Commit Graph

1927 Commits

Author SHA1 Message Date
Martijn van Groningen 431a7988fb added more tests
Original commit: elastic/x-pack-elasticsearch@871c13307e
2016-12-09 15:45:25 +01:00
Martijn van Groningen b42f9cccb0 renamed `scheduler_status` to `scheduler_state` in get job response
Original commit: elastic/x-pack-elasticsearch@a7955eb027
2016-12-09 15:36:12 +01:00
Martijn van Groningen d5412627d2 Moved scheduler status to prelertmetadata to make it more independent of job.
Removed SchedulerStats as scheduler status is all we need and start and end times are only needed in start scheduler api.

Original commit: elastic/x-pack-elasticsearch@80c563cb69
2016-12-09 15:03:53 +01:00
Jay Modi ac34c3c37f Remove deprecated methods from the Realm class
This change removes the deprecated methods from the realm class. These methods include
blocking authentication and lookup and the lookup supported method.

Original commit: elastic/x-pack-elasticsearch@cff21e21ee
2016-12-09 07:28:11 -05:00
Daniel Mitterdorfer 8153d2ca69 Enable strict duplicate checks for JSON content
With this commit we enable the Jackson feature 'STRICT_DUPLICATE_DETECTION'
by default. This ensures that JSON keys are always unique. While this has
a performance impact, benchmarking has indicated that the typical drop in
indexing throughput is around 1 - 2%.

As a last resort, we allow users to still disable strict duplicate checks
by setting `-Des.json.strict_duplicate_detection=false` which is
intentionally undocumented.

Relates elastic/elasticsearchelastic/elasticsearch#19614

Original commit: elastic/x-pack-elasticsearch@cced57b884
2016-12-09 12:48:28 +01:00
Martijn van Groningen e067008a21 make optional flush parameter really optional
Original commit: elastic/x-pack-elasticsearch@6129023c49
2016-12-09 10:24:16 +01:00
Martijn van Groningen 372cb7c964 Let the scheduler use the data transport action instead of directly using autodetect process manager.
Original commit: elastic/x-pack-elasticsearch@2442e222fd
2016-12-09 09:41:04 +01:00
Alexander Reelsen 37b0d52882 Watcher: Remove mock web server from square (elastic/elasticsearch#4221)
The latest release of the mock web server requires more security permissions, and
we dont need all the functionality anyway.

This introduces a small MockWebServer using the JDK internal HttpServer, yet fullfilling
all our needs and supporting SSL as well for testing.

The MockWebServer allows to enqueue responses and also requires you to enqueue as many responses
as you requests will be executed - there is no fallback at the moment.

SSL is also supported by passing an SSL context - for which the TestsSSLService is needed, which
makes the required methods public.

Original commit: elastic/x-pack-elasticsearch@55f4a172a2
2016-12-09 09:07:09 +01:00
Ryan Ernst b1846190af Remove uses of 2.0 prerelease constants
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#22004

Original commit: elastic/x-pack-elasticsearch@55433d760c
2016-12-08 23:11:20 -08:00
Jason Tedor e6d758b92b Bump version to 5.1.2
This commit bumps the version to 5.1.2.

Relates elastic/elasticsearch#4318

Original commit: elastic/x-pack-elasticsearch@a922dc7288
2016-12-08 18:43:16 -05:00
David Roberts 65f03a8888 Use well-defined IDs for records and influencers (elastic/elasticsearch#510)
* Use well-defined IDs for records and influencers

Removes the reliance on ES autogenerated UUIDs for all types that will
be renormalized

* Address some review comments

Original commit: elastic/x-pack-elasticsearch@85fde8b957
2016-12-08 18:39:03 +00:00
David Roberts 256ab7f3e2 Fix another misuse of ParameterizedMessage
Original commit: elastic/x-pack-elasticsearch@9e36900432
2016-12-08 17:32:59 +00:00
David Roberts 3f460b030e Fix a couple of ParameterizedMessage mistakes
Original commit: elastic/x-pack-elasticsearch@0006755c8b
2016-12-08 16:56:49 +00:00
Zachary Tong 8fa17f7ea8 Add mutually-exclusive param validation to GetBuckets (elastic/elasticsearch#497)
Related elastic/elasticsearch#430

Original commit: elastic/x-pack-elasticsearch@2579efca46
2016-12-08 10:28:30 -05:00
Zachary Tong b594e93a5d Remove SingleDocument as it is now unused (elastic/elasticsearch#498)
Closes elastic/elasticsearch#314

Original commit: elastic/x-pack-elasticsearch@88d2d20bdc
2016-12-08 10:28:12 -05:00
David Kyle a55944b284 Make ModelDebugOutput a result type (elastic/elasticsearch#484)
* Make ModelDebugOutput a result type

* Delete unused ElasticsearchBatchedModelDebugOutputIterator

* Add result_type field to ModelDebugOutput

* Address review comments

Original commit: elastic/x-pack-elasticsearch@a48e4cd946
2016-12-08 15:05:06 +00:00
David Kyle d18daf0b3d Make ModelSizeStats a result type (elastic/elasticsearch#500)
* Make ModelSizeStats a result type

* Address review comments

Original commit: elastic/x-pack-elasticsearch@74de7b36d8
2016-12-08 14:44:59 +00:00
Martijn van Groningen 9c2c831996 Hooked scheduler into task api infrastructure.
The start scheduler api call will run until the scheduler has completed. Either when lookback only scheduler completes or the scheduler has been stopped.
 The start scheduler api will first update the scheduler status from STOPPED to STARTED on master node and then start running the scheduler.
 Once a scheduled job completes it updates the scheduler status from STARTED to STOPPED and then the start schedule api returns.
 The STARTING and STOPPING statuses are no longer used, so have been removed.
 The stop scheduler api is a sugar api that uses the task list and cancel apis stop the scheduler.
 Renamed ScheduledJobService to ScheduledJobRunner

Original commit: elastic/x-pack-elasticsearch@ab504fe3d9
2016-12-08 14:37:55 +01:00
Martijn van Groningen c8bda6b1d9 Collapsed JobProvider and JobResultsProvider and renamed ElasticsearchJobProvider to JobProvider
Original commit: elastic/x-pack-elasticsearch@05d5969d73
2016-12-08 10:53:31 +01:00
Tanguy Leroux 1f9871c31e [TEST] Mute OldMonitoringIndicesBackwardsCompatibilityTests
This tests fails because of multiple issues in monitoring service and exporters lifecycle. These issues are tracked in https://github.com/elastic/x-plugins/issues/4314.

Original commit: elastic/x-pack-elasticsearch@f461d98a4c
2016-12-08 10:48:39 +01:00
Dimitris Athanasiou 4990195c90 Convert field references in error messages to snake case (elastic/elasticsearch#495)
* Convert field references in error messages to snake case

Closes elastic/elasticsearch#493

Original commit: elastic/x-pack-elasticsearch@38f4cd91bc
2016-12-08 09:32:10 +00:00
Areek Zillur b274ddc0da Log license type on license update (elastic/elasticsearch#4308)
Now when a cluster gets updated with a new license,
the license uid and type will be logged as info. Making
it easier to verify the current license mode of the cluster.

Original commit: elastic/x-pack-elasticsearch@c205cb42ae
2016-12-07 18:01:58 -05:00
Zachary Tong 4d86670772 Make jobId and from/size mutually exclusive options (elastic/elasticsearch#477)
Make jobId and from/size mutually exclusive options.  

This approach has the main properties of not allowing an invalid Request to be built, and alerting the user if they set an incorrect configuration. It has the downside that PageParams can be null so the consumer will have to check for it. Since jobId could be null before, this seemed acceptable.

Original commit: elastic/x-pack-elasticsearch@106dcdf61a
2016-12-07 12:48:33 -05:00
Zachary Tong 3c711e6dff Add delete_list endpoint (elastic/elasticsearch#409)
Adds a delete_list endpoint.  If a list is currently in use by a job, it is not allowed to be deleted

Original commit: elastic/x-pack-elasticsearch@7d9a984b3a
2016-12-07 12:40:12 -05:00
Yannick Welsch 754fada43b Use autoMinMasterNodes for most of the license tests
There were some test failures as LicenseServiceClusterTests was not properly setting minimum_master_nodes while having autoMinMasterNodes disabled.

Original commit: elastic/x-pack-elasticsearch@2030db2424
2016-12-07 17:59:25 +01:00
David Kyle af61a51e22 Fix results not being persisted (elastic/elasticsearch#489)
Original commit: elastic/x-pack-elasticsearch@d0ee02ccf6
2016-12-07 16:52:58 +00:00
Martijn van Groningen 7cc2b8c5ce create allocation when the job has been created instead of creating it when opening the job.
This avoids the confusing situation that a there is no allocation when a job hasn't been opened yet. Now it complains about the fact that the job status is closed.

Original commit: elastic/x-pack-elasticsearch@3159dc6954
2016-12-07 17:15:18 +01:00
jaymode 714bf929af test: LocalExporterTests should wait for exporters to be started
Original commit: elastic/x-pack-elasticsearch@978933f9d6
2016-12-07 09:22:05 -05:00
David Kyle ccf8cb7e0d Refactor delete interim results (elastic/elasticsearch#470)
* Collapse ElasticsearchBulkDeleter into JobDataDeleter

* Add blocking delete to JobDataDeleter

* Delete interim results only after all the results are parsed.

* Remove unused deleteModelSizeStats and deleteModelDebugOutput methods.

Document missing javadoc tags

Original commit: elastic/x-pack-elasticsearch@1997541673
2016-12-07 11:23:27 +00:00
Martijn van Groningen 14f43af818 moved metric part to be the suffix of the path
Original commit: elastic/x-pack-elasticsearch@6fc1b861ed
2016-12-07 12:09:16 +01:00
Martijn van Groningen e396e8aa68 Changes rest actions with data namespace into the job namespace.
Also added `_status` suffic to get job api as it would otherwise clash with open/close/flush APIs.

Original commit: elastic/x-pack-elasticsearch@6e8ef0ef7d
2016-12-07 12:09:16 +01:00
Martijn van Groningen d807eda9ed replaced custom ClosableIterator with Stream
Stream is closable, which is the reason ClosableIterator was introduced.

Original commit: elastic/x-pack-elasticsearch@b5a4a37e9e
2016-12-07 12:07:59 +01:00
Jim Ferenczi fba54d02d7 fix compilation error due to a missing parameter in SortedSetDVOrdinalsIndexFieldData.
Original commit: elastic/x-pack-elasticsearch@f9803968d9
2016-12-07 11:33:29 +01:00
Martijn van Groningen 5812ef4a86 use ActionListener.wrap(...) for delegate wrappers
Original commit: elastic/x-pack-elasticsearch@f1ccdb3f40
2016-12-07 10:23:47 +01:00
David Kyle 36d6141885 Move opening braces on new line to the end of the previous line (elastic/elasticsearch#473)
Original commit: elastic/x-pack-elasticsearch@57aedab104
2016-12-06 13:05:15 +00:00
Martijn van Groningen 570cde7a6a Added open and close job APIs.
* A job now has the following statuses: OPENING, OPENED, CLOSING, CLOSED and FAILED.
* The open job and close job APIs wait until the job gets into a OPENED or CLOSED state.
* The post data api no longer lazily opens a job and fails if the job has not been opened.
* When a job gets into a failed state also the reason is recorded in the allocation.
* Removed pause and resume APIs.
* Made `max_running_jobs` setting dynamically updatedable.

Original commit: elastic/x-pack-elasticsearch@3485ec5317
2016-12-06 13:51:26 +01:00
Dimitrios Athanasiou f960eea4b1 Remove obsolete comments in SchedulerConfig
Original commit: elastic/x-pack-elasticsearch@e7fc30bb2a
2016-12-06 12:45:10 +00:00
Dimitris Athanasiou 50df0d4326 Remove unnecessary parts of scheduler config (elastic/elasticsearch#468)
* Remove credentials from SchedulerConfig

* Remove dataSource and baseUrl from SchedulerConfig

Original commit: elastic/x-pack-elasticsearch@f5b92be252
2016-12-06 11:38:39 +00:00
Boaz Leskes affdf10274 Remove `InternalTestCluster.startNode(s)Async` (elastic/elasticsearch#4198)
A companion PR to https://github.com/elastic/elasticsearch/pull/21846 where the above methods were removed. See ES PR for details.

With the concurrent starting the issues with licenses and time freeze became more apparent and I had to apply my suggestion to only freeze time once the license has been applied (as opposed to freeze on node start up). Since this also means that a node that starts up after the cluster time has been frozen need to also immediately freeze, it felt natural to use a `ServiceDisruptionScheme`. Although the name doesn't really make sense here, it all has all the logic we need. 

Original commit: elastic/x-pack-elasticsearch@5641742f60
2016-12-06 12:07:28 +01:00
Ryan Ernst 13e427d83f Remove action filter response override (elastic/elasticsearch#4268)
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#21950

Original commit: elastic/x-pack-elasticsearch@0034a3384c
2016-12-05 16:14:10 -08:00
Jay Modi ffeaea0663 Migrate authentication calls to be asynchronous
This commit migrates the actual authentication calls that are performed by internal realms
to be asynchronous so that we do not execute blocking calls on network threads. The realms
that used LDAP were especially bad as they can issue many different requests and/or open
multiple connections per authentication attempt.

The LdapRealm now uses the ThreadPool to fork a thread for authentication. This is necessary
because a LDAP bind operation is not allowed to be performed asynchronously and must be done
in a blocking manner. After the bind request has completed, all other requests can be done
asynchrnously. The LdapUtils class now provides asynchronous methods for searching and also
includes the handling of referral following as automated following is not supported by
UnboundID when using the asynchronous calls.

Original commit: elastic/x-pack-elasticsearch@dfb259e498
2016-12-05 10:07:31 -05:00
Tanguy Leroux 549629b1aa [Watcher] HistoryStore should hide secrets (elastic/elasticsearch#4256)
* [Watcher] HistoryStore should hide secrets

Some watcher actions like Jira stores the whole HTTP request in case of a failure. This is very helpful when something goes wrong, but it has to hide the password used for Basic authentication otherwise it will appear in the watch record in the .watcher-history index. In general, I would consider better to always hide secrets when storing something in the history index.

 This commit removes the XContentParams "hide secrets" set at the JiraIssue so that it is now set at the HistoryStore level.

 It also fixes test failures that can be reproduced with:
 gradle :x-plugins:elasticsearch:test -Dtests.seed=BA730F93E726AECC -Dtests.class=org.elasticsearch.xpack.notification.jira.JiraIssueTests -Dtests.method="testToXContent" -Dtests.security.manager=true -Dtests.locale=es -Dtests.timezone=Asia/Choibalsan

Original commit: elastic/x-pack-elasticsearch@d686b3b3ad
2016-12-05 15:30:48 +01:00
Jay Modi 9afb6dd4f2 monitoring: local exporter waits for in flight requests before retrying
The local exporter previously fired off asynchronous requests every time a cluster state was
observed that did not contain all of the required items for monitoring. This change adds a
flag so that monitoring can wait for the pending requests to complete before retrying. This
will reduce the number of duplicated log messages as well.

Additionally, the log message for adding modern aliases now contains the name of the indices.

Closes elastic/elasticsearch#3756

Original commit: elastic/x-pack-elasticsearch@727a0adfbe
2016-12-05 09:01:24 -05:00
David Kyle d3b4261759 Fix querying for model size stats (elastic/elasticsearch#465)
* Add test to read model size stats

* Most recent model_size_stats document should have the name ‘model_size_stats’

Original commit: elastic/x-pack-elasticsearch@e192d4c34d
2016-12-05 13:35:29 +00:00
David Kyle 2785cc727d Get records & categoryDefinitions with post body (elastic/elasticsearch#438)
* Allow POST with body to get records

* Allow records endpoint to accept POST requests with body

* CategoryDefinition can accept POST requests with body parameters

Original commit: elastic/x-pack-elasticsearch@2edb7a9c47
2016-12-05 11:46:12 +00:00
Colin Goodheart-Smithe a8d2cf16b9 Removes compile warnings (elastic/elasticsearch#463)
These warnings include:
* Resource not used
* Resource leak due to not being closed

Original commit: elastic/x-pack-elasticsearch@e0fb068a0c
2016-12-05 11:24:56 +00:00
David Roberts 98eb5534ee Camel to snake case (elastic/elasticsearch#461)
Original commit: elastic/x-pack-elasticsearch@222065cc4c
2016-12-05 10:34:41 +00:00
Martijn van Groningen b5c6970209 test: removed jackson databind leftover
Original commit: elastic/x-pack-elasticsearch@0cbd5595c8
2016-12-05 08:38:33 +01:00
Ryan Ernst 97336ea946 Fix rest filter tests to expect passthrough when security is disabled
Original commit: elastic/x-pack-elasticsearch@ea6adabb4d
2016-12-02 16:28:18 -08:00
Ryan Ernst dbbf470734 Fix line length to appease checkstyle
Original commit: elastic/x-pack-elasticsearch@35df54d342
2016-12-02 15:06:33 -08:00
Ryan Ernst 923926ef28 Convert security rest filter to rest handler wrapper (elastic/elasticsearch#4234)
* Convert security rest filter to rest handler wrapper

This is the xpack side of elastic/elasticsearchelastic/elasticsearch#21905

Original commit: elastic/x-pack-elasticsearch@38bfa771b6
2016-12-02 14:55:10 -08:00
David Kyle 850e43028b Make persist DataCounts a non-blocking operation (elastic/elasticsearch#447)
* Make persist DataCounts a non-blocking operation

* Add trace and debug level logging to the persist data counts action listener.

Remove dead code from test

Original commit: elastic/x-pack-elasticsearch@84bbfa880a
2016-12-02 17:44:53 +00:00
Dimitris Athanasiou f10c4818e7 Move count to the top of QueryPage (elastic/elasticsearch#452)
Original commit: elastic/x-pack-elasticsearch@8973bde039
2016-12-02 17:22:08 +00:00
David Kyle 385ec37bc3 Make the bulk results deleter non-blocking (elastic/elasticsearch#456)
* Make deleting old results a non blocking operation

* Add test for ElasticsearchBulkDeleter

Original commit: elastic/x-pack-elasticsearch@9fd9fb0b02
2016-12-02 17:16:16 +00:00
Colin Goodheart-Smithe d530edc263 Centralises where the version is defined
Original commit: elastic/x-pack-elasticsearch@e822136d97
2016-12-02 15:17:49 +00:00
Zachary Tong 04445ce95f Throw 400 on unknown metrics in Job Stats (elastic/elasticsearch#446)
Closes elastic/elasticsearch#426

Original commit: elastic/x-pack-elasticsearch@86f136f5c0
2016-12-02 08:26:32 -05:00
Zachary Tong b6bdef474d Throw 403 instead of 429 when max job capacity full (elastic/elasticsearch#445)
Closes elastic/elasticsearch#444

Original commit: elastic/x-pack-elasticsearch@dfaf8dbec4
2016-12-02 08:26:19 -05:00
Tanguy Leroux f1a4a2fb73 [Monitoring] Remove unused code in Collectors (elastic/elasticsearch#4240)
This commit removes some unnecessary code: collectors do not need to extend AbstractLifecycleComponent and do not need to be started/stopped. The extra
interface Collector is removed and AbstractCollector renamed to Collector.

Original commit: elastic/x-pack-elasticsearch@75893d66e3
2016-12-02 13:29:09 +01:00
Simon Willnauer 7f17896927 Revert "Followup for elastic/elasticsearchelastic/elasticsearch#21915 - removal of legacy BWC test infrastructure (elastic/elasticsearch#4247)"
This reverts commit elastic/x-pack@c6c0ffd5d9.

Original commit: elastic/x-pack-elasticsearch@8b7386fb99
2016-12-02 10:55:46 +01:00
Colin Goodheart-Smithe 00dc347217 Build now downloads c++ dist for all platforms
Original commit: elastic/x-pack-elasticsearch@8fd9850377
2016-12-02 09:46:05 +00:00
Alexander Reelsen 7c04897392 Watcher: Compile scripts on each invocation (elastic/elasticsearch#4239)
Transform and condition scripts were only compiled on its initial creation, so
when a new watch is created or when the master node loads all the watches. However
changing a script (like a stored one) did not lead to any changes in the in memory
watch store and thus the old script was executed again.

We do however have a mechanism in Elasticsearch's ScriptService that already does some
caching, and should reuse that one.

Closes elastic/elasticsearch#4237

Original commit: elastic/x-pack-elasticsearch@477548e237
2016-12-02 10:36:05 +01:00
Alexander Reelsen 946d943868 Watcher: Removing unused upgradeSource boolean in watch parsing (elastic/elasticsearch#4202)
This seems to be a leftover from elastic/elasticsearch#4162

However the boolean parameters is completely unused already and
can be removed.

Original commit: elastic/x-pack-elasticsearch@3371b089d6
2016-12-02 10:34:11 +01:00
Simon Willnauer ace1a7e6af Followup for elastic/elasticsearchelastic/elasticsearch#21915 - removal of legacy BWC test infrastructure (elastic/elasticsearch#4247)
Original commit: elastic/x-pack-elasticsearch@07cecdbf00
2016-12-02 08:06:46 +01:00
Martijn van Groningen 1e5a12fc6a Move post data api over to task api.
Also made post data api cancellable.

Original commit: elastic/x-pack-elasticsearch@55360609de
2016-12-01 18:49:06 +01:00
Colin Goodheart-Smithe a82dc82439 remove debug code in build
Original commit: elastic/x-pack-elasticsearch@590a605c8a
2016-12-01 16:35:16 +00:00
Colin Goodheart-Smithe 8dc12d0f88 Gets ES plugin to download the cpp code if not built locally
Original commit: elastic/x-pack-elasticsearch@64cc4aeb38
2016-12-01 16:33:28 +00:00
Jay Modi 139073e8f7 security: improve migrate tool output and remove trappy config option
This commit improves the output of the migrate tool in cases when there are errors parsing entries
in the roles or users files. This is done through the use of a logger that delegates its output to
the terminal.

Additionally, the `-c` option has been removed. This option was used to set the configuration directory
but this should be handled one way only and that is through the use of the `-Epath.conf` setting.

Closes elastic/elasticsearch#3757
Closes elastic/elasticsearch#3758

Original commit: elastic/x-pack-elasticsearch@811e367766
2016-12-01 10:17:28 -05:00
David Roberts 14208f12d1 Change the way 3rd party licenses are distributed for the C++ components (elastic/elasticsearch#366)
Note: there is no need to offer the Eigen source code now we use it unmodified

Original commit: elastic/x-pack-elasticsearch@b971c31a20
2016-12-01 15:16:57 +00:00
Colin Goodheart-Smithe bfb72d0a96 Adds task to upload cpp distribution zip
Original commit: elastic/x-pack-elasticsearch@c4fee26b37
2016-12-01 14:19:00 +00:00
Martijn van Groningen 6fee7a21b5 applied feedback
Original commit: elastic/x-pack-elasticsearch@579fd037a4
2016-12-01 15:02:19 +01:00
Martijn van Groningen c387a3636d Make auditor index messages asyn in the background, the auditor will not let the calling thread wait.
Also collapsed the the interface into the only implementation.

Original commit: elastic/x-pack-elasticsearch@c68f77627e
2016-12-01 15:02:19 +01:00
Boaz Leskes d881e4d9ad properly deal with overriding parent's tearDown method
Original commit: elastic/x-pack-elasticsearch@0edd4b1e20
2016-12-01 13:18:36 +01:00
Colin Goodheart-Smithe e5e039973e Changes build to only grab cpp zip if it was built
Original commit: elastic/x-pack-elasticsearch@24fc48fe86
2016-12-01 12:16:47 +00:00
Boaz Leskes 9e3ae67423 HttpClientTests don't override parent tearDown
Original commit: elastic/x-pack-elasticsearch@3cf9f6f352
2016-12-01 13:15:25 +01:00
Boaz Leskes a4cec2316b Add before and after logging for unit tests
Currently we have these logs for integration tests only.

This adds the following log at the start:
```
logger.info("[{}]: before test", getTestName());
```

and this is logged at the end, but before any clean up done in sub classes

```
 logger.info("[{}]: after test", getTestName());
```

Original commit: elastic/x-pack-elasticsearch@2ca7296665
2016-12-01 12:56:38 +01:00
David Kyle 53adc100ad Refactor deleting old results (elastic/elasticsearch#431)
* Refactor deleting old results

* Reinstate quiet logging when deleting interim results

Original commit: elastic/x-pack-elasticsearch@01ea95469c
2016-12-01 10:32:41 +00:00
David Kyle 2fdf848df5 Add jobid to job response (elastic/elasticsearch#434)
* Add jobId to job info responses

* Remove getJobId() accessor from job - use getId()

Original commit: elastic/x-pack-elasticsearch@faacef1217
2016-12-01 10:30:37 +00:00
Martijn van Groningen 0701f7bb18 test: verify whether templates exist in an assertBusy(...)
It may take a few clicks before the templates are added.
Waiting for started doesn't guarantee that the index templates have been added.

Original commit: elastic/x-pack-elasticsearch@ee94b740a8
2016-12-01 11:04:11 +01:00
Colin Goodheart-Smithe f0a968292a Makes elasticsearch plugin generation depend on cpp (elastic/elasticsearch#433)
The changes the way the Elasticsearch plugin module gets the cpp code when running the bundlePlugin task. Instead of manually going into the cpp builds output and grabbing the folders it depends on the buildZip task of the :cpp project and grabs the resource that task builds. This means that it does not matter if the cpp buildZip task is changed as long as it results in a zip being generated.

Original commit: elastic/x-pack-elasticsearch@257e5df2e7
2016-12-01 09:49:03 +00:00
javanna 792a821d1a Adapt to indices query removal
Original commit: elastic/x-pack-elasticsearch@8f2d4c23c5
2016-11-30 18:23:19 +01:00
Jay Modi 217bd8add0 Add tests for DNS only hostname verification with SSL
This commit adds tests for DNS only hostname verification. This is a followup of elastic/elasticsearchelastic/elasticsearch#21828, which fixes issues with this type of hostname verification
due to some addresses losing the host information.

Original commit: elastic/x-pack-elasticsearch@8a63bb113d
2016-11-30 12:20:11 -05:00
Jason Tedor 16e3bb4587 Add version 5.1.1
This commit adapts x-plugins for the removal of the version constant for
5.1.0 and the addition of the version constant for 5.1.1 in core.

Relates elastic/elasticsearch#4223

Original commit: elastic/x-pack-elasticsearch@2fa92f0056
2016-11-30 11:14:47 -05:00
Zachary Tong ee54258908 Convert RevertModel response from SingleDoc to simple, inlined model (elastic/elasticsearch#423)
Convert response from SingleDoc to simple, inlined model

Original commit: elastic/x-pack-elasticsearch@6231195b47
2016-11-30 09:52:06 -05:00
Zachary Tong 7c9f65231a Convert PutModelDescription response from SingleDoc to simple, inlined model (elastic/elasticsearch#424)
Original commit: elastic/x-pack-elasticsearch@1d28285e77
2016-11-30 09:48:49 -05:00
javanna 69218af73f Remove subrequests method from CompositeIndicesRequest
Original commit: elastic/x-pack-elasticsearch@c644204598
2016-11-30 15:03:42 +01:00
Dimitrios Athanasiou 211d787f33 Remove mappings for influencer fields that overlap with bucket or record
Original commit: elastic/x-pack-elasticsearch@36acf9f31b
2016-11-30 14:00:42 +00:00
Dimitrios Athanasiou 9dda1ee21a Remove redundant repetition of partition scores in mappings
Original commit: elastic/x-pack-elasticsearch@4194a16529
2016-11-30 14:00:42 +00:00
Dimitrios Athanasiou 75c36207b4 Also rename epochStart/epochEnd to start/end in BucketsQueryBuilder
Original commit: elastic/x-pack-elasticsearch@e2eaca7ba5
2016-11-30 14:00:42 +00:00
Dimitrios Athanasiou d0c0e6904e Move RestGetInfluencersAction under results package
Original commit: elastic/x-pack-elasticsearch@281d432732
2016-11-30 14:00:42 +00:00
Dimitrios Athanasiou ec5aa34d17 Rename epochStart/epochEnd to start/end in result query builders
Original commit: elastic/x-pack-elasticsearch@f4fdd64278
2016-11-30 14:00:42 +00:00
Dimitrios Athanasiou 2898e3c421 Make start and end optional params in results endpoints
Original commit: elastic/x-pack-elasticsearch@0ab5da04f9
2016-11-30 14:00:42 +00:00
Dimitrios Athanasiou 9d2ce12624 Set type to influencer while getting influencers
Original commit: elastic/x-pack-elasticsearch@c65365e3ee
2016-11-30 14:00:42 +00:00
Dimitrios Athanasiou 5455b5bbad Fix result mappings
Original commit: elastic/x-pack-elasticsearch@e63209af98
2016-11-30 14:00:42 +00:00
David Kyle 1c98d59db0 Bug 401 Fix NPE when POSTing empty JSON object to /jobs (elastic/elasticsearch#420)
Original commit: elastic/x-pack-elasticsearch@fa6db52c8c
2016-11-30 10:19:03 +00:00
Adrien Grand 981648774f Remove usage of `indices.ttl.interval`. (elastic/elasticsearch#4207)
Remove usage of `indices.ttl.interval`.

Original commit: elastic/x-pack-elasticsearch@54c987daec
2016-11-30 10:11:10 +01:00
Adrien Grand 84be89861a Remove 2.x bwc indices. (elastic/elasticsearch#4206)
Version 6.0 will only support reading 5.0+ indices.

Original commit: elastic/x-pack-elasticsearch@167f5f209d
2016-11-30 10:10:30 +01:00
Martijn van Groningen fd743cbfc6 Simplify flush listener by using computeIfAbsent(...)
Make sure CountDownLatch gets removed when it is no longer needed
Also add CountDownLatch is it is missing when we ack a flush id,
we may ack before we wait for it

Original commit: elastic/x-pack-elasticsearch@83a993b9ad
2016-11-30 10:04:42 +01:00
Jason Tedor 3da81aa922 Add version 5.0.3
This commit adds version 5.0.3 and the BWC indices for version 5.0.2.

Relates elastic/elasticsearch#4211

Original commit: elastic/x-pack-elasticsearch@a0c83a0b92
2016-11-29 18:48:45 -05:00
Luca Cavanna 34d6dc1db1 Categorize search template action as a composite indices request (elastic/elasticsearch#4209)
When we encounter a composite request, we authorize at first without looking at the indices, to see whether the action can be executed at all. We then rely on the action to delegate to an inner action per sub-request, which will be authorized based on the indices it refers to. The first step works great for the simulate mode of search template, as it doesn't involve any index. The second step will make sure that when search template involves a search, it will be authorized as a normal search request would, based on the indices it reads from.

Note that the wildcard expansion happens now on the search side, it doesn't have to happen when executing the first authorization step, hence SearchTemplateRequest doesn't have to implement IndicesRequest, only SearchRequest has to (which it does already).

Closes elastic/elasticsearch#4171

Original commit: elastic/x-pack-elasticsearch@d586bd90cb
2016-11-29 20:53:01 +01:00
Zachary Tong 7f6907da8b Convert GetList from SingleDocument to QueryPage (elastic/elasticsearch#408)
Related to elastic/elasticsearch#314

Original commit: elastic/x-pack-elasticsearch@40702a3d5b
2016-11-29 13:22:54 -05:00
Martijn van Groningen fb2bd73bc1 Let close autodetect wait for other operations to complete.
Original commit: elastic/x-pack-elasticsearch@de517f4fba
2016-11-29 18:05:56 +01:00
David Kyle f88216eaa5 Persist DataCounts every 10 seconds from a thread pool scheduled task. (elastic/elasticsearch#388)
* Persist DataCounts every 10 seconds from a thread pool scheduled task.

Also rework the isReportingBoundary function changing the function as the boundary changes

* Remove overloaded constructors from StatusReporter and DummyStatusReporter

* Persist dataCounts in a background thread from the status reporter

* Use generic threadpool

Original commit: elastic/x-pack-elasticsearch@f00c1067aa
2016-11-29 16:37:47 +00:00
David Kyle 688b5cc202 Renamed REST path parameters to snake case. (elastic/elasticsearch#367)
* Renamed REST path parameters to snake case.

And added missing parameter descriptions

* Document endpoint which accept body parameters

* Endpoints that support body parameters must also accept POST

Original commit: elastic/x-pack-elasticsearch@2cad2e8af6
2016-11-29 16:04:08 +00:00
David Roberts c99ee42f0e Fix a stream parsing edge case (elastic/elasticsearch#413)
BytesReference doesn't like size 0 slices

Original commit: elastic/x-pack-elasticsearch@20ef0d2c1f
2016-11-29 13:52:34 +00:00
David Kyle 5d2cc13797 Fix long lines failing check and parsing tests (elastic/elasticsearch#415)
Original commit: elastic/x-pack-elasticsearch@0711a9c919
2016-11-29 13:50:56 +00:00
Tanguy Leroux a414e3a7d9 [TEST] Waits for security template to be created in XPackRestIT
This commit applies the same fix merged in  elastic/elasticsearch#4179 for XDocsClientYamlTestSuiteIT. It adds a waitForSecurityTemplate() method in order to wait for the security-index-template to be created by the SecurityTemplateService.

Original commit: elastic/x-pack-elasticsearch@1476f30e2d
2016-11-29 14:05:58 +01:00
David Roberts 62a0f64012 Fix Windows named pipes with Java security manager (elastic/elasticsearch#410)
The problem is that the Java security manager can open the pipe and then
quickly close it, leading to a need to reconnect from the C++ side.

Original commit: elastic/x-pack-elasticsearch@772b57f443
2016-11-29 12:38:06 +00:00
David Kyle 576a591d3b Make the per partition max anomaly scores a result type (elastic/elasticsearch#411)
Original commit: elastic/x-pack-elasticsearch@002a1d7623
2016-11-29 11:52:37 +00:00
Martijn van Groningen 78cd60048c log ResourceAlreadyExistsException differently,
it can happen we encounter more then one cluster states with no usage index and causing this class to send two or more create index requests, but only one request will succeed.

Original commit: elastic/x-pack-elasticsearch@524a1dda61
2016-11-29 10:21:04 +01:00
Martijn van Groningen 0cba57194c test: also wait for paused state
Original commit: elastic/x-pack-elasticsearch@8ffec23a21
2016-11-28 22:43:54 +01:00
Zachary Tong 2b2307a82b Use jobId_timestamp_bucketSpan as ID for bucket (elastic/elasticsearch#375)
Removes the reliance on ES autogenerated UUIDs and instead uses `{jobId}_{timestamp}_{bucketSpan}`

Original commit: elastic/x-pack-elasticsearch@3cd774edd8
2016-11-28 13:59:47 -05:00
Martijn van Groningen b526d7920d change test to wait allocation has been added (which is added in the background)
Original commit: elastic/x-pack-elasticsearch@6b60d37fb5
2016-11-28 18:13:31 +01:00
Martijn van Groningen 2cbc415f38 mute test
Original commit: elastic/x-pack-elasticsearch@adc69f682e
2016-11-28 18:00:05 +01:00
Martijn van Groningen ee132337b5 Update the job status only once when closing (or pausing) the analytical process.
Also changed the the post data api to change the job status to running when the analytical process is started.

Closes elastic/elasticsearch#319

Original commit: elastic/x-pack-elasticsearch@b38d52d849
2016-11-28 16:43:21 +01:00
Tanguy Leroux 0673d6b3d6 [Test] Add back ThreadLeakLingering in OldMonitoringIndicesBackwardsCompatibilityTests
Also changes a bit how collection is stopped.

Original commit: elastic/x-pack-elasticsearch@e28f8bc11d
2016-11-28 16:10:28 +01:00
Jay Modi 637154cc6e Iterate over realms asynchonously
This commit moves the iteration of realms for authentication and user lookup to
be done in an asynchronous fashion. The existing blocking methods have been deprecated
to allow custom realm implementors time to switch. All internal realms implement the
asynchronous methods.

This PR is another step toward the full migration to async authentication, but does not
complete the work. Additional work is needed for the LDAP realms, which make blocking
network calls. These blocking calls will be handled in a follow-up PR.

See elastic/elasticsearch#3790

Original commit: elastic/x-pack-elasticsearch@a65a9b2bb4
2016-11-28 09:28:51 -05:00
Martijn van Groningen 2e78706a3f Create usage index upon startup.
Also moved all creation logic that is required to run at cluster startup into PrelertInitializationService.

Original commit: elastic/x-pack-elasticsearch@453ba3efa3
2016-11-28 15:02:30 +01:00
David Kyle 3362d5c965 Remove average processing time mapping (elastic/elasticsearch#402)
Original commit: elastic/x-pack-elasticsearch@97fdeaf748
2016-11-28 12:48:14 +00:00
David Kyle 39fe1b7b09 Remove System.out.println call from test.
Fails the gradle check task

Original commit: elastic/x-pack-elasticsearch@daace999a7
2016-11-28 11:08:28 +00:00
David Kyle 02a94ce729 Detype Results (elastic/elasticsearch#384)
* Add result_type field to bucket

* Query and delete buckets/records by result_type

* Add a filter to the ElasticsearchBatchedDocumentsIterator subclasses for result_type:bucket

* De-type Influencers, BucketInfluencers and Category Definitions

* Revert de-typing CategoryDefinition

* Resolve merge errors after rebase

Original commit: elastic/x-pack-elasticsearch@65605432e8
2016-11-28 10:47:17 +00:00
Alexander Reelsen f265ab7cae Watcher: Throw exception if HttpClient response is not a HTTP response (elastic/elasticsearch#4154)
If the HTTP response is an invalid one, it is still logged as success.
This commit changes the behaviour, that if the response status code is
set to -1 (which means it could not be interpreted), than an IOException
is thrown and thus the execution will be marked as a failure.

Closes elastic/elasticsearch#4152

Original commit: elastic/x-pack-elasticsearch@5736fbe3c0
2016-11-28 11:29:28 +01:00
Dimitris Athanasiou 37cd03ad4d Split records and influencers from bucket (elastic/elasticsearch#389)
In c++ the results are built all together under a bucket hierarchy.
This buckets was written out and java would read it and split the
bucket into its parts: the bucket itself, its records and its
influencers.

During the migration, the bucket started being persisted as a whole,
including its records and influencers.

This commit is changing this by modifying the way results are written
in c++. This way, the java and c++ results writing/reading are in sync.

To achieve this, the change involved writing records and influencers as
top level results from c++. In addition, they are written as an array
object in order to allow the java side to persist them in a bulk
request.

* Fix bucket counting in results processor

Original commit: elastic/x-pack-elasticsearch@feadf3f887
2016-11-25 17:54:24 +00:00
David Roberts 9286ef2304 Add a missing field to the mappings for modelSnapshot documents (elastic/elasticsearch#396)
This fixes one of the problems of elastic/elasticsearch#394

Original commit: elastic/x-pack-elasticsearch@ea627767d2
2016-11-25 17:19:37 +00:00
David Roberts 16b91c9d0f Add job ID to NativeAutodetectProcess log messages (elastic/elasticsearch#392)
Original commit: elastic/x-pack-elasticsearch@5d3b03910e
2016-11-25 16:34:57 +00:00
Martijn van Groningen 8b1b035965 Wait upto 30 seconds for flush to complete Instead of waiting 5 times 6 seconds.
Original commit: elastic/x-pack-elasticsearch@4766e1e903
2016-11-25 15:35:01 +01:00
David Roberts 2ef240c20b Remove last remnants of bucket/record parent/child relationship (elastic/elasticsearch#387)
The majority of this change was done in PR elastic/elasticsearch#300 - this is just a tidy-up

Original commit: elastic/x-pack-elasticsearch@c9886f0592
2016-11-25 11:08:42 +00:00
Martijn van Groningen 25fb2a4b24 renamed test
Original commit: elastic/x-pack-elasticsearch@eb5e2738cd
2016-11-25 11:21:12 +01:00
David Roberts ba8b60818f StatusReporter log messages should include job ID
Original commit: elastic/x-pack-elasticsearch@841af87535
2016-11-25 10:16:46 +00:00
David Roberts d1bf5d83ad Remove prelert_ prefix from programs to fit what Elasticsearch expects (elastic/elasticsearch#332)
Elasticsearch will now attempt to spawn a controller daemon called simply
`controller` when it starts up, but ours was called `prelert_controller`.
For consistency it makes sense to remove the prefix from all our programs.

Original commit: elastic/x-pack-elasticsearch@d06714b231
2016-11-24 22:21:17 +00:00
Martijn van Groningen a627e6621c Re-enabled disabled scheduler tests. Main issues seemed to be that the state was sometimes set back from STOPPED to STOPPING and stop scheduler would close the job without updating the status.
Also when executing lookback / realtime searches keep `Future` instances around, so that we can cancel the opertion when a job gets closed.

Closes elastic/elasticsearch#381

Original commit: elastic/x-pack-elasticsearch@9773ff3810
2016-11-24 21:50:31 +01:00
Martijn van Groningen 04968d3ee6 Make persisters node level services and remove the notion of a job logger,
the job id should always be included into the log message itself

Original commit: elastic/x-pack-elasticsearch@7dc6464a9a
2016-11-24 18:09:21 +01:00
Dimitris Athanasiou 26e3ca9155 Make close job a master node action (elastic/elasticsearch#362)
* Make close job a master node action

The close job action now:

 - Is a master node action
 - Sets the job status to CLOSING
 - Waits for the job status to change to CLOSED before it responds

JobLifeCycleService picks up on a job status change to CLOSING and
closes the job. At the end, it sets the job status to CLOSED.

* Assert job status is closed after close in integration test

This also correctly passes an ActionListener to JobManager.setJobStatus
in order to ensure the job status request has completed and to properly
propagate failures.

Original commit: elastic/x-pack-elasticsearch@1546c77fca
2016-11-24 14:59:25 +00:00
David Roberts 3f0b13cda9 Fix the PID used for autodetect process license validation (elastic/elasticsearch#380)
The PID used needs to be the PID of autodetect's parent proecss.  The parent
is of course the controller daemon rather than the JVM.

Original commit: elastic/x-pack-elasticsearch@607481e1e2
2016-11-24 13:51:54 +00:00
Martijn van Groningen b8856eea54 added awaitfix annotations
Original commit: elastic/x-pack-elasticsearch@e490816285
2016-11-24 13:58:53 +01:00
Dimitris Athanasiou d8b6ecfb31 Write record influencers as they are expected in java (elastic/elasticsearch#379)
Original commit: elastic/x-pack-elasticsearch@d016684866
2016-11-24 12:35:24 +00:00
Dimitrios Athanasiou 2a46837296 Fix get records yaml test
Original commit: elastic/x-pack-elasticsearch@9553fd0b52
2016-11-24 11:46:00 +00:00
Martijn van Groningen aa53e7177a wait for the allocation to be added before sending data
Original commit: elastic/x-pack-elasticsearch@504a75a2f2
2016-11-24 11:50:14 +01:00
Dimitrios Athanasiou 02c755bfbe Fix AnomalyRecord.Type and remove setParent call
Original commit: elastic/x-pack-elasticsearch@3ffe114ac2
2016-11-24 10:43:54 +00:00
Martijn van Groningen 4562ec9d6c adding more logging
Original commit: elastic/x-pack-elasticsearch@5c20d662f0
2016-11-24 09:11:53 +01:00
Jason Tedor c4e890cba0 Adapt to unreleased versions change
Core has better support unreleased versions now, making maintenance of
these simpler. This commit adapts x-plugins to this change.

Relates elastic/elasticsearch#4168

Original commit: elastic/x-pack-elasticsearch@a5d8a2f7df
2016-11-23 15:49:53 -05:00
Alexander Reelsen d53dbe5283 Watcher: Clean up email server (elastic/elasticsearch#4163)
* Do not try bind to port range but use free ephemeral port
* Start a new email server in all tests, do not use static one
* Remove selection of username/password, as it was static anyway
* Remove Listener.Handle class, as it is not needed, when not running in static context

Original commit: elastic/x-pack-elasticsearch@8816cc25f6
2016-11-23 18:19:02 +01:00
Martijn van Groningen 118abf963b * Added dedicated TP for scheduler and interacting with autodetect process. This capped at the number of threads required to run autodetect process times maximum number of jobs allowed to run on a node.
* Added a setting that determines the maximum number of jobs that can run on a single node.
* Fail to start autodetect process if a user attempts to start more jobs than is allowed on a single node.
* Prevent concurrent data write, flush and close operation to the autodetect process.

Original commit: elastic/x-pack-elasticsearch@aca15fd51c
2016-11-23 17:17:47 +01:00
Zachary Tong 17b3224e03 Parameterize the result field name in QueryPage (elastic/elasticsearch#364)
QueryPage now requires a ParseField in the constructor, which is used for the name of the array of results. I considered putting an enum of different field names in QueryPage itself, but it seemed better to keep the field name local to each respective object.

hitCount was also renamed to count, and getters updated appropriately.

Finally, added a static helper to throw the ResourceNotFoundException, just to make life easier/more consistent.

Closes elastic/elasticsearch#359 

Original commit: elastic/x-pack-elasticsearch@9ba42ad4a1
2016-11-23 11:12:39 -05:00
Dimitris Athanasiou 9fc3c77905 Allow job delete only when job is not running (elastic/elasticsearch#357)
Original commit: elastic/x-pack-elasticsearch@f2959fe2ba
2016-11-23 16:00:36 +00:00
Zachary Tong 4dc20467cb Re-pluralize Endpoints :) (elastic/elasticsearch#363)
Putting the various endpoints back to their plural form (and adjusting Java class names as necessary).

Original commit: elastic/x-pack-elasticsearch@5c8f3c7341
2016-11-23 10:34:49 -05:00
Tanguy Leroux ddddee1e1f [Watcher] Increment watcher history template version (elastic/elasticsearch#4166)
This commit increments the version number of the watcher history template.

Original commit: elastic/x-pack-elasticsearch@1c86e781ca
2016-11-23 16:27:33 +01:00
Tanguy Leroux 52eb621309 [TEST] Fix OldMonitoringIndicesBackwardsCompatibilityTests
OldMonitoringIndicesBackwardsCompatibilityTests fails because it waits for more shards stats to be collected but that can only work if new indices are created in the meanwhile.

Original commit: elastic/x-pack-elasticsearch@003c28cf93
2016-11-23 15:16:22 +01:00
David Roberts b11e5dbf4a Gradle task bundlePack needs to depend on cpp:strip (elastic/elasticsearch#368)
Otherwise the ES plugin can be bundled before the C++ is built

Original commit: elastic/x-pack-elasticsearch@079a59efdf
2016-11-23 14:00:08 +00:00
Colin Goodheart-Smithe b295d764a6 Creates a cpp gradle module to control the cpp build (elastic/elasticsearch#361)
Also uploads the pack zip to the nas instead of the elasticsearch plugin.

The cpp build can be disabled with `-Pxpack.cpp.build=false`

Original commit: elastic/x-pack-elasticsearch@1efb1b2e7e
2016-11-23 11:22:04 +00:00
Tanguy Leroux a32f2096a6 Add mappings for Jira action (elastic/elasticsearch#4155)
This commit updates the watch_history.json file so that it includes mappings for the new Jira action. It also update the JiraIssue format so that it now includes the name of the account used to create the Jira issue. It also update the REST tests to check that Jira action result are searchable and hide the user's password.

Original commit: elastic/x-pack-elasticsearch@75888f7748
2016-11-23 11:53:06 +01:00
David Kyle d5bb1f603b Add scheduler status filter to jobs endpoint (elastic/elasticsearch#350)
* Add scheduler status filter to jobs endpoint

* For scheduled jobs set the initial scheduler state

* Add status filter to job endpoint


Original commit: elastic/x-pack-elasticsearch@c7ed1627e2
2016-11-23 10:00:21 +00:00
Martijn van Groningen 5d042fc1b8 updated testScriptConditionParserBadScript() test to face reality
Original commit: elastic/x-pack-elasticsearch@222537dbe2
2016-11-23 09:15:45 +01:00
Martijn van Groningen 423a9cf7b2 write start array only after opening output and
write end array only after closing process

Original commit: elastic/x-pack-elasticsearch@b549ec3552
2016-11-23 08:23:57 +01:00
Ryan Ernst 3f02111a92 Remove upgrade source test, no longer needed with groovy gone
Original commit: elastic/x-pack-elasticsearch@c4a6c87227
2016-11-22 23:11:28 -08:00
Ryan Ernst 1dc839bd98 Remove groovy scripting language (elastic/elasticsearch#4162)
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#21607

Original commit: elastic/x-pack-elasticsearch@125843e814
2016-11-22 22:45:15 -08:00
Jay Modi 7873bb73c4 add tests for concurrent user lookup
This commit adds tests to ensure that user lookup in caching realms works as expected. An unclear
contract in the Cache#computeIfAbsent method allowed for null values to be returned from this method
even if there should have been exception reported to the loader. This has been fixed in the cache
implementation and we add tests to verify that the caching of user lookups is done properly under
concurrent operations.

Closes elastic/elasticsearch#4054

Original commit: elastic/x-pack-elasticsearch@41567c6ed9
2016-11-22 15:16:49 -05:00
Simon Willnauer 7f28ca7fb7 Adopt changes to TransportClient constructor (elastic/elasticsearch#4141)
Follow-up for elastic/elasticsearchelastic/elasticsearch#21709

Original commit: elastic/x-pack-elasticsearch@40d3725ac2
2016-11-22 20:46:43 +01:00
jaymode 7821203422 test: add bwc index for 2.4.2
Original commit: elastic/x-pack-elasticsearch@f9fbd83b9c
2016-11-22 14:37:36 -05:00
Jay Modi 4239ba5415 allow reads of native users and roles when template version hasn't been updated
This change allows reads of our native users and roles when the template version has not been updated to
match the current version. This is useful for rolling upgrades where the nodes are also being actively
queried and/or indexed into. Without this, we can wreak havoc on a cluster by causing exceptions during
replication, which leads to shard failures. On nodes that match the version defined in the template,
write operations are allowed since we know that we are backwards compatible in terms of format but we
may have added new fields and shouldn't index them until the mappings and template have been updated.

As part of this, the rolling upgrade tests from core were used as the basis for a very basic set of tests
for doing a rolling upgrade with x-pack.

Closes elastic/elasticsearch#4126

Original commit: elastic/x-pack-elasticsearch@9be518ef00
2016-11-22 12:00:09 -05:00
Areek Zillur a9f3619b5a Enable merging license in tribe node (elastic/elasticsearch#4147)
Currently, a tribe node ignored underlying cluster licenses
due to inablity to select an appropriate license from  multiple
licenses. Now that tribe node supports merging custom metadata
(elasticsearch#elastic/elasticsearch#21552), we can enable license support in tribe
node.

Now, tribe node chooses license with the highest operation
mode from underlying cluster licenses. This commit also
adds integration tests for licensing to verify that:
 - autogenerated trial license propagates to tribe node
 - tribe node chooses the highest operation mode license
 - removing a license from underlying cluster license is
   removed from tribe

closes elastic/elasticsearch#3212

Original commit: elastic/x-pack-elasticsearch@b5c003decd
2016-11-22 11:42:51 -05:00
Martijn van Groningen f8569ca353 no need to check if an index exists (and then fail) prior to removing,
the delete index api will return an index not found error if that index has already been removed

Original commit: elastic/x-pack-elasticsearch@52000532be
2016-11-22 12:08:52 +01:00
Martijn van Groningen fe7d0d32ff Use ES' TP to start reading from the persist state.
Renamed StateReader to StateProcessor.
Folded parsing package into output package.

Original commit: elastic/x-pack-elasticsearch@c027843ec4
2016-11-22 11:29:13 +01:00
Tanguy Leroux c9b3de6f23 Make HttpRequest toXContent / parse method coherent (elastic/elasticsearch#4153)
This commit changes the toXContent() method so that it generates content that can be parsed again by the parse() method. Before this commit, the authentication of the HTTP request is rendered as:

{ "auth": {"username": "foo", "password": "bar" } }

but the parsing method expects the authentication type to be a root object:

{ "auth":  { "basic" :  {"username": "foo", "password": "bar" } } }

The toXContent method has been adapted to include the type of authentication in the generated content.

Original commit: elastic/x-pack-elasticsearch@b740466109
2016-11-22 11:24:06 +01:00
Martijn van Groningen 5214de23a1 bug fix: create empty response in post data action for serialization
added getter for data counts
and initialize resetStart / resetEnd with empty strings

Original commit: elastic/x-pack-elasticsearch@d4925506e6
2016-11-22 10:44:14 +01:00
Tanguy Leroux efe6524253 Mute JiraIssueTests.toToXContent()
Until "https://github.com/elastic/x-plugins/pull/4153" is solved

Original commit: elastic/x-pack-elasticsearch@c7720faddf
2016-11-22 10:07:27 +01:00
Alexander Reelsen a709d78e5a Tests: Ensure mock webserver binds always on arbitrary port (elastic/elasticsearch#4139)
This removes the mock webserver trying to bind to a port range, just
try to bind to any port.

Also removed unneeded wrapper class in the process.

Original commit: elastic/x-pack-elasticsearch@19b6ac393a
2016-11-22 09:24:32 +01:00
Tanguy Leroux 4978d3a8e0 [TEST] Fix JiraIssueTests.testEquals()
This commit fixes a test bug were a random field is picked out of an empty collection.

Original commit: elastic/x-pack-elasticsearch@a42dff7257
2016-11-22 09:09:44 +01:00
Jason Tedor 158ab2e724 Die with dignity on the network layer
When a fatal error is thrown on the network layer, such an error never
makes its way to the uncaught exception handler. This prevents the node
from being torn down if an out of memory error or other fatal error is
thrown while handling HTTP or transport traffic. This commit adds logic
to ensure that such errors bubble their way up to the uncaught exception
handler, even though Netty tries really hard to swallow everything.

Original commit: elastic/x-pack-elasticsearch@f76757674f
2016-11-21 22:14:45 -05:00
Zachary Tong 15e8cf7bcb Consolidate GetJob/GetJobs (elastic/elasticsearch#342)
In the same vein of GetBucket/GetBuckets and GetCategory/GetCategories.

This one was a bit more involved, since previously GetJobs didn't support 
configuring the various metrics. So now all metrics can be configured when 
requesting both a single job, or a range of jobs. It also unifies the request 
body handling between the two and adds POST handlers.

And similar to the other refactorings, the SingleDoc response is gone in 
favor of always returning an array of hits.

Original commit: elastic/x-pack-elasticsearch@ac47bb9bf6
2016-11-21 16:31:01 -05:00
Dimitris Athanasiou 63e40d9c72 Remove DataStreamer and DataStreamerThread (elastic/elasticsearch#353)
These classes are no longer needed. They used to be
necessary in order to handle compressed data and sending
data to multiple jobs. Compressed data is now handled
by elasticsearch and multi-job upload is no longer supported.

Original commit: elastic/x-pack-elasticsearch@08a9f29855
2016-11-21 16:30:10 +00:00
David Kyle be0b8575c1 Remove averageBucketProcessingTime from Job (elastic/elasticsearch#351)
Original commit: elastic/x-pack-elasticsearch@60703caa1b
2016-11-21 16:30:01 +00:00
David Roberts c6d52cd949 Fix a knock-on effect of removing JobLogs
Original commit: elastic/x-pack-elasticsearch@501fcda045
2016-11-21 15:49:26 +00:00
David Roberts c1d8b31b0e Remove redundant JobLogs class (elastic/elasticsearch#348)
Now we no longer have a log directory per job we don't need the functionality
to delete those directories.

Fixes elastic/elasticsearch#346

Original commit: elastic/x-pack-elasticsearch@a18beb0519
2016-11-21 15:36:50 +00:00
Tanguy Leroux 7c1f4326fc [TEST] Fix OldMonitoringIndicesBackwardsCompatibilityTests
This commit aims to fix the regularly failing test OldMonitoringIndicesBackwardsCompatibilityTests. It enables/disables monitoring data collection using time interval "-1" as well as stopping AgentService instances directly and checks multiple times if indices are still present at the end of the test.

closes elastic/elasticsearch#3999

Original commit: elastic/x-pack-elasticsearch@8ac785061a
2016-11-21 16:15:42 +01:00
David Roberts f9dde66678 Add a simple license validation argument to the C++ processes (elastic/elasticsearch#339)
NOT the controller process, as this cannot take arguments when
started as a daemon by Elasticsearch

Closes elastic/elasticsearch#253

Original commit: elastic/x-pack-elasticsearch@14ea155caa
2016-11-21 11:26:10 +00:00
Martijn van Groningen b11f238791 fix test bug
Original commit: elastic/x-pack-elasticsearch@9f1584e48f
2016-11-21 11:53:03 +01:00
David Kyle 7c66c3a553 Remove dataCounts and modelSizeStats from Job (elastic/elasticsearch#333)
* Remove DataCounts and ModelSizeStats from Job

* Delete unused ElasticsearchJobDetailsMapper

Conflicts:
	elasticsearch/src/main/java/org/elasticsearch/xpack/prelert/job/persistence/ElasticsearchJobDetailsMapper.java
	elasticsearch/src/test/java/org/elasticsearch/xpack/prelert/job/persistence/ElasticsearchJobDetailsMapperTests.java

* Add missing mappings for DataCounts

Fixes yaml test failures

* Add test to assert revert a model snapshot sets DataCounts.latest_record_timestamp

* Resolve merge errors

* Add NORELEASE for persisting dataCounts in cluster update

Original commit: elastic/x-pack-elasticsearch@46099d4db6
2016-11-21 10:18:18 +00:00
Tanguy Leroux 18478d63c2 Watcher: Add JIRA action (elastic/elasticsearch#4014)
closes elastic/elasticsearch#493

Original commit: elastic/x-pack-elasticsearch@6b7387d3e4
2016-11-21 10:52:55 +01:00
Colin Goodheart-Smithe 617a1b65d2 remove warning
Original commit: elastic/x-pack-elasticsearch@73fae7a8fe
2016-11-21 09:28:42 +00:00
Tim Vernum 74b0a1e71a Record audit trail even if indicies-resolver throws exception (elastic/elasticsearch#4116)
* Record audit trail even if indicies-resolver throws exception

If the IndicesAndAliasesResolver throws an exception, treat is as "accessDenied" for the purpose of the audit-trail.
This can occur when an index request has a wildcard that doesn't match (and "allowNoIndices" is false)

Closes elastic/elasticsearch#3719

Original commit: elastic/x-pack-elasticsearch@ca6567e5ed
2016-11-21 09:18:49 +11:00
Colin Goodheart-Smithe f9de2fdc74 Remove unused headers and variables
Original commit: elastic/x-pack-elasticsearch@c720e2f8cc
2016-11-18 16:57:00 +00:00
Colin Goodheart-Smithe 06df439db0 Moves Java code to fit x-pack style structure
This change moves the Java code from `/java/apps/engine-node` to `/elasticsearch` so it matches the structure required by X-Pack. This will make it easier to get the gradle build working correct and building the full Pack zip.

Original commit: elastic/x-pack-elasticsearch@2fd6539e85
2016-11-18 16:35:00 +00:00
Tim Vernum ae6eb0d159 Enforce username validation on PUT security/user (elastic/elasticsearch#4118)
Validation was being applied within UsersTool but not via the REST API
This also causes some validation messages in PutUser to change.

Closes elastic/elasticsearch#4018

Original commit: elastic/x-pack-elasticsearch@8e02146dee
2016-11-18 12:33:45 +11:00
Simon Willnauer cc22888417 Stabelize RemoteIndexAuditTrailStartingTests and improve IndexAuditTrail (elastic/elasticsearch#4112)
RemoteIndexAuditTrailStartingTests has been failing quite often due to several
race conditions. This change simplifies the test (one node per cluster, local and
remote) and fixes some issues in IndexAuditTrail. The interrupt based shutdown has
been removed from the `QueueConsumer` and an additional health call has been added
to trigger another start attempt if the first one failed. This stabilize the test
that now run in 1 second rather than 1 minute.

Original commit: elastic/x-pack-elasticsearch@a1c8131cd2
2016-11-17 17:57:15 +01:00
Jason Tedor 7309f11f51 Respond to exposing of executor service
This commit responds to a chance in core which modified the interface
for ThreadPool#executor and ThreadPool#generic to return an executor
service rather than an executor.

Relates elastic/elasticsearch#4107

Original commit: elastic/x-pack-elasticsearch@7c7c6a3b90
2016-11-17 09:19:15 -05:00
Simon Willnauer 92040ef72e Remove netty_3 support from xpack (elastic/elasticsearch#4097)
This is a followup from elastic/elasticsearchelastic/elasticsearch#21590 and needs to be
committed first or at the same time since netty_3 is removed

Original commit: elastic/x-pack-elasticsearch@131d74dd6b
2016-11-17 12:44:24 +01:00
Adrien Grand a5e410ba59 Remove expectations about store throttling stats now that it has been removed.
Original commit: elastic/x-pack-elasticsearch@244afb234a
2016-11-17 10:13:29 +01:00
Adrien Grand 67cc424303 Remove call to the store throttling stats.
Store throttling has been removed in elastic/elasticsearchelastic/elasticsearch#21573.

Original commit: elastic/x-pack-elasticsearch@40bcb51101
2016-11-17 09:48:26 +01:00
Nik Everett 042072410c Rename some tests from IT to Tests (elastic/elasticsearch#4106)
If these tests were in `:core` then then `IT` would be an appropriate
suffix, but in xplugins they should have `Tests`. This moves them
from the `integTest` task to the `test` task which is a good idea
because it lets them run in parallel with the other tests. Naming
them `IT` means that they are run not in parallel and they are run
with a running instance of Elasticsearch which they don't need.

This cuts the build from 15.5 minutes to 13.5 minutes for me.

Original commit: elastic/x-pack-elasticsearch@7b4bcf8bc5
2016-11-16 17:15:34 -05:00
jaymode 782fb6ad41 test: fix testDefaultMetaFields after adding _seq_no
Original commit: elastic/x-pack-elasticsearch@97faea1dd1
2016-11-16 12:32:28 -05:00
jaymode 766b89b2fd test: move indices:admin/seq_no/global_checkpoint_sync to handlers
Original commit: elastic/x-pack-elasticsearch@89ae75de6e
2016-11-16 12:24:18 -05:00
jaymode 586a8d4a00 add _seq_no field to allowed metafields
Original commit: elastic/x-pack-elasticsearch@875cbea3e0
2016-11-16 12:21:15 -05:00
Jason Tedor 52eec4736d Add global checkpoint to known actions/handlers
This commit adds the global checkpoint action to the known
action/handlers.

Original commit: elastic/x-pack-elasticsearch@db083911d2
2016-11-16 11:58:51 -05:00
Jason Tedor 5426a86ba0 Fix compilation issue introduced by seq. no merge
This commit fixes a compilation issue introduced by the merge of
sequence numbers branch into master. This merge introduced a new
constructor parameter for ShardStats.

Original commit: elastic/x-pack-elasticsearch@b234b8ee50
2016-11-16 11:49:57 -05:00
Nik Everett 260a51fabe Disabled testDynamicIndexAction
It is failing consistently.

Original commit: elastic/x-pack-elasticsearch@21c96694bd
2016-11-15 21:24:29 -05:00
Nik Everett fedca4ae31 Add bwc index for 5.0.1 release
Original commit: elastic/x-pack-elasticsearch@92bc318313
2016-11-15 19:12:29 -05:00
Jay Modi 31c851f5c2 migrate authentication service to an async model
This commit migrates the authentication service to an asynchronous model where we use listeners
instead of blocking and waiting for the authentication to return. This is the first part of making
authentication asynchronous as we still have blocking I/O inside of realms.

See elastic/elasticsearch#3790

Original commit: elastic/x-pack-elasticsearch@9339af4af8
2016-11-15 13:01:49 -05:00
jaymode 68c026d273 retain all user information for a run as request
In the authentication service, we currently only copy the username and roles of the
user that was authenticated but we should instead preserve all of their information
in the newly created user object. This change does that through the user of a new
constructor in the user class that takes in both users.

Closes elastic/elasticsearch#3877

Original commit: elastic/x-pack-elasticsearch@7455078841
2016-11-15 10:57:46 -05:00
jaymode ddb032b71c test: disable auto minimum master nodes for NoMasterNodeTests
Original commit: elastic/x-pack-elasticsearch@59e0b3e97e
2016-11-15 10:33:59 -05:00
jaymode 27cb25581b unknown run as users should not be allowed to execute any APIs
If a authenticated user with run as permission attempts to run as an unknown user, the unknown
user will be assigned the default role and anonymous role if enabled. This change prevents this
from happening as we require the run as user to have been looked up by a realm.

Closes elastic/elasticsearch#3878

Original commit: elastic/x-pack-elasticsearch@034f44757d
2016-11-15 09:47:45 -05:00
Boaz Leskes 667bb340b4 Update tests for new auto management of min master nodes (elastic/elasticsearch#4068)
The internal test cluster now auto manages min_master_nodes  ( see https://github.com/elastic/elasticsearch/pull/21458 ). This requires some code changes but also changes the timings of forming a cluster. This has had a funny side effect where the master is no longer always the first node to be started in the cluster. This caused issues with watcher tests which freeze time.

Original commit: elastic/x-pack-elasticsearch@1e5ea8ae94
2016-11-15 13:42:59 +00:00
Ryan Ernst 207feb2fa2 Fix test lookup of Discovery to cast instead of lookup in injector directly
Original commit: elastic/x-pack-elasticsearch@2718dab928
2016-11-14 23:27:02 -08:00
Ryan Ernst 190c036932 Fix test to use TestZenDiscovery to get access to pings
Original commit: elastic/x-pack-elasticsearch@83ea58c2dd
2016-11-14 22:09:19 -08:00
Ryan Ernst 96ba09436e Tests: Use TestZenDiscovery instead of MockZenPing (elastic/elasticsearch#4052)
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#21488

Original commit: elastic/x-pack-elasticsearch@d3db54498a
2016-11-14 22:00:53 -08:00
Ryan Ernst f2c4d1f4da Remove generics from ActionRequest
x-plugins side of elastic/elasticsearchelastic/elasticsearch#21556

Original commit: elastic/x-pack-elasticsearch@a8e8873c84
2016-11-14 15:36:46 -08:00
Ryan Ernst 23e6cab7f1 Merge pull request elastic/elasticsearch#4044 from rjernst/realm_sig
Extensions: Make resource watcher available to custom realms

Original commit: elastic/x-pack-elasticsearch@3cb494e98d
2016-11-14 12:38:27 -08:00
jaymode a893f0d646 test: mock clusterservice to prevent NPE when remote indexing
This change mocks the ClusterService and sets it up so that when remote indexing, we see the
current node as the master.

Original commit: elastic/x-pack-elasticsearch@1f26b3df1f
2016-11-14 14:16:11 -05:00
jaymode 2ab7e52c79 improve comment
Original commit: elastic/x-pack-elasticsearch@a3662a81a2
2016-11-14 12:51:21 -05:00
jaymode 8285fbdd46 address feedback
Original commit: elastic/x-pack-elasticsearch@7f7f2c0e1f
2016-11-14 10:33:47 -05:00
jaymode 8e0f5f905e Merge branch 'master' into audit_index_csupdate
Original commit: elastic/x-pack-elasticsearch@5ca98373c7
2016-11-14 09:43:57 -05:00
Nik Everett 6acde61347 Reenable testDynamicIndexSearchInput
It works this morning....

Original commit: elastic/x-pack-elasticsearch@5d9bb37df8
2016-11-11 10:19:06 -05:00
Nik Everett ca3f13de69 Fix and disable some more tests
Template test is easy to fix. I have no idea what is up with the
dynamic index name test. It is finding results on the wrong time.

Original commit: elastic/x-pack-elasticsearch@535676164c
2016-11-10 22:20:08 -05:00
Nik Everett f15b8c94e4 Fix TemplateUtilsTests
The template has changed on disk so we have to change the assertion.

Original commit: elastic/x-pack-elasticsearch@cc9b76fcf6
2016-11-10 21:51:06 -05:00
Nik Everett 700467c3a7 Use index_patterns in templates
And skip a REST test that won't pass.

Original commit: elastic/x-pack-elasticsearch@e297add6c1
2016-11-10 21:42:59 -05:00
Jason Tedor 7da624739d Fix handler name on message not fully read
Today when a message is not fully read on a response, we log (among
other details) the handler name. Unfortunately, if the handler is a
wrapper, all that we see is

o.e.x.s.t.TransportService$ContextRestoreResponseHandler@7446ba18

completely losing the offending handler. This commit adds an override
for TransportService$ContextRestoreResponseHandler#toString so that the
underlying offender can be discovered.

Relates elastic/elasticsearch#4043

Original commit: elastic/x-pack-elasticsearch@3eb1003d5b
2016-11-10 16:13:23 -05:00
Ryan Ernst bcd32ada4f Extensions: Make resource watcher available to custom realms
This simply adds ResourceWatcherService as an arg for getting custom
realms from xpack extensions.

closes elastic/elasticsearch#4038

Original commit: elastic/x-pack-elasticsearch@fe58d8a7ee
2016-11-10 12:43:28 -08:00
Jack Conradson 0977935989 Clean up of Script.
Closes elastic/elasticsearch#3982

Original commit: elastic/x-pack-elasticsearch@96c94ae8d5
2016-11-10 09:58:37 -08:00
Alexander Reelsen 2081399738 Watcher: Remove guice modules from codebase (elastic/elasticsearch#4030)
This removes all guice module classes from the watcher codebase, so that guice is
only used for the transport and rest actions, but nowhere else in the codebase.

Also it ensures, that only ticker/schedule are valid trigger engine options.

Original commit: elastic/x-pack-elasticsearch@400ba24c33
2016-11-10 10:46:20 +01:00
Alexander Reelsen 7f5216a112 Watcher: Remove unused watcher plugin version in index template (elastic/elasticsearch#4023)
There was an unused and unconverted xpack.watcher.plugin.version
in the watch history index template, which resulted in this template output:

```
 "watch_history_1" : {
    "order" : 2147483647,
    "template" : ".watcher-history-1*",
    "settings" : {
		... ,
        "xpack" : {
          "watcher" : {
            "plugin" : {
              "version" : "${xpack.watcher.plugin.version}"
            },
            "template" : {
              "version" : "1"
            }
          }
        }
      }
```

As everything is one plugin now, this can be safely removed.

Original commit: elastic/x-pack-elasticsearch@c5c0bcaaaa
2016-11-10 08:59:28 +01:00
Jay Modi 65db63cac4 Restore the original ThreadContext after a preserved context is restored
This change adds the restoration of the original context inside the listeners and handlers where
we restore another context. This prevents us from polluting the context of the thread that called
the listener and leaving around a different user in the thread context.


Original commit: elastic/x-pack-elasticsearch@0f30363ef7
2016-11-09 16:02:43 -05:00
Alexander Reelsen 743458705a Watcher: Deguice WatcherClientModule, HistoryModule & InputModule (elastic/elasticsearch#4024)
Original commit: elastic/x-pack-elasticsearch@202d94dd96
2016-11-09 16:16:24 +01:00
Alexander Reelsen b0dc931091 Watcher: Remove deprecated GeneralScriptException (elastic/elasticsearch#4012)
Also removes an unused exception method in the Exceptions class.

Original commit: elastic/x-pack-elasticsearch@72dea031bb
2016-11-09 09:44:30 +01:00
Alexander Reelsen 7d10100fcb Watcher: Remove version/versiontype support in get/delete watch (elastic/elasticsearch#3977)
As we are not dependent on any versions any more and we never exposed
an version type functionality, nor documented it nor tested it, we
should remove this for the next major release.

Note, this just removes the ability to set those options, which we ignored
anyway in the transport action.

Original commit: elastic/x-pack-elasticsearch@3830203f50
2016-11-08 19:09:09 +01:00
Alexander Reelsen fe460bba37 Watcher: Add AwaitsFix to ActivateWatchTests.testDeactivateAndActivate
Original commit: elastic/x-pack-elasticsearch@0e94e3993e
2016-11-08 18:57:33 +01:00
Yannick Welsch 1112a2e8b7 Fix for ClusterStateObserver changes in core
Companion commit for elastic/elasticsearchelastic/elasticsearch#21379

Original commit: elastic/x-pack-elasticsearch@b0011dcc9d
2016-11-08 15:15:48 +01:00
Alexander Reelsen 44cdec7c96 Watcher: Remove Validation/Error class for parsing (elastic/elasticsearch#3972)
Using Elasticsearch validation mechanism instead of having an own class

Original commit: elastic/x-pack-elasticsearch@999c9243cc
2016-11-08 09:54:22 +01:00
Ryan Ernst fa97a806ca Remove unneeded rest test params
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#21391

Original commit: elastic/x-pack-elasticsearch@30d36e340a
2016-11-07 14:46:39 -08:00
jaymode 32754b12c0 Do not execute blocking calls on the cluster state update thread
This commit stops the index audit trail from executing blocking calls on the cluster
state update thread. Blocking calls were executed when indexing to a remote cluster
to get that cluster's state and also possibly put a template and mappings.

Closes elastic/elasticsearch#3989

Original commit: elastic/x-pack-elasticsearch@a8c0269fad
2016-11-07 14:23:05 -05:00
Alexander Reelsen bb94f3a2b2 Watcher: Refactor tests to ensure use of timewarp (elastic/elasticsearch#3973)
Ensure that tests never sleep, but run using timewarping,
so that sleeping can be removed from the test code.

Original commit: elastic/x-pack-elasticsearch@40fc3814f9
2016-11-07 14:33:57 +01:00
Alexander Reelsen ecb5bc89dc Watcher: Avoid NPE when local address is not resolvable (elastic/elasticsearch#3910)
This prevents a possible NPE when sending emails, as some host have
a perfectly fine internet connection, but cannot resolve their localhost.

In addition I also removed a EmailService.send() method that was only used
in tests and thus not needed.

Closes elastic/elasticsearch#3227

Original commit: elastic/x-pack-elasticsearch@d2e29b4c92
2016-11-07 11:55:50 +01:00
Alexander Reelsen 8b6552516e Watcher: Cleanup - remove Clock interface (elastic/elasticsearch#3985)
The clock interface is merely used to create mock clocks and inject them into tests.
We can do this with the java8 based java.time.Clock class as well, so there is no need
to keep this interface.

Original commit: elastic/x-pack-elasticsearch@ae30dc29ca
2016-11-07 09:10:25 +01:00
Jason Tedor 4e0457276d Start mock appender for capturing logger
The base test case class has been adapted to assert that no warn nor
error messages are logged to the Log4j status logger. An issue that
exists in x-pack uncovered by this change is that the mock appender in
the capturing logger was never started. This commit addresses this
issue.

Relates elastic/elasticsearch#3988

Original commit: elastic/x-pack-elasticsearch@8fc0b99bae
2016-11-04 14:21:28 -04:00
Nik Everett ae960f976d Slow down montiring bwc tests some more
Make them do things slightly less frequently and wait longer
to make sure everything is shut down. Sometimes it takes a while
but it does get there.

Original commit: elastic/x-pack-elasticsearch@76fc4acf47
2016-11-04 11:14:02 -04:00
jaymode 7cd3b8301b test: stop audit trails, increase logging and time to wait for it to start
See elastic/elasticsearch#3979

Original commit: elastic/x-pack-elasticsearch@79d559cb8f
2016-11-04 08:37:58 -04:00
Nik Everett 846b676127 Increase interval for monitoring bwc tests
Should make them more stable. Runs well locally.

Original commit: elastic/x-pack-elasticsearch@33b0dc3ae0
2016-11-03 21:52:47 -04:00
Nik Everett 3b11e764a9 Fix the monitoring bwc tests
This explicitly shuts down monitoring at the end of every index
which should help prevent the shutdown problems we were seeing.

Original commit: elastic/x-pack-elasticsearch@2be0ee0df8
2016-11-03 21:16:10 -04:00
Nik Everett 697a11ad02 Mark monitoring bwc indices tests awaitsfix
They have grown a bit unstable. I'll work to stabilize them
in the morning.

Original commit: elastic/x-pack-elasticsearch@e5f2fdcfb7
2016-11-03 18:33:27 -04:00
Nik Everett 784e40ac6c Slow down monitoring bwc test so it can shut down
We only need it to be so fast when starting up. We can slow it
down once it has started so shutdown isn't problematic.

Original commit: elastic/x-pack-elasticsearch@052d64402f
2016-11-03 17:33:30 -04:00
Chris Earle ac7b617f02 [Monitoring] Use Suffix with Marvel Index alias (elastic/elasticsearch#3961)
* [Monitoring] Use Suffix with Marvel Index alias

Using a suffix allows a non-aliased Monitoring index get created for _today_. Otherwise the time-based index for today cannot be created.

Original commit: elastic/x-pack-elasticsearch@92e7695a2c
2016-11-03 16:45:19 -04:00
Nik Everett 1926193766 Speed up and stabilize monitoring bwc tests
These tests were failing for me locally with this reproduction
line about 80% of the time:
```
gradle :x-plugins:elasticsearch:integTest -Dtests.seed=660D249EDCC648E5 -Dtests.class=org.elasticsearch.xpack.monitoring.OldMonitoringIndicesBackwardsCompatibilityIT -Dtests.method="testOldIndexes" -Dtests.security.manager=true -Dtests.jvms=12 -Dtests.locale=vi-VN -Dtests.timezone=Arctic/Longyearbyen
```

This was due to the ten second collection interval lining up with the
10 second sleep in `assertBusy`. Eventually the collection interval
lines up in such a way that it take more than ten seconds total to
create the alias for the monitoring index. 😢

This fixes that by dropping the interval to 100ms, making the test
no longer fail with that seed and succeed much more quickly. 😄

Relates to elastic/elasticsearch#3951

Original commit: elastic/x-pack-elasticsearch@b5dfa6ef7d
2016-11-03 15:46:57 -04:00
Ryan Ernst 230ebc9ff6 Merge pull request elastic/elasticsearch#3840 from rjernst/disco_zen_ping
x-plugins side of zen ping refactoring

Original commit: elastic/x-pack-elasticsearch@7767471a9a
2016-11-03 08:21:08 -07:00
Alexander Reelsen c0a1ec89f5 Tests: Improve execution speed of WatchStatsTests
Those tests ran 35 seconds on my local notebook. By not using a sleep based
scripting engine and some other tweaks the time is down to 13 seconds.

Also renamed the class to remove the `Slow` prefix.

Original commit: elastic/x-pack-elasticsearch@5289fe8dab
2016-11-03 14:27:01 +01:00
Jay Modi 714b891b03 security: add setting that makes system key required
This commit adds a setting that makes the system key required. If this setting is set to
true, a node will fail to startup when the system key does not exist.

Closes elastic/elasticsearch#3957

Original commit: elastic/x-pack-elasticsearch@e6d3000974
2016-11-03 07:54:38 -04:00
Nik Everett 1de85f4740 Move test for aliases starting with - into bwc
Moves the tests for aliases starting with `-` into the backwards
compatibility tests because we can no longer create such aliases.

Original commit: elastic/x-pack-elasticsearch@3639fe4d46
2016-11-02 19:53:36 -04:00
Chris Earle 7c8fc99098 [Monitoring UI] Show Replica Count not Replication Factor in Overview (elastic/elasticsearch#3949)
* [Monitoring UI] Show Replica Count not Replication Factor in Overview

This changes it to only show the replica count as `total - primaries` rather than showing the replication factor, which is particularly unhelpful when different indices have different replica counts.

Original commit: elastic/x-pack-elasticsearch@552f94bf8f
2016-11-02 16:24:42 -04:00
Nik Everett e63580459c Fix BWC index generation and tests for 5.0.0
Fixes the create_bwc_indexes script to build the bwc indices for
either 5.0.0 or 2.x.y.

Closes elastic/elasticsearch#3908

Original commit: elastic/x-pack-elasticsearch@f857647bb3
2016-11-02 14:52:04 -04:00
Alexander Reelsen 04969bd0cd Watcher: Remove ForceDeleteWatchTests
This test does not have a purpose anymore, since deletion of watches done
in elastic/elasticsearch#3481

Original commit: elastic/x-pack-elasticsearch@4bdf3614d3
2016-11-02 17:14:57 +01:00
Clinton Gormley 93fa60b601 Made REST spec param types consistent
duration -> time

Original commit: elastic/x-pack-elasticsearch@ca34bd2bdc
2016-11-02 15:30:09 +01:00
Luca Cavanna fae2f1a90f Security plugin to honour destructive operations setting (elastic/elasticsearch#3954)
`action.destructive_requires_name` setting was ignored by the security plugin as wildcards got expanded and resolved in the plugin before es core could actually check if the operation was supposed to be allowed or not. We are discussing how we could perform the check earlier in es core, but anyways it is good to perform the same check in the security plugin just to make sure.

Closes elastic/elasticsearch#3689

Original commit: elastic/x-pack-elasticsearch@3414cb3471
2016-11-02 15:01:25 +01:00
Alexander Reelsen 87ee1f30d6 Watcher: Make SchedulerEngine job handling threadsafe (elastic/elasticsearch#3955)
The old handling was not thread safe, as it used to replace volatile
objects in the code. This implementation uses a concurrent hashmap
to easily allow adding/removing schedules without having to replace
whole objects

Original commit: elastic/x-pack-elasticsearch@0aa618b372
2016-11-02 14:50:44 +01:00
Boaz Leskes 176829c4cc Change ClusterState and PendingClusterTasksResponse's toString() to their prettyPrint format (elastic/elasticsearch#3947)
Change ClusterState and PendingClusterTasksResponse's toString() to their prettyPrint format

Original commit: elastic/x-pack-elasticsearch@4ea9d56058
2016-11-02 13:44:09 +01:00
Alexander Reelsen fe93640e43 Watcher: Be strict with chain input parsing (elastic/elasticsearch#3873)
When parsing chain inputs there were possibilities to write invalid
JSON that resulting in losing the order of the inputs without any
exception being thrown.

This commit makes the parsing more strict.

Closes elastic/elasticsearch#3736

Original commit: elastic/x-pack-elasticsearch@963641ee2b
2016-11-02 10:37:41 +01:00
Alexander Reelsen 95e1f2942b Tests: Replaced bad apple test with REST test (elastic/elasticsearch#3920)
Original commit: elastic/x-pack-elasticsearch@5052f9cfbd
2016-11-02 09:58:38 +01:00
Adrien Grand 3e92b905c7 Improve QueryShardContext creation in SecurityIndexSearcherWrapper. (elastic/elasticsearch#3930)
Currently security always parses the permissions filters with a shard id equal
to `0` even if the query is executed on a different shard. Also it does not
protect against queries that may rely on the current timestamp even though we
don`t currently have ways to make sure that all shards use a consistent
timestamp.

Sibling of elastic/elasticsearchelastic/elasticsearch#21196.

Original commit: elastic/x-pack-elasticsearch@cab47f2ed2
2016-11-02 09:49:06 +01:00
Alexander Reelsen 043da7afe8 Tests: Remove bad apples from schedule engine tests (elastic/elasticsearch#3919)
The execution time of the trigger tests was extremely slow, because it
really waited until executions happened. This uses the mock clock to
advance in time manually.

This also allows to remove the bad apples annotation and make sure that
the schedule engine tests for both implementations are run all the time.

Relates elastic/elasticsearch#1007

Original commit: elastic/x-pack-elasticsearch@f9436f506f
2016-11-02 09:35:20 +01:00
Boaz Leskes 03c5d71c12 remove hard coded dates from testDateMathExpressionsCanBeAuthorized
Original commit: elastic/x-pack-elasticsearch@d7fac0b9a0
2016-11-01 09:02:39 +01:00
Jack Conradson 7dd4188299 Cleanup ScriptType (elastic/elasticsearch#3922)
Refactored ScriptType to clean up some of the variable and method names. Added more documentation. Deprecated the 'in' ParseField in favor of 'stored' to match the indexed scripts being replaced by stored scripts.

Original commit: elastic/x-pack-elasticsearch@d7c7bd7362
2016-10-31 13:49:10 -07:00
Yannick Welsch 8350a8b2d8 [TEST] Disconnect from newly added nodes if cluster state publishing fails
Companion commit for elastic/elasticsearchelastic/elasticsearch#21197

Original commit: elastic/x-pack-elasticsearch@248a6bfb7c
2016-10-31 15:36:54 +01:00
Simon Willnauer f696ad1d10 Skip authentication and warn if shards of the .security index are not available
Original commit: elastic/x-pack-elasticsearch@9970d80f2d
2016-10-28 15:04:06 +02:00
Alexander Reelsen e67847ca8c Tests: Increase logging to get more sync inside
My current assumption is, that creating the templates is not
yet finished (as this is async), so that we need to add
another check that the templates have been added before
continuing.

Relates elastic/elasticsearch#3892

Original commit: elastic/x-pack-elasticsearch@3880d200a1
2016-10-28 11:00:09 +02:00
Simon Willnauer f4da918b09 [TEST] Pass _analyze API params in the body rather than as params. Parameters are not supported anymore
Original commit: elastic/x-pack-elasticsearch@e04d425a89
2016-10-27 22:34:35 +02:00
Jason Tedor a15f565539 Mark BWC tests as awaits fix
These tests are awaiting the BWC indices script to be upgraded for 5.x.

Original commit: elastic/x-pack-elasticsearch@540fe73bd0
2016-10-26 21:40:00 -04:00
Jack Conradson 4fd19aa00a Merge branch 'master' into stype
Original commit: elastic/x-pack-elasticsearch@37f27bef1a
2016-10-26 12:29:43 -07:00
Simon Willnauer 84b631643c Add utility method to fetch and collect results from a query (elastic/elasticsearch#3894)
Today we have the same madness in two places and no dedicated test. This
change moves the real madness into a single place and adds a test for it
to make sure it actually works and isn't just crazy.

Original commit: elastic/x-pack-elasticsearch@dabf5fdd63
2016-10-26 21:05:49 +02:00
Jack Conradson 72a49015cc Refactor ScriptType to be a top-level class.
Original commit: elastic/x-pack-elasticsearch@39afcbfdf5
2016-10-26 10:21:47 -07:00
Simon Willnauer 9f57afbdf3 Return non-existing role if the .security index is not found (elastic/elasticsearch#3895)
We used to be very lenient with all kinds of exceptions related to the
`.security` index. Yet, sometimes in tests the index is not yet there but
transport clients already pinging the node this causes issues and transport
clients disconnect. Now if the index is not present we simply return no role.

Original commit: elastic/x-pack-elasticsearch@60948d0c2a
2016-10-26 17:25:20 +02:00
Simon Willnauer 6e1287bab9 Simplify TransportGetRolesAction (elastic/elasticsearch#3888)
TransportGetRolesAction optimizes for single role case while this
optimization can be simply inside the NativeRoleStore and being
way more contained.

Original commit: elastic/x-pack-elasticsearch@c43d8ba341
2016-10-26 14:55:39 +02:00
Jason Tedor 007e49c5d9 Reveal Content-Length on x-pack info HEAD requests
This commit permits x-pack info HEAD requests to reveal the
Content-Length of the response.

Relates elastic/elasticsearch#3887

Original commit: elastic/x-pack-elasticsearch@8696caa1f6
2016-10-25 23:12:54 -04:00
Simon Willnauer 0b24f022f7 Remove all blocking calls from TransportGetUsersAction (elastic/elasticsearch#3876)
`TransportGetUsersAction` does some funky blocking calls even though
it's specifying `SAME` as the thread-pool indicating that it's fast or
forking off quickly. Both might not be true today. This change adds
async support to the methods it calls without breaking the existing
Realm interface. Yet, we might need to do this down the road.

Original commit: elastic/x-pack-elasticsearch@d0959f87f3
2016-10-25 22:11:19 +02:00
Jay Modi 542a484031 security: cache negative lookups for native roles
This changes adds a special value for negative role lookups so that we can avoid scenarios
where we overload the cluster due to continually trying to load non-existing roles as is often
the case when `unmapped_groups_as_roles` is used with the active directory realm.

Relates elastic/elasticsearch#3530 

Original commit: elastic/x-pack-elasticsearch@62567b4c22
2016-10-25 16:00:27 -04:00
Jay Modi 7d60f6b365 security: restore the correct user when switching to the system user
* security: restore the correct user when switching to the system user

For internal actions where we need to switch to the SystemUser, we should always restore the proper
context after execution. We were restoring an empty context for actions executed by the SystemUser
in the SecurityServerTransportInterceptor.

In order to accomplish this, a few changes have been made. Both the SecurityServerTransportInterceptor
and the SecurityActionFilter delegate to `SecurityContext#executeAsUser` when a user switch is necessary.
Tests were added for this method to ensure that the consumer is executed as the correct user and the proper
user is restored.

While working on this, a few other cleanups were made:

* SecurityContext can never have a null CryptoService, so a null check was removed
* We no longer replace the user with the system user when the system user is already associated with the request
* The security transport interceptor checks the license state and if auth is not allowed, delegate and return
* The security transport interceptor sendWithUser method now requires authentication to be present or a hard
exception is thrown.
* The TransportFilters integration test has been deleted. This was integration test that relied on the ability to
get instances from a node and trace the execution. This has been replaced by additional unit tests in
ServerTransportFilterTests

Closes elastic/elasticsearch#3845

Original commit: elastic/x-pack-elasticsearch@d8bcb59cb7
2016-10-25 13:48:28 -04:00
Simon Willnauer a50bc7946b Make request authorization non-blocking (elastic/elasticsearch#3837)
This change removes the blocking notion from fetching the roles
from a remote index. This also removes the blocking client calls
that can potentially deadlock a request if executed on the transport
thread.

Relates to elastic/elasticsearch#3790

Original commit: elastic/x-pack-elasticsearch@c2eda39043
2016-10-25 17:28:29 +02:00
Jay Modi f3d5d79a20 test: install a new signed license when running index BWC tests
This change now installs a signed license that has been generated at runtime so the
BWC tests can run without hitting licensing issues. The x-pack BWC tests pull in the
full cluster state, which contains the trial license from when the indices and state
was generated. After the trial license period and grace period issues arise with the
tests.

Closes elastic/elasticsearch#3858

Original commit: elastic/x-pack-elasticsearch@1c79e874e5
2016-10-24 09:18:59 -04:00
Simon Willnauer f8ba7f6fd8 Restore thread-context when executing with InternalClient (elastic/elasticsearch#3859)
Today when a request is executed with InternalClient the thread context might
be lost if another component like security exchanges it by executing an async call
or an internal action. This can be a serious security problem since if the async
call executes as the system user all subsequent calls made by the response
thread will also execute as the system user instead.

Original commit: elastic/x-pack-elasticsearch@80682f338d
2016-10-24 14:39:00 +02:00
Simon Willnauer 51b871f344 Followup API change for elastic/elasticsearchelastic/elasticsearch#21089
Original commit: elastic/x-pack-elasticsearch@5d9b2fe0c8
2016-10-24 14:06:13 +02:00
Adrien Grand 47079cf5d1 Disable bw testing due to license expiration.
Relates to elastic/elasticsearch#3858

Original commit: elastic/x-pack-elasticsearch@7d676b96d3
2016-10-24 11:47:23 +02:00
Ryan Ernst 6dc4b0b749 x-plugins side of zen ping refactoring
see elastic/elasticsearchelastic/elasticsearch#21049

Original commit: elastic/x-pack-elasticsearch@57a0405eb7
2016-10-20 13:12:41 -07:00
Tanguy Leroux fc88dfe1a6 CertificateTool must not generate world redeable files (elastic/elasticsearch#3810)
This commit changes the permissions of the files generated by the certgen tool to 600 (like syskeygen does)

Original commit: elastic/x-pack-elasticsearch@bca74e9c92
2016-10-20 16:36:35 +02:00
Jay Modi 05886cdf9f security: exclude the anonymous role from the xpack user
The calls made by the native users and roles store use the internal xpack user to make the request
and this user has a built-in role that has a single instance. A bug was introduced when fixing the logic
for applying the anonymous role to all users in elastic/elasticsearch#3716. The anonymous role was now being added to
the xpack user, even though the additional role would have no effect as this user is a superuser.

When the anonymous role is applied to the xpack user and exists as a native role or doesn't exist
at all, we run into a deadlock since we wind up querying for the role as a user that also has the
anonymous role.

This change special cases the XPackUser when getting the collection of roles so that the only role
applied to this user is the superuser role.

Closes elastic/elasticsearch#3822

Original commit: elastic/x-pack-elasticsearch@e3093904f1
2016-10-20 08:11:01 -04:00
jaymode 388bfd761d security: use lucene automatons and remove dependency on briks
This commit removes the dependency on the briks automatons library and instead uses the lucene
version. Shield was originally implemented using the lucene version, but issues arose with supporting
multiple versions of elasticsearch and API changes, so we moved to using the briks library.

x-pack and elasticsearch are always the same version so we can use the lucene version of the
automatons and remove the briks library. This also brings with it protection from huge automatons
that we did not have before.

Original commit: elastic/x-pack-elasticsearch@e3f34b6b55
2016-10-20 06:55:01 -04:00
Jay Modi ff3d685833 security: update unboundid-ldapsdk to the latest version
This changes updates the unboundid ldapsdk to the latest version to stay up to date
with their releases.

Original commit: elastic/x-pack-elasticsearch@b9e4f7f062
2016-10-20 06:37:30 -04:00
javanna b7a10239be [TEST] Verify that date math expressions work with security plugin
Original commit: elastic/x-pack-elasticsearch@d87c9fdb30
2016-10-20 12:07:26 +02:00
javanna 8d001237df fix compile error after https://github.com/elastic/elasticsearch/pull/21032
Original commit: elastic/x-pack-elasticsearch@8372cea977
2016-10-20 12:02:18 +02:00
javanna 508784554b fix compile error after https://github.com/elastic/elasticsearch/pull/21032
Original commit: elastic/x-pack-elasticsearch@c4f400c0f7
2016-10-20 11:58:13 +02:00
Simon Willnauer 8b6867b99b Deguice Watcher Actions and Transformations (elastic/elasticsearch#3818)
This change simplifies the creation of Actions and Transformations.
It moves all instantiation away from guice into straight forward
constructor based initialization.

Original commit: elastic/x-pack-elasticsearch@3c0bca2bea
2016-10-19 23:35:16 +02:00
javanna a4c0c49b43 [TEST] Only create indices if nodes exist
Some tests manually start nodes, hence in the before test phase there are no nodes around thus indices should not be created.
Relates to elastic/elasticsearch#3770

Closes elastic/elasticsearch#3812

Original commit: elastic/x-pack-elasticsearch@a21ad39903
2016-10-19 18:34:08 +02:00
Jason Tedor 3d658c3f1e Adjust ClusterStatsResponse constructor calls
A commit in core removed the UUID parameter from the
ClusterStatsResponse constructor. This commit adjusts x-plugins to this.

Original commit: elastic/x-pack-elasticsearch@6f2f26168e
2016-10-19 11:25:07 -04:00
Simon Willnauer 09a4882a4c Remove Notification Accounts abstraction (elastic/elasticsearch#3811)
This change is a first step towards a real abstraction on top of all the
notification services. There are a bunch of followup changes coming for this
that will remove most of the classes in here but this is a first small step
to actually have a notification service interface.

Original commit: elastic/x-pack-elasticsearch@e14abf8a8b
2016-10-19 16:58:17 +02:00
Jay Modi 9ea1786596 security: only log if we actually loaded the system key
This commit changes the logging to only log if we actually loaded the system key, otherwise
the message is misleading as the key file may not even exist but we output that it was
loaded.

Original commit: elastic/x-pack-elasticsearch@0af7953c64
2016-10-19 08:36:29 -04:00
Boaz Leskes 29e35267c3 SecurityTribeIT - only wait for number nodes if they are not already there.
Original commit: elastic/x-pack-elasticsearch@3fa5da519a
2016-10-19 14:30:09 +02:00
Alexander Reelsen baf1596418 Watcher: Introduce dedicated reporting attachment type (elastic/elasticsearch#3665)
Instead of using the long running and long blocking single polling HTTP attachment for our reporting,
we should use the async API provided by kibana. The new workflow (all blocking and in a single watch)
looks like this:

1. An initial request is sent to trigger the report generation, which returns a path
2. This path is used to continuously check if the report is done (then it is sent back) or kibana sends another HTTP error code, which will result in watcher to sleep for another interval until the report is finally returned.

Features include configurable interval time and retry count, so that the total amount of waiting can be tweaked into two directions.

This is what the reporting type looks like right now

```
{
   "my-attachment":{
      "reporting":{
         "url":"http://www.example.org/my-dashboard",
         "retries":6, // optional, default 40
         "interval":"1s", // optional, default 15s
         "auth":{
            "basic":{
               "username":"foo",
               "password":"secret"
            }
         }
      }
   }
}
```

The interval/retries can also be configured via settings.

Note, that this is just a temporal workaround until the watcher execution can execute in an asynchronous fashion.

Closes elastic/elasticsearch#3524

Original commit: elastic/x-pack-elasticsearch@d1eaa856b9
2016-10-19 12:21:25 +02:00
Alexander Reelsen 1c3baa61fe Security/Watcher: Increase index priority for indices (elastic/elasticsearch#3709)
The `.triggered-watches`, `.watches` and `.security` indices should load
as early as possible, and not wait for other indices (especially not
for time-based indices, that are old).

This commit adds an index.priority to the template for those indices.
The values 1000, 900 and 800 were chosen rather arbitrary, mainly we
did not want to go with 10, because it was used in the sample documentation.

Security should always be loaded first, because we might need this index for
other operations.

Any administrator can still change all the values in the indices, but this
cares for better defaults.

Original commit: elastic/x-pack-elasticsearch@6ed0fb7975
2016-10-19 11:14:47 +02:00
Alexander Reelsen 0228a94d80 Watcher: Add support for aliases for watches/triggered watches index (elastic/elasticsearch#3770)
As discussed in #elastic/elasticsearch-migration/79 supporting aliases for watcher allows
the migration plugin to work.

This adds the relevent checks in the WatchStore and the TriggeredWatchStore that aliases are
supported, as the current assumption was always to just load an index.

Also, this rarely sets those indices as aliases in all the integration tests, so that this
case gets tested.

Note: The new WatchStoreUtils.getConcreteIndex() method will be put into core, as this is a
useful helper for others.

Original commit: elastic/x-pack-elasticsearch@4a98af691d
2016-10-19 10:29:27 +02:00
Boaz Leskes aa1eedc062 SecurityTribeIT - wait for tribe node to full process incoming cluster states
Original commit: elastic/x-pack-elasticsearch@4da1303965
2016-10-19 10:00:54 +02:00
Boaz Leskes 9bfd1721ca Fix SecurityTribeIT to properly add mock plugins in tribe node
Original commit: elastic/x-pack-elasticsearch@e82c39c5c4
2016-10-18 22:05:38 +02:00
Boaz Leskes 966600fc90 Adapt testing code to the removal of local discovery (elastic/elasticsearch#3767)
See https://github.com/elastic/elasticsearch/pull/20960

Original commit: elastic/x-pack-elasticsearch@f368fd4b1c
2016-10-18 21:12:36 +02:00
Simon Willnauer 435bd29dd5 Cleanup Condition infrastructure (elastic/elasticsearch#3795)
This change reduces the Condition infrastructure to a single interface called
`Condition` this interface is used to produce and parse requests but also
encapsulates the executable condition. The per class Result, Factory and Executable
are removed and replaced by a single class containing all logic.

Original commit: elastic/x-pack-elasticsearch@2870dff7ad
2016-10-18 17:34:37 +02:00
javanna 7191bb76ee Only negate index expression on all indices with preceding wildcard
Adapt security plugin to https://github.com/elastic/elasticsearch/pull/20898 .

Closes elastic/elasticsearch#3749

Original commit: elastic/x-pack-elasticsearch@2f3b0b17e1
2016-10-18 17:24:58 +02:00
Alexander Reelsen 74334b3713 Watcher: Remove watcherbuild info (elastic/elasticsearch#3792)
Watcher does not require any unique build info anymore, as all is put into
the MANIFEST.MF file during the build.

Also the xpack-properties is unused now and can be deleted.

Original commit: elastic/x-pack-elasticsearch@62f121c979
2016-10-18 13:19:13 +02:00
Simon Willnauer 9c54173e74 Remove ExecutableActions in favor of List and Map (elastic/elasticsearch#3779)
ExecutableActions is really an unnecessary abstraction on top of
List and Map. This commit remove the class and all its usage.

Original commit: elastic/x-pack-elasticsearch@b938499fcf
2016-10-17 22:47:54 +02:00
Simon Willnauer ee520c3c70 Remove obsolete Condition.Builder (elastic/elasticsearch#3781)
Condition.Builder simply forwards to the condition constructors
and can be removed.

Original commit: elastic/x-pack-elasticsearch@8c82efeb23
2016-10-17 22:45:42 +02:00
jaymode 70e1fc0447 test: ShrinkIndexWithSecurityIT needs at least 2 shards
Original commit: elastic/x-pack-elasticsearch@fcdc95d4a3
2016-10-17 12:20:19 -04:00
Luca Cavanna e53248edd1 [TEST] Fix typo in index name -index22->-index21
Original commit: elastic/x-pack-elasticsearch@f1c206d184
2016-10-17 17:18:20 +02:00
Jay Modi aa0e4d425f security: system user needs put mapping permissions to shrink indices
The system user gets used to put mappings for an index during recovery from local shards, which
is how the shrink index process works. The system user previously had this privilege in 2.x as
we did not have the ThreadContext and dynamic mapping updates would be done by the system user;
with the ThreadContext, these mapping updates are done by the actual user so this privilege
was removed from the SystemUser.

Closes elastic/elasticsearch#3766

Original commit: elastic/x-pack-elasticsearch@cd5d7bea53
2016-10-17 11:00:04 -04:00
javanna 0504f02026 inclusions and exclusions shouldn't be considered wildcard expressions
The security indices resolver checks through an assertion that shard level requests always have their wildcard expressions resolved. Index names that start with `-` or `+` though shouldn't be considered wild card expressions. Up to 6.x there can be indices with names starting with `-` or `+` and we have to take that into account.

Also moved from assertion to explicit exception so we can also test it better.

Original commit: elastic/x-pack-elasticsearch@a520bbf247
2016-10-17 16:45:47 +02:00
javanna 99d198c715 [TEST] remove leftover comment in createIndicesWithRandomAliases
Original commit: elastic/x-pack-elasticsearch@80546bae7f
2016-10-17 15:00:25 +02:00
javanna 667be843ce [TEST] modify aliases names in createIndicesWithRandomAliases
If we create index test1 and alias test1-alias, and tests configure access for test* for some users, this is going to cause problems when verifying exclusions like -test2, as the index itself gets excluded but the alias that points to it doesn't. That is expected behaviour, with this commit we modify the way aliases are named to use a prefix rather than a suffix (e.g. from test1-alias to alias-test1).

Changed also the way aliases creation is randomized.

Original commit: elastic/x-pack-elasticsearch@7f9877e858
2016-10-17 14:54:54 +02:00
javanna 3e5833e85c [TEST] random aliases were never created in createRandomIndicesWithAliases
missing `.get()` :)  the create index request was never sent. The indices were being automatically created when indexing a document into them.

Original commit: elastic/x-pack-elasticsearch@129d69c88e
2016-10-17 12:22:24 +02:00
Tanguy Leroux 21af0d5dc7 Fix OldMonitoringIndicesBackwardsCompatibilityIT (elastic/elasticsearch#3760)
The checkNodeStats method in this test checks for many fields in every documents of all bwc indices, but some fields like disk_threshold_enabled have been removed in 5.x. This commit changes the method so that it checks for the right fields in the right version.

closes elastic/elasticsearch#3672

Original commit: elastic/x-pack-elasticsearch@c95209cc3b
2016-10-14 18:30:05 +02:00
Jason Tedor 864cfb417a Remove artificial default processors limit
This commit responds to an API change in core migrating from
EsExecutors#boundedNumberOfProcessors to EsExecutors#numberOfProcessors.

Original commit: elastic/x-pack-elasticsearch@87d6fad971
2016-10-14 06:40:20 -04:00
javanna 71d2c25fcb Simplify AuthorizationService and extract loading of authorized indices to its own class
extracted loading of authorized indices and aliases to separate class (AuthorizedIndices) with reduced dependencies. Allows also to lazily load authorized indices the first time they are required, and reuse them if they are needed again later. Removes AuthzService dependency in indices resolver.

 Removed array of resolvers in authorization service as we support only one. Removed IndicesAndAliasesResolver interface and rename DefaultIndicesAndAliasesResolver to IndicesAndAliasesResolver.

Original commit: elastic/x-pack-elasticsearch@a267fefa07
2016-10-13 16:05:02 +02:00
javanna 06b5d42741 [TEST] consolidate different assertAuthorizationException methods in one place
Original commit: elastic/x-pack-elasticsearch@27de6db7e0
2016-10-13 16:05:02 +02:00
javanna 3dbea2f4c2 Simplify FieldAndDocumentLevelSecurityRequestInterceptor
FieldAndDocumentLevelSecurityRequestInterceptor really support intercepting only subclasses of IndicesRequests, we shouldn't have logic that is never used around intercepting CompositeIndicesRequest. Also we can guarantee at compile time, using generics, that only supported subclasses are intercepted through it, no need to verify that at runtime.

Original commit: elastic/x-pack-elasticsearch@6ab6e2d50e
2016-10-13 16:05:02 +02:00
javanna 4bb6e856f3 Authorize composite actions based on their action name only, subrequests and their indices will be later authorized individually
Eagerly authorizing CompositeIndicesRequests allowed the security plugin to fail fast up until now, but it makes it very hard to reason about each specific item in a multi items request. Either all items fail, or none do. We would rather want to adopt a similar behaviour to es core, where individual items fail without affecting other items that are part of the same request. We can rely on the fact that es core always authorizes both main action and every subaction too, and skip authorization for the main action. By subaction we mean either all sub search requests in msearch, as well as each shard level get in mget or shard level bulk request for bulk.

 BulkRequestInterceptor was converted to intercept BulkShardRequests rather than BulkRequest as that is where bulk is authorized after this change.

 Split IndicesAndAliasesResolverIntegrationTests into ReadActionsTests and WriteActionsTests as they require different set of permissions, lots of tests added.

Explicitly listing the composite actions makes sure that the actions that can bypass security are known, somebody adding a similar action must to add it to the list, so we know it doesn't happen by mistake. At this point the CompositeIndicesRequest can be used as a marker interface only (it is not really needed but can be used to verify that composite actions use a request that implements such interface).

Given that we don't authorize composite actions based on their indices anymore, but only their sub-requests which implement IndicesRequest, printing out the indices names in the audit log for requests like bulk and msearch is confusing. Removed support for that.

Authorize composite indices actions based on their name only, their indices will be authorized at the sub-request/shard level

Rather than simply granting bulk, mget, msearch etc. and relying on authorization at the sub-request/shard level, we check that the current user can at least execute the action. This justifies the grant line that gets written in the audit log, the action is potentially possible without looking at the indices. Each specific item will fail or succeed later and will yield its own specific audit log entry.

Original commit: elastic/x-pack-elasticsearch@4570caf019
2016-10-13 16:05:02 +02:00
javanna c6edec254a special case IndicesExistsRequest to make sure index not found is never thrown while resolving indices
Like es core does in TransportIndicesExistsAction, we should only consider expandWildcardsOpen and expandWildcardsClosed out of the indices options passed in with IndicesExistsRequest. ignore_unavailable and allow_no_indices should always be considered both true, to prevent the request from throwing exception as it is supposed to return true or false, no exceptions.

Original commit: elastic/x-pack-elasticsearch@daa274b3fd
2016-10-13 16:05:02 +02:00
javanna d27c4bee82 Support allowNoIndices option in security plugin
Supporting allowNoIndices means that the security plugin has a behaviour much more similar to vanilla es when dealing with wildcard expressions that match no indices, or empty clusters. The default for most request is to allow no indices, but security plugin could only disallow no indices all the time up until now.

The technical problem was that when anything gets resolved to an empty set of indices, we couldn't let that go through to es core, as that would become resolved to all indices by es core, which would be a security hole. We have now found a way though to replace an empty set of indices with something that es core will for sure resolve to no indices, so we can let the request through. We simply replace empty indices with '-*'.

Multi apis requests (e.g. _msearch) have yet to be fixed, as all their indices end up in the same bucket while they should each be authorized separately, so that every specific item can fail or be let through.

Original commit: elastic/x-pack-elasticsearch@0f67a0bfea
2016-10-13 16:05:02 +02:00
javanna 9b46b34bed Honour ignore_unavailable option when resolving indices
For all the requests that support multiple indices and wildcards, hence implementing IndicesRequest.Replaceable, we replace the wildcard expressions with the explicit names of the authorized indices they match. _all or empty indices is treated as a wildcard expression. We can also honour the ignore_unavailable option by going over all the explicit names and filter out the non authorized ones when ignore_unavailable is set to true. If ignore_unavailable is set to false, we leave everything as-is, which will cause an authorization exception to be thrown if only one of those explicit indices is not authorized for the current user.

This is the first step towards resolving elastic/elasticsearch#1250. The remaining issue is that in case we are left with no indices after stripping out the ones that the user is not authorized for, we throw an authorization exception rather than returning an empty response. That will require honouring the allow_no_indices option, which will also change the behaviour when a cluster is empty.

Relates to elastic/elasticsearch#1250

Original commit: elastic/x-pack-elasticsearch@e4ca940d05
2016-10-13 16:05:02 +02:00
Jay Modi 219c42d7ce update to use TimeValue in CacheBuilder
Original commit: elastic/x-pack-elasticsearch@7f5a59bd73
2016-10-13 09:27:51 -04:00
Areek Zillur 1a0802a157 Merge branch 'master' into cleanup/transport_bulk
Original commit: elastic/x-pack-elasticsearch@f0b88369f3
2016-10-12 13:12:16 -04:00
Jay Modi 68eb4d981e security: wildcards for superusers includes the security index
The superuser role is the only user assignable role that grants access to the .security index, but when
resolving wildcards the index was not getting resolved. The resolution of indices and aliases explicitly
excludes the .security index for users that are not the internal user without checking if the user has the
superuser role. This commit adds a check in for the superuser role.

Original commit: elastic/x-pack-elasticsearch@02ee0a8740
2016-10-12 11:42:02 -04:00
Jay Modi 6284db3a4d security: use correct time unit for role cache expire after write
The role cache was previously using the wrong time unit for its expire after write time; the
value passed to the cache was milliseconds instead of nanoseconds.

Original commit: elastic/x-pack-elasticsearch@65f7b08763
2016-10-12 08:04:49 -04:00
Tanguy Leroux 7ba55a4c99 Remove empty comments (elastic/elasticsearch#3731)
Original commit: elastic/x-pack-elasticsearch@a3e814bf34
2016-10-12 13:22:18 +02:00
Jay Modi 9a1d33d863 security: include anonymous roles when building the global permission
The anonymous role was being applied to other users for index access control but was not being applied
in terms of action level access control. This change makes the minimum required change to apply the
anonymous role for all users when anonymous is enabled. Additionally, some minor changes were made to the native roles store to not lookup roles before the service is started.

Closes elastic/elasticsearch#3711 

Original commit: elastic/x-pack-elasticsearch@a9398e178d
2016-10-12 06:52:24 -04:00
Yannick Welsch 4e00ab2f2b Remove test for transport handler that was removed in core (elastic/elasticsearch#3717)
Relates to elastic/elasticsearchelastic/elasticsearch#20836

Original commit: elastic/x-pack-elasticsearch@38f2d2e242
2016-10-12 09:08:02 +02:00
Alexander Reelsen 8b83cf067c Watcher: Ensure awesome painless exceptions are propagated to the user (elastic/elasticsearch#3707)
When adding a watch which has a painless component, the scriptexception
was wrapped into a deprecated exception which means, that the awesome
painless descriptions were lost. This wrapping has been removed.

Closes elastic/elasticsearch#3161

Original commit: elastic/x-pack-elasticsearch@1703fe4eb6
2016-10-12 08:14:06 +02:00
Areek Zillur 5d86c04441 Change bulk item requests from ActionRequest to DocumentWriteRequest
x-pack changes for elastisearchelastic/elasticsearch#20109

Original commit: elastic/x-pack-elasticsearch@8c12e1e102
2016-10-11 23:15:25 -04:00
Tanguy Leroux 2e7b7be25c Watcher: Re enable array compare test (elastic/elasticsearch#3708)
This test has been blacklisted and deactivated months ago. This commit reenables this test and moves it at the right place. It also change the test to use the Execute Watch API instead of being sleep based.

Original commit: elastic/x-pack-elasticsearch@e7a9689375
2016-10-11 10:25:40 +02:00
Alexander Reelsen fe00615965 Watcher: Moving test to new unified directory structure
Original commit: elastic/x-pack-elasticsearch@0cc22544a4
2016-10-10 11:25:30 +02:00
Nik Everett 769554460d Handle removing NodeServicesProvider
Original commit: elastic/x-pack-elasticsearch@b43637f2fb
2016-10-08 10:27:50 -04:00
jaymode f23e40b772 test: add bwc indices for 2.4.1
Original commit: elastic/x-pack-elasticsearch@19bec2111e
2016-10-07 14:21:48 -04:00
Nik Everett 1d2c6e5180 Handle new nullable ctor parmater
Original commit: elastic/x-pack-elasticsearch@d604dfe1d0
2016-10-07 10:40:35 -04:00
Simon Willnauer c226dfddc0 Filter out assertion transport interceptors in tests that expect an XPack request handler
in core we wrap request handlers with an asserting one to ensure we can serialize messages
with different versions. Yet, xpack uses the same functionality to add security aspects to
the network layer. These tests assert that the right handlers are in-place.

Original commit: elastic/x-pack-elasticsearch@e39c8995ae
2016-10-07 15:44:48 +02:00
Simon Willnauer 4c349a76fb just use hostname in tests since it's simplify forwarding
Original commit: elastic/x-pack-elasticsearch@b5cf3a4435
2016-10-07 11:58:59 +02:00
Simon Willnauer 2f70ae92b6 Cut over to MockTcpTransport since LocalTransport is remove in core (elastic/elasticsearch#3684)
This is a followup commit to elastic/elasticsearchelastic/elasticsearch#20695

Original commit: elastic/x-pack-elasticsearch@27cd454ba6
2016-10-07 11:28:05 +02:00
Colin Goodheart-Smithe f9aba3944e Changes to support the removal of the now callable in core (elastic/elasticsearch#3685)
Fixes to x-plugins code now that DateMathParser accepts a LongSupplier rather than a Callable to get the value of now

Relates to elastic/elasticsearchelastic/elasticsearch#20796

Original commit: elastic/x-pack-elasticsearch@99fc47a8a7
2016-10-07 10:26:42 +01:00
Simon Willnauer 31ed371ed0 Remove SearchContext#current and all it's threadlocals (elastic/elasticsearch#3677)
Followup PR for elastic/elasticsearchelastic/elasticsearch#20778

Original commit: elastic/x-pack-elasticsearch@1e3959545e
2016-10-06 19:52:34 +02:00
Igor Motov bb8c08f254 Explicitly specify analyzer scope
Related to elastic/elasticsearchelastic/elasticsearch#20197

Original commit: elastic/x-pack-elasticsearch@af9258a8a6
2016-10-06 09:11:28 -04:00
Jay Modi 6c587330fd security: use SSLParameters to set ciphers/protocols/client auth
This change moves to using SSLParameters as the configuration source for SSLEngine and SSLSocket
objects that are configured by the SSLService. Previously we used a mix of specific methods and
SSLParameters, which resulted in issues where ordering of calls is important. For example, if configuring
client authentication directly on the engine prior to setting the SSLParameters resulted in the client
authentication configuration being reset to the default.

Additionally, this change also sets use cipher suite order to true to ensure preferred ciphers will be used.

Original commit: elastic/x-pack-elasticsearch@8ddecdc20c
2016-10-06 07:19:28 -04:00
Colin Goodheart-Smithe 288f682fee elastic/elasticsearch#3667 Changes to DLS to support preventing requests that use scripts or now() from being cached
Changes to DLS to support preventing requests that use scripts or now() from being cached

Original commit: elastic/x-pack-elasticsearch@b69c2f5ca4
2016-10-06 10:24:59 +01:00
jaymode dd64ced206 test: wait for response before closing client
This change ensures we wait for a response before the async http client is closed. Otherwise we can
close the client during the connection to the remote endpoint or never even connect to the remote
endpoint.

Closes elastic/elasticsearch#3640

Original commit: elastic/x-pack-elasticsearch@54900b1b4a
2016-10-05 11:49:21 -04:00
Colin Goodheart-Smithe f2703f2d11 Changes to DLS to support elastic/elasticsearch#20750
This change fixes document level security to support the changes made in
elastic/elasticsearch#20750.

Original commit: elastic/x-pack-elasticsearch@d234be077d
2016-10-05 15:50:29 +01:00
Alexander Reelsen 5aacf3e205 Revert "Change Watcher thread pool to be scaling"
This reverts commit elastic/x-pack@943bd259f9.

See discussion in elastic/elasticsearch#3660

Original commit: elastic/x-pack-elasticsearch@35d236df59
2016-10-05 14:45:34 +02:00
jaymode a7e25cbaf9 test: ensure security index exists in tests expecting it to
This changes does two things in the tribe tests. The first is that when we split data up between
multiple clusters, we always force create the security index so that randomization does not cause
edge cases like the index not existing in the preferred cluster. The second is we look at the cluster
state of the nodes and ensure the tribe node sees the indices and has all primaries active.

Separate tests were also added to cover the scenario where the security index only exists in the non
preferred node.

Original commit: elastic/x-pack-elasticsearch@17b78ec837
2016-10-05 08:38:20 -04:00
Alexander Reelsen 53103e988f Watcher: Add proxy support to pagerduty action (elastic/elasticsearch#3542)
This is the last action that needs additional support for proxies.

You can set a proxy in the JSON like this:

```
"actions" : {
  "notify-pagerduty" : {
    "pagerduty" : {
      "description" : "Main system down, please check!",
      "proxy" : { "host" : "localhost", "port" : 8080 }
    }
  }
}
```

Closes elastic/elasticsearch#3372

Original commit: elastic/x-pack-elasticsearch@b99969fd6b
2016-10-05 10:10:02 +02:00
Alexander Reelsen 7ffebef2cd Watcher: Add proxy support to slack action (elastic/elasticsearch#3487)
You can set it like this in the JSON

"actions" : {
  "notify-slack" : {
    "slack" : {
      "account" : "integration-account",
      "proxy" : {
        "host" : "localhost",
        "port" : 8080
      },
      "message" : {
        ...
      }
    }
  }
}

Relates elastic/elasticsearch#3372

Original commit: elastic/x-pack-elasticsearch@de86233d4f
2016-10-05 09:07:09 +02:00
Jason Tedor 00cecac86e Change Watcher thread pool to be scaling
Watcher uses a custom thread pool. This is because executing watches can
be long-running tasks that often block on I/O and it is best to not
consume the core thread pools with these tasks. Today this thread pool
is fixed, and sized at five times the bounded number of cores (so 160 on
a 32-core box). It makes sense for there to possibly be so many threads,
again because these tasks can block on I/O and having excess capacity
lets unblocked watches execute. It's the fixed size that can cause
problem, all these threads are always consuming resources even when
there are no or not that many watches running. This commit changes this
thread pool to be a scaling thread pool.

Relates elastic/elasticsearch#3660

Original commit: elastic/x-pack-elasticsearch@3cafab6e83
2016-10-04 18:15:19 -04:00
Jason Tedor a0e1d44a44 Remove lenient URL parameter parsing
This commit adapts x-plugins for a change in core Elasticsearch that
removes lenient URL parameter parsing.

Relates elastic/elasticsearch#3641

Original commit: elastic/x-pack-elasticsearch@cc0687f32c
2016-10-04 12:46:54 -04:00
jaymode ddae0694c9 test: move SecurityTribeIT to right directory
Relates elastic/elasticsearch#3635

Original commit: elastic/x-pack-elasticsearch@b46ab0b63e
2016-10-04 09:22:21 -04:00
Luca Cavanna 91a68e9873 adapt to IndicesAliasesRequest not implementing CompositeIndicesRequest (elastic/elasticsearch#3645)
We need to special case IndicesAliasesRequest as it doesn't implement CompositeIndicesRequest anymore. Note that the similar loop for CompositeIndicesRequests's subrequests will soon go away

Relates to elastic/elasticsearch#3638

Original commit: elastic/x-pack-elasticsearch@50d119ff61
2016-10-04 10:39:31 +02:00
Ryan Ernst 36c7070217 Fix xpack api jar artifact naming
Original commit: elastic/x-pack-elasticsearch@bb7b0a6392
2016-10-03 19:25:44 -07:00
Ryan Ernst fa4d389c99 Fix artifact id for x-pack api jar
Original commit: elastic/x-pack-elasticsearch@26e47099a2
2016-10-03 16:38:25 -07:00
Ryan Ernst ee9dbac0c7 Update conditional version from alpha6 to beta1 in http exporter
Original commit: elastic/x-pack-elasticsearch@fdcef033b9
2016-10-03 09:37:12 -07:00
Ryan Ernst 947b3f26e6 Merge branch 'master' into reorg
Original commit: elastic/x-pack-elasticsearch@f279791e12
2016-10-03 08:36:39 -07:00
jaymode abc789c887 test: handle case where security index only exists in one tribe
Original commit: elastic/x-pack-elasticsearch@94f011387f
2016-10-03 11:27:15 -04:00
Jay Modi 52b7170121 security: native users and roles can be used on tribe nodes
This change allows native users and roles to be used on tribe nodes. The tribe node will actually
use the security index of one of the tribes, which must be specified with the `tribe.on_conflict`
setting. User and role modifications are not permitted when running on a tribe node.

Closes elastic/elasticsearch#3451

Original commit: elastic/x-pack-elasticsearch@2b762ca648
2016-10-03 10:12:30 -04:00
Ryan Ernst c309faec72 Merge branch 'master' into reorg
Original commit: elastic/x-pack-elasticsearch@24575f52a9
2016-10-01 09:49:14 +02:00
Ryan Ernst a51107769e Merge branch 'master' of github.com:elastic/x-plugins
Original commit: elastic/x-pack-elasticsearch@5ab54f94aa
2016-10-01 09:49:01 +02:00
Ryan Ernst 1fa0f835fe Build: Reorganize src roots
This change flattens the directory structure, both for the elasticsearch
specific directories, as well as within the elasticsearch x-pack plugin.

closes elastic/elasticsearch#2957

Original commit: elastic/x-pack-elasticsearch@45891a4632
2016-10-01 09:46:43 +02:00
Alexander Reelsen abe5f1dda9 Watcher: Ignore watch version when deleting a watch (elastic/elasticsearch#3630)
When deleting a watch the version was used as part of
the delete request. However a watch deletion means the
user really wants to get rid of it and not accidentally
run into a version exception because the watch was running in
between.

Original commit: elastic/x-pack-elasticsearch@e585f717f1
2016-09-30 15:45:05 +02:00
Ryan Ernst 1cca04924f Collapsed monitoring into xpack src
Original commit: elastic/x-pack-elasticsearch@9e523f2783
2016-09-29 12:25:57 +02:00
Ryan Ernst 98687d2884 Collapsed license code into xpack src
Original commit: elastic/x-pack-elasticsearch@42f7cb5a08
2016-09-29 12:22:19 +02:00
Ryan Ernst 1b55cc7c62 collapsed graph into xpack src
Original commit: elastic/x-pack-elasticsearch@de8085baed
2016-09-29 12:16:32 +02:00
Ryan Ernst 905237a56f Moved directories around
Original commit: elastic/x-pack-elasticsearch@2018bb5f9f
2016-09-29 12:03:14 +02:00
Ryan Ernst 09bcd8e5cd Merge pull request elastic/elasticsearch#3618 from rjernst/consolidate_dev_tools
Build: Conslidate dev-tools and x-dev-tools

Original commit: elastic/x-pack-elasticsearch@ff59116ea8
2016-09-29 11:29:10 +02:00
Ryan Ernst 0a3940103a Build: Conslidate dev-tools and x-dev-tools
In preparation for elastic/elasticsearch#2957, I found we have things both in the root level
dev-tools, as well as elasticsearch/x-dev-tools. Most of this stuff can
be removed as it had to do with the old manual release process. There
was also a signed license file checked in. I removed it here, we really
should not have licenses checked in IMO, and it is unclear what the
purpose of this license was for. The two remaining scripts were moved to
the root dev-tools.

Original commit: elastic/x-pack-elasticsearch@3e24ea2d56
2016-09-27 16:46:51 +02:00
Igor Motov aafc75ac51 Fix serialization issue in WatcherMetaData
Watcher meta data parser doesn't read the closing '}' which causes all following custom metadata to be ignored.

Similar to elastic/elasticsearch#1190

Original commit: elastic/x-pack-elasticsearch@d15b9ea466
2016-09-27 14:15:16 +02:00
Jay Modi d44ba28d27 security: always create the IPFilter in a node
When running as a node, we check the `xpack.security.transport.filter.enabled` setting to see
if we should create the IPFilter but this check is not really correct. The HTTP filter could be
enabled or a profile filter could be enabled so there are times when we may not be filtering connections
when we should. Additionally, since we do not bind the IPFilter to a null provider, Guice will try to create
one during startup to inject into the security transport. This results in an exception and startup fails.

This change always creates the IPFilter when running as a node. This IPFilter has its own settings and
logic to determine whether it should be filtering on a given network transport.

Closes elastic/elasticsearch#3592

Original commit: elastic/x-pack-elasticsearch@95c25651c4
2016-09-23 10:12:24 -04:00
Alexander Reelsen 7557168a0a Smoke tester: Adapt to new download structure (elastic/elasticsearch#3575)
This makes the smoke tester in x-pack work again after the work
on the unified release.

Original commit: elastic/x-pack-elasticsearch@4d4f1ec26c
2016-09-23 09:53:17 +02:00
Simon Willnauer 3c650e483b Followup from elastic/elasticsearchelastic/elasticsearch#20627 - Removal of AnalysisService
Original commit: elastic/x-pack-elasticsearch@75c14534a7
2016-09-23 08:54:44 +02:00
Tanguy Leroux 375bf95fb1 Remove duplicate methods in ByteSizeValue (elastic/elasticsearch#20560)
Some methods have been renamed in elastic/elasticsearchelastic/elasticsearch#20560. This commit change a .bytes() call to a .getBytes() call.

Original commit: elastic/x-pack-elasticsearch@4a0ff77361
2016-09-20 14:07:02 +02:00
Tanguy Leroux 1a7fbf9679 [Tests] Fix cat.templates to work when other templates exist
This commit fixes the cat.templates REST tests so that it works when other templates exist (like monitoring)

Original commit: elastic/x-pack-elasticsearch@2e27ad88b4
2016-09-20 12:05:21 +02:00
Ryan Ernst 803f20e267 Merge pull request elastic/elasticsearch#3534 from rjernst/license_prod_key
Build: Use licensing prod key when building release

Original commit: elastic/x-pack-elasticsearch@682c4eace5
2016-09-19 15:48:43 -07:00
Ryan Ernst 39160b5b22 Build: Use licensing prod key when building release
This change switches the build to use the licensing prod key when
building the xpack jar for release.

Original commit: elastic/x-pack-elasticsearch@54a21dae5b
2016-09-19 15:46:04 -07:00
Chris Earle a94c27d3de [Monitoring] Future-proof Monitoring Bulk API with "interval" param
This adds an "interval" placeholder parameter that is required to the Monitoring Bulk API, and adds it to the Kibana side of the plumbing.

Having this will allow us to add it to all incoming documents and start to report against it with the Insights, as well as to detect the _lack_ of incoming documents.

By adding it now, we can avoid having a non-BWC API change for Kibana in 5.1. We'll just pickup new data in our documents.

Original commit: elastic/x-pack-elasticsearch@5ba8aafe03
2016-09-19 18:21:09 -04:00
Simon Willnauer 2dde85ab33 Unguice Transport and friends (elastic/elasticsearch#3510)
This is a followup for elastic/elasticsearchelastic/elasticsearch#20526 removes the pluggability of
transport / http server transport via guice.

Original commit: elastic/x-pack-elasticsearch@5fb84949aa
2016-09-19 22:11:17 +02:00
Ryan Ernst 2a03af9849 Build: Remove x-pack client jar
The x-pack client jar and api jar are exactly the same: the entirety of
x-pack. Since we added the x-pack-transport jar, we no longer really
want the client jar as it is confusing. Additionally, it causes jar hell
when a test for an extension uses the transport client. This change
removes the client jar, and makes the x-pack transport client use the
api jar instead. This sounds odd at first, but since transport client is
going away eventually, it is a stopgap, and works.

closes elastic/elasticsearch#3309

Original commit: elastic/x-pack-elasticsearch@ee7a2c12c0
2016-09-19 11:42:27 -07:00
Alexander Reelsen 8c51b3b21a Docs/Release notes: Removed `force` parameter in delete watch API
Also updated the rest test descriptions

Original commit: elastic/x-pack-elasticsearch@890ba7703e
2016-09-19 11:49:10 +02:00
Alexander Reelsen 273a9fb46f Watcher: Fix possible chained input NPE for execution failures (elastic/elasticsearch#3490)
Due to untested code there was an NPE happening in production,
when a chained input execution failed, but the chained input
tried to access the resulting payload (which is never set on
failures). This payload now defaults to being empty.

This commit also drive-by fixes a broken logging statement, that
on the one side returned not the watch id, but a useless watch
toString() representation, and on the other hand only logs an error
message, but not a stack trace into the log, as this is what the
history is for.

Original commit: elastic/x-pack-elasticsearch@7dbe1afd90
2016-09-19 10:06:02 +02:00
Alexander Reelsen 5b265ea569 Watcher: Remove locking of watches for write operations elastic/elasticsearch#3481 (elastic/elasticsearch#3481)
Whenever a watch is updated (put, delete, set state), until now we
happened to reject those operations when a watch was executed at the
same time. However with long running reporting this might mean, that a
watch can never be changed, because it always gets executed.

* Removes the ability of write requests to obtain a lock at all (executing watches is still protected by a lock)
* Replaced the FairKeyedLock in watcher with the KeyedLock in Elasticsearch, which also takes a fair option, removed the FairKeyedLock
* Removed all the timeout parameters that are no longer needed, because there is no lock anymore
* Removed also the force parameter for watch deletion. Just do it[tm]
* Added a test that deleting a watch while it is being executed does not leave any leftovers

In case of a deletion of a watch during an execution, so that updating the status of the watch fails,
a warning is logged.

Closes elastic/elasticsearch#3417

Original commit: elastic/x-pack-elasticsearch@22fad1b797
2016-09-19 09:44:32 +02:00
jaymode e069c1f090 test: stop IndexAuditTrail before ESIntegTestCase#after runs
As part of the review of elastic/elasticsearch#3287, the stopping of the IndexAuditTrail was moved to the tearDown
method. This works sometimes but other times it fails because tearDown is run after
ESIntegTestCase#after, so the IndexAuditTrail is still running during the after checks which will
cause the test to fail since the shard lock cannot be obtained.

Closes elastic/elasticsearch#3520

Original commit: elastic/x-pack-elasticsearch@4cb52b15a2
2016-09-17 07:38:31 -04:00
Simon Willnauer 7be765d2a0 Ensure we have a consistent view on OperationMode in Watcher (elastic/elasticsearch#3507)
Today the operation mode can be set to default for a short amout of
time until it's reset to the actual mode this can cause weird sideeffects
for users if it's read concurrently. Also the test relies on a certain
happens before relationship that is not guaranteed since the operation
mode is set before the listerner is run. This change also rewrites the test
to not use busy waiting but wait for the actual listern to be executed.

Original commit: elastic/x-pack-elasticsearch@a2a42b89e5
2016-09-16 22:10:51 +02:00
Nik Everett c21a922778 Add backwards compatibility support to monitoring
1. We only support indexes created by Marvel 2.3+. All other indexes
are just ignored.
2. The tests don't assert a ton of interesting stuff because there
isn't a java API for Monitoring that we can just use. Instead we assert
that a few objects are there and look sane.
3. We don't migrate the contents of the data index. Instead we just
rely on Monitoring recreating it.

Original commit: elastic/x-pack-elasticsearch@86216c2d61
2016-09-16 13:20:02 -04:00
Jay Modi a6d55f26c6 security: simplify index audit trail stopping
The IndexAuditTrail had both a stop and close method that needed to be called in order
to stop the service. There was a race where we called either flush or close in a non
blocking fashion and then immediately closed the underlying client. This change makes
the stop method wait for up to 10 seconds when closing the bulk processor.

Closes elastic/elasticsearch#3279

Original commit: elastic/x-pack-elasticsearch@0d776bc91a
2016-09-16 10:31:27 -04:00
Simon Willnauer efeb9cefce Cut over SecurityServerTransportService to use the new Interceptor infrastructure (elastic/elasticsearch#3491)
TransportService is not pluggable anymore in core. Instead we now have a interceptor
infrastructure that allows to intercept send and receive calls on the transport layer.

Relates to elastic/elasticsearchelastic/elasticsearch#20505

Original commit: elastic/x-pack-elasticsearch@04194ecb09
2016-09-16 09:48:25 +02:00
Boaz Leskes 635b5a6800 fix import for ElectMasterService
it changed with https://github.com/elastic/elasticsearch/pull/20384

Original commit: elastic/x-pack-elasticsearch@c1e51de6a8
2016-09-15 23:45:24 +02:00
Alexander Reelsen efa2678691 Watcher: Add proxy support to hipchat action (elastic/elasticsearch#3475)
This adds proxy support to the hipchat action. Right now
neither hipchat nor slack nor pagerduty allow for this,
but if you dont need a proxy for internal http connections,
but you do for external, then this configuration cannot be done
without setting a proxy for those actions.

You can set it like this in the JSON

```
"actions" : {
  "notify-hipchat" : {
    "hipchat" : {
      "account" : "integration-account",
      "proxy" : {
        "host" : "localhost",
        "port" : 8080
      },
      "message" : {
        ...
      }
    }
  }
}

```

Relates elastic/elasticsearch#3372

Original commit: elastic/x-pack-elasticsearch@4e8447ce37
2016-09-15 11:24:04 +02:00
Yannick Welsch d35131ad52 Fix wrong logger usages (elastic/elasticsearch#3485)
Relates to elastic/elasticsearchelastic/elasticsearch#20490

Original commit: elastic/x-pack-elasticsearch@1ae7217b59
2016-09-15 10:48:06 +02:00
Jason Tedor b534bfec5a Complete Elasticsearch logger names
This commit modifies the loggers used within x-pack to adapt to the
change in core Elasticsearch where loggers are now named by the
fully-qualified class name.

Relates elastic/elasticsearch#3465

Original commit: elastic/x-pack-elasticsearch@4cac9ac62f
2016-09-13 22:47:10 -04:00
Chris Earle 6085c5aba9 [Monitoring UI] Cleanup Cluster Overview and Node Summary
This cleans up some of the reported stats to be a little clearer, including making the JVM Heap chart behave like Kibana's memory chart. This solves two problems: you can now determine the max heap size and you know what "x%" actually means relative to it.

Original commit: elastic/x-pack-elasticsearch@450f6fd546
2016-09-13 18:58:01 -04:00
Jason Tedor 6d4e4f5131 Fix failing logging audit tests
This commit fixes the logging audit tests which were broken due to an
upstream change in core Elasticsearch relating to the fact that prefixes
are no longer considered part of the log message, but are instead
implemented via markers.

Original commit: elastic/x-pack-elasticsearch@abd7ec23d8
2016-09-13 17:43:19 -04:00
Britta Weber 2c6d0b0cd2 Add option to deny access to fields (elastic/elasticsearch#2879)
To deny access to a fields users can name exceptions to field permissions with the following syntax:

"fields": {
     "grant": [list of field names patterns],
     "except": [list of patterns that are forbidden]
}

See doc for the rules for this.

This commit also reverts elastic/elasticsearch#2720

closes elastic/elasticsearch#2681



Original commit: elastic/x-pack-elasticsearch@d6537028ec
2016-09-13 16:38:58 +02:00
Martijn van Groningen 3b97936587 test: Remove WatcherBackwardsCompatibilityTests as it was specifically build for testing upgrade from 2.x to 5.x and to verify the scripts and template work/serialize as expected. On the master this is test is no longer relevant.
The OldWatcherIndicesBackwardsCompatibilityIT covers a major upgrade too.

Original commit: elastic/x-pack-elasticsearch@657881916b
2016-09-13 09:49:53 +00:00
Alexander Reelsen 67f7da18da Licensing: Parse start date in milliseconds as well
In order to behave like expiration date and and the issue date,
license parsing should be able to parse the start date in milliseconds
as well.

Relates elastic/elasticsearch#3385

Original commit: elastic/x-pack-elasticsearch@54c821192e
2016-09-13 09:57:29 +02:00
Simon Willnauer 3c619e8824 Follow up for elastic/elasticsearchelastic/elasticsearch#20423
Original commit: elastic/x-pack-elasticsearch@53c72d913a
2016-09-12 22:51:30 +02:00
jaymode 2358309f72 security: allow enabled and username fields in put user request body
The enabled and username fields are both now allowed in the request body for the put user
request. This makes it easier to perform a get and update a user without needing to edit more
of the request body than necessary.

Closes elastic/elasticsearch#3391

Original commit: elastic/x-pack-elasticsearch@ab763e843b
2016-09-12 16:14:57 -04:00
jaymode 5f4e6164e5 security: add a built-in role for reporting
This commit adds a built-in role that grants read and write privileges to the reporting
indices.

See elastic/elasticsearch#2374
Closes elastic/elasticsearch#3196

Original commit: elastic/x-pack-elasticsearch@c8c1b465f8
2016-09-12 16:04:08 -04:00
jaymode 7a321534ea security: allow the reserved realm to be disabled
This change allows the reserved realm to be disabled via a setting that is undocumented.

Closes elastic/elasticsearch#3399

Original commit: elastic/x-pack-elasticsearch@3c6c93d7eb
2016-09-12 14:13:47 -04:00
jaymode a119f7ccf1 update the HttpClient to allow for disabling hostname verification
The HttpClient used in xpack supports the new SSL configuration but did not properly obey
the hostname verification disabling that can be specified with these settings. This change
adds the functionality with a test.

Relates elastic/elasticsearch#3240
Relates elastic/elasticsearch#3164

Original commit: elastic/x-pack-elasticsearch@df8e12a5aa
2016-09-12 13:47:08 -04:00
jaymode 6d2fcbe688 security: fix typo is syskeygen script
Original commit: elastic/x-pack-elasticsearch@36abb4284a
2016-09-12 12:26:14 -04:00
Alexander Reelsen 0c3466180f Licensing: Add start date to licenses (elastic/elasticsearch#3385)
Start dates are a required feature for cloud. This functionality adds support
for specifying and enforcing a start date on licenses.

Behaviour: If the start date is > than now, the license will be rejected.

Due to another field in the license class, the version of the License class as well
as its serialization methods are adapted to this.

Closes elastic/elasticsearch#3370

Original commit: elastic/x-pack-elasticsearch@eb2a6f5be3
2016-09-12 17:53:33 +02:00
Nik Everett caf4bd2c82 Be careful when old index tests start nodes
We were starting nodes at weird times and then shutting them down again,
slowing down the tests and causing the watcher tests to fail because
watcher wasn't being shut down with its traditional kid gloves.

Original commit: elastic/x-pack-elasticsearch@2fd81b3eaf
2016-09-12 11:14:51 -04:00
Alexander Reelsen 2a6a9a10f7 Watcher: Improve http attachment history information (elastic/elasticsearch#3436)
When the HTTP attachment was not able to successfully retrieve the
data from and endpoint, there was no indication in the watch history
of what went wrong. Instead a logger was used, which is not useful
for the person running the watches.

This commit removes the logger statement and throws an exception,
so that the exception message can be stored in the watch history.

Source of this issue was a forum post:
https://discuss.elastic.co/t/sending-e-mail-with-generated-report-fails/60263/6

Original commit: elastic/x-pack-elasticsearch@acdaf7abef
2016-09-12 17:04:22 +02:00
Martijn van Groningen 5c8ece8583 test: mute test
Original commit: elastic/x-pack-elasticsearch@112f853bac
2016-09-10 15:10:41 +02:00
javanna 69c4c693f6 Merge branch 'enhancement/cleanup_parse_elements'
Original commit: elastic/x-pack-elasticsearch@0f86204352
2016-09-09 22:47:29 +02:00
Nik Everett 2aa0781971 Explicitly shut down watcher after tests
In our tests you have to explicitly shut down watcher rather than shut
down the node it is running on because of thread leak detection. Just
shutting down the node that it is running on will cause it to start up
on another node if there is another one running and then not properly
shut down. This is probably something that should be fixed in watcher
somehow but for now lets just be more careful with the tests.

Closes elastic/elasticsearch#2365
Closes elastic/elasticsearch#2588

Original commit: elastic/x-pack-elasticsearch@fb8a172972
2016-09-09 14:43:46 -04:00
javanna 5829d112d1 Move search ext section parsing to the coordinating node
Original commit: elastic/x-pack-elasticsearch@1ce38fcff9
2016-09-09 18:58:10 +02:00
Jason Tedor 592ca5ab7b Adjust to logger API changes in Elasticsearch
Previously core Elasticsearch had methods in a test class for removing
and adding appenders. However, these methods were moved to production
code. This commit adjusts x-plugins for this change.

Original commit: elastic/x-pack-elasticsearch@83e37ef65a
2016-09-09 09:15:53 -04:00
Martijn van Groningen b74f1e6cb2 watcher: Add limited capability to upgrade the source of a watcher upon startup.
This particular change focuses on upgrading the source of a watch when it comes to scripts that have no language specified explicitly.
The default language in version 5 changed to painless from whatever is specified in `script.default_lang` setting (this defaulted to groovy). In order to make sure that scripts in watcher remain to work we should rewrite the search source upon startup and set the legacy default language explicitly. The legacy script language is now controlled by `script.legacy.default_lang` setting and that defaults to groovy.

Changing the source upon startup should do the trick and only change the source of watches with scripts that don't have an explicit language set. For new watches the default language used in scripts is painless and because we now always serialize the language explicitly in scripts these watches won't be changed on startup.

 The upgrade logic added here tries to upgrade scripts in the following places in a watch:
 * script condition
 * script transform
 * any script defined inside of a search input

Original commit: elastic/x-pack-elasticsearch@4d578819eb
2016-09-09 14:26:24 +02:00
Britta Weber 4bf685cd31 [TEST] wait for pending tasks finished before testing cluster state collector
Original commit: elastic/x-pack-elasticsearch@d42c8c4bbe
2016-09-09 12:07:52 +02:00
Tanguy Leroux 6ca086b997 Fix line length in LoggingAuditTrailTests.java
Original commit: elastic/x-pack-elasticsearch@3f4185dce7
2016-09-09 10:50:43 +02:00
Colin Goodheart-Smithe 8b6d988cfb Security: Audit all HTTP requests
Adds a new audit event (authentication_success) which logs each request made to
the REST API along with the body of the request

Closes elastic/elasticsearch#912

Original commit: elastic/x-pack-elasticsearch@650b9d70c0
2016-09-09 09:28:27 +01:00
Simon Willnauer 923949ec67 Downgrade hard bwc break to a TODO for now
Original commit: elastic/x-pack-elasticsearch@73c2a6ee3e
2016-09-08 22:05:36 +02:00
Simon Willnauer 5c407cc526 Revert "Remove bwc layer for TimeUnit parsing"
This reverts commit elastic/x-pack@c6b2bd2c12.

Original commit: elastic/x-pack-elasticsearch@b4fbfb8afe
2016-09-08 22:03:46 +02:00
Jason Tedor 9baf88dfaa Handle node validation exception when starting
Node#start can now throw a checked NodeValidationException; this commit
adapts x-plugins for this new API.

Relates elastic/elasticsearch#3381

Original commit: elastic/x-pack-elasticsearch@660c5ab8c1
2016-09-08 10:56:54 -04:00
Simon Willnauer 20fce3280e Remove bwc layer for TimeUnit parsing
Original commit: elastic/x-pack-elasticsearch@79145f279b
2016-09-08 16:43:46 +02:00
Tanguy Leroux 97182fefb9 Clean up XContentBuilder in X-Pack
This commit cleans most of the methods of XContentBuilder so that:
    - Jackson's convenience methods are used instead of our custom ones (ie field(String,long) now uses Jackson's writeNumberField(String, long) instead of calling writeField(String) then writeNumber(long))
    - null checks are added for all field names and values
    - methods are grouped by type in the class source
    - methods have the same parameters names
    - duplicated methods like field(String, String...) and array(String, String...) are removed
    - varargs methods now have the "array" name to reflect that it builds arrays
    - unused methods like field(String,BigDecimal) are removed
    - all methods now follow the execution path: field(String,?) -> field(String) then value(?), and value(?) -> writeSomething() method. Methods to build arrays also follow the same execution path.

Original commit: elastic/x-pack-elasticsearch@d83f3aa6e2
2016-09-08 14:17:15 +02:00
jaymode 2257cc77f6 security: add reserved metadata to the ingest admin role
Closes elastic/elasticsearch#3376

Original commit: elastic/x-pack-elasticsearch@1909da2fb0
2016-09-07 19:19:02 -04:00
Alexander Reelsen 0f571685b9 Watcher: Fix proxy xcontent serialization (elastic/elasticsearch#3364)
Calling to xcontent in a HttpRequest, with a proxy enabled, lead to
serialization exceptions, resulting in failing to write the watch
history.

Closes elastic/elasticsearch#3334

Original commit: elastic/x-pack-elasticsearch@a04dff686c
2016-09-07 16:29:15 +02:00
Alexander Reelsen a296e31a7c Watcher: Ensure triggered watch is deleted on thread pool rejection (elastic/elasticsearch#3049)
This fixes a bug I found with a customer when he updated from 1.x to 2.x.
Due to an BWC incompatible change in the watch history mapping and a thread
pool rejection during execution a watch was not removed from the triggered
watches and tried to be executed again.

While trying to fix it it turned out that the execution of the failure
test case was still done in the transport thread and thus required some
offloading to another thread pool.

Original commit: elastic/x-pack-elasticsearch@df04ce31f2
2016-09-07 15:55:33 +02:00
Alexander Reelsen bb033f1e00 Watcher: Clear out WatchStore on watch index deletion (elastic/elasticsearch#2807)
If someone deletes the watch index (i.e. by deleting all indices), the watcher
in memory store still contains all the watches and tries to execute watches -
which results in exceptions as the watch itself cannot be updated anymore.

In order to minimize this problem (it cant be get rid of completely), we should
act accordingly if the watch index goes missing (either deleted or closed) and
clear out the memory representation of watches in the watchstore as well as trying
to finish all the current executions.

Closes elastic/elasticsearch#2794

Original commit: elastic/x-pack-elasticsearch@12d98cd566
2016-09-07 15:06:03 +02:00
javanna ad5606d1f7 [TEST] don't use null script lang in WatcherUtilsTests
same as elastic/x-pack@9e1e0988c1 but for testSerializeSearchRequest this time.

Original commit: elastic/x-pack-elasticsearch@aa7e3814b6
2016-09-06 23:00:56 +02:00
Nik Everett edb8c12f75 Always use mustache language
Using a null language just defaults to painless which is wrong for
watcher.

Original commit: elastic/x-pack-elasticsearch@48bdc31695
2016-09-06 15:45:23 -04:00
Nik Everett 05222b0d3f Deal with ConcreteShardRequest
It exists now and the intercepters have to deal with it.

Original commit: elastic/x-pack-elasticsearch@fdef0578ed
2016-09-06 15:42:06 -04:00
Martijn van Groningen 36486a7993 Changes for PR: https://github.com/elastic/elasticsearch/pull/20310
Original commit: elastic/x-pack-elasticsearch@9db3d05274
2016-09-06 18:44:41 +02:00
jaymode 7965608add security: make control of logfile audit output consistent with index output
This change moves the logfile audit output from determining what to log based on the
logger level to a enum based configuration that is used by the index output.

A few notable changes were made:

* We alway log all the information we have except for the request body
* The request body is no longer logged by default for REST events; the user needs to
explicitly opt in as there could be sensitive data in the body
* Added a `realm_authentication_failed` event that separates overall authentication
failure from that of an individual realm

Original commit: elastic/x-pack-elasticsearch@343a2bcdd9
2016-09-06 10:50:33 -04:00
Nik Everett 89ce4ebb08 Fix remaining fractional TimeValue issues with watcher
Removes the remaining spots where watcher makes fractional TimeValues.

Closes elastic/elasticsearch#3231

Original commit: elastic/x-pack-elasticsearch@22b0d37ed3
2016-09-06 09:53:22 -04:00
jaymode cd9add5350 test: remove unnecessary verify check
Original commit: elastic/x-pack-elasticsearch@f748c0a565
2016-09-06 08:36:04 -04:00
jaymode 1e6a924e74 security: add support for disabling users
This change adds support for disabling users. Users can be disabled by setting the enabled
property to false and the AuthenticationService will check to make sure that the user is enabled.
If the user is not enabled, this will be audited as an authentication failure.

Also as part of this work, the AnonymousUser was cleaned up to remove having a static instance
that caused issues with tests.

Finally, the poller of users was removed to simplify the code in the NativeUsersStore. In our other
realms we rely on the clear cache APIs and the timeout of the user cache. We should have the
same semantics for the native realm.

Closes elastic/elasticsearch#2172

Original commit: elastic/x-pack-elasticsearch@0820e40183
2016-09-06 07:41:48 -04:00
Chris Earle ec008ec4a9 Looong lines
Original commit: elastic/x-pack-elasticsearch@8c7931c179
2016-09-05 19:05:28 -04:00
Chris Earle 5d5a9afb57 [Monitoring] Use Low Level REST Client for HTTP Exporter
This rewrites the HTTP Exporter to use the REST client underneath. Functionality is improved in resource blocking (templates and pipelines existing) and the majority of the code fundamentall simplified by removing direct HTTP calls.

This is blocked by the SSLService pull request. After that is merged, the I will update this PR to reflect those changes and it could possibly allow us to remove the security privileges required for monitoring.

Original commit: elastic/x-pack-elasticsearch@1ad25f17f8
2016-09-05 15:16:03 -04:00
Alexander Reelsen 41334abda0 Watcher: Reenabling HipChatServiceTests
The authentication token stopped working, deleted it and created a new one
on the hipchat web site. Tests are working now again.

Closes elastic/elasticsearch#3162

Original commit: elastic/x-pack-elasticsearch@a0623af799
2016-09-05 12:27:14 +02:00
Martijn van Groningen 09c7f534b3 added jdocs and rename
Original commit: elastic/x-pack-elasticsearch@8a97b420c1
2016-09-03 11:01:47 +02:00
Nik Everett 3c33879018 Mark OldWatchIndices test AwaitsFix
Is freaking out in CI.

Original commit: elastic/x-pack-elasticsearch@3ab43467ed
2016-09-02 18:31:19 -04:00
Martijn van Groningen 565f50dbe5 Remove custom parsing and toXContent logic from TextTemplate and delegate to the Script as much as possible
Original commit: elastic/x-pack-elasticsearch@6d23549dc1
2016-09-02 23:36:07 +02:00
Nik Everett 203faaf4f4 2.x backwards compatibility support for watcher
Basic backwards compatibility support for watcher.

Closes elastic/elasticsearch#3230

Relates to elastic/elasticsearch#3231 - this actually should fix all the failures caused
by fractional time values but it does so by being able to parse them.
Being able to parse them is important for 2.x compatibility but 5.0
watches shouldn't produce fractional time values. This fixes the
particular way of making fractional time values mentioned in elastic/elasticsearch#3231
but I expect there are a half dozen more places to fix. The actual
watcher tests are fairly basic.

Original commit: elastic/x-pack-elasticsearch@328717455c
2016-09-02 09:24:46 -04:00
javanna 119bb67967 adapt to elastic/elasticsearch#20288: More info classes to implement Writeable rather than Streamable
Original commit: elastic/x-pack-elasticsearch@22cadf604d
2016-09-02 10:24:15 +02:00
Jack Conradson de4c776f0f Merge pull request elastic/elasticsearch#3272 from jdconrad/deprecate
Deprecate Groovy, Python, and Javascript

Original commit: elastic/x-pack-elasticsearch@e5c1d5a112
2016-09-01 16:30:25 -07:00
Chris Earle bb5ff7ab36 Fix test on Linux; setting name missing 'total.'
Original commit: elastic/x-pack-elasticsearch@de0183b3ef
2016-09-01 18:12:00 -04:00
Jack Conradson 670a57274a Merge branch 'master' into deprecate
Original commit: elastic/x-pack-elasticsearch@c9636bd3f1
2016-09-01 14:53:42 -07:00
Chris Earle 6d40cb63d0 [Monitoring] Collect IO Stats
This ensures that the data exists in 5.0.

Original commit: elastic/x-pack-elasticsearch@bc6e7931d1
2016-09-01 15:45:51 -04:00
Chris Earle b60e8aebd2 [Monitoring] Publish X-Pack Usage with Cluster Info
This publishes X-Pack usage data to the cluster info from the elected master node. This allows phone home to retrieve this data from the index, rather than fetching it live from the connected cluster (thereby not getting it from any n - 1 clusers that are not connceted).

Original commit: elastic/x-pack-elasticsearch@79bfaaaf0b
2016-09-01 15:38:54 -04:00
jaymode 2e010d52e9 security: do not allow built-in user/role names to be defined in the file realm
This change restricts built-in user/role names from passing validation when we are reading or modifying
the files used by this realm.

Closes elastic/elasticsearch#2078

Original commit: elastic/x-pack-elasticsearch@9f6b34f39d
2016-09-01 14:46:38 -04:00
jaymode 74f55bf46e security: add option to specify the certificate validity period
This commit adds the option to specify the number of days that a certificate is valid for.

Closes elastic/elasticsearch#2877

Original commit: elastic/x-pack-elasticsearch@fcf0a28321
2016-09-01 14:21:30 -04:00
jaymode 5d5bd015c0 add a PreBuiltXPackTransportClient
This change adds a transport client that comes preconfigured with the same plugins as the
PreBuiltTransportClient and also adds x-pack.

Closes elastic/elasticsearch#2970

Original commit: elastic/x-pack-elasticsearch@bb60534bd4
2016-09-01 13:49:10 -04:00
Jack Conradson 1d6d20679d Merge branch 'master' into deprecate
Original commit: elastic/x-pack-elasticsearch@afdfa26dc0
2016-09-01 08:52:34 -07:00
Chris Earle 6f115a532d [Monitoring] Remove "agent" package
This removes the "agent" package from org.elasticsearch.xpack.monitoring.agent.*, so that now everything is simply org.elasticsearch.xpack.monitoring.*.

Follow-on work will be refactoring some of the other code, but this is a first step now that it's always the agent (in effect).

Original commit: elastic/x-pack-elasticsearch@14025cb17c
2016-09-01 10:56:27 -04:00
jaymode ad9a7c9b96 Migrate xpack to use the common ssl configuration
This change migrates xpack (security, watcher, and monitoring) to use the common ssl
configuration for the elastic stack. As part of this work, several aspects of how we deal
with SSL has been modified.

From a functionality perspective, an xpack wide configuration for SSL was added and
all of the code that needs SSL uses the SSLService now. The following is a list of all
of the aspects of xpack that can have their own SSL configuration, which are separate
from the xpack wide configuration:

* Transport
* Transport profiles
* HTTP Transport
* Realms
* Monitoring Exporters
* HTTP Client

In terms of the code, some cleanups were made with these changes. SSLConfiguration is
now a concrete class and SSLConfiguration.Custom and SSLConfiguration.Global have been
removed. The validate method on key and trust configurations has been removed and these
classes will now throw exceptions when they are constructed with bad values. The
OptionalSettings helper class has been removed as it was just a file with one line functions
that made the code harder to understand. The SSL configuration and service classes have
been moved from the security source directories to the main xpack source set. The SSLService
now handles more of the configuration of the SSLEngine it returns to prevent callers from
having to handle those aspects. The settings that get registered for SSL have been moved to
XPackSettings.

Also included in this PR is a update to the docs around SSL. This includes a large simplification to
the documentation in that the certificate authority configuration section has been removed and the
process that is documented for generating certificates only includes the CLI tool that we bundle.

Closes elastic/elasticsearch#3104
Closes elastic/elasticsearch#2971
Closes elastic/elasticsearch#3164

Original commit: elastic/x-pack-elasticsearch@5bd9e5ef38
2016-09-01 10:51:41 -04:00
jaymode 54103127d0 fix line length
Original commit: elastic/x-pack-elasticsearch@caca0fc0b7
2016-09-01 09:37:05 -04:00
jaymode c5cde120b7 test: add 2.4.0 bwc index
Original commit: elastic/x-pack-elasticsearch@58bcf3abaf
2016-09-01 09:09:48 -04:00
jaymode 836e1d3a28 security: add a reserved role for the ingest feature in Kibana
Closes elastic/elasticsearch#1667

Original commit: elastic/x-pack-elasticsearch@da2f6d9c4e
2016-09-01 08:09:36 -04:00