Commit Graph

3749 Commits

Author SHA1 Message Date
Tanguy Leroux d3dff6659b Returns empty set of filters in MonitoringIndexNameResolver and fix tests
Original commit: elastic/x-pack-elasticsearch@e901347de9
2016-08-30 10:10:08 +02:00
Tanguy Leroux 203ad03d26 Use sets of String in XContentBuilders
With elastic/elasticsearchelastic/elasticsearch#19865 the XContentBuilder has changed to support both inclusive and exclusive filters and now uses Set<String> instead of arrays of Strings. This change updates the various places in x-plugins where string arrays were used.

Original commit: elastic/x-pack-elasticsearch@1f8d4485f4
2016-08-30 09:08:49 +02:00
Nik Everett 8f22eaf1b7 Security: Add tests for indexes created in 2.x (elastic/elasticsearch#3203)
The actual backwards compatibility support is handled by core's ability to downgrade `keyword` and `text` into `string` for indexes created in 2.x.

Original commit: elastic/x-pack-elasticsearch@6b615d9a45
2016-08-29 12:00:19 -04:00
Yannick Welsch cdc41f6082 Add recovery source to ShardRouting
Relates to elastic/elasticsearchelastic/elasticsearch#19516

Original commit: elastic/x-pack-elasticsearch@051fb25bfc
2016-08-27 15:19:49 +02:00
jaymode 40c2672f12 test: remove the version compatibility tests
The x-plugins version is now kept in sync with the elasticsearch version and the
VersionCompatibilityTests just adds noise when updating versions.

Closes elastic/elasticsearch#3079
See elastic/elasticsearch#3212

Original commit: elastic/x-pack-elasticsearch@5998aa2ec0
2016-08-26 13:52:35 -04:00
jaymode e07ae87cf4 security: do not allow security APIs to execute when unlicensed
Although most of the security functionality was disabled when a basic license was applied,
some of the functionality still could be executed such as using the authenticate API or using
a transport client. The issue here is the UI calls the authenticate API and this gives the impression
that security is really in use when it is not.

Original commit: elastic/x-pack-elasticsearch@881453fc4c
2016-08-26 13:46:56 -04:00
Nik Everett 9c2b3d79ad Fix bulk update tests
It was relying on fields extracting fields from the source but it
doesn't do that any more.

Original commit: elastic/x-pack-elasticsearch@23b534c068
2016-08-26 12:52:06 -04:00
Tyler Smalley 7c231a1edc Merge pull request elastic/elasticsearch#3192 from elastic/3132-node-6
Upgrade to Node 6.4.0

Original commit: elastic/x-pack-elasticsearch@e1101ed947
2016-08-25 13:53:11 -07:00
Mike McCandless ab074da873 Don't illegally reuse scorer in this test
Closes elastic/elasticsearch#3216

Original commit: elastic/x-pack-elasticsearch@63654c5585
2016-08-25 11:42:48 -04:00
Court Ewing 6d361d0097 Merge pull request elastic/elasticsearch#3215 from epixa/fix-kibanalinting
monitoring-ui: fix outstanding linting errors

Original commit: elastic/x-pack-elasticsearch@c7c459937e
2016-08-25 11:10:02 -04:00
jaymode 098e61fbc1 security: remove the realtime request interceptor
The realtime request interceptor was added to stop realtime requests from bypassing DLS
or FLS as the request could read a document from the translog. After
elastic/elasticsearchelastic/elasticsearch#20102 we no longer read documents from the translog so we can
allow realtime requests even when DLS or FLS is enabled.

Original commit: elastic/x-pack-elasticsearch@069b501500
2016-08-25 10:22:46 -04:00
jaymode dfdf77c536 security: upgrade to bouncy castle 1.55
Bouncy castle 1.55 was released earlier today and this commit updates the version
we use to 1.55.

Original commit: elastic/x-pack-elasticsearch@95e002431b
2016-08-25 09:41:12 -04:00
Lukas Olson a02114729f Merge pull request elastic/elasticsearch#3172 from w33ble/shield-api-route-tags
Check route tags for apis, don't redirect

Original commit: elastic/x-pack-elasticsearch@5414e126bf
2016-08-23 18:02:46 -07:00
jaymode 26c1da4230 security: roles.yml is empty and add built in monitoring users
This change removes all default roles from the roles.yml file that is distributed with xpack and
adds built in roles for monitoring users and remote monitoring agents.

Closes elastic/elasticsearch#3122

Original commit: elastic/x-pack-elasticsearch@b04508bd56
2016-08-23 15:11:28 -04:00
jaymode 334aa94946 security: simplify lookup of files inside the config dir
This commit simplifies the code used for resolving the files used for security to always
resolve against the `config` file. Elasticsearch no longer offers a way to disable the security
manager, so the files read by x-pack should not really be configurable and only exist in their
default locations since that is what can be read by the process.

As part of this, the documentation was updated to indicate that these files should always be in
the default location and the settings to change the locations have been removed. Also, a bug
was fixed in a few places where settings were still using `shield.` instead of `xpack.security.`.
Finally, some outdated and unused files were deleted from the repository.

Closes elastic/elasticsearch#305

Original commit: elastic/x-pack-elasticsearch@3884f080a0
2016-08-23 14:54:18 -04:00
Ryan Ernst 1aa72336a0 Merge pull request elastic/elasticsearch#3191 from rjernst/api_jar
Build: Add api jar and client jar for xpack

Original commit: elastic/x-pack-elasticsearch@7743f43e23
2016-08-23 11:51:05 -07:00
jaymode 7536acdc9f security: cleanup logging and other minor enhancements/fixes
This change cleans up some of the log messages and levels that could now be considered misleading.

While performing these cleanups, the following was done:

* remove creation of dummy user for gradle run as we have the `elastic` user
* Request interceptors are not bound if field and document level security is disabled
* FLS/DLS interceptors skip execution if document and field level security is disabled by the license state
* The roles store that loaded the role is logged at the TRACE level
* The TransportXPackUsageAction was using the incorrect action name when registering a handler

Closes elastic/elasticsearch#2096
Closes elastic/elasticsearch#1861
Closes elastic/elasticsearch#2229
See elastic/elasticsearch#1879

Original commit: elastic/x-pack-elasticsearch@ac16b21c0c
2016-08-23 14:35:23 -04:00
jaymode 507196dca5 security: allow superusers access to the security index
This change allows users with the superuser role to access the security index. We previously allowed
the XPackUser to access this with the intent that the XPackUser was also the `elastic` user. When the
`elastic` user was split out into the ElasticUser, we did not update the check to allow this user access
to the security index.

Original commit: elastic/x-pack-elasticsearch@fa556d9845
2016-08-23 14:24:43 -04:00
jaymode 9c76211393 security: do not use hidden filenames when generating certs
This commit changes how we get the file and directory name for certificates in the tool. The
tool now prompts the user for the filename. If the provided instance name will result in a
valid filename, this is provided as a default. Otherwise the user must provide a valid
filename.

Closes elastic/elasticsearch#2854

Original commit: elastic/x-pack-elasticsearch@3c923d736b
2016-08-23 14:11:04 -04:00
Jack Conradson feefd070ef Make Painless the default scripting language.
Closes elastic/elasticsearch#3124

Original commit: elastic/x-pack-elasticsearch@7e458c07a6
2016-08-22 17:41:18 -07:00
Ryan Ernst f28f77f73c Build: Add api jar and client jar for xpack
This adds back (again) building a transport client plugin jar for
x-pack, and also adds producing an "api" jar which extension authors can
build against. For now, both these jars are exactly the same, but
eventually they could differ, and be reduced to less than the real
x-pack jar.

see elastic/stackelastic/elasticsearch#7

Original commit: elastic/x-pack-elasticsearch@0a989de18b
2016-08-22 15:40:46 -07:00
Jonathan Budzenski 5936e8da29 Merge pull request elastic/elasticsearch#2949 from jbudz/issues/2566
monitoring ui:  concat metric descriptions, display in tooltip

Original commit: elastic/x-pack-elasticsearch@6a4bfee04d
2016-08-22 13:52:40 -05:00
Jonathan Budzenski 8a96d38b98 Merge pull request elastic/elasticsearch#2950 from jbudz/metric-descriptions
monitoring ui: metric descriptions

Original commit: elastic/x-pack-elasticsearch@16334e9d8f
2016-08-22 13:51:29 -05:00
Areek Zillur e28c2a8c94 Merge pull request elastic/elasticsearch#3178 from areek/fix/3177
Fix license expiry logging

Original commit: elastic/x-pack-elasticsearch@29d9f90af2
2016-08-22 13:16:05 -04:00
Areek Zillur 87eb69fdc6 Fix license expiry logging
Original commit: elastic/x-pack-elasticsearch@51580eaba7
2016-08-22 12:20:21 -04:00
Clinton Gormley e8e2522426 Merge pull request elastic/elasticsearch#3159 from elastic/version_annotations
Remove old version annotations in X-Pack docs

Original commit: elastic/x-pack-elasticsearch@9f710921f1
2016-08-22 14:17:22 +02:00
Martijn van Groningen f10fbeeb70 watcher: remove WatchScript class
Original commit: elastic/x-pack-elasticsearch@fb2f9a28f1
2016-08-22 09:39:13 +02:00
Ryan Ernst 8ae939fec7 Remove client jar
This reverts building a separate client jar for xpack. It is not
necessary because we already build x-pack as a jar and publish to
elastic maven, since extension authors need that.

Original commit: elastic/x-pack-elasticsearch@2fab06b42c
2016-08-19 16:17:54 -07:00
Shaunak Kashyap 3d04f3e78e Merge pull request elastic/elasticsearch#3138 from ycombinator/bug/gh-3129
Remove dependency on a Security service from Reporting

Original commit: elastic/x-pack-elasticsearch@73c34b5eba
2016-08-19 11:49:26 -07:00
Ryan Ernst 9586e68470 Merge pull request elastic/elasticsearch#3165 from rjernst/client_jar
Build: Enable x-pack to build a transport client plugin jar

Original commit: elastic/x-pack-elasticsearch@a36305d736
2016-08-19 09:29:47 -07:00
Ryan Ernst aa4fad9009 Build: Enable x-pack to build a transport client plugin jar
Original commit: elastic/x-pack-elasticsearch@f42f7a1cd2
2016-08-19 09:15:54 -07:00
Martijn van Groningen 64eec5afb3 security: Prohibit the use of `terms` query with lookup, `geo_shape` with indexed shapes, `has_child`, `has_parent` and `percolator` query inside DLS role query.
Closes elastic/elasticsearch#3145
Closes elastic/elasticsearch#613

Original commit: elastic/x-pack-elasticsearch@5962089b6c
2016-08-19 16:59:36 +02:00
Tanguy Leroux 30eab329a1 Muted HipChatServiceTests
These tests failed regularly. It seems that the user_account authentification token is not accepted anymore by the HipChat service that respond with a 401 HTTP code.

    See https://github.com/elastic/x-plugins/issues/3162

Original commit: elastic/x-pack-elasticsearch@793ad494d3
2016-08-19 16:48:44 +02:00
Tanguy Leroux 56be936ace Watcher: Use search template in Search Input/Transform REST tests
These tests would have caught the regression (introduced in elastic/x-pack@95a29c6a42 and fixed by elastic/x-pack@9b834b5f50) that cause search template to have "groovy" lang by default instead of "mustache"

Original commit: elastic/x-pack-elasticsearch@e27e5ae821
2016-08-19 09:30:24 +02:00
CJ Cenizal 4843e0248e Merge pull request elastic/elasticsearch#2931 from cjcenizal/7467/app-switcher-link-collapsible-nav
Update nav_control to work with collapsible side nav.

Original commit: elastic/x-pack-elasticsearch@eaa9d7a097
2016-08-18 12:52:40 -07:00
Ryan Ernst f92b576661 Merge pull request elastic/elasticsearch#3142 from rjernst/deguice20
Remove SecurityTransportModule

Original commit: elastic/x-pack-elasticsearch@e609503c7b
2016-08-18 08:03:31 -07:00
Ryan Ernst 9da4d827c1 Rename transport service method to clarify a user is always used, but
not necessarily the system user

Original commit: elastic/x-pack-elasticsearch@0357d3718d
2016-08-18 08:03:31 -07:00
Tanguy Leroux 5b2c7dd503 Fix watrcher script parsing tests
closes elastic/elasticsearch#3135, elastic/elasticsearch#3134, elastic/elasticsearch#3136

Original commit: elastic/x-pack-elasticsearch@a1b0402be4
2016-08-18 10:06:05 +02:00
Ryan Ernst 49ac29f2e3 Remove SecurityTransportModule
SecurityTransportModule handled binding two things in guice. First, IPFilter,
for which createComponents already had the necessary dependencies. The
second was ClientTransportFilter. For transport clients, this was a
noop and could be removed. For nodes, this just attaches the system
user, which could be done directly from SecurityServerTransportService.

Original commit: elastic/x-pack-elasticsearch@da327de476
2016-08-18 00:09:31 -07:00
Chris Earle 572869087d Change use of generics in test
Original commit: elastic/x-pack-elasticsearch@39473681b2
2016-08-17 15:50:20 -04:00
Chris Earle c16860e901 Fix Watcher REST test
Original commit: elastic/x-pack-elasticsearch@7cb5b08948
2016-08-17 15:35:18 -04:00
Jason Tedor 76319495b6 Mark failing Watcher REST test as awaits fix
This commit marks a failing Watcher REST test with seed 97AAFD9CA37864EE
as awaits fix.

Original commit: elastic/x-pack-elasticsearch@5e19f0169c
2016-08-17 15:13:26 -04:00
jaymode 934b69b0c6 test: use valid names to prevent false test failures
In some cases, the random ascii value could match a forbidden name, which will cause this
test to fail as it expects valid names. This changes ensures the names are valid.

Original commit: elastic/x-pack-elasticsearch@c79f8fc4cc
2016-08-17 14:31:17 -04:00
Jason Tedor de4851329d Mark WUT#testDeserializeSearchRequests awaits fix
This commit marks WatcherUtilsTests#testDeserializeSearchRequest which
is failing with seed 2203D3AD59DB5223 as awaits fix.

Original commit: elastic/x-pack-elasticsearch@4b6cbe544b
2016-08-17 13:43:12 -04:00
Jason Tedor ca896d2dca Mark STT#testParser as awaits fix
This commit marks SearchTransformTests#testParser which is failing with
seed 97BC9E2543410D55 as awaits fix.

Original commit: elastic/x-pack-elasticsearch@3d69e9648c
2016-08-17 13:13:10 -04:00
Jason Tedor bed5cc5882 Mark WUT#testSerializeSearchRequest as awaits fix
This commit marks WatcherUtilsTests#testSerializeSearchRequest which is
failing with seed 97BC9E2543410D55 as awaits fix.

Original commit: elastic/x-pack-elasticsearch@45a174c1f2
2016-08-17 13:10:42 -04:00
Tanguy Leroux c2dbd5ed4a Watcher: Use Mustache as default search template lang
With the latest clean ups and changes in Watcher, the default search template lang has been switched to WatcherScript.DEFAULT_LANG which points to "groovy" but it should be "mustache" instead.

Original commit: elastic/x-pack-elasticsearch@1d9ef1963e
2016-08-17 18:16:30 +02:00
Chris Earle 53d022a20a [Watcher] Add Condition to Action
This adds a "condition" to every action (via the ActionWrapper) that prevents execution of the action if the condition fails. An action-level condition is only useful when there is more than one action, but nothing checks to ensure that it's only used in that scenario.

Original commit: elastic/x-pack-elasticsearch@704cfb1a86
2016-08-17 11:45:43 -04:00
Martijn van Groningen 101d791ec4 move test to the right package
Original commit: elastic/x-pack-elasticsearch@0693b8657d
2016-08-17 10:40:26 +02:00
Martijn van Groningen f291f292bf watcher: Watcher search templates shouldn't serialize SearchSourceBuilder to a string, template that and turn it back into a SearchSourceBuilder
Instead watcher search template should be agnostic of SearchSourceBuilder and just work with BytesReference, so that serializing to a string before templating isn't needed.

Original commit: elastic/x-pack-elasticsearch@36d21ec819
2016-08-17 09:52:07 +02:00