Added `shield.user` setting so that the clients won't need to go through the unnatural and tedious process of configuring the `Authorization` header directly (that also requires the user to applicat the base64(username:password) logic.
Now, the user can just set the following settings to bind a user to the client:
```yaml
shield.user: 'username:password'
```
Original commit: elastic/x-pack-elasticsearch@94be3abd92
- nuked TrailLicense
- Move license expiry enforcement logic to LicensesService
- clean up ESLicenseManager
- make notification scheduling logic as lazy as possible
- make sure to notify from cluster changed only if needed
- added tests for notification
Original commit: elastic/x-pack-elasticsearch@e31b682f41
* Using cluster state listener to clear alerts when .alerts index is removed. (when running on multiple nodes the .alerts index is scattered so indices listener doesn't work).
* Remove the starting / loading thread and move the initial loading to cluster state listener.
Original commit: elastic/x-pack-elasticsearch@b8f41db2ea
Enforcing means that cluster actions will not be evaluated (as a fallback) by Index permissions. This enables us to move what typically would be considered indices actions and put them under the cluster privileges (a good example for this are all the template management APIs... we want to enforce cluster admin privileges over them).
Original commit: elastic/x-pack-elasticsearch@ee870954f2
* Made use of IndicesLifecycle, to catch when the .alerts index gets deleted, so we can clear the alerts
* Moved to concurrent hashmap in favour over normal hashmap with synchronized blocks
Original commit: elastic/x-pack-elasticsearch@5599d01c78
This commit renames the alerting package to alerts and will create the
alerts index on addAlert if needed.
Original commit: elastic/x-pack-elasticsearch@7cd691bd9b
Also added a logstash configuration for simple performance
testing (useful for comparing different hash functions)
Original commit: elastic/x-pack-elasticsearch@c9f08fbb12
Now the passwords are hashed in-memory using SHA2 by default (instead of original bcrypt). Also, it's now possible to configure the in-memory hashing algorithm.
Original commit: elastic/x-pack-elasticsearch@e2d1b3116b
Now, there are two types of supported patters:
- wildcards (default) - simple wildcard match where `*` indicates zero or more characters and `?` indicates a single character (`\` can be used as an escape charachter)
- regular expressions - can be "enabled" by wrapping the pattern in `/` (e.g. `/foo.*/`). The regex syntax is based on lucene's regex syntax (not Java's Pattern).
Closeselastic/elasticsearch#253
Original commit: elastic/x-pack-elasticsearch@edd912122d
This lets the url be configured as a single element (the most likely usage) or as an array. This also checks that multiple urls are either all "ldaps", or all "ldap", as it is not possible to mix them.
Original commit: elastic/x-pack-elasticsearch@b5a94b1d35
The evalutation of the indices permission groups was wrong. Now, each index in the request is evaluated against all groups, such that:
1. for each index, at least one group must grant the request
2. all indices must be granted
Along the way, also changed the audit logs structures such that:
- moved the principal to "sit" next to the host
- now, if we're logging an indices request, we also log the related indices (this provides more context to the actual request)
Fixeselastic/elasticsearch#242
Original commit: elastic/x-pack-elasticsearch@95600d3148