Modified pom.xml to do static analysis without Jenkins
'mvn -DskipTests=true -Pstatic clean compile site' to start analysis
The reports are at target/site/project-reports.html.
Original commit: elastic/x-pack-elasticsearch@ddec28e8d0
Two reasons for this:
1) automatically convert the _all to its matching indices, in the context of the current user is authorized for, instead of resolving wildcards and then throwing authorization exception because the wildcard exp matches indices that the user is not authorized for
2) this makes the wildcards resolution secure, meaning that there is a single place that resolve wildcards. If it happened in shield while authorizing and in core while actually executing the operation, there would be mismatches which would allow to execute operation on indices that the user is not authorized for, if they get created with the "right" timing.
Closeselastic/elasticsearch#54Closeselastic/elasticsearch#105
Original commit: elastic/x-pack-elasticsearch@a02c6fbccf
esvm is small commandline tool to start different cluster in a fast way.
This commit adds a preconfigured .esvmrc for starting a SSL enabled cluster
in no time.
All you need to do is to build the package and run
esvm shield
This starts a two node cluster with SSL enabled on HTTP and transport
Original commit: elastic/x-pack-elasticsearch@f701fd1134
If a user was created, but the user was not supplied roles on the commandline,
a bogus 'user:' was added to the roles file. This fix checks, if roles were
supplied when creating a user and only changes the roles file in that case.
Original commit: elastic/x-pack-elasticsearch@286951c016
In order to prevent confusion when starting up nodes (so they can join easily together)
and adding some usability connections are not denied by default on the server side.
Original commit: elastic/x-pack-elasticsearch@6ffe3a7df2
SSLConfig is split into SSLConfig and SSLTrustConfig.
OpenLdapTests and ActiveDirectory tests connect via TLS to EC2 instances.
Original commit: elastic/x-pack-elasticsearch@ea38e58dea
The authc service will now authenticate the user on the rest layer as well, meaning there will only be a single authentication process no matter what is then entry point to ES (for example, if a rest handler executes two internal requests... like some of the _cat APIs, there'll still be a single authentication process)
In addition, the audit logs will now log REST authentication failures such that the remote address and the rest endpoint will show up in the logs as well.
Original commit: elastic/x-pack-elasticsearch@07af440147
This fixes a bug when the UsernamePasswordToken is cached in the userContext and reused after it's cleared.
Original commit: elastic/x-pack-elasticsearch@9aab1d8530
SecuredString encapsulates handling of passwords and clearing them when done. This change
includes changing everywhere passwords are used. After authentication the authentication service will
clear the token - which will clear the password. This avoids using any passwords in String objects.
This also adds commentary to BCrypt to show how it changed from the original external resource. It moves utility methods to CharArrays.
Original commit: elastic/x-pack-elasticsearch@d0ffbae5c8