Commit Graph

4084 Commits

Author SHA1 Message Date
Joe Fleming 3ed10b073e Merge branch 'master' into reporting-fix/use-absolute-times
Original commit: elastic/x-pack-elasticsearch@176c3b72cc
2016-09-07 14:58:03 -07:00
Joe Fleming 0941589e53 Merge branch 'master' into reporting-fix/user-permissions
Original commit: elastic/x-pack-elasticsearch@df4e1e6ab5
2016-09-07 14:49:27 -07:00
Court Ewing 8bd16c0ee2 Merge pull request elastic/elasticsearch#3375 from epixa/3293-portselection
reporting: Improved phantom.js port selection

Original commit: elastic/x-pack-elasticsearch@2fdf3b3417
2016-09-07 17:43:18 -04:00
Joe Fleming 42833ddf55 Merge pull request elastic/elasticsearch#3377 from w33ble/reporting-fix/image-capture
Fix image capturing in Phantom

Original commit: elastic/x-pack-elasticsearch@0baf1a097d
2016-09-07 14:34:50 -07:00
Joe Fleming 4df7423ccb Merge branch 'master' into reporting-fix/use-absolute-times
Original commit: elastic/x-pack-elasticsearch@83684bb720
2016-09-07 14:10:20 -07:00
Lukas Olson 61e264b13d Merge pull request elastic/elasticsearch#3340 from lukasolson/fix/session-timeout-warning-system-api
Don't reset session timeout warning for system API calls

Original commit: elastic/x-pack-elasticsearch@6f66db1a74
2016-09-07 14:05:12 -07:00
Lukas Olson a1d8967d62 Merge branch 'master' into fix/session-timeout-warning-system-api
Original commit: elastic/x-pack-elasticsearch@13680956c4
2016-09-07 11:22:36 -07:00
Court Ewing 6d48cd5e23 Merge pull request elastic/elasticsearch#3338 from lukasolson/fix/remove-client-cookie
Don't store user information in cookie

Original commit: elastic/x-pack-elasticsearch@5a4c205e6b
2016-09-07 14:16:10 -04:00
Joe Fleming 38f87b59be Merge branch 'master' into reporting-fix/use-absolute-times
Original commit: elastic/x-pack-elasticsearch@bdc85eb9fb
2016-09-07 10:21:32 -07:00
Court Ewing aa7fc0aad3 Merge pull request elastic/elasticsearch#3343 from epixa/xsrfheader
Check new kbn-xsrf header in auth redirect

Original commit: elastic/x-pack-elasticsearch@3b74ae9e25
2016-09-07 13:01:53 -04:00
Alexander Reelsen 0f571685b9 Watcher: Fix proxy xcontent serialization (elastic/elasticsearch#3364)
Calling to xcontent in a HttpRequest, with a proxy enabled, lead to
serialization exceptions, resulting in failing to write the watch
history.

Closes elastic/elasticsearch#3334

Original commit: elastic/x-pack-elasticsearch@a04dff686c
2016-09-07 16:29:15 +02:00
Alexander Reelsen a296e31a7c Watcher: Ensure triggered watch is deleted on thread pool rejection (elastic/elasticsearch#3049)
This fixes a bug I found with a customer when he updated from 1.x to 2.x.
Due to an BWC incompatible change in the watch history mapping and a thread
pool rejection during execution a watch was not removed from the triggered
watches and tried to be executed again.

While trying to fix it it turned out that the execution of the failure
test case was still done in the transport thread and thus required some
offloading to another thread pool.

Original commit: elastic/x-pack-elasticsearch@df04ce31f2
2016-09-07 15:55:33 +02:00
Alexander Reelsen bb033f1e00 Watcher: Clear out WatchStore on watch index deletion (elastic/elasticsearch#2807)
If someone deletes the watch index (i.e. by deleting all indices), the watcher
in memory store still contains all the watches and tries to execute watches -
which results in exceptions as the watch itself cannot be updated anymore.

In order to minimize this problem (it cant be get rid of completely), we should
act accordingly if the watch index goes missing (either deleted or closed) and
clear out the memory representation of watches in the watchstore as well as trying
to finish all the current executions.

Closes elastic/elasticsearch#2794

Original commit: elastic/x-pack-elasticsearch@12d98cd566
2016-09-07 15:06:03 +02:00
Court Ewing f53fd02da0 Merge pull request elastic/elasticsearch#3305 from w33ble/reporting-fix/whitelisted-headers
Reporting fix/whitelisted headers

Original commit: elastic/x-pack-elasticsearch@2818f32098
2016-09-06 19:08:29 -04:00
Joe Fleming faf98b757c Merge pull request elastic/elasticsearch#3303 from w33ble/reporting-fix/wrap-json-parsing
Reporting fix/wrap json parsing

Original commit: elastic/x-pack-elasticsearch@2d2c3e8dbe
2016-09-06 15:43:33 -07:00
Joe Fleming 45dc0814d5 Merge pull request elastic/elasticsearch#3302 from w33ble/reporting-fix/date-pattern
Fix queue index pattern date

Original commit: elastic/x-pack-elasticsearch@9ab1f502d2
2016-09-06 15:41:58 -07:00
javanna ad5606d1f7 [TEST] don't use null script lang in WatcherUtilsTests
same as elastic/x-pack@9e1e0988c1 but for testSerializeSearchRequest this time.

Original commit: elastic/x-pack-elasticsearch@aa7e3814b6
2016-09-06 23:00:56 +02:00
Lukas Olson f48e4ecc95 Merge branch 'fix/remove-client-cookie' into fix/session-timeout-warning-system-api
Original commit: elastic/x-pack-elasticsearch@8588d10f93
2016-09-06 13:51:57 -07:00
Lukas Olson 528a61e372 Merge branch 'master' into fix/remove-client-cookie
Original commit: elastic/x-pack-elasticsearch@1768d14f1e
2016-09-06 13:51:38 -07:00
Lukas Olson 0036a7f620 Merge branch 'master' into fix/disabled-ui-select
Original commit: elastic/x-pack-elasticsearch@4d9812f2c2
2016-09-06 13:51:24 -07:00
Nik Everett edb8c12f75 Always use mustache language
Using a null language just defaults to painless which is wrong for
watcher.

Original commit: elastic/x-pack-elasticsearch@48bdc31695
2016-09-06 15:45:23 -04:00
Nik Everett 05222b0d3f Deal with ConcreteShardRequest
It exists now and the intercepters have to deal with it.

Original commit: elastic/x-pack-elasticsearch@fdef0578ed
2016-09-06 15:42:06 -04:00
Martijn van Groningen 36486a7993 Changes for PR: https://github.com/elastic/elasticsearch/pull/20310
Original commit: elastic/x-pack-elasticsearch@9db3d05274
2016-09-06 18:44:41 +02:00
jaymode 7965608add security: make control of logfile audit output consistent with index output
This change moves the logfile audit output from determining what to log based on the
logger level to a enum based configuration that is used by the index output.

A few notable changes were made:

* We alway log all the information we have except for the request body
* The request body is no longer logged by default for REST events; the user needs to
explicitly opt in as there could be sensitive data in the body
* Added a `realm_authentication_failed` event that separates overall authentication
failure from that of an individual realm

Original commit: elastic/x-pack-elasticsearch@343a2bcdd9
2016-09-06 10:50:33 -04:00
Nik Everett 89ce4ebb08 Fix remaining fractional TimeValue issues with watcher
Removes the remaining spots where watcher makes fractional TimeValues.

Closes elastic/elasticsearch#3231

Original commit: elastic/x-pack-elasticsearch@22b0d37ed3
2016-09-06 09:53:22 -04:00
jaymode cd9add5350 test: remove unnecessary verify check
Original commit: elastic/x-pack-elasticsearch@f748c0a565
2016-09-06 08:36:04 -04:00
jaymode 1e6a924e74 security: add support for disabling users
This change adds support for disabling users. Users can be disabled by setting the enabled
property to false and the AuthenticationService will check to make sure that the user is enabled.
If the user is not enabled, this will be audited as an authentication failure.

Also as part of this work, the AnonymousUser was cleaned up to remove having a static instance
that caused issues with tests.

Finally, the poller of users was removed to simplify the code in the NativeUsersStore. In our other
realms we rely on the clear cache APIs and the timeout of the user cache. We should have the
same semantics for the native realm.

Closes elastic/elasticsearch#2172

Original commit: elastic/x-pack-elasticsearch@0820e40183
2016-09-06 07:41:48 -04:00
Chris Earle ec008ec4a9 Looong lines
Original commit: elastic/x-pack-elasticsearch@8c7931c179
2016-09-05 19:05:28 -04:00
Chris Earle 5d5a9afb57 [Monitoring] Use Low Level REST Client for HTTP Exporter
This rewrites the HTTP Exporter to use the REST client underneath. Functionality is improved in resource blocking (templates and pipelines existing) and the majority of the code fundamentall simplified by removing direct HTTP calls.

This is blocked by the SSLService pull request. After that is merged, the I will update this PR to reflect those changes and it could possibly allow us to remove the security privileges required for monitoring.

Original commit: elastic/x-pack-elasticsearch@1ad25f17f8
2016-09-05 15:16:03 -04:00
Alexander Reelsen 41334abda0 Watcher: Reenabling HipChatServiceTests
The authentication token stopped working, deleted it and created a new one
on the hipchat web site. Tests are working now again.

Closes elastic/elasticsearch#3162

Original commit: elastic/x-pack-elasticsearch@a0623af799
2016-09-05 12:27:14 +02:00
Martijn van Groningen 09c7f534b3 added jdocs and rename
Original commit: elastic/x-pack-elasticsearch@8a97b420c1
2016-09-03 11:01:47 +02:00
Joe Fleming b0e4bbb553 Merge pull request elastic/elasticsearch#3304 from w33ble/reporting-fix/sidebar-width
Reporting fix/sidebar width

Original commit: elastic/x-pack-elasticsearch@b02b5bd296
2016-09-02 16:01:52 -07:00
Nik Everett 3c33879018 Mark OldWatchIndices test AwaitsFix
Is freaking out in CI.

Original commit: elastic/x-pack-elasticsearch@3ab43467ed
2016-09-02 18:31:19 -04:00
Martijn van Groningen 565f50dbe5 Remove custom parsing and toXContent logic from TextTemplate and delegate to the Script as much as possible
Original commit: elastic/x-pack-elasticsearch@6d23549dc1
2016-09-02 23:36:07 +02:00
Lukas Olson 1a99a400c6 Merge branch 'master' into fix/remove-client-cookie
Original commit: elastic/x-pack-elasticsearch@f701619f79
2016-09-02 10:11:15 -07:00
Tim Sullivan 33cdecd39e Merge pull request elastic/elasticsearch#3088 from tsullivan/monitoring-ui-phonehome-pivot-iii
Monitoring UI: Welcome Message and Phone Home Controls from Global DIRECTIVE Notification

Original commit: elastic/x-pack-elasticsearch@165d68b053
2016-09-02 09:43:39 -07:00
Nik Everett 203faaf4f4 2.x backwards compatibility support for watcher
Basic backwards compatibility support for watcher.

Closes elastic/elasticsearch#3230

Relates to elastic/elasticsearch#3231 - this actually should fix all the failures caused
by fractional time values but it does so by being able to parse them.
Being able to parse them is important for 2.x compatibility but 5.0
watches shouldn't produce fractional time values. This fixes the
particular way of making fractional time values mentioned in elastic/elasticsearch#3231
but I expect there are a half dozen more places to fix. The actual
watcher tests are fairly basic.

Original commit: elastic/x-pack-elasticsearch@328717455c
2016-09-02 09:24:46 -04:00
javanna 119bb67967 adapt to elastic/elasticsearch#20288: More info classes to implement Writeable rather than Streamable
Original commit: elastic/x-pack-elasticsearch@22cadf604d
2016-09-02 10:24:15 +02:00
Jack Conradson de4c776f0f Merge pull request elastic/elasticsearch#3272 from jdconrad/deprecate
Deprecate Groovy, Python, and Javascript

Original commit: elastic/x-pack-elasticsearch@e5c1d5a112
2016-09-01 16:30:25 -07:00
Chris Earle bb5ff7ab36 Fix test on Linux; setting name missing 'total.'
Original commit: elastic/x-pack-elasticsearch@de0183b3ef
2016-09-01 18:12:00 -04:00
Jack Conradson 670a57274a Merge branch 'master' into deprecate
Original commit: elastic/x-pack-elasticsearch@c9636bd3f1
2016-09-01 14:53:42 -07:00
Chris Earle 6d40cb63d0 [Monitoring] Collect IO Stats
This ensures that the data exists in 5.0.

Original commit: elastic/x-pack-elasticsearch@bc6e7931d1
2016-09-01 15:45:51 -04:00
Chris Earle b60e8aebd2 [Monitoring] Publish X-Pack Usage with Cluster Info
This publishes X-Pack usage data to the cluster info from the elected master node. This allows phone home to retrieve this data from the index, rather than fetching it live from the connected cluster (thereby not getting it from any n - 1 clusers that are not connceted).

Original commit: elastic/x-pack-elasticsearch@79bfaaaf0b
2016-09-01 15:38:54 -04:00
jaymode 2e010d52e9 security: do not allow built-in user/role names to be defined in the file realm
This change restricts built-in user/role names from passing validation when we are reading or modifying
the files used by this realm.

Closes elastic/elasticsearch#2078

Original commit: elastic/x-pack-elasticsearch@9f6b34f39d
2016-09-01 14:46:38 -04:00
jaymode 74f55bf46e security: add option to specify the certificate validity period
This commit adds the option to specify the number of days that a certificate is valid for.

Closes elastic/elasticsearch#2877

Original commit: elastic/x-pack-elasticsearch@fcf0a28321
2016-09-01 14:21:30 -04:00
jaymode 5d5bd015c0 add a PreBuiltXPackTransportClient
This change adds a transport client that comes preconfigured with the same plugins as the
PreBuiltTransportClient and also adds x-pack.

Closes elastic/elasticsearch#2970

Original commit: elastic/x-pack-elasticsearch@bb60534bd4
2016-09-01 13:49:10 -04:00
Jack Conradson 1d6d20679d Merge branch 'master' into deprecate
Original commit: elastic/x-pack-elasticsearch@afdfa26dc0
2016-09-01 08:52:34 -07:00
Chris Earle 6f115a532d [Monitoring] Remove "agent" package
This removes the "agent" package from org.elasticsearch.xpack.monitoring.agent.*, so that now everything is simply org.elasticsearch.xpack.monitoring.*.

Follow-on work will be refactoring some of the other code, but this is a first step now that it's always the agent (in effect).

Original commit: elastic/x-pack-elasticsearch@14025cb17c
2016-09-01 10:56:27 -04:00
jaymode ad9a7c9b96 Migrate xpack to use the common ssl configuration
This change migrates xpack (security, watcher, and monitoring) to use the common ssl
configuration for the elastic stack. As part of this work, several aspects of how we deal
with SSL has been modified.

From a functionality perspective, an xpack wide configuration for SSL was added and
all of the code that needs SSL uses the SSLService now. The following is a list of all
of the aspects of xpack that can have their own SSL configuration, which are separate
from the xpack wide configuration:

* Transport
* Transport profiles
* HTTP Transport
* Realms
* Monitoring Exporters
* HTTP Client

In terms of the code, some cleanups were made with these changes. SSLConfiguration is
now a concrete class and SSLConfiguration.Custom and SSLConfiguration.Global have been
removed. The validate method on key and trust configurations has been removed and these
classes will now throw exceptions when they are constructed with bad values. The
OptionalSettings helper class has been removed as it was just a file with one line functions
that made the code harder to understand. The SSL configuration and service classes have
been moved from the security source directories to the main xpack source set. The SSLService
now handles more of the configuration of the SSLEngine it returns to prevent callers from
having to handle those aspects. The settings that get registered for SSL have been moved to
XPackSettings.

Also included in this PR is a update to the docs around SSL. This includes a large simplification to
the documentation in that the certificate authority configuration section has been removed and the
process that is documented for generating certificates only includes the CLI tool that we bundle.

Closes elastic/elasticsearch#3104
Closes elastic/elasticsearch#2971
Closes elastic/elasticsearch#3164

Original commit: elastic/x-pack-elasticsearch@5bd9e5ef38
2016-09-01 10:51:41 -04:00
jaymode 54103127d0 fix line length
Original commit: elastic/x-pack-elasticsearch@caca0fc0b7
2016-09-01 09:37:05 -04:00