Open Distro Security for Elasticsearch

Open Distro For Elasticsearch Security

License

License

Categories

Categories

Security Search Business Logic Libraries Elasticsearch
GroupId

GroupId

com.amazon.opendistroforelasticsearch
ArtifactId

ArtifactId

opendistro_security
Last Version

Last Version

1.13.1.0
Release Date

Release Date

Type

Type

jar
Description

Description

Open Distro Security for Elasticsearch
Open Distro For Elasticsearch Security
Project URL

Project URL

https://github.com/opendistro-for-elasticsearch/security
Source Code Management

Source Code Management

https://github.com/opendistro-for-elasticsearch/security

Download opendistro_security

How to add to project

<!-- https://jarcasting.com/artifacts/com.amazon.opendistroforelasticsearch/opendistro_security/ -->
<dependency>
    <groupId>com.amazon.opendistroforelasticsearch</groupId>
    <artifactId>opendistro_security</artifactId>
    <version>1.13.1.0</version>
</dependency>
// https://jarcasting.com/artifacts/com.amazon.opendistroforelasticsearch/opendistro_security/
implementation 'com.amazon.opendistroforelasticsearch:opendistro_security:1.13.1.0'
// https://jarcasting.com/artifacts/com.amazon.opendistroforelasticsearch/opendistro_security/
implementation ("com.amazon.opendistroforelasticsearch:opendistro_security:1.13.1.0")
'com.amazon.opendistroforelasticsearch:opendistro_security:jar:1.13.1.0'
<dependency org="com.amazon.opendistroforelasticsearch" name="opendistro_security" rev="1.13.1.0">
  <artifact name="opendistro_security" type="jar" />
</dependency>
@Grapes(
@Grab(group='com.amazon.opendistroforelasticsearch', module='opendistro_security', version='1.13.1.0')
)
libraryDependencies += "com.amazon.opendistroforelasticsearch" % "opendistro_security" % "1.13.1.0"
[com.amazon.opendistroforelasticsearch/opendistro_security "1.13.1.0"]

Dependencies

compile (20)

Group / Artifact Type Version
org.elasticsearch.plugin : transport-netty4-client jar 7.10.2
com.google.guava : guava jar 25.1-jre
org.greenrobot : eventbus jar 3.2.0
commons-cli : commons-cli jar 1.3.1
org.bouncycastle : bcprov-jdk15on jar 1.67
com.fasterxml.jackson.core : jackson-databind jar 2.11.2
org.apache.logging.log4j : log4j-slf4j-impl jar 2.11.1
org.ldaptive : ldaptive jar 1.2.3
org.apache.httpcomponents : httpclient-cache jar 4.5.3
org.elasticsearch.client : elasticsearch-rest-high-level-client jar 7.10.2
io.jsonwebtoken : jjwt-api jar 0.10.5
org.apache.cxf : cxf-rt-rs-security-jose jar 3.4.0
com.github.wnameless : json-flattener jar 0.5.0
com.flipkart.zjsonpatch : zjsonpatch jar 0.4.4
org.apache.kafka : kafka-clients jar 2.5.0
com.onelogin : java-saml jar 2.5.0
org.opensaml : opensaml-saml-impl jar 3.4.5
commons-collections : commons-collections jar 3.2.2
com.jayway.jsonpath : json-path jar 2.4.0
org.apache.httpcomponents : httpclient jar 4.5.3

provided (2)

Group / Artifact Type Version
org.elasticsearch : elasticsearch jar 7.10.2
org.apache.logging.log4j : log4j-core jar 2.11.1

runtime (2)

Group / Artifact Type Version
io.jsonwebtoken : jjwt-impl jar 0.10.5
io.jsonwebtoken : jjwt-jackson jar 0.10.5

test (16)

Group / Artifact Type Version
commons-io : commons-io jar 2.6
org.hamcrest : hamcrest-all jar 1.3
junit : junit jar 4.13.1
org.apache.httpcomponents : fluent-hc jar 4.5.3
org.elasticsearch.plugin : reindex-client jar 7.10.2
org.elasticsearch : elasticsearch-ssl-config jar 7.10.2
org.elasticsearch.plugin : percolator-client jar 7.10.2
org.elasticsearch.plugin : lang-mustache-client jar 7.10.2
org.elasticsearch.plugin : parent-join-client jar 7.10.2
org.elasticsearch.plugin : aggs-matrix-stats-client jar 7.10.2
org.mockito : mockito-core jar 2.23.0
org.springframework.kafka : spring-kafka-test jar 2.5.4.RELEASE
org.apache.kafka : kafka-clients jar 2.0.1
javax.servlet : servlet-api jar 2.5
com.unboundid : unboundid-ldapsdk jar 4.0.9
com.github.stephenc.jcip : jcip-annotations jar 1.0-1

Project Modules

There are no modules declared in this project.

CI codecov

Open Distro for Elasticsearch Security

Open Distro for Elasticsearch Security is an Elasticsearch plugin that offers encryption, authentication, and authorization. When combined with Open Distro for Elasticsearch Security-Advanced Modules, it supports authentication via Active Directory, LDAP, Kerberos, JSON web tokens, SAML, OpenID and more. It includes fine grained role-based access control to indices, documents and fields. It also provides multi-tenancy support in Kibana.

Features provided by Security

Encryption:

  • Full data in transit encryption
  • Node-to-node encryption
  • Certificate revocation lists
  • Hot Certificate renewal

Authentication:

  • Internal user database
  • HTTP basic authentication
  • PKI authentication
  • Proxy authentication
  • User Impersonation
  • Active Directory / LDAP
  • Kerberos / SPNEGO
  • JSON web token (JWT)
  • OpenID Connect (OIDC)
  • SAML

Access control:

  • Role-based cluster level access control
  • Role-based index level access control
  • User-, role- and permission management
  • Document-level security
  • Field-level security
  • REST management API

Audit/Compliance logging:

  • Audit logging
  • Compliance logging for GDPR, HIPAA, PCI, SOX and ISO compliance

Kibana multi-tenancy

  • True Kibana multi-tenancy

Documentation

Please refer to the technical documentation for detailed information on installing and configuring opendistro-elasticsearch-security plugin.

Quick Start

  • Install Elasticsearch

  • Install the opendistro-elasticsearch-security plugin for your Elasticsearch version 6.5.4, e.g.:

<ES directory>/bin/elasticsearch-plugin install \
  -b com.amazon.opendistroforelasticsearch:opendistro_security:0.8.0.0
  • cd into <ES directory>/plugins/opendistro_security/tools

  • Execute ./install_demo_configuration.sh, chmod the script first if necessary. This will generate all required TLS certificates and add the Security Plugin Configuration to your elasticsearch.yml file.

  • Start Elasticsearch

  • Test the installation by visiting https://localhost:9200. When prompted, use admin/admin as username and password. This user has full access to the cluster.

  • Display information about the currently logged in user by visiting https://localhost:9200/_opendistro/_security/authinfo.

Test and Build

  • Run all tests
mvn clean test
  • Build artifacts (zip, deb, rpm)
mvn clean package -Padvanced -DskipTests
artifact_zip=`ls $(pwd)/target/releases/opendistro-security-*.zip | grep -v admin-standalone`
./gradlew build buildDeb buildRpm --no-daemon -ParchivePath=$artifact_zip -Dbuild.snapshot=false

Config hot reloading

The Security Plugin Configuration is stored in a dedicated index in Elasticsearch itself. Changes to the configuration are pushed to this index via the command line tool. This will trigger a reload of the configuration on all nodes automatically. This has several advantages over configuration via elasticsearch.yml:

  • Configuration is stored in a central place
  • No configuration files on the nodes necessary
  • Configuration changes do not require a restart
  • Configuration changes take effect immediately

License

This code is licensed under the Apache 2.0 License.

Copyright

Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.

com.amazon.opendistroforelasticsearch

Open Distro for Elasticsearch

Versions

Version
1.13.1.0
1.13.0.0
1.12.0.0
1.11.0.0
1.10.1.0
1.9.0.0
1.8.0.0
1.7.0.0
1.6.0.0
1.4.0.0
1.3.0.0
1.2.1.0
1.2.0.0
1.1.0.0
1.0.0.2
1.0.0.1
1.0.0.0
0.10.0.0
0.9.0.0
0.8.0.0
0.7.0.1