Merge branch 'master' of github.com:elastic/kibana into implement/kib…

…ana-index-template

bin/kibana-keystore

@@ -0,0 +1,24 @@
+#!/bin/sh
+SCRIPT=$0
+
+# SCRIPT may be an arbitrarily deep series of symlinks. Loop until we have the concrete path.
+while [ -h "$SCRIPT" ] ; do
+  ls=$(ls -ld "$SCRIPT")
+  # Drop everything prior to ->
+  link=$(expr "$ls" : '.*-> \(.*\)$')
+  if expr "$link" : '/.*' > /dev/null; then
+    SCRIPT="$link"
+  else
+    SCRIPT=$(dirname "$SCRIPT")/"$link"
+  fi
+done
+
+DIR="$(dirname "${SCRIPT}")/.."
+NODE="${DIR}/node/bin/node"
+test -x "$NODE" || NODE=$(which node)
+if [ ! -x "$NODE" ]; then
+  echo "unable to find usable node.js executable."
+  exit 1
+fi
+
+"${NODE}" "${DIR}/src/cli_keystore" "$@"

bin/kibana-keystore.bat

@@ -0,0 +1,29 @@
+@echo off
+
+SETLOCAL
+
+set SCRIPT_DIR=%~dp0
+for %%I in ("%SCRIPT_DIR%..") do set DIR=%%~dpfI
+
+set NODE=%DIR%\node\node.exe
+
+WHERE /Q node
+IF %ERRORLEVEL% EQU 0 (
+  for /f "delims=" %%i in ('WHERE node') do set SYS_NODE=%%i
+)
+
+If Not Exist "%NODE%" (
+  IF Exist "%SYS_NODE%" (
+    set "NODE=%SYS_NODE%"
+  ) else (
+    Echo unable to find usable node.js executable.
+    Exit /B 1
+  )
+)
+
+TITLE Kibana Keystore
+"%NODE%" "%DIR%\src\cli_keystore" %*
+
+:finally
+
+ENDLOCAL

docs/setup.asciidoc

@@ -50,6 +50,8 @@ include::setup/install.asciidoc[]
 
 include::setup/settings.asciidoc[]
 
+include::setup/secure-settings.asciidoc[]
+
 include::setup/docker.asciidoc[]
 
 include::setup/access.asciidoc[]

docs/setup/secure-settings.asciidoc

@@ -0,0 +1,64 @@
+[[secure-settings]]
+=== Secure Settings
+
+Some settings are sensitive, and relying on filesystem permissions to protect
+their values is not sufficient. For this use case, Kibana provides a
+keystore, and the `kibana-keystore` tool to manage the settings in the keystore.
+
+NOTE: All commands here should be run as the user which will run Kibana.
+
+[float]
+[[creating-keystore]]
+=== Creating the keystore
+
+To create the `kibana.keystore`, use the `create` command:
+
+[source,sh]
+----------------------------------------------------------------
+bin/kibana-keystore create
+----------------------------------------------------------------
+
+The file `kibana.keystore` will be created in the directory defined by the
+`path.data` configuration setting.
+
+[float]
+[[list-settings]]
+=== Listing settings in the keystore
+
+A list of the settings in the keystore is available with the `list` command:
+
+[source,sh]
+----------------------------------------------------------------
+bin/kibana-keystore list
+----------------------------------------------------------------
+
+[float]
+[[add-string-to-keystore]]
+=== Adding string settings
+
+Sensitive string settings, like authentication credentials for Elasticsearch
+can be added using the `add` command:
+
+[source,sh]
+----------------------------------------------------------------
+bin/kibana-keystore add the.setting.name.to.set
+----------------------------------------------------------------
+
+The tool will prompt for the value of the setting. To pass the value
+through stdin, use the `--stdin` flag:
+
+[source,sh]
+----------------------------------------------------------------
+cat /file/containing/setting/value | bin/kibana-keystore add --stdin the.setting.name.to.set
+----------------------------------------------------------------
+
+[float]
+[[remove-settings]]
+=== Removing settings
+
+To remove a setting from the keystore, use the `remove` command:
+
+[source,sh]
+----------------------------------------------------------------
+bin/kibana-keystore remove the.setting.name.to.remove
+----------------------------------------------------------------

docs/visualize/tilemap.asciidoc

@@ -33,7 +33,7 @@ Enter a string in the *Custom Label* field to change the display label.
 
 ===== Buckets
 
-Coordinate maps use the {es-ref}search-aggregations-bucket-geohashgrid-aggregation.html[_geohash_] aggregation. Select a field, typically coordinates, from the
+Coordinate maps use the {ref}/search-aggregations-bucket-geohashgrid-aggregation.html[_geohash_] aggregation. Select a field, typically coordinates, from the
 drop-down.
 
 - The_Change precision on map zoom_ box is checked by default. Uncheck the box to disable this behavior.

package.json

@@ -57,8 +57,8 @@
     "precommit": "grunt precommit",
     "karma": "karma start",
     "elasticsearch": "grunt esvm:dev:keepalive",
-    "lint": "grunt eslint:source",
-    "lintroller": "grunt eslint:fixSource",
+    "lint": "echo 'use `node scripts/eslint`' && false",
+    "lintroller": "echo 'use `node scripts/eslint --fix`' && false",
     "makelogs": "echo 'use `node scripts/makelogs`' && false",
     "mocha": "echo 'use `node scripts/mocha`' && false",
     "sterilize": "grunt sterilize",

scripts/eslint.js

@@ -0,0 +1,2 @@
+require('../src/babel-register');
+require('../src/dev/run_eslint');

src/cli/serve/__tests__/read_yaml_config.js

@@ -1,6 +1,6 @@
 import expect from 'expect.js';
 import { join, relative, resolve } from 'path';
-import readYamlConfig from '../read_yaml_config';
+import { readYamlConfig } from '../read_yaml_config';
 
 function fixture(name) {
   return resolve(__dirname, 'fixtures', name);

src/cli/serve/__tests__/reload_logging_config.js

@@ -3,7 +3,7 @@ import { writeFileSync } from 'fs';
 import { relative, resolve } from 'path';
 import { safeDump } from 'js-yaml';
 import es from 'event-stream';
-import readYamlConfig from '../read_yaml_config';
+import { readYamlConfig } from '../read_yaml_config';
 import expect from 'expect.js';
 
 const testConfigFile = follow(`fixtures/reload_logging_config/kibana.test.yml`);

src/cli/serve/read_keystore.js

@@ -0,0 +1,26 @@
+import { join } from 'path';
+import { set } from 'lodash';
+
+import { Keystore } from '../../server/keystore';
+import { getData } from '../../server/path';
+
+export function loadKeystore() {
+  const path = join(getData(), 'kibana.keystore');
+
+  const keystore = new Keystore(path);
+  keystore.load();
+
+  return keystore;
+}
+
+export function readKeystore() {
+  const keystore = loadKeystore();
+  const keys = Object.keys(keystore.data);
+
+  const data = {};
+  keys.forEach(key => {
+    set(data, key, keystore.data[key]);
+  });
+
+  return data;
+}

src/cli/serve/read_yaml_config.js

@@ -24,7 +24,7 @@ export function merge(sources) {
   }, {});
 }
 
-export default function (paths) {
+export function readYamlConfig(paths) {
   const files = [].concat(paths || []);
   const yamls = files.map(path => safeLoad(read(path, 'utf8')));
   return merge(yamls);

src/cli/serve/serve.js

@@ -2,9 +2,11 @@ import _ from 'lodash';
 import { statSync } from 'fs';
 import { isWorker } from 'cluster';
 import { resolve } from 'path';
+
 import { fromRoot } from '../../utils';
 import { getConfig } from '../../server/path';
-import readYamlConfig from './read_yaml_config';
+import { readYamlConfig } from './read_yaml_config';
+import { readKeystore } from './read_keystore';
 
 import { DEV_SSL_CERT_PATH, DEV_SSL_KEY_PATH } from '../dev_ssl';
 
@@ -67,6 +69,7 @@ function readServerSettings(opts, extraCliOptions) {
     opts.pluginPath
   )));
 
+  merge(readKeystore());
   merge(extraCliOptions);
 
   return settings;

src/cli_keystore/__tests__/add.js

@@ -0,0 +1,134 @@
+import expect from 'expect.js';
+import sinon from 'sinon';
+import mockFs from 'mock-fs';
+import { PassThrough } from 'stream';
+
+import { Keystore } from '../../server/keystore';
+import { add } from '../add';
+import Logger from '../../cli_plugin/lib/logger';
+import * as prompt from '../../server/utils/prompt';
+
+describe('Kibana keystore', () => {
+  describe('add', () => {
+    const sandbox = sinon.sandbox.create();
+
+    const keystoreData = '1:IxR0geiUTMJp8ueHDkqeUJ0I9eEw4NJPXIJi22UDyfGfJSy4mH'
+      + 'BBuGPkkAix/x/YFfIxo4tiKGdJ2oVTtU8LgKDkVoGdL+z7ylY4n3myatt6osqhI4lzJ9M'
+      + 'Ry21UcAJki2qFUTj4TYuvhta3LId+RM5UX/dJ2468hQ==';
+
+    beforeEach(() => {
+      mockFs({
+        '/data': {
+          'test.keystore': JSON.stringify(keystoreData),
+        }
+      });
+
+      sandbox.stub(prompt, 'confirm');
+      sandbox.stub(prompt, 'question');
+
+      sandbox.stub(Logger.prototype, 'log');
+      sandbox.stub(Logger.prototype, 'error');
+    });
+
+    afterEach(() => {
+      mockFs.restore();
+      sandbox.restore();
+    });
+
+    it('returns an error for a nonexistent keystore', async () => {
+      const keystore = new Keystore('/data/nonexistent.keystore');
+      const message = 'ERROR: Kibana keystore not found. Use \'create\' command to create one.';
+
+      await add(keystore, 'foo');
+
+      sinon.assert.calledOnce(Logger.prototype.error);
+      sinon.assert.calledWith(Logger.prototype.error, message);
+    });
+
+    it('does not attempt to create a keystore', async () => {
+      const keystore = new Keystore('/data/nonexistent.keystore');
+      sandbox.stub(keystore, 'save');
+
+      await add(keystore, 'foo');
+
+      sinon.assert.notCalled(keystore.save);
+    });
+
+    it('prompts for existing key', async () => {
+      prompt.confirm.returns(Promise.resolve(true));
+      prompt.question.returns(Promise.resolve('bar'));
+
+      const keystore = new Keystore('/data/test.keystore');
+      await add(keystore, 'a2');
+
+      sinon.assert.calledOnce(prompt.confirm);
+      sinon.assert.calledOnce(prompt.question);
+
+      const { args } = prompt.confirm.getCall(0);
+
+      expect(args[0]).to.eql('Setting a2 already exists. Overwrite?');
+    });
+
+    it('aborts if overwrite is denied', async () => {
+      prompt.confirm.returns(Promise.resolve(false));
+
+      const keystore = new Keystore('/data/test.keystore');
+      await add(keystore, 'a2');
+
+      sinon.assert.notCalled(prompt.question);
+
+      sinon.assert.calledOnce(Logger.prototype.log);
+      sinon.assert.calledWith(Logger.prototype.log, 'Exiting without modifying keystore.');
+    });
+
+    it('overwrites without prompt if force is supplied', async () => {
+      prompt.question.returns(Promise.resolve('bar'));
+
+      const keystore = new Keystore('/data/test.keystore');
+      sandbox.stub(keystore, 'save');
+
+      await add(keystore, 'a2', { force: true });
+
+      sinon.assert.notCalled(prompt.confirm);
+      sinon.assert.calledOnce(keystore.save);
+    });
+
+    it('trims value', async () => {
+      prompt.question.returns(Promise.resolve('bar\n'));
+
+      const keystore = new Keystore('/data/test.keystore');
+      sandbox.stub(keystore, 'save');
+
+      await add(keystore, 'foo');
+
+      expect(keystore.data.foo).to.eql('bar');
+    });
+
+    it('persists updated keystore', async () => {
+      prompt.question.returns(Promise.resolve('bar\n'));
+
+
+      const keystore = new Keystore('/data/test.keystore');
+      sandbox.stub(keystore, 'save');
+
+      await add(keystore, 'foo');
+
+      sinon.assert.calledOnce(keystore.save);
+    });
+
+    it('accepts stdin', async () => {
+      const keystore = new Keystore('/data/test.keystore');
+      sandbox.stub(keystore, 'save');
+
+      const stdin = new PassThrough();
+      process.nextTick(() => {
+        stdin.write('kibana\n');
+        stdin.end();
+      });
+
+      await add(keystore, 'foo', { stdin });
+
+      expect(keystore.data.foo).to.eql('kibana');
+    });
+  });
+});