Commit Graph

35 Commits

Author SHA1 Message Date
uboness ac6b82ef7c Updated licensing behaviour
- on license expiration, we only block cluster stats/health and indices stats.
- depend on the latest snapshot of the licensing plugin that supports registrations of expiration callbacks
- registering expiration callbacks to periodically log and warn about license expiration (pre and post expiration)

Original commit: elastic/x-pack-elasticsearch@5aee30fac4
2015-01-24 00:25:06 +01:00
uboness 27fd142e0c Fixed version back to SNAPSHOT
Original commit: elastic/x-pack-elasticsearch@81b4d4cd09
2015-01-23 19:38:35 +01:00
uboness 8b95d0f71c Updated pom.xml
Changes reflect the restructuring of elasticsearch maven repo

- changed the repository names (for consistency sake)
- elasticsearch repositories now point to `/releases` and `/snapshots`
- added `deploy-internal` and `deploy-public` profiles

Original commit: elastic/x-pack-elasticsearch@92709ce38a
2015-01-23 15:10:18 +01:00
Alexander Reelsen 2986502984 CLI Tools: Add command to check for same permissions and owners after run
In case the creation of files changed the owner, group or the permissions, this command
will write an error message to the console.

Relates elastic/elasticsearch#517

Original commit: elastic/x-pack-elasticsearch@49aab5f712
2015-01-22 19:13:45 +01:00
javanna 98c3531bf9 move to es core 1.4.2
This commit moves the es core dependency to 1.4.2, which becomes the minimum version required from now on.

Changes made accordingly to this decision since we can break backwards compatibility and assume es core>=1.4.2

Closes elastic/elasticsearch#562

Original commit: elastic/x-pack-elasticsearch@484b4a2528
2015-01-19 08:24:18 +01:00
Alexander Reelsen 431f30893f Cleanup: Split service transport service for client & server
In order to be more flexible this clean up commit splits the
TransportService into a client and server one. As part of this
we can safely remove the slightly misused TransportFilters class.

Renamed shield.type from server to node, so we can differentiate between node2node and node2client communication.

Original commit: elastic/x-pack-elasticsearch@a3a2f9bf38
2014-12-16 14:28:32 +01:00
javanna e3768b6cff [TEST] upgrade randomized runner to 2.1.11
2.1.11 contains the fix for this issue: carrotsearch/randomizedtestingelastic/elasticsearch#179 which will resolve these recurring failures described in elastic/elasticsearch#386.

Closed elastic/elasticsearch#490

Original commit: elastic/x-pack-elasticsearch@3a396d6302
2014-12-15 13:48:04 +01:00
javanna 8320be7b09 Build: add scm info to pom.xml
Build number maven plugin requires this info to retrieve the build number and make it available as a variable, which is then published through RestShieldInfoAction, which is currently null. This commit makes sure the build number gets currently published.

Closes elastic/elasticsearch#428

Original commit: elastic/x-pack-elasticsearch@0a2bc7646b
2014-12-05 12:42:44 +01:00
javanna 02c3601ac5 Build: fix dependencies order in pom
tests-framework.jar must be before lucene-core.jar

Original commit: elastic/x-pack-elasticsearch@7aa48f737a
2014-12-05 08:49:36 +01:00
javanna 093d9a901c Packaging: set es core as provided dependency
Also update the assembly configuration and the commons-codec version

Closes elastic/elasticsearch#423

Original commit: elastic/x-pack-elasticsearch@27e76c5307
2014-12-05 07:41:19 +01:00
uboness e646fd5edc Integration with license plugin
- Added a `LicenseService` to handle license feature enable/disable events
 - LicenseEventNotifier is responsible for notifying the license events to whatever registered listeners that are interested in them
 - In Shield, when a license is disabled for `shield` feature, we block all read operations (done in the `ShieldActionFilter`)
 - Added initial documentation around licensing

Closes elastic/elasticsearch#347

Original commit: elastic/x-pack-elasticsearch@6ba7a10cd4
2014-12-04 20:49:35 +01:00
javanna a995ed9cca [TEST] allow to configure tests.timezone and tests.locale
tests.timezone and tests.locale are values that gets randomized all the time (even without configuring them). They don't get printed yet out with shield failures as this was only recently added to es core, but it makes sense to get ready and allow to configure them for better test repeatability.

Also removed support for es.node.mode and es.node.local as we always use network since we test with unicast discovery only.

Original commit: elastic/x-pack-elasticsearch@d03fa0c162
2014-11-27 11:40:13 +01:00
Alexander Reelsen 2f4fb2cf48 Dependencies: Upgrade to Elasticsearch 1.4.0
* Configuring the transport pipeline has changed due to adding profiles in 1.4
* Lots of tests needed to be changed in order to not leave thread pools around
* ApacheDs leaves a thread lingering around, thus a ThreadLeakFilter needed to be added

Original commit: elastic/x-pack-elasticsearch@de35362fc4
2014-11-06 12:03:49 +01:00
Alexander Reelsen 4903852f48 Packaging: Include build information
Also added a ShieldBuild class to return

* Shield version
* Shield build hash
* Shield build timestamp

Also added a '/_shield' endpoint which returns those fields.

Original commit: elastic/x-pack-elasticsearch@38928d1ef6
2014-11-05 10:28:02 +01:00
Alexander Reelsen d608fe2b60 Build: Enable resource filtering to include version
Closes elastic/elasticsearch#200

Original commit: elastic/x-pack-elasticsearch@2cbf0cecf6
2014-10-24 09:37:43 -07:00
Bill Hwang 2a1ce81960 [CI] Added static analysis dependencies
Modified pom.xml to do static analysis without Jenkins

'mvn -DskipTests=true -Pstatic clean compile site' to start analysis
The reports are at target/site/project-reports.html.

Original commit: elastic/x-pack-elasticsearch@ddec28e8d0
2014-10-07 11:06:35 -06:00
javanna 5b1dd41f23 Move to elasticsearch-1.4.0.Beta1 (no snapshot)
Original commit: elastic/x-pack-elasticsearch@18c93bcae2
2014-10-02 15:42:21 +02:00
Michael McCandless 3b1ae0b593 Upgrade to Lucene 4.10.1
Original commit: elastic/x-pack-elasticsearch@31273b6769
2014-10-01 05:15:49 -04:00
Alexander Reelsen 2fbf4436aa Dependencies: Updating to elasticsearch 1.4.0.Beta1
Original commit: elastic/x-pack-elasticsearch@66cc907790
2014-10-01 11:11:33 +02:00
Michael McCandless d9d5cbeb32 upgrade to Lucene 4.10.1 snapshot
Original commit: elastic/x-pack-elasticsearch@d41ba71039
2014-09-24 16:35:42 -04:00
javanna 723725753a [TEST] Make it possible to run REST tests against es+shield
Added `ShieldRestTests` that extends `ElasticsearchRestTests` allowing to run REST tests against es+shield. Tests won't be run by default as they require additional configuration (e.g. rest tests and spec location on file system). They can be activated via `-Dtests.rest=true`. Rest tests and spec location can be provided as follows:

```
-Dtests.rest.spec=/path/to/elasticsearch/rest-api-spec/api -Dtests.rest.suite=/path/to/elasticsearch/master/rest-api-spec/test
```

Some tests need to be blacklisted at this moment as follows:

```
-Dtests.rest.blacklist=scroll/*/*,mpercolate/*/*,msearch/*/*
```

Closes elastic/elasticsearch#79

Original commit: elastic/x-pack-elasticsearch@6f3e72dd87
2014-09-19 17:08:17 +02:00
javanna fee5a30f7f Update es core version to 1.4.0.Beta-SNAPSHOT
Original commit: elastic/x-pack-elasticsearch@acd0ab0292
2014-09-15 15:46:24 +02:00
uboness f4b4075cfa Upgraded to Lucene 4.10 and fixed the build
The automaton support changed quite a bit in 4.10 which required determinizing all the automatons used in the Privilege

Original commit: elastic/x-pack-elasticsearch@96a82f0f5d
2014-09-06 15:41:22 +02:00
Bill Hwang 3ae67f3999 [BUILD] Added license check
1) Enforce license header check on source files
2) Add missing license header to existing sources

Original commit: elastic/x-pack-elasticsearch@da73e4f2b6
2014-09-02 15:54:05 -07:00
Bill Hwang 6b0ec94eab [CI] Add JaCoCo plug in dependencies
Add jacoco plug in depdencies to pom.xml, inside a profile.
This enables code coverage analysis

Original commit: elastic/x-pack-elasticsearch@eedf882368
2014-09-02 12:18:07 -07:00
c-a-m 9cd397727f LDAP: Implements an LDAP realm
The LDAP realm is a bind-per-user strategy and the group lookup strategy is configurable.
If a role mapping file is not defined, groups names are taken as role names.
Special configuration for active directory simplifies the configuration.

Integration Tests are using an embedded apache DS LDAP Server.

Original commit: elastic/x-pack-elasticsearch@ce20e1b3be
2014-08-25 15:36:31 -06:00
uboness 1f5f3f21f9 Changed the contract of AuthenticationService#token to throw an authentication exception when no token found
- Also added an overloaded version of the AuthenticationService#token method that accepts a default token and that doesn't thrown an authentication exception
- Added AuditTrail#authenticationFailed method at a higher level than the realm version. Now the realm authc failure will only be logged when trace is enabled. With this change, the audit trail logging is more consistent in its terminology (anonymous is now logged when no auth token is found)
- extended the level of audit trail logging tuning (now using all logging levels, incl. error & warn)
- Added tests for audit trails
- Added tests for authentication service
- Added mockito as a test lib (will serve as our mocking framework)

Original commit: elastic/x-pack-elasticsearch@8d21ab7484
2014-08-13 14:23:28 +02:00
uboness fe4571da43 Changed the version to 1.0.0-SNAPSHOT
Also added ShieldVersion to track version changes in the codebase

Original commit: elastic/x-pack-elasticsearch@3282329ee9
2014-08-12 13:34:46 +02:00
Alexander Reelsen 75cf637fed Build: Do not depend on guava in compile scope
Changed the scope of the guava dependency to prevent wrong imports and always use the shaded ones.
This required a change in the forbidden API signatures, as that tool alwyas try load the class and fail
if the class cannot be found.

Original commit: elastic/x-pack-elasticsearch@90a245423a
2014-08-08 12:57:28 +02:00
Alexander Reelsen d0673b0cfb Added SSL support in netty
This introduces the possibility to have all communications (transport
and HTTP) to run over SSL.

Original commit: elastic/x-pack-elasticsearch@c816a65f53
2014-07-22 11:41:17 +02:00
Alexander Reelsen bc0e233589 Removed netty dependency. Use shaded classes as imports
Original commit: elastic/x-pack-elasticsearch@46483aa44f
2014-07-22 11:20:41 +02:00
uboness 9b3160b7ac Added more unit tests, re-implemented & added tests for ESUsersTool
- Added CliTool infrastructure (should eventually be moved to core and removed from this repo)

Original commit: elastic/x-pack-elasticsearch@ba498163f5
2014-07-21 04:42:04 +02:00
uboness f727e29066 Initial commit of the infrastructure codebase for security
There are four modules:
 - authc: realm based authentication module
 - authz: role based privileges & permissions authorization module
 - n2n: node to node authentication module (incl. IP filtering auth)
 - audit: audit trail module (only includes log file audit trails for now)

Original commit: elastic/x-pack-elasticsearch@b1ec9e2923
2014-07-17 17:58:36 +02:00
Alexander Reelsen 5ede63f180 Dependencies: Upgraded to elasticsearch 1.4.0-SNAPSHOT
Original commit: elastic/x-pack-elasticsearch@ccec992aeb
2014-07-17 08:35:16 +02:00
Alexander Reelsen b201d726b2 Initial import
Original commit: elastic/x-pack-elasticsearch@d85c3afaf4
2014-07-07 11:30:28 +02:00