The active state was not serialized in the PutWatchRequest leading to
to always setting it to active, when a different node than the master
node was hit with a put watch request.
Closeselastic/elasticsearch#2490
Original commit: elastic/x-pack-elasticsearch@060c0fa35f
s/request.setRefresh/request.setRefreshPolicy/
setRefresh is still supported on the builder for backwards
compatibility but not on the request itself.
Original commit: elastic/x-pack-elasticsearch@8763e2e65f
A RestClient instance is now created whenever EsIntegTestCase#getRestClient is invoked for the first time. It is then kept until the cluster is cleared (depending on the cluster scope of the test).
Renamed other two restClient methods to createRestClient, as that instance needs to be closed and managed in the tests.
Original commit: elastic/x-pack-elasticsearch@3a9d6f6e90
We still have a wrapper called RestTestClient that is very specific to Rest tests, as well as RestTestResponse etc. but all the low level bits around http connections etc. are now handled by RestClient.
Original commit: elastic/x-pack-elasticsearch@304487ecc5
Removes handlers internal:cluster/node/index/deleted and internal:cluster/node/index_store/deleted that have been removed in core as part of elastic/elasticsearchelastic/elasticsearch#18602
Original commit: elastic/x-pack-elasticsearch@e040871e5a
This commit fixes the version compatability test by updating the version
to reflect the current version in core.
Original commit: elastic/x-pack-elasticsearch@0bb6dbc1c3
If a chained input was used, and inside of this a search input was
used, that hat dots in its field names somewhere (like when sorting
or using a compare condition), then storing this in the history failed.
The reason for this was the broken watch history template, that did not take
nested requests bodies into account and thus tried to create an index mapping
for requests that were inside of a chained input.
This commit fixes the watch history index template.
Closeselastic/elasticsearch#2338
Original commit: elastic/x-pack-elasticsearch@d9f48234d3
This is a companion commit to elastic/elasticsearchelastic/elasticsearch#18514, fixing issues introduced by adding dedicated master nodes to the test infra
Original commit: elastic/x-pack-elasticsearch@8c0571f2de
This changes the IndexAuditTrailTests to use the actual timestamp of the message being indexed to determine
the index name. Some build failures occurred due to running right at the change of an hour and the rollover was
set to hourly. So the message was indexed in one index and the test expected a different index.
Original commit: elastic/x-pack-elasticsearch@9dd5012a73
This allows the colspan/rowspan attr on td/tr as well as
border/cellpadding attrs on table elements.
Original commit: elastic/x-pack-elasticsearch@e0b989f0ac
This commit removes the code to auto generate a ssl certificate on startup and disables ssl
on the transport layer by default.
Original commit: elastic/x-pack-elasticsearch@1dc9b17842
This api now just redirects to search api. All the special percolator logic has been replaced by a query that uses the Lucene index. (no caching of queries upon loading shards)
So verifying these deprecated actions is no longer needed
Original commit: elastic/x-pack-elasticsearch@da6d66fcb4
This api now just redirects to search api. All the special percolator logic has been replaced by a query that uses the Lucene index. (no caching of queries upon loading shards)
So these special tests are no longer needed
Original commit: elastic/x-pack-elasticsearch@335d6554fb
This commit adds access to the reporting indices for the role that the Kibana server role has
access to. This needed so that the server can use the async queue. Additionally the kibana
server should have access to .kibana*
Closeselastic/elasticsearch#2323
Original commit: elastic/x-pack-elasticsearch@e930e9d872
There were two api with same name, depending on the platform one or the other was being loaded first, hence the xpack info tests may fail due to unsupported params being used.
Original commit: elastic/x-pack-elasticsearch@bd44eef3cc
Also,
- changed the anonymous username to `_anonymous` (used to be `__es_anonymous_user` which I found needlessly, overly, redundantly and not to mention unnecessarily complex 🤷)
- changed the system username and role name to `_system` (used to be `__es_system_user` and `__es_system_role`... it introduced gratuitous and totally un-called for naming complexity 🤦)
Closeselastic/elasticsearch#2079
Original commit: elastic/x-pack-elasticsearch@63b6de2bba
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#18496
Most of the changes here are related to javax.activation.
Original commit: elastic/x-pack-elasticsearch@2a47f94ab5
- if active, `file` realm size
- if active, `native` realm size
- if active, `ldap` realm size, whether SSL is used, load balance type used, user search used
- if active, `active_directory` realm size, whether SSL is used, load balance type used
`size` is scale estimation based on the local cache. Scales are: `small` (under 10 users), `medium` (under 50 users), `large` (under 250 users) and `x-large` (above 250 users).
Original commit: elastic/x-pack-elasticsearch@c6efb17aa4
- Each `XPackFeatureSet` can now return a `Usage` object that encapsulates the feature usage stats of the set
- A new `/_xpack/usage` REST API is introduced to access the usage stats of all features
- Intentionally not explicitly exposing the API in the `XPackClient` as this API is primarily meant for use by Kibana X-Pack (that said, it is still possible to call this API from the transport client using the `XPathUsageRequestBuilder`)
- For now the usage stats that are returned are minimal, once this infrastructure is in, we'll start adding more stats
Relates to elastic/elasticsearch#2210
Original commit: elastic/x-pack-elasticsearch@d651fe4b01
We check for an expected length but this is only valid if the address can be resolved and on some systems
127.0.0.1 may not map to a name.
Original commit: elastic/x-pack-elasticsearch@2f7c8da242
There is a race condition between the smoke tests that get run because of the teardown conditions of
REST tests. By splitting them, we can avoid the unrealistic scenario/race condition.
Original commit: elastic/x-pack-elasticsearch@f95ae0e595
This PR just drops the - in the existing REST API name by changing the base MonitoringRestHandler to extend
XPackRestHandler instead of BaseRestHandler directly, and using its URI_BASE.
Original commit: elastic/x-pack-elasticsearch@1bed2dba31
This commit fixes some test compilation issues due to upstream changes
in core that added I/O statistics on Linux.
Original commit: elastic/x-pack-elasticsearch@a0877aa0aa
The general use case is to provide only the {type} to the bulk and even that may not be specified. However,
by setting it up as
/_x-pack/monitoring/{type}/_bulk
/_x-pack/monitoring/{index}/{type}/_bulk
it fails to properly recognize the {type} parameter because the PathTrie that gets generated sees two wildcards
at the same location and the last one specified wins -- {index}. As a result, it's impossible to only set the
{type} without making the PathTrie logic convoluted for a niche use case (a list to try instead of a single path).
his fixes the issue by removing the completely unused option: you can no longer specify {index} outside of
individual bulk indexing operations. If we see a need to bring it back, then we can add it as an API param, but
that is an unusual place for the index field and I do not expect it to be needed that frequently.
Original commit: elastic/x-pack-elasticsearch@40d0d05404
Currently, license notification scheme treats no license (before trial license is auto-generated)
and a license tombstone in the cluster state in the same way. This caused a bug where licencees
were not notified of explicit license removal. Now, the notification scheme explicitly handles
license tombstone to notify the licensees and handles the case for no license in cluster state
as before.
Original commit: elastic/x-pack-elasticsearch@c90ec23398
- Introduced a `MISSING` operation mode
- now when the license is removed (and a tombstone license is placed), the licensees get notified with a `MISSING` license status
- the monitoring, security and watcher licensees were updated
Original commit: elastic/x-pack-elasticsearch@650d940666
Some changes in elastic/x-pack@d13557c517 change the testIgnoreTimestampedIndicesInOtherVersions method and it now sometime fails.
This commit revert the previous behavior of the test and ensures that at least 1 index is cleaned up/deleted in each test.
Original commit: elastic/x-pack-elasticsearch@3c6acb4ff8
This adds it so that a system can specify "_data" as the index to index into the
data index (without having to know its name). _Not_ supplying an index will use
the timestamped index. Any other index name (including wrong case) is invalid.
Original commit: elastic/x-pack-elasticsearch@6eeadfb3c8
With this commit we free all bytes reserved on the request circuit breaker.
Relates elastic/elasticsearchelastic/elasticsearch#18144
Original commit: elastic/x-pack-elasticsearch@3986436b8c
This changes the loose usage of onOrBefore to equals so that when we add beta1, this test fails
again.
Original commit: elastic/x-pack-elasticsearch@fe4f2cbdf0
This changes the security endpoints to _xpack/security, fixes the rest api spec to also use
the xpack.security prefix and adds documentation and tests.
Original commit: elastic/x-pack-elasticsearch@7977575f0e
This commit fixes an issue in HttpExporterTemplateTests caused by the
migration from Strings#splitStringToArray to String#split. Namely, the
previous would split a string like "/x/y/z/" into { "x", "y", "z" } but
the former will split this into { "", "x", "y", "z" }. This commit
modifies the test logic to respond to this change.
Original commit: elastic/x-pack-elasticsearch@c567b17180
This commit fixes an issue that was introduced in ObjectPath#evalContext
when refactoring from Strings#splitStringToArray to
String#split. Namely, the former would return an empty array when
receiving a null or empty string as input but the latter will NPE on a
null string and return an array containing the empty string on an empty
string input.
Original commit: elastic/x-pack-elasticsearch@2f509f9fa0
In order to move things from watcher to x-pack this created a notification module in x-pack.
This also means that the HTTPClient was moved up and settings have changed from
`xpack.watcher.http` to just `xpack.http`.
Further things done:
* Move http under o.e.xpack.common
* Moved secret service to o.e.xpack.common, initializing in XpackPlugin
* Moved text template to o.e.xpack.common.text
* Moved http client initialization into xpack plugin
* Renamed xpack.watcher.encrypt_sensitive_data setting, moved into Watch class
* Moved script service proxy to common
Original commit: elastic/x-pack-elasticsearch@41eb6e6946
With elastic/elasticsearchelastic/elasticsearch#7309 we enable HTTP compression by
default. However, this can pose a security risk for HTTPS
traffic (e.g. BREACH attack). Hence, we disable HTTP compression
by default again if HTTPS enabled (note that this still allows the
user to explicitly enable HTTP compression if they want to).
Relates elastic/elaticsearchelastic/elasticsearch#7309
Original commit: elastic/x-pack-elasticsearch@8da100c9a5
This refactors the org.elasticsearch.watcher over to
org.elasticsearch.xpack.watcher
This also adds all watcher actions to the KnownActionsTests,
as watcher actions had not been taken care of until here.
Original commit: elastic/x-pack-elasticsearch@a046dc7c6a
This commit adds the necessary changes to make SSL work on the transport layer by default. A large
portion of the SSL configuration/settings was re-worked with this change. Some notable highlights
include support for PEM cert/keys, reloadable SSL configuration, separate HTTP ssl configuration, and
separate LDAP configuration.
The following is a list of specific items addressed:
* `SSLSettings` renamed to `SSLConfiguration`
* `KeyConfig` and `TrustConfig` abstractions created. These hide the details of how `KeyManager[]` and `TrustManager[]` are loaded. These are also responsible for settings validation (ie keystore password is not null)
* Configuration fallback is changed. Previously any setting would fallback to the "global" value (`xpack.security.ssl.*`). Now a keystore path, key path, ca paths, or truststore path must be specified otherwise the configuration for that key/trust will fallback to the global configuration. In other words if you want to change part of a keystore or truststore in a profile you need to supply all the information. This could be considered breaking if a user relied on the old fallback
* JDK trusted certificates (`cacerts`) are trusted by default (breaking change). This can be disabled via a setting.
* We now monitor the SSL files for changes and enable dynamic reloading of the configuration. This will make it easier for users when they are getting set up with certificates so they do not need to restart every time. This can be disabled via a setting
* LDAP realms can now have their own SSL configurations
* HTTP can now have its own SSL configuration
* SSL is enabled by default on the transport layer only. Hostname verification is enabled as well. On startup if no global SSL settings are present and SSL is configured to be used, we auto generate one based on the default CA that is shipped. This process includes a best effort attempt to generate the subject alternative names.
* `xpack.security.ssl.hostname_verification` is deprecated in favor of `xpack.security.ssl.hostname_verification.enabled`
* added Bouncy Castle info to NOTICE
* consolidated NOTICE and LICENSE files
Closeselastic/elasticsearch#14Closeselastic/elasticsearch#34Closeselastic/elasticsearch#1483Closeselastic/elasticsearch#1933
Addresses security portion of elastic/elasticsearch#673
Original commit: elastic/x-pack-elasticsearch@7c359db90b
This commit makes a few modifications to the IndexAuditTrail class:
* Use `InternalAuditUser#is` to determine if the principal is the auditor when we have a user
and simply compare `InternalAuditUser#NAME` when only a string principal is available
* Remove the `Thread#setDaemon` call in the QueueConsumer as this thread should be terminated
as part of the shutdown of the node
In terms of tests, there are some issues and changes to how we test certain aspects. The muted tests
were not accurate since the tests immediately checked for the existence of an index and did not poll or
wait and this operation is asynchronous so the index could be created after the exists request was
executed. These tests were removed and a new class was added to test the muted behavior. In these
tests we override the audit trails implementation of a queue, which will set a flag to indicate a message
has been added to the queue. This is a synchronous operation so it can be checked immediately.
The other tests in the IndexAuditTrail tests remain but a few changes have been made to the execution.
* ensureYellow is called for the index we expect to be created before searching for documents
* the remote cluster is only setup at the beginning of the suite rather than before every test to ensure
quicker execution
* the maximum number of shards has been reduced to three since we do not really need up to 10 shards
for a single document
Original commit: elastic/x-pack-elasticsearch@501b6ce9da
This change adds the proper behavior for the standard license which is:
* authentication is enabled but only the reserved, native and file realms are available
* authorization is enabled
Features that are disabled:
* auditing
* ip filtering
* custom realms
* LDAP, Active Directory, PKI realms
See elastic/elasticsearch#1263
Original commit: elastic/x-pack-elasticsearch@920c045bf1
This commit removes duplicated code in the authentication service by combining
the authentication logic for rest and transport requests. As part of this we no longer
cache the authentication token since we put the user in the context and serialize the
user.
Additionally we now pass the thread context to the AuthenticationFailureHandler to
restore access to the headers and context.
Original commit: elastic/x-pack-elasticsearch@79e2375a13
In order to prevent shipping of RCs with the wrong license, this
smoke tester downloads the internal RC, installs x-pack and puts
a license in there.
if putting is successful, we can be sure, we got the right license.
Closeselastic/elasticsearch#2087
Original commit: elastic/x-pack-elasticsearch@021d228e29
build info
There are many other things that should be cleaned up around this (eg
XpackInfoResponse.BuildInfo should not exist, it is the exact same as
what XPackBuild has), but this change gets the build info output working
again.
closeselastic/elasticsearch#2116
Original commit: elastic/x-pack-elasticsearch@0730daf031
This mainly moves packages over to the x-pack directory and renames the settings
from `xpack.watcher.actions.` to `xpack.notification.`
Moved services include pagerduty, hipchat, slack and email.
Closeselastic/elasticsearch#1998
Original commit: elastic/x-pack-elasticsearch@40c16fe123
Updated okhttp and moved the jsr305 dependency into testing.
This required a minor change in tests using SSL, as otherwise
the security manager barfs, when the okhttp webserver tries
to load sun internal SSL based classes.
Original commit: elastic/x-pack-elasticsearch@77131589e0
The old implementation was to use properties at build-time. This however did not work,
as the tests could not be run in the IDE. This has been removed of monitoring for some
time already, but needs to be removed from watcher as well.
This commit uses static variables and refactors the code a bit. First, there is a generic
TemplateUtils class, to be used in monitoring and watcher. Also the watcher code has been changed
to copy the needed variables into the template registry class instead of keeping it in the
WatcherModule.
This commit also includes some refactoring to remove the version parameter in marvel, was static anyway
Closeselastic/elasticsearch#1372
Original commit: elastic/x-pack-elasticsearch@fbfc22ea09
- by default the response includes all info - build, license, features + human descriptions.
- you can still control the output using `categories` and `human` parameters
- Added docs to this API
Original commit: elastic/x-pack-elasticsearch@85115495ec
This avoids exceptional cases where node stats are not returned due to some concurrent modification.
Original commit: elastic/x-pack-elasticsearch@6f6b8ec393
Writeable#readFrom has become a method you just implement because
the interface requires it but the prefered way to actually do the
reading is a ctor that takes a StreamReader. readFrom just delegates
to the ctor. This removes readFrom entirely because it is not needed
anymore and is going away in core.
Relates to https://github.com/elastic/elasticsearch/issues/17085
Original commit: elastic/x-pack-elasticsearch@dd74db5ded
- introduced the "Feature Set" notion - graph, security, monitoring, watcher, these are all feature sets
- each feature set can be:
- `available` - indicates whether this feature set is available under the current license
- `enabled` - indicates whether this feature set is enabled (note that the feature set can be enabled, yet unavailable under the current license)
- while at it, cleaned up the main modules of watcher, security, monitoring and graph.
Original commit: elastic/x-pack-elasticsearch@5b3e19fe8c
From now on, if field level security and percolator is used then the percolator field needs to be included in the allowed fields.
Original commit: elastic/x-pack-elasticsearch@7d39b5caf6