Commit Graph

7 Commits

Author SHA1 Message Date
jaymode d08446e221 security: add reserved roles and users
This commit adds reserved or built-in user and role support to x-pack. The reserved roles
cannot be modified by users. The reserved users also cannot be modified with the exception
of changing the password for a user.

In order to change the password for a user, a new API has been added. This API only supports
changing passwords for native and reserved users.

To support allowing a user to change their own password, a default role has been added to grant
access. This default role only grants access to user operations that pertain to the user that is
being authorized. In other words, the default role grants `joe` the ability to change their own password
but does not allow them to change the password of a different user.

Additionally, the authenticate API was made a transport action and is granted by the default role.

Closes elastic/elasticsearch#1727
Closes elastic/elasticsearch#1185
Closes elastic/elasticsearch#1158

Original commit: elastic/x-pack-elasticsearch@1a6689d90f
2016-04-06 18:23:18 -04:00
Alexander Reelsen e0fcbcbb51 Elasticsearch: Rename plugin from 'xpack' to 'x-pack'
This is just to be consistent with out naming, which is
supposed to be `x-pack`.

Closes elastic/elasticsearch#1759

Original commit: elastic/x-pack-elasticsearch@0697f70855
2016-03-30 09:48:46 +02:00
jaymode 0d1f3da353 security: rename ESUsersRealm to FileRealm
This commit is the forward port of renaming the type for esusers to file. There is no
backwards compatibility maintained here. Additionally, a few other renames and
cleanups have been made:

* `esusers` commands is now `users`
* org.elasticsearch.shield.authc.esusers -> org.elasticsearch.shield.authc.file
* Validation.ESUsers -> Validation.Users
* ESUsersTool -> UsersTool
* ESUsersToolTests -> UsersToolTests
* ESNativeUsersStore -> NativeUsersStore
* ESNativeRolesStore -> NativeRolesStore.
* org.elasticsearch.shield.authz.esnative collapsed to org.elasticsearch.shield.authz.store
*  ESNativeTests -> NativeRealmIntegTests

Closes elastic/elasticsearch#1793

Original commit: elastic/x-pack-elasticsearch@d2a0c136f3
2016-03-28 06:18:57 -04:00
jaymode 2872acd742 remove watcher and graph privileges. manage does not include security
Original commit: elastic/x-pack-elasticsearch@da250ed842
2016-03-17 14:31:03 -04:00
jaymode cf0fd986e1 rename graph actions
Original commit: elastic/x-pack-elasticsearch@70a71d6bd6
2016-03-17 14:31:03 -04:00
jaymode 9e08579d4f security: file parsing only supports the new format
This commit remove the pre-existing file parsing code and replaces it with the updated
code in the RoleDescriptor class. This unifies the parsing for the files and API for roles.

Closes elastic/elasticsearch#1596

Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1
2016-03-16 12:33:05 -04:00
markharwood 925afa3cab Graph - port of 2.x graph API and kibana UI plugin
Closes X-plugins issue 518

Original commit: elastic/x-pack-elasticsearch@6c6371ed74
2016-03-11 14:22:31 +00:00