Commit Graph

2794 Commits

Author SHA1 Message Date
Tim Sullivan 5f70696773 Merge pull request elastic/elasticsearch#1408 from w33ble/fix/shield-pack
Fix to accommodate Packs

Original commit: elastic/x-pack-elasticsearch@16c342d8be
2016-02-01 14:10:24 -07:00
jaymode c3b6146a72 shield: clean up hack to force switching to the system user for internal action
This commit cleans up the hack we had forcefully switching the request to execute under the system
user when a internal action gets triggered from a system request. The authorization service now tracks
the originating request in the context to allow us to validate if the request should be run as the system
user.

The system user should be used only when a user action causes an internal action, which needs to
be run by the system user.

Closes elastic/elasticsearch#1403

Original commit: elastic/x-pack-elasticsearch@4972df459f
2016-02-01 14:07:15 -05:00
uboness c9d54c0c83 Cleanup and refactoring
- removed `/_shield/roles` and `/_shield/users` endpoints (only keeping the singular forms)
 - fixed `ClearRealmsCacheTests` to use the correct endpoint for clearing the realms cache
 - used action name constants where possible in `InternalShieldUser`

Original commit: elastic/x-pack-elasticsearch@d1481de389
2016-02-01 19:51:43 +01:00
Ryan Ernst 3893ad9c5f Merge branch 'master' into remove_multicast
Original commit: elastic/x-pack-elasticsearch@7d107e88fc
2016-02-01 07:26:21 -08:00
uboness 96b2930ac7 Cleanup and refactoring
- Moved all role action classes to live under `o.e.s.action.role`
 - Moved all realm related action classes (for now just the clear cache) to live under `o.e.s.action.realm`
 - Moved all user action classes to live under `o.e.s.action.user`
 - Moved all the rest actions to live under `o.e.s.rest.action`
 - Changed the `clear role cache` endpoint to `/_shield/role/{id}/_clear_cache` (aligned with all other role endpoints)
 - Changed `InternalShieldUserHolder` to the `InternalShieldUser` singleton user... to be aligned with `InternalMarvelUser` and `InternalWatcherUser`.
 - Removed the dedicated audit log user. The new `InternalShieldUser` is now the user that manages and writes to the audit log indices
 - Extracted the `User.System` class to a top level `InternalSystemUser` class (to be aligned with the other internal user classes)
 - Removed the `SystemRole` class (the `InternalSystemUser` class now holds all the needed info/logic)

Original commit: elastic/x-pack-elasticsearch@cf82b257d1
2016-02-01 13:08:38 +01:00
Alexander Reelsen c226590e77 Watcher tests: Fix imports resulting in checkstyle exceptions
Original commit: elastic/x-pack-elasticsearch@1e55ca7bf1
2016-02-01 11:14:30 +01:00
Simon Willnauer 2698441770 Fix test compilation failures
Original commit: elastic/x-pack-elasticsearch@5d166a63fa
2016-02-01 10:54:18 +01:00
Simon Willnauer 9c0ae6411c Fix test compilation failures
Original commit: elastic/x-pack-elasticsearch@303df9b9dd
2016-02-01 10:51:49 +01:00
Boaz Leskes d27b9b4b41 Migrate the rest of NettyTransport settings to the new infra
Also does some consistency clean up, renaming trasnport.netty.* settings to transport.*

Closes elastic/elasticsearch#1397

Relates to https://github.com/elastic/elasticsearch/pull/16307

Original commit: elastic/x-pack-elasticsearch@4a128ff68c
2016-02-01 10:41:16 +01:00
Alexander Reelsen 0fe7716459 HttpClient: Prevent NPE when no path is specified
Original commit: elastic/x-pack-elasticsearch@47f26a5850
2016-02-01 10:37:51 +01:00
Simon Willnauer 6287a1300a Catch IOExcption after core change
Original commit: elastic/x-pack-elasticsearch@1fa5a3dc82
2016-02-01 10:27:33 +01:00
Alexander Reelsen 4a686f04cf Watcher: Do not encode URLs in HttpClient
When using a path like `"/<logstash-{now%2Fd}>/_search"` in the
http webhook. The already escaped slash (%2F) got escaped twice
and thus did not work any more.

The escaping happened when the code created an URI and was done
as part of that constructor. This is now switched to an URL (which
is used at the end anyway) which does not do the escaping, even though
this was required for the query string, which is now done when constructing.

Closes elastic/elasticsearch#1364

Original commit: elastic/x-pack-elasticsearch@861b6d2378
2016-02-01 09:19:07 +01:00
Ryan Ernst 131fd679b9 Remove multicast references
Xplugins side of elastic/elasticsearch#16326

Original commit: elastic/x-pack-elasticsearch@10d3ec2ebb
2016-01-31 17:44:18 -08:00
Jason Tedor e13a5e695a Uppercase ells ('L') in long literals
This commit removes all lowercase ells ('l') in long literals because
they are often hard to distinguish from the digit representing one
('1').

Closes elastic/elasticsearch#1414

Original commit: elastic/x-pack-elasticsearch@98b38705fb
2016-01-30 22:18:02 -05:00
Lukas Olson 9f886665fa Merge pull request elastic/elasticsearch#1371 from lukasolson/kibana-shield-users
Kibana/Shield: Implement Kibana server user APIs

Original commit: elastic/x-pack-elasticsearch@b71d615570
2016-01-29 14:31:09 -07:00
Tanguy Leroux 970c95b6a8 Marvel: various tests fixes
Two regressions have been introduced in elastic/x-pack@156d9e4d5b: marvel index templates should not be deleted between tests and checking for marvel indices existence should not fail with IndexNotFoundException when the indices are not yet created and Shield enabled.

closes elastic/elasticsearch#1396 elastic/elasticsearch#1394 elastic/elasticsearch#1382

In MultiNodesStatsTests.java, multiple nodes are started in async: the first node may collect marvel data multiple times when the last one just started. So we should not check for exact 1 doc per node but at least 1 doc per node.

closes elastic/elasticsearch#1370

In HttpExporterTemplateTests.java, we must compare a long count with a long value.

Original commit: elastic/x-pack-elasticsearch@732fef995a
2016-01-29 17:25:07 +01:00
Alexander Reelsen 4e1d44110b Marvel: Fix compilation issues in tests
Original commit: elastic/x-pack-elasticsearch@9ffc4c501b
2016-01-29 15:15:25 +01:00
Alexander Reelsen 7147354525 Marvel: Fix compilation problem
Original commit: elastic/x-pack-elasticsearch@4db33fc6ab
2016-01-29 15:12:18 +01:00
Alexander Reelsen 8635d264ae Shield: Give native stores possibility to exit poller loop
Similar to the lifecycle services, stopping the shield lifecycle should
also ensure that the poller threads are stopped, which is tricky, in case
they run through huge user/role lists.

Original commit: elastic/x-pack-elasticsearch@7a48f19853
2016-01-29 10:16:15 +01:00
Lee Hinman 7331f8b179 Merge remote-tracking branch 'dakrone/document-shield-apis'
Original commit: elastic/x-pack-elasticsearch@321b5bfc80
2016-01-28 15:59:12 -07:00
Ali Beyad e2feb61297 IndexStatsTests.testIndexStats awaits a fix on elastic/elasticsearch#1396
Original commit: elastic/x-pack-elasticsearch@0db738f324
2016-01-28 17:32:53 -05:00
jaymode 4b6ac7ceb8 shield: restore non-empty original contexts
Restoring empty contexts causes issues with searches, but failure to restore the
original context when executing index requests that auto-create results in a
the index operation being tried by the system user.

See elastic/elasticsearch#1380

Original commit: elastic/x-pack-elasticsearch@522f857de7
2016-01-28 14:07:59 -05:00
jaymode 1b4bac8203 shield: only restore the original if we forcefully replaced it
Original commit: elastic/x-pack-elasticsearch@347a4dba3f
2016-01-28 12:50:46 -05:00
Tanguy Leroux 19545596cf Marvel: Fix NodeStatsRendererTests and NodeStatsTests on Windows
Load average is not available anymore on Windows, the tests should not check the presence of the field. Also, "node_stats.json" file is hard to maintain and quite useless so this commit removes it.

Original commit: elastic/x-pack-elasticsearch@74d2e0dce6
2016-01-28 16:59:05 +01:00
jaymode 75894e6b38 shield: also restore original context to transport handlers
See elastic/elasticsearch#1380

Original commit: elastic/x-pack-elasticsearch@afbd964f18
2016-01-28 10:54:45 -05:00
jaymode 9c080681d8 shield: restore the original context when the listener is called
Also, restores running the watcher tests.

See elastic/elasticsearch#1380

Original commit: elastic/x-pack-elasticsearch@0e0c748c04
2016-01-28 09:48:26 -05:00
Boaz Leskes 0b73e3ef33 Update to incorporate changes made in Netty settings in elasticsearch elastic/elasticsearch#16200
Original commit: elastic/x-pack-elasticsearch@0e54a24519
2016-01-28 15:24:59 +01:00
Boaz Leskes dfb9068e33 Update Index usage to elasticsearchelastic/elasticsearch#16217
elasticsearchelastic/elasticsearch#16217 changed the Index class to also include index UUIDs . This commit adapts the code for it.

Closes elastic/elasticsearch#1377

Original commit: elastic/x-pack-elasticsearch@87c909c15a
2016-01-28 08:38:44 +01:00
jaymode 4012b4c7c6 test: mute watcher tests for now until. See elastic/elasticsearch#1380
Original commit: elastic/x-pack-elasticsearch@f8d9053ef6
2016-01-27 18:14:11 -05:00
jaymode 634b3edf4e only set the client instance once in the proxy
Original commit: elastic/x-pack-elasticsearch@55eb6288db
2016-01-27 14:24:41 -05:00
jaymode 7645698070 go back to setting the shield user header
Original commit: elastic/x-pack-elasticsearch@0921bd27a9
2016-01-27 13:48:51 -05:00
jaymode dcf9074c4f fix compile after change to Client settings in core
Original commit: elastic/x-pack-elasticsearch@ab069484a6
2016-01-27 12:33:35 -05:00
Jay Modi d587ace5f1 Merge pull request elastic/elasticsearch#1374 from jaymode/request_context
replace ContextAndHeaders with ThreadContext

Original commit: elastic/x-pack-elasticsearch@469ab3f5a1
2016-01-27 11:30:00 -05:00
jaymode ee7a109827 add comments about client wrapping and add ClientWithUser
Original commit: elastic/x-pack-elasticsearch@472c6dbd80
2016-01-27 10:16:14 -05:00
jaymode ed7c4273c3 test: remove check in ClearRolesCacheTests that is prone to failure
This removes a check in the ClearRolesCacheTests that is prone to failure due to the
possibility of the cache poller running while we modify documents and updating cached
values prior to the test issuing the get roles call.

See elastic/elasticsearch#1354

Original commit: elastic/x-pack-elasticsearch@ba0b803466
2016-01-27 09:25:59 -05:00
jaymode e82c969959 migrate from ContextAndHeaders to ThreadContext
This change migrates all of the xpack code to use the new ThreadContext when
dealing with headers and context data. For the most part this is a simple
cutover, but there are some things that required special casing. The internal
actions that executed by a user's requests need to forcefully drop the context
and set the system user. The workaround for this will be improved in a followup.
Additionally, the RequestContext still lives on due to the OptOutQueryCache,
which requires some core changes to fix this issue.

Original commit: elastic/x-pack-elasticsearch@87d2966d93
2016-01-27 08:02:01 -05:00
Jason Tedor d02ddece8f Merge pull request elastic/elasticsearch#1375 from jasontedor/script-settings
Script settings

Original commit: elastic/x-pack-elasticsearch@a2f4da6784
2016-01-27 06:54:24 -05:00
Simon Willnauer 6c290d22c1 Fix renamed constant
Original commit: elastic/x-pack-elasticsearch@709cd849b2
2016-01-27 11:55:15 +01:00
Adrien Grand 11125797bc Fix mapping definitions.
Original commit: elastic/x-pack-elasticsearch@609f12602e
2016-01-27 09:26:05 +01:00
Jason Tedor 8eb97c5509 Script settings
This commit is the x-plugins side of the refactoring of script settings.

Relates elastic/elasticsearchelastic/elasticsearch#16197

Original commit: elastic/x-pack-elasticsearch@4c429933b9
2016-01-26 21:13:29 -05:00
Areek Zillur 4586ca2e06 [TEST] ensure later license issue date
Original commit: elastic/x-pack-elasticsearch@fcedb7ae18
2016-01-26 15:49:01 -05:00
Jason Tedor 19c87bd143 Add Groovy closure Watcher test
This commit adds an integration test for Watcher that tests Groovy
closures.

Closes elastic/elasticsearch#1362, relates elastic/elasticsearchelastic/elasticsearch#16196

Original commit: elastic/x-pack-elasticsearch@1a6b1a3e07
2016-01-26 13:04:36 -05:00
Lukas Olson f8dd419c5a Merge branch 'master' into kibana-shield-users
Original commit: elastic/x-pack-elasticsearch@1a499920e8
2016-01-26 10:53:41 -07:00
jaymode 3fdf9ad390 test: use the correct stop watcher url
Original commit: elastic/x-pack-elasticsearch@6fa81079bb
2016-01-26 10:22:33 -05:00
Martijn van Groningen 39a56202cf test: added ingest actions
Original commit: elastic/x-pack-elasticsearch@102751aa5f
2016-01-26 14:20:29 +01:00
Lukas Olson b67af868b3 Merge branch 'master' into kibana-shield-users
Original commit: elastic/x-pack-elasticsearch@546084173a
2016-01-25 16:38:29 -07:00
Lukas Olson 6f20017dec Merge pull request elastic/elasticsearch#1365 from lukasolson/kibana-shield-webpackShims
Kibana/Shield: Add webpackShims folder so gulp tasks run successfully

Original commit: elastic/x-pack-elasticsearch@715e075ad7
2016-01-25 15:10:38 -07:00
jaymode 8d67195ffc test: add additional logging to debug ClearRolesCacheTests CI failures
See elastic/elasticsearch#1354

Original commit: elastic/x-pack-elasticsearch@a7cbf5e08c
2016-01-25 14:38:17 -05:00
uboness 978996e088 cleanup shield's `Privilege` and `Permission` constructs
- broke down these classes to multiple top level classes
- also `Role` is not a top level class

Original commit: elastic/x-pack-elasticsearch@8900f869e1
2016-01-25 12:54:04 +01:00
Lukas Olson fca35a501d Merge branch 'master' into kibana-shield-users
Original commit: elastic/x-pack-elasticsearch@7009e3ecd9
2016-01-22 15:59:03 -07:00