Commit Graph

101 Commits

Author SHA1 Message Date
Simon Willnauer 570411c2dc Remove all tribe related code, comments and documentation (elastic/x-pack-elasticsearch#3784)
Relates to elastic/elasticsearch#28443

Original commit: elastic/x-pack-elasticsearch@5c4e7fccc7
2018-01-30 20:40:46 +01:00
Simon Willnauer 730e7075ab Remove XPackExtension in favor of SecurityExtensions (elastic/x-pack-elasticsearch#3734)
This change removes the XPackExtension mechanism in favor of
SecurityExtension that can be loaded via SPI and doesn't need
another (duplicate) plugin infrastructure

Original commit: elastic/x-pack-elasticsearch@f39e62a040
2018-01-26 16:14:11 +01:00
Lisa Cawley 2428e98976 [DOCS] Clarify document level security (elastic/x-pack-elasticsearch#3701)
Original commit: elastic/x-pack-elasticsearch@b4bfe5706c
2018-01-24 09:07:21 -08:00
Lisa Cawley 9435ffe64b [DOCS] Clarify PKI realm support (elastic/x-pack-elasticsearch#3703)
Original commit: elastic/x-pack-elasticsearch@55da7a07d1
2018-01-24 08:32:23 -08:00
Jason Tedor c0790d6a49 Move x-pack-core to core package (elastic/x-pack-elasticsearch#3678)
This commit moves the source file in x-pack-core to a org.elasticsearch.xpack.core package. This is to prevent issues where we have compile-time success reaching through packages that will cross module boundaries at runtime (due to being in different classloaders). By moving these to a separate package, we have compile-time safety. Follow-ups can consider build time checking that only this package is defined in x-pack-core, or sealing x-pack-core until modules arrive for us.

Original commit: elastic/x-pack-elasticsearch@232e156e0e
2018-01-23 12:43:58 -06:00
Lisa Cawley c0edf2197b [DOCS] Replaced settings with links (elastic/x-pack-elasticsearch#3626)
Original commit: elastic/x-pack-elasticsearch@4ad018521e
2018-01-22 15:15:31 -08:00
Albert Zaharovits 0a1e352c5d [DOCS] for audit filtering (elastic/x-pack-elasticsearch#3594)
This documents the changes merged in elastic/x-pack-elasticsearch#3005 and elastic/x-pack-elasticsearch#3100 .

Original commit: elastic/x-pack-elasticsearch@d1702f0480
2018-01-22 11:45:12 +02:00
Lisa Cawley 0ea43c1aa1 [DOCS] Move auditing settings to Elasticsearch Reference (elastic/x-pack-elasticsearch#3608)
Original commit: elastic/x-pack-elasticsearch@a108afd26b
2018-01-18 09:18:24 -08:00
Yogesh Gaikwad 29663c1f38 Fix for Issue elastic/x-pack-elasticsearch#3403 - Predictable ordering of security realms (elastic/x-pack-elasticsearch#3533)
* Security Realms: Predictable ordering for realms

To have predictable ordering of realms, by having secondary
sorting on realm name resulting in stable and consistent documentation.
Documentation update describing how ordering of realms is determined.
Testing done by adding unit test for the change, ran gradle clean check locally.

relates elastic/x-pack-elasticsearch#3403

Original commit: elastic/x-pack-elasticsearch@98c42a8c51
2018-01-17 10:29:00 +11:00
lcawley 56b0f28aa3 [DOCS] More broken link fixes
Original commit: elastic/x-pack-elasticsearch@dd52976660
2018-01-12 13:52:19 -08:00
lcawley d7f81fd95e [DOCS] Fixed broken TLS links
Original commit: elastic/x-pack-elasticsearch@d99a0be781
2018-01-12 11:59:15 -08:00
Lisa Cawley 1369a49b9f [DOCS] Move appropriate TLS content to Elasticsearch Ref (elastic/x-pack-elasticsearch#3416)
Original commit: elastic/x-pack-elasticsearch@a5f96bd7a2
2018-01-12 11:35:16 -08:00
Lisa Cawley 923428e19f [DOCS] Add links to Beats security pages (elastic/x-pack-elasticsearch#3514)
* [DOCS] Added link to new content location

* [DOCS] Add links to Beats security pages

Original commit: elastic/x-pack-elasticsearch@f54f0ef076
2018-01-09 13:33:53 -08:00
Lisa Cawley dc3d5d67a1 [DOCS] Change certgen references to certutil (elastic/x-pack-elasticsearch#3415)
* [DOCS] Change certgen references to certutil

* [DOCS] Updated TLS page with certutil info

* [DOCS] Added certutil examples to TLS page

* [DOCS] Clarified PEM requirement in TLS setup

* [DOCS] Updated certificate instructions

* [DOCS] Fixed security typo

Original commit: elastic/x-pack-elasticsearch@3a326fc87d
2018-01-08 10:14:51 -08:00
lcawley d5e03f9bff [DOCS] Fixed troubleshooting titles
Original commit: elastic/x-pack-elasticsearch@4338580de6
2017-12-15 11:05:20 -08:00
Luca Cavanna 55a19ed394 Deprecate the transport client in favour of the high-level REST client (elastic/x-pack-elasticsearch#2779)
Original commit: elastic/x-pack-elasticsearch@2aeef5df3f
2017-12-01 12:24:26 +01:00
Lisa Cawley 9f59ef6697 [DOCS] Move migrate tool reference (elastic/x-pack-elasticsearch#3011)
* [DOCS] Move migrate tool reference

* [DOCS] Fixed link to migration tool

* [DOCS] Small edits to the migrate tool parameters

* [DOCS] Fixed migrate tool example

Original commit: elastic/x-pack-elasticsearch@0ff40ebdcc
2017-11-27 14:58:18 -08:00
Lisa Cawley 5507c46257 [DOCS] Fixed cross cluster search docs issue (elastic/x-pack-elasticsearch#3113)
Original commit: elastic/x-pack-elasticsearch@023d220082
2017-11-27 07:56:38 -08:00
Igor Kupczyński 18103fae7f Invalid value in the docs for transport.profiles...client_authentication (elastic/x-pack-elasticsearch#3091)
The 6.x and 6.0 versions of the documentation show

```yml
transport.profiles.client.xpack.security.ssl.client_authentication: no
```

Which results in 
```
2017-11-22T11:13:33,225][ERROR][org.elasticsearch.bootstrap.Bootstrap] Exception
java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.XPackPlugin]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:452) ~[elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:392) ~[elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:142) ~[elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.node.Node.<init>(Node.java:302) ~[elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.node.Node.<init>(Node.java:245) ~[elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:322) [elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:130) [elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:121) [elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:69) [elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:134) [elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:85) [elasticsearch-6.0.0.jar:6.0.0]
Caused by: java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_144]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:443) ~[elasticsearch-6.0.0.jar:6.0.0]
	... 14 more
Caused by: java.lang.IllegalArgumentException: could not resolve ssl client auth. unknown value [no]
	at org.elasticsearch.xpack.ssl.SSLClientAuth.parse(SSLClientAuth.java:78) ~[?:?]
	at org.elasticsearch.xpack.ssl.SSLConfigurationSettings.lambda$null$27(SSLConfigurationSettings.java:183) ~[?:?]
	at org.elasticsearch.common.settings.Setting.get(Setting.java:352) ~[elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.common.settings.Setting.get(Setting.java:346) ~[elasticsearch-6.0.0.jar:6.0.0]
	at org.elasticsearch.xpack.ssl.SSLConfiguration.<init>(SSLConfiguration.java:80) ~[?:?]
	at org.elasticsearch.xpack.ssl.SSLService.lambda$loadSSLConfigurations$1(SSLService.java:462) ~[?:?]
	at java.util.ArrayList.forEach(ArrayList.java:1249) ~[?:1.8.0_144]
	at org.elasticsearch.xpack.ssl.SSLService.loadSSLConfigurations(SSLService.java:461) ~[?:?]
	at org.elasticsearch.xpack.ssl.SSLService.<init>(SSLService.java:87) ~[?:?]
	at org.elasticsearch.xpack.XPackPlugin.<init>(XPackPlugin.java:237) ~[?:?]
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_144]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:443) ~[elasticsearch-6.0.0.jar:6.0.0]
	... 14 more
```

I think the valid value there is `none`, so

```yml
transport.profiles.client.xpack.security.ssl.client_authentication: none
```

The tests seem to confirm that https://github.com/elastic/x-pack-elasticsearch/blob/elastic/x-pack-elasticsearch@4860e92d906e046a23aa07b39ee6ef637f011dc1/plugin/src/test/java/org/elasticsearch/xpack/ssl/SSLServiceTests.java#L269

Original commit: elastic/x-pack-elasticsearch@a35b3ac8c9
2017-11-22 17:09:06 +00:00
Jay Modi d86e7870da Security: add manage_index_templates to the kibana_system role (elastic/x-pack-elasticsearch#3009)
This commit adds the manage_index_templates permission to the kibana_system role that is used by
the kibana system user. This is needed due to an upcoming feature in kibana where a index template
will be used to create the saved objects index.

relates elastic/x-pack-elasticsearch#2937

Original commit: elastic/x-pack-elasticsearch@85a67c73aa
2017-11-21 08:45:07 -07:00
Dimitrios Liappis a89bfe84ba [DOCS] Split long lines in Docker TLS getting-started snippet
and add warning for Windows users not using
PowerShell (e.g. `cmd.exe`) to remove the `\` character and join
lines.

Also fix trailing whitespace character in link back to `docker.asciidoc`.

Relates elastic/x-pack-elasticsearch#2999

Original commit: elastic/x-pack-elasticsearch@fe1c5dbc11
2017-11-14 14:25:52 +02:00
Dimitrios Liappis 00ccac9203 [DOCS] Fix wrapped lines in code blocks of TLS getting started guide
Relates elastic/x-pack-elasticsearch#2970

Original commit: elastic/x-pack-elasticsearch@a279e57270
2017-11-13 20:00:35 +02:00
Lisa Cawley fb769be92e [DOCS] Added TLS configuration info for Docker (elastic/x-pack-elasticsearch#2939)
* [DOCS] Add docker TLS configuration info

* [DOCS] Updated layout of TLS docker page

* [DOCS] Clean up docker TLS pages

* [DOCS] Changed nesting of TLS docker info

* [DOCS] More small updates to TLS docker page

Original commit: elastic/x-pack-elasticsearch@2b0504632a
2017-11-10 09:33:56 -08:00
lcawley b5cb814b32 [DOCS] Add security configuration section
Original commit: elastic/x-pack-elasticsearch@ccae9a84a9
2017-11-09 14:28:56 -08:00
lcawley 61864c3a67 [DOCS] Added troubleshooting for setup-passwords command
Original commit: elastic/x-pack-elasticsearch@6196c1e2bf
2017-11-01 09:35:53 -07:00
Martijn van Groningen 9a1c103bb2 security: Fail search request if profile is used and DLS is active.
Original commit: elastic/x-pack-elasticsearch@b83536460d
2017-10-30 09:12:27 +01:00
Lisa Cawley 215f289a8c [DOCS] Reformatted security troubleshooting pages (elastic/x-pack-elasticsearch#2799)
Original commit: elastic/x-pack-elasticsearch@ec9969ec7a
2017-10-26 13:56:57 -07:00
Martijn van Groningen 62215f1fae security: Fail request if suggesters are used and DLS is active.
Original commit: elastic/x-pack-elasticsearch@056c735e77
2017-10-26 08:02:31 +02:00
lcawley b628815dbe [DOCS] Fixed link to X-Pack transport client
Original commit: elastic/x-pack-elasticsearch@0870334e4b
2017-10-12 13:41:14 +01:00
Lisa Cawley 604229cd4d [DOCS] Added transport client info for X-Pack (elastic/x-pack-elasticsearch#2737)
* [DOCS] Added transport client info for X-Pack

* [DOCS] Relocated X-Pack java client info

* [DOCS] Added transport client deprecation info

Original commit: elastic/x-pack-elasticsearch@416aab1d76
2017-10-12 13:18:44 +01:00
Lisa Cawley 95a5d36289 [DOCS] Add watcher and elevated privilege info (elastic/x-pack-elasticsearch#2632)
Original commit: elastic/x-pack-elasticsearch@2dcbace8a0
2017-09-26 13:26:02 -07:00
Lisa Cawley 64e2f4c93c Update bootstrap security details (elastic/x-pack-elasticsearch#2430)
* [DOCS] Update bootstrap security details

* [DOCS] Addressed feedback about bootstrap

* [DOCS] Update bootstrap password details

* [DOCS] Addressed feedback about setup-passwords

* [DOCS] Update security in x-pack install info

* [DOCS] Remove bootstrap.password details

* [DOCS] Update setup-passwords info

* [DOCS] Re-add bootstrap.password details

Original commit: elastic/x-pack-elasticsearch@04d3ee8509
2017-09-26 08:52:04 -07:00
Lisa Cawley ce7b473741 [DOCS] Added logstash_admin role (elastic/x-pack-elasticsearch#2569)
Original commit: elastic/x-pack-elasticsearch@259bbba6e5
2017-09-22 08:20:31 -07:00
lcawley 0ec98e0190 [DOCS] Fixed broken Kibana link
Original commit: elastic/x-pack-elasticsearch@10db543680
2017-09-20 09:30:02 -07:00
Lisa Cawley 8f1984a86e [DOCS] Enable read-only access for kibana_system user (elastic/x-pack-elasticsearch#2465)
Original commit: elastic/x-pack-elasticsearch@a262acb1b0
2017-09-20 09:25:58 -07:00
Lisa Cawley 4ffaec5173 [DOCS] Remove redundant certgen info (elastic/x-pack-elasticsearch#2542)
Original commit: elastic/x-pack-elasticsearch@6147e32fd1
2017-09-18 14:22:34 -07:00
Lisa Cawley 679ef6a744 [DOCS] Added _xpack_security internal user (elastic/x-pack-elasticsearch#2541)
Original commit: elastic/x-pack-elasticsearch@d1c87af335
2017-09-18 13:32:11 -07:00
jaymode 19de38665e Docs: remove incorrect name attribute from role snippet
relates elastic/x-pack-elasticsearch#2497

Original commit: elastic/x-pack-elasticsearch@ef15a1e36c
2017-09-15 12:51:37 -06:00
Jay Modi 53d6d945f0 Update documentation to reflect the latest TLS changes and licensing (elastic/x-pack-elasticsearch#2508)
This commit updates to documentation and adds notes about TLS being required to install a
license.

Relates elastic/x-pack-elasticsearch#2463

Original commit: elastic/x-pack-elasticsearch@0d8bfb98ea
2017-09-15 08:44:03 -06:00
Lisa Cawley 895d28f462 [DOCS] Remove redundant users command info (elastic/x-pack-elasticsearch#2504)
Original commit: elastic/x-pack-elasticsearch@1c9fa91293
2017-09-14 15:47:21 -07:00
Lisa Cawley 27a8041804 [DOCS] CCS no longer needs local *:* permission (elastic/x-pack-elasticsearch#2445)
Original commit: elastic/x-pack-elasticsearch@fb7f6eaeb2
2017-09-08 08:41:32 -07:00
Lisa Cawley 0cd24a9283 [DOCS] Added kibana_dashboard_only_user role (elastic/x-pack-elasticsearch#2427)
Original commit: elastic/x-pack-elasticsearch@e6ab2238eb
2017-09-05 10:40:58 -07:00
Lisa Cawley a56312a8e9 Update security info in X-Pack installation (elastic/x-pack-elasticsearch#2389)
* [DOCS] Update security info in X-Pack installation

* [DOCS] Remove bootstrap from security info

Original commit: elastic/x-pack-elasticsearch@fc272747b1
2017-08-29 13:17:20 -07:00
Jim Ferenczi 27d8b4c79c Remove the _all metadata field (elastic/x-pack-elasticsearch#2356)
This change removes the `_all` metadata field. This field is deprecated in 6
and cannot be activated for indices created in 6 so it can be safely removed in
the next major version (e.g. 7).

Relates https://github.com/elastic/elasticsearch/pull/26356

Original commit: elastic/x-pack-elasticsearch@a47133c94e
2017-08-28 13:01:27 +02:00
Jason Tedor f3a7d46698 Rename CONF_DIR to ES_PATH_CONF
This commit is following upstream Elasticsearch which has renamed the
environment variable used to specify a custom configuration directory
from CONF_DIR to ES_PATH_CONF.

Relates elastic/x-pack-elasticsearch#2261

Original commit: elastic/x-pack-elasticsearch@9ae29941e5
2017-08-15 06:19:39 +09:00
Lisa Cawley ea05ddd513 [DOCS] Fix principal access_granted attribute (elastic/x-pack-elasticsearch#2257)
Original commit: elastic/x-pack-elasticsearch@9c33afce9f
2017-08-11 16:53:21 -07:00
Lisa Cawley cc7c9aeddb [DOCS] Remove redundant Logstash security page (elastic/x-pack-elasticsearch#2239)
Original commit: elastic/x-pack-elasticsearch@8f66e85fb0
2017-08-10 15:31:41 -07:00
Lisa Cawley e500fba354 [DOCS] Update links to Kibana security (elastic/x-pack-elasticsearch#2235)
Original commit: elastic/x-pack-elasticsearch@88f29b3321
2017-08-10 12:56:03 -07:00
Lisa Cawley ccf0b6f2ed [DOCS] Fix typo (elastic/x-pack-elasticsearch#2211)
Original commit: elastic/x-pack-elasticsearch@6efb78c1b2
2017-08-08 12:52:52 -07:00
Jay Modi 7291eb55fe Automatically enable AES 256 bit TLS ciphers when available (elastic/x-pack-elasticsearch#2137)
This commit adds detection of support for AES 256 bit ciphers and enables their use when the JVM
supports them. For OpenJDK, this is often the case without any changes but for the Oracle JVM, the
unlimited policy file needs to be installed. In order to simplify the work a user would need to do
we can detect this support and automatically enable the AES 256 bit versions of the ciphers we
already enable.

Original commit: elastic/x-pack-elasticsearch@5f23b18a1e
2017-08-01 07:36:35 -06:00