This commit adds a mechanism for defining known sensitive values in rest bodies so that
these can be filtered when auditing the request body.
Original commit: elastic/x-pack-elasticsearch@d138a6bff7
Since some of the rest handlers depend on components constructed
in `createComponents` we use `SetOnce` to save a reference to
the components at the class level and reuse the reference in
`initRestHandlers`. This does require that `initRestHandlers`
is called after `createComponents` but I think that is fairly
reasonable.
Original commit: elastic/x-pack-elasticsearch@4fd87ad911
Also removes unused method convertToObject from XContentUtils that does not close XContentParser either.
Original commit: elastic/x-pack-elasticsearch@99ce977c55
This PR removes all leniency in the conversion of Strings to booleans: "true" is converted to the boolean value true, "false" is converted to the boolean value false. Everything else raises an error.
Relates elastic/elasticsearchelastic/elasticsearch#22200
Original commit: elastic/x-pack-elasticsearch@a505df1f5d
This is related to elastic/elasticsearch#22116. In the tests there are multiple usages of
server implementations that `accept()` socket connections. To avoid
throwing `SecurityException` when using the `SecurityManager` these
operations must be privileged. Additionally, x-pack:elasticsearch
requires `accept` permission. This was added in the plugin-security
policy file.
Original commit: elastic/x-pack-elasticsearch@057e2abb1f
Now that /_bulk requests are handled on a shard level, the entire request isn't
rejected, instead, each individual request is rejected. This changes the assert
accordingly.
Relates to elastic/elasticsearch#4441
Original commit: elastic/x-pack-elasticsearch@7ca777b574
Instead of shoehorning everything into `isCompositeAction`, add a new
`isTranslatedToBulkAction` method.
Original commit: elastic/x-pack-elasticsearch@053faae505
This change ensure that the ThreadContext is always restored after an action has been invoked when
going through the SecurityActionFilter and authentication and authorization is enabled.
Original commit: elastic/x-pack-elasticsearch@5da70bd6fa
This removes the "skipped exporter" logging at the info level in favor of debug level. The LocalExporter has been updated so that non-elected master nodes will log a "waiting for elected master node..." message when they're ready, but are stuck waiting for the master node to setup indices.
Original commit: elastic/x-pack-elasticsearch@3f8b58bc37
Turns out that this test became flaky on dev machines with specific DNS setup.
This test uses an index action to provoke an error, thus there is no dependency
on anything network specific.
The reason it was uncovered now, was due to the change to the Apache HTTP client which is doing DNS lookups. This DNS lookup happened inadvertantly because of a bug in the test, which had a URI like http://http://127.0.0.1.... However having web request was not needed at all, so it was replaced.
Closeselastic/elasticsearch#4561
Original commit: elastic/x-pack-elasticsearch@158516b5e5
The CompositeRolesStoreTests#testNegativeLookupsAreCached test had a bug where it was expected to
retrieve the superuser role but the mockito verification on the call failed. This was because there
is also randomization on the number of times to call, which could be 0.
Closeselastic/elasticsearch#4562
Original commit: elastic/x-pack-elasticsearch@5c62df15b7