Commit Graph

3826 Commits

Author SHA1 Message Date
jaymode dd7a43a93f security: optimize field level security for match all fields
This commit handles the use of `*` as a field in a role as effectively disabling field level
security. We do this to take advantage of caches that we disable when field level security
is active.

See elastic/elasticsearch#2407

Original commit: elastic/x-pack-elasticsearch@d96e18d57c
2016-06-17 11:49:36 -04:00
Areek Zillur b15753f0cc Merge branch 'enhancement/rollover_api'
Original commit: elastic/x-pack-elasticsearch@2d5bd5959e
2016-06-17 11:32:02 -04:00
Simon Willnauer 5e300fc1e4 Cleanup ClusterService dependencies and detached from Guice (elastic/elasticsearch#2542)
followup for elastic/elasticsearchelastic/elasticsearch#18941

Original commit: elastic/x-pack-elasticsearch@6b8680b5e9
2016-06-17 17:07:22 +02:00
Areek Zillur 384861ef75 Merge branch 'master' into enhancement/rollover_api
Original commit: elastic/x-pack-elasticsearch@0217fa2a12
2016-06-17 10:32:47 -04:00
Areek Zillur 568bf49578 add rollover to known actions
Original commit: elastic/x-pack-elasticsearch@296e4ea4c2
2016-06-17 10:32:28 -04:00
jaymode eeb964c886 security: default role checks authenticating realm
This change makes the default role check the authenticating realm when authorizing
a request for the current user (or run as user) where the user is trying to change their
own password. We need to do this, otherwise we open up the potential of a user in one
realm changing the password of a user in another realm.

As part of this work, the authentication service has been refactored and simplified. A
new object, Authentication, is now returned when authenticating. Currently, this object
contains the user, authenticating realm information, and if it is a run as request the
information of the realm that looked up the user.

Closes elastic/elasticsearch#2089

Original commit: elastic/x-pack-elasticsearch@3fd9c37a16
2016-06-17 10:31:54 -04:00
javanna 966fff2009 Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@9c8cfc915f
2016-06-17 13:50:36 +02:00
jaymode 27958cc708 security: add charset to the WWW-Authenticate header
The WWW-Authenticate header can optionally specify the charset that the server uses after
decoding credentials. If this is not specified, most clients will limit the available characters to
ISO-8859-1, which causes issues for certain characters.

See RFC 7617

Closes elastic/elasticsearch#2290

Original commit: elastic/x-pack-elasticsearch@44411eebe7
2016-06-17 07:44:44 -04:00
Ryan Ernst cae76cc16c Merge pull request elastic/elasticsearch#2536 from rjernst/plugin_name_api
Remove name() and description() from plugin api

Original commit: elastic/x-pack-elasticsearch@717f3cfd0f
2016-06-16 14:35:32 -07:00
Ryan Ernst e985159f65 Merge branch 'master' into plugin_name_api
Original commit: elastic/x-pack-elasticsearch@ddc161e695
2016-06-16 14:34:23 -07:00
Areek Zillur 09b8495974 Merge branch 'master' into enhancement/rollover_api
Original commit: elastic/x-pack-elasticsearch@f7a6e27f12
2016-06-16 17:28:14 -04:00
Timothy Sullivan f231341f90 monitoring ui: add heap.size_limit to Kibana stats
Original commit: elastic/x-pack-elasticsearch@c74e90c34e
2016-06-16 12:24:52 -07:00
Jonathan Budzenski e07d73e91c monitoring ui: add overall and plugin statuses to ops data
Original commit: elastic/x-pack-elasticsearch@9dff2cf9ae
2016-06-16 12:24:52 -07:00
Simon Willnauer b2c944a480 Cut over settings registration to a pull model elastic/elasticsearchelastic/elasticsearch#18890 (elastic/elasticsearch#2538)
Followup for elastic/elasticsearchelastic/elasticsearch#18890

Original commit: elastic/x-pack-elasticsearch@a65ee6913f
2016-06-16 15:53:01 +02:00
Simon Willnauer 36ad326483 Simplify ScriptModule and script registration elastic/elasticsearchelastic/elasticsearch#18903 (elastic/elasticsearch#2535)
follow up PR for elastic/elasticsearchelastic/elasticsearch#18903

Original commit: elastic/x-pack-elasticsearch@d6ab3ab141
2016-06-16 09:35:16 +02:00
Shaunak Kashyap c9a318255f Merge branch 'master' into license-checking-cleanup
Original commit: elastic/x-pack-elasticsearch@be6288acc3
2016-06-16 00:14:18 -07:00
Lukas Olson 2f1abbea49 Merge branch 'master' into feature/account-settings
Original commit: elastic/x-pack-elasticsearch@d725d002cb
2016-06-15 17:27:20 -07:00
Ryan Ernst 7cb7f85709 Remove name() and description() from plugin api
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#18906

Original commit: elastic/x-pack-elasticsearch@b47422fe91
2016-06-15 17:11:34 -07:00
Lukas Olson 9b3dcf07aa Merge branch 'master' into feature/account-settings
Original commit: elastic/x-pack-elasticsearch@148cf99339
2016-06-15 15:05:21 -07:00
Areek Zillur d8d5bb3683 xpack fixes for elasticsearchelastic/elasticsearch#18732
Original commit: elastic/x-pack-elasticsearch@fdb1cea1db
2016-06-15 15:48:21 -04:00
Nik Everett f92314ba00 Disable field stats cache if field level security
Field level security poisons that cache.

Closes elastic/elasticsearch#2528

Original commit: elastic/x-pack-elasticsearch@12ca4a2ef4
2016-06-15 15:17:06 -04:00
jaymode f8ba97c42f test: mute test until we can fix the field stats caching
Original commit: elastic/x-pack-elasticsearch@06ce7da477
2016-06-15 08:52:22 -04:00
javanna 82a19cda0e Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@f8d810f0e8
2016-06-15 11:49:34 +02:00
Lukas Olson f22f73bcf3 Merge branch 'master' into feature/account-settings
Original commit: elastic/x-pack-elasticsearch@789783c4fe
2016-06-14 15:59:45 -07:00
Lukas Olson 5a06edf697 Merge pull request elastic/elasticsearch#2463 from lukasolson/fix/empty-fields
[security-ui] Fix issue with empty array of fields

Original commit: elastic/x-pack-elasticsearch@a57d380bb9
2016-06-14 15:57:19 -07:00
Lukas Olson 9c8173b5ec Merge branch 'master' into fix/empty-fields
Original commit: elastic/x-pack-elasticsearch@fb6720a9a4
2016-06-14 13:45:20 -07:00
Lukas Olson 4442992499 Merge pull request elastic/elasticsearch#2349 from lukasolson/fix/colspan
[security-ui] Update colspan for no records message

Original commit: elastic/x-pack-elasticsearch@03936c4747
2016-06-14 13:43:58 -07:00
Nik Everett 1c170fb081 Make task/get known
Original commit: elastic/x-pack-elasticsearch@ce4bca4b86
2016-06-14 13:38:04 -04:00
jaymode 3c1218ac1c security: don't iterate over realms if authentication is not enabled
This changes the realms iterator call to alway return a empty iterator when we have a basic license
otherwise an exception would be thrown.

Closes elastic/elasticsearch#2474

Original commit: elastic/x-pack-elasticsearch@168cab9e1d
2016-06-14 06:41:58 -04:00
Jim Ferenczi b8e76475b1 Merge pull request elastic/elasticsearch#2411 from jimferenczi/extension_security
Add support for a policy file (x-pack-extension-security.policy) in an x-pack extension

Original commit: elastic/x-pack-elasticsearch@49caea89ef
2016-06-14 10:57:57 +02:00
Jim Ferenczi ce8ffab7f2 Add support for a policy file (x-pack-extension-security.policy) in an x-pack extension
Fix elastic/elasticsearch#2094

Original commit: elastic/x-pack-elasticsearch@bc017064d0
2016-06-14 10:20:54 +02:00
Shaunak Kashyap 3c26a64f4a Merge pull request elastic/elasticsearch#2487 from ycombinator/gh-2200-xpack-info-api
XPack Info Kibana API

Original commit: elastic/x-pack-elasticsearch@63274aff9c
2016-06-14 01:02:03 -05:00
Martijn van Groningen 1ecebab0aa security: Add `_field_names` field to the list of meta fields that are always allowed visible
The logic that filters `_field_names` field's terms is encapsulated in `FieldSubsetReader.java`,
but that doesn't kick in if `_field_names` is an allowed field.

Closes elastic/elasticsearch#2504

Original commit: elastic/x-pack-elasticsearch@d81ec9477a
2016-06-13 21:36:37 +02:00
Martijn van Groningen eb5248d127 fix test compile error
Original commit: elastic/x-pack-elasticsearch@61c4a8eb9a
2016-06-13 21:15:58 +02:00
Alexander Reelsen acc692bf68 Watcher: Putting a watch now stores its state correctly
The active state was not serialized in the PutWatchRequest leading to
to always setting it to active, when a different node than the master
node was hit with a put watch request.

Closes elastic/elasticsearch#2490

Original commit: elastic/x-pack-elasticsearch@060c0fa35f
2016-06-13 15:34:22 +02:00
jaymode aa292561c0 test: remove AwaitsFix for field stats API test
This was fixed in core but the awaits fix was not removed here.

Original commit: elastic/x-pack-elasticsearch@357a797b5e
2016-06-13 09:30:22 -04:00
Robert Muir 5d3fe53822 Merge pull request elastic/elasticsearch#2449 from rmuir/forloop
improve watcher example to use painless enhanced for loop.

Original commit: elastic/x-pack-elasticsearch@af6e61f93f
2016-06-11 08:56:43 -04:00
Nik Everett 2dd6cfae2b Handle core changing TimeValue to Writeable
Original commit: elastic/x-pack-elasticsearch@72e33d6e52
2016-06-10 15:48:54 -04:00
Adrien Grand 8a03988c03 Upgrade code for Lucene 6.1.
Original commit: elastic/x-pack-elasticsearch@282299cebe
2016-06-10 18:57:31 +02:00
Shaunak Kashyap 98686f05a6 Merge branch 'master' into gh-2200-xpack-info-api
Original commit: elastic/x-pack-elasticsearch@9c9e6df720
2016-06-10 09:52:02 -07:00
javanna 185ded3faa Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@4569a0457e
2016-06-10 11:18:37 +02:00
Shaunak Kashyap 2805f35638 Merge branch 'master' into license-checking/better-ux
Original commit: elastic/x-pack-elasticsearch@22401022de
2016-06-09 18:25:31 -07:00
Shaunak Kashyap d341223761 Merge pull request elastic/elasticsearch#2402 from ycombinator/gh-2200-sig-header
Add xpack info signature header to all Kibana API responses

Original commit: elastic/x-pack-elasticsearch@bd5fec8f81
2016-06-09 14:03:32 -05:00
javanna c4ea0ae34d Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@f11da04658
2016-06-09 17:44:06 +02:00
javanna 8bf2d93fac rename ElasticsearchResponse and ElasticsearchResponseException to Response and ResponseException
Original commit: elastic/x-pack-elasticsearch@edfd24f003
2016-06-09 16:55:39 +02:00
Ryan Ernst 90d6e6756a Merge pull request elastic/elasticsearch#2317 from rjernst/kibana_gradle_improvements
Build: Only build uber xpack if kibana was built

Original commit: elastic/x-pack-elasticsearch@5b585dbb8a
2016-06-09 05:43:31 +02:00
Nik Everett a334ea57fc Replace setRefresh with setRefreshPolicy
setRefresh is being removed from core.

Original commit: elastic/x-pack-elasticsearch@b865d06c6d
2016-06-08 13:41:28 -04:00
markharwood 294fabb817 Graph refactored package name to new xpack convention as per issue 2383
Original commit: elastic/x-pack-elasticsearch@ae798f64e8
2016-06-07 14:04:04 +01:00
jaymode 370406bdc0 test: update active directory certificate
This change removes the old active directory certificate and replaces it with the AD
CA certificate that is valid until 2029 instead of needing to be changed yearly.

Closes elastic/elasticsearch#2440

Original commit: elastic/x-pack-elasticsearch@2f05bdfd01
2016-06-07 08:56:42 -04:00
Boaz Leskes 41ea6ee515 AwaitFix ActiveDirectoryGroupsResolverTests
Original commit: elastic/x-pack-elasticsearch@00f1052212
2016-06-07 14:37:02 +02:00