Commit Graph

770 Commits

Author SHA1 Message Date
Areek Zillur b1886ce978 address feedback
Original commit: elastic/x-pack-elasticsearch@f6b1d58c5b
2016-07-05 16:07:50 -04:00
Jason Tedor 3577389f95 Rename writeThrowable to writeException
This commit is a response to upstream change
elastic/elasticsearch@96f283c195.

Original commit: elastic/x-pack-elasticsearch@2e485d4e76
2016-07-05 14:46:50 -04:00
Areek Zillur ce10289540 update to master
Original commit: elastic/x-pack-elasticsearch@9bc098f879
2016-07-05 11:29:30 -04:00
Areek Zillur d88e1ddb27 Merge branch 'master' into simplify_license_service_scheduling
Original commit: elastic/x-pack-elasticsearch@faa20465e4
2016-07-05 10:51:40 -04:00
Areek Zillur 3c5fca12ba cleanup unit tests
Original commit: elastic/x-pack-elasticsearch@f759f45b7f
2016-07-05 10:15:01 -04:00
Adrien Grand 5533470959 master is now 5.0.0-alpha5
Original commit: elastic/x-pack-elasticsearch@ce2a255cde
2016-07-05 15:27:27 +02:00
jaymode e861608c59 security: extend usage stats
This commit extends the usage stats to include the usage of ssl, ip filtering, auditing,
system key, field and document level security, and the number of roles.

See elastic/elasticsearch#2210

Original commit: elastic/x-pack-elasticsearch@e44c5748ba
2016-07-05 08:57:25 -04:00
Alexander Reelsen e8c1e7f9d8 Watcher: Dont hide exceptions during watch execution
When a painless exception is raised in the script condition, it was not bubbled up due to
catching exceptions on during execution. This removes the different catching of exceptions
and allows the watch record construct to contain an exception that is also serialized correctly
so that it can be stored in the watch history but also returned in the execute watch API.

This also updates the watch history template, so that exceptions are not indexed, but logged.

Relates elastic/elasticsearch#2587

Original commit: elastic/x-pack-elasticsearch@4dffb672bf
2016-07-05 09:33:44 +02:00
Jason Tedor f1670a3845 Rename UserError
The top-level class Throwable represents all errors and exceptions in
Java. This hierarchy is divided into Error and Exception, the former
being serious problems that applications should not try to catch and the
latter representing exceptional conditions that an application might
want to catch and handle. This commit renames
org.elasticsearch.cli.UserError to org.elasticsearch.UserException to
make its name consistent with where it falls in this hierarchy.

Relates elastic/elasticsearch#2701

Original commit: elastic/x-pack-elasticsearch@589e159ec0
2016-07-04 19:22:46 -04:00
Boaz Leskes 8cc49b5b30 Remove DummyTransportAddress (elastic/elasticsearch#2048)
this is a partner PR to elastic/elasticsearchelastic/elasticsearch#17811

Original commit: elastic/x-pack-elasticsearch@1db11e4340
2016-07-04 21:09:53 +02:00
Tanguy Leroux bd0cf521aa Enable Checkstyle RedundantModifier
Original commit: elastic/x-pack-elasticsearch@7455e88dce
2016-07-04 15:17:50 +02:00
Jason Tedor 1cd53c41e2 Do not catch throwable
Today throughout the codebase, catch throwable is used with reckless
abandon. This is dangerous because the throwable could be a fatal
virtual machine error resulting from an internal error in the JVM, or an
out of memory error or a stack overflow error that leaves the virtual
machine in an unstable and unpredictable state. This commit removes
catch throwable from the codebase and removes the temptation to use it
by modifying listener APIs to receive instances of Exception instead of
the top-level Throwable.

Relates elastic/elasticsearch#2694

Original commit: elastic/x-pack-elasticsearch@7ecdd7d978
2016-07-04 08:41:08 -04:00
Colin Goodheart-Smithe b008a4de74 fixes package declarations in security tests
Original commit: elastic/x-pack-elasticsearch@09ed28aee3
2016-07-04 10:28:13 +01:00
Nik Everett 98f34c1120 Handle core removing addField
It is addStoredField now.

Original commit: elastic/x-pack-elasticsearch@c42c18894f
2016-07-04 09:36:36 +02:00
Ryan Ernst 03cbf82101 Remove WatcherSettingsValidation service
This looks like it predates settings validation in core, and only had a
single use inside the watcher ExecutionService. This change moves the
settings inside ExecutionService to be validated settings, and removes
the watcher specific validation.

Original commit: elastic/x-pack-elasticsearch@82843ce56c
2016-07-02 15:51:09 -07:00
Ryan Ernst d6ff6211eb Merge pull request elastic/elasticsearch#2685 from rjernst/uninject_htmlsanitizer
Uninject HtmlSanitizer

Original commit: elastic/x-pack-elasticsearch@4a6c8cdee6
2016-07-01 16:26:57 -07:00
Ryan Ernst 9f52066bdb Removed generics from LifecycleComponent
This is the xplugins side of elastic/elasticsearch#19225

Original commit: elastic/x-pack-elasticsearch@845a945552
2016-07-01 16:23:13 -07:00
Ryan Ernst 09c8418a50 Fix xpack tests with node info ctor changes
Original commit: elastic/x-pack-elasticsearch@c741a2d231
2016-07-01 14:15:19 -07:00
Ryan Ernst 36a8c24b6b Uninject HtmlSanitizer
This is just a utility used by the email action and does not need to be
injected.

Original commit: elastic/x-pack-elasticsearch@4555db634c
2016-07-01 13:45:16 -07:00
Tanguy Leroux 561fc86585 Fix checkstyle violations
Original commit: elastic/x-pack-elasticsearch@187f1cbd35
2016-07-01 17:13:08 +02:00
Tanguy Leroux 17684f1e76 Fix order of modifiers
Original commit: elastic/x-pack-elasticsearch@1f970e78ba
2016-07-01 16:54:53 +02:00
Simon Willnauer 158a6b5588 Cleanup BytesRefrence interface (elastic/elasticsearch#2670)
This is a followup of elastic/elasticsearchelastic/elasticsearch#19196

Original commit: elastic/x-pack-elasticsearch@1d0398e89a
2016-07-01 16:09:53 +02:00
Alexander Reelsen 6527683e48 Licensing: Return HTTP 403 forbidden instead of 401 in exception (elastic/elasticsearch#2673)
When a license exception is raised, we returned 401 as HTTP error code
in there. However this seems to have triggered some browsers to actually
ask for login credentials, which wont have any impact here.

Closes elastic/elasticsearch#1863

Original commit: elastic/x-pack-elasticsearch@cc63abdac8
2016-07-01 14:32:42 +02:00
javanna 4eb21f4c01 [TEST] eagerly parse response body at ObjectPath initialization and read content type from response headers
We are going to parse the body anyways whenever it's in json format as it is going to be stashed. It is not useful to lazily parse it anymore. Also this allows us to not rely on automatic detection of the xcontent type based on the content of the response, but rather read the content type from the response headers.

Original commit: elastic/x-pack-elasticsearch@11be4684ae
2016-07-01 09:49:47 +02:00
javanna 579baa2bca [TEST] make JsonPath independent of data format, rename to ObjectPath
The internal representation of the object that JsonPath gives access to is a map. That is independent of the initial input format, which is json but could also be yaml etc.
This commit renames JsonPath to ObjectPath and adds a static method to create an ObjectPath from an XContent

Original commit: elastic/x-pack-elasticsearch@bc84c68161
2016-07-01 09:49:47 +02:00
Ryan Ernst 8d6d96d2f8 Merge pull request elastic/elasticsearch#2658 from rjernst/rest_handler_client
Change rest handler interface to use NodeClient

Original commit: elastic/x-pack-elasticsearch@82da58cc0c
2016-06-30 11:00:14 -07:00
Jay Modi 060120b53d Merge pull request elastic/elasticsearch#2660 from jaymode/rest_test_teardown
test: move teardown logic into the rest tests

Original commit: elastic/x-pack-elasticsearch@81a273a4c7
2016-06-30 12:03:07 -04:00
Boaz Leskes 7c1bc0c8de adapt randomFrom to not use null as a first param, in preparation for https://github.com/elastic/elasticsearch/pull/19172
Original commit: elastic/x-pack-elasticsearch@50296d6cfc
2016-06-30 17:55:17 +02:00
Lee Hinman 8c54887ab8 Merge remote-tracking branch 'dakrone/migrate-tool-master'
Original commit: elastic/x-pack-elasticsearch@ce82529d4b
2016-06-30 09:53:52 -06:00
jaymode 4999f3a38c test: remove unnecessary teardown section in license test
Original commit: elastic/x-pack-elasticsearch@b457404452
2016-06-30 11:39:37 -04:00
Lee Hinman 238eed2075 Throw correct exception type, reduce boilerplate in boolean statement
Original commit: elastic/x-pack-elasticsearch@1e33c4d8f2
2016-06-30 09:34:08 -06:00
Ryan Ernst 82e4330e87 Merge branch 'master' into rest_handler_client
Original commit: elastic/x-pack-elasticsearch@7fcc120767
2016-06-30 08:16:50 -07:00
jaymode d1b945d1f2 security: remove user/role deletion logic in XPackRestTestCase
Original commit: elastic/x-pack-elasticsearch@d6064e520a
2016-06-30 11:15:05 -04:00
Karel Minarik 67706a9a19 [SECURITY] Changed the setup/teardown YAML structure in the integration test for roles
Related: 176fd6a

Original commit: elastic/x-pack-elasticsearch@90e210dbc2
2016-06-30 11:15:05 -04:00
Karel Minarik 6d535043f8 [SECURITY] Added a `teardown` section to the integration test for roles
Currently, the REST tests for security (and possibly others) don't clean up the environment
after they have run, eg. they don't delete the users and roles they create. This leads to
test failures, because in a subsequent run, a user or role already exists, so eg. a test
like `match: { role: { created: true } }` fails.

This patch adds a `teardown` section to the test, with `do` actions which are to be
executed _after_ the test runs.

This patch assumes that REST tests runners for all languages support the `teardown` directive
in a xUnimt nomenclature -- similarly to the `setup` directive, which they already support.

Original commit: elastic/x-pack-elasticsearch@70d0ff4ee9
2016-06-30 11:15:05 -04:00
Simon Willnauer 30dd9ab09c Follup PR fore elastic/elasticsearchelastic/elasticsearch#19096 (elastic/elasticsearch#2656)
This PR is a cleanup / follup for elastic/elasticsearchelastic/elasticsearch#19096

Original commit: elastic/x-pack-elasticsearch@052b9a85a7
2016-06-30 13:42:09 +02:00
Martijn van Groningen 7c988b78e1 test: test that DLS is applied before FLS
Original commit: elastic/x-pack-elasticsearch@c7c12cc8d6
2016-06-30 12:32:37 +02:00
Ryan Ernst b513f2bb6b Merge branch 'master' into script_service_deps
Original commit: elastic/x-pack-elasticsearch@d4269e190d
2016-06-29 23:35:29 -07:00
Ryan Ernst 0fcb52a794 Merge branch 'master' into rest_handler_client
Original commit: elastic/x-pack-elasticsearch@429edeea84
2016-06-29 17:03:27 -07:00
Ryan Ernst 7822f28d7b Simplify rest handler constructors
This is the xplugins side of moving the client dependency for rest
handlers to the handleRequest method

Original commit: elastic/x-pack-elasticsearch@ce66e35e7b
2016-06-29 16:30:55 -07:00
Nik Everett 672d91f2a4 Move rest handler registration to ActionPlugin
Original commit: elastic/x-pack-elasticsearch@b3bc7d4a9f
2016-06-29 18:32:58 -04:00
Lee Hinman 92637d2eec Use client http ssl settings if applicable
Original commit: elastic/x-pack-elasticsearch@c74116d40a
2016-06-29 15:00:39 -06:00
Lee Hinman 4d7d9ad5b9 get the SSL status from the node settings
Original commit: elastic/x-pack-elasticsearch@6fff3e6ce1
2016-06-29 10:07:23 -06:00
Lee Hinman 27fb1e036e switch to RoleDescriptor jsonification, rename esusersSettings -> fileRealmSettings
Original commit: elastic/x-pack-elasticsearch@a7181a329a
2016-06-29 09:56:52 -06:00
jaymode b06249279e security: REST spec cleanup and authenticate tests create user
This change cleans up the rest API specs and changes the documentation field to a link. Additionally,
the integration tests for xpack now use the elastic user rather than a dummy user from a file realm.

Closes elastic/elasticsearch#2458
Closes elastic/elasticsearch#2437

Original commit: elastic/x-pack-elasticsearch@8059a0d856
2016-06-29 11:42:44 -04:00
Lee Hinman b4c19734ac Fail hard if retrieving user/role fails or adding user/role fails
Original commit: elastic/x-pack-elasticsearch@d641dab31c
2016-06-29 09:37:59 -06:00
Lee Hinman db39da77c5 Merge remote-tracking branch 'origin/master' into migrate-tool-master
Original commit: elastic/x-pack-elasticsearch@eaa4b2923f
2016-06-29 09:30:07 -06:00
Lee Hinman 26000c324d Move comment to be in correct place
Original commit: elastic/x-pack-elasticsearch@51fb594e9b
2016-06-29 09:29:38 -06:00
Tanguy Leroux a06f4a02fd Rename Marvel packages and directories to Monitoring
related to elastic/elasticsearch#2383

Original commit: elastic/x-pack-elasticsearch@7f4001a031
2016-06-29 09:10:25 +02:00
Ryan Ernst 2d0055de35 Make script service a cluster state listener
Original commit: elastic/x-pack-elasticsearch@dc763f3d66
2016-06-28 14:06:53 -07:00
Areek Zillur 0e39df71f6 Merge branch 'master' into simplify_license_service_scheduling
Original commit: elastic/x-pack-elasticsearch@2f32594297
2016-06-28 13:11:52 -04:00
Yannick Welsch 1762d1d96c Fix wrong logger usages
Relates to elastic/elasticsearchelastic/elasticsearch#19126

Original commit: elastic/x-pack-elasticsearch@e644f2bd9c
2016-06-28 16:46:31 +02:00
Nik Everett 6f6426b444 Switch plugin action registration to pull
Original commit: elastic/x-pack-elasticsearch@2154918b6e
2016-06-28 08:56:54 -04:00
Jason Tedor b378ff780b Modify poll interval setting in native realm test
This commit modifies the construction of the poll interval setting in
the native realm tests in response to upstream change
elastic/elasticsearchelastic/elasticsearch#2f638b5a23597967a98b1ced1deac91d64af5a44.

Original commit: elastic/x-pack-elasticsearch@c6f60f51f4
2016-06-27 18:43:33 -04:00
Lee Hinman a289fbd168 Add a tool to migrate users/roles from file to native realm
This adds the `bin/shield/migrate` tool that allows migrating users and
roles from the files to the native (API-based) store.

It looks like this:

```
λ bin/shield/migrate native -U http://localhost:9200 -u test_user -p changeme -n lee,foo -r role1,role2,role3,role4,foo
starting migration of users and roles...
importing users from [/home/hinmanm/scratch/elasticsearch-2.4.0-SNAPSHOT/config/shield/users]...
found existing users: [test_user, joe3, joe2]
migrating user [lee]
{"user":{"created":true}}
no user [foo] found, skipping
importing roles from [/home/hinmanm/scratch/elasticsearch-2.4.0-SNAPSHOT/config/shield/roles.yml]...
found existing roles: [marvel_user, role_query_fields, admin_role, role3, admin, remote_marvel_agent, power_user, role_new_format_name_array, role_run_as, logstash, role_fields, role_run_as1, role_new_format, kibana4_server, user, transport_client, role1.ab, role_query]
migrating role [role1]
{"role":{"created":true}}
migrating role [role2]
{"role":{"created":true}}
role [role3] already exists, skipping
migrating role [role4]
failed to migrate role [role4] with body: {"indices":[{"names":["idx2"]},{"names":["idx2"]},{"names":["idx1"]}]}
java.io.IOException: {"error":{"root_cause":[{"type":"parse_exception","reason":"failed to parse indices privileges for role [role4]. missing required [privileges] field"}],"type":"parse_exception","reason":"failed to parse indices privileges for role [role4]. missing required [privileges] field"},"status":400}
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.postURL(ESNativeRealmMigrateTool.java:206)
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.importRoles(ESNativeRealmMigrateTool.java:389)
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.execute(ESNativeRealmMigrateTool.java:171)
  at org.elasticsearch.common.cli.CliTool.execute(CliTool.java:153)
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool.main(ESNativeRealmMigrateTool.java:91)
Caused by: java.io.IOException: Server returned HTTP response code: 400 for URL: http://localhost:9200/_shield/role/role4
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1840)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
  at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.postURL(ESNativeRealmMigrateTool.java:192)
  ... 4 more

no role [foo] found, skipping
users and roles imported.
```

Original commit: elastic/x-pack-elasticsearch@3ce47c0ffd
2016-06-27 14:20:45 -06:00
Nik Everett a673c44036 Support IndicesModule list constructor
Original commit: elastic/x-pack-elasticsearch@c88e2b82b7
2016-06-27 15:04:17 -04:00
Boaz Leskes 62a46a2e8d revert elastic/x-pack@0513ff4168 as https://github.com/elastic/elasticsearch/pull/18992 was reverted as well
Original commit: elastic/x-pack-elasticsearch@febaaff840
2016-06-27 20:19:20 +02:00
Luca Cavanna b5bb2d2fdc Merge pull request elastic/elasticsearch#2576 from javanna/fix/xpack-rest-testcase-watcher
[TEST] remove start and stop watcher from XPackRestTestCase

Original commit: elastic/x-pack-elasticsearch@192be0db8b
2016-06-27 14:52:39 +02:00
Alexander Reelsen ebf00cc9e5 Dependencies: Upgrade jimfs to 1.1 removed unneeded guava calls (elastic/elasticsearch#2614)
Guava should only be used by the HTML sanitizer and no other code

Original commit: elastic/x-pack-elasticsearch@6a20674768
2016-06-27 11:07:15 +02:00
Alexander Reelsen 32c9f86124 Watcher: Support for inline attachments (elastic/elasticsearch#2601)
If an attachment is configured of disposition type INLINE, and is referred to
in HTML body parts, then some email clients can display images inside of an HTML
email and refer to those attachments.

Watcher already had support for inlined attachments, however this could not be configured
from a watch, but just via the Java API. Also it was not tested.

This commit changes the attachment to decide on creation if it should be inline or a regular
attachment and adds a test.

Relates elastic/elasticsearch#2381
Relates elastic/elasticsearch#2464
Closes elastic/elasticsearch#2557

Original commit: elastic/x-pack-elasticsearch@84935ffb18
2016-06-27 10:45:10 +02:00
Lee Hinman 4990296a5c Remove too-strict validation of role names
When parsing the privileges, we now no longer throw an exception if
there haven't been any names parsed out. This is not an issue though,
because we validate that the `names` array is not empty when we parse
it, and that it's not `null` before returning from the function.

Adds a rest test that sends things out of order to test this still
works.

Resolves elastic/elasticsearch#2606

Original commit: elastic/x-pack-elasticsearch@62a38bea8f
2016-06-24 12:00:24 -06:00
Alexander Reelsen f78f848681 Watcher: Fix acknowledgement REST API endpoints
Add new REST API endpoint to acknoweldging actions. The old endpoints
have not been removed as part of this PR, but can be in the next major
version.

Update the documentation to remove the parameter based example, and
mention that the old endpoints are going to be removed in the future.

Closes elastic/elasticsearch#2517

Original commit: elastic/x-pack-elasticsearch@e2558e9e1f
2016-06-24 16:50:35 +02:00
Yannick Welsch 74efdd4a94 Disable failing test NodeStatsTests.testNodeStats
Original commit: elastic/x-pack-elasticsearch@954badc4a4
2016-06-23 13:36:06 +02:00
Tanguy Leroux 99ade96091 Watcher: Remove usage of SearchRequest's template support
Template support is going to be removed from the Search API to its own Search Template API in the lang-mustache module (see elastic/elasticsearch#17906, elastic/elasticsearch#18765). This commit changes Watcher's SearchInput and SearchTransform classes so that it now uses a WatcherSearchTemplateRequest that contains both the search request and the template. Search request and template are rendered using WatcherSearchTemplateRequestService before being executed.

Original commit: elastic/x-pack-elasticsearch@bfa16ab80f
2016-06-23 09:31:47 +02:00
Alexander Reelsen f6abf979ce Fixed compilation issue
Relates elastic/elasticsearchelastic/elasticsearch#18914

Original commit: elastic/x-pack-elasticsearch@35b6960b9e
2016-06-23 09:06:02 +02:00
Nik Everett 9aecf6330a Handle core removing addField
It is addStoredField now.

Original commit: elastic/x-pack-elasticsearch@265d716b31
2016-06-22 12:45:25 -04:00
javanna ffae647b8b [TEST] remove start and stop watcher from XPackRestTestCase
We were ignoring the response code which is always 401 because the license is not good to start watcher. Plus all tests run fine without these methods.

Original commit: elastic/x-pack-elasticsearch@f93e1c2777
2016-06-22 15:51:53 +02:00
Alexander Reelsen 5883efc976 Watcher: Remove support for _timestamp field in index action (elastic/elasticsearch#2575)
The watch index action was using the _timestamp field by default.
This functionality now needs to be configured explicitely for a special
field that is part of that document which is going to be indexed.

Relates elastic/elasticsearchelastic/elasticsearch#18980

Original commit: elastic/x-pack-elasticsearch@dfa4cf2296
2016-06-22 14:31:27 +02:00
javanna 1ea3397956 Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@cb39e935d5
2016-06-22 09:50:28 +02:00
Alexander Reelsen 4f55896af8 Tests: Fix ManualPublicSmtpServersTester to make it work again
Original commit: elastic/x-pack-elasticsearch@8cf12ed485
2016-06-22 08:40:25 +02:00
javanna a030239c9e Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@6437c6572d
2016-06-21 16:22:25 +02:00
Martijn van Groningen 52bdda62c7 fixed compile error caused by change in core
Original commit: elastic/x-pack-elasticsearch@92e4939d8f
2016-06-21 09:38:25 +02:00
Daniel Mitterdorfer d5e7536766 Adjust line length in ChainTransformTests to 140 chars
Original commit: elastic/x-pack-elasticsearch@bbced70aa7
2016-06-21 07:28:00 +02:00
Simon Willnauer a54d3bc3d5 Remove LazyInitializable and friends (elastic/elasticsearch#2558)
This class should have never existed, I fixed all places where we messed aroudn with this
and resolved dependencies or let guice deal with it.

Original commit: elastic/x-pack-elasticsearch@6a42c4153d
2016-06-20 17:25:30 +02:00
jaymode c024dbfc49 security: remove use of shield in files and directory names
This commit removes as much of the use of shield as possible in the source code.

See elastic/elasticsearch#2383

Original commit: elastic/x-pack-elasticsearch@00009cc06e
2016-06-20 10:26:10 -04:00
Simon Willnauer 0fcbf8c6ca Cleanup unnecessary modules and use current version across the board (elastic/elasticsearch#2556)
Followup for elastic/elasticsearchelastic/elasticsearch#18969

Original commit: elastic/x-pack-elasticsearch@c86a5969c7
2016-06-20 12:15:32 +02:00
Tanguy Leroux 24e9baeefb Remove scriptRemoved() method
Related to elastic/elasticsearch@18572

Original commit: elastic/x-pack-elasticsearch@ec43b58111
2016-06-20 10:33:18 +02:00
Tim Sullivan a2637da78a Merge pull request elastic/elasticsearch#2512 from elastic/monitoring-ui-kibana
Monitoring UI: Kibana Dashboards

Original commit: elastic/x-pack-elasticsearch@4279ab9601
2016-06-17 11:02:25 -07:00
jaymode dd7a43a93f security: optimize field level security for match all fields
This commit handles the use of `*` as a field in a role as effectively disabling field level
security. We do this to take advantage of caches that we disable when field level security
is active.

See elastic/elasticsearch#2407

Original commit: elastic/x-pack-elasticsearch@d96e18d57c
2016-06-17 11:49:36 -04:00
Areek Zillur b15753f0cc Merge branch 'enhancement/rollover_api'
Original commit: elastic/x-pack-elasticsearch@2d5bd5959e
2016-06-17 11:32:02 -04:00
Simon Willnauer 5e300fc1e4 Cleanup ClusterService dependencies and detached from Guice (elastic/elasticsearch#2542)
followup for elastic/elasticsearchelastic/elasticsearch#18941

Original commit: elastic/x-pack-elasticsearch@6b8680b5e9
2016-06-17 17:07:22 +02:00
Areek Zillur 384861ef75 Merge branch 'master' into enhancement/rollover_api
Original commit: elastic/x-pack-elasticsearch@0217fa2a12
2016-06-17 10:32:47 -04:00
Areek Zillur 568bf49578 add rollover to known actions
Original commit: elastic/x-pack-elasticsearch@296e4ea4c2
2016-06-17 10:32:28 -04:00
jaymode eeb964c886 security: default role checks authenticating realm
This change makes the default role check the authenticating realm when authorizing
a request for the current user (or run as user) where the user is trying to change their
own password. We need to do this, otherwise we open up the potential of a user in one
realm changing the password of a user in another realm.

As part of this work, the authentication service has been refactored and simplified. A
new object, Authentication, is now returned when authenticating. Currently, this object
contains the user, authenticating realm information, and if it is a run as request the
information of the realm that looked up the user.

Closes elastic/elasticsearch#2089

Original commit: elastic/x-pack-elasticsearch@3fd9c37a16
2016-06-17 10:31:54 -04:00
javanna 966fff2009 Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@9c8cfc915f
2016-06-17 13:50:36 +02:00
jaymode 27958cc708 security: add charset to the WWW-Authenticate header
The WWW-Authenticate header can optionally specify the charset that the server uses after
decoding credentials. If this is not specified, most clients will limit the available characters to
ISO-8859-1, which causes issues for certain characters.

See RFC 7617

Closes elastic/elasticsearch#2290

Original commit: elastic/x-pack-elasticsearch@44411eebe7
2016-06-17 07:44:44 -04:00
Ryan Ernst e985159f65 Merge branch 'master' into plugin_name_api
Original commit: elastic/x-pack-elasticsearch@ddc161e695
2016-06-16 14:34:23 -07:00
Areek Zillur 09b8495974 Merge branch 'master' into enhancement/rollover_api
Original commit: elastic/x-pack-elasticsearch@f7a6e27f12
2016-06-16 17:28:14 -04:00
Timothy Sullivan f231341f90 monitoring ui: add heap.size_limit to Kibana stats
Original commit: elastic/x-pack-elasticsearch@c74e90c34e
2016-06-16 12:24:52 -07:00
Jonathan Budzenski e07d73e91c monitoring ui: add overall and plugin statuses to ops data
Original commit: elastic/x-pack-elasticsearch@9dff2cf9ae
2016-06-16 12:24:52 -07:00
Simon Willnauer b2c944a480 Cut over settings registration to a pull model elastic/elasticsearchelastic/elasticsearch#18890 (elastic/elasticsearch#2538)
Followup for elastic/elasticsearchelastic/elasticsearch#18890

Original commit: elastic/x-pack-elasticsearch@a65ee6913f
2016-06-16 15:53:01 +02:00
Simon Willnauer 36ad326483 Simplify ScriptModule and script registration elastic/elasticsearchelastic/elasticsearch#18903 (elastic/elasticsearch#2535)
follow up PR for elastic/elasticsearchelastic/elasticsearch#18903

Original commit: elastic/x-pack-elasticsearch@d6ab3ab141
2016-06-16 09:35:16 +02:00
Ryan Ernst 7cb7f85709 Remove name() and description() from plugin api
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#18906

Original commit: elastic/x-pack-elasticsearch@b47422fe91
2016-06-15 17:11:34 -07:00
Areek Zillur d8d5bb3683 xpack fixes for elasticsearchelastic/elasticsearch#18732
Original commit: elastic/x-pack-elasticsearch@fdb1cea1db
2016-06-15 15:48:21 -04:00
Nik Everett f92314ba00 Disable field stats cache if field level security
Field level security poisons that cache.

Closes elastic/elasticsearch#2528

Original commit: elastic/x-pack-elasticsearch@12ca4a2ef4
2016-06-15 15:17:06 -04:00
jaymode f8ba97c42f test: mute test until we can fix the field stats caching
Original commit: elastic/x-pack-elasticsearch@06ce7da477
2016-06-15 08:52:22 -04:00
javanna 82a19cda0e Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@f8d810f0e8
2016-06-15 11:49:34 +02:00
Nik Everett 1c170fb081 Make task/get known
Original commit: elastic/x-pack-elasticsearch@ce4bca4b86
2016-06-14 13:38:04 -04:00
jaymode 3c1218ac1c security: don't iterate over realms if authentication is not enabled
This changes the realms iterator call to alway return a empty iterator when we have a basic license
otherwise an exception would be thrown.

Closes elastic/elasticsearch#2474

Original commit: elastic/x-pack-elasticsearch@168cab9e1d
2016-06-14 06:41:58 -04:00
Jim Ferenczi ce8ffab7f2 Add support for a policy file (x-pack-extension-security.policy) in an x-pack extension
Fix elastic/elasticsearch#2094

Original commit: elastic/x-pack-elasticsearch@bc017064d0
2016-06-14 10:20:54 +02:00