Commit Graph

671 Commits

Author SHA1 Message Date
Areek Zillur 3ffe341f48 Fix license expiry log message
- change license expiration message from error to warn
 - start logging expiry message from 25 days instead of 30

closes elastic/elasticsearch#2231

Original commit: elastic/x-pack-elasticsearch@6c88066c1f
2016-05-15 21:00:11 -04:00
Areek Zillur 81e14c5617 Fix license log message levels
Now we log license expiry, invalid and grace message as warn and log license valid message as debug

closes elastic/elasticsearch#2230

Original commit: elastic/x-pack-elasticsearch@569c169136
2016-05-15 20:45:10 -04:00
Chris Earle 946cbfb997 Remove default index code from _x-pack/monitoring/_bulk
With the API no longer accepting {index}, we no longer need the code that supported it.

Original commit: elastic/x-pack-elasticsearch@5d0ae37caa
2016-05-14 15:10:04 -04:00
Chris Earle 73ba90b863 Disallow {index} being specified at the top level of _xpack/monitoring/_bulk
The general use case is to provide only the {type} to the bulk and even that may not be specified. However,
by setting it up as

/_x-pack/monitoring/{type}/_bulk
/_x-pack/monitoring/{index}/{type}/_bulk

it fails to properly recognize the {type} parameter because the PathTrie that gets generated sees two wildcards
at the same location and the last one specified wins -- {index}. As a result, it's impossible to only set the
{type} without making the PathTrie logic convoluted for a niche use case (a list to try instead of a single path).

his fixes the issue by removing the completely unused option: you can no longer specify {index} outside of
individual bulk indexing operations. If we see a need to bring it back, then we can add it as an API param, but
that is an unusual place for the index field and I do not expect it to be needed that frequently.

Original commit: elastic/x-pack-elasticsearch@40d0d05404
2016-05-13 18:12:04 -04:00
Robert Muir 91426062c1 update mock script engines to take name parameter
Original commit: elastic/x-pack-elasticsearch@c6c48eca39
2016-05-13 15:42:23 -04:00
Lee Hinman 2f43179dda Fix compilation for only one script language extension
Relates to https://github.com/elastic/elasticsearch/pull/18332

Original commit: elastic/x-pack-elasticsearch@32f0bd6c4f
2016-05-13 10:29:35 -06:00
Lee Hinman 91f2e94ac7 Fix scripting engines for singular type
Original commit: elastic/x-pack-elasticsearch@ed014cefc3
2016-05-13 09:29:37 -06:00
Lee Hinman fd6cf7d3d3 Register engines with a default of `ScriptMode.ON`
Original commit: elastic/x-pack-elasticsearch@d367b4028e
2016-05-13 09:29:37 -06:00
Lee Hinman 6e70856cf5 Fix Watcher tests for 'sandbox' option removal
Relates to https://github.com/elastic/elasticsearch/pull/18226

Original commit: elastic/x-pack-elasticsearch@b30d623dfb
2016-05-13 09:29:37 -06:00
Daniel Mitterdorfer a37cc72329 Exclude specific transport actions from request size limit check
Relates elastic/elasticsearchelastic/elasticsearch#17951

Original commit: elastic/x-pack-elasticsearch@07d2165643
2016-05-13 14:26:14 +02:00
Areek Zillur 01b3fc8768 Differentiate between null license and license tombstone in cluster state
Currently, license notification scheme treats no license (before trial license is auto-generated)
and a license tombstone in the cluster state in the same way. This caused a bug where licencees
were not notified of explicit license removal. Now, the notification scheme explicitly handles
license tombstone to notify the licensees and handles the case for no license in cluster state
as before.

Original commit: elastic/x-pack-elasticsearch@c90ec23398
2016-05-12 15:24:36 -04:00
uboness 06a0a9cbb5 [fix] Removing license did not update the Licensees
- Introduced a `MISSING` operation mode
- now when the license is removed (and a tombstone license is placed), the licensees get notified with a `MISSING` license status
- the monitoring, security and watcher licensees were updated

Original commit: elastic/x-pack-elasticsearch@650d940666
2016-05-12 15:24:36 -04:00
Tanguy Leroux 233c64e942 Monitoring: Fix cleaner tests
Some changes in elastic/x-pack@d13557c517 change the testIgnoreTimestampedIndicesInOtherVersions method and it now sometime fails.
 This commit revert the previous behavior of the test and ensures that at least 1 index is cleaned up/deleted in each test.

Original commit: elastic/x-pack-elasticsearch@3c6acb4ff8
2016-05-12 12:19:10 +02:00
Chris Earle 5c9d18fc34 Adding {index} option for _xpack/monitoring/_bulk
This adds it so that a system can specify "_data" as the index to index into the
data index (without having to know its name). _Not_ supplying an index will use
the timestamped index. Any other index name (including wrong case) is invalid.

Original commit: elastic/x-pack-elasticsearch@6eeadfb3c8
2016-05-11 15:05:06 -04:00
Jason Tedor 6a3aef32d6 Switch scripts to use bash
This commit switches the command-line scripts to use bash instead of sh
so that we can take advantage of features that bash provides like
arrays.

Relates elastic/elasticsearch#2214

Original commit: elastic/x-pack-elasticsearch@826c10ef04
2016-05-10 15:07:04 -04:00
Yannick Welsch ee406e9c3f Use immutable ShardRouting
Relates to elastic/elasticsearchelastic/elasticsearch#17821

Original commit: elastic/x-pack-elasticsearch@92a9581327
2016-05-10 19:07:53 +02:00
markharwood e7b70794b6 Prefix Graph REST endpoint with _xpack. Partial fix for issue 1760
Original commit: elastic/x-pack-elasticsearch@53ceb1c20d
2016-05-10 13:45:07 +01:00
Adrien Grand 7a6025784d Use Versions.MATCH_ANY rather than NOT_SET now that NOT_SET is gone.
Original commit: elastic/x-pack-elasticsearch@14694aea60
2016-05-10 08:23:32 +02:00
Daniel Mitterdorfer 828b1902c5 Merge remote-tracking branch 'danielmitterdorfer/free-request-bytes'
Original commit: elastic/x-pack-elasticsearch@91867432c2
2016-05-09 16:01:21 +02:00
Tanguy Leroux 8f097d24e4 Mute XPackRestIT.test {p0=bulk/10_basic/Bulk indexing of monitoring data}
Original commit: elastic/x-pack-elasticsearch@e3a889222e
2016-05-09 13:27:54 +02:00
Daniel Mitterdorfer c5aa644048 Free bytes reserved on request breaker
With this commit we free all bytes reserved on the request circuit breaker.

Relates elastic/elasticsearchelastic/elasticsearch#18144

Original commit: elastic/x-pack-elasticsearch@3986436b8c
2016-05-09 11:22:42 +02:00
Chris Earle 68728e6bee Use Strict version check for VersionCompatibilityTests
This changes the loose usage of onOrBefore to equals so that when we add beta1, this test fails
again.

Original commit: elastic/x-pack-elasticsearch@fe4f2cbdf0
2016-05-06 15:08:40 -04:00
Chris Earle fd62b2308e Updating with ES-side abstract method addition
Original commit: elastic/x-pack-elasticsearch@0d075b433b
2016-05-06 12:26:10 -04:00
Chris Earle 080000a595 Updating with array changed to list.
Original commit: elastic/x-pack-elasticsearch@552227458f
2016-05-06 12:26:10 -04:00
Chris Earle ec0a4646ea Add Failure Details to every NodesResponse (x-plugins side)
Original commit: elastic/x-pack-elasticsearch@9ffb88caaf
2016-05-06 12:26:10 -04:00
Jason Tedor 35121bc206 Add handshake to list of known handlers for tests
This commit adds internal:transport/handshake to the list of known
handlers for tests.

Closes elastic/elasticsearch#2183

Original commit: elastic/x-pack-elasticsearch@c4b415367b
2016-05-06 09:17:44 -04:00
Tanguy Leroux 330e427f40 Monitoring: Add Points stats to node and index segments stats
Original commit: elastic/x-pack-elasticsearch@7df2538068
2016-05-06 10:10:25 +02:00
Adrien Grand 5db861d14b Remove generics from QueryBuilder.
Related to elastic/elasticsearchelastic/elasticsearch#18133.

Original commit: elastic/x-pack-elasticsearch@bd8ca4f061
2016-05-06 09:06:30 +02:00
Adrien Grand 22c4fb9a32 Make compilation pass.
Note: tests are still failing.

Original commit: elastic/x-pack-elasticsearch@827d129876
2016-05-06 09:05:45 +02:00
Areek Zillur bd04cc9d1f Extend tribe integ test infra to test on master and client nodes
Original commit: elastic/x-pack-elasticsearch@5826fb4161
2016-05-05 15:28:04 -04:00
Areek Zillur 3f0acdd70e refactor tribe integ tests to test monitoring transport actions
Original commit: elastic/x-pack-elasticsearch@4c8735d4a8
2016-05-05 15:28:04 -04:00
Areek Zillur f808b251b5 Disable monitoring transport and rest actions on tribe node
Original commit: elastic/x-pack-elasticsearch@a9d97b4f64
2016-05-05 15:27:45 -04:00
Areek Zillur d9e9f7dfd0 Disable licensing services and management APIs for tribe node
closes elastic/elasticsearch#1426

Original commit: elastic/x-pack-elasticsearch@d8a312b1b5
2016-05-05 15:10:05 -04:00
Alexander Reelsen 2cd7c74bc7 Security: Replace `_shield/` urls with `_xpack/security` (elastic/elasticsearch#2174)
This changes the security endpoints to _xpack/security, fixes the rest api spec to also use
the xpack.security prefix and adds documentation and tests.

Original commit: elastic/x-pack-elasticsearch@7977575f0e
2016-05-04 21:42:11 +02:00
Jason Tedor ed26294916 Fix HttpExporterTemplateTests from string split
This commit fixes an issue in HttpExporterTemplateTests caused by the
migration from Strings#splitStringToArray to String#split. Namely, the
previous would split a string like "/x/y/z/" into { "x", "y", "z" } but
the former will split this into { "", "x", "y", "z" }. This commit
modifies the test logic to respond to this change.

Original commit: elastic/x-pack-elasticsearch@c567b17180
2016-05-04 11:29:50 -04:00
Jason Tedor 5b12eef2d3 Fix ObjectPath#evalContext edge cases
This commit fixes an issue that was introduced in ObjectPath#evalContext
when refactoring from Strings#splitStringToArray to
String#split. Namely, the former would return an empty array when
receiving a null or empty string as input but the latter will NPE on a
null string and return an array containing the empty string on an empty
string input.

Original commit: elastic/x-pack-elasticsearch@2f509f9fa0
2016-05-04 11:21:58 -04:00
Christoph Büscher 357f0178e9 Adapt to changes in QueryShardContext
Original commit: elastic/x-pack-elasticsearch@36b97cac75
2016-05-04 16:42:52 +02:00
Jason Tedor 4a1591f2a8 Remove Strings#splitStringToArray
This commit replaces the uses of Strings#splitStringToArray in favor of
String#split as this method has been removed from core.

Relates elastic/elasticsearch#2175

Original commit: elastic/x-pack-elasticsearch@97ec094fa0
2016-05-04 10:39:05 -04:00
Alexander Reelsen a243647ea1 Watcher: Move urls from _watcher to _xpack/watcher
This moves the watcher base URL to _xpack/watcher. This includes
code, tests, rest-api-spec and the documentation.

Relates elastic/elasticsearch#1760

Original commit: elastic/x-pack-elasticsearch@0a44aec022
2016-05-04 09:39:47 +02:00
Alexander Reelsen 1aedda3627 X-Pack: Create notification module
In order to move things from watcher to x-pack this created a notification module in x-pack.
This also means that the HTTPClient was moved up and settings have changed from
`xpack.watcher.http` to just `xpack.http`.

Further things done:

* Move http under o.e.xpack.common
* Moved secret service to o.e.xpack.common, initializing in XpackPlugin
* Moved text template to o.e.xpack.common.text
* Moved http client initialization into xpack plugin
* Renamed xpack.watcher.encrypt_sensitive_data setting, moved into Watch class
* Moved script service proxy to common

Original commit: elastic/x-pack-elasticsearch@41eb6e6946
2016-05-04 08:53:29 +02:00
Daniel Mitterdorfer 7eebacc884 Disable HTTP compression by default when HTTPS is enabled.
With elastic/elasticsearchelastic/elasticsearch#7309 we enable HTTP compression by
default. However, this can pose a security risk for HTTPS
traffic (e.g. BREACH attack). Hence, we disable HTTP compression
by default again if HTTPS enabled (note that this still allows the
user to explicitly enable HTTP compression if they want to).

Relates elastic/elaticsearchelastic/elasticsearch#7309

Original commit: elastic/x-pack-elasticsearch@8da100c9a5
2016-05-03 08:54:57 +02:00
Alexander Reelsen 23ebbed95a Watcher: Expose HTTP response headers in payload
This exposes the headers (all lower-cased) in the payload, so
that the can be accessed in the conditions.

Closes elastic/elasticsearch#1560

Original commit: elastic/x-pack-elasticsearch@c9b08558fe
2016-05-02 15:06:38 +02:00
Alexander Reelsen 74edbe6332 Watcher: Refactoring, move to org.elasticsearch.xpack
This refactors the org.elasticsearch.watcher over to
org.elasticsearch.xpack.watcher

This also adds all watcher actions to the KnownActionsTests,
as watcher actions had not been taken care of until here.

Original commit: elastic/x-pack-elasticsearch@a046dc7c6a
2016-05-02 10:58:34 +02:00
jaymode 773876caee security: ssl by default on the transport layer
This commit adds the necessary changes to make SSL work on the transport layer by default. A large
portion of the SSL configuration/settings was re-worked with this change. Some notable highlights
include support for PEM cert/keys, reloadable SSL configuration, separate HTTP ssl configuration, and
separate LDAP configuration.

The following is a list of specific items addressed:

* `SSLSettings` renamed to `SSLConfiguration`
* `KeyConfig` and `TrustConfig` abstractions created. These hide the details of how `KeyManager[]` and `TrustManager[]` are loaded. These are also responsible for settings validation (ie keystore password is not null)
* Configuration fallback is changed. Previously any setting would fallback to the "global" value (`xpack.security.ssl.*`). Now a keystore path, key path, ca paths, or truststore path must be specified otherwise the configuration for that key/trust will fallback to the global configuration. In other words if you want to change part of a keystore or truststore in a profile you need to supply all the information. This could be considered breaking if a user relied on the old fallback
* JDK trusted certificates (`cacerts`) are trusted by default (breaking change). This can be disabled via a setting.
* We now monitor the SSL files for changes and enable dynamic reloading of the configuration. This will make it easier for users when they are getting set up with certificates so they do not need to restart every time. This can be disabled via a setting
* LDAP realms can now have their own SSL configurations
* HTTP can now have its own SSL configuration
* SSL is enabled by default on the transport layer only. Hostname verification is enabled as well. On startup if no global SSL settings are present and SSL is configured to be used, we auto generate one based on the default CA that is shipped. This process includes a best effort attempt to generate the subject alternative names.
* `xpack.security.ssl.hostname_verification` is deprecated in favor of `xpack.security.ssl.hostname_verification.enabled`
* added Bouncy Castle info to NOTICE
* consolidated NOTICE and LICENSE files

Closes elastic/elasticsearch#14
Closes elastic/elasticsearch#34
Closes elastic/elasticsearch#1483
Closes elastic/elasticsearch#1933
Addresses security portion of elastic/elasticsearch#673

Original commit: elastic/x-pack-elasticsearch@7c359db90b
2016-04-29 12:50:07 -04:00
markharwood 29b996ea1d Test fix - graph test occasionally failed to fail on all shards due to random nature of indexing. Tightened test class logic to deal with partial failures.
Original commit: elastic/x-pack-elasticsearch@b2dcdd7600
2016-04-29 14:45:15 +01:00
jaymode de48b2426b change how audit user is compared, do not setDaemon, test cleanup
This commit makes a few modifications to the IndexAuditTrail class:

* Use `InternalAuditUser#is` to determine if the principal is the auditor when we have a user
and simply compare `InternalAuditUser#NAME` when only a string principal is available
* Remove the `Thread#setDaemon` call in the QueueConsumer as this thread should be terminated
as part of the shutdown of the node

In terms of tests, there are some issues and changes to how we test certain aspects. The muted tests
were not accurate since the tests immediately checked for the existence of an index and did not poll or
wait and this operation is asynchronous so the index could be created after the exists request was
executed. These tests were removed and a new class was added to test the muted behavior. In these
tests we override the audit trails implementation of a queue, which will set a flag to indicate a message
has been added to the queue. This is a synchronous operation so it can be checked immediately.

The other tests in the IndexAuditTrail tests remain but a few changes have been made to the execution.

* ensureYellow is called for the index we expect to be created before searching for documents
* the remote cluster is only setup at the beginning of the suite rather than before every test to ensure
quicker execution
* the maximum number of shards has been reduced to three since we do not really need up to 10 shards
for a single document

Original commit: elastic/x-pack-elasticsearch@501b6ce9da
2016-04-29 09:08:10 -04:00
Alexander Reelsen 27f0a68a28 X-Pack Notification: Settings refactoring, removed 'service'
The service part is now obsolete with moving to `xpack.notification`.

Original commit: elastic/x-pack-elasticsearch@a7907f24a5
2016-04-29 09:02:36 +02:00
Ryan Ernst 4be1266616 Fix xpack rest test with new xpack info output (timestamp instead of date)
Original commit: elastic/x-pack-elasticsearch@ccb89481cf
2016-04-28 11:46:31 -07:00
Ryan Ernst 09a0276a56 Merge pull request elastic/elasticsearch#2123 from rjernst/build_info
Build: use jar metadata instead of expecting a properties file for xpack build info

Original commit: elastic/x-pack-elasticsearch@a7238cf527
2016-04-28 08:58:52 -07:00
jaymode c39b3ba2fc security: add the proper behavior for the standard license
This change adds the proper behavior for the standard license which is:

* authentication is enabled but only the reserved, native and file realms are available
* authorization is enabled

Features that are disabled:

* auditing
* ip filtering
* custom realms
* LDAP, Active Directory, PKI realms

See elastic/elasticsearch#1263

Original commit: elastic/x-pack-elasticsearch@920c045bf1
2016-04-28 09:33:57 -04:00
markharwood 077599b63f X-plugin tests - added testing for Standard licence in graph plugin. See https://github.com/elastic/x-plugins/issues/1263
Original commit: elastic/x-pack-elasticsearch@6773ead0fc
2016-04-28 13:51:43 +01:00
jaymode 91943318bf security: cleanup authentication service
This commit removes duplicated code in the authentication service by combining
the authentication logic for rest and transport requests. As part of this we no longer
cache the authentication token since we put the user in the context and serialize the
user.

Additionally we now pass the thread context to the AuthenticationFailureHandler to
restore access to the headers and context.

Original commit: elastic/x-pack-elasticsearch@79e2375a13
2016-04-28 07:59:16 -04:00
jaymode 4f7dad8da2 security: handle null values for full name and email
This commit adds logic so that we properly handle null tokens for full name and
email.

Closes elastic/elasticsearch#1887

Original commit: elastic/x-pack-elasticsearch@e03188c29f
2016-04-28 07:41:27 -04:00
Ryan Ernst 4d1f4a244a Build: use jar metadata instead of expecting a properties file for xpack
build info

There are many other things that should be cleaned up around this (eg
XpackInfoResponse.BuildInfo should not exist, it is the exact same as
what XPackBuild has), but this change gets the build info output working
again.

closes elastic/elasticsearch#2116

Original commit: elastic/x-pack-elasticsearch@0730daf031
2016-04-27 13:33:42 -07:00
jaymode f4f156b351 test: add awaits fix to FLS field stats tests
See elastic/elasticsearch#2120

Original commit: elastic/x-pack-elasticsearch@fc7950bf65
2016-04-27 13:55:59 -04:00
Alexander Reelsen 5d53080a1f Watcher: Remove build based property creation (elastic/elasticsearch#2107)
There we still left over files from the clean up PR to not use
build properties for the watcher templates.

Relates elastic/elasticsearch#2040

Original commit: elastic/x-pack-elasticsearch@b838d92124
2016-04-26 17:54:27 +02:00
Alexander Reelsen 3bbe5916d1 Fix compilation issue
Original commit: elastic/x-pack-elasticsearch@803275d634
2016-04-26 14:03:19 +02:00
jaymode c7ad6b9872 test: add a simple test for reserved realm authentication
See elastic/elasticsearch#2089

Original commit: elastic/x-pack-elasticsearch@1bede0a206
2016-04-25 07:34:14 -04:00
Alexander Reelsen b47d161b9e X-Pack: Porting watcher notifications to xpack notifications (elastic/elasticsearch#2056)
This mainly moves packages over to the x-pack directory and renames the settings
from `xpack.watcher.actions.` to `xpack.notification.`

Moved services include pagerduty, hipchat, slack and email.

Closes elastic/elasticsearch#1998

Original commit: elastic/x-pack-elasticsearch@40c16fe123
2016-04-22 15:57:34 +02:00
Martijn van Groningen 4650592150 Remove LazyInitializable from ScriptServiceProxy
Closes elastic/elasticsearch#2062

Original commit: elastic/x-pack-elasticsearch@4eaf323158
2016-04-22 14:31:02 +02:00
Martijn van Groningen b9515357fa Migrated from indexed scripts to store scripts
Original commit: elastic/x-pack-elasticsearch@a0218f1c9e
2016-04-22 13:43:55 +02:00
Alexander Reelsen 276d5fbbca Watcher: Updated dependencies (elastic/elasticsearch#2064)
Updated okhttp and moved the jsr305 dependency into testing.
This required a minor change in tests using SSL, as otherwise
the security manager barfs, when the okhttp webserver tries
to load sun internal SSL based classes.

Original commit: elastic/x-pack-elasticsearch@77131589e0
2016-04-22 09:45:46 +02:00
Alexander Reelsen 12ff8853f0 Monitoring/Watcher: Load version of templates in a static way (elastic/elasticsearch#2040)
The old implementation was to use properties at build-time. This however did not work,
as the tests could not be run in the IDE. This has been removed of monitoring for some
time already, but needs to be removed from watcher as well.

This commit uses static variables and refactors the code a bit. First, there is a generic
TemplateUtils class, to be used in monitoring and watcher. Also the watcher code has been changed
to copy the needed variables into the template registry class instead of keeping it in the
WatcherModule.

This commit also includes some refactoring to remove the version parameter in marvel, was static anyway

Closes elastic/elasticsearch#1372

Original commit: elastic/x-pack-elasticsearch@fbfc22ea09
2016-04-22 09:26:40 +02:00
uboness df3bbd42b9 Changed the default output of X-Pack Info API
- by default the response includes all info - build, license, features + human descriptions.
- you can still control the output using `categories` and `human` parameters
- Added docs to this API

Original commit: elastic/x-pack-elasticsearch@85115495ec
2016-04-21 18:43:17 -07:00
Chris Earle a84347f711 Monitoring: Ignore NodesStatsResposne if no stats are returned
This avoids exceptional cases where node stats are not returned due to some concurrent modification.

Original commit: elastic/x-pack-elasticsearch@6f6b8ec393
2016-04-21 16:16:00 -04:00
Nik Everett 629c585fba Handle core removing <T> from Writeable
Original commit: elastic/x-pack-elasticsearch@34632c8a67
2016-04-21 13:00:57 -04:00
Nik Everett c4dc28e7f7 Remove the last readFrom from xpack
This the last Writeable#readFrom in xpack!

Original commit: elastic/x-pack-elasticsearch@5412160bdd
2016-04-21 10:13:10 -04:00
jaymode 8c8e33889c build: remove test dependencies from published pom file
See elastic/elasticsearch#2063

Original commit: elastic/x-pack-elasticsearch@3653368363
2016-04-21 09:27:12 -04:00
Nik Everett de6d3e1a72 Remove readFrom from xpack
Writeable#readFrom has become a method you just implement because
the interface requires it but the prefered way to actually do the
reading is a ctor that takes a StreamReader. readFrom just delegates
to the ctor. This removes readFrom entirely because it is not needed
anymore and is going away in core.

Relates to https://github.com/elastic/elasticsearch/issues/17085

Original commit: elastic/x-pack-elasticsearch@dd74db5ded
2016-04-21 07:58:51 -04:00
uboness 5c9d96211f Extended X-Pack Info API with Features Info
- introduced the "Feature Set" notion - graph, security, monitoring, watcher, these are all feature sets
- each feature set can be:
 - `available` - indicates whether this feature set is available under the current license
 - `enabled` - indicates whether this feature set is enabled (note that the feature set can be enabled, yet unavailable under the current license)
- while at it, cleaned up the main modules of watcher, security, monitoring and graph.

Original commit: elastic/x-pack-elasticsearch@5b3e19fe8c
2016-04-20 14:30:48 -07:00
Jay Greenberg 8af3f91eb5 Merge pull request elastic/elasticsearch#2044 from PhaedrusTheGreek/group_search_noattrs
Change some LDAP searches to NOATTRS to avoid unnecessary results

Original commit: elastic/x-pack-elasticsearch@60c41af5a6
2016-04-20 09:29:38 -04:00
jaymode 659439841e test: adapt to removal of setting
Original commit: elastic/x-pack-elasticsearch@5f195001b9
2016-04-19 14:31:06 -04:00
Nik Everett 28bb39955c Replace (read|write)Query with (read|write)NamedWriteable
(read|write)Query is going away.

Original commit: elastic/x-pack-elasticsearch@5ac3ded68e
2016-04-19 11:06:39 -04:00
PhaedrusTheGreek 962729bd3b Changed LDAP searches to NOATTRS in order to avoid returning unecessary
data in searches where only getDn() is done on results

Original commit: elastic/x-pack-elasticsearch@5ce64235a1
2016-04-19 10:47:27 -04:00
Martijn van Groningen e24d09b54e test: allow percolate api to fail when the percolator field can't be found
Original commit: elastic/x-pack-elasticsearch@3343c9dc3a
2016-04-19 14:11:53 +02:00
Martijn van Groningen 0c7dff4fa7 security: Deal with upstream percolator changes.
From now on, if field level security and percolator is used then the percolator field needs to be included in the allowed fields.

Original commit: elastic/x-pack-elasticsearch@7d39b5caf6
2016-04-19 11:23:04 +02:00
Daniel Mitterdorfer fb825d7fd3 Use underscore notation for field names
Relates elastic/elasticsearchelastic/elasticsearch#17800

Original commit: elastic/x-pack-elasticsearch@1f6022116c
2016-04-19 08:41:47 +02:00
Ryan Ernst 14df2663ae Replace more occurences of new String(CONSTANT) with CONSTANT
Original commit: elastic/x-pack-elasticsearch@339de6350f
2016-04-18 14:54:14 -07:00
Ryan Ernst 7275d48bbd Remove XContentBuilderString
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#17833

Original commit: elastic/x-pack-elasticsearch@2400192775
2016-04-18 14:37:17 -07:00
Ryan Ernst 74c9358bdf Merge pull request elastic/elasticsearch#2029 from rjernst/camelcase1
Simplify xcontentstring usages

Original commit: elastic/x-pack-elasticsearch@13fd6d0e6a
2016-04-18 14:36:13 -07:00
Christoph Büscher e6bce6b36e Adapt to changes in core ES (elastic/elasticsearch#17417)
Original commit: elastic/x-pack-elasticsearch@2df6d5b27e
2016-04-18 15:33:25 +02:00
jaymode e66a6871c0 security: fix initialization of server sets in ldap session factories
The SessionFactory construction was calling the `ldapServers` method in the constructor,
which was fine for all of the session factories except for the ActiveDirectorySessionFactory.
The ActiveDirectorySessionFactory overrides the ldapServers method and use class variables
that are initialized in its constructor so the value was always null.

This change moves setup to an init method for objects that depend on variables set during
construction.

Closes elastic/elasticsearch#2011

Original commit: elastic/x-pack-elasticsearch@07c15ce171
2016-04-18 07:22:21 -04:00
Alexander Reelsen aa77646e3d Tests: Fixing xpack info tests
Even though HEAD is a possible method, this implies that no data is returned
and thus the tests fail randomly.

If HEAD should be added to the api it needs it's own API definition IMO.

Original commit: elastic/x-pack-elasticsearch@a216393f6b
2016-04-18 12:19:16 +02:00
uboness 8aa48ffaff Introduced the X-Pack Info API
- Removed Shield's Info API
- Removed Watcher's Info API

Closes elastic/elasticsearch#2014

Original commit: elastic/x-pack-elasticsearch@6910cb1d6e
2016-04-17 13:38:19 +02:00
jaymode 0cce436641 build: fix x-pack pom and allow installation
* The found-license project is removed since it is no longer needed
* The plugin-api classes have moved into the license-plugin since there is only one plugin
* The license/base project publishes the proper artifactId in the pom file
* The x-pack jar file is added as an artifact so that it can be installed
* The x-pack pom no longer declares the packaging as `zip`
* The x-pack pom uses the right artifactId for license-core
* Removed disabling of installing the x-plugins artifacts
* Cleaned up a use of guava in watcher (found when trying to remove guava as a compile
dependency but is needed by the HTML sanitizer)
* Removed the dependency on the mustache compiler since it is no longer necessary

Closes elastic/elasticsearch#1987

Original commit: elastic/x-pack-elasticsearch@9d3b50b054
2016-04-15 11:31:09 -04:00
Robert Muir 350ccaad43 Merge pull request elastic/elasticsearch#2025 from elastic/fieldsecurity-points
field-level security should filter points

Original commit: elastic/x-pack-elasticsearch@5422fe610d
2016-04-15 11:19:24 -04:00
Christoph Büscher dfe5bf5366 Adapt to removal of parseFieldMatcher getters and setters in core
Original commit: elastic/x-pack-elasticsearch@4fd754d0ae
2016-04-15 15:22:13 +02:00
jaymode 98a308352a security: resolve date match expressions for authorization
Elasticsearch supports the concept of date match expressions for index names and
the authorization service was trying to authorize the names without resolving them
to their concrete index names. This change now resolves these names

Closes elastic/elasticsearch#1983

Original commit: elastic/x-pack-elasticsearch@3c6baa8e83
2016-04-15 08:49:20 -04:00
Alexander Reelsen 2b00967b01 Watcher: Fix license check for STANDARD license
The license check in Watcher was issued in the wrong way,
so that new licenses were not affected by the check. This
commit explicitely lists the license types that are allowed
to execute watcher actions as well as fixing the tests.

Relates elastic/elasticsearch#1263

Original commit: elastic/x-pack-elasticsearch@afd55965b0
2016-04-15 09:16:37 +02:00
Ryan Ernst cb6a5b4e85 Simplify xcontentstring usages
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#17774.

Original commit: elastic/x-pack-elasticsearch@5c05609840
2016-04-14 23:15:41 -07:00
Robert Muir 8bcc280539 field-level security should filter points
Original commit: elastic/x-pack-elasticsearch@5a8739a2bd
2016-04-14 18:28:49 -04:00
Areek Zillur e5c2a44d5d Return 404 status code when no license is installed
closes elastic/elasticsearch#2000

Original commit: elastic/x-pack-elasticsearch@3bd4193cf8
2016-04-14 16:51:39 -04:00
jaymode fc1c13d8a4 Fix compile error due to change in DateFieldMapper
Original commit: elastic/x-pack-elasticsearch@995dde2a36
2016-04-14 13:32:04 -04:00
Christoph Büscher 5eb8a603c9 Adapt to api change in es core
Original commit: elastic/x-pack-elasticsearch@4d6f6abf02
2016-04-14 16:23:51 +02:00
Colin Goodheart-Smithe 2dc8a720c2 Fix Eclipse Compile error in ReservedRealmTests
The eclipse compiler errors on this class because "the method containsInAnyOrder(T...) of type Matchers is not applicable as the formal varargs element type T is not accessible here". This is because the first common superclass of `XPackUser` and `KibanaUser` is `ReservedUser` which is package protected and not available to this test class. This change casts to `User` so the error does not occur in Eclipse.

Original commit: elastic/x-pack-elasticsearch@be8fa82720
2016-04-14 14:30:06 +01:00
Martijn van Groningen 5f7220dea4 Fix compile errors due to upstream changes in HasChild- and HasParentQueryBuilder
Original commit: elastic/x-pack-elasticsearch@9945e89b6e
2016-04-14 14:46:08 +02:00
Alexander Reelsen 1ef246adab Watcher: Fall back on default format color in hipchat action
Our documentation states that we have default attributes for
message.format and message.color, which in fact we do not have
as an NPE was triggered in that case.

This commit falls back to unset defaults and allows for hipchat messages
to be sent without having to configure color/format in the action
or the account.

Closes elastic/elasticsearch#1666

Original commit: elastic/x-pack-elasticsearch@bfb7e35112
2016-04-14 09:03:55 +02:00
Alexander Reelsen 6d0a2f642a Watcher: HttpResponse serialization may not contain dots in field names
The HTTP response toXContent() method contains the http response headers, which
are used as field names in Elasticsearch in the watch history.
These can contain dots, like `es.index` being returned when Elasticsearch
encounters an exception - which results in an index error.

This patch changes the dots to an underscore when calling toXContent()

Closes elastic/elasticsearch#1803

Original commit: elastic/x-pack-elasticsearch@e4070f8b70
2016-04-13 15:07:22 +02:00
Alexander Reelsen 847287278b Tests: Adapting to Version changes in core
Original commit: elastic/x-pack-elasticsearch@89e9cf427d
2016-04-13 11:43:54 +02:00
Daniel Mitterdorfer 3fd3adef4c Limit request size on HTTP level
With this commit we limit the size of all in-flight requests on
HTTP level. The size is guarded by the same circuit breaker that
is also used on transport level. Similarly, the size that is used
is HTTP content length.

Relates elastic/elasticsearchelastic/elasticsearch#16011

Original commit: elastic/x-pack-elasticsearch@318b7a4a8a
2016-04-13 10:39:49 +02:00
Daniel Mitterdorfer 0d0e2b432c Limit request size on transport level
With this commit we limit the size of all in-flight requests on
transport level. The size is guarded by a circuit breaker and is
based on the content size of each request.

By default we use 100% of available heap meaning that the parent
circuit breaker will limit the maximum available size. This value
can be changed by adjusting the setting

network.breaker.inflight_requests.limit

Relates elastic/elasticsearchelastic/elasticsearch#16011

Original commit: elastic/x-pack-elasticsearch@d1c43fe8d9
2016-04-13 10:39:04 +02:00
Nik Everett 120e13148b Handle core search refactoring
Original commit: elastic/x-pack-elasticsearch@fb512063ca
2016-04-12 15:24:19 -04:00
Alexander Reelsen 61fdd0ac3c Fix compilation error from core change
Relates 2c487110b2

Original commit: elastic/x-pack-elasticsearch@b3661a5c3e
2016-04-12 18:42:28 +02:00
Alexander Reelsen a1f7fff901 Watcher: Cut settings over to xpack.watcher (elastic/elasticsearch#1909)
This cuts over all settings from `watcher.` to `xpack.watcher` as
part of the settings cleanup for 5.0.

Relates elastic/elasticsearch#1441

Original commit: elastic/x-pack-elasticsearch@c82483bf25
2016-04-12 10:34:23 +02:00
Adrien Grand 26e1535eee Fix compilation as a result of elastic/elasticsearchelastic/elasticsearch#16268.
Original commit: elastic/x-pack-elasticsearch@4a334d7f7d
2016-04-11 18:06:48 +02:00
Adrien Grand 5b57727b34 Replace usage of settingsBuilder with just builder.
Original commit: elastic/x-pack-elasticsearch@fe038bbc49
2016-04-08 18:09:02 +02:00
Tanguy Leroux 703a88f95f Monitoring: Fix MarvelTemplateUtilsTests.java on Windows (attempt elastic/elasticsearch#2)
Original commit: elastic/x-pack-elasticsearch@10df1b26b9
2016-04-08 15:56:39 +02:00
Tanguy Leroux bc744e27c3 Monitoring: Fix MarvelTemplateUtilsTests.java on Windows
This is due to line ending differences.

Original commit: elastic/x-pack-elasticsearch@a5327cd3e6
2016-04-08 14:24:02 +02:00
Tanguy Leroux 98fc26c614 Monitoring: Manage multiple index templates
Original commit: elastic/x-pack-elasticsearch@fef9dcc5d1
2016-04-08 11:44:03 +02:00
Nik Everett 29263637c0 React to registration changes in core
Original commit: elastic/x-pack-elasticsearch@f5961dc410
2016-04-07 18:48:00 -04:00
Chris Earle daa875db11 Remove hostname from NetworkAddress.format (x-plugins side)
This removes the old usage of NetworkAddress.formatAddress in favor of the updated version, which is just
the method renamed to NetworkAddress.format (replacing the old version of that method).

There is no impact to x-plugins beyond making the build work because all places were currently using that
method variant already.

Original commit: elastic/x-pack-elasticsearch@05f0dcfa90
2016-04-07 17:29:14 -04:00
jaymode 52b6fc54b8 test: explicitly initialize anonymous user in ReservedRealmTests
Original commit: elastic/x-pack-elasticsearch@46ce5c03a1
2016-04-07 10:54:47 -04:00
jaymode 8049a82953 security: add support for main action
This commit adds support for the change in elasticsearch where the `/` rest
endpoint now delegates to an action and can be authorized.

Original commit: elastic/x-pack-elasticsearch@8ef38ce50f
2016-04-07 09:25:21 -04:00
jaymode b56e2f3bca test: reset anonymous after test to avoid messing with other tests
Closes elastic/elasticsearch#1956

Original commit: elastic/x-pack-elasticsearch@9b57d295c8
2016-04-07 06:12:02 -04:00
jaymode 931c67b49c security: add type argument to fix compile
Original commit: elastic/x-pack-elasticsearch@81acbd2e29
2016-04-06 19:09:29 -04:00
jaymode d08446e221 security: add reserved roles and users
This commit adds reserved or built-in user and role support to x-pack. The reserved roles
cannot be modified by users. The reserved users also cannot be modified with the exception
of changing the password for a user.

In order to change the password for a user, a new API has been added. This API only supports
changing passwords for native and reserved users.

To support allowing a user to change their own password, a default role has been added to grant
access. This default role only grants access to user operations that pertain to the user that is
being authorized. In other words, the default role grants `joe` the ability to change their own password
but does not allow them to change the password of a different user.

Additionally, the authenticate API was made a transport action and is granted by the default role.

Closes elastic/elasticsearch#1727
Closes elastic/elasticsearch#1185
Closes elastic/elasticsearch#1158

Original commit: elastic/x-pack-elasticsearch@1a6689d90f
2016-04-06 18:23:18 -04:00
jaymode f888082ce6 security: remove the use of shield in settings
This commit migrates all of the `shield.` settings to `xpack.security.` and makes changes to
use the new Settings infrastructure in core.

As a cleanup, this commit also renames Shield to Security since this class is only in master
and will not affect 2.x.

See elastic/elasticsearch#1441

Original commit: elastic/x-pack-elasticsearch@a5a9798b1b
2016-04-06 14:00:46 -04:00
jaymode 9031cee432 security: allow indices monitor actions to access the security index
This commit allows authorized users to monitor the security index. This fixes an issue
with the _cat/indices api, which resolves the concrete indices using the cluster state
and then makes a indices stats request. Without this change, the api fails with an
authorization exception because it is specifically requesting the security index and the
user is not the internal user.

Closes elastic/elasticsearch#1895

Original commit: elastic/x-pack-elasticsearch@070a389833
2016-04-06 12:59:15 -04:00
Tanguy Leroux 3c65f38fbe Monitoring: Update exporter & bulk in ExportersTests
Since elastic/elasticsearch#1832 exporters are created once, but the inner exporting bulks must be instanciated for each export. The CountingExporter and CountingBulk have not been updated to reflect this change.

Original commit: elastic/x-pack-elasticsearch@bbbde22363
2016-04-06 11:35:39 +02:00
Martijn van Groningen 1e3c56ce97 test: wait only for the index test_1
(there are other indices too, montoring indices and waiting for green fails there because these indices have replica shards)

Original commit: elastic/x-pack-elasticsearch@63dd3e6ebb
2016-04-06 10:52:50 +02:00
Tanguy Leroux 4df6f0f701 Monitoring: Change ExportBulk so that it has states
Original commit: elastic/x-pack-elasticsearch@8dc55dc0d2
2016-04-06 10:21:55 +02:00
Tanguy Leroux b65787f7dd Monitoring: Add segments stats to Index Stats
Original commit: elastic/x-pack-elasticsearch@e42dab0971
2016-04-06 10:05:40 +02:00
javanna 0a9b72233e Adapt to "Switch to ParseField for query names"
A ParseField object is now required to register queries against the SearchModule rather than the QueryParser#names method. ParseField handles camel case automatically. Also this allows us to log deprecation warnings (or fail in strict mode) when deprecated names are used for queries (e.g. "in", "mlt", "fuzzy_match" etc.)

Original commit: elastic/x-pack-elasticsearch@b0146e6e3d
2016-04-05 15:39:22 +02:00
Alexander Reelsen 9a5e60b58f Watcher: Add SMTP default timeouts
This adds default timeouts to the SMTP configuration to prevent infinite timeouts, that can lead to stuck watches.
This also requires to use time values instead of just milliseconds.

Closes elastic/elasticsearch#1830

Original commit: elastic/x-pack-elasticsearch@c886da7bff
2016-04-05 14:28:15 +02:00
Alexander Reelsen 366498eca4 Tests: Fix systemkeytool tests
One test was missing the check if posix permissions are supported by the file system.
As it does not make sense to not run 50% of the tests in 50% of the cases, the
logic to configure which capabilities a in-memory FS should have has been moved
into each test.

Original commit: elastic/x-pack-elasticsearch@59a32ea26d
2016-04-05 14:08:03 +02:00
Alexander Reelsen 323f80216d Security: Fix systemkey CLI tool
When called without arguments, systemkey tool returned with an AIOOE.
This fixes the issue, but also ports over the tests to jimfs, so they
can actually run, as the security manager is always enabled and thus the
tests never ran before.

Closes elastic/elasticsearch#1926

Original commit: elastic/x-pack-elasticsearch@887b681607
2016-04-05 11:46:20 +02:00
Chris Earle aa9f516655 Fix deserializing license response
Original commit: elastic/x-pack-elasticsearch@dae5e6f545
2016-04-04 18:45:15 -04:00
Tanguy Leroux 192e0cd582 Cancel cleaner future in doClose() rather than doStop()
Original commit: elastic/x-pack-elasticsearch@39ca253b31
2016-04-04 19:11:12 +02:00
Tanguy Leroux 3672e06343 Merge pull request elastic/elasticsearch#1902 from tlrx/catch-rejected-exception
Monitoring: Catch EsRejectedExecutionException when rescheduling the cleaner

Original commit: elastic/x-pack-elasticsearch@6ba20d5b8a
2016-04-04 09:24:14 -07:00
Tanguy Leroux 2ae6dec8e1 Rename RestExecuteWatchActionTest to RestExecuteWatchActionTests
Original commit: elastic/x-pack-elasticsearch@c9d8de10b2
2016-04-04 18:22:28 +02:00
Tanguy Leroux 115b037f06 Monitoring: Catch EsRejectedExecutionException when rescheduling the cleaner
closes elastic/elasticsearch#1900

Original commit: elastic/x-pack-elasticsearch@87efb135b4
2016-04-04 18:19:08 +02:00
Tanguy Leroux 652b69ad7f Monitoring: Ship segment stats with node stats
This commit adds all the following segments stats to the current node_stats document:
 - memory_in_bytes
- terms_memory_in_bytes
- stored_fields_memory_in_bytes
- term_vectors_memory_in_bytes
- norms_memory_in_bytes
- doc_values_memory_in_bytes
- index_writer_memory_in_bytes
- version_map_memory_in_bytes
- fixed_bit_set_memory_in_bytes

Original commit: elastic/x-pack-elasticsearch@ea4b8034ba
2016-04-04 18:13:24 +02:00
Alexander Reelsen 25f06bb5c1 Build: Fix packaging to not include test in artifact
A rest test was accidentally moved into the src/main/plugin-metadata
directory, which resulted the test being put into the plugin distribution
zip.

Closes elastic/elasticsearch#1907

Original commit: elastic/x-pack-elasticsearch@fbdf62b1d8
2016-04-04 17:10:07 +02:00
jaymode 4036ce97c1 shield: do not use ThreadPool#scheduleWithFixedDelay for pollers
This commit makes the user and roles poller use a self rescheduling runnable to schedule the
next run of the poller rather than using scheduleWithFixedDelay. This is done because the
pollers perform blocking I/O operations and everything using that thread pool method runs on
the schedule thread and because of this, in certain situations this can lead to a deadlock which
will prevent the cluster from forming.

Original commit: elastic/x-pack-elasticsearch@9fd0748c8c
2016-04-01 21:25:16 -04:00
Chris Earle 3126fcb856 Improved tests with better error message
Original commit: elastic/x-pack-elasticsearch@cb79988dc3
2016-04-01 14:20:03 -04:00
Chris Earle 9f41a99e37 Modifying Monitoring cleanup acknowledgement message.
Original commit: elastic/x-pack-elasticsearch@1c5e1a3175
2016-04-01 12:49:05 -04:00
Chris Earle 86ed96b83b Adding support for STANDARD license
Original commit: elastic/x-pack-elasticsearch@1671d8ade3
2016-04-01 12:49:05 -04:00
Chris Earle 55b9569f7b Removing isPaid, allFeaturesEnabled, and isActive methods from enums.
Original commit: elastic/x-pack-elasticsearch@8b8c7792c7
2016-04-01 12:49:05 -04:00
Chris Earle 5e81beabf9 Simplifying License Checks
Too many places are checking for enumerations when they're really more interested in a "higher" level of
information. This will help with the forthcoming addition of the STANDARD operation mode as well.

Original commit: elastic/x-pack-elasticsearch@2799c27e19
2016-04-01 12:49:05 -04:00
jaymode d6cab8b9f1 security: read correct file when listing users
Original commit: elastic/x-pack-elasticsearch@dca906abba
2016-04-01 06:30:34 -04:00
Tanguy Leroux 1d72eb2b61 Monitoring: Check for source_node only for assigned shard in test
Original commit: elastic/x-pack-elasticsearch@f0d5bccecd
2016-04-01 10:34:40 +02:00
Tanguy Leroux 2c1dbf3eb6 Monitoring: Clean log messages in exporters
This commit adds the node name and the exporter name as log message prefixes.

Original commit: elastic/x-pack-elasticsearch@085b2ecf3c
2016-04-01 09:48:22 +02:00
Tanguy Leroux 8a15a17442 Monitoring: Simplify bulk REST test
Original commit: elastic/x-pack-elasticsearch@0a02d3f3be
2016-03-31 17:49:27 +02:00
Tanguy Leroux 4007ff44b7 Monitoring: Fix synchronization in Exporters
This commit fixes an issue in synchronization in Exporters class. The export() method is synchronized and when used with LocalExport can provoke a deadlock. LocalExporter exports data locally using bulk requests that can trigger cluster state updates for mapping updates. If a exporters settings update sneaks in, the settings update waits for the export to terminate but the export waits for the settings to be updated... and boom.

This commit removes the synchronized and refactor Exporters/LocalExporter to use state and dedicated instance of LocalBulk for each export so that synchronizing methods is not necessary anymore.

It also lower down some random settings in MonitoringBulkTests because the previous settings almost always fill the bulk thread pool.

closes elastic/elasticsearch#1769

Original commit: elastic/x-pack-elasticsearch@f50c916f8b
2016-03-31 13:47:53 +02:00
javanna dc998764e8 Merge branch 'master' into enhancement/discovery_node_one_getter
Original commit: elastic/x-pack-elasticsearch@5a7ed8aafd
2016-03-31 10:50:21 +02:00
javanna 770de79a92 Remove DiscoveryNode#id in favour of existing DiscoveryNode#getId
Original commit: elastic/x-pack-elasticsearch@69bd4a9640
2016-03-31 10:49:45 +02:00
Tanguy Leroux b056fed38b Monitoring: Add REST test for monitoring bulk endpoint
Original commit: elastic/x-pack-elasticsearch@52166aec1f
2016-03-31 10:44:08 +02:00
javanna 02751ffff8 Merge branch 'master' into enhancement/discovery_node_one_getter
Original commit: elastic/x-pack-elasticsearch@cf4c5bc630
2016-03-30 17:26:02 +02:00
javanna 52ad574827 Remove DiscoveryNode#id in favour of existing DiscoveryNode#getId
Original commit: elastic/x-pack-elasticsearch@64951de2f9
2016-03-30 17:22:59 +02:00
javanna 83bf15494b fix checkstyle line lenght issue
Original commit: elastic/x-pack-elasticsearch@3ddbde1922
2016-03-30 16:20:22 +02:00
javanna 126383439a Rename DiscoveryNodes#localNodeMaster to isLocalNodeElectedMaster
Original commit: elastic/x-pack-elasticsearch@ccb685fe9a
2016-03-30 15:40:32 +02:00
javanna 9461dde896 Remove DiscoveryNodes#masterNode in favour of existing DiscoveryNodes#getMasterNode
Original commit: elastic/x-pack-elasticsearch@070850c49f
2016-03-30 15:40:23 +02:00
javanna 716a3e743e Remove DiscoveryNodes#masterNodeId in favour of existing DiscoveryNodes#getMasterNodeId
Original commit: elastic/x-pack-elasticsearch@acbedb87fd
2016-03-30 15:40:03 +02:00
javanna be01a18b35 Rename static DiscoveryNode#masterNode(Settings) to isMasterNode
Original commit: elastic/x-pack-elasticsearch@7b9ec10675
2016-03-30 15:39:39 +02:00
Adrien Grand ffb70f3011 IndexActionTests: Always map `foo` as a keyword.
Original commit: elastic/x-pack-elasticsearch@de2ad22c57
2016-03-30 15:21:22 +02:00
Nik Everett 0531dd8b88 Switch from getRandom to random
This is a reaction to
https://github.com/elastic/elasticsearch/pull/17394
which handled a long standing TODO in core.

Original commit: elastic/x-pack-elasticsearch@76425300a2
2016-03-30 08:58:31 -04:00
Simon Willnauer a39433ab48 prefix node attribute with node.attr
Original commit: elastic/x-pack-elasticsearch@44a0ef8fc6
2016-03-30 14:55:13 +02:00
javanna bd6775e0da Remove DiscoveryNode#masterNode in favour of existing DiscoveryNode#isMasterNode
Original commit: elastic/x-pack-elasticsearch@0bd29df7ea
2016-03-30 14:52:53 +02:00
javanna 9842e649f7 Remove DiscoveryNode#name in favour of existing DiscoveryNode#getName
Original commit: elastic/x-pack-elasticsearch@5907a80818
2016-03-30 14:47:50 +02:00
javanna 7689141909 Remove DiscoveryNode#id in favour of existing DiscoveryNode#getId
Original commit: elastic/x-pack-elasticsearch@a498f45e4a
2016-03-30 14:43:03 +02:00
javanna c8ea0758e9 Remove DiscoveryNode#id in favour of existing DiscoveryNode#getId
Original commit: elastic/x-pack-elasticsearch@44b835ae38
2016-03-30 14:42:13 +02:00
Adrien Grand 216874881f Don't rely on fielddata being enabled by default.
See elastic/elasticsearchelastic/elasticsearch#17386.

Original commit: elastic/x-pack-elasticsearch@361af3931a
2016-03-30 14:34:54 +02:00
Jim Ferenczi 2f627f6a50 Merge pull request elastic/elasticsearch#1847 from jimferenczi/drop_conf_file
Remove CONF_FILE from scripts

Original commit: elastic/x-pack-elasticsearch@4cfdc339de
2016-03-30 14:34:43 +02:00
Boaz Leskes 15e9edc2f4 Make AgentService.stopCollection wait till things are stopped
Closes elastic/elasticsearch#1848

Original commit: elastic/x-pack-elasticsearch@bc1f9b203f
2016-03-30 14:25:48 +02:00
jaymode c41fc7dc1d change xpack -> x-pack in in.bat
Leftover from elastic/elasticsearch#1799

Original commit: elastic/x-pack-elasticsearch@00d8bfea4e
2016-03-30 07:34:54 -04:00
Boaz Leskes 32dfa07dd1 MonitoringBulkTests to log in DEBUG
Original commit: elastic/x-pack-elasticsearch@04aca6c654
2016-03-30 11:39:23 +02:00
Jim Ferenczi d0c0a9efc4 Remove CONF_FILE from scripts
Support for it has been dropped in es

Original commit: elastic/x-pack-elasticsearch@d5a17a61d5
2016-03-30 11:17:15 +02:00
Boaz Leskes ec34163b01 Marvel integ test should stop and start exporters between tests. The ongoing activity messes with ESIntegTest level clean ups
Original commit: elastic/x-pack-elasticsearch@474ed7080a
2016-03-30 10:21:13 +02:00
Alexander Reelsen e0fcbcbb51 Elasticsearch: Rename plugin from 'xpack' to 'x-pack'
This is just to be consistent with out naming, which is
supposed to be `x-pack`.

Closes elastic/elasticsearch#1759

Original commit: elastic/x-pack-elasticsearch@0697f70855
2016-03-30 09:48:46 +02:00
Chris Earle 9b7feb25ca Adding type to generic call
Original commit: elastic/x-pack-elasticsearch@ec1cb8be55
2016-03-29 17:42:25 -04:00
javanna 99af2d60d3 Merge branch 'enhancement/node_client_setting_removal'
Original commit: elastic/x-pack-elasticsearch@31af38c4c9
2016-03-29 21:56:04 +02:00
jaymode fcbbb43425 shield: index metadata privilege allows shard actions
The view index metadata privilege did not grant access to the shard level field mapping
action or the shard level validate query action. This caused the apis to restrict access to
the data when it should have been allowed.

Closes elastic/elasticsearch#1827

Original commit: elastic/x-pack-elasticsearch@7832699cb6
2016-03-29 15:19:43 -04:00
jaymode 0a7b4257f5 add type parameters to fix compilation
Original commit: elastic/x-pack-elasticsearch@0a8a16f9a0
2016-03-29 15:00:53 -04:00
javanna ac1ec748a6 use TransportClient.CLIENT_TYPE constants for comparisons
Original commit: elastic/x-pack-elasticsearch@d2556e8d3d
2016-03-29 18:36:59 +02:00
jaymode c34598a3cd test: wait until threads are ready in MonitoringBulkTests#testConcurrentRequests
This commit synchronizes the start of the threads that are executing monitoring bulk requests concurrently
to ensure all threads are ready before starting. Without this some threads will execute requests while
other threads are still being constructed.

Original commit: elastic/x-pack-elasticsearch@e777fb5c28
2016-03-29 07:18:47 -04:00
javanna a5ed623251 Merge branch 'master' into enhancement/node_client_setting_removal
Original commit: elastic/x-pack-elasticsearch@af74045e0c
2016-03-29 12:34:31 +02:00
javanna d31983d6b6 adapt to additional changes, attributes is now a regular map in DiscoveryNode
Original commit: elastic/x-pack-elasticsearch@0ba590ed9b
2016-03-29 12:34:14 +02:00
Tanguy Leroux b8e8d7d246 Rename bin/xpack/esusers to /bin/xpack/users
Original commit: elastic/x-pack-elasticsearch@388eda9f24
2016-03-29 10:36:38 +02:00
Lee Hinman c62ba37759 Add API endpoints for the cluster allocation explain API
Relates to https://github.com/elastic/elasticsearch/pull/17305

Original commit: elastic/x-pack-elasticsearch@839d8dc53c
2016-03-28 17:29:01 -06:00
jaymode 2550548a44 shield: handle merging granted and non-granted indices acls
This commit changes the handling in the merge method of the IndexAccessControl class to
properly handle merging IndexAccessControl objects with differing values for the granted
flag. Prior to this commit, in a scenario where the flag differed, one IndexAccessControl granted
no access to an index, and the other granted access with DLS/FLS resulted in full access
being granted to the index.

Closes elastic/elasticsearch#1821

Original commit: elastic/x-pack-elasticsearch@e403e43689
2016-03-28 12:27:50 -04:00
jaymode 77e6622179 shield: remove the ability to specify username in request body
This commit removes the parsing of the username in the request body of a put user
request. Additionally, we use the name passed into the put role request builder rather
than the name from the parsed role descriptor.

Original commit: elastic/x-pack-elasticsearch@0a085d5844
2016-03-28 12:08:27 -04:00
jaymode 0d1f3da353 security: rename ESUsersRealm to FileRealm
This commit is the forward port of renaming the type for esusers to file. There is no
backwards compatibility maintained here. Additionally, a few other renames and
cleanups have been made:

* `esusers` commands is now `users`
* org.elasticsearch.shield.authc.esusers -> org.elasticsearch.shield.authc.file
* Validation.ESUsers -> Validation.Users
* ESUsersTool -> UsersTool
* ESUsersToolTests -> UsersToolTests
* ESNativeUsersStore -> NativeUsersStore
* ESNativeRolesStore -> NativeRolesStore.
* org.elasticsearch.shield.authz.esnative collapsed to org.elasticsearch.shield.authz.store
*  ESNativeTests -> NativeRealmIntegTests

Closes elastic/elasticsearch#1793

Original commit: elastic/x-pack-elasticsearch@d2a0c136f3
2016-03-28 06:18:57 -04:00
Chris Earle 7d481aab94 Making Watcher disabled by default for Monitoring Integration tests
Some tests [reasonably] fail due to unexpected indices appearing in the cluster due to Watcher.

- Also had to reset shieldEnabled as a static field, which makes no sense, but tests were failing unpredictably without it
    - Now they're passing unpredictably with it... will investigate

Original commit: elastic/x-pack-elasticsearch@9b6ce681d8
2016-03-25 18:45:24 -04:00
javanna 257ae2cb44 Merge branch 'master' into enhancement/node_client_setting_removal
Original commit: elastic/x-pack-elasticsearch@d3522628d4
2016-03-25 22:28:40 +01:00
Chris Earle 5d3a608786 Fix checkstyle overrun
Original commit: elastic/x-pack-elasticsearch@c965dde2e1
2016-03-25 16:54:00 -04:00
Chris Earle aacbeb2a81 Randomly Enable Watcher while running Monitoring Tests
This is required to make sure that the integration for monitoring the Watcher Threadpool is actually working.

- Also added the full property name when the assertContains check fails
- Made shieldEnabled an instance level field rather than a static one
- Added watcherEnabled field in the same fashion (including enableWatcher method that by default randomly enables it)
- Added method to locally filter the expected field names based on watcher being enabled for the failing test

Original commit: elastic/x-pack-elasticsearch@2c56e2f26f
2016-03-25 16:17:02 -04:00
javanna 622193ca40 separated attributes from node roles in DiscoveryNode
Node roles are now serialized as well, they are not part of the node attributes anymore. DiscoveryNodeService takes care of dividing settings into attributes and roles. DiscoveryNode always requires to pass in attributes and roles separately.

Original commit: elastic/x-pack-elasticsearch@32a4eb0fb4
2016-03-25 20:15:07 +01:00
Tanguy Leroux ea2be5d4d9 Merge pull request elastic/elasticsearch#1807 from tlrx/add-more-threadpool-stats
Monitoring: Add more thread pool stats

Original commit: elastic/x-pack-elasticsearch@b9e533b25d
2016-03-25 16:43:05 +01:00
Tanguy Leroux 2397158d20 Fix ClusterStateTests
Original commit: elastic/x-pack-elasticsearch@7bca8abe67
2016-03-25 16:40:38 +01:00
jaymode 1bf3a93e4f test: fix IndexPrivilegeTests after removal of predefined privileges
Original commit: elastic/x-pack-elasticsearch@6b913449b3
2016-03-25 10:43:30 -04:00
Tanguy Leroux a3807b078d Monitoring: Add more thread pool stats
This commit adds stats for generic/get/management/watcher thread pools.

Related to elastic/elasticsearch#1750

Original commit: elastic/x-pack-elasticsearch@8b001b50c6
2016-03-25 15:40:06 +01:00
javanna fc2ece87bd Merge branch 'master' into enhancement/node_client_setting_removal
Original commit: elastic/x-pack-elasticsearch@4276ae3192
2016-03-25 15:21:11 +01:00
javanna c1414b9f86 adapt to upstream changes
Original commit: elastic/x-pack-elasticsearch@7f281d6f29
2016-03-25 15:20:49 +01:00
jaymode 6fab4680a2 security: roles store poller should only update existing entries
Original commit: elastic/x-pack-elasticsearch@6573f4d689
2016-03-25 07:24:26 -04:00
jaymode 929e179150 shield: put user should validate password length
This changes the put user request builder to validate password length when a
password is provided. The validation is the same as what we use in the file
based realm.

Closes elastic/elasticsearch#1800

Original commit: elastic/x-pack-elasticsearch@fde1d6c685
2016-03-24 15:25:22 -04:00
Alexander Reelsen cf6cadf19f Build: Move xpack to plugin group
This is needed in order to make `bin/elasticsearch-plugin install xpack`
work, as it expects the plugin in a certain path.

Original commit: elastic/x-pack-elasticsearch@252c55e5a8
2016-03-24 18:38:58 +01:00
jaymode ca9ebf5351 security: refresh before searching in pollers
This commit is the forward port of fixes made in 2.3 for the roles and users
pollers. The pollers now refresh since not all operations are guaranteed to
refresh.

The clear roles tests are also made more evil since the poller runs at different
intervals on each node and can sometimes run almost continuously. The
modification requests now randomize if they refresh or not as well.

Original commit: elastic/x-pack-elasticsearch@f61159c40a
2016-03-24 12:55:35 -04:00
Chris Earle ac6b5b7c25 Modifying based on review comments
Original commit: elastic/x-pack-elasticsearch@8e3b5f4c17
2016-03-24 11:47:49 -04:00
Chris Earle 87c3730244 Removing unnecessary JavaDoc
Original commit: elastic/x-pack-elasticsearch@083f5529ac
2016-03-24 11:47:49 -04:00
Chris Earle 43de1ff8da Modify the CleanerService to use a minimum
Users running the `CleanerService` should not be able to disable it (via a `-1` as the time setting) because they'll just shoot themselves in the foot. This PR changes the behavior to allow extensive amounts via the setting (e.g., they could set it to 2 years). By doing this via the `Setting`, we can avoid a lot of boilerplate code for verification as well. If we decide to allow it to be disabled, then the setting should be explicit. I've found that users tend to not understand setting times to `-1`.

With the internal `IndicesCleaner` runnable, I have also moved the rescheduling code to `onAfter` so that it always happens, even if the license makes it temporarily invalid.

I also think that we should allow the user to dynamically set the setting regardless of it being allowed -- and warn on it. This way they can set it when it's expired or during the trial, but it will take effect when they apply the paid license. I think that this will provide a better user experience so that they do not have to remember to re-set it later.

This also removes the `LocalExporter`-specific setting that allowed it to override the global retention. If we ever add another listener, then we should add exporter-specific settings to support this kind of functionality.

Adds some tests for the settings as well as for the service, while also removing now unneeded ones.

Original commit: elastic/x-pack-elasticsearch@3abd41807e
2016-03-24 11:47:49 -04:00