Commit Graph

1536 Commits

Author SHA1 Message Date
Jay Modi 9005e9fdb9 security: filter content of known requests with passwords (elastic/elasticsearch#4700)
This commit adds a mechanism for defining known sensitive values in rest bodies so that
these can be filtered when auditing the request body.

Original commit: elastic/x-pack-elasticsearch@d138a6bff7
2017-01-20 14:05:23 -05:00
Nik Everett d690c5f789 Deguice rest handlers (elastic/elasticsearch#4598)
Since some of the rest handlers depend on components constructed
in `createComponents` we use `SetOnce` to save a reference to
the components at the class level and reuse the reference in
`initRestHandlers`. This does require that `initRestHandlers`
is called after `createComponents` but I think that is fairly
reasonable.

Original commit: elastic/x-pack-elasticsearch@4fd87ad911
2017-01-20 11:49:20 -05:00
Yannick Welsch 8f70653233 Close XContentParser when executing searches from Watcher (elastic/elasticsearch#4696)
Also removes unused method convertToObject from XContentUtils that does not close XContentParser either.

Original commit: elastic/x-pack-elasticsearch@99ce977c55
2017-01-20 12:40:48 +01:00
Alexander Reelsen 84936d57ad Watcher: Fix XContentFilterKeysUtils when using nested lists (elastic/elasticsearch#4635)
The ability to filter JSON inside of arrays was stopping after the first element was found.

Closes elastic/elasticsearch#4614

Original commit: elastic/x-pack-elasticsearch@452cf1c49d
2017-01-20 12:22:20 +01:00
Alexander Reelsen 8011912ce7 Tests: Added some tests for proper 404 responses on watch actions (elastic/elasticsearch#4620)
Relates elastic/elasticsearch#4616 elastic/elasticsearch#4617

Original commit: elastic/x-pack-elasticsearch@7f73792507
2017-01-20 12:01:44 +01:00
Boaz Leskes 630b5fd836 Move ContextPreservingActionListener to core (elastic/elasticsearch#4692)
Original commit: elastic/x-pack-elasticsearch@c3e5762ffc
2017-01-20 10:14:34 +01:00
Daniel Mitterdorfer 6ed83cc8ea Merge pull request elastic/elasticsearch#4380 from danielmitterdorfer/strict-booleans
This PR removes all leniency in the conversion of Strings to booleans: "true" is converted to the boolean value true, "false" is converted to the boolean value false. Everything else raises an error.

Relates elastic/elasticsearchelastic/elasticsearch#22200

Original commit: elastic/x-pack-elasticsearch@a505df1f5d
2017-01-19 08:00:06 +01:00
Ali Beyad 5aae30f722 [TEST] fixes known handler test
Original commit: elastic/x-pack-elasticsearch@98a8f23d23
2017-01-18 16:42:08 -05:00
Ali Beyad 159bf63cd4 [TEST] fix security's request handler tests to check in the
knownHandlers set, not the knownActions

Original commit: elastic/x-pack-elasticsearch@63f3744853
2017-01-18 12:19:42 -05:00
Simon Willnauer 5b5c77f573 Follow up for elastic/elasticsearchelastic/elasticsearch#22677 (elastic/elasticsearch#4670)
This commit picks up some improvments from elastic/elasticsearch#22677 that streamlines correct restore of stored contexts.

Original commit: elastic/x-pack-elasticsearch@0259de50c8
2017-01-18 16:18:10 +01:00
Daniel Mitterdorfer 226d6872ff Merge remote-tracking branch 'origin/master' into strict-booleans
Original commit: elastic/x-pack-elasticsearch@a81d65f77f
2017-01-18 13:39:52 +01:00
Simon Willnauer 533b525b13 Add cross cluster search proxy actions
Original commit: elastic/x-pack-elasticsearch@13f78dffe4
2017-01-18 10:25:40 +01:00
Tim Brooks 17492777a9 Wrap ServerSocket usage in doPrivileged blocks (elastic/elasticsearch#4631)
This is related to elastic/elasticsearch#22116. In the tests there are multiple usages of
server implementations that `accept()` socket connections. To avoid
throwing `SecurityException` when using the `SecurityManager` these
operations must be privileged. Additionally, x-pack:elasticsearch
requires `accept` permission. This was added in the plugin-security
policy file.

Original commit: elastic/x-pack-elasticsearch@057e2abb1f
2017-01-17 09:33:41 -06:00
Tanguy Leroux 06259f1836 Use ElasticsearchException.generateThrowableXContent() and metadataToXContent() (elastic/elasticsearch#4655)
This is the x-pack siblings of elastic/elasticsearchelastic/elasticsearch#22611

Original commit: elastic/x-pack-elasticsearch@57924a6f1a
2017-01-17 15:45:53 +01:00
Simon Willnauer 9e1f81d1e4 fix line len
Original commit: elastic/x-pack-elasticsearch@15d060560b
2017-01-16 21:17:22 +01:00
Simon Willnauer 6ebeaae972 Followup for elastic/elasticsearchelastic/elasticsearch#22636 (elastic/elasticsearch#4634)
Original commit: elastic/x-pack-elasticsearch@a6b2c88610
2017-01-16 21:06:30 +01:00
Jason Tedor f677f3e327 Expose logs base path
This commit responds to a change in core Elasticsearch to expose
different properties for configuring the log files.

Relates elastic/elasticsearch#4633

Original commit: elastic/x-pack-elasticsearch@4caab617bf
2017-01-16 07:40:29 -05:00
Simon Willnauer 507e8d5461 Followup for elastic/elasticsearchelastic/elasticsearch#22618 (elastic/elasticsearch#4625)
Original commit: elastic/x-pack-elasticsearch@366253f46f
2017-01-15 13:36:03 +01:00
Lee Hinman 1ee5ac8a89 [TEST] Fix issue with bulk security rejections
Now that /_bulk requests are handled on a shard level, the entire request isn't
rejected, instead, each individual request is rejected. This changes the assert
accordingly.

Relates to elastic/elasticsearch#4441

Original commit: elastic/x-pack-elasticsearch@7ca777b574
2017-01-13 11:49:37 -07:00
Lee Hinman 4db2d7101a Merge remote-tracking branch 'z-areek/enhancement/use_shard_bulk_for_single_ops'
Original commit: elastic/x-pack-elasticsearch@bb4265d026
2017-01-13 10:46:20 -07:00
Simon Willnauer d50ffd6dc3 Fix compilation after elastic/elasticsearchelastic/elasticsearch#22608
Original commit: elastic/x-pack-elasticsearch@5ce843283a
2017-01-13 16:51:28 +01:00
Daniel Mitterdorfer d90181a3a1 Merge remote-tracking branch 'origin/master' into strict-booleans
Original commit: elastic/x-pack-elasticsearch@36ae65f4d8
2017-01-13 10:11:37 +01:00
Suyog Rao 89405c783f [Logstash monitoring] Fix template to match event structure (elastic/elasticsearch#4613)
CPU stats were wrongly nested under "load". The correct nesting is os->cpu->load_average

Original commit: elastic/x-pack-elasticsearch@e3dc3765f6
2017-01-12 16:55:26 -08:00
Lee Hinman 53f2dbe8e6 switch shard-level actions to static final vars, use separate method
Instead of shoehorning everything into `isCompositeAction`, add a new
`isTranslatedToBulkAction` method.

Original commit: elastic/x-pack-elasticsearch@053faae505
2017-01-12 15:04:57 -07:00
Lee Hinman 0136b095d0 Add BWC indices for 5.1.2 (elastic/elasticsearch#4607)
Original commit: elastic/x-pack-elasticsearch@8f2311aca8
2017-01-12 14:31:41 -07:00
Lee Hinman 41f4d1784d Remove `_all` configuration
Since the `_all` field is now disabled by default and no longer allowed to be
configured, these should be removed from the mapping templates.

Relates to https://github.com/elastic/elasticsearch/pull/22144

Original commit: elastic/x-pack-elasticsearch@3b17c2b9c6
2017-01-12 09:29:09 -07:00
javanna 2c5aeba418 remove unused arguments from RestGraphAction private parse method
Original commit: elastic/x-pack-elasticsearch@f0f41fb0a7
2017-01-12 14:44:02 +01:00
javanna dcf5ce7a4e Remove ParseFieldMatcher usages from QueryParseContext
Original commit: elastic/x-pack-elasticsearch@93423ca15c
2017-01-12 14:44:02 +01:00
javanna 51302608cb remove some more ParseFieldMatcher usages
Original commit: elastic/x-pack-elasticsearch@4d3b7574cc
2017-01-12 14:44:02 +01:00
Lee Hinman a21f64fef2 Revert "Don't add shard-specific versions of index/delete to isComposite"
This reverts commit elastic/x-pack@4b97fb70b5.

Original commit: elastic/x-pack-elasticsearch@1777134975
2017-01-11 14:17:40 -07:00
Jay Modi c5cab37db6 security: always restore the ThreadContext after invoking an action
This change ensure that the ThreadContext is always restored after an action has been invoked when
going through the SecurityActionFilter and authentication and authorization is enabled.

Original commit: elastic/x-pack-elasticsearch@5da70bd6fa
2017-01-11 13:41:14 -05:00
Chris Earle 33e670e3aa [Monitoring] Improve Exporter "skipped" logging for Cloud (elastic/elasticsearch#4581)
This removes the "skipped exporter" logging at the info level in favor of debug level. The LocalExporter has been updated so that non-elected master nodes will log a "waiting for elected master node..." message when they're ready, but are stuck waiting for the master node to setup indices.

Original commit: elastic/x-pack-elasticsearch@3f8b58bc37
2017-01-11 13:38:27 -05:00
Lee Hinman f64b1ea3eb Merge branch 'master' into enhancement/use_shard_bulk_for_single_ops
Original commit: elastic/x-pack-elasticsearch@f71ce64fb3
2017-01-11 10:09:08 -07:00
Nik Everett 818c4e9791 Handle core removing SearchRequestParsers
Original commit: elastic/x-pack-elasticsearch@e2f0ef773b
2017-01-11 08:49:16 -05:00
Lee Hinman 66f96a4666 Don't add shard-specific versions of index/delete to isComposite
Original commit: elastic/x-pack-elasticsearch@3777e9db8b
2017-01-10 10:39:53 -07:00
Alexander Reelsen 56e3e107d4 Tests: Fix watcher test using DNS resolution (elastic/elasticsearch#4576)
Turns out that this test became flaky on dev machines with specific DNS setup.
This test uses an index action to provoke an error, thus there is no dependency
on anything network specific.

The reason it was uncovered now, was due to the change to the Apache HTTP client which is doing DNS lookups. This DNS lookup happened inadvertantly because of a bug in the test, which had a URI like http://http://127.0.0.1.... However having web request was not needed at all, so it was replaced.

Closes elastic/elasticsearch#4561

Original commit: elastic/x-pack-elasticsearch@158516b5e5
2017-01-10 17:26:54 +01:00
Yannick Welsch a890cfb81e Keep NodeConnectionsService in sync with current nodes in the cluster state
Companion commit to elastic/elasticsearchelastic/elasticsearch#22509

Original commit: elastic/x-pack-elasticsearch@d46a46bf68
2017-01-10 13:32:11 +01:00
Daniel Mitterdorfer b9eab29195 Merge remote-tracking branch 'origin/master' into strict-booleans
Original commit: elastic/x-pack-elasticsearch@3eda267724
2017-01-10 10:19:12 +01:00
Lee Hinman 320ec6716d Merge branch 'master' into enhancement/use_shard_bulk_for_single_ops
Original commit: elastic/x-pack-elasticsearch@23761f3e16
2017-01-09 16:27:42 -07:00
Nik Everett 66a2f0d49e Handle core replacing Suggesters with namedObject
Original commit: elastic/x-pack-elasticsearch@e68d82569f
2017-01-09 16:51:47 -05:00
Lee Hinman 8326b6d83b Merge branch 'master' into enhancement/use_shard_bulk_for_single_ops
Original commit: elastic/x-pack-elasticsearch@98f4e74d2e
2017-01-09 14:22:18 -07:00
Jay Modi e0f0b4b7b8 rename the kibana role to kibana_system
This commit renames the kibana role to kibana_system and provides a backwards compatibility
layer so that kibana access still works properly during a rolling upgrade.

Closes elastic/elasticsearch#4525

Original commit: elastic/x-pack-elasticsearch@5c5796e53a
2017-01-09 16:06:50 -05:00
Lee Hinman e311ce0794 IndexAction is now handled at the shard level, so don't test it
Original commit: elastic/x-pack-elasticsearch@0398acb10c
2017-01-09 13:41:51 -07:00
Lee Hinman 0b64c9e550 MockIndicesRequest should implement CompositeIndicesRequest
Original commit: elastic/x-pack-elasticsearch@094a31d379
2017-01-09 13:33:13 -07:00
Lee Hinman 93720505b8 Merge branch 'master' into enhancement/use_shard_bulk_for_single_ops
Original commit: elastic/x-pack-elasticsearch@089fa9977d
2017-01-09 11:39:37 -07:00
Lee Hinman 8c3b05fa32 Re-add index and delete actions to AuthorizationServiceTests
Original commit: elastic/x-pack-elasticsearch@719db23c02
2017-01-09 11:16:49 -07:00
Lee Hinman 99f96862b4 Add subrequest versions of index and delete actions to `isCompositeAction`
Original commit: elastic/x-pack-elasticsearch@0e0a74eaea
2017-01-09 11:16:08 -07:00
Nik Everett ac260505af Handle core moving Aggregation parsing to namedObject
Original commit: elastic/x-pack-elasticsearch@a968c54e86
2017-01-09 13:05:56 -05:00
Nik Everett c597d37fbb Hande SearchExtParsers replaced by namedObject
Original commit: elastic/x-pack-elasticsearch@9691f9b772
2017-01-09 08:22:01 -05:00
jaymode a0090ac556 test: ensure the roles store is called when verifying mock interations
The CompositeRolesStoreTests#testNegativeLookupsAreCached test had a bug where it was expected to
retrieve the superuser role but the mockito verification on the call failed. This was because there
is also randomization on the number of times to call, which could be 0.

Closes elastic/elasticsearch#4562

Original commit: elastic/x-pack-elasticsearch@5c62df15b7
2017-01-09 08:05:59 -05:00