This commit is the forward port of renaming the type for esusers to file. There is no
backwards compatibility maintained here. Additionally, a few other renames and
cleanups have been made:
* `esusers` commands is now `users`
* org.elasticsearch.shield.authc.esusers -> org.elasticsearch.shield.authc.file
* Validation.ESUsers -> Validation.Users
* ESUsersTool -> UsersTool
* ESUsersToolTests -> UsersToolTests
* ESNativeUsersStore -> NativeUsersStore
* ESNativeRolesStore -> NativeRolesStore.
* org.elasticsearch.shield.authz.esnative collapsed to org.elasticsearch.shield.authz.store
* ESNativeTests -> NativeRealmIntegTests
Closeselastic/elasticsearch#1793
Original commit: elastic/x-pack-elasticsearch@d2a0c136f3
* Add XPackExtension: an api class (like Plugin in core) for what a x-pack extension can do.
* Add XPackExtensionCli: a cli tool for adding, removing and listing extensions for x-pack.
* Add XPackExtensionService: loading of jars from pluginsdir/x-pack/extensions, into child classloader.
* Add bin/x-pack/extension script, similar to plugin cli, which installs an extension into pluginsdir/x-pack/extensions.
* Add XPack extension integration test.
Fixedelastic/elasticsearch#1515
Original commit: elastic/x-pack-elasticsearch@130ba03270
This commit adds support for the privilege naming defined in elastic/elasticsearch#1342 and removes the
support for the privileges that were deprecated in 2.3. This change also includes
updates to the documentation to account for the new roles format.
Original commit: elastic/x-pack-elasticsearch@98e9afd409
This commit remove the pre-existing file parsing code and replaces it with the updated
code in the RoleDescriptor class. This unifies the parsing for the files and API for roles.
Closeselastic/elasticsearch#1596
Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1
As part of the search refactoring effort, we need to pass a Suggester
to the methods that parse X-Content to a SuggestBuilder in every
instance where we are parsing search/suggest requests.
Original commit: elastic/x-pack-elasticsearch@7f815c617a
This commit modifies using system properties to configure an integration
test cluster and instead use settings in the generated Elasticsearch
config file.
Original commit: elastic/x-pack-elasticsearch@65211b93d0
The san string used by certificate generation for ssl tests currently
runs at gradle configuration time. This takes several seconds, and
significantly slows down gradle configuration on every invocation.
This change wraps the code into a lazy evaluator that will be invoked at
runtime, and cache the string once it is generated.
Original commit: elastic/x-pack-elasticsearch@812036f416
This test assumes no modules are installed but the shield rest tests run with the modules
installed.
Original commit: elastic/x-pack-elasticsearch@2ba47fcd0f
This removes the use of a specific address in smoke test ssl plugins and instead generates
the certificate with all of the IP addresses and DNS names of the system as subject
alternative names. This required duplication and modification of some code from core's
NetworkUtils.
Original commit: elastic/x-pack-elasticsearch@576824376f
This removes the use of group setting for `shield.` and introduces some individual settings
and some group settings that should not overlap and cause issues when iteration order
changes.
See elastic/elasticsearch#1520
Original commit: elastic/x-pack-elasticsearch@193e937193
Until we can fix the shield settings, we have bugs where we depend on the iteration
order of a map and discovery ec2 settings provoke this (most likely through a map
resize).
See elastic/elasticsearch#1520
Original commit: elastic/x-pack-elasticsearch@fbc32cf069
- Moved all settings in Marvel from `marvel.*` to `xpack.monitoring.*`
- Cleaned up marvel settings in general - they're all now under `MarvelSettings` class
- fixed some integration tests along the way (they were configured wrong and never actually tested anything)
- Updated the docs accordingly
- Added `migration-5_0.asciidoc` under the Marvel docs to explain how to migrate from Marvel 2.x to XPack 5.0.
- Replaced all `marvel` mentions in the logs to `monitoring`
- Removed the `xpack.monitoring.template.version` setting from the templates
- renamed the templates to `monitoring-es-data.json` and `monitoring-es.json`
- monitoring indices are now `.monitoring-es-<version>-data` and `.monitoring-es-<version>-<timestamp>`
Original commit: elastic/x-pack-elasticsearch@17f2abe17d
- renaming `ShieldPlugin` to `Shield` (it's no longer a plugin)
- renaming `WatcherPlugin` to `Watcher` (it's no longer a plugin)
- renaming `MarvelPlugin` to `Marvel` (it's no longer a plugin)
- renaming `LicensePlugin` to `Licensing` (it's no longer a plugin)
- renamed setting:`watcher.enabled` -> `xpack.watcher.enabled`
- renamed setting:`marvel.enabled` -> `xpack.marvel.enabled`
Original commit: elastic/x-pack-elasticsearch@35a6540b11
- Consolidated the `bin` and `config` directories of watcher, shield and marvel under a single `config/xpack` and `bin/xpack` directories.
- updated docs accordingly
Original commit: elastic/x-pack-elasticsearch@c2aa6132fa
- Started to move configuration under the `xpack` name
- Cleaned up `ShieldPlugin`
- renamed `ShieldClient` to `SecurityClient`
- Introduced `XPackClient` that wraps security and watcher clients
Original commit: elastic/x-pack-elasticsearch@f05be0c180
This loads an index template for the watch history to make sure,
that field changes are taken into account.
Also, the dynamic mapping for the watch history template has been
changed from strict to false.
This means that new fields can be included in a document, but they
will not indexed and are not searchable.
In addition the index names have been changed from .watch_history-$date to
.watcher-history-$template-$date - using dashes to be more consistent.
Closeselastic/elasticsearch#1299
Original commit: elastic/x-pack-elasticsearch@794f982234
This commit fixes the bad apple tests that failed when running them. The
IndexAuditTrailEnabledTest was removed and the test was folded into the
IndexAuditIT. Some watcher tests that relied on mustache were moved
into the QA tests with the mustache plugin.
Additionally, fixing these tests uncovered a issue with the privileges needed
for writing data into an index. If the mappings need to be updated because
of a write, then the update mapping action gets executed. In 2.x this was
handled by the system user, but now is executed under the user's context,
which is the correct thing to do. The update mapping action is now added to
the read, index, crud, and write privileges for an index.
Original commit: elastic/x-pack-elasticsearch@30711f9625
In elastic/elasticsearch#1442 checkstyle checks were added, but also some files were freed from this.
If we have support for checkstyle, we should check this for all files and not allow
exceptions. This commit removes the file list to ignore any files and fixes all the
java files.
Original commit: elastic/x-pack-elasticsearch@99e6cbc5be
The lang-mustache module has been extended to meet Watcher's needs:
* The ability to refer the specific slots in arrays.
* An `content_type` option controls whether json string escaping is used. Otherwise there is no escaping.
Closeselastic/elasticsearch#1116
Other changes:
* I changed tests that were just using mustache just because it was around to not use mustache
* I moved tests to `test-xpack-with-mustache` module that were testing mustache with Watcher
* added smoke test for watcher and mustache
* moved some tests around
* instead of using DefaultTextTemplateEngine in watcher tests use MockTextTemplateEngine
* added a mock mustache script engine
* Cleanup some messy tests to not rely on mustache and move them back into xpack module
* moved array access test to smoke test watcher with mustache module
* test: simplified the condition search test to take the time component out of it, while still simulation a condition
* removed the mustache dependency in the messy-test-watcher-with-groovy module
Original commit: elastic/x-pack-elasticsearch@6a2a4e885f
This change migrates all of the xpack code to use the new ThreadContext when
dealing with headers and context data. For the most part this is a simple
cutover, but there are some things that required special casing. The internal
actions that executed by a user's requests need to forcefully drop the context
and set the system user. The workaround for this will be improved in a followup.
Additionally, the RequestContext still lives on due to the OptOutQueryCache,
which requires some core changes to fix this issue.
Original commit: elastic/x-pack-elasticsearch@87d2966d93
This commit is the x-plugins side of the refactoring of script settings.
Relates elastic/elasticsearchelastic/elasticsearch#16197
Original commit: elastic/x-pack-elasticsearch@4c429933b9
Shield expands wildcards to concrete names (aliases or indices) before each request gets executed in es core. It never resolves aliases to concrete indices though, as permissions may be set against aliases rather than indices. During this resolution, it also looks at the state of the indices and the current indices options (expand_wildcards) to expand only to indices with the relevant state. When it comes to aliases though, they may point to multiple indices each one having a different state, so it always expands ignoring expand_wildcards. At that point the request will contain the explicit name of the alias, no wildcards, thus the expand_wildcards option will have no effect in core. ignore_unavailable could be used instead when interacting with shield, which would affect how aliases are resolved to multiple indices. In this case we can only blacklist the test in shield, as it will return both the closed index and the open one.
Original commit: elastic/x-pack-elasticsearch@54c11dfc31
javanna
Adrien Grand
Alexander Reelsen
Chris Earle
jaymode
Jim Ferenczi
Tanguy Leroux
Ali Beyad
Jason Tedor
Ryan Ernst
markharwood
Nik Everett
Martijn van Groningen
Colin Goodheart-Smithe
Simon Willnauer
uboness
Boaz Leskes
Robert Muir
Lee Hinman