This commit changes the handling of exceptions when retrieving roles from the native roles store.
Previously, exceptions would have caused the request to terminate and the exception would be
sent back to the user. This makes for a bad experience when a cluster hasn't been upgraded to the
latest index format and anonymous access is enabled with a native role as all requests without
preemptive basic authentication would result in an exception. The change here is to allow the
request to continue processing. Once the security index is up to date, the roles cache is cleared
so that the native roles can be picked up.
relates elastic/x-pack-elasticsearch#2686
Original commit: elastic/x-pack-elasticsearch@ef5149140f
Certgen was generating "other name" SANs without the explicit [0] tag that is required.
This was masked by the fact that the JRE X.509 classes always wrap the "other name" name-value in a [0] tag (even if it already has one)
Also switched to a UTF8 String from an IA5 string to match the configuration being used for testing in openssl.
Original commit: elastic/x-pack-elasticsearch@1b87964ec7
This prevents us from having to hack a fake schema together on the
second (and third and fourth, etc) page of results.
Original commit: elastic/x-pack-elasticsearch@7ba3119daa
This is the X-Pack side of elastic/elasticsearch#27235. To force people
who construct an Environment object in production code to think about the
correct setting of configPath there is no longer a single argument
constructor in the Environment class. Instead there is a factory method
in the test framework to replace it. Having this in the test framework
ensures that there is no way to use it in production code.
Original commit: elastic/x-pack-elasticsearch@4860e92d90
If you wrote a test at the end of one of SQL's test spec files that was
just a name without a body then the parser would throw the test away.
Now it fails to intiaize the class with an error message telling you
which file is broken.
Original commit: elastic/x-pack-elasticsearch@023a942ca3
The CLI and JDBC were meant to share the same named xcontent registry
but the cli action didn't reuse it by mistake.
Original commit: elastic/x-pack-elasticsearch@6c9af5a22a
Collapses a package into its parent package because they only contain a
single class together. No need for two layers.
Original commit: elastic/x-pack-elasticsearch@c947e57952
The `AbstractSqlServer` class was used when SQL's CLI and JDBC were
transport actions. They are REST layer concepts now and it is unused so
it should go.
Original commit: elastic/x-pack-elasticsearch@25ec699564
Fix the name of the action the SQL uses to lookup index information from
the cluster state. The old name was silly.
Original commit: elastic/x-pack-elasticsearch@805fb29662
Organizes the SQL translate action to match the way that x-pack has been
organizing new actions for a while. All of the pieces are put into the
same class file.
Original commit: elastic/x-pack-elasticsearch@def911c0ab
We should not be constructing a temporary Environment object in production
code. This currently isn't causing any problems, but it might in the future
if elastic/elasticsearch#27144 or something similar is ever merged. Instead
the master Environment of the node should always be used.
Original commit: elastic/x-pack-elasticsearch@6276a54a45
This adds the data necessary to add a warning to the alerts UI representing each cluster when xpack.security.transport.tls.enabled is not set to true for a trial licensed cluster running with
xpack.security.enabled.
Original commit: elastic/x-pack-elasticsearch@28fe8bad76
* [DOCS] Add SSL info to setup-passwords
* [DOCS] Addressed feedback in setup-passwords
* [DOCS] Added link to setup-passwords troubleshooting page
Original commit: elastic/x-pack-elasticsearch@2bf820c303
This adds details about the shards and the health of the index. By adding these stats directly to the document, the UI can avoid many aggregations and enable better searching and sorting against indices.
Original commit: elastic/x-pack-elasticsearch@f38ae5ce69
I realized that we weren't running our DatabaseMetaData tests. One thing led to another and I made these changes:
1. Got the DatabaseMetaData tests running in all three of our QA projects.
2. Fixed the SecurityCatalogFilter to work with `SqlGetIndicesAction`. It worked before, but only for requests that were a `SqlAction` as well as `SqlGetIndicesAction`.
3. Added security test for the JDBC DatabaseMetaData requests. These mirror exactly the security tests that we use for `SHOW TABLES` and `DESCRIBE` but cover the JDBC actions.
Original commit: elastic/x-pack-elasticsearch@7026d83c06
The `net-client` project contained more then just the `net-client`.
It contains stuff like `SuppressForbidden` and `Strings` and `IOUtil`
and other things shared between the CLI and JDBC. It also does contain
the http client. Anyway, it makes more sense to call it `shared-client`,
I think.
Alos updated the copywrite dates on the files that I touched because
they are all 2017 files.
Removed some uses of `String.EMPTY` because they don't buy us anything
and require an extra import. `""` is just one less step.
Original commit: elastic/x-pack-elasticsearch@465c6445c4
Adds docs for the REST API, translate API, the CLI, and JDBC.
Next we need to add more example queries and documentation for our
extensions.
Original commit: elastic/x-pack-elasticsearch@ed6d1360d2
This commit removes the FAILED state for the IndexAuditTrail so that we always try to keep starting
the service. Previously, on any exception during startup we moved to a failed state and never tried
to start again. The users only option was to restart the node. This was problematic in the case of
large clusters as there could be common timeouts of cluster state listeners that would cause the
startup of this service to fail.
Additionally, the logic in the IndexAuditTrail to update the template on the current cluster has
been removed and replaced with the use of the TemplateUpgradeService. However, we still need to
maintain the ability to determine if a template on a remote cluster should be PUT. To avoid always
PUTing the template, the version field has been added so it only needs to be PUT once on upgrade.
Finally, the default queue size has been increased as this is another common issue that users hit
with high traffic clusters.
relates elastic/x-pack-elasticsearch#2658
Original commit: elastic/x-pack-elasticsearch@27e2ce7223
* [DOCS] Enabled code snippet testing for put datafeed API
* [DOCS] Addressed gradle errors in put datafeed API
* [DOCS] Added job creation test to build.gradle
Original commit: elastic/x-pack-elasticsearch@3548d920c7
Adding this field enables a very simple mechanism for detecting node changes in the cluster state via Watcher (and other mechanisms). The next step is to add the cluster alert that uses it.
Original commit: elastic/x-pack-elasticsearch@1eacc25cff