This is dependent on elastic/elasticsearchelastic/elasticsearch#19589. It also fixes the
existing files that either were missing the license header or had the
open source license header.
Original commit: elastic/x-pack-elasticsearch@2642c20381
As the specified integration tests were better suited as REST tests, I changed them into
those and removed the (partially already unused) java classes.
Original commit: elastic/x-pack-elasticsearch@f26d8d94e8
This change removes guice from most of the rest of security. It also
converts the last use of onModule in xpack extensions to a pull based
extension.
Original commit: elastic/x-pack-elasticsearch@9de072550e
Followup of elastic/elasticsearchelastic/elasticsearch#19435
Relates to elastic/elasticsearchelastic/elasticsearch#19412
Original commit: elastic/x-pack-elasticsearch@60f7047ea9
ScriptServiceProxy is a thin wrapper around the ScriptService which does
a runAs the xpack user when compiling. But script services know nothing
about xpack users, so this has no real effect. I believe this is a
remnant of when we had indexed scripts, where the compilation may have
done a get on the scripts index.
This change removes the ScriptServiceProxy. It also renames Script in
watcher to WatcherScript, to remove confusion between elasticsearch's
Script and watchers Script.
Original commit: elastic/x-pack-elasticsearch@4e2fdbc518
This change makes the internal realms factories, as well as those added
by extensions, constructed directly instead of via guice. Adding realms
in extensions is now pull based. Finally, all of the generics for realms
and realm factories have been removed.
Original commit: elastic/x-pack-elasticsearch@f0de9d2340
This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#19440. It adds a
getter on XPackExtension for extensions that add custom rest headers, in
addition to the headers registered for xpack itself.
Original commit: elastic/x-pack-elasticsearch@bd142b88c6
elastic/elasticsearchelastic/elasticsearch#19428 removes `node.mode` and `node.local` this PR
fixes xplugins to configure networking explicitly.
Original commit: elastic/x-pack-elasticsearch@ee8daa36dd
This particular test requires Elasticsearch to run on port 9400, which is not
guaranteed if the clients run their own tests, as it is a matter of configuration
in gradle.
Therefore these tests need to run in their project.
Original commit: elastic/x-pack-elasticsearch@da38407766
This changes the xpack.monitoring.agent.* settings so that they fall under xpack.monitoring.collection.*.
- This also changes Kibana's equivalent data_collection to collection.
Original commit: elastic/x-pack-elasticsearch@a69bc18055
When a painless exception is raised in the script condition, it was not bubbled up due to
catching exceptions on during execution. This removes the different catching of exceptions
and allows the watch record construct to contain an exception that is also serialized correctly
so that it can be stored in the watch history but also returned in the execute watch API.
This also updates the watch history template, so that exceptions are not indexed, but logged.
Relates elastic/elasticsearch#2587
Original commit: elastic/x-pack-elasticsearch@4dffb672bf
Today throughout the codebase, catch throwable is used with reckless
abandon. This is dangerous because the throwable could be a fatal
virtual machine error resulting from an internal error in the JVM, or an
out of memory error or a stack overflow error that leaves the virtual
machine in an unstable and unpredictable state. This commit removes
catch throwable from the codebase and removes the temptation to use it
by modifying listener APIs to receive instances of Exception instead of
the top-level Throwable.
Relates elastic/elasticsearch#2694
Original commit: elastic/x-pack-elasticsearch@7ecdd7d978
This adds the `bin/shield/migrate` tool that allows migrating users and
roles from the files to the native (API-based) store.
It looks like this:
```
λ bin/shield/migrate native -U http://localhost:9200 -u test_user -p changeme -n lee,foo -r role1,role2,role3,role4,foo
starting migration of users and roles...
importing users from [/home/hinmanm/scratch/elasticsearch-2.4.0-SNAPSHOT/config/shield/users]...
found existing users: [test_user, joe3, joe2]
migrating user [lee]
{"user":{"created":true}}
no user [foo] found, skipping
importing roles from [/home/hinmanm/scratch/elasticsearch-2.4.0-SNAPSHOT/config/shield/roles.yml]...
found existing roles: [marvel_user, role_query_fields, admin_role, role3, admin, remote_marvel_agent, power_user, role_new_format_name_array, role_run_as, logstash, role_fields, role_run_as1, role_new_format, kibana4_server, user, transport_client, role1.ab, role_query]
migrating role [role1]
{"role":{"created":true}}
migrating role [role2]
{"role":{"created":true}}
role [role3] already exists, skipping
migrating role [role4]
failed to migrate role [role4] with body: {"indices":[{"names":["idx2"]},{"names":["idx2"]},{"names":["idx1"]}]}
java.io.IOException: {"error":{"root_cause":[{"type":"parse_exception","reason":"failed to parse indices privileges for role [role4]. missing required [privileges] field"}],"type":"parse_exception","reason":"failed to parse indices privileges for role [role4]. missing required [privileges] field"},"status":400}
at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.postURL(ESNativeRealmMigrateTool.java:206)
at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.importRoles(ESNativeRealmMigrateTool.java:389)
at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.execute(ESNativeRealmMigrateTool.java:171)
at org.elasticsearch.common.cli.CliTool.execute(CliTool.java:153)
at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool.main(ESNativeRealmMigrateTool.java:91)
Caused by: java.io.IOException: Server returned HTTP response code: 400 for URL: http://localhost:9200/_shield/role/role4
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1840)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at org.elasticsearch.shield.authc.esusers.tool.ESNativeRealmMigrateTool$MigrateUserOrRoles.postURL(ESNativeRealmMigrateTool.java:192)
... 4 more
no role [foo] found, skipping
users and roles imported.
```
Original commit: elastic/x-pack-elasticsearch@3ce47c0ffd
The search type is overridden from default to query_and_fetch by the search action if the number of shards to request is equal to 1
Original commit: elastic/x-pack-elasticsearch@a9552c697c
Nik Everett
Chris Earle
Martijn van Groningen
Alexander Reelsen
Ryan Ernst
javanna
Simon Willnauer
Jason Tedor
Lee Hinman
Simon Willnauer
jaymode
Tanguy Leroux