The general use case is to provide only the {type} to the bulk and even that may not be specified. However,
by setting it up as
/_x-pack/monitoring/{type}/_bulk
/_x-pack/monitoring/{index}/{type}/_bulk
it fails to properly recognize the {type} parameter because the PathTrie that gets generated sees two wildcards
at the same location and the last one specified wins -- {index}. As a result, it's impossible to only set the
{type} without making the PathTrie logic convoluted for a niche use case (a list to try instead of a single path).
his fixes the issue by removing the completely unused option: you can no longer specify {index} outside of
individual bulk indexing operations. If we see a need to bring it back, then we can add it as an API param, but
that is an unusual place for the index field and I do not expect it to be needed that frequently.
Original commit: elastic/x-pack-elasticsearch@40d0d05404
Currently, license notification scheme treats no license (before trial license is auto-generated)
and a license tombstone in the cluster state in the same way. This caused a bug where licencees
were not notified of explicit license removal. Now, the notification scheme explicitly handles
license tombstone to notify the licensees and handles the case for no license in cluster state
as before.
Original commit: elastic/x-pack-elasticsearch@c90ec23398
- Introduced a `MISSING` operation mode
- now when the license is removed (and a tombstone license is placed), the licensees get notified with a `MISSING` license status
- the monitoring, security and watcher licensees were updated
Original commit: elastic/x-pack-elasticsearch@650d940666
Some changes in elastic/x-pack@d13557c517 change the testIgnoreTimestampedIndicesInOtherVersions method and it now sometime fails.
This commit revert the previous behavior of the test and ensures that at least 1 index is cleaned up/deleted in each test.
Original commit: elastic/x-pack-elasticsearch@3c6acb4ff8
This adds it so that a system can specify "_data" as the index to index into the
data index (without having to know its name). _Not_ supplying an index will use
the timestamped index. Any other index name (including wrong case) is invalid.
Original commit: elastic/x-pack-elasticsearch@6eeadfb3c8
With this commit we free all bytes reserved on the request circuit breaker.
Relates elastic/elasticsearchelastic/elasticsearch#18144
Original commit: elastic/x-pack-elasticsearch@3986436b8c
This changes the loose usage of onOrBefore to equals so that when we add beta1, this test fails
again.
Original commit: elastic/x-pack-elasticsearch@fe4f2cbdf0
This changes the security endpoints to _xpack/security, fixes the rest api spec to also use
the xpack.security prefix and adds documentation and tests.
Original commit: elastic/x-pack-elasticsearch@7977575f0e
This commit fixes an issue in HttpExporterTemplateTests caused by the
migration from Strings#splitStringToArray to String#split. Namely, the
previous would split a string like "/x/y/z/" into { "x", "y", "z" } but
the former will split this into { "", "x", "y", "z" }. This commit
modifies the test logic to respond to this change.
Original commit: elastic/x-pack-elasticsearch@c567b17180
This commit fixes an issue that was introduced in ObjectPath#evalContext
when refactoring from Strings#splitStringToArray to
String#split. Namely, the former would return an empty array when
receiving a null or empty string as input but the latter will NPE on a
null string and return an array containing the empty string on an empty
string input.
Original commit: elastic/x-pack-elasticsearch@2f509f9fa0
In order to move things from watcher to x-pack this created a notification module in x-pack.
This also means that the HTTPClient was moved up and settings have changed from
`xpack.watcher.http` to just `xpack.http`.
Further things done:
* Move http under o.e.xpack.common
* Moved secret service to o.e.xpack.common, initializing in XpackPlugin
* Moved text template to o.e.xpack.common.text
* Moved http client initialization into xpack plugin
* Renamed xpack.watcher.encrypt_sensitive_data setting, moved into Watch class
* Moved script service proxy to common
Original commit: elastic/x-pack-elasticsearch@41eb6e6946
With elastic/elasticsearchelastic/elasticsearch#7309 we enable HTTP compression by
default. However, this can pose a security risk for HTTPS
traffic (e.g. BREACH attack). Hence, we disable HTTP compression
by default again if HTTPS enabled (note that this still allows the
user to explicitly enable HTTP compression if they want to).
Relates elastic/elaticsearchelastic/elasticsearch#7309
Original commit: elastic/x-pack-elasticsearch@8da100c9a5
This refactors the org.elasticsearch.watcher over to
org.elasticsearch.xpack.watcher
This also adds all watcher actions to the KnownActionsTests,
as watcher actions had not been taken care of until here.
Original commit: elastic/x-pack-elasticsearch@a046dc7c6a
This commit adds the necessary changes to make SSL work on the transport layer by default. A large
portion of the SSL configuration/settings was re-worked with this change. Some notable highlights
include support for PEM cert/keys, reloadable SSL configuration, separate HTTP ssl configuration, and
separate LDAP configuration.
The following is a list of specific items addressed:
* `SSLSettings` renamed to `SSLConfiguration`
* `KeyConfig` and `TrustConfig` abstractions created. These hide the details of how `KeyManager[]` and `TrustManager[]` are loaded. These are also responsible for settings validation (ie keystore password is not null)
* Configuration fallback is changed. Previously any setting would fallback to the "global" value (`xpack.security.ssl.*`). Now a keystore path, key path, ca paths, or truststore path must be specified otherwise the configuration for that key/trust will fallback to the global configuration. In other words if you want to change part of a keystore or truststore in a profile you need to supply all the information. This could be considered breaking if a user relied on the old fallback
* JDK trusted certificates (`cacerts`) are trusted by default (breaking change). This can be disabled via a setting.
* We now monitor the SSL files for changes and enable dynamic reloading of the configuration. This will make it easier for users when they are getting set up with certificates so they do not need to restart every time. This can be disabled via a setting
* LDAP realms can now have their own SSL configurations
* HTTP can now have its own SSL configuration
* SSL is enabled by default on the transport layer only. Hostname verification is enabled as well. On startup if no global SSL settings are present and SSL is configured to be used, we auto generate one based on the default CA that is shipped. This process includes a best effort attempt to generate the subject alternative names.
* `xpack.security.ssl.hostname_verification` is deprecated in favor of `xpack.security.ssl.hostname_verification.enabled`
* added Bouncy Castle info to NOTICE
* consolidated NOTICE and LICENSE files
Closeselastic/elasticsearch#14Closeselastic/elasticsearch#34Closeselastic/elasticsearch#1483Closeselastic/elasticsearch#1933
Addresses security portion of elastic/elasticsearch#673
Original commit: elastic/x-pack-elasticsearch@7c359db90b
This commit makes a few modifications to the IndexAuditTrail class:
* Use `InternalAuditUser#is` to determine if the principal is the auditor when we have a user
and simply compare `InternalAuditUser#NAME` when only a string principal is available
* Remove the `Thread#setDaemon` call in the QueueConsumer as this thread should be terminated
as part of the shutdown of the node
In terms of tests, there are some issues and changes to how we test certain aspects. The muted tests
were not accurate since the tests immediately checked for the existence of an index and did not poll or
wait and this operation is asynchronous so the index could be created after the exists request was
executed. These tests were removed and a new class was added to test the muted behavior. In these
tests we override the audit trails implementation of a queue, which will set a flag to indicate a message
has been added to the queue. This is a synchronous operation so it can be checked immediately.
The other tests in the IndexAuditTrail tests remain but a few changes have been made to the execution.
* ensureYellow is called for the index we expect to be created before searching for documents
* the remote cluster is only setup at the beginning of the suite rather than before every test to ensure
quicker execution
* the maximum number of shards has been reduced to three since we do not really need up to 10 shards
for a single document
Original commit: elastic/x-pack-elasticsearch@501b6ce9da
This change adds the proper behavior for the standard license which is:
* authentication is enabled but only the reserved, native and file realms are available
* authorization is enabled
Features that are disabled:
* auditing
* ip filtering
* custom realms
* LDAP, Active Directory, PKI realms
See elastic/elasticsearch#1263
Original commit: elastic/x-pack-elasticsearch@920c045bf1
This commit removes duplicated code in the authentication service by combining
the authentication logic for rest and transport requests. As part of this we no longer
cache the authentication token since we put the user in the context and serialize the
user.
Additionally we now pass the thread context to the AuthenticationFailureHandler to
restore access to the headers and context.
Original commit: elastic/x-pack-elasticsearch@79e2375a13
build info
There are many other things that should be cleaned up around this (eg
XpackInfoResponse.BuildInfo should not exist, it is the exact same as
what XPackBuild has), but this change gets the build info output working
again.
closeselastic/elasticsearch#2116
Original commit: elastic/x-pack-elasticsearch@0730daf031
This mainly moves packages over to the x-pack directory and renames the settings
from `xpack.watcher.actions.` to `xpack.notification.`
Moved services include pagerduty, hipchat, slack and email.
Closeselastic/elasticsearch#1998
Original commit: elastic/x-pack-elasticsearch@40c16fe123
Updated okhttp and moved the jsr305 dependency into testing.
This required a minor change in tests using SSL, as otherwise
the security manager barfs, when the okhttp webserver tries
to load sun internal SSL based classes.
Original commit: elastic/x-pack-elasticsearch@77131589e0
The old implementation was to use properties at build-time. This however did not work,
as the tests could not be run in the IDE. This has been removed of monitoring for some
time already, but needs to be removed from watcher as well.
This commit uses static variables and refactors the code a bit. First, there is a generic
TemplateUtils class, to be used in monitoring and watcher. Also the watcher code has been changed
to copy the needed variables into the template registry class instead of keeping it in the
WatcherModule.
This commit also includes some refactoring to remove the version parameter in marvel, was static anyway
Closeselastic/elasticsearch#1372
Original commit: elastic/x-pack-elasticsearch@fbfc22ea09
- by default the response includes all info - build, license, features + human descriptions.
- you can still control the output using `categories` and `human` parameters
- Added docs to this API
Original commit: elastic/x-pack-elasticsearch@85115495ec
This avoids exceptional cases where node stats are not returned due to some concurrent modification.
Original commit: elastic/x-pack-elasticsearch@6f6b8ec393
Writeable#readFrom has become a method you just implement because
the interface requires it but the prefered way to actually do the
reading is a ctor that takes a StreamReader. readFrom just delegates
to the ctor. This removes readFrom entirely because it is not needed
anymore and is going away in core.
Relates to https://github.com/elastic/elasticsearch/issues/17085
Original commit: elastic/x-pack-elasticsearch@dd74db5ded
- introduced the "Feature Set" notion - graph, security, monitoring, watcher, these are all feature sets
- each feature set can be:
- `available` - indicates whether this feature set is available under the current license
- `enabled` - indicates whether this feature set is enabled (note that the feature set can be enabled, yet unavailable under the current license)
- while at it, cleaned up the main modules of watcher, security, monitoring and graph.
Original commit: elastic/x-pack-elasticsearch@5b3e19fe8c
From now on, if field level security and percolator is used then the percolator field needs to be included in the allowed fields.
Original commit: elastic/x-pack-elasticsearch@7d39b5caf6
The SessionFactory construction was calling the `ldapServers` method in the constructor,
which was fine for all of the session factories except for the ActiveDirectorySessionFactory.
The ActiveDirectorySessionFactory overrides the ldapServers method and use class variables
that are initialized in its constructor so the value was always null.
This change moves setup to an init method for objects that depend on variables set during
construction.
Closeselastic/elasticsearch#2011
Original commit: elastic/x-pack-elasticsearch@07c15ce171
Even though HEAD is a possible method, this implies that no data is returned
and thus the tests fail randomly.
If HEAD should be added to the api it needs it's own API definition IMO.
Original commit: elastic/x-pack-elasticsearch@a216393f6b
* The found-license project is removed since it is no longer needed
* The plugin-api classes have moved into the license-plugin since there is only one plugin
* The license/base project publishes the proper artifactId in the pom file
* The x-pack jar file is added as an artifact so that it can be installed
* The x-pack pom no longer declares the packaging as `zip`
* The x-pack pom uses the right artifactId for license-core
* Removed disabling of installing the x-plugins artifacts
* Cleaned up a use of guava in watcher (found when trying to remove guava as a compile
dependency but is needed by the HTML sanitizer)
* Removed the dependency on the mustache compiler since it is no longer necessary
Closeselastic/elasticsearch#1987
Original commit: elastic/x-pack-elasticsearch@9d3b50b054
Elasticsearch supports the concept of date match expressions for index names and
the authorization service was trying to authorize the names without resolving them
to their concrete index names. This change now resolves these names
Closeselastic/elasticsearch#1983
Original commit: elastic/x-pack-elasticsearch@3c6baa8e83
The license check in Watcher was issued in the wrong way,
so that new licenses were not affected by the check. This
commit explicitely lists the license types that are allowed
to execute watcher actions as well as fixing the tests.
Relates elastic/elasticsearch#1263
Original commit: elastic/x-pack-elasticsearch@afd55965b0
The eclipse compiler errors on this class because "the method containsInAnyOrder(T...) of type Matchers is not applicable as the formal varargs element type T is not accessible here". This is because the first common superclass of `XPackUser` and `KibanaUser` is `ReservedUser` which is package protected and not available to this test class. This change casts to `User` so the error does not occur in Eclipse.
Original commit: elastic/x-pack-elasticsearch@be8fa82720
Our documentation states that we have default attributes for
message.format and message.color, which in fact we do not have
as an NPE was triggered in that case.
This commit falls back to unset defaults and allows for hipchat messages
to be sent without having to configure color/format in the action
or the account.
Closeselastic/elasticsearch#1666
Original commit: elastic/x-pack-elasticsearch@bfb7e35112
The HTTP response toXContent() method contains the http response headers, which
are used as field names in Elasticsearch in the watch history.
These can contain dots, like `es.index` being returned when Elasticsearch
encounters an exception - which results in an index error.
This patch changes the dots to an underscore when calling toXContent()
Closeselastic/elasticsearch#1803
Original commit: elastic/x-pack-elasticsearch@e4070f8b70
With this commit we limit the size of all in-flight requests on
HTTP level. The size is guarded by the same circuit breaker that
is also used on transport level. Similarly, the size that is used
is HTTP content length.
Relates elastic/elasticsearchelastic/elasticsearch#16011
Original commit: elastic/x-pack-elasticsearch@318b7a4a8a
With this commit we limit the size of all in-flight requests on
transport level. The size is guarded by a circuit breaker and is
based on the content size of each request.
By default we use 100% of available heap meaning that the parent
circuit breaker will limit the maximum available size. This value
can be changed by adjusting the setting
network.breaker.inflight_requests.limit
Relates elastic/elasticsearchelastic/elasticsearch#16011
Original commit: elastic/x-pack-elasticsearch@d1c43fe8d9
This removes the old usage of NetworkAddress.formatAddress in favor of the updated version, which is just
the method renamed to NetworkAddress.format (replacing the old version of that method).
There is no impact to x-plugins beyond making the build work because all places were currently using that
method variant already.
Original commit: elastic/x-pack-elasticsearch@05f0dcfa90
This commit adds support for the change in elasticsearch where the `/` rest
endpoint now delegates to an action and can be authorized.
Original commit: elastic/x-pack-elasticsearch@8ef38ce50f
This commit adds reserved or built-in user and role support to x-pack. The reserved roles
cannot be modified by users. The reserved users also cannot be modified with the exception
of changing the password for a user.
In order to change the password for a user, a new API has been added. This API only supports
changing passwords for native and reserved users.
To support allowing a user to change their own password, a default role has been added to grant
access. This default role only grants access to user operations that pertain to the user that is
being authorized. In other words, the default role grants `joe` the ability to change their own password
but does not allow them to change the password of a different user.
Additionally, the authenticate API was made a transport action and is granted by the default role.
Closeselastic/elasticsearch#1727Closeselastic/elasticsearch#1185Closeselastic/elasticsearch#1158
Original commit: elastic/x-pack-elasticsearch@1a6689d90f
This commit migrates all of the `shield.` settings to `xpack.security.` and makes changes to
use the new Settings infrastructure in core.
As a cleanup, this commit also renames Shield to Security since this class is only in master
and will not affect 2.x.
See elastic/elasticsearch#1441
Original commit: elastic/x-pack-elasticsearch@a5a9798b1b
This commit allows authorized users to monitor the security index. This fixes an issue
with the _cat/indices api, which resolves the concrete indices using the cluster state
and then makes a indices stats request. Without this change, the api fails with an
authorization exception because it is specifically requesting the security index and the
user is not the internal user.
Closeselastic/elasticsearch#1895
Original commit: elastic/x-pack-elasticsearch@070a389833
Since elastic/elasticsearch#1832 exporters are created once, but the inner exporting bulks must be instanciated for each export. The CountingExporter and CountingBulk have not been updated to reflect this change.
Original commit: elastic/x-pack-elasticsearch@bbbde22363
(there are other indices too, montoring indices and waiting for green fails there because these indices have replica shards)
Original commit: elastic/x-pack-elasticsearch@63dd3e6ebb
A ParseField object is now required to register queries against the SearchModule rather than the QueryParser#names method. ParseField handles camel case automatically. Also this allows us to log deprecation warnings (or fail in strict mode) when deprecated names are used for queries (e.g. "in", "mlt", "fuzzy_match" etc.)
Original commit: elastic/x-pack-elasticsearch@b0146e6e3d
This adds default timeouts to the SMTP configuration to prevent infinite timeouts, that can lead to stuck watches.
This also requires to use time values instead of just milliseconds.
Closeselastic/elasticsearch#1830
Original commit: elastic/x-pack-elasticsearch@c886da7bff
One test was missing the check if posix permissions are supported by the file system.
As it does not make sense to not run 50% of the tests in 50% of the cases, the
logic to configure which capabilities a in-memory FS should have has been moved
into each test.
Original commit: elastic/x-pack-elasticsearch@59a32ea26d
When called without arguments, systemkey tool returned with an AIOOE.
This fixes the issue, but also ports over the tests to jimfs, so they
can actually run, as the security manager is always enabled and thus the
tests never ran before.
Closeselastic/elasticsearch#1926
Original commit: elastic/x-pack-elasticsearch@887b681607
This commit adds all the following segments stats to the current node_stats document:
- memory_in_bytes
- terms_memory_in_bytes
- stored_fields_memory_in_bytes
- term_vectors_memory_in_bytes
- norms_memory_in_bytes
- doc_values_memory_in_bytes
- index_writer_memory_in_bytes
- version_map_memory_in_bytes
- fixed_bit_set_memory_in_bytes
Original commit: elastic/x-pack-elasticsearch@ea4b8034ba
This commit makes the user and roles poller use a self rescheduling runnable to schedule the
next run of the poller rather than using scheduleWithFixedDelay. This is done because the
pollers perform blocking I/O operations and everything using that thread pool method runs on
the schedule thread and because of this, in certain situations this can lead to a deadlock which
will prevent the cluster from forming.
Original commit: elastic/x-pack-elasticsearch@9fd0748c8c
Too many places are checking for enumerations when they're really more interested in a "higher" level of
information. This will help with the forthcoming addition of the STANDARD operation mode as well.
Original commit: elastic/x-pack-elasticsearch@2799c27e19
This commit fixes an issue in synchronization in Exporters class. The export() method is synchronized and when used with LocalExport can provoke a deadlock. LocalExporter exports data locally using bulk requests that can trigger cluster state updates for mapping updates. If a exporters settings update sneaks in, the settings update waits for the export to terminate but the export waits for the settings to be updated... and boom.
This commit removes the synchronized and refactor Exporters/LocalExporter to use state and dedicated instance of LocalBulk for each export so that synchronizing methods is not necessary anymore.
It also lower down some random settings in MonitoringBulkTests because the previous settings almost always fill the bulk thread pool.
closeselastic/elasticsearch#1769
Original commit: elastic/x-pack-elasticsearch@f50c916f8b
The view index metadata privilege did not grant access to the shard level field mapping
action or the shard level validate query action. This caused the apis to restrict access to
the data when it should have been allowed.
Closeselastic/elasticsearch#1827
Original commit: elastic/x-pack-elasticsearch@7832699cb6
This commit synchronizes the start of the threads that are executing monitoring bulk requests concurrently
to ensure all threads are ready before starting. Without this some threads will execute requests while
other threads are still being constructed.
Original commit: elastic/x-pack-elasticsearch@e777fb5c28
This commit changes the handling in the merge method of the IndexAccessControl class to
properly handle merging IndexAccessControl objects with differing values for the granted
flag. Prior to this commit, in a scenario where the flag differed, one IndexAccessControl granted
no access to an index, and the other granted access with DLS/FLS resulted in full access
being granted to the index.
Closeselastic/elasticsearch#1821
Original commit: elastic/x-pack-elasticsearch@e403e43689
This commit removes the parsing of the username in the request body of a put user
request. Additionally, we use the name passed into the put role request builder rather
than the name from the parsed role descriptor.
Original commit: elastic/x-pack-elasticsearch@0a085d5844
This commit is the forward port of renaming the type for esusers to file. There is no
backwards compatibility maintained here. Additionally, a few other renames and
cleanups have been made:
* `esusers` commands is now `users`
* org.elasticsearch.shield.authc.esusers -> org.elasticsearch.shield.authc.file
* Validation.ESUsers -> Validation.Users
* ESUsersTool -> UsersTool
* ESUsersToolTests -> UsersToolTests
* ESNativeUsersStore -> NativeUsersStore
* ESNativeRolesStore -> NativeRolesStore.
* org.elasticsearch.shield.authz.esnative collapsed to org.elasticsearch.shield.authz.store
* ESNativeTests -> NativeRealmIntegTests
Closeselastic/elasticsearch#1793
Original commit: elastic/x-pack-elasticsearch@d2a0c136f3
Some tests [reasonably] fail due to unexpected indices appearing in the cluster due to Watcher.
- Also had to reset shieldEnabled as a static field, which makes no sense, but tests were failing unpredictably without it
- Now they're passing unpredictably with it... will investigate
Original commit: elastic/x-pack-elasticsearch@9b6ce681d8
This is required to make sure that the integration for monitoring the Watcher Threadpool is actually working.
- Also added the full property name when the assertContains check fails
- Made shieldEnabled an instance level field rather than a static one
- Added watcherEnabled field in the same fashion (including enableWatcher method that by default randomly enables it)
- Added method to locally filter the expected field names based on watcher being enabled for the failing test
Original commit: elastic/x-pack-elasticsearch@2c56e2f26f
Node roles are now serialized as well, they are not part of the node attributes anymore. DiscoveryNodeService takes care of dividing settings into attributes and roles. DiscoveryNode always requires to pass in attributes and roles separately.
Original commit: elastic/x-pack-elasticsearch@32a4eb0fb4
This is needed in order to make `bin/elasticsearch-plugin install xpack`
work, as it expects the plugin in a certain path.
Original commit: elastic/x-pack-elasticsearch@252c55e5a8
This commit is the forward port of fixes made in 2.3 for the roles and users
pollers. The pollers now refresh since not all operations are guaranteed to
refresh.
The clear roles tests are also made more evil since the poller runs at different
intervals on each node and can sometimes run almost continuously. The
modification requests now randomize if they refresh or not as well.
Original commit: elastic/x-pack-elasticsearch@f61159c40a
Users running the `CleanerService` should not be able to disable it (via a `-1` as the time setting) because they'll just shoot themselves in the foot. This PR changes the behavior to allow extensive amounts via the setting (e.g., they could set it to 2 years). By doing this via the `Setting`, we can avoid a lot of boilerplate code for verification as well. If we decide to allow it to be disabled, then the setting should be explicit. I've found that users tend to not understand setting times to `-1`.
With the internal `IndicesCleaner` runnable, I have also moved the rescheduling code to `onAfter` so that it always happens, even if the license makes it temporarily invalid.
I also think that we should allow the user to dynamically set the setting regardless of it being allowed -- and warn on it. This way they can set it when it's expired or during the trial, but it will take effect when they apply the paid license. I think that this will provide a better user experience so that they do not have to remember to re-set it later.
This also removes the `LocalExporter`-specific setting that allowed it to override the global retention. If we ever add another listener, then we should add exporter-specific settings to support this kind of functionality.
Adds some tests for the settings as well as for the service, while also removing now unneeded ones.
Original commit: elastic/x-pack-elasticsearch@3abd41807e