Commit Graph

6029 Commits

Author SHA1 Message Date
Tim Brooks f2cbe20ea0 Remove default passwords from reserved users (elastic/x-pack-elasticsearch#1665)
This is related to elastic/x-pack-elasticsearch#1217. This PR removes the default password of
"changeme" from the reserved users.

This PR adds special behavior for authenticating the reserved users. No
ReservedRealm user can be authenticated until its password is set. The
one exception to this is the elastic user. The elastic user can be
authenticated with an empty password if the action is a rest request
originating from localhost. In this scenario where an elastic user is
authenticated with a default password, it will have metadata indicating
that it is in setup mode. An elastic user in setup mode is only
authorized to execute a change password request.

Original commit: elastic/x-pack-elasticsearch@e1e101a237
2017-06-29 15:27:57 -05:00
Christoph Büscher 075eda4fc1 Temporarily disable SecurityIndexSearcherWrapperIntegrationTests
Original commit: elastic/x-pack-elasticsearch@bcef6ae8c6
2017-06-29 20:46:30 +02:00
Christoph Büscher 7c6b8ffa36 Adapting to changes in https://github.com/elastic/elasticsearch/pull/25448 (elastic/x-pack-elasticsearch#1887)
Original commit: elastic/x-pack-elasticsearch@5cdf5a2372
2017-06-29 17:10:34 +02:00
Jay Modi f60c0f893c Test: add a basic rest test for CCS with non-matching remote index patterns (elastic/x-pack-elasticsearch#1866)
This commit adds a basic rest test to verify that security works with cross cluster search when a
remote pattern is provided and no remote indices match.

Relates elastic/elasticsearch#25436
relates elastic/x-pack-elasticsearch#1854

Original commit: elastic/x-pack-elasticsearch@e804d0bb12
2017-06-29 07:14:11 -06:00
Christoph Büscher 3ff5ee3f47 Adapting to merging GetField and SearchHitField to DocumentField (elastic/x-pack-elasticsearch#1860)
Follow up to changes in https://github.com/elastic/elasticsearch/pull/25361

Original commit: elastic/x-pack-elasticsearch@5b1ca009f6
2017-06-29 11:36:20 +02:00
Deb Adair 5dc9fed9da Reverting broken change to skip testing in info.asciidoc."
This reverts commit elastic/x-pack-elasticsearch@5e4d77f4ca.

Original commit: elastic/x-pack-elasticsearch@6dca6d7e9f
2017-06-28 13:26:00 -07:00
Simon Willnauer 2f10afa40e Use explicit settings for simple bool settings (elastic/x-pack-elasticsearch#1871)
We made the mistake to generate way to many settings in xpack which makes
finding out the right string and where it's defined super difficult. If
we use constants we can just use commandline tools to find where the settings
are defined. This also removes 1.x and 2.x BWC from the enabled settings which should
be removed in 6.x

Original commit: elastic/x-pack-elasticsearch@ec25e6c40c
2017-06-28 22:07:08 +02:00
Deb Adair 2c7e39155d [DOCS] Fixed cross-doc link to Graph Troubleshooting.
Original commit: elastic/x-pack-elasticsearch@6d0bcf29c7
2017-06-28 13:01:35 -07:00
Deb Adair 8e3238f3b5 [DOCS] Temporarily added info.asciidoc to the test exclude list. Failing due to missing LS output from _xpack.
Original commit: elastic/x-pack-elasticsearch@5e4d77f4ca
2017-06-28 12:36:09 -07:00
lcawley cbf7c32b88 [DOCS] Fix broken link to security API
Original commit: elastic/x-pack-elasticsearch@85fa16e160
2017-06-28 12:00:28 -07:00
Lisa Cawley 08fdac5a93 [DOCS] Move security APIs to Elasticsearch Ref (elastic/x-pack-elasticsearch#1877)
* [DOCS] Move security APIs to Elasticsearch Ref

* [DOCS] Update links to security APIs

* [DOCS] Fix link to security APIs

Original commit: elastic/x-pack-elasticsearch@d7a9d3f1ab
2017-06-28 11:02:40 -07:00
Tim Brooks f275a3f07b Support bootstrap password when in container (elastic/x-pack-elasticsearch#1832)
This is related to elastic/x-pack-elasticsearch#1217. This commit reads two environment variables on
startup: BOOTSTRAP_PWD and ELASTIC_CONTAINER. If BOOTSTRAP_PWD is
present, ELASTIC_CONTAINER must be set to true. Otherwise a new
bootstrap check will fail.

If ELASTIC_CONTAINER is set to true, the elastic user can be
authenticated with the BOOTSTRAP_PWD variable when its password
has not been explicitly set.

Original commit: elastic/x-pack-elasticsearch@78f53fd232
2017-06-28 12:48:49 -05:00
Lisa Cawley 2f1693c0fd [DOCS] Update ML open job API (elastic/x-pack-elasticsearch#1875)
Original commit: elastic/x-pack-elasticsearch@00a76d79ae
2017-06-28 10:27:05 -07:00
lcawley c42a0844bc [DOCS] Re-add include-xpack attribute
Original commit: elastic/x-pack-elasticsearch@8312e2856f
2017-06-28 10:15:28 -07:00
Deb Adair 90e3007228 [DOCS] Fixed link order.
Original commit: elastic/x-pack-elasticsearch@7aa7ce5621
2017-06-28 09:50:13 -07:00
Deb Adair 3b87e67ec4 [DOCS] Updated links to the ES Ref for the X-Pack ref.
Original commit: elastic/x-pack-elasticsearch@d47f276678
2017-06-28 09:43:04 -07:00
Deb Adair 32a283c51d [DOCS] Expanding Graph API reference content here & removing it from x-pack-kibana.
Original commit: elastic/x-pack-elasticsearch@89bce85e55
2017-06-28 09:02:48 -07:00
Chris Earle 231634251f [Monitoring] Enable read-only access for kibana_system user (elastic/x-pack-elasticsearch#1851)
Add read-only `.monitoring-*` to the `kibana_system` user.

Original commit: elastic/x-pack-elasticsearch@0991c062b8
2017-06-28 11:44:04 -04:00
Sophie Chang a9f86f6d1b [DOCS] Model plot updates (elastic/x-pack-elasticsearch#1803)
* [DOCS] Model plot updates

Add to job create.
Remove terms from job resource.

* [DOCS] Describing terms as experimental

Original commit: elastic/x-pack-elasticsearch@815fa0ec37
2017-06-28 07:40:08 -07:00
Alexander Reelsen edd5fa4ab4 Watcher: Allow unmet action conditions to reset action status (elastic/x-pack-elasticsearch#1859)
The logic of resetting acknowledgements is only executed, if the watch
wide condition is not met. However, if you dont specify a condition
(which makes it always true), but create a condition in your action
(this might make sense because it allows you to execute a transform and
then execute the condition), then after acking this action, it will
never get be unacked, because the watch wide condition is always met.

relates elastic/x-pack-elasticsearch#1857

Original commit: elastic/x-pack-elasticsearch@95aa402c27
2017-06-28 14:52:26 +02:00
Dimitris Athanasiou 1a076e2eb9 [ML] Improve naming of flush related methods (elastic/x-pack-elasticsearch#1872)
Original commit: elastic/x-pack-elasticsearch@eb3eb80b6e
2017-06-28 13:32:51 +01:00
lcawley 7fff1567fe [DOCS] Fixed broken link
Original commit: elastic/x-pack-elasticsearch@589fdf27d8
2017-06-27 17:52:41 -07:00
Lisa Cawley b9a7dcdcc4 [DOCS] Move watcher APIs to Elasticsearch Ref (elastic/x-pack-elasticsearch#1869)
* [DOCS] Move watcher APIs to Elasticsearch Ref

* [DOCS] Update links to Watcher APIs

Original commit: elastic/x-pack-elasticsearch@5b6e903366
2017-06-27 17:16:51 -07:00
Ali Beyad a68fb27a23 Upgrade security index to use only one (the default) index type (elastic/x-pack-elasticsearch#1780)
The .security index used several different types to differentiate the
documents added to the index (users, reserved-users, roles, etc).  Since
types are deprecated in 6.x, this commit changes the .security index
access layer to only use a single type and have all documents in the
index be of that single type.  To differentiate documents that may have
the same id (e.g. the same user name and role name), the appropriate
type of the document is prepended to the id.  For example, a user named
"jdoe" will now have the document id "user-jdoe".  

This commit also ensures that any native realm security index operations
that lead to auto creation of the security index first go through the process
of creating the internal security index (.security-v6) and creating the alias
.security to point to the internal index. 

Lastly, anytime the security index is accessed without having been
upgraded, an exception is thrown notifying the user to use the
upgrade API to upgrade the security index.

Original commit: elastic/x-pack-elasticsearch@cc0a474aed
2017-06-27 17:53:58 -04:00
Igor Motov d2bdd99308 Update upgrade API endpoints (elastic/x-pack-elasticsearch#1724)
Switch from /_xpack/_upgrade to /_xpack/migration/assistance and /_xpack/migration/upgrade

Original commit: elastic/x-pack-elasticsearch@b15217135c
2017-06-27 17:53:58 -04:00
Igor Motov 0de8cf47b1 Add REST point names
Relates to elastic/elasticsearch#24169

Original commit: elastic/x-pack-elasticsearch@d18a24a035
2017-06-27 17:53:58 -04:00
Igor Motov 3502a9901b Add watcher upgrade procedure (elastic/x-pack-elasticsearch#1603)
Relates to elastic/x-pack-elasticsearch#1214

Original commit: elastic/x-pack-elasticsearch@1017d60df4
2017-06-27 17:53:58 -04:00
Igor Motov b564e6e102 Upgrade API should work with TRIAL license as well (elastic/x-pack-elasticsearch#1567)
Relates to elastic/x-pack-elasticsearch#1214

Original commit: elastic/x-pack-elasticsearch@2ad7e389fb
2017-06-27 17:53:58 -04:00
Igor Motov 568802bbcd Add Kibana upgrade procedure to Upgrade API (elastic/x-pack-elasticsearch#1498)
Adds upgrade infrastructure and support for Kibana index upgrades.

Original commit: elastic/x-pack-elasticsearch@91f343b00f
2017-06-27 17:53:58 -04:00
Igor Motov ad6b86481e Make Upgrade API license aware (elastic/x-pack-elasticsearch#1401)
Upgrade API should only work with non-trial licenses

Relates to elastic/x-pack-elasticsearch#1214

Original commit: elastic/x-pack-elasticsearch@28fef0feeb
2017-06-27 17:53:58 -04:00
Igor Motov bb034f42b8 Add Upgrade API Index Upgrade Info action (elastic/x-pack-elasticsearch#1264)
Adds a new Upgrade API with the first action, index upgrade info, that returns that list of indices that require upgrade in the current cluster before the cluster can be upgraded to the next major version.

Relates to elastic/x-pack-elasticsearch#1214

Original commit: elastic/x-pack-elasticsearch@761e7d2128
2017-06-27 17:53:58 -04:00
Ryan Ernst 84574c0367 Another fix for security tribe tests when ssl is disabled
Original commit: elastic/x-pack-elasticsearch@db2eca3522
2017-06-27 14:53:12 -07:00
Suyog Rao e8472908c1 [Logstash] Change config management license to Gold (elastic/x-pack-elasticsearch#1843)
* [Logstash] Change management license to Gold

Previously the license type for LS config management was `BASIC`. In order to use the security features in Standard/Gold, we had to bump Logstash as well to Gold license.

relates elastic/x-pack-elasticsearch#1841

Original commit: elastic/x-pack-elasticsearch@29194b2417
2017-06-27 14:21:00 -07:00
Ryan Ernst ad9797393a Fix tribe tests with secure ssl settings
Original commit: elastic/x-pack-elasticsearch@a06ef174b0
2017-06-27 14:01:21 -07:00
Tal Levy 8145b100f1 Introduce the deprecation API (elastic/x-pack-elasticsearch#1833)
Adds REST endpoint and Transport Action for retrieving breaking-changes deprecations that exist in current version. This PR is just the framework for such an API, future checks will be added to the appropriate branches.

Original commit: elastic/x-pack-elasticsearch@990e3468e9
2017-06-27 13:51:45 -07:00
Lisa Cawley 6d4be0e5d3 [DOCS] Add multi-metric job creation to ML getting started tutorial (elastic/x-pack-elasticsearch#1451)
* [DOCS] Getting started with multi-metric jobs

* [DOCS] More work on ML getting started with multi-metric jobs

* [DOCS] Add ML getting started with multi-metric jobs screenshot

* [DOCS] Add ML getting started information about influencers

* [DOCS] Getting started with multi-metric jobs

* [DOCS] Fix ML getting started build error

* [DOCS] Add ML getting started multi-metric snapshots

* [DOCS] Add screenshots and next steps to ML Getting Started tutorial

* [DOCS] Clarified anomaly scores in ML Getting Started pages

* [DOCS] Addressed ML getting started feedback

* [DOCS] Fix ML getting started links

Original commit: elastic/x-pack-elasticsearch@a7e80cfabf
2017-06-27 13:31:35 -07:00
Jason Tedor b710f5906f Register primary context handoff as known handler
This commit registers the primary context handoff handler as known.

relates elastic/x-pack-elasticsearch#1856

Original commit: elastic/x-pack-elasticsearch@f91142a521
2017-06-27 15:18:44 -04:00
lcawley e8df087bde [DOCS] Add link to installation pages
Original commit: elastic/x-pack-elasticsearch@6884bbe1de
2017-06-27 11:31:33 -07:00
Ryan Ernst 9b3fb66394 Settings: Add secure versions of SSL passphrases (elastic/x-pack-elasticsearch#1852)
This commit adds new settings for the ssl keystore (not the ES keystore)
passphrase settings. New setting names are used, instead of trying to
support the existing names in both yml and the ES keystore, so that
there does not need to be complicated logic between the two. Note that
the old settings remain the only way to set the ssl passphrases for the
transport client, but the Settings object for transport clients are
created in memory by users, so they are already as "secure" as having a
loaded ES keystore. Also note that in the long term future (6.x
timeframe?) these settings should be deprecated and the keys/certs
themselves should be moved into the ES keystore, so there will be no
need for separate keystores/passphrases.

relates elastic/elasticsearch#22475

Original commit: elastic/x-pack-elasticsearch@be5275fa3d
2017-06-27 10:15:12 -07:00
Lisa Cawley 6d1f7bee10 [DOCS] Update links to use shared attributes (elastic/x-pack-elasticsearch#1855)
Original commit: elastic/x-pack-elasticsearch@b1553510b1
2017-06-27 09:46:56 -07:00
Lisa Cawley f2e20f86e4 [DOCS] Fix X-Pack settings for Elasticsearch (elastic/x-pack-elasticsearch#1863)
Original commit: elastic/x-pack-elasticsearch@8469db2909
2017-06-27 09:14:35 -07:00
Tal Levy 7c7bf475c1 reflect core change to method signature in sourceAsMap (elastic/x-pack-elasticsearch#1862)
x-pack change for https://github.com/elastic/elasticsearch/pull/25410

Original commit: elastic/x-pack-elasticsearch@908ddd3413
2017-06-27 08:59:29 -07:00
Alexander Reelsen 403cf8eba3 Watcher: Refactoring of TriggeredWatchStore (elastic/x-pack-elasticsearch#1848)
* The TriggeredWatchStore now only has one method to put triggered
  watches
* All code is async in TriggeredWatchStore, locking has been removed
* The dedicated WatchRecord.Fields interface has been removed
* TriggeredWatchTests integration test has been moved to a unit test

Original commit: elastic/x-pack-elasticsearch@bc4b5820fb
2017-06-27 17:47:00 +02:00
lcawley 84ec242636 [DOCS] Fixed typo in X-Pack settings
Original commit: elastic/x-pack-elasticsearch@3c9f548b75
2017-06-27 07:53:47 -07:00
David Roberts 46b9f6de3a [DOCS] Auto create required for ML indices (elastic/x-pack-elasticsearch#1858)
Original commit: elastic/x-pack-elasticsearch@5d309559ed
2017-06-27 15:27:28 +01:00
Simon Willnauer 9b0639d7f0 Remove usage of `mapper.single_type` from xpack tests (elastic/x-pack-elasticsearch#1853)
`index.mapper.single_type` will be removed in master. While there is still
one usage in the security template that we are working on, this change
will remove the remaining usage.

Original commit: elastic/x-pack-elasticsearch@6e7f63b9e0
2017-06-27 13:29:34 +02:00
Daniel Mitterdorfer 54345e6b8e Mute MlDistributedFailureIT#testFullClusterRestart()
Relates elastic/elasticsearch#25415

Original commit: elastic/x-pack-elasticsearch@01fa0e7601
2017-06-27 12:44:22 +02:00
Daniel Mitterdorfer 10a95c4268 Add AwaitsFix to KnownActionsTests#testAllTransportHandlersAreKnown
Relates elastic/x-pack-elasticsearch#1856

Original commit: elastic/x-pack-elasticsearch@ea16c49af0
2017-06-27 08:58:55 +02:00
Deb Adair b933214dcd [DOCS] Adding shared x-pack-settings file.
Original commit: elastic/x-pack-elasticsearch@2b74fab772
2017-06-26 21:09:55 -07:00
Deb Adair 5a9eb01c3f [DOCS] Fixed broken link to Monitoring Logstash.
Original commit: elastic/x-pack-elasticsearch@bb5dafbd40
2017-06-26 17:33:59 -07:00