Commit Graph

2680 Commits

Author SHA1 Message Date
Alexander Reelsen f4eb0e7c7c Docs: Mention option to enable scripting for watcher-only
Deep down buried there is an option to not only allow global
script execution, but also allow a single scripting language for
watcher only. It is time to document it as well.

Renamed this option to `script.engine.groovy.inline.xpack_watch`
to align with xpack renaming.

Closes elastic/elasticsearch#1422

Original commit: elastic/x-pack-elasticsearch@845eb5a0c0
2016-03-08 12:04:28 +01:00
Tim Sullivan a31a6fba44 Merge pull request elastic/elasticsearch#1621 from tsullivan/monitoring-ui-add-no-shadow
monitoring ui: add no-shadow eslint rule

Original commit: elastic/x-pack-elasticsearch@3e1aa86857
2016-03-07 14:32:57 -07:00
Alexander Reelsen 10644a2784 Watcher: Fix correct setting of email attachment names
Fix to ensure that the email attachment has a correctly set filename, which is
also now explained in the documentation.

In addition there is a check now for email attachments, that a filename can only
be specified once, otherwise an exception is thrown.

Closes elastic/elasticsearch#1503

Original commit: elastic/x-pack-elasticsearch@2a399058b3
2016-03-07 21:57:42 +01:00
jaymode 03dcc5ea67 shield: copy settings to tribe nodes
The shield settings need to be copied down to the tribe nodes so that they are
aware of the shield configuration. Otherwise there will be issues such as SSL
not carrying over or authentication realms not being available.

Closes elastic/elasticsearch#702

Original commit: elastic/x-pack-elasticsearch@7bd7674f3e
2016-03-07 12:31:40 -05:00
jaymode 2612edf4cb test: blacklist the ingest default processors rest test
This test assumes no modules are installed but the shield rest tests run with the modules
installed.

Original commit: elastic/x-pack-elasticsearch@2ba47fcd0f
2016-03-07 12:15:06 -05:00
jaymode 101ff22546 fix compile after removal of versions < 2.0.0
Original commit: elastic/x-pack-elasticsearch@61e2814aac
2016-03-07 10:53:07 -05:00
jaymode 98e904deef fix compile due to core change in NodeInfo
Original commit: elastic/x-pack-elasticsearch@3ff3fa63e6
2016-03-07 09:34:53 -05:00
Robert Muir 2a9ba9e934 lucene 6 api changes (tests only)
Original commit: elastic/x-pack-elasticsearch@8120c29cd8
2016-03-07 04:14:09 -05:00
Ryan Ernst 59ec9302c8 Switch cli tests to unified MockTerminal
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#16966

Original commit: elastic/x-pack-elasticsearch@a2e2faf20a
2016-03-06 13:18:40 -08:00
jaymode 46cae1b2b1 test: remove check for bound addresses that fails on mac
Original commit: elastic/x-pack-elasticsearch@85c7f158ff
2016-03-04 17:47:38 -05:00
jaymode 186dbf547a security: protect the user and roles index
This commit adds the logic to protect the user and roles index that we store locally
by restricting access to the internal XPack user. We need to do this in two places;
the first is when resolving wildcards and the other is when authorizing requests
made against specific indices.

Original commit: elastic/x-pack-elasticsearch@8ee0ce02db
2016-03-04 17:16:03 -05:00
Tim Sullivan c1c78911b9 Merge pull request elastic/elasticsearch#1610 from tsullivan/monitoring-ui-es6-cleanup
monitoring ui: typo fix

Original commit: elastic/x-pack-elasticsearch@69bab26d2e
2016-03-04 11:06:46 -07:00
Tanguy Leroux 452e729a02 Monitoring: Fix NodeStatsResolverTests on Windows platforms
Because load_average is not available on Windows, it must be excluded from test assertions.

Original commit: elastic/x-pack-elasticsearch@f67f9bb5e7
2016-03-04 17:28:49 +01:00
Tanguy Leroux 66e49a0546 Marvel: Add integration test for Marvel+Shield with SSL
closes elastic/elasticsearch#1467

Original commit: elastic/x-pack-elasticsearch@9dd6bf9629
2016-03-04 16:55:35 +01:00
Tanguy Leroux a8e52eb520 Monitoring: Clean up and refactoring
This commit removes various constructors in monitoring documents and add a single constructeur that accepts a monitoring id and version. It also renames *Renderer classes to *Resolver and centralizes the logic of resolving the index name, type name and id in 1 place. It changes Exporter so that they use these resolvers to know in which index a given document must be indexed.

Original commit: elastic/x-pack-elasticsearch@c2349a95a6
2016-03-04 16:31:14 +01:00
Lukas Olson e015d7e501 Merge pull request elastic/elasticsearch#1597 from lukasolson/fix/login-redirect
Redirect to previous route after login

Original commit: elastic/x-pack-elasticsearch@d840a3272e
2016-03-03 13:37:13 -07:00
Tim Sullivan 382ea0811d Merge pull request elastic/elasticsearch#1599 from tsullivan/monitoring-ui-moretests
Monitoring UI: More Unit Tests

Original commit: elastic/x-pack-elasticsearch@79dbc6aed5
2016-03-03 11:56:28 -07:00
Adrien Grand c16ca2c779 string has been split into text and keyword.
Original commit: elastic/x-pack-elasticsearch@b98100f8b5
2016-03-03 09:17:47 +01:00
Tim Sullivan ba21e6f3d7 Merge pull request elastic/elasticsearch#1592 from tsullivan/master
monitoring ui: doc about JAVA environment build

Original commit: elastic/x-pack-elasticsearch@22ed6b74f2
2016-03-02 09:30:38 -07:00
jaymode d8617556cf shield: do not require password for user update operations
When thinking about applications and the need to update a user, we should not need to
update the password of the user when making changes to things like roles, email, full
name, or metadata. This commit changes how we handle operations where the password
field is missing.

When the password field is missing, we try to execute an update. If the user exists, all
values for the user are updated except for the password field. If the user does not exist
and the password field is missing then a ValidationException is returned.

When the password field is present, we always issue an index request.

Closes elastic/elasticsearch#1492

Original commit: elastic/x-pack-elasticsearch@3d8a5f2db6
2016-03-02 10:26:55 -05:00
jaymode d46f465ddb shield: refresh on user and role modifications by default
This commit introduces the default refresh on user and role update and delete
operations. The behavior can be controlled via the `refresh` parameter on the
REST API and the refresh option in the Java API.

Closes elastic/elasticsearch#1494

Original commit: elastic/x-pack-elasticsearch@aff4d13886
2016-03-02 09:04:41 -05:00
Tanguy Leroux ab3ee46104 Fix checkstyle violation
Original commit: elastic/x-pack-elasticsearch@7730c96d7c
2016-03-02 11:14:13 +01:00
Martijn van Groningen ceaed02f38 Added `manage_pipeline` privilege and `ingest_admin` default role for the ingest feature.
Closes elastic/elasticsearch#1367

Original commit: elastic/x-pack-elasticsearch@a4c9e22203
2016-03-02 10:53:10 +01:00
Tanguy Leroux edd993077b Marvel: Only clean timestamped indices with the current template version
Only current timestamped indices, like .marvel-es-1-* indices should be deleted. Other indices like the ones created by pre v2.3.0 plugin versions should be kept (like .marvel-es-YYYY.MM.dd)

Original commit: elastic/x-pack-elasticsearch@b2aff31875
2016-03-02 10:47:30 +01:00
Tanguy Leroux b39f4dcc37 Monitoring: Index node attributes and remove default mappings in data index
Original commit: elastic/x-pack-elasticsearch@c1581ecc1b
2016-03-02 10:06:27 +01:00
Jason Tedor 4c089cf33d Bump Elasticsearch version to 5.0.0-SNAPSHOT
This commit bumps the Elasticsearch version to 5.0.0-SNAPSHOT in line
with the alignment of versions across the stack.

Relates elastic/elasticsearchelastic/elasticsearch#16862

Original commit: elastic/x-pack-elasticsearch@155641c5e4
2016-03-01 17:18:13 -05:00
jaymode c8ee64d0cb test: sort by _uid to get consistent ordering
Original commit: elastic/x-pack-elasticsearch@73b5c49ea5
2016-03-01 09:30:12 -05:00
Nik Everett 507e9ede59 Rename unit test so it looks like a unit test
Original commit: elastic/x-pack-elasticsearch@d2d39ad50b
2016-03-01 08:09:25 -05:00
jaymode de72f4aeee security: change DLS behavior to OR queries together
This commit changes the behavior of combining multiple document level security queries
from an AND operation to an OR operation.

Additionally, the behavior is also changed when evaluating the combination of roles that
have document level security and roles that do not have document level security. Previously
when the permissions for these roles were combined, the queries from the roles with document
level security were still being applied, even though the user had access to all the documents.
This change now grants the user access to all documents in this scenario and the same applies
for field level security.

Closes elastic/elasticsearch#1074

Original commit: elastic/x-pack-elasticsearch@291107ec27
2016-03-01 07:03:38 -05:00
javanna 0be2b6cbbc Adapt to SearchServiceTransportAction rename
Original commit: elastic/x-pack-elasticsearch@b154325787
2016-03-01 12:58:53 +01:00
uboness 2a1b3250db Cleanup Security Roles
- Renamed `AddRoleAction/Request/Response` to `PutRoleAction/Request/Response`
- also renamed the user/roles rest actions
- Changed the returned format for `RestGetRoleAction`. Previously this endpoint returned an array of role descriptor. Now it returns an object where the role names serve as the keys for the role objects. This is aligned with other APIs in ES (e.g. index templates).
- When `RestGetRoleAction` cannot find all the requested roles, it'll return an empty object and a 404 response status
- Also cleaned up `RoleDescriptor`

Original commit: elastic/x-pack-elasticsearch@742f6e0020
2016-03-01 05:47:22 -05:00
Boaz Leskes 3ddbd77090 Remove DiscoveryService and reduce guice to just Discovery elastic/elasticsearch#1571
DiscoveryService was a bridge into the discovery universe. This is unneeded and we can just access discovery directly or do things in a different way.

This is a complement to elastic/elasticsearchelastic/elasticsearch#16821

Closes elastic/elasticsearch#1571

Original commit: elastic/x-pack-elasticsearch@496f0c4081
2016-02-29 20:26:38 +01:00
Lukas Olson b01521f349 Merge pull request elastic/elasticsearch#1575 from spalger/shield/fix/nonsenseMainFile
[kibana/shield] fix nonsense main file in package.json

Original commit: elastic/x-pack-elasticsearch@a60c9b8b54
2016-02-29 09:50:25 -07:00
jaymode 03be6e3a62 change shield in log messages to security
Original commit: elastic/x-pack-elasticsearch@9c5acc488a
2016-02-29 10:26:48 -05:00
uboness 759d99de9c changed the User API
- Now it's more aligned with other APIs in ES (e.g. index template API)
- the "get user" API now returns an object as a response. The users are keyed by their username. If none of the requested users is found, an empty object will be returned with a 404 response status.
- the body of "put user" request doesn't require "username" anymore (as it's defined as part of the URL)

Original commit: elastic/x-pack-elasticsearch@f7c12648b1
2016-02-29 09:47:39 -05:00
Alexander Reelsen 1f113e07f4 Watcher: Fail email action on attachment download issues
In case that a single email attachment cannot be downloaded, this ensures
that the whole action fails with a correct Action.Failure.

This also fixes an NPE that would occur otherwise.

Original commit: elastic/x-pack-elasticsearch@7bb042a719
2016-02-28 21:07:23 -08:00
Alexander Reelsen cc8109bc87 Watcher: Fix naming of data attachments to use id in email attachments
This is a small fix to use specified id when sending data attachments.
The current solution always used "data".

Also a minor refactoring was made to include get the different parser impls
from the EmailAttachmentsParser instead of specifying them twice in the
EmailAction.

Closes elastic/elasticsearch#1503

Original commit: elastic/x-pack-elasticsearch@9354e83c8b
2016-02-28 20:22:45 -08:00
Nik Everett d7170197f6 Handle core's log refactoring
Original commit: elastic/x-pack-elasticsearch@9e2e41db90
2016-02-26 16:06:31 -05:00
jaymode 06fc60c2f6 shield: handle null tokens when parsing roles
The roles parsing does not currently handle null tokens since the YAML parser
was not emitting them. With the upgrade to Jackson 2.7.1, the parser is now
emitting the null token value.

Original commit: elastic/x-pack-elasticsearch@abcad633ad
2016-02-26 15:03:56 -05:00
Alexander Reelsen 47f1c2daa5 Watcher: Throw exception when empty URL is handed in http requests
This ensures that invalid watches are not even added and rejected on
index time.

Closes elastic/elasticsearch#1510

Original commit: elastic/x-pack-elasticsearch@d18e0c8ef6
2016-02-25 17:31:11 -08:00
Alexander Reelsen b97fea44d7 Watcher: Fix SSL default port when using request.fromUrl
If no port was specified, port 80 was assumed, even if https was specified
was the protocol. This lead to weird failures in the logs and trying to use
SSL on port 80.

Relates elastic/elasticsearch#1567

Original commit: elastic/x-pack-elasticsearch@0ea11d612e
2016-02-25 16:26:53 -08:00
Alexander Reelsen 47ef39037b Watcher: Fix latch await in timeout tests
The awaiting latch was not waiting as long as the sleep in the code
causing the latch to fail and the test to fail.

This code aligns the time to wait for the latch and the sleep code
in the mock http server.

Original commit: elastic/x-pack-elasticsearch@8a2cc61204
2016-02-25 15:56:30 -08:00
uboness eb8dbfb998 Renamed `.shield` index to `.security`
Going forward (from 5.0 on) we'll remove all occurrences of the "shield" name/word from the code base. For this reason we want to already start using `.security` index in 2.3 such that we won't need to migrate it to a `.security` index later on.

Original commit: elastic/x-pack-elasticsearch@74a1cbfcf2
2016-02-25 15:10:22 -08:00
Alexander Reelsen 4eef709d2e Watcher: Fix timeout tests by increasing wait timeout
The request timeout and the real time the webserver slept was 5000ms.
In case of loaded systems, there might be cases, where the request was
still received in time.

This commit increases the server side sleep time to 10 seconds, to ensure
that the client aborts the request early

Original commit: elastic/x-pack-elasticsearch@718c05519f
2016-02-25 14:23:34 -08:00
Alexander Reelsen 2daef601d4 Watcher: Fix timeout tests
The current HTTP timeout tests had two problems.

* Binding to port 9200-9300
* The first request to hit was having a delay, the other ones had not,
  so if any other component hit the test inbetween (likely in a CI env),
  the HTTP request from the test itself will not be delayed.

Both cases are fixed in this commit.

Original commit: elastic/x-pack-elasticsearch@d696e020cc
2016-02-25 12:23:46 -08:00
Nik Everett c7796d5cb7 Rename more tests to match naming conventions
Original commit: elastic/x-pack-elasticsearch@d76c217bd9
2016-02-25 15:20:41 -05:00
jaymode 0522127924 Test: remove use of network.host in smoke test ssl plugins
This removes the use of a specific address in smoke test ssl plugins and instead generates
the certificate with all of the IP addresses and DNS names of the system as subject
alternative names. This required duplication and modification of some code from core's
NetworkUtils.

Original commit: elastic/x-pack-elasticsearch@576824376f
2016-02-25 13:56:46 -05:00
Alexander Reelsen 2f088a60bc Watcher: Always get HTTP response body independent from error code
When an HTTP input returns an error body, right now we check if the
error code is below 400 and only then we include the body.

However using another method from URLConnection, the body can be
access always.

Closes elastic/elasticsearch#1550

Original commit: elastic/x-pack-elasticsearch@1743fd0a77
2016-02-25 10:25:34 -08:00
Nik Everett 08e0717f6b Make tests follow naming conventions
One test wasn't running because it didn't match!

Original commit: elastic/x-pack-elasticsearch@081c6b09e2
2016-02-25 13:14:01 -05:00
uboness 7fbf5645e2 fixed checkstyle error
Original commit: elastic/x-pack-elasticsearch@7676e988a8
2016-02-25 01:50:19 -08:00