458 Commits

Author SHA1 Message Date
Lisa Cawley
7e97f17845 [DOCS] Add SLM security privileges (#62737) 2020-09-22 08:44:18 -07:00
James Rodewig
c0e611e0a7
[DOCS] Fix typo: NamedID -> NameID (#62721) (#62767)
Co-authored-by: Greg Back <1045796+gtback@users.noreply.github.com>
2020-09-22 10:30:35 -04:00
Jake Landis
5b7246157f
[7.x] Fix projects that failed to build within Intellij (#62258) (#62408)
This commit address some build failures from the perspective of Intellij.
These changes include:
* changing an order of a dependency definition that seems to can cause Intellij build to fail.
* introduction of an abstract class out of the test source set (seems to be an issue sharing 
  classes cross projects with non-standard source sets. 
* a couple of missing dependency definitions (not sure how the command line worked prior to this)
2020-09-17 17:45:12 -05:00
Tim Vernum
ab427534f7 [DOCS] Add warning about derived API keys to docs (#62351) 2020-09-17 13:46:25 -07:00
Adam Locke
db9dd9f7e1
[DOCS] Updating CCR setup to be more tutorial focused (#62256) (#62499)
* Applying some initial changes.

* Updating intro and screenshots.

* Removing unnecessary links, streamlining content, and adding GIF.

* Adding what's next section.

* Removing what's next.

* Minor edits.

* Apply suggestions from code review

Co-authored-by: debadair <debadair@elastic.co>

* Incorporating review feedback.

* Moving CCR user privileges to another page, plus more edits.

* Apply suggestions from code review

Co-authored-by: debadair <debadair@elastic.co>

* Incorporating more review feedback.

* Adding TESTSETUP to fix build errors.

* Update docs/reference/ccr/getting-started.asciidoc

Co-authored-by: debadair <debadair@elastic.co>

* Swapping GIF for mp4 hosted on web team CMS.

* Removing GIF in favor of mp4.

Co-authored-by: debadair <debadair@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Co-authored-by: debadair <debadair@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2020-09-17 09:50:21 -04:00
James Rodewig
6394629b99
[DOCS] Document toJSON function for role query (#62257) (#62462) 2020-09-16 10:38:56 -04:00
Adam Locke
a8e3796d96
[DOCS] Adding link from SAML docs to ADFS blog. (#62006) (#62232) 2020-09-10 11:15:15 -04:00
Adam Locke
8f27e9fa28
[DOCS] [7.8] Clarify HTTPS usage for create key API (#60858) (#62098)
* Update create-api-keys.asciidoc

* Adding note to create API keys for https

* Adding note for enabling TLS

* Add specific setting for ssl.enabled

* Incorporating review feedback
2020-09-08 10:23:43 -04:00
Ioannis Kakavas
aac9eb6b64
Kerberos doc kibana link (#61466) (#61619)
Add a note in Kerberos documentation that Kibana requires a
configuration change too, and link to that documentation page.
2020-08-27 12:42:52 +03:00
James Rodewig
2b852388c5
[DOCS] Fix hyphenation for "time series" (#61472) (#61481) 2020-08-24 11:18:07 -04:00
Yang Wang
cd52233b94
Include authentication type for the authenticate response (#61247) (#61411)
Add a new "authentication_type" field to the response of "GET _security/_authenticate".
2020-08-21 22:59:43 +10:00
James Rodewig
60876a0e32
[DOCS] Replace Wikipedia links with attribute (#61171) (#61209) 2020-08-17 11:27:04 -04:00
James Rodewig
929f1cc9f9
[DOCS] Remove search request body page (#60972) (#60977) 2020-08-11 13:04:07 -04:00
James Rodewig
ff4ea4720a
[DOCS] Update example data stream names (#60783) (#60820)
Uses `my-data-stream` in place of `logs` for data stream examples.
This provides a more intuitive experience for users that copy/paste
their own values into snippets.
2020-08-06 09:38:35 -04:00
James Rodewig
029869eb35
[DOCS] Fix metadata field refs (#60764) (#60769) 2020-08-05 14:04:55 -04:00
Lisa Cawley
9425de8dd1
[DOCS] Clarify support for run as in OIDC realms (#60246) (#60485) 2020-07-30 13:39:41 -07:00
James Rodewig
8edae3cd15
[DOCS] Update pre-existing data stream refs (#60289) (#60293) 2020-07-28 13:51:43 -04:00
James Rodewig
aba785cb6e
[DOCS] Update my-index examples (#60132) (#60248)
Changes the following example index names to `my-index-000001` for consistency:

* `my-index`
* `my_index`
* `myindex`
2020-07-27 15:58:26 -04:00
Dan Hermann
88e8f691af
Update index privileges doc to include data streams (#59139) (#60169) 2020-07-24 07:52:36 -05:00
Lisa Cawley
2665bfffce
[DOCS] Fix security links in machine learning APIs (#60098) (#60152) 2020-07-23 16:43:10 -07:00
Albert Zaharovits
2eaf5e1c25
[DOCS] Mapping updates are deprecated for ingestion privileges (#60024)
This PR contains the deprecation notice that `create`, `create_doc`, `index` and
`write` ingest privileges do not permit mapping updates in version 8. It also
updates the docs description of said privileges. 

This should've been part of #58784
2020-07-23 19:49:23 +03:00
James Rodewig
988e8c8fc6
[DOCS] Swap [float] for [discrete] (#60134)
Changes instances of `[float]` in our docs for `[discrete]`.

Asciidoctor prefers the `[discrete]` tag for floating headings:
https://asciidoctor.org/docs/asciidoc-asciidoctor-diffs/#blocks
2020-07-23 12:42:33 -04:00
Albert Zaharovits
3ad3a7d268 DOCS audit attributes for API Key authn (#60033)
This PR describes the new audit entry attributes api_key.id,
api_key.name and authentication.type, as well as the meaning of
existing attributes when authentication is performed using API keys.

This should've been part of #58928
2020-07-23 15:51:40 +03:00
James Rodewig
74a34777d1
[DOCS] Fix outdated Kibana UI refs and screenshots in security docs (#60023) (#60059) 2020-07-22 13:08:22 -04:00
James Rodewig
401e12dc2b
[DOCS] Fix data stream docs (#59818) (#60010) 2020-07-21 17:04:13 -04:00
James Rodewig
b302b09b85
[DOCS] Reformat snippets to use two-space indents (#59973) (#59994) 2020-07-21 15:49:58 -04:00
James Rodewig
4d646ca819
[DOCS] Fix typo in LDAP config docs (#59953) (#59974)
Co-authored-by: AndyHunt66 <andrew.hunt@elastic.co>
2020-07-21 10:48:08 -04:00
James Rodewig
e5baacbe2e
[DOCS] Simplify index template snippets for data streams (#59533) (#59553)
Removes the `@timestamp` field mapping from several data stream index
template snippets.

With #59317, the `@timestamp` field defaults to a `date` field data type
for data streams.
2020-07-14 17:28:43 -04:00
Dan Hermann
59f639a279
Add auto_configure privilege 2020-07-14 08:23:49 -05:00
Yang Wang
f651487d74
Support prefix search for API key names (#59113) (#59520)
This PR adds minimum support for prefix search of API Key name. It only touches API key name and leave all other query parameters, e.g. realm name, username unchanged.
2020-07-14 22:06:20 +10:00
Andrei Dan
7dcdaeae49
Default to @timestamp in composable template datastream definition (#59317) (#59516)
This makes the data_stream timestamp field specification optional when
defining a composable template.
When there isn't one specified it will default to `@timestamp`.

(cherry picked from commit 5609353c5d164e15a636c22019c9c17fa98aac30)
Signed-off-by: Andrei Dan <andrei.dan@elastic.co>
2020-07-14 12:36:54 +01:00
Lisa Cawley
54483394ae
[DOCS] Clarify subscription requirements (#58958) (#59307) 2020-07-09 12:24:45 -07:00
James Rodewig
838f717e5f
[DOCS] Add data streams to security docs (#59084) (#59237) 2020-07-08 12:53:56 -04:00
Jake Landis
604c6dd528
7.x - Create plugin for yamlTest task (#56841) (#59090)
This commit creates a new Gradle plugin to provide a separate task name
and source set for running YAML based REST tests. The only project
converted to use the new plugin in this PR is distribution/archives/integ-test-zip.
For which the testing has been moved to :rest-api-spec since it makes the most
sense and it avoids a small but awkward change to the distribution plugin.

The remaining cases in modules, plugins, and x-pack will be handled in followups.

This plugin is distinctly different from the plugin introduced in #55896 since
the YAML REST tests are intended to be black box tests over HTTP. As such they
should not (by default) have access to the classpath for that which they are testing.

The YAML based REST tests will be moved to separate source sets (yamlRestTest).
The which source is the target for the test resources is dependent on if this
new plugin is applied. If it is not applied, it will default to the test source
set.

Further, this introduces a breaking change for plugin developers that
use the YAML testing framework. They will now need to either use the new source set
and matching task, or configure the rest resources to use the old "test" source set that
matches the old integTest task. (The former should be preferred).

As part of this change (which is also breaking for plugin developers) the
rest resources plugin has been removed from the build plugin and now requires
either explicit application or application via the new YAML REST test plugin.

Plugin developers should be able to fix the breaking changes to the YAML tests
by adding apply plugin: 'elasticsearch.yaml-rest-test' and moving the YAML tests
under a yamlRestTest folder (instead of test)
2020-07-06 14:16:26 -05:00
Yang Wang
a9151db735
Map only specific type of OIDC Claims (#58524) (#59043)
This commit changes our behavior in 2 ways:

- When mapping claims to user properties ( principal, email, groups,
name), we only handle string and array of string type. Previously
we would fail to recognize an array of other types and that would
cause failures when trying to cast to String.
- When adding unmapped claims to the user metadata, we only handle
string, number, boolean and arrays of these. Previously, we would
fail to recognize an array of other types and that would cause
failures when attempting to process role mappings.

For user properties that are inherently single valued, like
principal(username) we continue to support arrays of strings where
we select the first one in case this is being depended on by users
but we plan on removing this leniency in the next major release.

Co-authored-by: Ioannis Kakavas <ioannis@elastic.co>
2020-07-06 11:36:41 +10:00
Lisa Cawley
5c19464a2f [DOCS] Clarifies number of file and native realms (#58949) 2020-07-03 11:00:28 -07:00
Robin Clarke
567720d970 [DOCS] Added caveat about the number of file realms (#58369) 2020-07-02 10:27:36 -07:00
Yang Wang
a5a8b4ae1d
Add cache for application privileges (#55836) (#58798)
Add caching support for application privileges to reduce number of round-trips to security index when building application privilege descriptors.

Privilege retrieving in NativePrivilegeStore is changed to always fetching all privilege documents for a given application. The caching is applied to all places including "get privilege", "has privileges" APIs and CompositeRolesStore (for authentication).
2020-07-02 11:50:03 +10:00
James Rodewig
a966513eae
[DOCS] Remove problematic terms (#58832) (#58851) 2020-07-01 13:47:14 -04:00
Larry Gregory
2ca09cddaf [DOCS] Rename kibana user to kibana_system (#58423) 2020-06-23 14:25:09 -07:00
Lisa Cawley
46d797b1d9 [DOCS] Fixes license management links (#58213) 2020-06-16 16:49:48 -07:00
Lisa Cawley
554e60860f [DOCS] Add token and HTTPS requirements for Kerberos (#57180)
Co-authored-by: Tim Vernum <tim@adjective.org>
2020-06-15 14:30:13 -07:00
Rene Groeschke
01e9126588
Remove deprecated usage of testCompile configuration (#57921) (#58083)
* Remove usage of deprecated testCompile configuration
* Replace testCompile usage by testImplementation
* Make testImplementation non transitive by default (as we did for testCompile)
* Update CONTRIBUTING about using testImplementation for test dependencies
* Fail on testCompile configuration usage
2020-06-14 22:30:44 +02:00
Hossein Dehghan
2c6bd978d8 [Docs] Fix missing closing bracket for watcher webhook.asciidoc (#57803) 2020-06-09 13:59:51 +02:00
AndyHunt66
6760c69783 [DOCS] Fix formatting of create API key API docs (#57138) 2020-05-27 08:34:51 -04:00
James Rodewig
37e2bb7057
[DOCS] Add watcher multi-doc index ex (#52040) (#57011)
Adds an example snippet for creating a `_doc` payload field with the
Watcher `index` action.

Co-authored-by: Luiz Guilherme Pais dos Santos <luiz.santos@elastic.co>
2020-05-20 16:57:45 -04:00
Brandon Morelli
ec41d36c62
docs: update links to beats security docs (#56875) (#56953) 2020-05-20 11:28:39 -07:00
Florian Kelbert
edada6bc39 [Docs] Insert missing colon (#56980) 2020-05-20 15:49:17 +02:00
Jake Landis
a22aabcc15
[7.x] Reduce chance for test failure due to schedule (#56633) (#56695)
If CI is running tests at exactly 0 or 5 minutes past the hour
the ack-watch docs tests may fail with a 409 error if the ack
test happens to run at the exact time that the schedule watch
is running.

This commit changes the public documentation (and the test) for
the ack to a feb 29th at noon schedule. Test doc or tests do
not really care about the schedule date and this is chosen
since it is a valid date, but one that is extremely unlikely
to cause issues.
2020-05-14 15:52:04 -05:00
debadair
6de6ec68f2
[DOCS] Extract the cron docs from Watcher docs and add to the API conventions. (#56313) (#56651)
* [DOCS] Promote cron expressions info from Watcher to a separate topic.

* Fix table error

* Fixed xref

* Apply suggestions from code review

Co-authored-by: James Rodewig <james.rodewig@elastic.co>

* Incorporated review feedback

Co-authored-by: James Rodewig <james.rodewig@elastic.co>

Co-authored-by: James Rodewig <james.rodewig@elastic.co>
2020-05-12 16:36:18 -07:00