/x-pack-elasticsearch@7874ff411f
2016-07-12 15:06:51 -07:00
Ryan Ernst 464e1bee37 Merge branch 'master' into deguice1
Original commit: elastic/x-pack-elasticsearch@078230ed0d
2016-07-12 15:04:49 -07:00
Ryan Ernst 8b2cdebf88 Merge pull request elastic/elasticsearch#2788 from rjernst/license1
Internal: Simplify creation of trial license

Original commit: elastic/x-pack-elasticsearch@1c92544b65
2016-07-12 13:44:21 -07:00
javanna c86c433aab Rest client: move to async client under the hood
Some configuration changes are needed due to the move to the async http client

Original commit: elastic/x-pack-elasticsearch@2f28dec0a0
2016-07-12 18:25:27 +02:00
Simon Willnauer 6522f49d83 Add MockNettyPlugin to sidestep permissions assertion in pseudo integ tests
Original commit: elastic/x-pack-elasticsearch@9e7f6532fb
2016-07-12 17:56:06 +02:00
Simon Willnauer 9204920d9a fix tests to use the transport-netty plugin
Original commit: elastic/x-pack-elasticsearch@65c0cd0cf2
2016-07-12 14:35:07 +02:00
javanna 50c24ba4ce RestClient: simplify ssl configuration
Original commit: elastic/x-pack-elasticsearch@1600743249
2016-07-12 12:31:40 +02:00
javanna 107ab2d71d Rest Client: add callback to customize http client settings
The callback replaces the ability to fully replace the http client instance. By doing that, one used to lose any default that the RestClient had set for the underlying http client. Given that you'd usually override one or two things only, like a couple of timeout values, the ssl factory or the default credentials providers, it is not uder friendly if by doing that users end up replacing the whole http client instance and lose any default set by us.

Original commit: elastic/x-pack-elasticsearch@03adca6f62
2016-07-12 12:31:40 +02:00
Alexander Reelsen 4360cccad7 Watcher: Prevent NPE on chained input toXContent (elastic/elasticsearch#2776)
If a chained input was aborted with an exception, then toXContent ran
into a NPE instead of rendering.

Closes elastic/elasticsearch#2774

Original commit: elastic/x-pack-elasticsearch@a3795f2290
2016-07-12 09:33:32 +02:00
Ryan Ernst a2359d13f3 Add jar dependency on netty module
Original commit: elastic/x-pack-elasticsearch@f653855378
2016-07-11 23:57:08 -07:00
Ryan Ernst a9ace27107 Internal: Simplify creation of trial license
Currently each node monitors the cluster state for a license, and if it
does not find one, it sends a request to the master to generate a trial
license. However, the master node has this same logic. Since the master
node is the only thing that can change the cluster state, we know that
once some node becomes master, it will notice the lack of license,
generate a trial license, and send a cluster state update. The trigger
from every node telling the master to generate the trial license is not
needed.

This change removes the register_trial_license action that the non
master nodes used. It removes the need for the TransportService in the
LicensesService, which will help with deguicing.

Original commit: elastic/x-pack-elasticsearch@a71656847e
2016-07-11 22:37:23 -07:00
Ryan Ernst dd89a7b061 Remove guice from watcher http client and related classes.
This is the first deguicing for xplugins to use the new
createComponents(). The removal was very straightforward. One thing to
note is HttpAuthFactory only has one implementation (basic auth), but I
kept the registry and such for now. Also, HttpRequest.Parser is only
used in 2 tests, not at all in main code, it should probably be removed.

Original commit: elastic/x-pack-elasticsearch@839e7e4900
2016-07-11 18:05:33 -07:00