Similar to the lifecycle services, stopping the shield lifecycle should
also ensure that the poller threads are stopped, which is tricky, in case
they run through huge user/role lists.
Original commit: elastic/x-pack-elasticsearch@7a48f19853
Restoring empty contexts causes issues with searches, but failure to restore the
original context when executing index requests that auto-create results in a
the index operation being tried by the system user.
See elastic/elasticsearch#1380
Original commit: elastic/x-pack-elasticsearch@522f857de7
This removes a check in the ClearRolesCacheTests that is prone to failure due to the
possibility of the cache poller running while we modify documents and updating cached
values prior to the test issuing the get roles call.
See elastic/elasticsearch#1354
Original commit: elastic/x-pack-elasticsearch@ba0b803466
This change migrates all of the xpack code to use the new ThreadContext when
dealing with headers and context data. For the most part this is a simple
cutover, but there are some things that required special casing. The internal
actions that executed by a user's requests need to forcefully drop the context
and set the system user. The workaround for this will be improved in a followup.
Additionally, the RequestContext still lives on due to the OptOutQueryCache,
which requires some core changes to fix this issue.
Original commit: elastic/x-pack-elasticsearch@87d2966d93
This commit is the x-plugins side of the refactoring of script settings.
Relates elastic/elasticsearchelastic/elasticsearch#16197
Original commit: elastic/x-pack-elasticsearch@4c429933b9
As of elastic/elasticsearchelastic/elasticsearch#16054 all index level settings
must be registered and use the new settings infrastructure. This commit
prepares for the merge to provide a smooth transition.
Original commit: elastic/x-pack-elasticsearch@bc0a4fec07
Due to lingering threads when shutting down when running this in CI
this disables watcher in this tests. It is really hard to reproduce
to get the correct order of start/stop. The reason here is, that watcher
is still starting and not finished, when stop is called on the plugin.
Original commit: elastic/x-pack-elasticsearch@2de85bcba6
When debugging role mapping it is useful to know the actual user DN, which is only logged
when something is actually mapped to the DN. Since this is logged at debug level, we should
always log it.
Original commit: elastic/x-pack-elasticsearch@b690c757d3
Previously we only exposed the use of a single URL for LDAP realms, while the code supported
multiple URLs. Internally we always used a failover server set, which would have provided failover
to another LDAP server if multiple existed. This change introduces a new setting `load_balance.type`
on the realm that indicates the type of load balancing. Valid options are:
* `failover` - the first server in the list will be used until it fails and then additional servers will be tried until
one succeeds. The first successful server will be used from now on. This is the default.
* `round_robin` - continuously iterates through the list of servers for each new connection. If a server is down,
the iteration will continue until a successful connection is made. The downfall here is that the list does not
get reordered on a down server, so there is overhead for always trying the servers in order.
* `dns_failover` - This server set takes a single URL that uses a DNS that will resolve to multiple IP addresses.
Connections will be consistently attempted to servers in the order they are retrieved from the name service; there
is no re-ordering and the first successful connection will be used.
* `dns_round_robin` - This server set takes a single URL that uses a DNS that will resolve to multiple IP addresses.
The addresses retrieved from the name service will connected to in the same order as `round_robin`.
Closeselastic/elasticsearch#31
Original commit: elastic/x-pack-elasticsearch@9ce9a1bf23
* allow bulk requests with updates if fls/dls isn't configured for targetted index
* throw a hard error if the current call can't resolve an associated transport request
marvel: node stats collector should use the client instead of the internal apis, because otherwise the index searcher wrapper can't locate the transport request that is associated with current call and would then throw an exception, which then prevents the marvel agent from collecting stats.
* if both field or document level security is enabled then all forbidden operations should fail
Original commit: elastic/x-pack-elasticsearch@b2c40d6559
The REST authenticate API can be used to test credentials and retrieve details about the
user that has been authenticated. This currently includes retrieving the user's username
and roles.
Closeselastic/elasticsearch#1019
Original commit: elastic/x-pack-elasticsearch@117a226187
This commit removes usage of Collections#shuffle(List) as this is a
forbidden method in upstream Elasticsearch.
Relates elastic/elasticsearchelastic/elasticsearch#15287, relates elastic/elasticsearchelastic/elasticsearch#15299
Original commit: elastic/x-pack-elasticsearch@2943569ee1
Squashed commit of the following:
commit 54de841112778b01e817e465d2f59840970bb4f3
Author: Robert Muir <rmuir@apache.org>
Date: Thu Dec 10 08:47:12 2015 -0500
see exactly how far MessyTestPlugin can go (unit tests depend on both groovy and mustache!)
commit 743b5a4e0cc9a05e307339dfcb4569feed31f337
Author: Robert Muir <rmuir@apache.org>
Date: Thu Dec 10 08:35:03 2015 -0500
fix x-pack compile/tests to work with https://github.com/elastic/elasticsearch/pull/15328
Original commit: elastic/x-pack-elasticsearch@4307bb163b
When the logging audit trail is configured to add the node hostname or ip address
as a prefix, the logging audit trail can invoke guice dependency injection issues since
the transport that is injected is a proxy. This change makes the logging audit trail a
lifecycle component and waits for the transport to be started before initializing the
prefix.
Closeselastic/elasticsearch#1104
Original commit: elastic/x-pack-elasticsearch@3b19283969
* move static initialization hack for UnboundID Debug to XPackPlugin
* cleanup bundlePlugin calls in build file
* properly disable watcher and marvel for shield core tests
Original commit: elastic/x-pack-elasticsearch@2b89cf2225
This commit fixes the integration tests and qa test after the reorganization to be
packaged as a single plugin.
Original commit: elastic/x-pack-elasticsearch@d6f488627f
- added the license-plugin dir as a src dir
- Made XPackPlugin customizable for tests. Now tests that need to plug in different behaviours (e.g. a custom license plugin) can do that by simply resetting the relevant delegee plugins (i.e. shield, marvel, license, watcher) in the ctor of a new XPackPlugin.
Original commit: elastic/x-pack-elasticsearch@ab83104955
Boaz Leskes
Simon Willnauer
Ryan Ernst
Jason Tedor
Alexander Reelsen
jaymode
Jay Modi
Adrien Grand
Martijn van Groningen
uboness
markharwood
Lee Hinman
Nik Everett
javanna
Igor Motov
Simon Willnauer
Britta Weber
Robert Muir
Areek Zillur