New ES REST plugin

Hi all,

I'm really new to ES plugin development, but today I wrote my own because I
needed this feature which was not available. All the description is in the
Github page.
All in all, it's a very small RestFilter.
I'm not even sure if I structured the code correctly, so I'd really
appreciate a code review!

Thank you! :slight_smile:

-Simone

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/30fceb1a-ceb3-4425-9485-bcdc4c525001%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Salve Simone,

Your installation instructions have links to my plugin. :slight_smile: Otherwise good
job.

--
Ivan

On Fri, Dec 6, 2013 at 6:56 AM, Simone Scarduzio scarduzio@gmail.comwrote:

Hi all,

I'm really new to ES plugin development, but today I wrote my own because
I needed this feature which was not available. All the description is in
the Github page.
All in all, it's a very small RestFilter.
I'm not even sure if I structured the code correctly, so I'd really
appreciate a code review!

Thank you! :slight_smile:

GitHub - sscarduzio/elasticsearch-readonlyrest-plugin: Free Elasticsearch security plugin and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing

-Simone

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/30fceb1a-ceb3-4425-9485-bcdc4c525001%40googlegroups.com
.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQCMf7arKMwkJQff67DSVHHptVb3Ax6e2XWkNdevPmY4jQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Haha thanks Ivan, did you notice you are also in the README.md as well?
Will fix the link soon, but once again thank you for taking the time to put
together the tutorial in the first place!

I have one more question though.
I'd like to allow indexing from selected hosts (localhost, mainly). I
didn't find any clear way to do this in the ResFilter.process(RestRequest
request, RestChannel channel, RestFilterChain filterChain) method. Looks
like the API is not supporting me in offering the origin IP address. Am I
missing something?

-Simone

On Friday, December 6, 2013 5:19:55 PM UTC+1, Ivan Brusic wrote:

Salve Simone,

Your installation instructions have links to my plugin. :slight_smile: Otherwise good
job.

--
Ivan

On Fri, Dec 6, 2013 at 6:56 AM, Simone Scarduzio <scar...@gmail.com<javascript:>

wrote:

Hi all,

I'm really new to ES plugin development, but today I wrote my own because
I needed this feature which was not available. All the description is in
the Github page.
All in all, it's a very small RestFilter.
I'm not even sure if I structured the code correctly, so I'd really
appreciate a code review!

Thank you! :slight_smile:

GitHub - sscarduzio/elasticsearch-readonlyrest-plugin: Free Elasticsearch security plugin and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing

-Simone

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/30fceb1a-ceb3-4425-9485-bcdc4c525001%40googlegroups.com
.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/22e93ef7-95cc-46b3-8e2e-a28c83adcb5e%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

The ES REST module does not expose Netty channels for examination in a REST
action.

J枚rg

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAKdsXoHqD-75DscLLb-4DZ%3DuwzHDterTzVdo5CgaED9-dqRJhQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Hi Jorg, thanks for quick response.
I'm curious about the reason behind this design decision.
Or is it a sort of statement, since I understood that ES team is afraid of bloating the project with security?

-Simone

-Simone

On Saturday, 7 December 2013 at 11:37, joergprante@gmail.com wrote:

The ES REST module does not expose Netty channels for examination in a REST action.

J枚rg

--
You received this message because you are subscribed to a topic in the Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/elasticsearch/IGaKwn5Zosw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to elasticsearch+unsubscribe@googlegroups.com (mailto:elasticsearch+unsubscribe@googlegroups.com).
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAKdsXoHqD-75DscLLb-4DZ%3DuwzHDterTzVdo5CgaED9-dqRJhQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/E4BAEADEDC794E979E858BB478B27AC8%40gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

I can't speak for ES core team.

From what I can imagine is that from an architectural view, it would be
rather unpleasant to have implementation dependent details exposed to
plugins using ES REST API (here: Netty 3.x socket channels, and Netty seems
not considering providing socket channel adapters
https://github.com/netty/netty/pull/1050 which would ease switching
implementations without ES REST API change).

J枚rg

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAKdsXoG244Utip6GinvWqiE8t06tKB%3DM2G16RCXb4yLSvrRLBg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Hi Simone,

maybe this is interesting for you

Am Samstag, 7. Dezember 2013 17:21:49 UTC+1 schrieb J枚rg Prante:

I can't speak for ES core team.

From what I can imagine is that from an architectural view, it would be
rather unpleasant to have implementation dependent details exposed to
plugins using ES REST API (here: Netty 3.x socket channels, and Netty seems
not considering providing socket channel adapters
Implement socket channel adapter by md-5 路 Pull Request #1050 路 netty/netty 路 GitHub which would ease switching
implementations without ES REST API change).

J枚rg

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/50fc5225-03db-4860-be07-cd27f82c54b2%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Hi Hendrik,

I saw that plugin already. I think it's solving a different problem:
authentication and permissions. What I want to achieve is public
availability of a subset of the API.
Another thing I don't want to throw away is the Netty based HTTP stack,
especially if the alternative is Tomcat!

However, I was bored about the fact I could not have the remote address
available by ES REST module and I used reflection to obtain just what I
wanted. I evolved quite a bit my plugin during the weekend. Now supports IP
address whitelist, reject requests by regular expressions, custom reject
string and configuration via conf/elasticsearch.yml

Pretty satisfied with the result :slight_smile:

On Saturday, December 7, 2013 11:48:00 PM UTC+1, Hendrik wrote:

Hi Simone,

maybe this is interesting for you
GitHub - salyh/elasticsearch-security-plugin: Kerberos, LDAP, Active Directory, PKI/SSL/TLS and host/ip based ACL coarse-grained and document level security for elasticsearch (Authentication, Authorization, Auth, Spnego, ACL, Mutual authentication)

Am Samstag, 7. Dezember 2013 17:21:49 UTC+1 schrieb J枚rg Prante:

I can't speak for ES core team.

From what I can imagine is that from an architectural view, it would be
rather unpleasant to have implementation dependent details exposed to
plugins using ES REST API (here: Netty 3.x socket channels, and Netty seems
not considering providing socket channel adapters
Implement socket channel adapter by md-5 路 Pull Request #1050 路 netty/netty 路 GitHub which would ease switching
implementations without ES REST API change).

J枚rg

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/e13a7ff6-16e6-4a5c-813d-127ff71666f8%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.