Commit Graph

576 Commits

Author SHA1 Message Date
jaymode 154b10e901 add the ability to run as another user
This change adds a new permission that allows authorized users to execute a request as
another user. The flow is as follows:

1. The user making the request is authenticated
2. The user that is being impersonated is looked up
3. The requesting user is authorized for the privilege to run as the specified user
4. The impersonated user is then authorized for the given request

Additionally, the auditing has been updated to support this capability and indicates when a
user has been granted the ability to run as another user and then also indicates both the user
who is being impersonated and the requesting user when actions are granted/denied.

Closes elastic/elasticsearch#17

Original commit: elastic/x-pack-elasticsearch@00e5a6169b
2015-09-09 11:25:02 -04:00
Martijn van Groningen e7b338a077 test: added smoke test for the shield tribe node integration
Original commit: elastic/x-pack-elasticsearch@f7ab8b9044
2015-09-08 12:37:36 +02:00
uboness 533c14242f Bumped the version to 3.0.0-SNAPSHOT
Original commit: elastic/x-pack-elasticsearch@0771b3e589
2015-09-04 16:30:11 +02:00
Jason Tedor 77e74a9319 Add compare condition to handle arrays
This commit adds a new compare condition called “array_compare”. This
condition enables comparing a single resolved value to an array of
resolved values. The value can be compared for equality, non-equality,
and strict and non-strict ordering; the array compare condition will
evaluate to true if the value compares to true with respect to the
specified operator against all (“all”) or at least one (“some”) of the
values in the array specified by “array_path”. Each value in the array
can be resolved to a value using “path” (e.g., “array_path”:
“cx.payload.aggregations.some_field.buckets” and “path”: “doc_count”
would resolve each value in the buckets array to its “doc_count”).

Closes elastic/elasticsearch#345

Original commit: elastic/x-pack-elasticsearch@0d74b4dc11
2015-09-03 09:46:23 -04:00
Martijn van Groningen 067c2e0709 fix qa smoke tests
Original commit: elastic/x-pack-elasticsearch@b3a2e0bc38
2015-08-31 17:36:23 +02:00
jaymode 204bb2accb fix custom realm integration tests on windows
Original commit: elastic/x-pack-elasticsearch@d5a8722502
2015-08-21 14:08:43 -04:00
jaymode 8fd5fe7ed8 add the ability to register a custom authentication realms
This adds the extension points necessary to enable a user to write a elasticsearch plugin
that can integrate with Shield and add a custom authentication realm. For the most part,
the work here just exposes the existing interfaces we have been using for Realms and
factories to create realms. An additional interface was added to allow for a custom
authentication failure handler to be used. This was needed to support use cases like SSO
and Kerberos where additional headers may need to be sent to the user or a different
HTTP response code would need to be sent.

Relates to elastic/elasticsearch#24

Original commit: elastic/x-pack-elasticsearch@13442e5919
2015-08-21 10:39:05 -04:00
jaymode 7e552f393b fix all InetAddress forbidden apis and compile errors
This commit also fixes test shard routing compilation error and disables local address check in
the Shield IPFilter. This will be addressed in a followup, see elastic/elasticsearch#487

Original commit: elastic/x-pack-elasticsearch@984df0b131
2015-08-21 09:22:57 -04:00
Ryan Ernst 2b5cb6b9f2 Fix compile after removal of apache commons and refactoring of plugin api
Original commit: elastic/x-pack-elasticsearch@5171192d16
2015-08-18 15:35:01 -07:00
David Pilato 5899dc5f46 [maven] fix build issues with artifactId renaming
Related to elastic/elasticsearch#450

Original commit: elastic/x-pack-elasticsearch@d84fc8e85f
2015-08-18 17:29:09 +02:00
David Pilato 7b10f36775 [maven] rename artifactIds from `elasticsearch-something` to `something`
When https://github.com/elastic/elasticsearch/pull/12879 will be merged, this commit should be merged as well.

```
[INFO] Reactor Summary:
[INFO]
[INFO] Elasticsearch Commercial Plugin Build Resources .... SUCCESS [  0.228 s]
[INFO] Elasticsearch X-Plugins - Parent POM ............... SUCCESS [  0.282 s]
[INFO] X-Plugins: License: Parent POM ..................... SUCCESS [  0.089 s]
[INFO] X-Plugins: License: Core ........................... SUCCESS [  0.118 s]
[INFO] X-Plugins: License: Licensor ....................... SUCCESS [  0.150 s]
[INFO] X-Plugins: License: Plugin API ..................... SUCCESS [  0.106 s]
[INFO] X-Plugins: License: Plugin ......................... SUCCESS [  0.112 s]
[INFO] X-Plugins: Shield .................................. SUCCESS [  0.234 s]
[INFO] X-Plugins: Watcher ................................. SUCCESS [  0.264 s]
[INFO] X-Plugins: Marvel .................................. SUCCESS [  0.113 s]
[INFO] QA: Parent POM ..................................... SUCCESS [  0.097 s]
[INFO] QA: Smoke Test X-Plugins ........................... SUCCESS [  0.107 s]
[INFO] QA: Shield core REST tests ......................... SUCCESS [  0.093 s]
[INFO] QA: Smoke Test Watcher's Shield integration ........ SUCCESS [  0.109 s]
```

Original commit: elastic/x-pack-elasticsearch@e9871261cf
2015-08-18 13:55:11 +02:00
Martijn van Groningen d7665293cb Changed pom version to 2.1.0-SNAPSHOT
as ES core does in its master branch

Original commit: elastic/x-pack-elasticsearch@fc9b1a7327
2015-08-17 13:44:33 +02:00
jaymode 002c0282cc skip deployment of dev tools and qa modules when deploying publicly
Closes elastic/elasticsearch#433

Original commit: elastic/x-pack-elasticsearch@3f0f7fda4f
2015-08-14 13:53:16 -04:00
Adrien Grand 06d84f00e4 Tests: Move Shield "run core REST tests" to qa.
Close elastic/elasticsearch#404

Original commit: elastic/x-pack-elasticsearch@1250e1449e
2015-08-14 11:18:11 +02:00
uboness c4e213fc92 Updated version to 2.0.0-SNAPSHOT
Original commit: elastic/x-pack-elasticsearch@8fb8035596
2015-08-13 00:05:11 +02:00
Adrien Grand 268860be7b Disable Shield ssl tests until openssl is available on the Windows build machines.
Original commit: elastic/x-pack-elasticsearch@777375bb94
2015-08-12 17:00:20 +02:00
Martijn van Groningen 583799d3e7 applied feedback
Original commit: elastic/x-pack-elasticsearch@9042427219
2015-08-12 14:11:46 +02:00
Martijn van Groningen ca8a7bb262 added watcher+shield qa rest tests
only run watcher rest tests during verify phase
never run the rest tests with shield enabled, because that is now tested in the new qa module
removed the disabled license watcher rest tests, because the disabled license use case is already tested by the LicenseIntegrationTests
enabled the getting started rest test

Closes elastic/elasticsearch#403

Original commit: elastic/x-pack-elasticsearch@67f0f7f596
2015-08-12 14:11:45 +02:00
Adrien Grand cd5169745d Tests: Smoke tests with SSL enabled.
We should smoke test our plugins with ssl enabled to make sure that plugins
still work together and eg. Marvel still manages to export stats.

Close elastic/elasticsearch#402

Original commit: elastic/x-pack-elasticsearch@3bb7c2b96c
2015-08-12 14:04:49 +02:00
Adrien Grand 2842898c1c Build: cut over to the new startup-elasticsearch syntax.
Original commit: elastic/x-pack-elasticsearch@29582a18b9
2015-08-11 18:54:08 +02:00
jaymode 0b4512582f fix integration test runs due to changes in core around argument definition
Original commit: elastic/x-pack-elasticsearch@af2a85cf91
2015-08-11 09:01:14 -04:00
Adrien Grand 12e9dcc684 Add Shield testing to qa/smoke-test-plugins.
Original commit: elastic/x-pack-elasticsearch@fbbc6cefda
2015-08-11 10:54:50 +02:00
Adrien Grand d3789db974 Build: Remove definition of `convert-plugin-name`.
Follow-up of elastic/elasticsearchelastic/elasticsearch#12765.

Original commit: elastic/x-pack-elasticsearch@f75538e87b
2015-08-11 10:38:29 +02:00
Adrien Grand 214dc6e5be Build: Fix artifactId of qa/smoke-test-plugins.
Original commit: elastic/x-pack-elasticsearch@c84753e933
2015-08-10 14:01:26 +02:00
Adrien Grand f7cee828e3 Build: Make the qa module extend the x-plugins artifact.
This way it will inherit the repositories definitions.

Original commit: elastic/x-pack-elasticsearch@5d6ee26596
2015-08-10 11:56:46 +02:00
Adrien Grand 2cd124d263 Add a skeleton for QA tests.
For now this just tries to install license, marvel and watcher, and then checks
that these plugins are listed in the node infos. I can do shield once I figure
out how to set it up for REST tests.

Original commit: elastic/x-pack-elasticsearch@8549f4bc5a
2015-08-10 10:55:58 +02:00