Today we might get a rejection on a critical operation where `forceExecution=true` but
due to the fact that the forceExecution flag is not passed to the transport interceptor
interface we were not able to preserve this flag when forking off the request after authentication.
This causes serious issues if for instance a replication handler is rejected.
Closeselastic/elasticsearch#4704
Original commit: elastic/x-pack-elasticsearch@f0aad7dede
This commit adds a mechanism for defining known sensitive values in rest bodies so that
these can be filtered when auditing the request body.
Original commit: elastic/x-pack-elasticsearch@d138a6bff7
Since some of the rest handlers depend on components constructed
in `createComponents` we use `SetOnce` to save a reference to
the components at the class level and reuse the reference in
`initRestHandlers`. This does require that `initRestHandlers`
is called after `createComponents` but I think that is fairly
reasonable.
Original commit: elastic/x-pack-elasticsearch@4fd87ad911
Also removes unused method convertToObject from XContentUtils that does not close XContentParser either.
Original commit: elastic/x-pack-elasticsearch@99ce977c55
This PR removes all leniency in the conversion of Strings to booleans: "true" is converted to the boolean value true, "false" is converted to the boolean value false. Everything else raises an error.
Relates elastic/elasticsearchelastic/elasticsearch#22200
Original commit: elastic/x-pack-elasticsearch@a505df1f5d
This is related to elastic/elasticsearch#22116. In the tests there are multiple usages of
server implementations that `accept()` socket connections. To avoid
throwing `SecurityException` when using the `SecurityManager` these
operations must be privileged. Additionally, x-pack:elasticsearch
requires `accept` permission. This was added in the plugin-security
policy file.
Original commit: elastic/x-pack-elasticsearch@057e2abb1f
Now that /_bulk requests are handled on a shard level, the entire request isn't
rejected, instead, each individual request is rejected. This changes the assert
accordingly.
Relates to elastic/elasticsearch#4441
Original commit: elastic/x-pack-elasticsearch@7ca777b574
This commit returns a test annotation that is needed on
PreBuiltXPackTransportClientTests because the test derives from
RandomizedTest and not ESTestCase and its ilk.
Original commit: elastic/x-pack-elasticsearch@1badced090
This commit removes an unneeded dummy test from
PreBuiltXPackTransportClientTests. The dummy test was needed when the
sole test in the suite was skipped in some configuration. This test is
no longer skipped though so the dummy test can be removed.
Original commit: elastic/x-pack-elasticsearch@9cdfcc3be5
Instead of shoehorning everything into `isCompositeAction`, add a new
`isTranslatedToBulkAction` method.
Original commit: elastic/x-pack-elasticsearch@053faae505
This change ensure that the ThreadContext is always restored after an action has been invoked when
going through the SecurityActionFilter and authentication and authorization is enabled.
Original commit: elastic/x-pack-elasticsearch@5da70bd6fa
This removes the "skipped exporter" logging at the info level in favor of debug level. The LocalExporter has been updated so that non-elected master nodes will log a "waiting for elected master node..." message when they're ready, but are stuck waiting for the master node to setup indices.
Original commit: elastic/x-pack-elasticsearch@3f8b58bc37
Turns out that this test became flaky on dev machines with specific DNS setup.
This test uses an index action to provoke an error, thus there is no dependency
on anything network specific.
The reason it was uncovered now, was due to the change to the Apache HTTP client which is doing DNS lookups. This DNS lookup happened inadvertantly because of a bug in the test, which had a URI like http://http://127.0.0.1.... However having web request was not needed at all, so it was replaced.
Closeselastic/elasticsearch#4561
Original commit: elastic/x-pack-elasticsearch@158516b5e5
Simon Willnauer
Jay Modi
Nik Everett
Yannick Welsch
Alexander Reelsen
Boaz Leskes
Daniel Mitterdorfer
Ali Beyad
Daniel Mitterdorfer
Tim Brooks
Tanguy Leroux
Jason Tedor
Lee Hinman
Rashmi Kulkarni
Suyog Rao
javanna
Chris Earle