Commit Graph

501 Commits

Author SHA1 Message Date
Brian Murphy bc78dd36c9 Add and shade dependency on com.google.guava
This is needed for owasp to load the Sanitizers class at runtime.

Original commit: elastic/x-pack-elasticsearch@4ed5776509
2015-05-03 20:53:16 -04:00
Brian Murphy 0a545cb358 Change actual default of ignore_condition to false
Change default of ignore_codition to match docs as `false`.
Add test to verify defaults.

Fixes elastic/elasticsearch#348

Original commit: elastic/x-pack-elasticsearch@d740286a26
2015-05-03 19:33:04 -04:00
Brian Murphy 9bbaaa7588 [TEST] Mark HistoryTemplateTimeMappingsTests.testTimeFields awaitsfix.
Original commit: elastic/x-pack-elasticsearch@a9b59e23de
2015-05-03 13:30:59 -04:00
Brian Murphy 73e64292b0 [TEST] Add refresh to make sure watch record is in the index before checking the mappings.
Original commit: elastic/x-pack-elasticsearch@bd9b266af1
2015-05-03 12:53:14 -04:00
Brian Murphy 1d052e545d [TEST] Add logging to see why test is failing.
Log the metadata we get back to see why this test is failing on jenkins.

Original commit: elastic/x-pack-elasticsearch@7e2e4a5856
2015-05-03 12:36:23 -04:00
uboness dc6235a90a Updated watch_history template to better support aggregations
- added dynamic_templates to the index template that make sure not to analyze email addresses and http `path` and `host` under the `watch_execution` object. This will enabled building aggregations over these fields. Also make sure that different time fields in thw `watch_record` are mapped as date types.
- While at it changed the `watch_execution.input_result` mapping such that it's enabled and only disabled `watch_execution.input_result.payload` as different payloads from different sources may conflict with one another in terms of mappings
- Fixed a bug in the `EmailTemplate` building of the `reply_to` field.

- Also, added missing `execution_time` to the `watch_record` (under `watch_execution` object).

Closes elastic/elasticsearch#335

Original commit: elastic/x-pack-elasticsearch@dd28c70bca
2015-05-03 17:53:06 +03:00
Brian Murphy 7d8dc38c29 Change `meta` to metadata in the code.
The meta data field was known and `metadata` in the docs but the parsing logic expected `meta`.
This change unifies everything to use `metadata`. Also clean up Watch parsing to fail in a more consistent way when unknown fields are encountered.

Fixes elastic/elasticsearch#329

Original commit: elastic/x-pack-elasticsearch@a9013127d8
2015-05-03 07:44:35 -04:00
Brian Murphy 0d6fb1081a Hijack document APIs for .watches index
This change hijacks the document APIs for the .watches index and prevents direct access to these APIs via REST.
This hijacking is controlled by the "watcher.index.rest.direct_access" setting, this setting defaults to false which restricts access to the index. To allow direct access to the .watches index from the REST API set this setting to `true`
Copied json files from core es to test this feature and added comments to the json files indicating why they have been copied from es core.

Fixes elastic/elasticsearch#336

Original commit: elastic/x-pack-elasticsearch@22335750bd
2015-05-02 10:55:24 -04:00
Honza Král 86f0ea8d5a [API] don't include global parameter pretty
Original commit: elastic/x-pack-elasticsearch@15bc843bb1
2015-05-02 15:51:41 +02:00
Martijn van Groningen 299527c46a Serialize `input` field too.
Also added assertions to verify if all watch record not null field are expected to be there at parse time.

Original commit: elastic/x-pack-elasticsearch@42052ae02c
2015-05-02 11:31:52 +02:00
Martijn van Groningen 3b652d1772 test: fix failing tests
Original commit: elastic/x-pack-elasticsearch@3c35a828a4
2015-05-02 02:22:37 +02:00
Martijn van Groningen 31f039d1bd Make sure we skip over watches and watch records that are malformed during the Watcher starting phase.
Original commit: elastic/x-pack-elasticsearch@8bc37cdcc3
2015-05-02 01:45:21 +02:00
uboness c8a986cab7 Added a timeout to all watch write operations
The problem we have today is that since all write operations on a watch are blocked on the watch lock, if a watch is executing for a long time (for whatever reason) the action will simply block and by that hold a `management` thread for potentially a long time. This impacts elasticsearch as a whole - if for example there's an infinite loop in the condition script, then you try to delete/ack/update the watch 5 times (the default size of the management thread pool in elasticsearch is 5). You effectively block all management threads in elasticsearch and from that moment on, the only thing left to do is kill the node.

This commit introduces a timeout for the tree write watch actions - `put`, `ack` and `delete`. It is set to 10 seconds by default, but you can customize it both in java and in the rest API using the standard `master_timeout` query parameter.

Updated the relevant docs.

Fixes elastic/elasticsearch#309

Original commit: elastic/x-pack-elasticsearch@03292db37b
2015-05-01 19:02:29 +03:00
Brian Murphy b57e887095 Disallow the use of SCAN search type
This change disallows the SCAN search type in our search requests used by search input and search transform.
Add tests for this and update the current tests to both detect SCAN and not use SCAN in valid tests.

Original commit: elastic/x-pack-elasticsearch@c9d61930c8
2015-05-01 11:12:37 -04:00
Brian Murphy 56e422b9e8 Unify SearchRequest construction between SearchTransform and SearchInput.
This is a step between the old and elastic/elasticsearch#184 this change unifies the logic that generates the search requests from prototype for SearchTransforms and SearchInputs.
This change also adds the `executed_request` field to the `SearchTransform.Result` that was missing.
Add tests for SearchTransform.Result parsing and all different templating options for SearchTransform along with testing handling of search_type in SearchTransform which was being missed previously.

Fixes elastic/elasticsearch#311

Original commit: elastic/x-pack-elasticsearch@26e68576f5
2015-05-01 10:25:10 -04:00
Martijn van Groningen 118389bc06 shield: The rest layer can never use the Guice injected WatcherClient, but must always use the provided WatcherClient instance from the WatcherRestHandler base class.
Closes elastic/elasticsearch#316
Closes elastic/elasticsearch#317

Original commit: elastic/x-pack-elasticsearch@82df644895
2015-05-01 15:42:02 +02:00
Martijn van Groningen f66fc7575d test: moved all tests over to use source builders.
Original commit: elastic/x-pack-elasticsearch@e13e5b8b43
2015-05-01 11:54:56 +02:00
Brian Murphy 9df97fe845 Report the actual interval that was sent if less than 1000ms.
This change reports the actual interval that was used instead of just reporting the ms of the interval if the interval was less than 1000ms.

Fixes elastic/elasticsearch#301

Original commit: elastic/x-pack-elasticsearch@d625c952fe
2015-04-30 19:03:36 -04:00
Brian Murphy d0d646aa4c Remove default of 5m refresh on .watches and .watch_history* indices.
This default is far too high for normal use. It makes it very hard to build on top of watcher using the search APIs.

Fixes elastic/elasticsearch#279

Original commit: elastic/x-pack-elasticsearch@4e22d5c19e
2015-04-30 19:01:04 -04:00
Brian Murphy dad012fc2c Disable indexing of the WatchRecord.watch_exection.input_result
This input_result may contain different types for the same field names. This will cause mapping failures when we try to write the updated watch record.
This change disables this field and adds a test in the `ManualExecutionTests` to test this case.

Fixes elastic/elasticsearch#307

Original commit: elastic/x-pack-elasticsearch@5340761343
2015-04-30 18:05:16 -04:00
Brian Murphy 1819dc97f4 Throw exception when trying to use the default account but no accounts are configured.
This change throws an exception to let the user know that they are trying to send an email using the default account
but no accounts have been configured.

Fixes elastic/elasticsearch#303

Original commit: elastic/x-pack-elasticsearch@3e68bddf24
2015-04-30 16:45:36 -04:00
Brian Murphy ba3037f5fe When parsing a http request port is a required field.
The parser for http request had a bug and was accepting requests that did not specify a port.
This changes this.

Fixes elastic/elasticsearch#299

Original commit: elastic/x-pack-elasticsearch@e0eafe3787
2015-04-30 12:23:03 -04:00
uboness 67d2a39f2c [fix] fixed shield integration
- updated Shield version to 1.2.1 (final)
- Not all requests sent via the client proxy where set with the `__watcher_user`

Fixes elastic/elasticsearch#283

Original commit: elastic/x-pack-elasticsearch@3a36bd4d55
2015-04-30 02:08:27 +02:00
Martijn van Groningen 19d1e32453 restore merge mistake.
Original commit: elastic/x-pack-elasticsearch@b6e7d0ad60
2015-04-30 01:42:40 +02:00
Brian Murphy 274b01998c Do script compilation validation at parse time.
This change will attempt to compile scripts at construction time and throw an exception if a script is bad or missing.
With this change the script is compiled at Executable ctor and then the compiled script is used to get the executable.

Fixes elastic/elasticsearch#262

Original commit: elastic/x-pack-elasticsearch@b49c9debf2
2015-04-29 14:29:48 -04:00
Martijn van Groningen 5c3d94076e Made the `ticker` engine the default engine.
Original commit: elastic/x-pack-elasticsearch@f528bd5b8a
2015-04-29 20:17:35 +02:00
Martijn van Groningen 02a1c84c72 Fixed NPE when adding same job several times.
Closes elastic/elasticsearch#277

Original commit: elastic/x-pack-elasticsearch@42831113da
2015-04-29 20:17:35 +02:00
uboness 47a08171bd [cleanup] removed redundant comment in WatcherVersion
Original commit: elastic/x-pack-elasticsearch@b87b2d9bbc
2015-04-29 18:12:01 +02:00
uboness 20059d353a fixed the watcher info API
To return the right build info & version

Fixes elastic/elasticsearch#258

Original commit: elastic/x-pack-elasticsearch@53f5189978
2015-04-29 18:03:21 +02:00
Martijn van Groningen 7f24f229e2 http client: Only read response body if response code < 400.
The jdk http client will not allow reading the body if the response code >= 400.

Relates to elastic/elasticsearch#271

Original commit: elastic/x-pack-elasticsearch@08836f92ae
2015-04-29 17:39:22 +02:00
Martijn van Groningen 04f4a09feb schedules: Don't allow schedules with negative interval.
Closes elastic/elasticsearch#270

Original commit: elastic/x-pack-elasticsearch@a24941683b
2015-04-29 15:40:39 +02:00
Martijn van Groningen f4d0dc4955 http client: Don't append '?' to the url if there are no query string options defined.
Closes elastic/elasticsearch#271

Original commit: elastic/x-pack-elasticsearch@63487fad87
2015-04-29 15:07:48 +02:00
Martijn van Groningen 5bc491d359 execution service: Don't try to send empty bulk requests
Closes elastic/elasticsearch#264

Original commit: elastic/x-pack-elasticsearch@f636bfd956
2015-04-29 15:06:16 +02:00
Martijn van Groningen e438c51555 execution service: Ignore watch records that where deleted while awaiting for execution.
Closes elastic/elasticsearch#268

Original commit: elastic/x-pack-elasticsearch@dbb7160a67
2015-04-29 15:02:49 +02:00
Brian Murphy 42d49d54ef Merge pull request elastic/elasticsearch#265 from GaelTadh/api_namespace_changes
Change watcher REST API call namespace to be watcher.

Original commit: elastic/x-pack-elasticsearch@7a80eb522b
2015-04-28 23:41:03 -04:00
Martijn van Groningen 66c492192c test: fix test bug
Original commit: elastic/x-pack-elasticsearch@d747eadf2f
2015-04-29 01:28:38 +02:00
Brian Murphy 94bea8f83a Change the watch specific actions to reflect that they operate on watches.
This change changes the watch specific actions put/get/delete/execute/ack to be watcher.<action>_watch.

Original commit: elastic/x-pack-elasticsearch@86a91cb141
2015-04-28 19:08:28 -04:00
Martijn van Groningen bbdfaadfaa test: add webhook integration tests
Original commit: elastic/x-pack-elasticsearch@246888fe5e
2015-04-29 01:06:08 +02:00
Brian Murphy 4482d8d2ba Change watcher REST API call namespace to be watcher.
This change changes the API spec such that all of the watcher APIs are in the `watcher` namespace.

Original commit: elastic/x-pack-elasticsearch@f409ab4569
2015-04-28 18:50:07 -04:00
Martijn van Groningen 2f18dd8269 test: add a test that verifies that we only execute watch records that have the await_exection state during the Watcher start phase
Original commit: elastic/x-pack-elasticsearch@62ffe1c984
2015-04-28 19:08:09 +02:00
Martijn van Groningen 4ef30822ea test: improved tests that verify the loading of watches and watch records at Watcher startup time
Original commit: elastic/x-pack-elasticsearch@2ee28bdf7e
2015-04-28 17:34:51 +02:00
Brian Murphy 29d25d4440 [TEST] Enable test compilation against elasticsearch version 1.5.2
ElasticsearchIntegrationTest now has a method called httpClient with a different return type than the watcher AbstractWatcherTests httpclient.
This change renamed the `AbstractWatcherTests.httpClient` to `AbstractWatcherTests.watcherHttpClient`.

Original commit: elastic/x-pack-elasticsearch@d35f076cf2
2015-04-28 11:24:28 -04:00
uboness 280732a120 Better handling of sensitive data in registered watches and watcher settings
A watch may contain sensitive data that typically you don't want to expose in plain text. Exposing means:
 - storing it as plain text in the `.watches` and `.watch_history` indices
 - storing it in memory in plain text (can be access via mem dump)
 - returning it to the user via API in plain text

Examples of such sensitive data:
 - The `password` for the email service (can be configured on the watch itself)
 - The `password` for http input when using basic auth
 - The `passowrd` for webhook action when using basic auth

A new `SecretService` (you heard it right... secret service) was added to handel the secrets across the board. When a watch is first added to watcher, this service converts all the sensitive data to secrets. From that moment on, all sensitive data associated with the watch (whether in stored in the index or in memory) is hidden behind the secret. This service is also used to "reveal" the original sensitive data on-demand when needed (for example, when the email is sent, it is sent with the original text).

There are two implementations for the `SecretService`. The default one is "plain text" where the created secrets don't really hide anything. The second implementation is based on Shield. If Shield is installed and enabled, the `ShieldSecretService` is used which uses shield's crypto service to potentially encrypt the sensitive data (only potentially because Shield's system key must be defined for encryption to take effect, without the system key, the crypto service will not encrypt and instead return the sensitive data in plain text)

Note, even when Shield is installed, the encryption of sensitive data will only be applied if the `watcher.shield.encrypt_sensitive_data` setting is set to `true`. By default it is set to `false`.

The `get watch` and `execute watch` APIs were updated to filter out sensitive data (using special "hide secrets" parameter).

When shield is integrated, we use shield's settings filter to filter out sensitive settings from the REST nodes info API (when shield is not installed or enabled, we don't do this filtering).

For this change several other refactoring needed to take place
 - The http auth codebase was refactored to be more modular. Just like with other modular constructs in watcher, we separated `HttpAuth` from `ApplicableHttpAuth` where the former is the configuration construct and tha latter is the applicable ("executable") construct.
 - Changed `WatchStore#put` to accept a watch (instead of the watch source). That's more natural way of looking at a store. Also, a `Watch` can now create and return itself as `ByteReference`. In addition, we now don't directly store the watch source as it was sent by the user, instead, we first parse it to a watch (important step to both validate the source and convert all sensitive data to secrets) and then serialize the watch back to `ByteReference`. This way we're sure that only the secrets are stored and not the original sensitive data.
 - All `ToXContent` implementation were updated to properly propagate the `Params`

Docs were added to the Shield Integration chapter

Original commit: elastic/x-pack-elasticsearch@4490fb0ab8
2015-04-28 16:04:02 +02:00
Martijn van Groningen 735369b5f4 test: use put watch api to insert watches
test: verify that the exection queue size is 0 when Watcher isn't running

Original commit: elastic/x-pack-elasticsearch@ea16d066e5
2015-04-28 15:26:20 +02:00
Martijn van Groningen 87e3a6a41d test: after each test, ensure that watcher only runs on one node (elected master)
Original commit: elastic/x-pack-elasticsearch@c5d0d4e1d3
2015-04-28 13:41:24 +02:00
Martijn van Groningen 59218733ea test: fix forbidden api failure
Original commit: elastic/x-pack-elasticsearch@ec8c6e1d51
2015-04-28 12:37:41 +02:00
Martijn van Groningen fcb81ab76a test: added more tests for the transform feature.
Original commit: elastic/x-pack-elasticsearch@dd46dc1c42
2015-04-28 12:22:06 +02:00
Brian Murphy 877e59c80f [TEST] Add support for HEAD and DELETE to `WebhookActionTests`
Add HEAD and DELETE to the list of http methods we test in the webhook action tests.

Original commit: elastic/x-pack-elasticsearch@7a6b29bac6
2015-04-27 18:14:17 -04:00
Brian Murphy 01c80e63b0 [TEST] Add automated tests that were missing.
SearchInput using inline, indexed and on disk templates.
ScriptedCondition where the script accesses the ctx.
ScriptedCondition where the script throws an exception.
ScriptedCondition where the script doesn't return a boolean.
Webhook tests using templated body, path and parameters.
Some REST test fixes.

Original commit: elastic/x-pack-elasticsearch@d02b6d1d7b
2015-04-27 17:56:55 -04:00
Martijn van Groningen 7f6c3814b7 test: unset 'shieldEnabled' and 'scheduleEngine' after test class is completed.
Original commit: elastic/x-pack-elasticsearch@3e9332df94
2015-04-25 17:42:48 +02:00