Commit Graph

727 Commits

Author SHA1 Message Date
jaymode a58ed3ed32 security: rename /authenticate /_authenticate
We use the _ to indicate actions in endpoint names. It appears that the _authenticate API was
incorrectly removed in elastic/elasticsearch#2174. This adds it back.

Original commit: elastic/x-pack-elasticsearch@0a0b85d05a
2016-05-31 12:37:07 -04:00
jaymode fbeda210ae test: add logging to randomly failing IndexAuditIT
Original commit: elastic/x-pack-elasticsearch@3abd1ec0b5
2016-05-31 12:22:26 -04:00
jaymode 8d6b279bf2 test: catch socketexception which may also be thrown
We need to catch SocketException as this can be thrown during the handshake we expect
to fail if the server closes the socket during the handshake.

Closes elastic/elasticsearch#2378

Original commit: elastic/x-pack-elasticsearch@45c4b93ab6
2016-05-31 10:29:31 -04:00
Alexander Reelsen 0aec22d0ca Tests: Add shrink action to known actions
Original commit: elastic/x-pack-elasticsearch@a3f583c11b
2016-05-31 11:46:07 +02:00
Boaz Leskes fc5edc242d add assertBusy to testEmptyGetLicense as trial license is added async
Original commit: elastic/x-pack-elasticsearch@8dea3c54f9
2016-05-31 09:49:17 +02:00
jaymode 2a7e2a6cd6 security: add a built in kibana_user role
This commit adds a `kibana_user` role that can be used to grant the minimum
set of privileges necessary to access kibana.

Closes elastic/elasticsearch#2166

Original commit: elastic/x-pack-elasticsearch@00e129e342
2016-05-27 07:18:14 -04:00
Alexander Reelsen 28f89314cb Watcher: Fix certain chained input usages not written to history
If a chained input was used, and inside of this a search input was
used, that hat dots in its field names somewhere (like when sorting
or using a compare condition), then storing this in the history failed.

The reason for this was the broken watch history template, that did not take
nested requests bodies into account and thus tried to create an index mapping
for requests that were inside of a chained input.

This commit fixes the watch history index template.

Closes elastic/elasticsearch#2338

Original commit: elastic/x-pack-elasticsearch@d9f48234d3
2016-05-27 10:19:52 +02:00
Boaz Leskes 16d7f0c999 Introduce dedicated master nodes in testing infrastructure (elastic/elasticsearch#2314)
This is a companion commit to elastic/elasticsearchelastic/elasticsearch#18514, fixing issues introduced by adding dedicated master nodes to the test infra

Original commit: elastic/x-pack-elasticsearch@8c0571f2de
2016-05-27 08:45:54 +02:00
Robert Muir 21b2494c5b ScriptException -> GeneralScriptException (https://github.com/elastic/elasticsearch/pull/18600)
Original commit: elastic/x-pack-elasticsearch@0536fe9222
2016-05-26 17:51:46 -04:00
jaymode ab3438cbc4 test: IndexAuditTrailTests use the proper timestamp to resolve the index name
This changes the IndexAuditTrailTests to use the actual timestamp of the message being indexed to determine
the index name. Some build failures occurred due to running right at the change of an hour and the rollover was
set to hourly. So the message was indexed in one index and the test expected a different index.

Original commit: elastic/x-pack-elasticsearch@9dd5012a73
2016-05-26 09:47:59 -04:00
Alexander Reelsen 13f9c931b6 Release: Fix smoke test script to cope with latest changes in master
Original commit: elastic/x-pack-elasticsearch@0966d8b05f
2016-05-26 12:32:16 +02:00
Alexander Reelsen 72c3dbd3bc Watcher: Allow more tags for HTML sanitizer in tables (elastic/elasticsearch#2350)
This allows the colspan/rowspan attr on td/tr as well as
border/cellpadding attrs on table elements.

Original commit: elastic/x-pack-elasticsearch@e0b989f0ac
2016-05-26 11:10:31 +02:00
jaymode cc66740683 add back randomization of global/per realm SSL configuration
Original commit: elastic/x-pack-elasticsearch@8dedc9ad45
2016-05-25 13:47:07 -04:00
jaymode c248d7b5da security: remove auto ssl and disable transport ssl by default
This commit removes the code to auto generate a ssl certificate on startup and disables ssl
on the transport layer by default.

Original commit: elastic/x-pack-elasticsearch@1dc9b17842
2016-05-25 12:03:28 -04:00
Tanguy Leroux eec4ed90d2 Fix unclosed objects & arrays
Original commit: elastic/x-pack-elasticsearch@d4b317a9c6
2016-05-25 16:46:38 +02:00
Martijn van Groningen 47d83d37d8 test: remove percolator asserts
Original commit: elastic/x-pack-elasticsearch@52469798e2
2016-05-25 16:07:27 +02:00
Tanguy Leroux b25c401b3c Add integration test for Delete-By-Query and Security
Closes elastic/elasticsearch#2287

Original commit: elastic/x-pack-elasticsearch@4bbb2a6f73
2016-05-25 09:39:23 +02:00
Martijn van Groningen f44a3c4ced test: fixed compile issue
Original commit: elastic/x-pack-elasticsearch@233883531f
2016-05-24 21:47:14 +02:00
Areek Zillur 7d232e4133 Merge pull request elastic/elasticsearch#2259 from areek/fix/2231
Fix license expiry log message

Original commit: elastic/x-pack-elasticsearch@280ba28095
2016-05-24 13:21:25 -04:00
Areek Zillur c14f40ff73 Merge branch 'master' into fix/x_pack_prefix_license
Original commit: elastic/x-pack-elasticsearch@4f8abd3021
2016-05-24 12:12:37 -04:00
Areek Zillur 3794c3260a update smoke test to point to renamed license endpoint
Original commit: elastic/x-pack-elasticsearch@4a8fb3c86e
2016-05-24 11:37:11 -04:00
Areek Zillur 352cd80c2c Add _xpack prefix to license endpoints
Original commit: elastic/x-pack-elasticsearch@7af3ea2450
2016-05-24 11:15:25 -04:00
Martijn van Groningen 8e25536a0b test: removed checking for percolator actions
This api now just redirects to search api. All the special percolator logic has been replaced by a query that uses the Lucene index. (no caching of queries upon loading shards)
So verifying these deprecated actions is no longer needed

Original commit: elastic/x-pack-elasticsearch@da6d66fcb4
2016-05-24 14:30:53 +02:00
Martijn van Groningen 0fd936610a test: removed percolator api tests
This api now just redirects to search api. All the special percolator logic has been replaced by a query that uses the Lucene index. (no caching of queries upon loading shards)
So these special tests are no longer needed

Original commit: elastic/x-pack-elasticsearch@335d6554fb
2016-05-24 13:31:05 +02:00
uboness 9b11ae85d2 Fixed test
Original commit: elastic/x-pack-elasticsearch@9fe6158aa4
2016-05-24 01:23:08 +02:00
Ryan Ernst 045b255a05 Remove unnecessary use of return value for assertBusy
Original commit: elastic/x-pack-elasticsearch@79fd5fc5e6
2016-05-23 16:17:12 -07:00
jaymode 8e1a9603e3 security: add .reporting-* and s/.kibana/.kibana* access for the KibanaRole
This commit adds access to the reporting indices for the role that the Kibana server role has
access to. This needed so that the server can use the async queue. Additionally the kibana
server should have access to .kibana*

Closes elastic/elasticsearch#2323

Original commit: elastic/x-pack-elasticsearch@e930e9d872
2016-05-23 19:02:59 -04:00
Adrien Grand 6860944f07 Use Java's Base64 instead of elasticsearch's. elastic/elasticsearch#2282
Original commit: elastic/x-pack-elasticsearch@c2e748d732
2016-05-23 11:25:31 +02:00
Luca Cavanna a0f826c8ed fix xpack.usage api name and add a basic REST test for it (elastic/elasticsearch#2308)
There were two api with same name, depending on the platform one or the other was being loaded first, hence the xpack info tests may fail due to unsupported params being used.

Original commit: elastic/x-pack-elasticsearch@bd44eef3cc
2016-05-23 10:01:03 +02:00
uboness 80db81e320 Fix test
Closes elastic/elasticsearch#2313

Original commit: elastic/x-pack-elasticsearch@3729849cbe
2016-05-23 00:35:57 +02:00
uboness 12102f433d Separated the `elastic` user from the internal xpack user
Also,

- changed the anonymous username to `_anonymous` (used to be `__es_anonymous_user` which I found needlessly, overly, redundantly and not to mention unnecessarily complex 🤷)
- changed the system username and role name to `_system` (used to be `__es_system_user` and `__es_system_role`... it introduced gratuitous and totally un-called for naming complexity 🤦)

Closes elastic/elasticsearch#2079

Original commit: elastic/x-pack-elasticsearch@63b6de2bba
2016-05-22 23:42:19 +02:00
Boaz Leskes 1f6b401b9d awaitFix on OpenLdapTests.testUsageStats
Original commit: elastic/x-pack-elasticsearch@e077dc4449
2016-05-22 15:57:12 +02:00
Ryan Ernst b5dc201f5a Add thirdparty excludes for javax.activation classes
Original commit: elastic/x-pack-elasticsearch@d60891f56f
2016-05-21 22:42:15 -07:00
Ryan Ernst 7838304324 Add comment about added security permission
Original commit: elastic/x-pack-elasticsearch@0ef9337378
2016-05-21 15:19:12 -07:00
Ryan Ernst 09f6138b77 Merge branch 'master' into java9
Original commit: elastic/x-pack-elasticsearch@8a5736fcd5
2016-05-21 14:36:25 -07:00
Ryan Ernst f5bbe1858c Make java 9 work
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#18496
Most of the changes here are related to javax.activation.

Original commit: elastic/x-pack-elasticsearch@2a47f94ab5
2016-05-21 14:28:52 -07:00
Lee Hinman 5d93b51472 Fix compilation for ScriptMode removal
See: https://github.com/elastic/elasticsearch/pull/18502

Original commit: elastic/x-pack-elasticsearch@b0422d13df
2016-05-20 15:23:11 -06:00
uboness 27db7c40b1 addressed review comments
Original commit: elastic/x-pack-elasticsearch@01552f5e82
2016-05-20 13:11:41 +01:00
uboness 084179f457 Added security realm feature usage stats
- if active, `file` realm size
- if active, `native` realm size
- if active, `ldap` realm size, whether SSL is used, load balance type used, user search used
- if active, `active_directory` realm size, whether SSL is used, load balance type used

 `size` is scale estimation based on the local cache. Scales are: `small` (under 10 users), `medium` (under 50 users), `large` (under 250 users) and `x-large` (above 250 users).

Original commit: elastic/x-pack-elasticsearch@c6efb17aa4
2016-05-20 13:11:41 +01:00
uboness 9dbbfd09f8 Introducing infrastructure for feature usage API
- Each `XPackFeatureSet` can now return a `Usage` object that encapsulates the feature usage stats of the set
- A new `/_xpack/usage` REST API is introduced to access the usage stats of all features
- Intentionally not explicitly exposing the API in the `XPackClient` as this API is primarily meant for use by Kibana X-Pack (that said, it is still possible to call this API from the transport client using the `XPathUsageRequestBuilder`)
- For now the usage stats that are returned are minimal, once this infrastructure is in, we'll start adding more stats

Relates to elastic/elasticsearch#2210

Original commit: elastic/x-pack-elasticsearch@d651fe4b01
2016-05-20 13:11:41 +01:00
jaymode d552574016 test: set logger level differently after removal of support for es.* system properties
Original commit: elastic/x-pack-elasticsearch@fcaa9bbcff
2016-05-20 08:11:26 -04:00
jaymode 71b78579a1 test: ensure address is resolvable in CertUtilsTests#testSubjectAlternativeNames
We check for an expected length but this is only valid if the address can be resolved and on some systems
127.0.0.1 may not map to a name.

Original commit: elastic/x-pack-elasticsearch@2f7c8da242
2016-05-20 08:10:55 -04:00
Areek Zillur 26a07766f0 fix license notification test bug
Original commit: elastic/x-pack-elasticsearch@ec1257d3e1
2016-05-19 18:20:01 -04:00
Areek Zillur a2a267d68d Merge branch 'master' into fix/remove-license
Original commit: elastic/x-pack-elasticsearch@d5c6e64ced
2016-05-19 17:19:50 -04:00
Areek Zillur a2993810f9 Fix rest test to adapt to license removal behaviour
Now we explicitly install a license in rest test cluster

Original commit: elastic/x-pack-elasticsearch@59cc837d0f
2016-05-19 17:15:04 -04:00
Jason Tedor ded4c2278c Remove settings and system properties entanglement
This commit removals the usage of system properties as settings from the
command scripts and the commands themselves.

Relates elastic/elasticsearch#2206

Original commit: elastic/x-pack-elasticsearch@b0a3b895b1
2016-05-19 14:09:49 -04:00
Tanguy Leroux 5161b540a9 Move unneeded log info messages to debug
closes  elastic/elasticsearch#2228, elastic/elasticsearch#2227

Original commit: elastic/x-pack-elasticsearch@558751c424
2016-05-19 17:28:20 +02:00
Ali Beyad d6179855bd Renamed AggregatorBuilder to AggregationBuilder, applying the changes to
x-plugins.

Closes elastic/elasticsearch#2263
Relates elastic/elasticsearch#18377

Original commit: elastic/x-pack-elasticsearch@6d1a698669
2016-05-19 09:28:53 -04:00
Chris Earle 87c085d857 Better approach to skipping license check for subprojects
Original commit: elastic/x-pack-elasticsearch@8624ab08cc
2016-05-19 02:41:03 -04:00
Chris Earle 93ca4db1ce Remove duped plugin application from Gradle script.
Original commit: elastic/x-pack-elasticsearch@6745b39c82
2016-05-19 02:20:55 -04:00
Chris Earle c94a326f1d Split monitoring smoke tests into separate smoke tests
There is a race condition between the smoke tests that get run because of the teardown conditions of
REST tests. By splitting them, we can avoid the unrealistic scenario/race condition.

Original commit: elastic/x-pack-elasticsearch@f95ae0e595
2016-05-19 02:08:33 -04:00
Areek Zillur 703dfda921 Merge branch 'master' into fix/remove-license
Original commit: elastic/x-pack-elasticsearch@1e84c8431d
2016-05-18 16:16:53 -04:00
Chris Earle ecf4c30979 Rename /_x-pack/monitoring/* to /_xpack/monitoring/*
This PR just drops the - in the existing REST API name by changing the base MonitoringRestHandler to extend
XPackRestHandler instead of BaseRestHandler directly, and using its URI_BASE.

Original commit: elastic/x-pack-elasticsearch@1bed2dba31
2016-05-18 13:26:00 -04:00
Jason Tedor 5bf3b7054c Fix compilation from FsInfo#<init> change in core
This commit fixes some test compilation issues due to upstream changes
in core that added I/O statistics on Linux.

Original commit: elastic/x-pack-elasticsearch@a0877aa0aa
2016-05-17 20:51:54 -04:00
Areek Zillur a134ec613d Merge pull request elastic/elasticsearch#2258 from areek/fix/2230
Fix license log message levels

Original commit: elastic/x-pack-elasticsearch@c1fe244dd8
2016-05-17 15:09:05 -04:00
Jonathan Budzenski 294a939d9d Merge pull request elastic/elasticsearch#2264 from jbudz/ui-kibana-mappings
monitoring: add kibana mappings

Original commit: elastic/x-pack-elasticsearch@c105aca8b8
2016-05-17 13:15:31 -05:00
Tanguy Leroux a8ed2fa69c Monitoring: Update REST/test namespace
Related to elastic/elasticsearch#1702

Original commit: elastic/x-pack-elasticsearch@6000fd4010
2016-05-17 09:35:25 +02:00
Chris Earle 18919115c1 Updating test to try to get it to actually run Monitoring. This should not have any effect, but the test passes locally 100% of the time and fails remotely 100% of the time...
Original commit: elastic/x-pack-elasticsearch@c3b16b8238
2016-05-16 18:41:26 -04:00
Jonathan Budzenski b469eef1a2 monitoring ui: change mappings double -> float
Original commit: elastic/x-pack-elasticsearch@6c7c166aec
2016-05-16 16:55:01 -05:00
Jonathan Budzenski 92a58c7c07 monitoring ui: update mappings, align agent version with elasticsearch version
Original commit: elastic/x-pack-elasticsearch@1a9a4fc96e
2016-05-16 15:30:56 -05:00
Jonathan Budzenski bf229d0090 monitoring ui: update mappings
Original commit: elastic/x-pack-elasticsearch@ae5703f10a
2016-05-16 15:21:58 -05:00
Areek Zillur 3ffe341f48 Fix license expiry log message
- change license expiration message from error to warn
 - start logging expiry message from 25 days instead of 30

closes elastic/elasticsearch#2231

Original commit: elastic/x-pack-elasticsearch@6c88066c1f
2016-05-15 21:00:11 -04:00
Areek Zillur 81e14c5617 Fix license log message levels
Now we log license expiry, invalid and grace message as warn and log license valid message as debug

closes elastic/elasticsearch#2230

Original commit: elastic/x-pack-elasticsearch@569c169136
2016-05-15 20:45:10 -04:00
Chris Earle 946cbfb997 Remove default index code from _x-pack/monitoring/_bulk
With the API no longer accepting {index}, we no longer need the code that supported it.

Original commit: elastic/x-pack-elasticsearch@5d0ae37caa
2016-05-14 15:10:04 -04:00
Chris Earle 73ba90b863 Disallow {index} being specified at the top level of _xpack/monitoring/_bulk
The general use case is to provide only the {type} to the bulk and even that may not be specified. However,
by setting it up as

/_x-pack/monitoring/{type}/_bulk
/_x-pack/monitoring/{index}/{type}/_bulk

it fails to properly recognize the {type} parameter because the PathTrie that gets generated sees two wildcards
at the same location and the last one specified wins -- {index}. As a result, it's impossible to only set the
{type} without making the PathTrie logic convoluted for a niche use case (a list to try instead of a single path).

his fixes the issue by removing the completely unused option: you can no longer specify {index} outside of
individual bulk indexing operations. If we see a need to bring it back, then we can add it as an API param, but
that is an unusual place for the index field and I do not expect it to be needed that frequently.

Original commit: elastic/x-pack-elasticsearch@40d0d05404
2016-05-13 18:12:04 -04:00
Robert Muir 91426062c1 update mock script engines to take name parameter
Original commit: elastic/x-pack-elasticsearch@c6c48eca39
2016-05-13 15:42:23 -04:00
Lee Hinman 2f43179dda Fix compilation for only one script language extension
Relates to https://github.com/elastic/elasticsearch/pull/18332

Original commit: elastic/x-pack-elasticsearch@32f0bd6c4f
2016-05-13 10:29:35 -06:00
Lee Hinman 91f2e94ac7 Fix scripting engines for singular type
Original commit: elastic/x-pack-elasticsearch@ed014cefc3
2016-05-13 09:29:37 -06:00
Lee Hinman fd6cf7d3d3 Register engines with a default of `ScriptMode.ON`
Original commit: elastic/x-pack-elasticsearch@d367b4028e
2016-05-13 09:29:37 -06:00
Lee Hinman 6e70856cf5 Fix Watcher tests for 'sandbox' option removal
Relates to https://github.com/elastic/elasticsearch/pull/18226

Original commit: elastic/x-pack-elasticsearch@b30d623dfb
2016-05-13 09:29:37 -06:00
Daniel Mitterdorfer a37cc72329 Exclude specific transport actions from request size limit check
Relates elastic/elasticsearchelastic/elasticsearch#17951

Original commit: elastic/x-pack-elasticsearch@07d2165643
2016-05-13 14:26:14 +02:00
Areek Zillur 01b3fc8768 Differentiate between null license and license tombstone in cluster state
Currently, license notification scheme treats no license (before trial license is auto-generated)
and a license tombstone in the cluster state in the same way. This caused a bug where licencees
were not notified of explicit license removal. Now, the notification scheme explicitly handles
license tombstone to notify the licensees and handles the case for no license in cluster state
as before.

Original commit: elastic/x-pack-elasticsearch@c90ec23398
2016-05-12 15:24:36 -04:00
uboness 06a0a9cbb5 [fix] Removing license did not update the Licensees
- Introduced a `MISSING` operation mode
- now when the license is removed (and a tombstone license is placed), the licensees get notified with a `MISSING` license status
- the monitoring, security and watcher licensees were updated

Original commit: elastic/x-pack-elasticsearch@650d940666
2016-05-12 15:24:36 -04:00
Tanguy Leroux 233c64e942 Monitoring: Fix cleaner tests
Some changes in elastic/x-pack@d13557c517 change the testIgnoreTimestampedIndicesInOtherVersions method and it now sometime fails.
 This commit revert the previous behavior of the test and ensures that at least 1 index is cleaned up/deleted in each test.

Original commit: elastic/x-pack-elasticsearch@3c6acb4ff8
2016-05-12 12:19:10 +02:00
Robert Muir 3a2cfabc4d use painless syntax improvements in watcher tests and docs
Original commit: elastic/x-pack-elasticsearch@27ef31efac
2016-05-11 21:24:43 -04:00
Chris Earle 5c9d18fc34 Adding {index} option for _xpack/monitoring/_bulk
This adds it so that a system can specify "_data" as the index to index into the
data index (without having to know its name). _Not_ supplying an index will use
the timestamped index. Any other index name (including wrong case) is invalid.

Original commit: elastic/x-pack-elasticsearch@6eeadfb3c8
2016-05-11 15:05:06 -04:00
Jason Tedor 6a3aef32d6 Switch scripts to use bash
This commit switches the command-line scripts to use bash instead of sh
so that we can take advantage of features that bash provides like
arrays.

Relates elastic/elasticsearch#2214

Original commit: elastic/x-pack-elasticsearch@826c10ef04
2016-05-10 15:07:04 -04:00
Yannick Welsch ee406e9c3f Use immutable ShardRouting
Relates to elastic/elasticsearchelastic/elasticsearch#17821

Original commit: elastic/x-pack-elasticsearch@92a9581327
2016-05-10 19:07:53 +02:00
markharwood e7b70794b6 Prefix Graph REST endpoint with _xpack. Partial fix for issue 1760
Original commit: elastic/x-pack-elasticsearch@53ceb1c20d
2016-05-10 13:45:07 +01:00
Adrien Grand 7a6025784d Use Versions.MATCH_ANY rather than NOT_SET now that NOT_SET is gone.
Original commit: elastic/x-pack-elasticsearch@14694aea60
2016-05-10 08:23:32 +02:00
Daniel Mitterdorfer 828b1902c5 Merge remote-tracking branch 'danielmitterdorfer/free-request-bytes'
Original commit: elastic/x-pack-elasticsearch@91867432c2
2016-05-09 16:01:21 +02:00
Tanguy Leroux 8f097d24e4 Mute XPackRestIT.test {p0=bulk/10_basic/Bulk indexing of monitoring data}
Original commit: elastic/x-pack-elasticsearch@e3a889222e
2016-05-09 13:27:54 +02:00
Daniel Mitterdorfer c5aa644048 Free bytes reserved on request breaker
With this commit we free all bytes reserved on the request circuit breaker.

Relates elastic/elasticsearchelastic/elasticsearch#18144

Original commit: elastic/x-pack-elasticsearch@3986436b8c
2016-05-09 11:22:42 +02:00
Chris Earle 68728e6bee Use Strict version check for VersionCompatibilityTests
This changes the loose usage of onOrBefore to equals so that when we add beta1, this test fails
again.

Original commit: elastic/x-pack-elasticsearch@fe4f2cbdf0
2016-05-06 15:08:40 -04:00
Chris Earle fd62b2308e Updating with ES-side abstract method addition
Original commit: elastic/x-pack-elasticsearch@0d075b433b
2016-05-06 12:26:10 -04:00
Chris Earle 080000a595 Updating with array changed to list.
Original commit: elastic/x-pack-elasticsearch@552227458f
2016-05-06 12:26:10 -04:00
Chris Earle ec0a4646ea Add Failure Details to every NodesResponse (x-plugins side)
Original commit: elastic/x-pack-elasticsearch@9ffb88caaf
2016-05-06 12:26:10 -04:00
Jason Tedor 35121bc206 Add handshake to list of known handlers for tests
This commit adds internal:transport/handshake to the list of known
handlers for tests.

Closes elastic/elasticsearch#2183

Original commit: elastic/x-pack-elasticsearch@c4b415367b
2016-05-06 09:17:44 -04:00
Tanguy Leroux 330e427f40 Monitoring: Add Points stats to node and index segments stats
Original commit: elastic/x-pack-elasticsearch@7df2538068
2016-05-06 10:10:25 +02:00
Adrien Grand 5db861d14b Remove generics from QueryBuilder.
Related to elastic/elasticsearchelastic/elasticsearch#18133.

Original commit: elastic/x-pack-elasticsearch@bd8ca4f061
2016-05-06 09:06:30 +02:00
Adrien Grand 22c4fb9a32 Make compilation pass.
Note: tests are still failing.

Original commit: elastic/x-pack-elasticsearch@827d129876
2016-05-06 09:05:45 +02:00
Areek Zillur bd04cc9d1f Extend tribe integ test infra to test on master and client nodes
Original commit: elastic/x-pack-elasticsearch@5826fb4161
2016-05-05 15:28:04 -04:00
Areek Zillur 3f0acdd70e refactor tribe integ tests to test monitoring transport actions
Original commit: elastic/x-pack-elasticsearch@4c8735d4a8
2016-05-05 15:28:04 -04:00
Areek Zillur f808b251b5 Disable monitoring transport and rest actions on tribe node
Original commit: elastic/x-pack-elasticsearch@a9d97b4f64
2016-05-05 15:27:45 -04:00
Areek Zillur d9e9f7dfd0 Disable licensing services and management APIs for tribe node
closes elastic/elasticsearch#1426

Original commit: elastic/x-pack-elasticsearch@d8a312b1b5
2016-05-05 15:10:05 -04:00
Alexander Reelsen 2cd7c74bc7 Security: Replace `_shield/` urls with `_xpack/security` (elastic/elasticsearch#2174)
This changes the security endpoints to _xpack/security, fixes the rest api spec to also use
the xpack.security prefix and adds documentation and tests.

Original commit: elastic/x-pack-elasticsearch@7977575f0e
2016-05-04 21:42:11 +02:00
Jason Tedor ed26294916 Fix HttpExporterTemplateTests from string split
This commit fixes an issue in HttpExporterTemplateTests caused by the
migration from Strings#splitStringToArray to String#split. Namely, the
previous would split a string like "/x/y/z/" into { "x", "y", "z" } but
the former will split this into { "", "x", "y", "z" }. This commit
modifies the test logic to respond to this change.

Original commit: elastic/x-pack-elasticsearch@c567b17180
2016-05-04 11:29:50 -04:00
Jason Tedor 5b12eef2d3 Fix ObjectPath#evalContext edge cases
This commit fixes an issue that was introduced in ObjectPath#evalContext
when refactoring from Strings#splitStringToArray to
String#split. Namely, the former would return an empty array when
receiving a null or empty string as input but the latter will NPE on a
null string and return an array containing the empty string on an empty
string input.

Original commit: elastic/x-pack-elasticsearch@2f509f9fa0
2016-05-04 11:21:58 -04:00
Christoph Büscher 357f0178e9 Adapt to changes in QueryShardContext
Original commit: elastic/x-pack-elasticsearch@36b97cac75
2016-05-04 16:42:52 +02:00
Jason Tedor 4a1591f2a8 Remove Strings#splitStringToArray
This commit replaces the uses of Strings#splitStringToArray in favor of
String#split as this method has been removed from core.

Relates elastic/elasticsearch#2175

Original commit: elastic/x-pack-elasticsearch@97ec094fa0
2016-05-04 10:39:05 -04:00
Alexander Reelsen a243647ea1 Watcher: Move urls from _watcher to _xpack/watcher
This moves the watcher base URL to _xpack/watcher. This includes
code, tests, rest-api-spec and the documentation.

Relates elastic/elasticsearch#1760

Original commit: elastic/x-pack-elasticsearch@0a44aec022
2016-05-04 09:39:47 +02:00
Alexander Reelsen 1aedda3627 X-Pack: Create notification module
In order to move things from watcher to x-pack this created a notification module in x-pack.
This also means that the HTTPClient was moved up and settings have changed from
`xpack.watcher.http` to just `xpack.http`.

Further things done:

* Move http under o.e.xpack.common
* Moved secret service to o.e.xpack.common, initializing in XpackPlugin
* Moved text template to o.e.xpack.common.text
* Moved http client initialization into xpack plugin
* Renamed xpack.watcher.encrypt_sensitive_data setting, moved into Watch class
* Moved script service proxy to common

Original commit: elastic/x-pack-elasticsearch@41eb6e6946
2016-05-04 08:53:29 +02:00
Daniel Mitterdorfer 7eebacc884 Disable HTTP compression by default when HTTPS is enabled.
With elastic/elasticsearchelastic/elasticsearch#7309 we enable HTTP compression by
default. However, this can pose a security risk for HTTPS
traffic (e.g. BREACH attack). Hence, we disable HTTP compression
by default again if HTTPS enabled (note that this still allows the
user to explicitly enable HTTP compression if they want to).

Relates elastic/elaticsearchelastic/elasticsearch#7309

Original commit: elastic/x-pack-elasticsearch@8da100c9a5
2016-05-03 08:54:57 +02:00
Alexander Reelsen 23ebbed95a Watcher: Expose HTTP response headers in payload
This exposes the headers (all lower-cased) in the payload, so
that the can be accessed in the conditions.

Closes elastic/elasticsearch#1560

Original commit: elastic/x-pack-elasticsearch@c9b08558fe
2016-05-02 15:06:38 +02:00
Alexander Reelsen 74edbe6332 Watcher: Refactoring, move to org.elasticsearch.xpack
This refactors the org.elasticsearch.watcher over to
org.elasticsearch.xpack.watcher

This also adds all watcher actions to the KnownActionsTests,
as watcher actions had not been taken care of until here.

Original commit: elastic/x-pack-elasticsearch@a046dc7c6a
2016-05-02 10:58:34 +02:00
jaymode 773876caee security: ssl by default on the transport layer
This commit adds the necessary changes to make SSL work on the transport layer by default. A large
portion of the SSL configuration/settings was re-worked with this change. Some notable highlights
include support for PEM cert/keys, reloadable SSL configuration, separate HTTP ssl configuration, and
separate LDAP configuration.

The following is a list of specific items addressed:

* `SSLSettings` renamed to `SSLConfiguration`
* `KeyConfig` and `TrustConfig` abstractions created. These hide the details of how `KeyManager[]` and `TrustManager[]` are loaded. These are also responsible for settings validation (ie keystore password is not null)
* Configuration fallback is changed. Previously any setting would fallback to the "global" value (`xpack.security.ssl.*`). Now a keystore path, key path, ca paths, or truststore path must be specified otherwise the configuration for that key/trust will fallback to the global configuration. In other words if you want to change part of a keystore or truststore in a profile you need to supply all the information. This could be considered breaking if a user relied on the old fallback
* JDK trusted certificates (`cacerts`) are trusted by default (breaking change). This can be disabled via a setting.
* We now monitor the SSL files for changes and enable dynamic reloading of the configuration. This will make it easier for users when they are getting set up with certificates so they do not need to restart every time. This can be disabled via a setting
* LDAP realms can now have their own SSL configurations
* HTTP can now have its own SSL configuration
* SSL is enabled by default on the transport layer only. Hostname verification is enabled as well. On startup if no global SSL settings are present and SSL is configured to be used, we auto generate one based on the default CA that is shipped. This process includes a best effort attempt to generate the subject alternative names.
* `xpack.security.ssl.hostname_verification` is deprecated in favor of `xpack.security.ssl.hostname_verification.enabled`
* added Bouncy Castle info to NOTICE
* consolidated NOTICE and LICENSE files

Closes elastic/elasticsearch#14
Closes elastic/elasticsearch#34
Closes elastic/elasticsearch#1483
Closes elastic/elasticsearch#1933
Addresses security portion of elastic/elasticsearch#673

Original commit: elastic/x-pack-elasticsearch@7c359db90b
2016-04-29 12:50:07 -04:00
markharwood 29b996ea1d Test fix - graph test occasionally failed to fail on all shards due to random nature of indexing. Tightened test class logic to deal with partial failures.
Original commit: elastic/x-pack-elasticsearch@b2dcdd7600
2016-04-29 14:45:15 +01:00
jaymode de48b2426b change how audit user is compared, do not setDaemon, test cleanup
This commit makes a few modifications to the IndexAuditTrail class:

* Use `InternalAuditUser#is` to determine if the principal is the auditor when we have a user
and simply compare `InternalAuditUser#NAME` when only a string principal is available
* Remove the `Thread#setDaemon` call in the QueueConsumer as this thread should be terminated
as part of the shutdown of the node

In terms of tests, there are some issues and changes to how we test certain aspects. The muted tests
were not accurate since the tests immediately checked for the existence of an index and did not poll or
wait and this operation is asynchronous so the index could be created after the exists request was
executed. These tests were removed and a new class was added to test the muted behavior. In these
tests we override the audit trails implementation of a queue, which will set a flag to indicate a message
has been added to the queue. This is a synchronous operation so it can be checked immediately.

The other tests in the IndexAuditTrail tests remain but a few changes have been made to the execution.

* ensureYellow is called for the index we expect to be created before searching for documents
* the remote cluster is only setup at the beginning of the suite rather than before every test to ensure
quicker execution
* the maximum number of shards has been reduced to three since we do not really need up to 10 shards
for a single document

Original commit: elastic/x-pack-elasticsearch@501b6ce9da
2016-04-29 09:08:10 -04:00
Alexander Reelsen 27f0a68a28 X-Pack Notification: Settings refactoring, removed 'service'
The service part is now obsolete with moving to `xpack.notification`.

Original commit: elastic/x-pack-elasticsearch@a7907f24a5
2016-04-29 09:02:36 +02:00
Ryan Ernst 4be1266616 Fix xpack rest test with new xpack info output (timestamp instead of date)
Original commit: elastic/x-pack-elasticsearch@ccb89481cf
2016-04-28 11:46:31 -07:00
Ryan Ernst 09a0276a56 Merge pull request elastic/elasticsearch#2123 from rjernst/build_info
Build: use jar metadata instead of expecting a properties file for xpack build info

Original commit: elastic/x-pack-elasticsearch@a7238cf527
2016-04-28 08:58:52 -07:00
jaymode c39b3ba2fc security: add the proper behavior for the standard license
This change adds the proper behavior for the standard license which is:

* authentication is enabled but only the reserved, native and file realms are available
* authorization is enabled

Features that are disabled:

* auditing
* ip filtering
* custom realms
* LDAP, Active Directory, PKI realms

See elastic/elasticsearch#1263

Original commit: elastic/x-pack-elasticsearch@920c045bf1
2016-04-28 09:33:57 -04:00
markharwood 077599b63f X-plugin tests - added testing for Standard licence in graph plugin. See https://github.com/elastic/x-plugins/issues/1263
Original commit: elastic/x-pack-elasticsearch@6773ead0fc
2016-04-28 13:51:43 +01:00
jaymode 91943318bf security: cleanup authentication service
This commit removes duplicated code in the authentication service by combining
the authentication logic for rest and transport requests. As part of this we no longer
cache the authentication token since we put the user in the context and serialize the
user.

Additionally we now pass the thread context to the AuthenticationFailureHandler to
restore access to the headers and context.

Original commit: elastic/x-pack-elasticsearch@79e2375a13
2016-04-28 07:59:16 -04:00
jaymode 4f7dad8da2 security: handle null values for full name and email
This commit adds logic so that we properly handle null tokens for full name and
email.

Closes elastic/elasticsearch#1887

Original commit: elastic/x-pack-elasticsearch@e03188c29f
2016-04-28 07:41:27 -04:00
Alexander Reelsen 917101f7a3 Smoke Testing: Add smoke tester for licensing
In order to prevent shipping of RCs with the wrong license, this
smoke tester downloads the internal RC, installs x-pack and puts
a license in there.

if putting is successful, we can be sure, we got the right license.

Closes elastic/elasticsearch#2087

Original commit: elastic/x-pack-elasticsearch@021d228e29
2016-04-28 08:47:31 +02:00
Ryan Ernst 4d1f4a244a Build: use jar metadata instead of expecting a properties file for xpack
build info

There are many other things that should be cleaned up around this (eg
XpackInfoResponse.BuildInfo should not exist, it is the exact same as
what XPackBuild has), but this change gets the build info output working
again.

closes elastic/elasticsearch#2116

Original commit: elastic/x-pack-elasticsearch@0730daf031
2016-04-27 13:33:42 -07:00
jaymode f4f156b351 test: add awaits fix to FLS field stats tests
See elastic/elasticsearch#2120

Original commit: elastic/x-pack-elasticsearch@fc7950bf65
2016-04-27 13:55:59 -04:00
Alexander Reelsen 5d53080a1f Watcher: Remove build based property creation (elastic/elasticsearch#2107)
There we still left over files from the clean up PR to not use
build properties for the watcher templates.

Relates elastic/elasticsearch#2040

Original commit: elastic/x-pack-elasticsearch@b838d92124
2016-04-26 17:54:27 +02:00
Alexander Reelsen 3bbe5916d1 Fix compilation issue
Original commit: elastic/x-pack-elasticsearch@803275d634
2016-04-26 14:03:19 +02:00
Alexander Reelsen 91242f3a98 Tests: Increase logging for tests for randomly failing tests
Relates elastic/elasticsearch#2090

Original commit: elastic/x-pack-elasticsearch@4051354f45
2016-04-25 17:46:09 +02:00
jaymode c7ad6b9872 test: add a simple test for reserved realm authentication
See elastic/elasticsearch#2089

Original commit: elastic/x-pack-elasticsearch@1bede0a206
2016-04-25 07:34:14 -04:00
Alexander Reelsen b47d161b9e X-Pack: Porting watcher notifications to xpack notifications (elastic/elasticsearch#2056)
This mainly moves packages over to the x-pack directory and renames the settings
from `xpack.watcher.actions.` to `xpack.notification.`

Moved services include pagerduty, hipchat, slack and email.

Closes elastic/elasticsearch#1998

Original commit: elastic/x-pack-elasticsearch@40c16fe123
2016-04-22 15:57:34 +02:00
Martijn van Groningen 358fa38cf6 test: fix id, script_lang mix up
Original commit: elastic/x-pack-elasticsearch@7c4a3152ba
2016-04-22 15:12:35 +02:00
Martijn van Groningen 4650592150 Remove LazyInitializable from ScriptServiceProxy
Closes elastic/elasticsearch#2062

Original commit: elastic/x-pack-elasticsearch@4eaf323158
2016-04-22 14:31:02 +02:00
Martijn van Groningen b9515357fa Migrated from indexed scripts to store scripts
Original commit: elastic/x-pack-elasticsearch@a0218f1c9e
2016-04-22 13:43:55 +02:00
Alexander Reelsen 276d5fbbca Watcher: Updated dependencies (elastic/elasticsearch#2064)
Updated okhttp and moved the jsr305 dependency into testing.
This required a minor change in tests using SSL, as otherwise
the security manager barfs, when the okhttp webserver tries
to load sun internal SSL based classes.

Original commit: elastic/x-pack-elasticsearch@77131589e0
2016-04-22 09:45:46 +02:00
Alexander Reelsen 12ff8853f0 Monitoring/Watcher: Load version of templates in a static way (elastic/elasticsearch#2040)
The old implementation was to use properties at build-time. This however did not work,
as the tests could not be run in the IDE. This has been removed of monitoring for some
time already, but needs to be removed from watcher as well.

This commit uses static variables and refactors the code a bit. First, there is a generic
TemplateUtils class, to be used in monitoring and watcher. Also the watcher code has been changed
to copy the needed variables into the template registry class instead of keeping it in the
WatcherModule.

This commit also includes some refactoring to remove the version parameter in marvel, was static anyway

Closes elastic/elasticsearch#1372

Original commit: elastic/x-pack-elasticsearch@fbfc22ea09
2016-04-22 09:26:40 +02:00
uboness df3bbd42b9 Changed the default output of X-Pack Info API
- by default the response includes all info - build, license, features + human descriptions.
- you can still control the output using `categories` and `human` parameters
- Added docs to this API

Original commit: elastic/x-pack-elasticsearch@85115495ec
2016-04-21 18:43:17 -07:00
Chris Earle a84347f711 Monitoring: Ignore NodesStatsResposne if no stats are returned
This avoids exceptional cases where node stats are not returned due to some concurrent modification.

Original commit: elastic/x-pack-elasticsearch@6f6b8ec393
2016-04-21 16:16:00 -04:00
Nik Everett 629c585fba Handle core removing <T> from Writeable
Original commit: elastic/x-pack-elasticsearch@34632c8a67
2016-04-21 13:00:57 -04:00
Nik Everett c4dc28e7f7 Remove the last readFrom from xpack
This the last Writeable#readFrom in xpack!

Original commit: elastic/x-pack-elasticsearch@5412160bdd
2016-04-21 10:13:10 -04:00
jaymode 8c8e33889c build: remove test dependencies from published pom file
See elastic/elasticsearch#2063

Original commit: elastic/x-pack-elasticsearch@3653368363
2016-04-21 09:27:12 -04:00
Nik Everett de6d3e1a72 Remove readFrom from xpack
Writeable#readFrom has become a method you just implement because
the interface requires it but the prefered way to actually do the
reading is a ctor that takes a StreamReader. readFrom just delegates
to the ctor. This removes readFrom entirely because it is not needed
anymore and is going away in core.

Relates to https://github.com/elastic/elasticsearch/issues/17085

Original commit: elastic/x-pack-elasticsearch@dd74db5ded
2016-04-21 07:58:51 -04:00
uboness 5c9d96211f Extended X-Pack Info API with Features Info
- introduced the "Feature Set" notion - graph, security, monitoring, watcher, these are all feature sets
- each feature set can be:
 - `available` - indicates whether this feature set is available under the current license
 - `enabled` - indicates whether this feature set is enabled (note that the feature set can be enabled, yet unavailable under the current license)
- while at it, cleaned up the main modules of watcher, security, monitoring and graph.

Original commit: elastic/x-pack-elasticsearch@5b3e19fe8c
2016-04-20 14:30:48 -07:00
Jay Greenberg 8af3f91eb5 Merge pull request elastic/elasticsearch#2044 from PhaedrusTheGreek/group_search_noattrs
Change some LDAP searches to NOATTRS to avoid unnecessary results

Original commit: elastic/x-pack-elasticsearch@60c41af5a6
2016-04-20 09:29:38 -04:00
jaymode 659439841e test: adapt to removal of setting
Original commit: elastic/x-pack-elasticsearch@5f195001b9
2016-04-19 14:31:06 -04:00
Nik Everett 28bb39955c Replace (read|write)Query with (read|write)NamedWriteable
(read|write)Query is going away.

Original commit: elastic/x-pack-elasticsearch@5ac3ded68e
2016-04-19 11:06:39 -04:00
PhaedrusTheGreek 962729bd3b Changed LDAP searches to NOATTRS in order to avoid returning unecessary
data in searches where only getDn() is done on results

Original commit: elastic/x-pack-elasticsearch@5ce64235a1
2016-04-19 10:47:27 -04:00
Martijn van Groningen e24d09b54e test: allow percolate api to fail when the percolator field can't be found
Original commit: elastic/x-pack-elasticsearch@3343c9dc3a
2016-04-19 14:11:53 +02:00
Alexander Reelsen 98feb695ff Tests: Fixing failing history transform tests after mapping changes
Original commit: elastic/x-pack-elasticsearch@b1b13c52b0
2016-04-19 13:56:50 +02:00
Martijn van Groningen 0c7dff4fa7 security: Deal with upstream percolator changes.
From now on, if field level security and percolator is used then the percolator field needs to be included in the allowed fields.

Original commit: elastic/x-pack-elasticsearch@7d39b5caf6
2016-04-19 11:23:04 +02:00
Daniel Mitterdorfer fb825d7fd3 Use underscore notation for field names
Relates elastic/elasticsearchelastic/elasticsearch#17800

Original commit: elastic/x-pack-elasticsearch@1f6022116c
2016-04-19 08:41:47 +02:00
Ryan Ernst 14df2663ae Replace more occurences of new String(CONSTANT) with CONSTANT
Original commit: elastic/x-pack-elasticsearch@339de6350f
2016-04-18 14:54:14 -07:00
Ryan Ernst 7275d48bbd Remove XContentBuilderString
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#17833

Original commit: elastic/x-pack-elasticsearch@2400192775
2016-04-18 14:37:17 -07:00
Ryan Ernst 74c9358bdf Merge pull request elastic/elasticsearch#2029 from rjernst/camelcase1
Simplify xcontentstring usages

Original commit: elastic/x-pack-elasticsearch@13fd6d0e6a
2016-04-18 14:36:13 -07:00
Christoph Büscher e6bce6b36e Adapt to changes in core ES (elastic/elasticsearch#17417)
Original commit: elastic/x-pack-elasticsearch@2df6d5b27e
2016-04-18 15:33:25 +02:00
jaymode e66a6871c0 security: fix initialization of server sets in ldap session factories
The SessionFactory construction was calling the `ldapServers` method in the constructor,
which was fine for all of the session factories except for the ActiveDirectorySessionFactory.
The ActiveDirectorySessionFactory overrides the ldapServers method and use class variables
that are initialized in its constructor so the value was always null.

This change moves setup to an init method for objects that depend on variables set during
construction.

Closes elastic/elasticsearch#2011

Original commit: elastic/x-pack-elasticsearch@07c15ce171
2016-04-18 07:22:21 -04:00
Alexander Reelsen aa77646e3d Tests: Fixing xpack info tests
Even though HEAD is a possible method, this implies that no data is returned
and thus the tests fail randomly.

If HEAD should be added to the api it needs it's own API definition IMO.

Original commit: elastic/x-pack-elasticsearch@a216393f6b
2016-04-18 12:19:16 +02:00
Alexander Reelsen 99cff6f3b9 Watcher: Create module to test with painless scripting language
Also changed some documentation to use painless instead of groovy
to get people used to it.

Original commit: elastic/x-pack-elasticsearch@92a007cc0d
2016-04-18 09:14:31 +02:00