Commit Graph

3826 Commits

Author SHA1 Message Date
jaymode 34d04a8c78 security: mention comma-separated for IP and DNS name prompts
Original commit: elastic/x-pack-elasticsearch@3e58fc282a
2016-07-18 08:53:17 -04:00
jaymode 59fcb205b5 security: active directory and ldap realm improvements
This commit is a combination of enhancements and fixes to the active directory
and ldap realms. The active directory realm has been enhanced to add support
for authentication against multiple domains in a forest. The ldap realm has
been updated so that:

* attributes required for group resolution are loaded eagerly if possible
* user search can now be executed using unpooled connections
* the default search filter for groups now includes posixGroup and memberUid
to avoid users needed to understand ldap filters

Finally, the UnboundID LDAP SDK was upgraded to the latest version and some
long standing AwaitsFix were addressed.

Closes elastic/elasticsearch#20
Closes elastic/elasticsearch#26
Closes elastic/elasticsearch#1950
Closes elastic/elasticsearch#2145
Closes elastic/elasticsearch#2363

Original commit: elastic/x-pack-elasticsearch@63c9be2337
2016-07-18 08:39:57 -04:00
jaymode 5be3832889 security: add metadata to roles
This commit adds the ability to define metadata for roles. This metadata is currently
only used for the API and to indicate that a role is reserved. We can continue passing
on the metadata as needed, when necessary.

Closes elastic/elasticsearch#2036

Original commit: elastic/x-pack-elasticsearch@8b5f606138
2016-07-18 08:11:43 -04:00
jaymode f42f8cf756 security: add tool to simplify creation of certificate and csr files
This commit adds a CLI tool that can be used to generate a CA and signed certificates in PEM
format. The tool only requires a name of an instance to be provided by the user; ip and dns values
are supported but optional. By default, the tool is interactive and will prompt the user for input but
an option exists to provide a yaml file that contains the necessary information to generate certificates
or signing requests.

The output is in the form of a zip file with subfolders for each instance. Neither the zip file or the PEM
files are encrypted as some parts of our stack do not support encrypted PEM files.

Original commit: elastic/x-pack-elasticsearch@3dc0f8d495
2016-07-18 07:50:17 -04:00
Alexander Reelsen c7e4f51d56 Watcher: Prioritize configured response content type in HttpInput (elastic/elasticsearch#2790)
When a HTTP input has a configured response content, then this should
always be treated as preferred over the content type that is returned
by the server in order to give the user the power to decide.

This also refactors the code a bit to make it more readable.

Closes elastic/elasticsearch#2211

Original commit: elastic/x-pack-elasticsearch@ecdb4f931c
2016-07-18 10:54:48 +02:00
Martijn van Groningen 5b5e0bd787 Updated xpack for changed in elastic/elasticsearch#19425 related to templates
Original commit: elastic/x-pack-elasticsearch@7747f92b89
2016-07-18 08:34:11 +02:00
Ryan Ernst 91441bbd2a Internal: Remove script service proxy
ScriptServiceProxy is a thin wrapper around the ScriptService which does
a runAs the xpack user when compiling. But script services know nothing
about xpack users, so this has no real effect. I believe this is a
remnant of when we had indexed scripts, where the compilation may have
done a get on the scripts index.

This change removes the ScriptServiceProxy. It also renames Script in
watcher to WatcherScript, to remove confusion between elasticsearch's
Script and watchers Script.

Original commit: elastic/x-pack-elasticsearch@4e2fdbc518
2016-07-16 00:10:17 -07:00
Ryan Ernst 525562e48f Add tests for realm construction
Original commit: elastic/x-pack-elasticsearch@a35c103726
2016-07-15 21:36:22 -07:00
Ryan Ernst 9df9957307 Remove guice from realms construction
This change makes the internal realms factories, as well as those added
by extensions, constructed directly instead of via guice. Adding realms
in extensions is now pull based. Finally, all of the generics for realms
and realm factories have been removed.

Original commit: elastic/x-pack-elasticsearch@f0de9d2340
2016-07-15 15:55:28 -07:00
Ryan Ernst 01dfb7481e Build: Switch to new plugin configuration for integ tests
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#19461

Original commit: elastic/x-pack-elasticsearch@bb29f9e948
2016-07-15 14:48:50 -07:00
Tim Sullivan c827a4be79 Merge pull request elastic/elasticsearch#2784 from tsullivan/monitoring-ui-fix-definesyntax
monitoring ui: fix define/amd syntax

Original commit: elastic/x-pack-elasticsearch@fb8c701600
2016-07-15 11:03:11 -07:00
Chris Earle 1311935122 [Monitoring] Add Request Cache to returned stats for tests
Original commit: elastic/x-pack-elasticsearch@9bc34609c5
2016-07-15 12:51:43 -04:00
Areek Zillur 0db0e2f0c9 Implements cloud_internal license type
"cloud_internal" license type enables dynamically updating license operation mode via a config file.

When the installed license is "cloud_internal", the node level operation mode can be updated by writing
a `license_mode` file in the x-pack config directory (config/x-pack/license_mode). The file is expected
to have a string representing the desired license mode (e.g. "gold", "basic"). In case of a failure to
read a valid license mode from the `license_mode` file, the operation mode for "cloud_internal" license
defaults to PLATINUM.
This change also ensures that the correct operation mode is reported via the _xpack endpoint.

closes elastic/elasticsearch#2042

Original commit: elastic/x-pack-elasticsearch@6a2d788e45
2016-07-15 12:08:34 -04:00
Ryan Ernst 4e81ef42a0 Merge pull request elastic/elasticsearch#2829 from rjernst/deguice7
Remove guice from ssl services

Original commit: elastic/x-pack-elasticsearch@3c19ffd744
2016-07-15 08:28:49 -07:00
Ryan Ernst 8407f6aaf6 Remove leftover guicyness from client ssl service
Original commit: elastic/x-pack-elasticsearch@f362097ad7
2016-07-15 08:25:59 -07:00
Ryan Ernst 07bb586f1e Remove guice from ssl services
This change removes guice from the client and server ssl services.

Original commit: elastic/x-pack-elasticsearch@d60f8ca474
2016-07-15 00:25:00 -07:00
Ryan Ernst 8e5936e86c Merge pull request elastic/elasticsearch#2828 from rjernst/rest_headers
Switch to using rest headers getting

Original commit: elastic/x-pack-elasticsearch@6d54eae396
2016-07-14 20:33:50 -07:00
Ryan Ernst fa26d3716b Merge branch 'master' into rest_headers
Original commit: elastic/x-pack-elasticsearch@28ee29cbe6
2016-07-14 20:20:10 -07:00
Ryan Ernst 952ef78f98 Merge pull request elastic/elasticsearch#2810 from rjernst/deguice2
Internal: Remove guice construction of most license classes

Original commit: elastic/x-pack-elasticsearch@a2b48e62e9
2016-07-14 19:55:32 -07:00
Ryan Ernst 394a4fc0c1 Remove unused var
Original commit: elastic/x-pack-elasticsearch@a0dd4600c2
2016-07-14 19:55:10 -07:00
Ryan Ernst f388ef01ed Merge branch 'master' into deguice2
Original commit: elastic/x-pack-elasticsearch@2d7264c2cf
2016-07-14 19:51:58 -07:00
Ryan Ernst b562a83c0b Fix subclasses that no longer need RestController
Original commit: elastic/x-pack-elasticsearch@d762c5f0bb
2016-07-14 19:31:58 -07:00
Ryan Ernst 5d42de803c Merge branch 'master' into rest_headers
Original commit: elastic/x-pack-elasticsearch@b0d14d60e4
2016-07-14 19:04:09 -07:00
Jason Tedor 496e112c5e Rename transport-netty to transport-netty-3
This commit renames the Netty 3 transport module from transport-netty to
transport-netty3. This is to make room for a Netty 4 transport module,
transport-netty4.

Relates elastic/elasticsearch#2827

Original commit: elastic/x-pack-elasticsearch@e6487cefa2
2016-07-14 22:03:29 -04:00
Ryan Ernst 0c81f1b6ad Switch to using rest headers getting
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#19440. It adds a
getter on XPackExtension for extensions that add custom rest headers, in
addition to the headers registered for xpack itself.

Original commit: elastic/x-pack-elasticsearch@bd142b88c6
2016-07-14 18:55:28 -07:00
Jason Tedor 29387eab21 Monitoring index name resolver test awaits fix
This commit moves an awaits fix from
MonitoringIndexNameResolverTestCase#testResolver to
MonitoringIndexNameResolverTestCase#testSource as the previous commit
elastic/x-pack@98e76642ea marked the incorrect test as
awaits fix.

Original commit: elastic/x-pack-elasticsearch@62e9aaa628
2016-07-14 19:52:00 -04:00
Jason Tedor 3c0e83990b Monitoring index name resolver test awaits fix
This commit adds an awaits fix to
MonitoringIndexNameResolverTestCase#testResolver as awaits fix.

Original commit: elastic/x-pack-elasticsearch@586eb37f43
2016-07-14 19:46:05 -04:00
Ryan Ernst b1c892b77d Merge pull request elastic/elasticsearch#2824 from rjernst/deguice5
Internal: Remove guice cyclic dependency with InternalClient

Original commit: elastic/x-pack-elasticsearch@9c24b1152d
2016-07-14 13:56:37 -07:00
Ryan Ernst e3defb4dbd Internal: Remove guice cyclic dependency with InternalClient
The InternalClient is used by xpack code making requests to other nodes,
to add the xpack user to the thread context. To do this, it uses has a
dependency on the AuthenticationService, which in turn transitively
depends on InternalClient (eg IndexAuditTrail). But to add the xpack
user, the full authentication service is not necessary. Only having the
crypto service is needed in order to encrypt the header.

This change simplifes construction of InternalClient both making it a
real class instead of an interface, and removing the dependency on the
AuthenticationService. It also removes the use of
Provider<InternalClient> in users of the client.

Original commit: elastic/x-pack-elasticsearch@10f633bdf3
2016-07-14 13:46:07 -07:00
Ryan Ernst d68970e4b9 Merge pull request elastic/elasticsearch#2822 from rjernst/deguice4
Remove use of Transport in audit trails

Original commit: elastic/x-pack-elasticsearch@26d9f18545
2016-07-14 13:05:40 -07:00
Ryan Ernst f481dea1d0 Internal: Remove use of Transport in audit trails
Both logfile and index audit trails currently depend on injection of
Transport in order to find the bound address of the local node. However,
the ClusterService provides access to information about the local node,
including the bound addresses. This change makes the audit trails use
the cluster service, and also makes the logging audit trail not use a
lifecycle.

Original commit: elastic/x-pack-elasticsearch@d747d64ee1
2016-07-14 11:22:41 -07:00
Chris Earle 4224d70986 [Monitoring UI] Use same Index Memory chart for Index page as Node page
This provides the same -- more useful -- index memory chart to the index page, instead of just "Lucene Memory", it now breaks down what it shows just like the Node page as as more generalized "Index Memory" chart. It also rolls Fielddata into the Index Memory. With Fielddata now in the Index Memory chart, I decided to add the Segment Count chart to the Index page.

Original commit: elastic/x-pack-elasticsearch@4e3490ce9c
2016-07-14 13:26:43 -04:00
Lee Hinman 7e4b200f43 [TEST] ensure "index1" is yellow before searching in MigrateToolIT
If the search runs before the primary shards are initialized for the
"index1" index, the search may fail for unrelated reasons.

Resolves elastic/elasticsearch#2818

Original commit: elastic/x-pack-elasticsearch@654ba9e142
2016-07-14 10:18:33 -06:00
Simon Willnauer 1fe0f5c7ac Followup for elastic/elasticsearchelastic/elasticsearch#19428 (elastic/elasticsearch#2815)
elastic/elasticsearchelastic/elasticsearch#19428 removes `node.mode` and `node.local` this PR
fixes xplugins to configure networking explicitly.

Original commit: elastic/x-pack-elasticsearch@ee8daa36dd
2016-07-14 13:21:27 +02:00
Ryan Ernst 7f6788af1a Fix line length
Original commit: elastic/x-pack-elasticsearch@50e9ef0667
2016-07-13 17:05:32 -07:00
Joe Fleming 26dd096fae Merge pull request elastic/elasticsearch#2655 from ycombinator/license-checking/reporting-ux
License checking UX for Reporting

Original commit: elastic/x-pack-elasticsearch@46bf6083bc
2016-07-13 16:30:29 -07:00
Joe Fleming 96d43a1929 Merge pull request elastic/elasticsearch#2765 from ycombinator/reporting/completion-notification-5.0
Adding notifications for completed jobs

Original commit: elastic/x-pack-elasticsearch@2bc6f7767f
2016-07-13 16:07:51 -07:00
Ryan Ernst f82fa65d7d Internal: Remove guice construction of most license classes
This change removes some of the complexity around licensing classes in
xpack. It removes the interfaces for registration and management so the
remaining LicensesService class is the thing that components wanting to
interact with the license should use. It also removes complexity around
the Licensee interface, removing generics and the registration at
construction time, as well as making the licensees no longer have a
lifecycle. There is still more to be done with simplification of license
classes construction, but this is a step towards a simpler world.

Original commit: elastic/x-pack-elasticsearch@5307d67b5b
2016-07-13 14:23:23 -07:00
Chris Earle 870a855827 [License] Fix expected endpoint from [_xpack/_license] to [_xpack/license]
Original commit: elastic/x-pack-elasticsearch@7a48bc674c
2016-07-13 16:06:02 -04:00
Chris Earle 2c3a0db9ec [Watcher] Fix typoed deprecated endpoint
{actions/_ack was accidentally duplicated. It should be _ack/{actions} in the first case.

Original commit: elastic/x-pack-elasticsearch@38895522b5
2016-07-13 14:57:52 -04:00
Areek Zillur b674e016cb [TEST] ensure test license registration is always acknowledged
Original commit: elastic/x-pack-elasticsearch@3a928ba54a
2016-07-13 14:29:39 -04:00
Chris Earle a7c884be61 [License] Log Deprecation Warnings for old API usage
This makes use of the registerAsDeprecatedHandler method to automatically warn users when they're using deprecated functionality.

This will also automatically provide a Warning header for anyone using HTTP clients (though they have to be looking for it...).

- This also adds deprecated `/_licenses` variants of the endpoint. Users are consistently making that mistake, and it's easy enough to support this way. Can remove it if people disagree though.

License portion only

Original commit: elastic/x-pack-elasticsearch@431c871fcf
2016-07-13 13:36:05 -04:00
Chris Earle 641caabdae [Watcher] Log Deprecation Warnings for old API usage
This makes use of the registerAsDeprecatedHandler method to automatically warn users when they're using deprecated functionality.

This will also automatically provide a Warning header for anyone using HTTP clients (though they have to be looking for it...).

- This also changes from PUT _start, _restart, _stop (Watcher endpoints) to POST _start, _restart, _stop
    - The deprecated variant still honors PUT
- Nothing about the hijack endpoints was deprecated because they did not change from 2.x

Watcher portion only

Original commit: elastic/x-pack-elasticsearch@36f87a6526
2016-07-13 13:23:10 -04:00
Karel Minarik 63add2c959 Monitoring: Added `timeout: 60s` to the setup section of "Bulk indexing of monitoring data" test
When the monitoring tests are run in isolation, they succeed. However, when the whole suite of
REST tests is being run at the same time, the "Bulk indexing of monitoring data" intermittently
fails with a timeout. Therefore, a timeout of 60 seconds has been added.

Closes elastic/elasticsearch#2809

Original commit: elastic/x-pack-elasticsearch@d11dc7a2be
2016-07-13 17:40:20 +02:00
Alexander Reelsen e124e211c9 Watcher: Move YAML test into own project to not interfere with client tests (elastic/elasticsearch#2804)
This particular test requires Elasticsearch to run on port 9400, which is not
guaranteed if the clients run their own tests, as it is a matter of configuration
in gradle.

Therefore these tests need to run in their project.

Original commit: elastic/x-pack-elasticsearch@da38407766
2016-07-13 16:08:13 +02:00
Simon Willnauer 89f98c60dc [TEST] Use valid file extension for mapping tests
Original commit: elastic/x-pack-elasticsearch@080699aeb8
2016-07-13 10:37:08 +02:00
Simon Willnauer 691bdfcf14 Merge pull request elastic/elasticsearch#2792 from elastic/modularize_netty
this is a followup for elastic/elasticsearchelastic/elasticsearch#19392 Modularizing Netty

Original commit: elastic/x-pack-elasticsearch@504c8110dd
2016-07-13 09:52:34 +02:00
Tim Sullivan b7a38e7898 Merge pull request elastic/elasticsearch#2803 from tsullivan/monitoring-ui-fix-sorting-unassignedshards
monitoring ui: fix sorting by unassigned shards column

Original commit: elastic/x-pack-elasticsearch@d76a0ad844
2016-07-12 21:43:17 -07:00
Nik Everett d46f83c53b Fix compilation error
Core changed...

Original commit: elastic/x-pack-elasticsearch@c80d5fd042
2016-07-12 22:47:20 -04:00
Shaunak Kashyap eec6a54d75 Merge pull request elastic/elasticsearch#2766 from ycombinator/reporting/ignore-missing-objects-5.0
For missing objects, render warning message in PDF

Original commit: elastic/x-pack-elasticsearch@27b1f59b6b
2016-07-12 19:29:39 -06:00