Shield now supports the ability to disable or enable individual features based on the type of
license that is currently installed. The change replaces the LicenseService in shield with a
ShieldLicensee that is notified on changes to the license. The ShieldLicensee then updates
a ShieldLicenseState object, which contains the logic and methods to check for features being
enabled or disabled. The ShieldLicenseState object is used by consumers to check the status
of a feature. The decoupling of the feature enablement from the ShieldLicensee class was done
to work around circular dependency issues.
Closeselastic/elasticsearch#689
Original commit: elastic/x-pack-elasticsearch@442514496d
- Added the notion of `Licensee.Status` (holds both the `License.OperationMode` and the `LicenseState`)
- Added a support base class for all `Licensee` implementations. The idea behind this is that implementations will centralized the licensing logic in one class (same as `MarvelLicensee` does), but if there's a requirement for more "proactiveness" on license status change, different components can register a `Licensee.Listener` to be notified on license changes.
- Since we introduced `License.OperationMode` as part of the license refactoring, there's no need anymore for Marvel's `Mode` enum.
Closeselastic/elasticsearch#690
Original commit: elastic/x-pack-elasticsearch@8a66bc163f
This commit adds a micro-optimization for obtaining a MessageDigest
instance for calculating SHA-256 message digests. Benchmarking with JMH
showed the micro-benchmarking of getting new instances versus cloning
existing instances to be around twice as slow.
Original commit: elastic/x-pack-elasticsearch@d558ed961f
This commit removes all uses of com.google.common.hash.Hashing across
the codebase. This is one of the few remaining steps in the eventual
removal of Guava as a dependency.
Relates elastic/elasticsearchelastic/elasticsearch#13224
Original commit: elastic/x-pack-elasticsearch@5b90c9a496
- `ClusterStatsIT` is now `ClusterStatsTests` (moving it to maven `test` phase)
- Simplified and restructured the test
- changed the `LocalExporter` to handle the case where the marvel template was deleted. Now every time the cluster state is updated, it'll make sure the template still exists and if not put it back.
- moved all the marvel template logic to a centrailzed place (`MarvelTemplateUtils`)
- moved all es/marvel version logic to a cernralized place (`VersionUtils`)
- now the `MarvelIntegTestCase` doesn't allow the marvel template to be deleted by the test infra
- improved logging output
Original commit: elastic/x-pack-elasticsearch@502532ddad
- remove state - the existing of the internal `bulk` is enough to determine the state of the exporter. When the exporter is started, the bulk is instantiated.
- simplified & structured the startup of the exporter - now it listens to cluster state events and acts on those, rather than fetching & checking the cluster state on demand.
- the master is responsible for "putting" the marvel template... everything else will just wait for the right template to appear in the cluster state.
- started to fix the local exporter tests
Original commit: elastic/x-pack-elasticsearch@7fae23d166
- bulk abstraction on top of exporter
- removed queuing and bulk processor from local exporter
- started to adjust tests to shield (require a lot of helper methods in `MarvelInegTestCase`)
- moved index name resolution to `Exporter` (functionality shared between all exporters)
Original commit: elastic/x-pack-elasticsearch@86b495622c
- prepared the ground for shield integration tests.
- for now, `shield` is disabled for all integration tests (once we have the `local` exporter we'll be able to turn shield on.
Original commit: elastic/x-pack-elasticsearch@cf5d660f58
- an exporter is no longer fixed construct. Instead, this commit creates an `Exporter` abstraction. An exporter has a type and is responsible for exporting marvel documents.
- multiple exporters can be configured, each can be of a different type.
- an exporter can be of a "singleton" type, indicating that there can only be one exporter of that type at any point in time.
- exporters are configured in the settings. Each exporters is identified by a unique name/id and has its own settings (the type of the exporter defines what settings that exporter expects)
- exporters are loaded at start up time, but it is also possible to update the exporter settings at runtime (all exporter settings are registered as dynamic cluster settings). When updated, all the exporters will be rebuild & reloaded.
- there are two types of exporters: `http` and `local`
- `http` exporter exports documents to external elasticsearch clusters using the REST API
- the new `http` exporter doesn't support user info as part of the URL (it's pron to security info leak). Instead a new `auth.username` and `auth.password` settings were added that can be set per `http` exporter (when shield is installed, the passwords are filtered out from the node info API)
- `local` exporter exports documents to the same cluster the agent is installed on, using the internal node client.
- when no exporter is configured, a default `local` exporter is created (for best ootb experience)
Original commit: elastic/x-pack-elasticsearch@d1d7c8aefd
- Adds internal `__marvel_user`
- Adds a `SecuredClient` that binds the internal marvel user to all requests it sends
Original commit: elastic/x-pack-elasticsearch@77c4716261
These files are generated automatically with eclipse:eclipse so they shouldn't
be tracked in the repository.
Original commit: elastic/x-pack-elasticsearch@3869ddebfa
This change updates the IPFilter to always allow traffic from the bound addresses of the node
even if they have been explicitly disabled. This behavior can be disabled through a setting but
that could be dangerous if the blocking rule is added via a persistent setting stored in the cluster
state.
Closeselastic/elasticsearch#487
Original commit: elastic/x-pack-elasticsearch@4c1cf9455f
I fixed a couple more warnings and added suppressions, so that when
elastic/elasticsearchelastic/elasticsearch#13410 lands, x-plugins will not break.
Original commit: elastic/x-pack-elasticsearch@8a19b2b71b
In order to not accidentally release marvel in its current state
this removes marvel in the S3 upload as well as not deploying
marvel to artifactory.
Original commit: elastic/x-pack-elasticsearch@cb6088e18b