Commit Graph

3826 Commits

Author SHA1 Message Date
Britta Weber e8d139eb97 update mappings and template for .security index if they are not up t… (elastic/elasticsearch#3030)
* update mappings and template for .security index if they are not up to date

closes elastic/elasticsearch#2986

* nits


Original commit: elastic/x-pack-elasticsearch@b63aebbed8
2016-08-09 17:52:29 +02:00
Ryan Ernst 0039f9a2b2 Merge pull request elastic/elasticsearch#3032 from rjernst/deguice16
Internal: Deguice notification services

Original commit: elastic/x-pack-elasticsearch@9739742373
2016-08-08 14:10:52 -07:00
Ryan Ernst ce496938cd Consolidate settings for enabling xpack features
Currently there are a number of helper methods, all used at various
stages of initializing xpack, for reading "enabled" settings. Almost all
of these read the setting directly rather than use the new settings
infra. This change adds an XPackSettings class to contain these settings
constants, and adds all the enabled settings to it.

Note: While there is an existing MonitoringSettings, I think we do not
have enough settings (especially for all features) to warrant a separate
class per "feature" (eg graph would have nothing). We should decide
if/when this is necessary on a case by case basis, but I think the
enabled settings should all go here in XPackSettings.

Original commit: elastic/x-pack-elasticsearch@086152d5a5
2016-08-08 14:01:35 -07:00
Jason Tedor b2be99a869 Remove network settings when security is disabled
When security is disabled, we currently set the transport and HTTP type
to Netty 4. However, this is unnecessary as these are the default
settings so this commit removes these explicit settings.

Relates elastic/elasticsearch#3065

Original commit: elastic/x-pack-elasticsearch@afa360ceec
2016-08-08 14:46:23 -04:00
jaymode 129a2e594e test: add test for Kibana user executing a get mappings request
See elastic/elasticsearch#3048

Original commit: elastic/x-pack-elasticsearch@cd0e8ec29f
2016-08-08 10:48:34 -04:00
Tanguy Leroux 9d26ac0378 [TEST] Fix TransformIntegrationTests.testScriptTransform and wrong stored script id
Original commit: elastic/x-pack-elasticsearch@dfbb60d265
2016-08-08 10:45:41 +02:00
Tanguy Leroux b07394090f [Test] Re enable some messy Watcher tests
This commit reenable some Watcher tests that were muted in elastic/elasticsearch#724. It removes the Groovy dependency for tests that don't really use Groovy features and replace scripts with mocked scripts. It converts a GroovyScriptConditionIT test into a REST test and moves it in the smoke-test-watcher-with-groovy project.

closes elastic/elasticsearch#724

Original commit: elastic/x-pack-elasticsearch@f4c8161946
2016-08-08 10:06:30 +02:00
Lukas Olson 4fdc183e00 Merge pull request elastic/elasticsearch#2932 from w33ble/ui-git-hooks
Resurrect the git hooks - opt-in by default

Original commit: elastic/x-pack-elasticsearch@9672e08a31
2016-08-05 14:05:21 -07:00
Jason Tedor 7b7411f78d Remove mock Netty plugins
These mock Netty plugins were needed to assist in setting
sun.nio.ch.bugLevel. Yet, settings this property should no longer be
needed on JDK 8 and the missing privileged block when writing this
property can be fixed upstream.

Relates elastic/elasticsearch#3047

Original commit: elastic/x-pack-elasticsearch@e2aa4f6fb5
2016-08-05 14:58:50 -04:00
Lukas Olson b616bd2346 Merge branch 'master' into fix/basic-auth
Original commit: elastic/x-pack-elasticsearch@01fc9de7f8
2016-08-05 09:00:40 -07:00
Britta Weber 656a6bb624 mute test, we have an issue for it
Original commit: elastic/x-pack-elasticsearch@59fc88a9a3
2016-08-05 17:35:03 +02:00
Tanguy Leroux ec950a2ca7 Update to Jackson 2.8.1
This commit updates Jackson to the 2.8.1 version, which is more strict when it comes to build objects.

Original commit: elastic/x-pack-elasticsearch@fb23208e7d
2016-08-05 12:25:42 +02:00
Boaz Leskes a2cca18c49 allow joining nodes, conflicting with existing nodes to elect a master (elastic/elasticsearch#2996)
this is a companion PR to elastic/elasticsearchelastic/elasticsearch#19743

Original commit: elastic/x-pack-elasticsearch@193c92d99a
2016-08-05 09:07:29 +02:00
Shaunak Kashyap 099d82cbb9 Merge branch 'master' into reporting/rich-completion-notifications
Original commit: elastic/x-pack-elasticsearch@c2b4626b7e
2016-08-04 18:01:49 -07:00
Joe Fleming e52be3a956 Merge pull request elastic/elasticsearch#3003 from w33ble/reporting-fix/remove-phantom-config
Reporting fix/remove phantom config

Original commit: elastic/x-pack-elasticsearch@2a23be94f1
2016-08-04 13:36:44 -07:00
Tim Sullivan ae7383b662 Merge pull request elastic/elasticsearch#2977 from tsullivan/monitoring-ui-proper-kibana-grid
monitoring ui: rearrange kibana instance 3x2 layout

Original commit: elastic/x-pack-elasticsearch@d4d8bb375f
2016-08-03 17:32:56 -07:00
Ryan Ernst 42076f89ce Internal: Deguice notification services
This change removes guice from creating notification componenents. It
also removes the Notification helper class, as it just makes looking at
what stuff xpack adds more obfuscated.

Original commit: elastic/x-pack-elasticsearch@69b8ea4735
2016-08-03 15:32:56 -07:00
Ryan Ernst 5ebc9c4569 Fix signature of createComponents after addition of script service in core
Original commit: elastic/x-pack-elasticsearch@768e992715
2016-08-03 13:14:13 -07:00
Rashmi Kulkarni 2b0bb5187c Merge branch 'master' of https://github.com/elastic/x-plugins
Original commit: elastic/x-pack-elasticsearch@38a28dad77
2016-08-03 13:11:38 -07:00
Jason Tedor 46d7baa319 Merge pull request elastic/elasticsearch#3021 from jaymode/netty4_transport
Introduce Netty 4 security

Original commit: elastic/x-pack-elasticsearch@fb5e7fa66e
2016-08-03 14:10:52 -04:00
Alexander Reelsen 07b8bcf219 Watcher: Ensure watch status is always updated on condition check (elastic/elasticsearch#2980)
When a watch is executed, but the condition is not met, it is not automatically marked as dirty.
This results in a divergence of what is displayed when someone is just getting a watch via the get
watch API (due to using the in memory store) compare to when someone is using the GET API to get the
watch via the .watches index call.

This commit sets the watch status always to dirty after a condition check, thus forcing an update.

Closes elastic/elasticsearch#2699

Original commit: elastic/x-pack-elasticsearch@e6a00260f7
2016-08-03 18:21:57 +02:00
jaymode 60cb867d47 security: ignore empty query value in roles
Users are allowed to create query objects with an empty string value as we do
not currently validate the input against a query parser. In this case, we can ignore
the empty value when parsing the role. If we pass an empty BytesReference in
the role then trying to determine the XContentType will fail in the
SecurityIndexSearcherWrapper.

Closes elastic/elasticsearch#2997

Original commit: elastic/x-pack-elasticsearch@fc593943c4
2016-08-03 11:24:49 -04:00
Jason Tedor 33ba52e735 Merge branch 'master' into netty4_transport
* master:
  Restore interruption flag correctly in life cycle service

Original commit: elastic/x-pack-elasticsearch@5da6471c9a
2016-08-03 11:11:16 -04:00
Jason Tedor 832cb4fff2 Simplify test setup in Netty 4 transport tests
This commit collapes some duplicated setup code in every test in the
Netty 4 security transport tests to a common method.

Original commit: elastic/x-pack-elasticsearch@0a088db78d
2016-08-03 11:08:00 -04:00
Daniel Mitterdorfer 196f74984c Merge pull request elastic/elasticsearch#2969 from danielmitterdorfer/fix-interruption
Restore interruption flag correctly in life cycle service

Original commit: elastic/x-pack-elasticsearch@fe73226e47
2016-08-03 17:03:33 +02:00
jaymode b3f8495a03 clarify comments and add assert client auth type
Original commit: elastic/x-pack-elasticsearch@0e3d134bc6
2016-08-03 10:39:37 -04:00
Jason Tedor 94e7d82a20 Kill newline in SecurityNetty4HttpServerTransport
This commit removes an extra newline in
SecurityNetty4HttpServerTransport.java.

Original commit: elastic/x-pack-elasticsearch@218b29c9b6
2016-08-03 09:42:51 -04:00
Jason Tedor 4874d84f82 Merge branch 'master' into netty4_transport
* master: (25 commits)
  docs: remove unused file and add link to invalid role examples
  Remove interfaces for notification services
  Redirect to URL specified by next parameter, if it is set
  Fix fixture and tests so they pass again
  Update error message to be more actionable
  Switch to NamedWriteable pull based extension in xpack
  Fixing issue with infinite redirect loop
  Toggle display of security nav controls more dynamically
  Pass in xpackMainPlugin instead of xpackMainPlugin.info
  Wrap the return in a Promise
  Only unset the cookie if it is currently set
  Clarifying intent of code
  Updating tests fixtures + adding assertion for client cookie deletion
  If security is disabled, do not attempt to call the authenticate ES API
  Disambiguate between resolve function names
  Revert to not using xpackMainPlugin.info until the xpackMainPlugin is ready
  Redirect /login => / if security is disabled in ES
  Register/deregister security management items depending on whether there's an auth'd user
  Show/hide the username + logout button depending on whether there is an auth'd user
  If security is disabled, continue without auth + delete client cookie
  ...

Original commit: elastic/x-pack-elasticsearch@16b92a1a59
2016-08-03 09:18:42 -04:00
jaymode 00e963fef9 ensure transport is set for external cluster clients take 2
Original commit: elastic/x-pack-elasticsearch@b92943303e
2016-08-03 08:12:05 -04:00
jaymode 417bc49230 ensure transport is set for external cluster clients
Original commit: elastic/x-pack-elasticsearch@ee8aa8600a
2016-08-03 08:11:19 -04:00
jaymode 76591e54f6 mock channelhandlercontext instead of a null implementation
Original commit: elastic/x-pack-elasticsearch@e4ba6b96cc
2016-08-03 07:27:37 -04:00
jaymode 55ccd27acf ensure the transport type is a security transport
Original commit: elastic/x-pack-elasticsearch@6c7e46e103
2016-08-03 07:23:55 -04:00
Ryan Ernst d69bb4cc51 Merge pull request elastic/elasticsearch#3017 from rjernst/writeable_registry
Switch to NamedWriteable pull based extension in xpack

Original commit: elastic/x-pack-elasticsearch@e077ba2d6c
2016-08-03 01:36:43 -07:00
Ryan Ernst 5fd85104ff Merge pull request elastic/elasticsearch#3022 from rjernst/deguice17
Remove interfaces for notification services

Original commit: elastic/x-pack-elasticsearch@f2d9a55e28
2016-08-03 00:19:44 -07:00
Ryan Ernst 549a5d3e73 Remove interfaces for notification services
We have 4 types of notification services, and all of them have an
interface with a single implementation class. They also all
unnecessarily are lifecycle componenets, but the only thing start does
is read the settings.

This change converts all 4 notification services to classes, and makes
them regular components instead of lifecycle services.

Original commit: elastic/x-pack-elasticsearch@897115ae65
2016-08-03 00:07:26 -07:00
Jason Tedor dd181e3e13 Cleanup HTTP and transport security settings
After this commit, we have "security3" and "security4" as possible
transport and HTTP settings, we default to "security4" if it is not set,
and we randomize the selection in some of the integration tests.

Original commit: elastic/x-pack-elasticsearch@e56718911a
2016-08-03 00:23:58 -04:00
Jason Tedor f4ba670b25 Cleanup Netty handshake waiting handlers
This commit cleans up the Netty handshake waiting handlers. We rename
the Netty 3 implementation to include "Netty3" in the name, the Netty 4
implementation is not needed, and we improve the handling of waiting for
the handshakes to complete when connecting.

Original commit: elastic/x-pack-elasticsearch@f736fdc8f0
2016-08-02 23:55:20 -04:00
Shaunak Kashyap dda8e49c4c Merge pull request elastic/elasticsearch#2871 from ycombinator/security/dynamic-disabling-in-es
If security is disabled in ES, allow unauth'd access to Kibana

Original commit: elastic/x-pack-elasticsearch@49a369441e
2016-08-02 17:44:12 -07:00
Ryan Ernst cdae14a5b9 Switch to NamedWriteable pull based extension in xpack
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#19764. It converts
the one use of registering custom NamedWriteable readers in xpack for
xpack feature sets to register them up front with the new pull based
registration.

Original commit: elastic/x-pack-elasticsearch@48e2020816
2016-08-02 16:00:06 -07:00
Jason Tedor 8579dbf80b Remove nocommit from Security
This commit removes a nocommit from Security so that work can continue.

Original commit: elastic/x-pack-elasticsearch@4d35ef6174
2016-08-02 17:11:32 -04:00
Jason Tedor c88aea19d8 Migrate Netty 4 unit tests
This commit migrates some unit tests to Netty 4.

Original commit: elastic/x-pack-elasticsearch@a38dc82706
2016-08-02 16:43:07 -04:00
Lukas Olson 1b72c540ad Merge branch 'master' into fix/basic-auth
Original commit: elastic/x-pack-elasticsearch@9854169eff
2016-08-02 13:39:28 -07:00
jaymode c3cecad027 add channel is closed check
Original commit: elastic/x-pack-elasticsearch@04bcdf8308
2016-08-02 15:50:17 -04:00
jaymode 7a3932de94 add some debugging info to assert
Original commit: elastic/x-pack-elasticsearch@ef3c68e4db
2016-08-02 15:36:00 -04:00
jaymode fc8e787325 update security rest filter
Original commit: elastic/x-pack-elasticsearch@9a4f0bc184
2016-08-02 14:47:06 -04:00
Jason Tedor 8fa06fbab7 Security Netty 4 HTTP server implementation
This commit is a work-in-progress commit on a Netty 4-based HTTP server
implementation.

Original commit: elastic/x-pack-elasticsearch@705a202574
2016-08-02 14:33:42 -04:00
jaymode af16eec512 fix PKI cert extraction
Original commit: elastic/x-pack-elasticsearch@9c68611557
2016-08-02 14:07:16 -04:00
jaymode b525891212 Netty 4 transport working
Original commit: elastic/x-pack-elasticsearch@081e68c087
2016-08-02 13:43:16 -04:00
Jason Tedor b498fd32a2 Enable core to default networking to Netty 4
This commit enables core to set the default transport and HTTP
implementation to use transport-netty4.

Relates elastic/elasticsearch#2999

Original commit: elastic/x-pack-elasticsearch@cb0efa29ab
2016-08-02 12:19:34 -04:00
Shaunak Kashyap d2ac60c08e Merge branch 'master' into security/dynamic-disabling-in-es
Original commit: elastic/x-pack-elasticsearch@a5a3ce4851
2016-08-02 08:42:08 -07:00