Commit Graph

7262 Commits

Author SHA1 Message Date
Lisa Cawley 244cfa7181 [DOCS] Added link to TLS docker content (elastic/x-pack-elasticsearch#2959)
Original commit: elastic/x-pack-elasticsearch@686836c62c
2017-11-10 14:08:46 -08:00
Igor Motov 9b96c7eb33 SQL: clean unused classes and empty close() methods (elastic/x-pack-elasticsearch#2956)
relates elastic/x-pack-elasticsearch#2876

Original commit: elastic/x-pack-elasticsearch@c32c6a0058
2017-11-10 14:22:58 -05:00
Igor Motov 3c444c4719 SQL: Fix test when random JDK TZ doesn't exist in Joda (elastic/x-pack-elasticsearch#2903)
JodaTime timezone db can be out of date compared to that of the JDK which causes the JDBC Connection to fail when the randomized tests pick a timezone that's available in the JDK but not in Joda, like SystemV/PST8. This is happening because JdbcConnection configuration is using system default timezone and tries to pass it to Elasticsearch that is using joda. This commit, explicitly sets the time zone on JdbcConnection to a time zone randomly selected from a list of timezones that are known to both JDK and Joda.

relates elastic/x-pack-elasticsearch#2812

Original commit: elastic/x-pack-elasticsearch@b02e9794a8
2017-11-10 14:16:11 -05:00
Ryan Ernst 9a2ae4b7f2 Update security policy to use versionless codebase properties (elastic/x-pack-elasticsearch#2602)
This is the xpack side of
https://github.com/elastic/elasticsearch/pull/26756

Original commit: elastic/x-pack-elasticsearch@a219f5b6c0
2017-11-10 11:00:34 -08:00
Lisa Cawley d0f767a20a [DOCS] Move docker files to x-pack repo (elastic/x-pack-elasticsearch#2942)
Original commit: elastic/x-pack-elasticsearch@b4e518b178
2017-11-10 09:39:17 -08:00
Lisa Cawley fb769be92e [DOCS] Added TLS configuration info for Docker (elastic/x-pack-elasticsearch#2939)
* [DOCS] Add docker TLS configuration info

* [DOCS] Updated layout of TLS docker page

* [DOCS] Clean up docker TLS pages

* [DOCS] Changed nesting of TLS docker info

* [DOCS] More small updates to TLS docker page

Original commit: elastic/x-pack-elasticsearch@2b0504632a
2017-11-10 09:33:56 -08:00
David Roberts 742a052619 [ML] Account for the possibility of C++ log messages being UTF-16 (elastic/x-pack-elasticsearch#2952)
On Windows, log4cxx always writes to stderr in UTF-16, and we get the
logs from C++ to Java by redirecting stderr to our named pipe.  Hence
the log handler in Java needs to tolerate the log stream it's reading
being either UTF-16 (for Windows) or UTF-8 (for other platforms).

Fixes elastic/machine-learning-cpp#385

Original commit: elastic/x-pack-elasticsearch@89237d7125
2017-11-10 15:15:10 +00:00
Nik Everett b2285ae66e Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@b9d07ccd0f
2017-11-10 09:34:10 -05:00
Alexander Reelsen a90cd81f99 Docs: Fix broken watcher example using multi line strings
Original commit: elastic/x-pack-elasticsearch@7398be67c4
2017-11-10 10:06:47 +01:00
Tim Vernum 039cf42fdf Extend wait time to 20s in SecurityIntegTest
This kind of sucks, because we shouldn't have to wait that long for tests to run.
But they're failing CI with some regularity, and we rely on these integration tests.

Original commit: elastic/x-pack-elasticsearch@3f4acb2a32
2017-11-10 15:20:30 +11:00
lcawley b5cb814b32 [DOCS] Add security configuration section
Original commit: elastic/x-pack-elasticsearch@ccae9a84a9
2017-11-09 14:28:56 -08:00
Tal Levy 8c489b1a98 Prevent 7.x nodes from joining cluster with un-upgraded 6.x .security indices (elastic/x-pack-elasticsearch#2921) (elastic/x-pack-elasticsearch#2940)
This is a forward-port of elastic/x-pack-elasticsearch/pull/2921.

original commit message:

Before this commit, a cluster with security enabled and backed by
native-realm user permissions allowed rolled upgrades to clusters without
upgrading the `.security` index. This resulted in the newly established
6.0 cluster not able to register the native-realm users previously established
in the `.security` index. In order to fix this, one would have to rely on file-based
users to re-configure and upgrade the `.security` index. Since this state is easily
avoidable with an upgrade, this commit rejects the joining of upgraded nodes without
upgrading the security index beforehand.

modifications:

Test with 7.x vs 6.x nodes.

Original commit: elastic/x-pack-elasticsearch@56f81bfb20
2017-11-09 12:49:59 -08:00
Lisa Cawley 0c10d82f78 [DOCS] Added setup folder (elastic/x-pack-elasticsearch#2943)
Original commit: elastic/x-pack-elasticsearch@cc7027c7ec
2017-11-09 12:32:21 -08:00
jaymode 9d85f377c7 Test: update the branch logic for BWC tests
This commit updates the logic for determining which branch to use to make it consistent with the
logic in elasticsearch. This change means that testing BWC within the same major picks the correct
branch.

Original commit: elastic/x-pack-elasticsearch@2d75d15c41
2017-11-09 13:03:40 -07:00
Costin Leau 8f55a4192c Improve grammar so keywords have priority over identifiers
Original commit: elastic/x-pack-elasticsearch@8222e30060
2017-11-09 21:40:09 +02:00
Chris Earle efb5b8827b [Monitoring] Add Rolling Upgrade Tests (elastic/x-pack-elasticsearch#2832)
This adds a rolling upgrade test for X-Pack monitoring. It works by using the `_xpack/monitoring/_bulk` endpoint to send arbitrary data, then verify that it exists.

This forces a few things to happen, thereby testing the behavior: 

1. The templates must exist.
2. The elected master node must be "ready" to work (hence the first
point).
3. The same "system_api_version" is accepted by every version of ES.

Original commit: elastic/x-pack-elasticsearch@012e5738bb
2017-11-09 12:49:37 -05:00
Costin Leau af453a3fa4 Update docs structure
Original commit: elastic/x-pack-elasticsearch@78277df7fb
2017-11-09 18:45:49 +02:00
Costin Leau c48d2b14dc Define structure for docs and improve grammar
The keywords inside SqlBase are now sorted alphabetically - much easier
to read and update the docs

Original commit: elastic/x-pack-elasticsearch@5aa89c5950
2017-11-09 17:49:10 +02:00
Alexander Reelsen 4d265868b8 Docs: Improve watcher action condition docs (elastic/x-pack-elasticsearch#2909)
The action condition feature was carefully hidden in an example.
This commit creates an own paragraph to highlight this feature better.

Original commit: elastic/x-pack-elasticsearch@006318787b
2017-11-09 16:13:56 +01:00
Hendrik Muhs 2693c6a730 [ML] improve logging for autodetect crashes (elastic/x-pack-elasticsearch#2866)
Improving logging for unexpected autodetect termination (crash, oom). Output to the log pipe not conforming to the json log output format are treated as fatal error and logged, so that the crash as well as a proper error message if available gets logged.

Original commit: elastic/x-pack-elasticsearch@ae5d792d3f
2017-11-09 15:47:23 +01:00
David Roberts 142b59a4d5 [ML] Use the correct timeout for the process context lock (elastic/x-pack-elasticsearch#2935)
This change should have been made in elastic/x-pack-elasticsearch#2913.  Now we hold the process
context lock throughout the job close procedure, the timeout for trying
to lock it should be the timeout used for job open/close rather than the
timeout for connecting named pipes.

Original commit: elastic/x-pack-elasticsearch@79672b0825
2017-11-09 13:50:15 +00:00
Luca Cavanna 62b8e54247 Build: add aggs-matrix-stats to license mapping and ignore sha list (elastic/x-pack-elasticsearch#2932)
Original commit: elastic/x-pack-elasticsearch@d33a5b95bc
2017-11-09 11:32:36 +01:00
Jay Modi e29649a7bc Remove the xpack plugin's dependency on the tribe module (elastic/x-pack-elasticsearch#2901)
This change removes the xpack plugin's dependency on the tribe module, which is not a published
artifact. For the most part this just involves moving some test classes around, but for the
security and tribe integration the usage of constant settings was removed and replaced with the
string names. This is a bit unfortunate, but a test was added in a QA project that depends on tribe
that will alert us if a new setting is added that we need to be aware of.

relates elastic/x-pack-elasticsearch#2656

Original commit: elastic/x-pack-elasticsearch@649a8033e4
2017-11-08 12:39:02 -07:00
Albert Zaharovits 872f2558c9 Halt OpenLDAP fixture (elastic/x-pack-elasticsearch#2929)
Halt OpenLDAP fixture after :x-pack-elasticsearch:qa:openldap-tests:test

Currently the OpenLDAP vagrant fixture is not halted.
Reruning the test will fail because the new fixture instance will try to bind to
the same host ports. Project :x-pack-elasticsearch:qa:openldap-tests:test is
the only one using the OpenLDAP fixture from
:x-pack-elasticsearch:test:openldap-fixture.

relates elastic/x-pack-elasticsearch#2619

Original commit: elastic/x-pack-elasticsearch@bea2f81b76
2017-11-08 19:57:29 +02:00
jaymode 96d0a374a4 Test: fix check for security version after template updater change
This change fixes the check for the version of the security template after the template updater was
changed to only run on the master node in elastic/elasticsearch#27294. Additionally, the wait time
for the cluster to have a yellow status has been increased to account for delayed shards and slower
machines.

Original commit: elastic/x-pack-elasticsearch@a2e72bed12
2017-11-08 10:46:53 -07:00
Igor Motov 6e9c83a7b5 SQL: fix the security index name in audit tests
Original commit: elastic/x-pack-elasticsearch@1155d24e24
2017-11-08 12:12:16 -05:00
David Kyle cba4421a75 [ML] Fix streaming the process update request (elastic/x-pack-elasticsearch#2928)
Original commit: elastic/x-pack-elasticsearch@cf76c13a2b
2017-11-08 16:29:12 +00:00
Igor Motov a72879acb2 Merge remote-tracking branch 'elastic/master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@f3b4897936
2017-11-08 11:01:45 -05:00
Christoph Büscher 17ae4899c8 [Test] Change expected exception type after changes in core
Original commit: elastic/x-pack-elasticsearch@0ad2e06970
2017-11-08 12:54:54 +01:00
David Roberts 7b25e7d9ed [ML] Remove Watcher middleman from ML dependency on core (elastic/x-pack-elasticsearch#2926)
I imagine this needless indirection arose from accepting the wrong
IntelliJ suggestion for an import.

Original commit: elastic/x-pack-elasticsearch@54d7e854d3
2017-11-08 10:33:48 +00:00
Tim Vernum 59b453e1c8 [Security] Fix concrete security index name (elastic/x-pack-elasticsearch#2905)
The 5.6 Upgrade API will reindex .security to .security-6 and create a .security alias.
But the 6.0 default was to create a .security-v6 index and a .security alias if none existed (e.g. fresh x-pack install)

Having two different index names based on the method of install/upgrade complicates the code and testing, so we're unifying on the .security-6 index name that already exists in the wild.

Original commit: elastic/x-pack-elasticsearch@d78f569c5f
2017-11-08 10:22:42 +11:00
Luca Cavanna 753a8d6a6d Build: Run assemble automatically before running cli from gradle (elastic/x-pack-elasticsearch#2918)
Original commit: elastic/x-pack-elasticsearch@43f7396764
2017-11-07 20:51:07 +01:00
Igor Motov 330fdc19c3 SQL: Upgrade JDBC CSV library (elastic/x-pack-elasticsearch#2907)
Upgrades JDBC CSV library to v1.0.34. This version contains a fix for autodetection of column types, which was broken before in tr-TR locale.

relates elastic/x-pack-elasticsearch#2813

Original commit: elastic/x-pack-elasticsearch@a9b94d2969
2017-11-07 11:11:43 -05:00
David Roberts 027f64b221 [ML] Fix a race condition simultaneous close requests are made for a job (elastic/x-pack-elasticsearch#2913)
When simultaneous close requests were made for the same job it was possible
that one of the requests would inappropriately log error messages about the
job having failed.  This change prevents that problem, whilst continuing to
adhere to the requirement that close requests for already closing jobs do not
return until the close request that is doing the work completes.

relates elastic/x-pack-elasticsearch#2912

Original commit: elastic/x-pack-elasticsearch@513b7fa1d6
2017-11-07 14:30:59 +00:00
Tim Vernum 8e5855e62e Allow XPack user read-only access to index audit log (elastic/x-pack-elasticsearch#2906)
The default internal XPack user no longer has access to the security index, but it should have read-only access to the audit log so that watches can be triggered based on audit events (but cannot write audit records)

Original commit: elastic/x-pack-elasticsearch@5c37720dad
2017-11-07 19:31:24 +11:00
lcawley 7fe8bf3080 [DOCS] Fixed broken link to Logstash monitoring
Original commit: elastic/x-pack-elasticsearch@1f64dd6637
2017-11-06 22:45:24 -08:00
Igor Motov de33803d85 Merge remote-tracking branch 'elastic/master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@bfdbc2bb75
2017-11-06 18:51:23 -05:00
Jay Modi be773363c9 Do not fail requests on exceptions from native roles store (elastic/x-pack-elasticsearch#2857)
This commit changes the handling of exceptions when retrieving roles from the native roles store.
Previously, exceptions would have caused the request to terminate and the exception would be
sent back to the user. This makes for a bad experience when a cluster hasn't been upgraded to the
latest index format and anonymous access is enabled with a native role as all requests without
preemptive basic authentication would result in an exception. The change here is to allow the
request to continue processing. Once the security index is up to date, the roles cache is cleared
so that the native roles can be picked up.

relates elastic/x-pack-elasticsearch#2686

Original commit: elastic/x-pack-elasticsearch@ef5149140f
2017-11-06 10:27:56 -07:00
Simon Willnauer 457c49c332 Apply Renames from split shards (elastic/x-pack-elasticsearch#2716)
XPack side of elastic/elasticsearch#26931

Original commit: elastic/x-pack-elasticsearch@6e7c3d4242
2017-11-06 11:38:21 +01:00
Tim Vernum dd3a800745 Fix ASN.1 encoding of "cn" OtherName in CertGen/CertUtil (elastic/x-pack-elasticsearch#2858)
Certgen was generating "other name" SANs without the explicit [0] tag that is required.
This was masked by the fact that the JRE X.509 classes always wrap the "other name" name-value in a [0] tag  (even if it already has one)

Also switched to a UTF8 String from an IA5 string to match the configuration being used for testing in openssl.

Original commit: elastic/x-pack-elasticsearch@1b87964ec7
2017-11-06 10:04:17 +11:00
Nik Everett a211077554 Switch JDBC metadata to indicate all columns nullable (elastic/x-pack-elasticsearch#2835)
We were returning "nullability unknown" but in Elasticsearch all columns
are nullable.

Original commit: elastic/x-pack-elasticsearch@6ceae418ea
2017-11-04 23:28:49 +00:00
Nik Everett 00d30285e1 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@33905ed7be
2017-11-04 19:12:40 -04:00
Nik Everett 6ce140cf0f SQL: Make schema optional in RowSet (elastic/x-pack-elasticsearch#2834)
This prevents us from having to hack a fake schema together on the
second (and third and fourth, etc) page of results.

Original commit: elastic/x-pack-elasticsearch@7ba3119daa
2017-11-04 22:52:13 +00:00
David Roberts 7b36046f33 Use TestEnvironment factory method to create test Environment objects (elastic/x-pack-elasticsearch#2860)
This is the X-Pack side of elastic/elasticsearch#27235.  To force people
who construct an Environment object in production code to think about the
correct setting of configPath there is no longer a single argument
constructor in the Environment class.  Instead there is a factory method
in the test framework to replace it.  Having this in the test framework
ensures that there is no way to use it in production code.

Original commit: elastic/x-pack-elasticsearch@4860e92d90
2017-11-04 13:25:56 +00:00
Nik Everett 49b295296e SQL: Fail on trailing test specs (elastic/x-pack-elasticsearch#2836)
If you wrote a test at the end of one of SQL's test spec files that was
just a name without a body then the parser would throw the test away.
Now it fails to intiaize the class with an error message telling you
which file is broken.

Original commit: elastic/x-pack-elasticsearch@023a942ca3
2017-11-04 13:17:49 +00:00
Nik Everett 44dc98385a SQL: Reuse a registry meant to be shared (elastic/x-pack-elasticsearch#2838)
The CLI and JDBC were meant to share the same named xcontent registry
but the cli action didn't reuse it by mistake.

Original commit: elastic/x-pack-elasticsearch@6c9af5a22a
2017-11-04 13:10:35 +00:00
Nik Everett d96317fbca SQL: fix known actions test after action move
Original commit: elastic/x-pack-elasticsearch@a44932a25a
2017-11-03 21:58:09 -04:00
Nik Everett 1bf1521b37 SQL: Remove a package (elastic/x-pack-elasticsearch#2837)
Collapses a package into its parent package because they only contain a
single class together. No need for two layers.

Original commit: elastic/x-pack-elasticsearch@c947e57952
2017-11-04 01:54:21 +00:00
Nik Everett 68779a81e4 SQL: Remove now unused class (elastic/x-pack-elasticsearch#2839)
The `AbstractSqlServer` class was used when SQL's CLI and JDBC were
transport actions. They are REST layer concepts now and it is unused so
it should go.

Original commit: elastic/x-pack-elasticsearch@25ec699564
2017-11-04 00:01:15 +00:00
Nik Everett 41284cae93 SQL: Fix the name of the indices lookup action (elastic/x-pack-elasticsearch#2840)
Fix the name of the action the SQL uses to lookup index information from
the cluster state. The old name was silly.

Original commit: elastic/x-pack-elasticsearch@805fb29662
2017-11-03 23:37:22 +00:00