Commit Graph

1809 Commits

Author SHA1 Message Date
debadair 8d0ce80d0e Clarified note about needing to perform a full cluster restart. Closes elastic/elasticsearch#109.
Original commit: elastic/x-pack-elasticsearch@d4f62cc072
2015-09-09 14:00:08 -07:00
debadair a82925b3bd Updated links to maven repo to use https. Closes elastic/elasticsearch#495.
Original commit: elastic/x-pack-elasticsearch@f95bdea57e
2015-09-09 13:14:24 -07:00
debadair ee6ac98565 Cleaned up realm topics, split off cache management. Closes elastic/elasticsearch#523, elastic/elasticsearch#451.
Original commit: elastic/x-pack-elasticsearch@99534117de
2015-09-09 12:58:07 -07:00
debadair 28f629da29 Updated actions list for 2.0. Closes elastic/elasticsearch#567.
Original commit: elastic/x-pack-elasticsearch@0ef9e834be
2015-09-09 12:52:59 -07:00
Ryan Ernst 7aa612b62e Merge pull request elastic/elasticsearch#615 from rjernst/warnings_cleanup2
Add warning suppressions

Original commit: elastic/x-pack-elasticsearch@a787f9c2a4
2015-09-09 12:51:51 -07:00
Ryan Ernst fbbd3f6c2d Add warning suppressions
I fixed a couple more warnings and added suppressions, so that when
 elastic/elasticsearchelastic/elasticsearch#13410 lands, x-plugins will not break.

Original commit: elastic/x-pack-elasticsearch@8a19b2b71b
2015-09-09 12:45:20 -07:00
jaymode 714460c2f0 remove path.home from TransportClients in code and docs
After changes in core and elastic/elasticsearch#578, we do not need to set path.home in the settings for a
TransportClient anymore. This cleans up the usages of it in our tests and in our documentation.

Closes elastic/elasticsearch#605

Original commit: elastic/x-pack-elasticsearch@d70875fe2b
2015-09-09 15:16:30 -04:00
Martijn van Groningen a6dc1ad97d test: make sure to stop nodes after the tribe node integration test
Original commit: elastic/x-pack-elasticsearch@3aaaced6ec
2015-09-09 21:14:36 +02:00
jaymode 52c31d8c08 alway return reserved roles when parsing roles file
Today, if the roles.yml file does not exist the roles that are defined programmatically are not
available. This is incorrect because the reserved roles should always be available and not depend
on the parsing of the file. This change ensures that the reserved roles are made available even
when the roles.yml file is missing.

Closes elastic/elasticsearch#602

Original commit: elastic/x-pack-elasticsearch@ee2fd2ddbf
2015-09-09 14:11:04 -04:00
jaymode a5d9c45dd3 remove the override of finalize in SecuredString
This change removes the override of finalize in SecuredString to resolve a issue where
the char[] can be cleared by the call in the finalize method but the char array is still being used.

The specific issue that occurs is in the BCrypt usage of the SecuredString. A character is concatenated
and then the utf8Bytes method is called. In most cases, the proper bytes are returned but occasionally
the byte array is returned with only zeroes. This occurs under load and/or memory pressure and can be
provoked by running BCryptTests with a small heap (12 - 16 megabytes) and the SecuredString
implementation with the overridden finalize method.

Closes elastic/elasticsearch#589

Original commit: elastic/x-pack-elasticsearch@fb6430ea9d
2015-09-09 12:42:49 -04:00
jaymode 9e3bf47a87 update the transport client and add integration tests
Closes elastic/elasticsearch#477

Original commit: elastic/x-pack-elasticsearch@8926f6ca44
2015-09-09 12:30:41 -04:00
Martijn van Groningen 8511d56a83 test: Remove version randomization from the parent child test. The <= 1.x impl has been removed, so no need to test it any more in master.
Original commit: elastic/x-pack-elasticsearch@2633349d02
2015-09-09 17:50:54 +02:00
jaymode 154b10e901 add the ability to run as another user
This change adds a new permission that allows authorized users to execute a request as
another user. The flow is as follows:

1. The user making the request is authenticated
2. The user that is being impersonated is looked up
3. The requesting user is authorized for the privilege to run as the specified user
4. The impersonated user is then authorized for the given request

Additionally, the auditing has been updated to support this capability and indicates when a
user has been granted the ability to run as another user and then also indicates both the user
who is being impersonated and the requesting user when actions are granted/denied.

Closes elastic/elasticsearch#17

Original commit: elastic/x-pack-elasticsearch@00e5a6169b
2015-09-09 11:25:02 -04:00
uboness 7ea8c85e4b [docs] Update docs for version 2.0.0-beta2
Original commit: elastic/x-pack-elasticsearch@b4af10f8f0
2015-09-09 08:04:42 -07:00
uboness acd051c288 [docs] Update docs for version 2.0.0-beta1
Original commit: elastic/x-pack-elasticsearch@0206648252
2015-09-09 08:03:55 -07:00
Martijn van Groningen fd4058f921 Use the more verbose format in the default roles.yml and docs.
Closes elastic/elasticsearch#529

Original commit: elastic/x-pack-elasticsearch@9bde530a9c
2015-09-09 15:44:35 +02:00
jaymode 14c21786ee Test: add back the stop of the local audit trails
If also indexing locally, we need to stop the audit trail indexing otherwise the test cluster checks
will fail. See elastic/elasticsearch#598

Original commit: elastic/x-pack-elasticsearch@6767ab2edb
2015-09-09 08:39:51 -04:00
jaymode 0de73ec330 Test: don't check shard counters for RemoteIndexAuditTrailStartingTests
For the RemoteIndexAuditTrailStartingTests we start a remote cluster and index into the test cluster and after
the test we stop the remote cluster but indexing operations can still be ongoing in the test cluster and thus cause
locked shards causing lots of noise in CI. We simply skip this check for these tests.

Closes elastic/elasticsearch#598

Original commit: elastic/x-pack-elasticsearch@e678f82f29
2015-09-09 07:51:38 -04:00
jaymode 94dbf3f2a7 allow for the Environment to be optional in the ClientSSLService
This change makes the environment optional for the ClientSSLService, which is used for
Transport Clients and also used for LDAP client connections. Since we use the ClientSSLService
for LDAP connections, we still need the environment when running as a node under the
security manager to resolve paths from the configuration directory.

Closes elastic/elasticsearch#573

Original commit: elastic/x-pack-elasticsearch@862fafffe3
2015-09-09 06:43:34 -04:00
Ryan Ernst e17b3894d3 Merge pull request elastic/elasticsearch#603 from rjernst/warnings_cleanup
Remove some warnings caught by -Xlint

Original commit: elastic/x-pack-elasticsearch@0fe9e84487
2015-09-09 01:09:23 -07:00
Ryan Ernst 5dd5f525b5 Remove some warnings caught by -Xlint
Original commit: elastic/x-pack-elasticsearch@50bea927cf
2015-09-09 00:16:13 -07:00
Ryan Ernst 2ab0db4373 Fix compile issues after removal of loadConfigSettings from transport
client

Original commit: elastic/x-pack-elasticsearch@2efe4f2980
2015-09-08 17:22:54 -07:00
Martijn van Groningen e7b338a077 test: added smoke test for the shield tribe node integration
Original commit: elastic/x-pack-elasticsearch@f7ab8b9044
2015-09-08 12:37:36 +02:00
Martijn van Groningen 547b6346f6 Changed the underlying DLS implementation
Instead of wrapping the IndexSearcher and applying the role query during the rewrite, the role query gets applied in a custom filtered reader that applies the query via the live docs.

The big advantage is that DLS is being applied in all document based APIs instead of just the _search and _percolate APIs.

In order to better deal with the cost of converting the role query to a bitset, the bitsets are cached in the bitset filter cache
and if the role query bitset is sparse the role query and main query will execute in a leapfrog manner to make executing queries faster.
 If the role query bitset isn't sparse, we fallback to livedocs.

Closes elastic/elasticsearch#537

Original commit: elastic/x-pack-elasticsearch@330b96e1f2
2015-09-08 11:04:10 +02:00
Martijn van Groningen c1fc6e5e62 fix TriggeredWatchStoreTests
Original commit: elastic/x-pack-elasticsearch@5837fc03be
2015-09-07 19:11:47 +02:00
Martijn van Groningen aeb4c34cc5 fix WatchStoreTests
Original commit: elastic/x-pack-elasticsearch@61d2cc95f1
2015-09-07 19:06:11 +02:00
Martijn van Groningen a65d1e3d58 test: fix docCount to only use the source builder in SearchRequestBuilder and don't use also the source on SearchRequest
Original commit: elastic/x-pack-elasticsearch@0ffcf0c5ff
2015-09-07 18:34:44 +02:00
Adrien Grand 06ec935a08 Fix x-plugins following count/scan removal from elasticsearch-core.
Original commit: elastic/x-pack-elasticsearch@ee43991a0a
2015-09-07 17:44:01 +02:00
Jason Tedor 9a729638da Remove and forbid use of com.google.common.base.Strings
This commit removes and now forbids all uses of
com.google.common.base.Strings across the codebase.

For uses of com.google.common.base.Strings.isNullOrEmpty, use
org.elasticsearch.common.Strings.isNullOrEmpty.

For uses of com.google.common.base.Strings.padStart use
org.elasticsearch.common.Strings.padStart.

For uses of com.google.common.base.Strings.nullToEmpty use
org.elasticsearch.common.Strings.coalesceToEmpty.

Relates elastic/elasticsearchelastic/elasticsearch#13224

Original commit: elastic/x-pack-elasticsearch@d6e349e654
2015-09-07 09:37:30 -04:00
Jason Tedor 32812c2139 Merge pull request elastic/elasticsearch#592 from jasontedor/predicate-out-with-the-old-in-with-the-new
Remove and forbid the use of com.google.common.base.Predicate(s)?

Original commit: elastic/x-pack-elasticsearch@58e948884a
2015-09-06 07:47:06 -04:00
uboness e6dfa215b6 Introducing Watch De/activateion
Today, once you add a watch to watcher, it's always active. Being "active" means that the watch is registered with the trigger engine (scheduled) and will be executed when its trigger is triggered.

Quite often, ppl want to have an option to deactivate/disable a registered watch. Such that while the watch definition still exists in watcher, it is "inactive" and is never triggered. The only way to do this today is using a "hack" where you can change the watch schedule to a cron expression targeting a really far date in the future (say somewhere around 2050). Again.. this is very hackish and it requires changing the actual definition of the watch (you loose its original trigger).

 This commit introduces the notion of an active/inactive watch.. here are the differences between the two states:

 - active: the watch is registered with watcher and with the trigger engine and will be executed when its trigger is fired by the engine
 - inactive: the watch is registered with watcher, but is not registered with the trigger engine. An inactive watch will never be fired, regardless of its trigger.

 This commit also adds two new APIs:

  - `_watcher/watch/{id}/_activate`
  - `_watcher/watch/{id}/_deactivate`

 to activate and deactivate existing watches.

 In addition, the Put Watch API now accepts an `active` parameter that indicates the initial state of the put watch (by default set to  `true`, i.e. "active").

 Closes elastic/elasticsearch#90

Original commit: elastic/x-pack-elasticsearch@37b9ab4d54
2015-09-04 21:38:34 +02:00
Jason Tedor 74cdc2f4ce Remove and forbid the use of com.google.common.base.Predicate(s)?
This commit removes and now forbids all uses of
com.google.common.base.Predicate and com.google.common.base.Predicates
across the codebase. This is one of the many steps in the eventual
removal of Guava as a dependency. This was enabled by
elastic/elasticsearchelastic/elasticsearch#13314.

Relates elastic/elasticsearchelastic/elasticsearch#13224, elastic/elasticsearchelastic/elasticsearch#13349

Original commit: elastic/x-pack-elasticsearch@968b81849f
2015-09-04 13:33:31 -04:00
uboness 533c14242f Bumped the version to 3.0.0-SNAPSHOT
Original commit: elastic/x-pack-elasticsearch@0771b3e589
2015-09-04 16:30:11 +02:00
Alexander Reelsen 8934f3436b Marvel: Ensure marvel is not deployed
In order to not accidentally release marvel in its current state
this removes marvel in the S3 upload as well as not deploying
marvel to artifactory.

Original commit: elastic/x-pack-elasticsearch@cb6088e18b
2015-09-04 11:00:37 +02:00
jaymode 2f93428f22 test: poll for the index audit trail template
The template may not get recreated immediately due to other pending cluster state updates.

Original commit: elastic/x-pack-elasticsearch@810d77b397
2015-09-03 17:43:14 -04:00
jaymode 480406ebc7 Test: stop the IndexAuditTrail if running to prevent locked shards
The InternalTestCluster checks after the tests run if there are any locked shards, which is still
possible because the IndexAuditTrail is running and auditing events. This change makes the
test stop the IndexAuditTrail if they are running in the local cluster.

Original commit: elastic/x-pack-elasticsearch@f7fb564525
2015-09-03 13:00:42 -04:00
jaymode 1dbdf2ea1f add note on extended key usage
Closes elastic/elasticsearch#362

Original commit: elastic/x-pack-elasticsearch@0a2e0ab6d1
2015-09-03 11:53:39 -04:00
jaymode 892d9774f5 update limitations around more like this query
This updates the limitations section to indicate that the MLT query only works with Elasticsearch
1.6.2+ and 1.7.1+.

Closes elastic/elasticsearch#331

Original commit: elastic/x-pack-elasticsearch@70f2bb484e
2015-09-03 11:45:50 -04:00
jaymode afacb47828 make IndexAuditTrail recreate template and remove ShieldWrappingCluster
The ShieldWrappingCluster was added to prevent deletion of the IndexAuditTrail template when
running tests since the wipe() method will delete all templates. However, the cluster wrapping
is problematic with indexRandom() and causes noise in CI. This change removes the
ShieldWrappingCluster and changes the IndexAuditTrail to recreate the index template if it is
removed.

Closes elastic/elasticsearch#562

Original commit: elastic/x-pack-elasticsearch@0403ea7cef
2015-09-03 11:32:24 -04:00
Jason Tedor 6035dc3b63 Merge pull request elastic/elasticsearch#574 from jasontedor/feature/array-compare-condition
Add compare condition to handle arrays

Original commit: elastic/x-pack-elasticsearch@c548b84b76
2015-09-03 09:48:15 -04:00
Jason Tedor 77e74a9319 Add compare condition to handle arrays
This commit adds a new compare condition called “array_compare”. This
condition enables comparing a single resolved value to an array of
resolved values. The value can be compared for equality, non-equality,
and strict and non-strict ordering; the array compare condition will
evaluate to true if the value compares to true with respect to the
specified operator against all (“all”) or at least one (“some”) of the
values in the array specified by “array_path”. Each value in the array
can be resolved to a value using “path” (e.g., “array_path”:
“cx.payload.aggregations.some_field.buckets” and “path”: “doc_count”
would resolve each value in the buckets array to its “doc_count”).

Closes elastic/elasticsearch#345

Original commit: elastic/x-pack-elasticsearch@0d74b4dc11
2015-09-03 09:46:23 -04:00
Adrien Grand b4d5ef5904 Fix query rewriting for document-level security to be stable.
Original commit: elastic/x-pack-elasticsearch@3ad7eb4ded
2015-09-03 12:46:20 +02:00
Martijn van Groningen f270e585f4 dls: compare the rewritten query
Original commit: elastic/x-pack-elasticsearch@b84d661f33
2015-09-03 10:57:24 +02:00
Martijn van Groningen 99d91b7a9c Added wildcard support to the FLS `fields` option.
Closes elastic/elasticsearch#452

Original commit: elastic/x-pack-elasticsearch@4e82ce0472
2015-09-03 10:37:34 +02:00
Martijn van Groningen 1a84daab2a DLS: don't wrap twice
Original commit: elastic/x-pack-elasticsearch@86f6f7ac17
2015-09-03 10:31:23 +02:00
Ryan Ernst fd962ea7dc Fix test naming, Test -> Tests
Original commit: elastic/x-pack-elasticsearch@e7ad7361a5
2015-09-02 15:18:29 -07:00
Areek Zillur dc471bc0a9 Fix naming for abstract test cases
Original commit: elastic/x-pack-elasticsearch@546ac98077
2015-09-02 16:58:06 -04:00
uboness e4ffceb9ba Introducing Slack Action
- This action enables sending notifications to slack channels/users
- Utilizes the incoming webhook API of slack
- Similar to the `email` and `hipchat` actions, multiple slack accounts can be configured, each with its own URL and message defaults
- Slack actions are associated with an account, or if not, they'll be sent via the default account.
- The message itself is very flexible and enables defining simple messages to one or more users and/or one or more channels. For complex message structures, one can use `attachments` as described by the slack API.

 Closes elastic/elasticsearch#491

Original commit: elastic/x-pack-elasticsearch@9ecc69c17c
2015-09-02 19:45:54 +02:00
jaymode 22d0ba4cf9 add shield integration to the ScriptServiceProxy
This change adds support for to put the watcher user in the context that is passed to the
ScriptService when Shield is installed and watcher integration with Shield is enabled.

Original commit: elastic/x-pack-elasticsearch@7e9983df0e
2015-09-02 11:32:57 -04:00
Colin Goodheart-Smithe b4a81af254 Fixes to make x-plugins repo work in eclipse
This includes the following:

- Updated .gitignore to be the same as the elasticsearch repo so eclipse files are correctly ignored
- Fixes ambiguous method call compile error in HipChatMessageTests

Original commit: elastic/x-pack-elasticsearch@027ee0ec63
2015-09-02 16:21:09 +01:00