When a http request arrives, we first verify that it carries an authentication token (if it doesn't we throw an authentication exception). Beyond that, any action request that arrives, if it doesn't have an authentication token we assume system user identity. The rationale behind it is that if a request comes in via the transport, then the sending peer authenticated with a client auth cert (the cert acts as the guarantee here that the actor can be assumed as System)... otherwise, the request can come from the local node and triggered by the system (e.g. gateway recovery)
The System user only has permissions to internal apis (it doesn't have full access/permission to all the apis). when a System identity is assumed, the authorization service will grant/deny the request based on whether the request is an internal api or not.
Aso fixed the known actions (to be insync with 1.x branch)
Closeselastic/elasticsearch#45
Original commit: elastic/x-pack-elasticsearch@be27cb0e1b
- throw an error on initialization if the audit trail is configured with an unknown output
- removed unnecessary null checks
Original commit: elastic/x-pack-elasticsearch@8d26723553
Added `shield.n2n.enabled` property to disable this feature, so
it does not get added to the netty pipeline.
Original commit: elastic/x-pack-elasticsearch@d73d27619c
Removing all roles from a user result in an invalid line left in the
roles file. This commit simply removes the user from the roles file
in that case.
Original commit: elastic/x-pack-elasticsearch@c1f4a961fd
The roles file had been checked instead of the users file when checking
if the user already exists. This lead to wrong "user not found" error
messages.
Original commit: elastic/x-pack-elasticsearch@6fc5646ce7
The LDAP realm is a bind-per-user strategy and the group lookup strategy is configurable.
If a role mapping file is not defined, groups names are taken as role names.
Special configuration for active directory simplifies the configuration.
Integration Tests are using an embedded apache DS LDAP Server.
Original commit: elastic/x-pack-elasticsearch@ce20e1b3be
A strategy for extracting the related indices from a request. The default strategy relies on the request to either be `IndicesRequest` or `CompositeIndicesRequest`. But depending on the request type, there might be other strategies as well. For example, `GetIndexTemplatesRequest` only holds the template name and therefore requires a different strategy where the template is looked up in the cluster metadata and the indices are resolved from there.
This also cleans up the Permission class and makes sure that the indices are resolved once per request (and not once per configured group permission)
Original commit: elastic/x-pack-elasticsearch@95192ccdff
- It is now possible to assign index & cluster permission on an action level (not just the fixed privileges we defined).
- also added a test to check that all the actions elasticsearch has are indeed known to shield. So whenever a new action is introduced in elasticsearch, and shield is not aware of it, the build will fail. This will help us ensure that all actions in elasticsearch are 1) well formatted/categorized, 2) secured and "permissible"
Closeselastic/elasticsearch#19
Original commit: elastic/x-pack-elasticsearch@170c3b9185
Load transports in plugin. No need to specify any transport modules anymore.
Removed the transport modules.
Original commit: elastic/x-pack-elasticsearch@45f3245361
- Fixed a bug in the logic of applying the indices group permission check
- For the rest, mainly cosmetics refactoring (renaming & redundant code removal)
Original commit: elastic/x-pack-elasticsearch@748575dc2e
Created an initial set of documentation which can also be built
using `build_docs.pl` without errors.
Original commit: elastic/x-pack-elasticsearch@1a3ccf4eb9
On alert claim time, query index to make sure alert is still valid and enabled and is the same alert.
Original commit: elastic/x-pack-elasticsearch@72b816b7d1
Requests are now auth'ed on the transport level as well (in addition to the transport action level). This is required as some internal requests are not executed as actions, thus not going through the auth process in the transport action. Since we have n2n authentication, we also assume here that requests that are not associated with an authentication token are internal system calls. We then, auth the request as a system user.
Also Added a system realm (to handle system requests)
Original commit: elastic/x-pack-elasticsearch@2c917318f0
* Changed Authentication/AuthorizationException to always return RestStatus.UNAUTHORIZED
* Added the WWW-Authenticate header, which results in user/pass input in browsers
* Added tests and own assertions class
Closeselastic/elasticsearch#18
Original commit: elastic/x-pack-elasticsearch@c6ce084692
This commit adds support for disabling alerts.
This commit adds preliminary support for scripted triggers.
Original commit: elastic/x-pack-elasticsearch@e14a56dbeb
This commit contains fixes to the IndexAlertAction and normalizes the serialization of
Alerts using ToXContent interface.
Original commit: elastic/x-pack-elasticsearch@47325bdd01
This commit add functionality so that multiple nodes running alert plugins won't stand on
each other trying to run the same alerts at the same time.
Original commit: elastic/x-pack-elasticsearch@9c350c0114
This commit adds timestamp clamping on the timeperiod to alerting.
Also adds index setting on alerts.
Original commit: elastic/x-pack-elasticsearch@222cd6eaef
- Also added an overloaded version of the AuthenticationService#token method that accepts a default token and that doesn't thrown an authentication exception
- Added AuditTrail#authenticationFailed method at a higher level than the realm version. Now the realm authc failure will only be logged when trace is enabled. With this change, the audit trail logging is more consistent in its terminology (anonymous is now logged when no auth token is found)
- extended the level of audit trail logging tuning (now using all logging levels, incl. error & warn)
- Added tests for audit trails
- Added tests for authentication service
- Added mockito as a test lib (will serve as our mocking framework)
Original commit: elastic/x-pack-elasticsearch@8d21ab7484
This commit adds parsing of the triggers and actions, and allows alerts to be restricted to indices.
Original commit: elastic/x-pack-elasticsearch@44a6a51b17
This commit enables loading of alerts from the .alerts index and adds the
Quartz scheduler.
You can add the following alert :
````
curl -XPOST http://localhost:9200/.alerts/alert/myTestAlert -d '{
"query" : "myAlertQuery",
"schedule" : "00 * * * * ?",
"trigger" : {
"numberOfEvents" : ">1"
},
"timeperiod" : 300,
"action" : {
"email" : [ "brian.murphy@elasticsearch.com" ]
},
"version" : 1,
"lastRan" : "2014-05-05T12:12:12.123Z"
}
````
With the following search template:
````
curl -XPOST localhost:9200/_search/template/myAlertQuery -d '{ "template" : { "query" : { "match_all" : {} } } }'
````
This will execute the search every minute and trigger if there is more than one match (which there will be).
Original commit: elastic/x-pack-elasticsearch@708f927914
- The authentication service now exposes a token() method to extract the token from the message
- The AuthenticationService#authenticate now accepts the token (extracted using the AuthenticationService#token)
- The Realm now exposes a support(AuthenticationToken) method
- The authc service will now consult all the realms that support a specific token, and the first realm that successfully authenticate will "win".
- Removed the SecurityActionFilter class - it wasn't tested or used anywhere. We'll add a new action filter in a separate commit
Original commit: elastic/x-pack-elasticsearch@e4dd36175f
- changed Privileges class (moved away from enum and use constants instead), now implies(...) can only work on same type privilege
- introduces Permissions.Global (replacing the generic Compound)
- Fixed FileRolesStore to use new privileges & permsissions
- Changed the file format for FileRolesStore. Now instead of the `indices::privileges` array, the indices permissions are defined as an object where the indices are the keys and the privileges are the values. This moves the configuration to pure yaml format.
- Added an option on the authorization service to extract all indices & aliases permitted for a specific user+privilege
Original commit: elastic/x-pack-elasticsearch@77afce767c
* Fixed issue, where client auth was never needed for HTTP.
* Changed parameter name to `require.client.auth`
* Added tests, removed useless code in SslIntegrationTests
Original commit: elastic/x-pack-elasticsearch@ea424e0ae4