When we receive a message and cannot decode the signed user header, we should audit
this as a tampered request. The request may not be tampered if nodes are configured
differently in terms of system keys, but this at least provides some evidence of the bad
request on the nodes that receives it.
Closeselastic/elasticsearch#647
Original commit: elastic/x-pack-elasticsearch@2f3411d9f9
This extracts an interface for methods that a caching realm must implement. The idea for this
interface is to allow for custom realms to integrate easily with the clear cache api. With this change
a custom realm can implement this API and the clear cache action can call the evict or evictAll
methods on the realm.
Closeselastic/elasticsearch#544
Original commit: elastic/x-pack-elasticsearch@62b0029689
This commit removes all uses of com.google.common.primitives.Ints
across the codebase.
Relates elastic/elasticsearchelastic/elasticsearch#13224
Original commit: elastic/x-pack-elasticsearch@9500282387
This commit keeps the behavior the same and does not exclude the index audit trail template from
being wiped, that will be done in a future commit.
Original commit: elastic/x-pack-elasticsearch@1ac9e22923
This commit removes all uses of com.google.common.base.Joiner across
the codebase.
Relates elastic/elasticsearchelastic/elasticsearch#13224
Original commit: elastic/x-pack-elasticsearch@f69b2addca
The IndexAuditTrail was checking the logger level of the class before adding the request
class to the message, which was an error. The logger level should not control anything
about the IndexAuditTrail.
Closeselastic/elasticsearch#546
Original commit: elastic/x-pack-elasticsearch@35ee8ab453
In 2.0, plugins cannot specify mandatory settings, they can only specify a default additional
set of settings. For tribe nodes, we require shield to be enabled and be a mandatory plugin.
If the settings specified by the user conflict with this, we now throw an exception and fail
startup.
Closeselastic/elasticsearch#426
Original commit: elastic/x-pack-elasticsearch@db4d6d7923
This commit removes all uses of com.google.common.collect.Iterables
across the codebase.
Relates elastic/elasticsearchelastic/elasticsearch#13224
Original commit: elastic/x-pack-elasticsearch@ca517de412
This adds the release notes to the documentation for Shield. Note, two new features do not
have links as the documentation for these are still pending.
Original commit: elastic/x-pack-elasticsearch@e66df5cf14
The SSL randomization can cause issues when running this test multiple times to look for an issue
since the suite cluster may have a different SSL value than the remote cluster during subsequent
runs.
Closeselastic/elasticsearch#607
Original commit: elastic/x-pack-elasticsearch@8ba3140c52
This commit cuts over to StandardCharset vs. guavas Charsets, removes
obsolete uses of Collections2 / Function and replaces all LoadingCaches
with simple CHM#loadIfAbsent
Original commit: elastic/x-pack-elasticsearch@7d1d607e9e
The IndexAuditTrail was not setting the appropriate user header on requests to see if the index exists and
the mapping is updated. This did not fail in tests because we set shield.user, but fails during a normal
installation.
Closeselastic/elasticsearch#626
Original commit: elastic/x-pack-elasticsearch@3771612b20
Remove use of com.google.common.collect.Sets.
This commit removes all uses of com.google.common.collect.Sets. This is
one of many steps in the eventual removal of Guava as a dependency.
Relates elastic/elasticsearchelastic/elasticsearch#13224
Original commit: elastic/x-pack-elasticsearch@5276ed9723
This commit removes all uses of com.google.common.collect.Maps. This is
one of many steps in the eventual removal of Guava as a dependency.
Relates elastic/elasticsearchelastic/elasticsearch#13224
Original commit: elastic/x-pack-elasticsearch@3708fc0c60
I fixed a couple more warnings and added suppressions, so that when
elastic/elasticsearchelastic/elasticsearch#13410 lands, x-plugins will not break.
Original commit: elastic/x-pack-elasticsearch@8a19b2b71b
Today, if the roles.yml file does not exist the roles that are defined programmatically are not
available. This is incorrect because the reserved roles should always be available and not depend
on the parsing of the file. This change ensures that the reserved roles are made available even
when the roles.yml file is missing.
Closeselastic/elasticsearch#602
Original commit: elastic/x-pack-elasticsearch@ee2fd2ddbf
This change removes the override of finalize in SecuredString to resolve a issue where
the char[] can be cleared by the call in the finalize method but the char array is still being used.
The specific issue that occurs is in the BCrypt usage of the SecuredString. A character is concatenated
and then the utf8Bytes method is called. In most cases, the proper bytes are returned but occasionally
the byte array is returned with only zeroes. This occurs under load and/or memory pressure and can be
provoked by running BCryptTests with a small heap (12 - 16 megabytes) and the SecuredString
implementation with the overridden finalize method.
Closeselastic/elasticsearch#589
Original commit: elastic/x-pack-elasticsearch@fb6430ea9d
