honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-03-09 14:34:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
213 Commits 7 Branches 6 Tags
Commit Graph

213 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexander Reelsen
2f3fe95f7e esvm: Fix roles configuration used by esvm 
Original commit: elastic/x-pack-elasticsearch@7a25eff61c
 2014-10-23 14:36:49 -07:00
Paul Echeverri
b3789a74e4 Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback 
Conflicts:
	docs/public/04-authorization.asciidoc
	docs/public/clients/logstash.asciidoc

Original commit: elastic/x-pack-elasticsearch@699aa52379
 2014-10-23 14:01:41 -07:00
Alexander Reelsen
a52993db78 esvm: Added user configurations to make esvm usable again 
Also added a logstash configuration for simple performance
testing (useful for comparing different hash functions)

Original commit: elastic/x-pack-elasticsearch@c9f08fbb12
 2014-10-23 10:34:04 -07:00
uboness
a287863ab0 Added cluster & indices monitoring privileges to System 
This is required for marvel agent to collect its data.

Closes elastic/elasticsearch#137

Original commit: elastic/x-pack-elasticsearch@c1ed58aafb
 2014-10-23 19:19:50 +02:00
uboness
b7dac66c8a Changed the cached hashing algorithm for cached realms 
Now the passwords are hashed in-memory using SHA2 by default (instead of original bcrypt). Also, it's now possible to configure the in-memory hashing algorithm.

Original commit: elastic/x-pack-elasticsearch@e2d1b3116b
 2014-10-23 19:15:31 +02:00
uboness
521ebe4672 Change the way patterns are resolved in roles.yml 
Now, there are two types of supported patters:

- wildcards (default) - simple wildcard match where `*` indicates zero or more characters and `?` indicates a single character (`\` can be used as an escape charachter)
- regular expressions - can be "enabled" by wrapping the pattern in `/` (e.g. `/foo.*/`). The regex syntax is based on lucene's regex syntax (not Java's Pattern).

Closes elastic/elasticsearch#253

Original commit: elastic/x-pack-elasticsearch@edd912122d
 2014-10-23 19:04:01 +02:00
Paul Echeverri
d46b13e4f5 Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback 
Original commit: elastic/x-pack-elasticsearch@9d1e4019e3
 2014-10-23 09:21:35 -07:00
uboness
82648c240f Fixed typo in esusers help 
Closes elastic/elasticsearch#216

Original commit: elastic/x-pack-elasticsearch@07b4782cdc
 2014-10-23 12:42:40 +02:00
uboness
9b6823683c Added some missing logging around realms 
Closes elastic/elasticsearch#214

Original commit: elastic/x-pack-elasticsearch@648410ff8f
 2014-10-23 11:15:02 +02:00
uboness
b2ffc1d7b9 Better error message for parsing error of role.yml 
added the role name to the error message where the parsing error was encountered.

Closes elastic/elasticsearch#245

Original commit: elastic/x-pack-elasticsearch@303b932864
 2014-10-23 11:02:31 +02:00
Paul Echeverri
a6ba0eec2d Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback 
Conflicts:
	docs/public/06-ldap.asciidoc
	docs/public/08-auditing.asciidoc
	docs/structured/01-introduction.asciidoc
	docs/structured/02-architecture.asciidoc

Original commit: elastic/x-pack-elasticsearch@ddf1f0d910
 2014-10-22 16:34:16 -07:00
c-a-m
b5b6a1093c Fixes filename case typo 
This fixes a file-name case typo for LdapSslSocketFactory

Original commit: elastic/x-pack-elasticsearch@fb71a1116e
 2014-10-22 17:12:46 -06:00
c-a-m
4b0f7c4379 Fixed the url settings to only call the toArray. Plus I changed one of the tests to use the single value style 
Original commit: elastic/x-pack-elasticsearch@16326d2b6c
 2014-10-22 17:00:55 -06:00
c-a-m
f517a6a8f3 Refactors "urls" -> "url" 
This lets the url be configured as a single element (the most likely usage) or as an array.  This also checks that multiple urls are either all "ldaps", or all "ldap", as it is not possible to mix them.

Original commit: elastic/x-pack-elasticsearch@b5a94b1d35
 2014-10-22 17:00:55 -06:00
uboness
0777e8d94f Fixed a bug in Permissions with multiple indices permission groups 
The evalutation of the indices permission groups was wrong. Now, each index in the request is evaluated against all groups, such that:
  1. for each index, at least one group must grant the request
  2. all indices must be granted

  Along the way, also changed the audit logs structures such that:
  - moved the principal to "sit" next to the host
  - now, if we're logging an indices request, we also log the related indices (this provides more context to the actual request)

  Fixes elastic/elasticsearch#242

Original commit: elastic/x-pack-elasticsearch@95600d3148
 2014-10-23 00:46:56 +02:00
Paul Echeverri
1f390cc654 Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback 
Original commit: elastic/x-pack-elasticsearch@1dc6bee15d
 2014-10-22 15:46:54 -07:00
Paul Echeverri
df7eba437e Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback 
Original commit: elastic/x-pack-elasticsearch@4f890b59f6
 2014-10-22 13:49:15 -07:00
Paul Echeverri
d34c7cddf3 Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback 
Conflicts:
	docs/structured/03-getting-started.asciidoc
	docs/structured/06-ldap.asciidoc
	docs/structured/authentication/message-authentication.asciidoc

Original commit: elastic/x-pack-elasticsearch@642beb53ca
 2014-10-22 12:02:29 -07:00
uboness
fa48c46813 Skip authentication for rest OPTIONS call 
this is required by CORS for unauthenticated pre-flight OPTIONS requests

Closes elastic/elasticsearch#234

Original commit: elastic/x-pack-elasticsearch@c368b2cf27
 2014-10-22 19:29:20 +02:00
uboness
3d71356596 Fixes Transport Client that start up with shield in the classpath 
Now a NOOP transport filter is bound by to the secured transport service in a transport client

Fixes elastic/elasticsearch#165

Original commit: elastic/x-pack-elasticsearch@7268bd445c
 2014-10-22 06:18:59 +02:00
Paul Echeverri
afbb81fe53 Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback 
Original commit: elastic/x-pack-elasticsearch@83e163e463
 2014-10-21 12:47:00 -07:00
Paul Echeverri
45858f33c5 Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback 
Original commit: elastic/x-pack-elasticsearch@31b0cf72db
 2014-10-21 12:27:50 -07:00
Paul Echeverri
59e66bd373 Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback 
Original commit: elastic/x-pack-elasticsearch@453d353111
 2014-10-21 12:26:55 -07:00
Suyog Rao
ce6646df2b Fix typo in esusers help description 
Closes elastic/elasticsearch#222

Original commit: elastic/x-pack-elasticsearch@6c513be2aa
 2014-10-20 22:44:06 -07:00
Paul Echeverri
21dfc7bfed Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback 
Original commit: elastic/x-pack-elasticsearch@f7a6f816b8
 2014-10-20 13:47:26 -07:00
c-a-m
229c9c6c7d Truststore not needed when client auth is off 
With this change the truststore is loaded only if client-auth is turned on.  This is causing problems
because we never expect the http endpoint to have client auth, but it still requires us to have a truststore

Fixes https://github.com/elasticsearch/elasticsearch-shield/issues/221

Original commit: elastic/x-pack-elasticsearch@40e2dc4de6
 2014-10-17 18:24:16 -07:00
c-a-m
91bbc5b2ea Fixes default ldap group to role mapping file 
Description: This fixes the name of the default file for group to role mapping.  It was missing the extension

Fixes https://github.com/elasticsearch/elasticsearch-shield/issues/223

Original commit: elastic/x-pack-elasticsearch@9ffcafd41e
 2014-10-17 18:11:51 -07:00
uboness
836540455a Added additional Hasher implementations 
- `BCRYPT`, `MD5`, `SHA1`, `SHA2`,
 - Also removed the support for bcrypt minor version y (i.e. $2y$) as it's not supported by our BCrypt implementation

Original commit: elastic/x-pack-elasticsearch@12cf024a59
 2014-10-17 16:40:06 -07:00
Paul Echeverri
8b024befbf Merge branch 'doc-feedback' of https://github.com/palecur/elasticsearch-shield into doc-feedback 
Conflicts:
	docs/structured/01-introduction.asciidoc
	docs/structured/02-architecture.asciidoc
	docs/structured/03-getting-started.asciidoc
	docs/structured/appendices/01-reference.asciidoc
	docs/structured/authentication/ldap.asciidoc
	docs/structured/authentication/message-authentication.asciidoc

Original commit: elastic/x-pack-elasticsearch@f0b7511ec7
 2014-10-17 13:40:27 -07:00
c-a-m
1224454714 ldap: truststore fix for issue 168 
https://github.com/elasticsearch/elasticsearch-shield/issues/168
This makes configuring a truststore for LDAP optional.

Original commit: elastic/x-pack-elasticsearch@944a7deb28
 2014-10-16 17:57:54 -07:00
Paul Echeverri
2df57f0259 Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback 
Conflicts:
	docs/structured/authentication/esusers.asciidoc
	docs/structured/authentication/ldap.asciidoc

Original commit: elastic/x-pack-elasticsearch@c270c60d27
 2014-10-16 15:32:17 -07:00
c-a-m
547756f0c8 ldap: Changed default ldap behaviours 
Changed URL default to ldaps and port 636.  No mode now defaults to ldap.
Added miscelleneous documentation for active directory.  Incorrect mode now
throws an exception

Original commit: elastic/x-pack-elasticsearch@0239380668
 2014-10-16 15:09:10 -07:00
uboness
490409d7eb Fixes build errors around resource watching related tests 
Original commit: elastic/x-pack-elasticsearch@a3614ce8c1
 2014-10-16 14:40:08 -07:00
uboness
751142a600 Changed the default file watching delays to the minimum 
Currently the minimum delay defaults to 5 seconds in es

Fixes elastic/elasticsearch#196

Original commit: elastic/x-pack-elasticsearch@3a99883a90
 2014-10-16 13:04:07 -07:00
Paul Echeverri
9a6600a2f3 Merge branch 'doc-feedback' of https://github.com/palecur/elasticsearch-shield 
Conflicts:
	docs/public/01-introduction.asciidoc
	docs/public/02-architecture.asciidoc
	docs/public/03-gettingstarted.asciidoc
	docs/public/04-administration.asciidoc

Merging PR # 160, modulo RBAC diagram.

Original commit: elastic/x-pack-elasticsearch@5eeb9d82a3
 2014-10-15 16:46:32 -07:00
uboness
ffeb0b4332 Changed all configuration files to be visible 
Original commit: elastic/x-pack-elasticsearch@f1db8b43bb
 2014-10-15 15:22:00 -07:00
javanna
97df195c02 [TEST] adapt ShieldRestTests to new users_roles format 
Original commit: elastic/x-pack-elasticsearch@455a4e3fbc
 2014-10-14 10:54:21 +02:00
javanna
aaf1762bd6 [TEST] adapted users_roles tests to new format role:users 
Original commit: elastic/x-pack-elasticsearch@d1aef6900c
 2014-10-14 10:32:45 +02:00
uboness
78377c7cd2 Change users_roles format to be keyed by roles 
Having roles as the keys is more aligned with the LDAP role_mapping file and with linux's group file (where the groups serve as the keys)

Also added support for comment lines (starting with `#`) in `.users` and `.users_roles` files

Original commit: elastic/x-pack-elasticsearch@60faf7330f
 2014-10-13 15:10:07 -07:00
uboness
4621bb7620 Fixed the HasherTests so they'll pass under windows 
Original commit: elastic/x-pack-elasticsearch@69a0a00751
 2014-10-13 14:40:24 -07:00
c-a-m
858e7e9e35 users: Removed default users and user->role mappings 
This will force users to create a user via the esusers
This also adds log warning when no users are found.

Original commit: elastic/x-pack-elasticsearch@3c31f8d3b0
 2014-10-13 13:56:54 -06:00
c-a-m
07875c530c bug: Invalid role causing NPE 
https://github.com/elasticsearch/elasticsearch-shield/issues/116

This removes null predicates that result from roles without any privileges.

Original commit: elastic/x-pack-elasticsearch@9e90237f1c
 2014-10-13 10:13:18 -06:00
javanna
f69c1c616a FilesUserRolesStore to return an empty array when there's no roles for a user 
This prevents us from spreading the null invariant all over the place ending up with causing NPEs.

Closes elastic/elasticsearch#147

Original commit: elastic/x-pack-elasticsearch@3d5adf94ec
 2014-10-13 11:26:01 +02:00
javanna
6173496a52 [TEST] fixed typo s/ingored/ignored 
Original commit: elastic/x-pack-elasticsearch@7301340df8
 2014-10-13 11:26:01 +02:00
uboness
5b3ae0c4d9 Added caching to allowed indices matcher 
In order to prevent too many automata constructions (which can be expensive) all the time, the automatas are now cached per action/privilege (since there are limited number of those, we don't expect a cache explosion).

 Closes elastic/elasticsearch#125

Original commit: elastic/x-pack-elasticsearch@27a4e1fdbe
 2014-10-10 19:26:45 +02:00
javanna
f2aca1e9bc Cli tools: make sure that the status code is returned from scripts 
The status code wasn't returned from java mains (always 0), also it got lost anyway within our scripts that are calling the java mains.

Relates to elastic/elasticsearch#142

Original commit: elastic/x-pack-elasticsearch@db62486605
 2014-10-10 14:40:42 +02:00
javanna
bad27996f9 [TEST] improved registered actions sanity check test 
Shield needs to know about all the actions that are registered in core. We now check not only the external actions, meaning the classes that implement the Action interface, exposed via java api, but also all the transport handlers registered through the transport, which will contains all shard/node level actions plus the internal actions that are not exposed via java api.

We maintain two files, one for external actions, and one for the internal ones, and we check whether actions have been added or removed to/from core, to make sure we know about those changes.

Original commit: elastic/x-pack-elasticsearch@d6b68c44ee
 2014-10-10 12:16:49 +02:00
Karel Minarik
5514201d4d Fixed typo in esusers command description 
Closes elastic/elasticsearch#140

Original commit: elastic/x-pack-elasticsearch@223e76fc3f
 2014-10-10 12:08:26 +02:00
javanna
c20e4efe2d Improve error message when the cluster has no indices 
When the indices are empty, replaced the error message `IndexMissingException[[[]] missing]` with `IndexMissingException[[[_all]] missing]`

Closes elastic/elasticsearch#138

Original commit: elastic/x-pack-elasticsearch@b590547722
 2014-10-09 16:32:01 +02:00
c-a-m
7f77627396 Merge branch 'mrsolo-enhance/static' 
Original commit: elastic/x-pack-elasticsearch@c62fc1e081
 2014-10-07 11:07:59 -06:00