This change adds the proper behavior for the standard license which is:
* authentication is enabled but only the reserved, native and file realms are available
* authorization is enabled
Features that are disabled:
* auditing
* ip filtering
* custom realms
* LDAP, Active Directory, PKI realms
See elastic/elasticsearch#1263
Original commit: elastic/x-pack-elasticsearch@920c045bf1
This commit removes duplicated code in the authentication service by combining
the authentication logic for rest and transport requests. As part of this we no longer
cache the authentication token since we put the user in the context and serialize the
user.
Additionally we now pass the thread context to the AuthenticationFailureHandler to
restore access to the headers and context.
Original commit: elastic/x-pack-elasticsearch@79e2375a13
In order to prevent shipping of RCs with the wrong license, this
smoke tester downloads the internal RC, installs x-pack and puts
a license in there.
if putting is successful, we can be sure, we got the right license.
Closeselastic/elasticsearch#2087
Original commit: elastic/x-pack-elasticsearch@021d228e29
This mainly moves packages over to the x-pack directory and renames the settings
from `xpack.watcher.actions.` to `xpack.notification.`
Moved services include pagerduty, hipchat, slack and email.
Closeselastic/elasticsearch#1998
Original commit: elastic/x-pack-elasticsearch@40c16fe123
Updated okhttp and moved the jsr305 dependency into testing.
This required a minor change in tests using SSL, as otherwise
the security manager barfs, when the okhttp webserver tries
to load sun internal SSL based classes.
Original commit: elastic/x-pack-elasticsearch@77131589e0
The old implementation was to use properties at build-time. This however did not work,
as the tests could not be run in the IDE. This has been removed of monitoring for some
time already, but needs to be removed from watcher as well.
This commit uses static variables and refactors the code a bit. First, there is a generic
TemplateUtils class, to be used in monitoring and watcher. Also the watcher code has been changed
to copy the needed variables into the template registry class instead of keeping it in the
WatcherModule.
This commit also includes some refactoring to remove the version parameter in marvel, was static anyway
Closeselastic/elasticsearch#1372
Original commit: elastic/x-pack-elasticsearch@fbfc22ea09
- by default the response includes all info - build, license, features + human descriptions.
- you can still control the output using `categories` and `human` parameters
- Added docs to this API
Original commit: elastic/x-pack-elasticsearch@85115495ec
This avoids exceptional cases where node stats are not returned due to some concurrent modification.
Original commit: elastic/x-pack-elasticsearch@6f6b8ec393
Writeable#readFrom has become a method you just implement because
the interface requires it but the prefered way to actually do the
reading is a ctor that takes a StreamReader. readFrom just delegates
to the ctor. This removes readFrom entirely because it is not needed
anymore and is going away in core.
Relates to https://github.com/elastic/elasticsearch/issues/17085
Original commit: elastic/x-pack-elasticsearch@dd74db5ded
- introduced the "Feature Set" notion - graph, security, monitoring, watcher, these are all feature sets
- each feature set can be:
- `available` - indicates whether this feature set is available under the current license
- `enabled` - indicates whether this feature set is enabled (note that the feature set can be enabled, yet unavailable under the current license)
- while at it, cleaned up the main modules of watcher, security, monitoring and graph.
Original commit: elastic/x-pack-elasticsearch@5b3e19fe8c
From now on, if field level security and percolator is used then the percolator field needs to be included in the allowed fields.
Original commit: elastic/x-pack-elasticsearch@7d39b5caf6
The SessionFactory construction was calling the `ldapServers` method in the constructor,
which was fine for all of the session factories except for the ActiveDirectorySessionFactory.
The ActiveDirectorySessionFactory overrides the ldapServers method and use class variables
that are initialized in its constructor so the value was always null.
This change moves setup to an init method for objects that depend on variables set during
construction.
Closeselastic/elasticsearch#2011
Original commit: elastic/x-pack-elasticsearch@07c15ce171
Even though HEAD is a possible method, this implies that no data is returned
and thus the tests fail randomly.
If HEAD should be added to the api it needs it's own API definition IMO.
Original commit: elastic/x-pack-elasticsearch@a216393f6b
* The found-license project is removed since it is no longer needed
* The plugin-api classes have moved into the license-plugin since there is only one plugin
* The license/base project publishes the proper artifactId in the pom file
* The x-pack jar file is added as an artifact so that it can be installed
* The x-pack pom no longer declares the packaging as `zip`
* The x-pack pom uses the right artifactId for license-core
* Removed disabling of installing the x-plugins artifacts
* Cleaned up a use of guava in watcher (found when trying to remove guava as a compile
dependency but is needed by the HTML sanitizer)
* Removed the dependency on the mustache compiler since it is no longer necessary
Closeselastic/elasticsearch#1987
Original commit: elastic/x-pack-elasticsearch@9d3b50b054
Elasticsearch supports the concept of date match expressions for index names and
the authorization service was trying to authorize the names without resolving them
to their concrete index names. This change now resolves these names
Closeselastic/elasticsearch#1983
Original commit: elastic/x-pack-elasticsearch@3c6baa8e83
The license check in Watcher was issued in the wrong way,
so that new licenses were not affected by the check. This
commit explicitely lists the license types that are allowed
to execute watcher actions as well as fixing the tests.
Relates elastic/elasticsearch#1263
Original commit: elastic/x-pack-elasticsearch@afd55965b0
