Currently it first creates a scorer, then checks if the role bits are sparse,
and falls back to the bulk scorer if they are dense. The issue is that creating
scorers and bulk scorers is very expensive on some queries such as ranges,
prefix and terms queries. So it should rather check whether bits are sparse
first in order to decide whether to use the scorer or bulk scorer.
Original commit: elastic/x-pack-elasticsearch@067d630099
This change always serializes the version with the user so that we have this information
for times when we need to make changes and deal with serialization changes. We do this
in the authentication service because the user object is also serialized as part of the get
users response and the StreamInput there will have the appropriate version set on it already
and we do not need to add it in that case.
Closeselastic/elasticsearch#1747
Original commit: elastic/x-pack-elasticsearch@a7ceece09c
Adds debug logging to try to get more information about random failures in these
tests. Also cleans up some potential issues with the code that handled the stopping
of random ldap servers to test failure cases.
See elastic/elasticsearch#1542
Original commit: elastic/x-pack-elasticsearch@573b4161dd
These privileges no longer need to be defined as a custom privilege since the
code is now consolidated into a single plugin. This also changes the manage
cluster privilege to be an alias to the all privilege.
Original commit: elastic/x-pack-elasticsearch@a7f444c898
This commit renames the security actions to not use shield in their action names. This
also includes updating the privileges as well.
Original commit: elastic/x-pack-elasticsearch@10460dffdb
This commit adds support for the privilege naming defined in elastic/elasticsearch#1342 and removes the
support for the privileges that were deprecated in 2.3. This change also includes
updates to the documentation to account for the new roles format.
Original commit: elastic/x-pack-elasticsearch@98e9afd409
This commit remove the pre-existing file parsing code and replaces it with the updated
code in the RoleDescriptor class. This unifies the parsing for the files and API for roles.
Closeselastic/elasticsearch#1596
Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1
A lot of messages were being logged at the info level in the native user and roles
stores. This changes the logging to be more selective in the cases where the index
does not exist or the error is really an error and the user should be notified.
Closeselastic/elasticsearch#1339
Original commit: elastic/x-pack-elasticsearch@0bc0d9bf7a
As part of the search refactoring effort, we need to pass a Suggester
to the methods that parse X-Content to a SuggestBuilder in every
instance where we are parsing search/suggest requests.
Original commit: elastic/x-pack-elasticsearch@7f815c617a
Core reworked how it registered tasks status's with NamedWriteableRegistry
so it was more pluggable. It changed a few signatures and x-plugins needs
these small changes to keep compiling.
Original commit: elastic/x-pack-elasticsearch@3dcf1df152
Adds a check to the settings at startup to ensure that the security and audit indices are
allowed to be auto created if a user has disabled auto create explicitly.
Additionally fixes a small issue with the error message for watcher passing the incorrect
value.
Closeselastic/elasticsearch#1453
Original commit: elastic/x-pack-elasticsearch@2b0698ff19
If a user configures only custom realms and they are not licensed to use the custom realms then
we need to return our default realms. The default realms should be the esusers and esnative realms.
We were only returning the esusers realm previously.
Closeselastic/elasticsearch#1491
Original commit: elastic/x-pack-elasticsearch@3dc2b5d3a8
PutMappingRequest has a special case since it can come with one and only
one concrete index. In such a case we can't replace the indices list
with all authorized indices but should rather only check if the index
is authorized and otherwise fail the request.
Original commit: elastic/x-pack-elasticsearch@4ee20029e1
Also make logging message String constant to allow static checks
Relates to elastic/elasticsearchelastic/elasticsearch#16707
Original commit: elastic/x-pack-elasticsearch@b5bd423de4
The shield settings need to be copied down to the tribe nodes so that they are
aware of the shield configuration. Otherwise there will be issues such as SSL
not carrying over or authentication realms not being available.
Closeselastic/elasticsearch#702
Original commit: elastic/x-pack-elasticsearch@7bd7674f3e
This commit adds the logic to protect the user and roles index that we store locally
by restricting access to the internal XPack user. We need to do this in two places;
the first is when resolving wildcards and the other is when authorizing requests
made against specific indices.
Original commit: elastic/x-pack-elasticsearch@8ee0ce02db
When thinking about applications and the need to update a user, we should not need to
update the password of the user when making changes to things like roles, email, full
name, or metadata. This commit changes how we handle operations where the password
field is missing.
When the password field is missing, we try to execute an update. If the user exists, all
values for the user are updated except for the password field. If the user does not exist
and the password field is missing then a ValidationException is returned.
When the password field is present, we always issue an index request.
Closeselastic/elasticsearch#1492
Original commit: elastic/x-pack-elasticsearch@3d8a5f2db6
Adrien Grand
jaymode
Boaz Leskes
Martijn van Groningen
Lukas Olson
Simon Willnauer
Areek Zillur
Ali Beyad
Nik Everett
Yannick Welsch
David Pilato
Ryan Ernst
markharwood
Alexander Reelsen
Robert Muir
Tanguy Leroux