Commit Graph

40 Commits

Author SHA1 Message Date
Tim Vernum 33c29fb5a3
Support Client and RoleMapping in custom Realms (#50950)
Previously custom realms were limited in what services and components
they had easy access to. It was possible to work around this because a
security extension is packaged within a Plugin, so there were ways to
store this components in static/SetOnce variables and access them from
the realm, but those techniques were fragile, undocumented and
difficult to discover.

This change includes key services as an argument to most of the methods
on SecurityExtension so that custom realm / role provider authors can
have easy access to them.

Backport of: #50534
2020-01-14 15:26:41 +11:00
Rory Hunter c46a0e8708
Apply 2-space indent to all gradle scripts (#49071)
Backport of #48849. Update `.editorconfig` to make the Java settings the
default for all files, and then apply a 2-space indent to all `*.gradle`
files. Then reformat all the files.
2019-11-14 11:01:23 +00:00
Ioannis Kakavas 99aedc844d
Copy http headers to ThreadContext strictly (#45945) (#48675)
Previous behavior while copying HTTP headers to the ThreadContext,
would allow multiple HTTP headers with the same name, handling only
the first occurrence and disregarding the rest of the values. This
can be confusing when dealing with multiple Headers as it is not
obvious which value is read and which ones are silently dropped.

According to RFC-7230, a client must not send multiple header fields
with the same field name in a HTTP message, unless the entire field
value for this header is defined as a comma separated list or this
specific header is a well-known exception.

This commits changes the behavior in order to be more compliant to
the aforementioned RFC by requiring the classes that implement
ActionPlugin to declare if a header can be multi-valued or not when
registering this header to be copied over to the ThreadContext in
ActionPlugin#getRestHeaders.
If the header is allowed to be multivalued, then all such headers
are read from the HTTP request and their values get concatenated in
a comma-separated string.
If the header is not allowed to be multivalued, and the HTTP
request contains multiple such Headers with different values, the
request is rejected with a 400 status.
2019-10-31 23:05:12 +02:00
Ryan Ernst 7e06888bae
Convert testclusters to use distro download plugin (#44253) (#44362)
Test clusters currently has its own set of logic for dealing with
finding different versions of Elasticsearch, downloading them, and
extracting them. This commit converts testclusters to use the
DistributionDownloadPlugin.
2019-07-15 17:53:05 -07:00
Alpar Torok 717d14a7e2
Backport: convert x pack qa (#43763)
* Revert "Revert "Test clusters: convert x-pack qa tests (#43283)" (#43549)"

This reverts commit 8d9a971259.

* Fix failing test
2019-07-01 10:38:56 +03:00
Lee Hinman 8d9a971259
Revert "Test clusters: convert x-pack qa tests (#43283)" (#43549)
This reverts commit ccaa8c33ba.
2019-06-24 17:16:29 -06:00
Alpar Torok ccaa8c33ba Test clusters: convert x-pack qa tests (#43283) 2019-06-24 12:20:46 +03:00
Mark Vieira e44b8b1e2e
[Backport] Remove dependency substitutions 7.x (#42866)
* Remove unnecessary usage of Gradle dependency substitution rules (#42773)

(cherry picked from commit 12d583dbf6f7d44f00aa365e34fc7e937c3c61f7)
2019-06-04 13:50:23 -07:00
Jay Modi 7ca5495d86
Allow custom authorization with an authorization engine (#38358)
For some users, the built in authorization mechanism does not fit their
needs and no feature that we offer would allow them to control the
authorization process to meet their needs. In order to support this,
a concept of an AuthorizationEngine is being introduced, which can be
provided using the security extension mechanism.

An AuthorizationEngine is responsible for making the authorization
decisions about a request. The engine is responsible for knowing how to
authorize and can be backed by whatever mechanism a user wants. The
default mechanism is one backed by roles to provide the authorization
decisions. The AuthorizationEngine will be called by the
AuthorizationService, which handles more of the internal workings that
apply in general to authorization within Elasticsearch.

In order to support external authorization services that would back an
authorization engine, the entire authorization process has become
asynchronous, which also includes all calls to the AuthorizationEngine.

The use of roles also leaked out of the AuthorizationService in our
existing code that is not specifically related to roles so this also
needed to be addressed. RequestInterceptor instances sometimes used a
role to ensure a user was not attempting to escalate their privileges.
Addressing this leakage of roles meant that the RequestInterceptor
execution needed to move within the AuthorizationService and that
AuthorizationEngines needed to support detection of whether a user has
more privileges on a name than another. The second area where roles
leaked to the user is in the handling of a few privilege APIs that
could be used to retrieve the user's privileges or ask if a user has
privileges to perform an action. To remove the leakage of roles from
these actions, the AuthorizationService and AuthorizationEngine gained
methods that enabled an AuthorizationEngine to return the response for
these APIs.

Ultimately this feature is the work included in:
#37785
#37495
#37328
#36245
#38137
#38219

Closes #32435
2019-02-05 13:39:29 -07:00
Ryan Ernst 9a34b20233
Simplify integ test distribution types (#37618)
The integ tests currently use the raw zip project name as the
distribution type. This commit simplifies this specification to be
"default" or "oss". Whether zip or tar is used should be an internal
implementation detail of the integ test setup, which can (in the future)
be platform specific.
2019-01-21 12:37:17 -08:00
Jay Modi 2061eeb122
Remove use of AbstractComponent in xpack (#35394)
This commit removes the use of AbstractComponent in xpack where it was
still being extended. It has been replaced with explicit logger
declarations.

See #34488
2018-11-27 11:28:26 -07:00
Jay Modi faa9523d19
Remove deprecated constructor from failure handler (#35565)
The DefaultAuthenticationFailureHandler has a deprecated constructor
that was present to prevent a breaking change to custom realm plugin
authors in 6.x. This commit removes the constructor and its uses.
2018-11-14 17:04:33 -07:00
Tim Vernum 574ec6686e
Include realm type in Security Realm setting keys (#30241)
This moves all Realm settings to an Affix definition.
However, because different realm types define different settings
(potentially conflicting settings) this requires that the realm type
become part of the setting key.

Thus, we now need to define realm settings as:

    xpack.security.authc.realms:
      file.file1:
        order: 0

      native.native1:
        order: 1

- This is a breaking change to realm config
- This is also a breaking change to custom security realms (SecurityExtension)
2018-11-06 14:56:50 +11:00
Tal Levy c3cf7dd305 Merge remote-tracking branch 'upstream/master' into index-lifecycle 2018-11-01 10:13:02 -07:00
Nik Everett e28509fbfe
Core: Less settings to AbstractComponent (#35140)
Stop passing `Settings` to `AbstractComponent`'s ctor. This allows us to
stop passing around `Settings` in a *ton* of places. While this change
touches many files, it touches them all in fairly small, mechanical
ways, doing a few things per file:
1. Drop the `super(settings);` line on everything that extends
`AbstractComponent`.
2. Drop the `settings` argument to the ctor if it is no longer used.
3. If the file doesn't use `logger` then drop `extends
AbstractComponent` from it.
4. Clean up all compilation failure caused by the `settings` removal
and drop any now unused `settings` isntances and method arguments.

I've intentionally *not* removed the `settings` argument from a few
files:
1. TransportAction
2. AbstractLifecycleComponent
3. BaseRestHandler

These files don't *need* `settings` either, but this change is large
enough as is.

Relates to #34488
2018-10-31 21:23:20 -04:00
Tal Levy fbe8dc014c Merge branch 'master' into index-lifecycle 2018-10-16 13:58:53 -07:00
Jay Modi 0cd03d3581
Use RoleRetrievalResult for better caching (#34197)
Security caches the result of role lookups and negative lookups are
cached indefinitely. In the case of transient failures this leads to a
bad experience as the roles could truly exist. The CompositeRolesStore
needs to know if a failure occurred in one of the roles stores in order
to make the appropriate decision as it relates to caching. In order to
provide this information to the CompositeRolesStore, the return type of
methods to retrieve roles has changed to a new class,
RoleRetrievalResult. This class provides the ability to pass back an
exception to the roles store. This exception does not mean that a
request should be failed but instead serves as a signal to the roles
store that missing roles should not be cached and neither should the
combined role if there are missing roles.

As part of this, the negative lookup cache was also changed from an
unbounded cache to a cache with a configurable limit.

Relates #33205
2018-10-15 20:52:54 +01:00
Gordon Brown 454ce99b01 Merge branch 'master' into index-lifecycle 2018-08-29 08:28:23 -06:00
Jay Modi 1e11b05b58
Remove unused User class from protocol (#33137)
This commit removes the unused User class from the protocol project.
This class was originally moved into protocol in preparation for moving
more request and response classes, but given the change in direction
for the HLRC this is no longer needed. Additionally, this change also
changes the package name for the User object in x-pack/plugin/core to
its original name.
2018-08-28 08:55:29 -06:00
Gordon Brown 1f13c77b49 Merge branch 'master' into index-lifecycle 2018-08-23 11:52:59 -06:00
Nik Everett 2c81d7f77e
Build: Rework shadow plugin configuration (#32409)
This reworks how we configure the `shadow` plugin in the build. The major
change is that we no longer bundle dependencies in the `compile` configuration,
instead we bundle dependencies in the new `bundle` configuration. This feels
more right because it is a little more "opt in" rather than "opt out" and the
name of the `bundle` configuration is a little more obvious.

As an neat side effect of this, the `runtimeElements` configuration used when
one project depends on another now contains exactly the dependencies needed
to run the project so you no longer need to reference projects that use the
shadow plugin like this:

```
testCompile project(path: ':client:rest-high-level', configuration: 'shadow')
```

You can instead use the much more normal:

```
testCompile "org.elasticsearch.client:elasticsearch-rest-high-level-client:${version}"
```
2018-08-21 20:03:28 -04:00
Tal Levy c9de707f58 Merge branch 'master' into index-lifecycle 2018-08-16 08:41:57 -07:00
Jay Modi 1a45b27d8b
Move CharArrays to core lib (#32851)
This change cleans up some methods in the CharArrays class from x-pack, which
includes the unification of char[] to utf8 and utf8 to char[] conversions that
intentionally do not use strings. There was previously an implementation in
x-pack and in the reloading of secure settings. The method from the reloading
of secure settings was adopted as it handled more scenarios related to the
backing byte and char buffers that were used to perform the conversions. The
cleaned up class is moved into libs/core to allow it to be used by requests
that will be migrated to the high level rest client.

Relates #32332
2018-08-15 15:26:00 -06:00
Colin Goodheart-Smithe 20915a9baf
Merge branch 'master' into index-lifecycle
client/rest-high-level/src/main/java/org/elasticsearch/client/XPackClien
t.java
/Users/colings86/dev/work/git/elasticsearch/.git/worktrees/elasticsearch
-ilm/MERGE_HEAD

client/rest-high-level/src/main/java/org/elasticsearch/client/RestHighLe
velClient.java
client/rest-high-level/src/main/java/org/elasticsearch/client/XPackClien
t.java
client/rest-high-level/src/test/java/org/elasticsearch/client/IndexLifec
ycleIT.java
client/rest-high-level/src/test/java/org/elasticsearch/client/RestHighLe
velClientTests.java
client/rest-high-level/src/test/java/org/elasticsearch/client/WatcherIT.
java
client/rest-high-level/src/test/java/org/elasticsearch/client/documentat
ion/LicensingDocumentationIT.java
client/rest-high-level/src/test/java/org/elasticsearch/client/documentat
ion/WatcherDocumentationIT.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/Compiler.
java
modules/lang-painless/src/main/java/org/elasticsearch/painless/Def.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/FunctionR
ef.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/PainlessE
xplainError.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/ScriptCla
ssInfo.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/antlr/Enh
ancedPainlessLexer.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/Pa
inlessLookup.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/EExp
licit.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/EFun
ctionRef.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/EIns
tanceof.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/ELam
bda.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/ELis
tInit.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/EMap
Init.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/ENew
Array.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/ENew
Obj.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/ESta
tic.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/PCal
lInvoke.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/PFie
ld.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/PSub
ListShortcut.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/PSub
MapShortcut.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/SCat
ch.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/SDec
laration.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/SEac
h.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/SFun
ction.java
modules/lang-painless/src/main/java/org/elasticsearch/painless/node/SSub
EachIterable.java
modules/lang-painless/src/test/java/org/elasticsearch/painless/OverloadT
ests.java
modules/lang-painless/src/test/java/org/elasticsearch/painless/PainlessD
ocGenerator.java
modules/lang-painless/src/test/java/org/elasticsearch/painless/RegexTest
s.java
modules/lang-painless/src/test/java/org/elasticsearch/painless/node/Node
ToStringTests.java
rest-api-spec/src/main/resources/rest-api-spec/test/cluster.stats/10_bas
ic.yml
server/src/main/java/org/elasticsearch/action/admin/cluster/stats/Cluste
rStatsResponse.java
server/src/main/java/org/elasticsearch/action/admin/cluster/stats/Transp
ortClusterStatsAction.java
server/src/main/java/org/elasticsearch/action/bulk/TransportShardBulkAct
ion.java
server/src/main/java/org/elasticsearch/action/support/replication/Transp
ortReplicationAction.java
server/src/main/java/org/elasticsearch/index/engine/Engine.java
server/src/main/java/org/elasticsearch/index/engine/InternalEngine.java
server/src/main/java/org/elasticsearch/index/seqno/ReplicationTracker.ja
va
server/src/main/java/org/elasticsearch/index/shard/IndexShard.java
server/src/main/java/org/elasticsearch/index/shard/IndexShardOperationPe
rmits.java
server/src/main/java/org/elasticsearch/index/shard/PrimaryReplicaSyncer.
java
server/src/main/java/org/elasticsearch/index/shard/StoreRecovery.java
server/src/main/java/org/elasticsearch/index/translog/Translog.java
server/src/main/java/org/elasticsearch/indices/recovery/RecoverySourceHa
ndler.java
server/src/main/java/org/elasticsearch/indices/recovery/RecoveryTarget.j
ava
server/src/test/java/org/elasticsearch/action/bulk/TransportShardBulkAct
ionTests.java
server/src/test/java/org/elasticsearch/action/search/SearchAsyncActionTe
sts.java
server/src/test/java/org/elasticsearch/action/support/replication/Transp
ortReplicationActionTests.java
server/src/test/java/org/elasticsearch/action/support/replication/Transp
ortWriteActionTests.java
server/src/test/java/org/elasticsearch/cluster/routing/allocation/ShardS
tateIT.java
server/src/test/java/org/elasticsearch/index/replication/IndexLevelRepli
cationTests.java
server/src/test/java/org/elasticsearch/index/replication/RecoveryDuringR
eplicationTests.java
server/src/test/java/org/elasticsearch/index/seqno/ReplicationTrackerTes
ts.java
server/src/test/java/org/elasticsearch/index/shard/IndexShardOperationPe
rmitsTests.java
server/src/test/java/org/elasticsearch/index/shard/IndexShardTests.java
server/src/test/java/org/elasticsearch/index/shard/IndexingOperationList
enerTests.java
server/src/test/java/org/elasticsearch/index/shard/PrimaryReplicaSyncerT
ests.java
server/src/test/java/org/elasticsearch/index/translog/TranslogTests.java
server/src/test/java/org/elasticsearch/indices/recovery/RecoverySourceHa
ndlerTests.java
server/src/test/java/org/elasticsearch/indices/recovery/RecoveryTests.ja
va
server/src/test/java/org/elasticsearch/search/profile/query/QueryProfile
rIT.java
test/framework/src/main/java/org/elasticsearch/index/replication/ESIndex
LevelReplicationTestCase.java
test/framework/src/main/java/org/elasticsearch/index/shard/IndexShardTes
tCase.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/rollup/job
/MetricConfig.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/rollup/job
/RollupJobConfig.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/S
ecurityContext.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/U
serSettings.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/a
ction/user/AuthenticateResponse.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/a
ction/user/ChangePasswordRequestBuilder.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/a
ction/user/GetUsersResponse.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/a
ction/user/PutUserRequestBuilder.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/a
uthc/Authentication.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/a
uthc/AuthenticationResult.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/a
uthc/Realm.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/a
uthz/RoleDescriptor.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/a
uthz/accesscontrol/SecurityIndexSearcherWrapper.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/s
upport/MetadataUtils.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/u
ser/AnonymousUser.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/u
ser/BeatsSystemUser.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/u
ser/ElasticUser.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/u
ser/InternalUserSerializationHelper.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/u
ser/KibanaUser.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/u
ser/LogstashSystemUser.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/u
ser/SystemUser.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/u
ser/XPackSecurityUser.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/u
ser/XPackUser.java
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/rollup/Con
figTestHelpers.java
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/rollup/job
/MetricsConfigSerializingTests.java ->
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/rollup/job
/MetricConfigSerializingTests.java
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/a
uthz/accesscontrol/SecurityIndexSearcherWrapperUnitTests.java
x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitorin
g/collector/cluster/ClusterStatsMonitoringDocTests.java
x-pack/plugin/rollup/src/test/java/org/elasticsearch/xpack/rollup/Rollup
JobIdentifierUtilTests.java
x-pack/plugin/rollup/src/test/java/org/elasticsearch/xpack/rollup/Rollup
RequestTranslationTests.java
x-pack/plugin/rollup/src/test/java/org/elasticsearch/xpack/rollup/action
/SearchActionTests.java
x-pack/plugin/rollup/src/test/java/org/elasticsearch/xpack/rollup/config
/ConfigTests.java
x-pack/plugin/rollup/src/test/java/org/elasticsearch/xpack/rollup/job/In
dexerUtilsTests.java
x-pack/plugin/rollup/src/test/java/org/elasticsearch/xpack/rollup/job/Ro
llupIndexerIndexingTests.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/ac
tion/saml/TransportSamlLogoutAction.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/ac
tion/user/TransportAuthenticateAction.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/ac
tion/user/TransportGetUsersAction.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/ac
tion/user/TransportHasPrivilegesAction.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
dit/AuditTrail.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
dit/AuditTrailService.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
dit/index/IndexAuditTrail.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
dit/logfile/LoggingAuditTrail.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thc/AuthenticationService.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thc/esnative/NativeRealm.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thc/esnative/NativeUsersStore.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thc/esnative/ReservedRealm.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thc/esnative/UserAndPassword.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thc/file/FileRealm.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thc/file/FileUserPasswdStore.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thc/kerberos/KerberosRealm.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thc/ldap/LdapRealm.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thc/pki/PkiRealm.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thc/saml/SamlRealm.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thc/support/CachingUsernamePasswordRealm.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thz/AuthorizationService.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/au
thz/AuthorizedIndices.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/in
gest/SetSecurityUserProcessor.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/re
st/action/RestAuthenticateAction.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/re
st/action/user/RestChangePasswordAction.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/re
st/action/user/RestGetUsersAction.java
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/tr
ansport/ServerTransportFilter.java
x-pack/plugin/security/src/test/java/org/elasticsearch/integration/Clear
RealmsCacheTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/Se
curityContextTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/ac
tion/filter/SecurityActionFilterTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/ac
tion/interceptor/IndicesAliasesRequestInterceptorTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/ac
tion/interceptor/ResizeRequestInterceptorTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/ac
tion/saml/TransportSamlInvalidateSessionActionTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/ac
tion/saml/TransportSamlLogoutActionTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/ac
tion/user/TransportAuthenticateActionTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/ac
tion/user/TransportChangePasswordActionTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/ac
tion/user/TransportDeleteUserActionTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/ac
tion/user/TransportGetUsersActionTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/ac
tion/user/TransportHasPrivilegesActionTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/ac
tion/user/TransportPutUserActionTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/ac
tion/user/TransportSetEnabledActionTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
dit/AuditTrailServiceTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
dit/index/IndexAuditTrailMutedTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
dit/index/IndexAuditTrailTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
dit/logfile/LoggingAuditTrailFilterTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
dit/logfile/LoggingAuditTrailTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/AuthenticationServiceTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/RealmsTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/TokenServiceTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/UserTokenTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/esnative/NativeRealmIntegTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/esnative/NativeUsersStoreTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/esnative/ReservedRealmTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/file/FileRealmTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/file/FileUserPasswdStoreTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/kerberos/KerberosRealmAuthenticateFailedTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/kerberos/KerberosRealmCacheTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/kerberos/KerberosRealmTestCase.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/kerberos/KerberosRealmTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/ldap/ActiveDirectoryRealmTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/ldap/CancellableLdapRunnableTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/ldap/LdapRealmTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/pki/PkiRealmTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/support/CachingUsernamePasswordRealmTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thc/support/mapper/NativeRoleMappingStoreTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thz/AuthorizationServiceTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thz/AuthorizationUtilsTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thz/AuthorizedIndicesTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thz/IndicesAndAliasesResolverTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/au
thz/SecuritySearchOperationListenerTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/in
gest/SetSecurityUserProcessorTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/tr
ansport/SecurityServerTransportInterceptorTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/tr
ansport/ServerTransportFilterTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/us
er/AnonymousUserTests.java
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/us
er/UserTests.java ->
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/us
er/UserSerializationTests.java
x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/expression/f
unction/scalar/string/StringFunctionUtils.java
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/exec
ution/ExecutionServiceTests.java
x-pack/protocol/src/main/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/DefaultDetectorDescription.java
x-pack/protocol/src/main/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/DetectionRule.java
x-pack/protocol/src/main/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/Detector.java
x-pack/protocol/src/main/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/DetectorFunction.java
x-pack/protocol/src/main/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/FilterRef.java
x-pack/protocol/src/main/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/MlFilter.java
x-pack/protocol/src/main/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/Operator.java
x-pack/protocol/src/main/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/RuleAction.java
x-pack/protocol/src/main/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/RuleCondition.java
x-pack/protocol/src/main/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/RuleScope.java
x-pack/protocol/src/main/java/org/elasticsearch/protocol/xpack/ml/packag
e-info.java
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/u
ser/User.java ->
x-pack/protocol/src/main/java/org/elasticsearch/protocol/xpack/security/
User.java
x-pack/protocol/src/test/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/DetectionRuleTests.java
x-pack/protocol/src/test/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/DetectorTests.java
x-pack/protocol/src/test/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/FilterRefTests.java
x-pack/protocol/src/test/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/MlFilterTests.java
x-pack/protocol/src/test/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/RuleConditionTests.java
x-pack/protocol/src/test/java/org/elasticsearch/protocol/xpack/ml/job/co
nfig/RuleScopeTests.java
x-pack/protocol/src/test/java/org/elasticsearch/protocol/xpack/security/
UserTests.java
x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/Watch
erRestartIT.java
x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cl
uster/60_watcher.yml
x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_clus
ter/60_watcher.yml
x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded
_cluster/60_watcher.yml
x-pack/qa/security-example-spi-extension/src/main/java/org/elasticsearch
/example/realm/CustomRealm.java
x-pack/qa/security-example-spi-extension/src/test/java/org/elasticsearch
/example/realm/CustomRealmTests.java
x-pack/qa/security-migrate-tests/src/test/java/org/elasticsearch/xpack/s
ecurity/MigrateToolIT.java
2018-08-03 12:25:38 +01:00
Jay Modi eb3accb721 Security: move User to protocol project (#32367)
The User class has been moved to the protocol project for upcoming work
to add more security APIs to the high level rest client. As part of
this change, the toString method no longer uses a custom output method
from MetadataUtils and instead just relies on Java's toString
implementation.
2018-08-03 00:21:34 +03:00
Jason Tedor 5de236e1e7
Rename ILM, ILM endpoints and drop _xpack (#32564)
This commit does the following:
 - renames index-lifecycle plugin to ilm
 - modifies the endpoints to ilm instead of index_lifecycle
 - drops _xpack from the endpoints
 - drops a few duplicate endpoints
2018-08-02 13:05:11 -04:00
Tal Levy 73cdfaf07b Merge branch 'master' into index-lifecycle 2018-07-31 11:50:33 -07:00
Nik Everett 670630948b
Switch security spi example to new style Requests (#32341)
In #29623 we added `Request` object flavored requests to the low level
REST client and in #30315 we deprecated the old `performRequest`s. This
changes all calls in the `x-pack/qa/security-example-spi-extension`
project to use the new versions.
2018-07-30 18:07:49 -04:00
Tal Levy e523030670 Merge branch 'master' into index-lifecycle 2018-07-24 11:23:44 -07:00
Nik Everett e6b9f59e4e
Build: Shadow x-pack:protocol into x-pack:plugin:core (#32240)
This bundles the x-pack:protocol project into the x-pack:plugin:core
project because we'd like folks to consider it an implementation detail
of our build rather than a separate artifact to be managed and depended
on. It is now bundled into both x-pack:plugin:core and
client:rest-high-level. To make this work I had to fix a few things.

Firstly, I had to make PluginBuildPlugin work with the shadow plugin.
In that case we have to bundle only the `shadow` dependencies and the
shadow jar.

Secondly, every reference to x-pack:plugin:core has to use the `shadow`
configuration. Without that the reference is missing all of the
un-shadowed dependencies. I tried to make it so that applying the shadow
plugin automatically redefines the `default` configuration to mirror the
`shadow` configuration which would allow us to use bare project references
to the x-pack:plugin:core project but I couldn't make it work. It'd *look*
like it works but then fail for transitive dependencies anyway. I think
it is still a good thing to do but I don't have the willpower to do it
now.

Finally, I had to fix an issue where Eclipse and IntelliJ didn't properly
reference shadowed transitive dependencies. Neither IDE supports shadowing
natively so they have to reference the shadowed projects. We fix this by
detecting `shadow` dependencies when in "Intellij mode" or "Eclipse mode"
and adding `runtime` dependencies to the same target. This convinces
IntelliJ and Eclipse to play nice.
2018-07-24 11:53:04 -04:00
Tal Levy e9cd0556c1 Merge branch 'master' into index-lifecycle 2018-07-09 19:44:12 -04:00
Ioannis Kakavas db6b33978e
Configurable password hashing algorithm/cost (#31234)
Make password hashing algorithm/cost configurable for the 
stored passwords of users for the realms that this applies
(native, reserved). Replaces predefined choice of bcrypt with
cost factor 10.
This also introduces PBKDF2 with configurable cost
(number of iterations) as an algorithm option for password hashing
both for storing passwords and for the user cache.
Password hash validation algorithm selection takes into
consideration the stored hash prefix and only a specific number
of algorithnm and cost factor options for brypt and pbkdf2 are 
whitelisted and can be selected in the relevant setting.
2018-06-28 19:39:39 +03:00
Colin Goodheart-Smithe 9fd4f3f854
Merge branch 'master' into index-lifecycle 2018-06-13 13:41:17 +01:00
Jason Tedor 0bfd18cc8b
Revert upgrade to Netty 4.1.25.Final (#31282)
This reverts upgrading to Netty 4.1.25.Final until we have a cleaner
solution to dealing with the object cleaner thread.
2018-06-12 19:26:18 -04:00
Tal Levy 0541684df3 Merge branch 'master' into index-lifecycle 2018-06-11 17:20:05 -07:00
Jason Tedor 563141c6c9
Upgrade to Netty 4.1.25.Final (#31232)
This commit upgrades us to Netty 4.1.25. This upgrade is more
challenging than past upgrades, all because of a new object cleaner
thread that they have added. This thread requires an additional security
permission (set context class loader, needed to avoid leaks in certain
scenarios). Additionally, there is not a clean way to shutdown this
thread which means that the thread can fail thread leak control during
tests. As such, we have to filter this thread from thread leak control.
2018-06-11 16:55:07 -04:00
Tal Levy 1df6b6c65d Applying changes required for ILM after merge 2018-04-25 13:04:06 -07:00
Jason Tedor c7c0e330b8 Rename users
This commit renames users to elasticsearch-users.
2018-04-20 15:34:01 -07:00
Ryan Ernst fab5e21e7d Build: Split distributions into oss and default
This commit makes x-pack a module and adds it to the default
distrubtion. It also creates distributions for zip, tar, deb and rpm
which contain only oss code.
2018-04-20 15:33:57 -07:00
Ryan Ernst 2efd22454a Migrate x-pack-elasticsearch source to elasticsearch 2018-04-20 15:29:54 -07:00