Commit Graph

54 Commits

Author SHA1 Message Date
Tim Brooks 5dbbe8fef8 Default to basic license at startup (elastic/x-pack-elasticsearch#3878)
This is related to elastic/x-pack-elasticsearch#3877. This commit modifies the license settings to
default to self generating a basic license.

Original commit: elastic/x-pack-elasticsearch@cd6ee8e06f
2018-02-12 12:57:04 -07:00
Ryan Ernst 7d71c3f1cc Build: Remove refs to x-pack-elasticsearch (elastic/x-pack-elasticsearch#3863)
These were removed before, but sql added a bunch of new hard references
to the project name.

Original commit: elastic/x-pack-elasticsearch@2eb156fd67
2018-02-07 20:50:12 -08:00
Nik Everett c53e1f4b1c SQL: More tests and docs for permissions (elastic/x-pack-elasticsearch#3679)
Adds tests for what works and what doesn't when we're missing some of
SQL's required permissions.

Adds required permissions to the documentation of each SQL access
method.

relates elastic/x-pack-elasticsearch#3552

Original commit: elastic/x-pack-elasticsearch@971dabb3b4
2018-02-01 17:20:44 -05:00
Costin Leau 07658cc04f SQL: replace JDBC transport meta columns with SQL call (elastic/x-pack-elasticsearch#3740)
Replace meta column endpoint with SYS COLUMNS command

Original commit: elastic/x-pack-elasticsearch@819874bc5b
2018-01-29 19:18:24 +02:00
Costin Leau e929d16d76 SQL: Replace ListTable transport with SQL command (elastic/x-pack-elasticsearch#3675)
Introduce system commands as alternative to meta HTTP endpoints
Pass in cluster name
Use 'BASE TABLE' instead of 'INDEX' when describing a table to stick
with the SQL terminology

Original commit: elastic/x-pack-elasticsearch@600312b8f7
2018-01-27 11:54:19 +02:00
Igor Motov de15f7123b Merge remote-tracking branch 'elastic/master' into feature/sql_2
Original commit: elastic/x-pack-elasticsearch@bbabfb1328
2018-01-23 15:41:59 -05:00
Igor Motov 6330209e7d Merge remote-tracking branch 'elastic/master' into feature/sql_2
Original commit: elastic/x-pack-elasticsearch@95cbd93803
2018-01-22 16:03:56 -05:00
Costin Leau e48589aa65 Fix CLI test
Original commit: elastic/x-pack-elasticsearch@8a31108b09
2018-01-18 22:33:47 +02:00
Costin Leau 1dd98eab83 SQL: Fix show tables as admin (elastic/x-pack-elasticsearch#3597)
Fix show tables as JDBC with security enabled
This commit fixes the test SqlSecurityTestCase.testShowTablesWorksAsAdmin to
skip over any indices/aliases that exist starting with `.security`.
Use value comparison instead of the result sets
Fix an offset bug while at it (columns start at 1 not 0)
Resolves elastic/x-pack-elasticsearch#3423

Original commit: elastic/x-pack-elasticsearch@6fffda6070
2018-01-18 16:13:01 +02:00
Igor Motov 9401569195 SQL: Adapt to compile and runtime Java home distinction
Relates elastic/x-pack-elasticsearch#3477

Original commit: elastic/x-pack-elasticsearch@5791617988
2018-01-16 14:53:49 -05:00
Igor Motov 12d4f10faa SQL: Switch JDBC to REST protocol (elastic/x-pack-elasticsearch#3543)
Replaces binary serialization protocol in JDBC driver with the common REST protocol.

relates elastic/x-pack-elasticsearch#3419

Original commit: elastic/x-pack-elasticsearch@532c106658
2018-01-16 13:26:06 -05:00
Igor Motov ce81a34467 SQL: Add jdbc mode to REST API (elastic/x-pack-elasticsearch#3499)
Adds a mode parameter to all SQL-related requests. The mode parameter is used for license checks as well as to define the response content. For now only two modes are supported plain (default) and jdbc. We will add other modes in the future as we add more clients.

Relates elastic/x-pack-elasticsearch#3419 

Original commit: elastic/x-pack-elasticsearch@b49ca38d4b
2018-01-10 09:41:36 -05:00
Costin Leau ba81321d0d SQL: Support aliases and indices pattern (elastic/x-pack-elasticsearch#3438)
Add support for aliases and indices pattern
Enhance ShowTable info to differentiate between aliases and indices
Add regex filtering of index names
Handle security exceptions (in case of no privileges or no matching)

Original commit: elastic/x-pack-elasticsearch@91e3674ca7
2018-01-06 23:08:16 +02:00
Igor Motov 178d6ca6b3 SQL: Move shared REST client methods to shared-client (elastic/x-pack-elasticsearch#3428)
* SQL: Move shared REST client methods to shared-client

This commit is a preliminary step for moving JDBC to the REST client. It extracts the common REST clients from CLI and moves it to shared-client. This will allow us to move to the 5 project setup: rest-proto, shared-client, server, jdbc, cli with the following dependencies:

server <-- rest-proto
shared-client <-- rest-proto
jdbc <-- shared-client
cli <-- shared-client

Relates to elastic/x-pack-elasticsearch#3419

Original commit: elastic/x-pack-elasticsearch@2e6a134de0
2017-12-28 11:10:18 -05:00
Igor Motov 292506526e Merge remote-tracking branch 'elastic/master' into feature/sql_2
Original commit: elastic/x-pack-elasticsearch@79e7b1b953
2017-12-27 21:46:00 -05:00
Igor Motov 3892da7a3d SQL: Suppress testShowTablesWorksAsAdmin() tests
These tests are relying on existence of an internal index that might or might not be present when we run this test.

Tracked by elastic/x-pack-elasticsearch#3423

Original commit: elastic/x-pack-elasticsearch@26a7795759
2017-12-26 12:53:21 -05:00
Costin Leau 5a25213db9 Update security tests
Original commit: elastic/x-pack-elasticsearch@732a4c5850
2017-12-23 15:44:27 +02:00
Lee Hinman 632c3e8238 SQL: Fix running `gradle run` from top-level directory (elastic/x-pack-elasticsearch#3329)
When running `gradle run` at the top level (at least with Gradle 4.4) it
attempts to run multiple instances of the server, causing the run to fail since
they can't both bind to 9200/9300.

This renames the tasks for the `qa` directories to be `runqa` and the task for
the `cli` directory to be `runcli`.

Original commit: elastic/x-pack-elasticsearch@734ab8e132
2017-12-15 08:42:18 -07:00
Costin Leau cdfe0f1f5a Revert "Revert "Merge branch 'feature/sql'""
This reverts commit elastic/x-pack-elasticsearch@cc79e19911.

We'll merge this when we're good and ready.

Original commit: elastic/x-pack-elasticsearch@b3ef4f2836
2017-12-13 10:19:31 -05:00
Costin Leau 2e60e831c0 Revert "Merge branch 'feature/sql'"
This reverts commit elastic/x-pack-elasticsearch@2b3f7697a5, reversing
changes made to elastic/x-pack-elasticsearch@b79f16673c.

We're backing out all of SQL.

Original commit: elastic/x-pack-elasticsearch@cc79e19911
2017-12-13 09:33:13 -05:00
Nik Everett 236f64a70e SQL: Fix SSL for JDBC and CLI for real this time (elastic/x-pack-elasticsearch#3277)
Previously I'd added tests for JDBC and CLI that I *thought* used SSL but they didn't! I wasn't careful...

Testing changes:
* Actually enable SSL/HTTPS in the `qa:sql:security:ssl` subproject.
* Rework how `RemoteCli` handles security. This allows us to configure SSL, the keystore, and the username and password in a much less error prone way.
* Fix up JDBC tests to properly use SSL.
* Allow the `CliFixture` to specify the keystore location.
* Switch `CliFixture` and `RemoteCli` from sending the password in the connection string to filling out the prompt for it.
* Have `CliFixture` also send the keystore password when a keystore is configured.

This makes the following production code changes:
* Allow the CLI to configure the keystore location with the `-k`/`-keystore_location` parameters.
* If the keystore location is configured then the CLI will prompt for the password.
* Allow the configuration of urls starting with `https`.
* Improve the exception thrown when the URL doesn't parse by adding a suppressed exception with the original parse error, before we tried to add `http://` to the front of it.

Original commit: elastic/x-pack-elasticsearch@97fac4a3b4
2017-12-11 15:45:34 -05:00
Igor Motov fab3712e3d SQL: Check connection on CLI startup (elastic/x-pack-elasticsearch#3278)
* SQL: Check connection on CLI startup

Adds a connection check at the CLI startup. If connection cannot be established or elasticsearch has incompatible version, the CLI doesn't start.

relates elastic/x-pack-elasticsearch#2984

Original commit: elastic/x-pack-elasticsearch@c9a58d2cd6
2017-12-11 10:00:00 -05:00
Igor Motov 5d0b8ff796 SQL: Rename Strings.splitStringByCommaToSet to tokenizeByCommaToSet
Relates elastic/x-pack-elasticsearch#3265

Original commit: elastic/x-pack-elasticsearch@8b06b0688b
2017-12-08 13:52:08 -05:00
Igor Motov b72a9b5674 SQL: switch from _sql/ endpoint to _xpack/sql endpoint (elastic/x-pack-elasticsearch#3270)
As a part of xpack, SQL should use _xpack/sql endpoint instead of _sql endpoint.

relates elastic/x-pack-elasticsearch#3114

Original commit: elastic/x-pack-elasticsearch@f561b57f16
2017-12-08 12:17:26 -05:00
Igor Motov 6839f99ed0 SQL: Switch CLI to core-cli's Command and make it testable (elastic/x-pack-elasticsearch#3232)
Switches CLI to use the standard Elasticsearch Command and refactors it to be more testable. It doesn't change any cli functionality except using the bright color while displaying query results.

relates elastic/x-pack-elasticsearch#2881, elastic/x-pack-elasticsearch#3203, elastic/x-pack-elasticsearch#2990

Original commit: elastic/x-pack-elasticsearch@841f306d50
2017-12-06 11:27:51 -05:00
javanna 08950ff491 Remove security filter, replaced by get index api call which returns filtered mappings
Given that we get now filtered mappings directly from the get index API (in case security is configured with FLS), we don't need the security filter nor the filtered catalog. That means we can remove the delayed action support also from AuthorizationService and rather make SQLAction a composite action like others. It will be authorized as an action, but its indices won't be checked while that will happen with its inner actions (get index and search) which need to be properly authorized.

Also, SQLGetIndicesAction is not needed anymore, as its purpose was to retrieve the indices access resolver put in the context by the security plugin for delayed actions, which are not supported anymore.

This commit kind of reverts elastic/x-pack-elasticsearch#2162, as it is now possible to integrate with security out-of-the-box

relates elastic/x-pack-elasticsearch#2934

Original commit: elastic/x-pack-elasticsearch@64d5044426
2017-12-06 13:58:17 +01:00
javanna 4e84a1d658 [TEST] update audit logging parsing
Original commit: elastic/x-pack-elasticsearch@041cb09e2b
2017-12-05 23:00:28 +01:00
Costin Leau 7cab29760d SQL: Introduce PreAnalyze phase to resolve catalogs async (elastic/x-pack-elasticsearch#2962)
SQL: Introduce PreAnalyze phase to resolve catalogs async

The new preanalyze phase collects all unresolved relations and tries
to resolve them as indices through typical async calls _before_ starting the analysis process.
The result is loaded into a catalog which is then passed to the analyzer.
While at it, the analyzer was made singleton and state across the engine
is done through SqlSession#currentContext().


Commit missing fix
Fix typo
Fix license
Fix line length
remove redundant static modifier
Remove redundant generics type
Rename catalogResolver instance member to indexResolver
Fix translate action to return a response through the listener, it hangs otherwise
IndexResolver improvements

Make sure that get index requests calls are locally executed by providing local flag.
Don't replace index/alias name with concrete index name in asCatalog response conversion. We need to preserve the original alias name for security, so it is reused in the subsequent search.
Update roles and actions names for security tests
Get index is now executed instead of sql get indices, and sql get indices has been removed.
Also made cluster privileges more restrictive to make sure that cluster state calls are no longer executed.
Fix most of the security IT tests
indices options are now unified, always lenient. The only situation where we get authorization exception back is when the user is not authorized for the sql action (besides for which indices).
Improve SessionContext handling
Fix context being invalid in non-executable phases
Make Explain & Debug command fully async
Resolve checkstyle error about redundant modifiers
Temporarily restore SqlGetIndicesAction

SqlGetIndicesAction action is still needed in RestSqlJdbcAction (metaTable and metaColumn methods), where we can't at the moment call IndexResolver directly, as security (FLS) needs index resolver to be called as part of the execution of an indices action. Once mappings are returned filtered, delayed action and the security filter will go away, as well as SqlGetIndicesAction.
SqlGetIndicesAction doesn't need to be a delayed action, my bad

[TEST] remove unused expectSqlWithAsyncLookup and rename expectSqlWithSyncLookup to expectSqlCompositeAction
Polish and feedback
Add unit test for PreAnalyzer

Original commit: elastic/x-pack-elasticsearch@57846ed613
2017-11-30 18:18:08 +02:00
Igor Motov 6fceb2fdde SQL: Fix more JDK vs Joda TZ issues (elastic/x-pack-elasticsearch#3137)
Adds a random timezone known to both JDK and Joda as a connection parameter to all JdbcIntegrationTestCase-based tests.

Original commit: elastic/x-pack-elasticsearch@6be6a3b69b
2017-11-29 19:15:29 -05:00
Nik Everett df802b40c8 SQL: Rework SSL testing (elastic/x-pack-elasticsearch#3126)
Drop the ssl tests against the java builtin https server. They were
failing and the failures were undebuggable. I still don't know what was
happening because you can't get any logging out of the server.

Add SSL tests against Elasticsearch because that is what actually needs
to work.

relates elastic/x-pack-elasticsearch#2870

Original commit: elastic/x-pack-elasticsearch@284cf7fb58
2017-11-27 18:52:16 -05:00
Igor Motov 5c88fa0b3b SQL: Add support for plain text output to /_sql endpoint (elastic/x-pack-elasticsearch#3124)
The /_sql endpoint now returns the results in the text format by default. Structured formats are also supported using the format parameter or accept header similar to _cat endpoints.

Original commit: elastic/x-pack-elasticsearch@4353793b83
2017-11-27 18:10:13 -05:00
Costin Leau 94d0a2d1ee Polishing for handling subtleties in the JDBC behavior: (elastic/x-pack-elasticsearch#2967)
1. decouple JdbcDriver from other classes to not trigger static
initialization (this happens through JDBC service discovery)
2. reduce visibility of JdbcDriver#close so only on jar unloading it
gets triggered
3. mark 3 methods introduced in Jdbc 4.1 as unsupported (their semantics
are somewhat weird)
4. Move versioning info in one class
5. Hook Version class in both JDBC entry points to perform cp sanity
checks
6. Remove JdbcDataSource#close (DebugLog are closed when the Driver gets
unloaded by the DriverManager) as there can be multiple instances of DS
but only one for Driver known by the DriverManager

Replace Strings with constants
Properly set TZ in security tests as well
JdbcDataSource is more defensive with its internal properties
JdbcConfiguration password parameter is aligned with JDBC DriverManager
Remove usage of JdbcConnection API
Removed JdbcConnection#setTimeZone - this encourages folks to use our
private API which would tie us down.
It is somewhat limiting for folks but it has less downsides overall and
does not trip debugging (which adds a proxy unaware of this method).
Update docs
Add JdbcDataSource into the Jdbc suite

Original commit: elastic/x-pack-elasticsearch@c713665d53
2017-11-15 00:29:41 +02:00
Igor Motov 6e9c83a7b5 SQL: fix the security index name in audit tests
Original commit: elastic/x-pack-elasticsearch@1155d24e24
2017-11-08 12:12:16 -05:00
Nik Everett 41284cae93 SQL: Fix the name of the indices lookup action (elastic/x-pack-elasticsearch#2840)
Fix the name of the action the SQL uses to lookup index information from
the cluster state. The old name was silly.

Original commit: elastic/x-pack-elasticsearch@805fb29662
2017-11-03 23:37:22 +00:00
Nik Everett 2b2bf89fb1 Fix broken SQL security test
Used the wrong user.

Original commit: elastic/x-pack-elasticsearch@334955fbfa
2017-11-01 21:48:46 -04:00
Nik Everett 33f4a8317c JDBC metadata integration with security (elastic/x-pack-elasticsearch#2806)
I realized that we weren't running our DatabaseMetaData tests. One thing led to another and I made these changes:
1. Got the DatabaseMetaData tests running in all three of our QA projects.
2. Fixed the SecurityCatalogFilter to work with `SqlGetIndicesAction`. It worked before, but only for requests that were a `SqlAction` as well as `SqlGetIndicesAction`.
3. Added security test for the JDBC DatabaseMetaData requests. These mirror exactly the security tests that we use for `SHOW TABLES` and `DESCRIBE` but cover the JDBC actions.

Original commit: elastic/x-pack-elasticsearch@7026d83c06
2017-10-30 23:22:12 +00:00
Nik Everett d933b1b48b Initial docs for SQL (elastic/x-pack-elasticsearch#2810)
Adds docs for the REST API, translate API, the CLI, and JDBC.

Next we need to add more example queries and documentation for our
extensions.

Original commit: elastic/x-pack-elasticsearch@ed6d1360d2
2017-10-30 17:23:27 +00:00
Nik Everett f92684c436 Fix SQL test
Original commit: elastic/x-pack-elasticsearch@14d07c2607
2017-10-27 17:38:34 -04:00
Nik Everett 3d0f57d976 Add remaining security tests (elastic/x-pack-elasticsearch#2797)
This adds all of the security tests I think SQL is going to need for the initial release. SQL is still missing an entire scenario though: SSL enabled. Either way, this removes some `NOCOMMIT`s in `qa/sql/security`. Adding the SSL testing can come later.

Original commit: elastic/x-pack-elasticsearch@851620b606
2017-10-26 17:23:35 +00:00
Nik Everett d7ab14ee54 Fix SQL security build's run config
Now it is the same as the integTest config agian. I should have done
this in elastic/x-pack-elasticsearch#2753 but I forgot.

Original commit: elastic/x-pack-elasticsearch@bbbb8b1dc7
2017-10-19 13:14:30 -04:00
Nik Everett 56ce29c6bf Security tests for SQL's CLI and JDBC (elastic/x-pack-elasticsearch#2770)
Add security tests for SQL's CLI and JDBC features. I do this by factoring out all the "actions" from the existing REST tests into an interface and implement it for REST, CLI, and JDBC. This way we can share the same audit log assertions across tests and we can be sure that the REST, CLI, and JDBC tests cover all the same use cases.

Original commit: elastic/x-pack-elasticsearch@82ff66a520
2017-10-19 17:13:31 +00:00
Nik Everett 770bc9516c Switch sql audit tests from index to the log file (elastic/x-pack-elasticsearch#2753)
This is *way* faster because we don't have to wait for the audit
events from previous test runs to drain into the index. And we
don't have to wait for the index's refresh cycle. We have to parse
the log lines which is a bit more brittle but it feels worth it
at this point.

Original commit: elastic/x-pack-elasticsearch@4b1758fc32
2017-10-14 12:27:51 +00:00
Nik Everett 69d1a5c5dd Give audit logs more time to show up in SQL tests
CI has been failing since we had to remove our tweaks to the audit
logging configuration due to
https://github.com/elastic/x-pack-elasticsearch/issues/2705

So we increase the timeout. The timeout is very very long, but it
seems like we need it for CI which is often slow.

Original commit: elastic/x-pack-elasticsearch@91a926a031
2017-10-12 13:53:09 -04:00
Nik Everett 69a326dd94 Fix CliErrorsIT in sql security tests
It was disabled because the CLI didn't work with security but
we've since fixed that so we can enable it.

Original commit: elastic/x-pack-elasticsearch@8d9b5ad89b
2017-10-12 12:42:13 -04:00
Nik Everett 852af7de57 Fix error handling in SQL's CLI (elastic/x-pack-elasticsearch#2730)
We weren't returning errors correctly from the server
or catching them correctly in the CLI. This fixes that
and adds simple integration tests.

Original commit: elastic/x-pack-elasticsearch@259da0da6f
2017-10-12 16:32:15 +00:00
Nik Everett 6478713304 Add support for username and password in SQL CLI (elastic/x-pack-elasticsearch#2718)
Add support for username and password in SQL CLI and adds tests that CLI works with security.

Original commit: elastic/x-pack-elasticsearch@39c8dbfc97
2017-10-12 15:55:29 +00:00
Nik Everett b02e569b38 Speed up audit log testing for SQL (elastic/x-pack-elasticsearch#2721)
SQL was cleaning up the audit logs *after* each test
but this switches it to cleaning up the audit logs
*before* each test. This is faster because we can
generate a lot of audit logs before the first test.

Original commit: elastic/x-pack-elasticsearch@71d8f76667
2017-10-10 16:48:37 -04:00
Nik Everett 9633b1d7bc Remove an @AwaitsFix on test in SQL (elastic/x-pack-elasticsearch#2719)
It has been fixed already, actually.

Original commit: elastic/x-pack-elasticsearch@46c8dacc50
2017-10-10 16:44:21 -04:00
Nik Everett 5239e49b75 Fix security tests
The security tests were broken because of
https://github.com/elastic/x-pack-elasticsearch/issues/2705
so this works around it.

Original commit: elastic/x-pack-elasticsearch@34f499d55e
2017-10-06 16:03:01 -04:00
Nik Everett c8e69b160e SQL: Fix build
Fix a few forgetten things from the validation change.

Original commit: elastic/x-pack-elasticsearch@807098dc6a
2017-09-28 16:57:58 -04:00