This is dependent on elastic/elasticsearchelastic/elasticsearch#19589. It also fixes the
existing files that either were missing the license header or had the
open source license header.
Original commit: elastic/x-pack-elasticsearch@2642c20381
The response status code was stored in the result of an http input,
but inaccessible in the payload itself and could not be used in
scripts.
This puts the status code in the payload under the name '_status_code',
similar to the '_headers' variable, which already stores the headers.
Original commit: elastic/x-pack-elasticsearch@dff2a39535
Background: When a watch has been acked, but the condition evaluates to false again,
the watch must be marked as dirty - which means it needs to be persisted to the watches
index - so in case of a master node switch this information is not lost.
This commit fixes the setting of the `dirty` field in the watch status, in case
the condition is not met, but some actions have been acked.
Original commit: elastic/x-pack-elasticsearch@1a55a45b14
The license code currently has a Licensee implementation per feature,
which is updated by the license service. This meant maintaining a
listener type feature for the license service, and having an abstract
listener and such. The licensee class also mixed in stuff only needed by
the license service (acknowledgement messages).
This change collapses all the methods from licensees into
XPackLicenseState. The naming was inconsistent across licensee
implementations, so here it is standardized on `is*Allowed()`. There are
also a number of tests which should be consolidated for testing the
license service but that is left for a future change. I also removed
collector tests that were testing license: that is better left for the
direct tests of the license state in XPackLicenseStateTests.
Original commit: elastic/x-pack-elasticsearch@734871e870
The LicenseState class exists to distinguish when a license is enabled,
vs being inside its grace period. However, the consumers of this state
do not care whether the license is in the grace period, they view that
and an active license as the same thing. The only part that cares about
the grace period is in the license service which logs a warning when a
license begins its grace period.
This change removes the LicenseState enum in favor of a simple boolean
indicating whether the license is active.
Original commit: elastic/x-pack-elasticsearch@5a90a0e3d4
As the specified integration tests were better suited as REST tests, I changed them into
those and removed the (partially already unused) java classes.
Original commit: elastic/x-pack-elasticsearch@f26d8d94e8
We only have one license in 5.x. This change renames the service that
mantains the license state on each node to reflect that fact.
Original commit: elastic/x-pack-elasticsearch@bb241b30cb
This change removes guice from most of the rest of security. It also
converts the last use of onModule in xpack extensions to a pull based
extension.
Original commit: elastic/x-pack-elasticsearch@9de072550e
Both AuthenticationService and AuthorizationService are currently
interfaces with single implementations. This is unnecessary, and makes
it harder to deguice. This change removes the abstractions and leaves
just AuthenticationService and AuthorizationService.
Original commit: elastic/x-pack-elasticsearch@d04c897ae4
AuditTrailService
We currently have a number of actions and components which try to write
to the audit trail. But they do so by expecting a bound AuditTrail
object. In reality, this should always be AuditTrailService, except when
security is disabled. This change removes the use of the AuditTrail
interface for that purpose, and instead makes the AuditTrailService
allow an empty list of trails, so that it is always bound when running
on a node.
Original commit: elastic/x-pack-elasticsearch@9559dbd6c1
This commit removes the SelfReschedulingRunnable and changes the native stores
to use the threadpool for scheduling again since we have now fixed the issue in core.
Original commit: elastic/x-pack-elasticsearch@50030e31ff
This is useful if an index is shared with many small customers, which are to small to have their own index or shard,
and in order to share an index safely they will need to use document level security. This processor can then automatically
add the username or roles of the current authenticated user to the documents being indexed, so that the DLS query can be simple. (`username: abc` only return data inserted by user abc)
Closeselastic/elasticsearch#2738
Original commit: elastic/x-pack-elasticsearch@f4df2f6d6f
Currently the security context is an object passed around to code
needing to check the user for the current request. Like recent
InternalClient changes, it current depends on the AuthenticationService,
but can be simplified by only knowing about the thread context and
crypto service. This change makes SecurityContext a class, instead of an
interface, and removes the dependency on AuthenticationService.
Original commit: elastic/x-pack-elasticsearch@b8af75e8cb
Ryan Ernst
Shaunak Kashyap
Nik Everett
Tim Sullivan
Alexander Reelsen
Martijn van Groningen
Luca Cavanna
javanna
Lukas Olson
Jim Ferenczi
Britta Weber
Jonathan Budzenski
jaymode
Court Ewing
Yannick Welsch