This commit restricts custom role providers to only apply to those
instances of x-pack with a platinum level license. All other license
types will not be allowed to use custom role providers. Any custom role
providers implemented via the XPackExtension will not take effect unless
the license is platinum.
relates elastic/x-pack-elasticsearch#720
Original commit: elastic/x-pack-elasticsearch@4fc35494ee
The wait condition used for integ tests by default calls the cluster
health api with wait_for_nodes nd wait_for_status. However, xpack
overrides the wait condition to add auth, but most of these conditions
still looked at the root ES url, which means the tests are susceptible
to race conditions with the check and node startup. This change modifies
the url for the authenticated wait condtion to check the health api,
with the appropriate wait_for_nodes and wait_for_status.
Original commit: elastic/x-pack-elasticsearch@0b23ef528f
When adding support for rest request filtering of sensitive content, the overridden rest request
did not properly delegate the #getRemoteAddress method to the wrapped request. This resulted in a
NPE when a filtered rest request was created and an audit record needed to be generated.
relates elastic/x-pack-elasticsearch#714
Original commit: elastic/x-pack-elasticsearch@710b43355b
User signing was removed with the move to TLS only transport and this change removes a no longer
used setting.
Original commit: elastic/x-pack-elasticsearch@c221f1f4a4
* Changed ML action names to allow distinguishing of admin and read-only actions
using wildcards
* Added manage_ml and monitor_ml built-in privileges as subsets of the existing
manage and monitor privileges
* Added out-of-the-box machine_learning_admin and machine_learning_user roles
* Changed machine learning results endpoints to use a NodeClient rather than an
InternalClient when searching for results so that index/document level permissions
applied to ML results are respected
Original commit: elastic/x-pack-elasticsearch@eee800aaa8
This commit removes an unnecessary String creation from the char[] of a password and instead uses
a byte[] that is cleared after it is used to prevent the password bytes from sticking around in
memory longer than required.
Original commit: elastic/x-pack-elasticsearch@1154a68965
- introduce builtin user 'beats_system'
- init monitoring-beats ES mapping
- add beats to MonitoredSystem + Resolver
Original commit: elastic/x-pack-elasticsearch@4d7b45d54d
DataStreamDiagnostics
DataStreamDiagnostics analyzes input data regarding machine learning fit. It checks whether data is sane/plausible as anomaly detection on broken data (or misconfiguration).
Original commit: elastic/x-pack-elasticsearch@2f37d3c960
This commit fixes the SHA hashes for the Netty dependencies after Netty
was upgraded from version 4.1.8 to version 4.1.9.
Original commit: elastic/x-pack-elasticsearch@ca4c376886
This integration tests only checks if date math index names are
supported. This is nothing that a watcher test should check for.
Original commit: elastic/x-pack-elasticsearch@8a06988fff
Now machine learning is simply a feature of X-Pack, so I have made the
MachineLearning class more like the other feature classes. It no longer extends
Plugin and its createComponents() method takes an InternalClient rather than
a generic Client.
Original commit: elastic/x-pack-elasticsearch@704860147c
This commit adds an end-point to force deletion of expired data:
DELETE /_xpack/ml/_delete_expired_data
A few other things are changed too:
- Delete expired results from now rather than start of day
- Rename MlDaily{Management -> Maintenance}Service
- Refresh job indices when job is closing to ensure latest result
visibility
- Commit results when quantiles are persisted to ensure they are visible
for renormalization
Original commit: elastic/x-pack-elasticsearch@8ca5272a94
Switched the order of the local atomic flag check and cluster state check,
based on the observation that we used to sometimes get a storm of cluster
state updates on initial startup, due to a race between checking for the
presence of an index template and starting to create one.
Original commit: elastic/x-pack-elasticsearch@7ae83648ce
* [ML] Wait for templates to be installed before running ML Integ tests
* Revert put job template check and preserve template change
* Review comments
Original commit: elastic/x-pack-elasticsearch@21deb34f4a
Security API to determine which (if any) of a specified set of index/cluster privileges are held by the current (runAs) user.
Intended for use by Kibana to distinguish between read/write and read-only users, but should be applicable to other uses cases also.
Closes: elastic/x-pack-elasticsearch#282
Original commit: elastic/x-pack-elasticsearch@8b4cfdb858
The only tricky thing here was what to do about ES jars. We now ignore them for the jar sha checking, and the base elasticsearch license and notice is copied here, and elasticsearch jars are mapped to those license/notice files.
Original commit: elastic/x-pack-elasticsearch@a6373cfe4e
This fixes returning results only for the job asked
when a shared index is used.
The commit also refactors the field count check to
use the field mappings API and solves a bug where the
check blows due to the _default_ type not having properties.
[Zach] Minor test tweak to MlJobIT
Original commit: elastic/x-pack-elasticsearch@729f886879
The yaml test runner now throws error when skip or do sections are malformed, such as they don't start with the proper token (START_OBJECT). That signals bad indentation, which was previously ignored. Thanks (or due to) our pull parsing code, we were still able to properly parse the sections, yet other runners weren't able to.
Original commit: elastic/x-pack-elasticsearch@920201207c
Only distributed ml tests, only enable ml as security, watcher, monitoring etc. only add noise to the tests.
Disable mock big arrays for distributed ml tests, as nodes starting/stopping in tests somehow leaves allocations around,
which only is a test problem.
Original commit: elastic/x-pack-elasticsearch@5ff1e69036
This moves the index structure to using a single, shared index
(.ml-anomalies-shared). Custom indices can still be used by manually
setting `results_index`.
An alias is always created which points from `.ml-anomalies-<jobid>`
to `.ml-anomalies-shared`.
User defined indices are prepended with "custom-"
Index helper functions have been renamed to make this clear. Furthermore,
accessing an index should always be done either by fetching the
currently configured index/alias from the state, or using the preconfigured
alias. Because the user can specify a custom physical index, it is
impossible to determine the physical index "by convention" now.
The helpers have been configured to reflect that.
Original commit: elastic/x-pack-elasticsearch@a5368eb230
This commit adds the ability for x-pack extensions to optionally
provide custom roles providers, which are used to resolve any roles
into role descriptors that are not found in the reserved or native
realms. This feature enables the ability to define and provide roles
from other sources, without having to pre-define such roles in the security
config files.
relates elastic/x-pack-elasticsearch#77
Original commit: elastic/x-pack-elasticsearch@bbbe7a49bf
As part of authentication, we use a iterating action listener to perform asynchronous authentication against the realm
chain. When this listener is called with a response or a failure, it could be called from a thread that is not owned by
the Elasticsearch threadpool such as a LDAPConnectionReader thread. When this happens, we need to ensure that the
ThreadContext is not left with items in it otherwise we leave behind things like Authentication and hit obscure errors.
This commit stores the context when the listener calls the consumer or onResponse/onFailure is invoked, which prevents
us from polluting a external thread's ThreadContext.
Original commit: elastic/x-pack-elasticsearch@0f50fb6c10
Some json builders in the codebase were not closed. even
though this is not needed for the BytesStreamOutput being used,
there is more closing logic in the jackson classes, which we
should not rely on, that those never change or are ok to not
close.
Original commit: elastic/x-pack-elasticsearch@05a43d80ff