Commit Graph

778 Commits

Author SHA1 Message Date
jaymode f1f1be3927 Test: tests that use security index should not delete template
Tests that rely on the security index and security index template being present should not remove
the template between tests as this can cause test failures. The template upgrade service relies
on cluster state updates to trigger the template being added after a delete, but there is a
scenario where the test will just wait for template that never shows up as there is no cluster
state update in that time. Instead of fighting ourselves, we should just leave the template in
place.

Relates elastic/x-pack-elasticsearch#2915
Relates elastic/x-pack-elasticsearch#2911

Original commit: elastic/x-pack-elasticsearch@3ca4aef0be
2017-12-19 08:24:23 -07:00
Nik Everett 4820bc757e SQL: Implement sorting and retrieving score (elastic/x-pack-elasticsearch#3340)
Accessing `_score` from SQL looks like:
```
--------------------------------------------------
POST /_sql
{
    "query": "SELECT SCORE(), * FROM library WHERE match(name, 'dune') ORDER BY SCORE() DESC"
}
--------------------------------------------------
```

This replaces elastic/x-pack-elasticsearch#3187

relates elastic/x-pack-elasticsearch#2887

Original commit: elastic/x-pack-elasticsearch@fe96348c22
2017-12-18 20:57:50 -05:00
Nik Everett dc69f92b49 SQL: Respond with nice error if there is a JOIN (elastic/x-pack-elasticsearch#3343)
`JOIN`s aren't supported right yet so we should send back a nice 400
level error to the user telling them that.

Also pulls out some common code in `RestSqlTestCase` that I've been
staring at for a while.

Relates to elastic/x-pack-elasticsearch#3176

Original commit: elastic/x-pack-elasticsearch@1c1bd1c355
2017-12-18 16:42:03 -05:00
Lee Hinman a8e9272994 SQL: Add remaining matrix aggregations (elastic/x-pack-elasticsearch#3330)
* Add remaining matrix aggregations

This adds the remaining [matrix aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/6.1/search-aggregations-matrix-stats-aggregation.html).

These aggregations aren't currently implemented due to the inter-plugin
communication not being set up, so they return "innerkey/matrix stats not
handled (yet)".

For matrix aggs that share a name with an existing aggregation (like 'count'),
they have be prefixed with "matrix_", so, "matrix_count", "matrix_mean", and
"matrix_variance".

Relates to elastic/x-pack-elasticsearch#2885

* Return HTTP 400 for innerkey/matrix stats aggs

* Add integration test for unimplemented matrix aggs

Original commit: elastic/x-pack-elasticsearch@34459c59aa
2017-12-15 14:33:58 -07:00
Lee Hinman 632c3e8238 SQL: Fix running `gradle run` from top-level directory (elastic/x-pack-elasticsearch#3329)
When running `gradle run` at the top level (at least with Gradle 4.4) it
attempts to run multiple instances of the server, causing the run to fail since
they can't both bind to 9200/9300.

This renames the tasks for the `qa` directories to be `runqa` and the task for
the `cli` directory to be `runcli`.

Original commit: elastic/x-pack-elasticsearch@734ab8e132
2017-12-15 08:42:18 -07:00
Nik Everett 59e6d34c29 SQL: Bundle the CLI into x-pack (elastic/x-pack-elasticsearch#3316)
This adds:

* The CLI jar itself into the `bin`. It is an executable jar.
* A shell and bat script to start the CLI. This isn't strictly required but folks will appreciate the consistency.
* Basic packaging tests for the CLI.

Relates to elastic/x-pack-elasticsearch#2979

Original commit: elastic/x-pack-elasticsearch@158f70a530
2017-12-14 09:57:03 -05:00
Nik Everett f5af60c7cf SQL: Fix error message on bad index (elastic/x-pack-elasticsearch#3312)
Fixes the error message that SQL produces when it sees unsupported
indexes. It was always returning all broken indexes as "unknown" even
though we have much better error messages. It was just throwing them
away.

I caught this originally when backporting to 6.x where we had a test
that we produced a useful error message when the user attempted to run
SQL on an index with more than one type. We couldn't run that in the
feature/sql branch because it is inside the full cluster restart tests
and the "old" version of Elasticsearch used in those tests in
feature/sql is 6.x which doesn't allow indexes with multiple types. When
I backported to 6.x the test failed because it hadn't been run before.

In addition to fixing that test and the problem, this adds another test
that will reveal the problem when run in the feature/sql and master
branch.

Original commit: elastic/x-pack-elasticsearch@c7b787baee
2017-12-14 09:56:36 -05:00
Costin Leau cdfe0f1f5a Revert "Revert "Merge branch 'feature/sql'""
This reverts commit elastic/x-pack-elasticsearch@cc79e19911.

We'll merge this when we're good and ready.

Original commit: elastic/x-pack-elasticsearch@b3ef4f2836
2017-12-13 10:19:31 -05:00
Costin Leau 2e60e831c0 Revert "Merge branch 'feature/sql'"
This reverts commit elastic/x-pack-elasticsearch@2b3f7697a5, reversing
changes made to elastic/x-pack-elasticsearch@b79f16673c.

We're backing out all of SQL.

Original commit: elastic/x-pack-elasticsearch@cc79e19911
2017-12-13 09:33:13 -05:00
Nik Everett eaa75cfdbb Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@b5fc2b484d
2017-12-12 11:29:23 -05:00
Nik Everett 2ca729afc2 Fix packaging tests after breaking up x-pack
The tests were failing after breaking up x-pack. This makes them pass
locally.

Original commit: elastic/x-pack-elasticsearch@af2a7866eb
2017-12-12 11:05:51 -05:00
David Kyle 6113b86bdb [ML] Special events calendar CRUD endpoints (elastic/x-pack-elasticsearch#3267)
* Calendar CRUD endpoints

* Get calendars requires monitor permission

* Address review comments

* Add page params to get calendars

Original commit: elastic/x-pack-elasticsearch@badd1e6add
2017-12-12 09:21:44 +00:00
Nik Everett 236f64a70e SQL: Fix SSL for JDBC and CLI for real this time (elastic/x-pack-elasticsearch#3277)
Previously I'd added tests for JDBC and CLI that I *thought* used SSL but they didn't! I wasn't careful...

Testing changes:
* Actually enable SSL/HTTPS in the `qa:sql:security:ssl` subproject.
* Rework how `RemoteCli` handles security. This allows us to configure SSL, the keystore, and the username and password in a much less error prone way.
* Fix up JDBC tests to properly use SSL.
* Allow the `CliFixture` to specify the keystore location.
* Switch `CliFixture` and `RemoteCli` from sending the password in the connection string to filling out the prompt for it.
* Have `CliFixture` also send the keystore password when a keystore is configured.

This makes the following production code changes:
* Allow the CLI to configure the keystore location with the `-k`/`-keystore_location` parameters.
* If the keystore location is configured then the CLI will prompt for the password.
* Allow the configuration of urls starting with `https`.
* Improve the exception thrown when the URL doesn't parse by adding a suppressed exception with the original parse error, before we tried to add `http://` to the front of it.

Original commit: elastic/x-pack-elasticsearch@97fac4a3b4
2017-12-11 15:45:34 -05:00
Igor Motov 4bebc307c3 SQL: Add ability to close cursors (elastic/x-pack-elasticsearch#3249)
This commits adds a new end point for closing in-flight cursors, it also ensures that all cursors are properly closed by adding after test checks that ensures that we don't leave any search context open.

relates elastic/x-pack-elasticsearch#2878

Original commit: elastic/x-pack-elasticsearch@1052ea28dc
2017-12-11 11:36:02 -05:00
Igor Motov fab3712e3d SQL: Check connection on CLI startup (elastic/x-pack-elasticsearch#3278)
* SQL: Check connection on CLI startup

Adds a connection check at the CLI startup. If connection cannot be established or elasticsearch has incompatible version, the CLI doesn't start.

relates elastic/x-pack-elasticsearch#2984

Original commit: elastic/x-pack-elasticsearch@c9a58d2cd6
2017-12-11 10:00:00 -05:00
David Roberts 5fd68959a0 [ML] Make datafeeds run-as the user who created/updated them (elastic/x-pack-elasticsearch#3254)
This is the ML equivalent of what was done for Watcher in elastic/x-pack-elasticsearch#2808.

For security reasons, ML datafeeds should not run as the _xpack
user.  Instead, they record the security headers from the request
to create/update them, and reuse these when performing the search
to retrieve data for analysis.

Relates elastic/x-pack-elasticsearch#1071

Original commit: elastic/x-pack-elasticsearch@29f85de404
2017-12-11 13:01:16 +00:00
Alexander Reelsen 6bae4681e2 Tests: Replace http input integration test with REST test (elastic/x-pack-elasticsearch#3215)
Remove HttpInputIntegrationTests, which only tested existing
functionality, the remaining part was moved over into a REST tests.

relates elastic/x-pack-elasticsearch#3210

Original commit: elastic/x-pack-elasticsearch@474e5337b6
2017-12-11 13:08:58 +01:00
Igor Motov 5d0b8ff796 SQL: Rename Strings.splitStringByCommaToSet to tokenizeByCommaToSet
Relates elastic/x-pack-elasticsearch#3265

Original commit: elastic/x-pack-elasticsearch@8b06b0688b
2017-12-08 13:52:08 -05:00
Igor Motov 4330195cdf Merge remote-tracking branch 'elastic/master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@f4ef2d9cdf
2017-12-08 12:35:59 -05:00
Igor Motov b72a9b5674 SQL: switch from _sql/ endpoint to _xpack/sql endpoint (elastic/x-pack-elasticsearch#3270)
As a part of xpack, SQL should use _xpack/sql endpoint instead of _sql endpoint.

relates elastic/x-pack-elasticsearch#3114

Original commit: elastic/x-pack-elasticsearch@f561b57f16
2017-12-08 12:17:26 -05:00
Alexander Reelsen eaf67f8bc2 Tests: Replace YAML tests with ESTestRestCase to be able to wait for … (elastic/x-pack-elasticsearch#3252)
* Tests: Replace YAML tests with ESTestRestCase to be able to wait for events

The YAML tests did not have any possibility to wait for the watches to
be created. A hard ten second timeout was used, that could not be
aborted, by simulating a sleep when waiting for a number of nodes that
never occured in the cluster.

This commit replaces those waiting YAML tests with ESRestTestCases, that
use `assertBusy()` to exit early once the watches have been added. Also
this increases the wait time if needed, as these tests tend to fail on
CI.

relates elastic/x-pack-elasticsearch#3217

Original commit: elastic/x-pack-elasticsearch@74b9945d88
2017-12-07 14:40:08 +01:00
Costin Leau 432f10e736 SQL: Introduce LiteralAttribute for values that are not extracted from ES (elastic/x-pack-elasticsearch#3209)
This is mainly a promotion of Literal to Attribute to better handle folding expressions from extracted queries

Original commit: elastic/x-pack-elasticsearch@c3bb48bb61
2017-12-06 19:35:34 +02:00
Igor Motov 6839f99ed0 SQL: Switch CLI to core-cli's Command and make it testable (elastic/x-pack-elasticsearch#3232)
Switches CLI to use the standard Elasticsearch Command and refactors it to be more testable. It doesn't change any cli functionality except using the bright color while displaying query results.

relates elastic/x-pack-elasticsearch#2881, elastic/x-pack-elasticsearch#3203, elastic/x-pack-elasticsearch#2990

Original commit: elastic/x-pack-elasticsearch@841f306d50
2017-12-06 11:27:51 -05:00
javanna 9664363575 remove Catalog abstraction and rename its package from catalog to index
Given that the Catalog was only ever used to hold a single index, the corresponding abstraction can be removed in favour of the abstraction that it holds, namely `GetIndexResult`.

Original commit: elastic/x-pack-elasticsearch@6932db642c
2017-12-06 13:58:17 +01:00
javanna 90aee54251 Trim down the Catalog implementations to a single one
Catalog is now a final class rather than an interface with different implementations.

relates elastic/x-pack-elasticsearch#3179

Original commit: elastic/x-pack-elasticsearch@4cc927e113
2017-12-06 13:58:17 +01:00
javanna 08950ff491 Remove security filter, replaced by get index api call which returns filtered mappings
Given that we get now filtered mappings directly from the get index API (in case security is configured with FLS), we don't need the security filter nor the filtered catalog. That means we can remove the delayed action support also from AuthorizationService and rather make SQLAction a composite action like others. It will be authorized as an action, but its indices won't be checked while that will happen with its inner actions (get index and search) which need to be properly authorized.

Also, SQLGetIndicesAction is not needed anymore, as its purpose was to retrieve the indices access resolver put in the context by the security plugin for delayed actions, which are not supported anymore.

This commit kind of reverts elastic/x-pack-elasticsearch#2162, as it is now possible to integrate with security out-of-the-box

relates elastic/x-pack-elasticsearch#2934

Original commit: elastic/x-pack-elasticsearch@64d5044426
2017-12-06 13:58:17 +01:00
javanna 4e84a1d658 [TEST] update audit logging parsing
Original commit: elastic/x-pack-elasticsearch@041cb09e2b
2017-12-05 23:00:28 +01:00
javanna 626c74a437 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@67f8321368
2017-12-05 21:50:35 +01:00
David Roberts 751caaae76 [ML] Set established model memory on job open for pre-6.1 jobs (elastic/x-pack-elasticsearch#3222)
Before this was done it was easy to get into the situation where a
job created in 5.x with a default model memory limit of 4GB could not
be opened on any node in the cluster.  Following this change this
problem will no longer occur for jobs that ran for a decent amount of
time on the old cluster.

relates elastic/x-pack-elasticsearch#3181

Original commit: elastic/x-pack-elasticsearch@cb029debba
2017-12-05 17:05:58 +00:00
Costin Leau 88b8794801 SQL: Forbid multi field groups (elastic/x-pack-elasticsearch#3199)
* SQL: GROUP BY with multiple fields are forbidden

The check is performed in the folder Verifier as the optimizer can eliminate some fields (like those with constants)

Original commit: elastic/x-pack-elasticsearch@8d49f4ab02
2017-12-05 18:41:19 +02:00
Costin Leau 4e49769efb SQL: Extend HAVING support (elastic/x-pack-elasticsearch#3155)
SQL: Extend HAVING support

Enhance Analyzer to support HAVING scalar functions over aggregates
Enhance Analyzer to push down undeclared aggs into the Aggregate
Fix bug in Analyzer$MissingRef that caused invalid groupings to still be resolved when pushed into an Aggregate
Preserve location information across the plan
Add AttributeMap as a backing for AttributeSet
Add Optimizer rule for combining projects
Add tz to DT functions toString
Change formatTemplate to not use String.format and thus to avoid
interfering with special % chars
Extend dataset with random salary and languages
Add unit tests for AttributeMap
Fix MathFunction scripting
Improve MissingRefs to enrich UnresolvedAttribute with metadata
During the Analysis unpushed attributes are automatically enriched to
provide more accurate error information
Enhance Verifier to deal with invalid (but resolved) ORDER/HAVING
Add OrderBy arithmetic tests
Improve Verifier to prevent GROUP BY on aggregations
Add tests on grouping by scalar functions

Original commit: elastic/x-pack-elasticsearch@5030d7a755
2017-12-05 18:14:15 +02:00
Dimitrios Athanasiou 6c6b72db25 [TEST] Increase timeout for CoreWithSecurityClientYamlTestSuiteIT
This suite seems to be timing out on the CI slaves. Hopefully,
some extra time will stop the failures.

Original commit: elastic/x-pack-elasticsearch@95ba86be79
2017-12-05 15:57:27 +00:00
Alexander Reelsen e3a7e4bee4 Tests: Increase timeout to wait to monitoring watches being created
Relates elastic/x-pack-elasticsearch#3217

Original commit: elastic/x-pack-elasticsearch@a6256f9e42
2017-12-05 14:20:46 +01:00
Alexander Reelsen c3e5a20242 Monitoring: Disable security for integration tests (elastic/x-pack-elasticsearch#3174)
In order to support the source directory repo split, this commit
disables security for the regular integration tests.

The MonitoringSettingsFilterTests already existed as REST test, so
this test has been removed.

Relates elastic/x-pack-elasticsearch#2925

Original commit: elastic/x-pack-elasticsearch@519154dd5f
2017-12-05 12:07:04 +01:00
David Roberts df9dd77656 [TEST] Fix more side effects of elastic/x-pack-elasticsearch#2975 on machines with < 16GB RAM
Our rolling upgrade tests were failing on many machines due to using
the 5.x default of 4GB model_memory_limit, which then propagated forward
to 6.1+ even though the default is now lower.

Original commit: elastic/x-pack-elasticsearch@3b23d8fe9d
2017-12-04 09:48:51 +00:00
Igor Motov 7b701cbf88 SQL: Don't override calendar for Thai locale
The Thai Buddhist calendar is close enough to Gregorian calendar that it doesn't trip H2 if timestamps with timezones are used. Related to elastic/x-pack-elasticsearch#3169.

Original commit: elastic/x-pack-elasticsearch@4f8f1b603d
2017-12-03 14:51:23 -05:00
Igor Motov a732d751c4 SQL: Replace calendar in H2 tests if a non-Gregorian calendar is detected
Instead of replacing entire locale with the ROOT locale, just strip the calendar settings if a non-Gregorian calendar is detected. Related to elastic/x-pack-elasticsearch#3169.

Original commit: elastic/x-pack-elasticsearch@33b1c63768
2017-12-03 13:33:24 -05:00
Alexander Reelsen f816b2e850 Monitoring: Move watcher tests for repository split preparations (elastic/x-pack-elasticsearch#3183)
Created a smoke-test-monitoring-with-watcher project that runs REST
tests with watcher enabled to ensure that the proper watcher are
installed either when the local or the HTTP exporter are set up.

Also removed two more watcher imports in the tests.

Relates elastic/x-pack-elasticsearch#2925

Original commit: elastic/x-pack-elasticsearch@0a9abc3185
2017-12-01 13:20:05 +01:00
Igor Motov d8ef52dc0d SQL: Allow H2-based tests to run only with Gregorian calendar (elastic/x-pack-elasticsearch#3170)
This PR detects non-gregorian calendars in H2 tests and overrides them. This is a temporary workaround to reduce amount of noise in CI. The permanent solution is tracked in elastic/x-pack-elasticsearch#3169.

Original commit: elastic/x-pack-elasticsearch@60991d1a11
2017-11-30 11:42:59 -05:00
Costin Leau 7cab29760d SQL: Introduce PreAnalyze phase to resolve catalogs async (elastic/x-pack-elasticsearch#2962)
SQL: Introduce PreAnalyze phase to resolve catalogs async

The new preanalyze phase collects all unresolved relations and tries
to resolve them as indices through typical async calls _before_ starting the analysis process.
The result is loaded into a catalog which is then passed to the analyzer.
While at it, the analyzer was made singleton and state across the engine
is done through SqlSession#currentContext().


Commit missing fix
Fix typo
Fix license
Fix line length
remove redundant static modifier
Remove redundant generics type
Rename catalogResolver instance member to indexResolver
Fix translate action to return a response through the listener, it hangs otherwise
IndexResolver improvements

Make sure that get index requests calls are locally executed by providing local flag.
Don't replace index/alias name with concrete index name in asCatalog response conversion. We need to preserve the original alias name for security, so it is reused in the subsequent search.
Update roles and actions names for security tests
Get index is now executed instead of sql get indices, and sql get indices has been removed.
Also made cluster privileges more restrictive to make sure that cluster state calls are no longer executed.
Fix most of the security IT tests
indices options are now unified, always lenient. The only situation where we get authorization exception back is when the user is not authorized for the sql action (besides for which indices).
Improve SessionContext handling
Fix context being invalid in non-executable phases
Make Explain & Debug command fully async
Resolve checkstyle error about redundant modifiers
Temporarily restore SqlGetIndicesAction

SqlGetIndicesAction action is still needed in RestSqlJdbcAction (metaTable and metaColumn methods), where we can't at the moment call IndexResolver directly, as security (FLS) needs index resolver to be called as part of the execution of an indices action. Once mappings are returned filtered, delayed action and the security filter will go away, as well as SqlGetIndicesAction.
SqlGetIndicesAction doesn't need to be a delayed action, my bad

[TEST] remove unused expectSqlWithAsyncLookup and rename expectSqlWithSyncLookup to expectSqlCompositeAction
Polish and feedback
Add unit test for PreAnalyzer

Original commit: elastic/x-pack-elasticsearch@57846ed613
2017-11-30 18:18:08 +02:00
Igor Motov 6fceb2fdde SQL: Fix more JDK vs Joda TZ issues (elastic/x-pack-elasticsearch#3137)
Adds a random timezone known to both JDK and Joda as a connection parameter to all JdbcIntegrationTestCase-based tests.

Original commit: elastic/x-pack-elasticsearch@6be6a3b69b
2017-11-29 19:15:29 -05:00
Igor Motov d5525f38f3 SQL: Return proper NUM_PREC_RADIX for non-numeric types (elastic/x-pack-elasticsearch#3086)
NUM_PREC_RADIX should be 10 for integer types, 2 for rational types and null for everything else.

relates elastic/x-pack-elasticsearch#3085

Original commit: elastic/x-pack-elasticsearch@81d5ee04b3
2017-11-29 08:21:42 -05:00
David Kyle 171c48fd2f [TESTS] Refactor yml test suite classes (elastic/x-pack-elasticsearch#3145)
* Use XPackRestIT as base class for XDocsClientYamlTestSuiteIT

* Remove the XPackRestTestCase class

* Address review comments

* Fix checkstyle checks

Original commit: elastic/x-pack-elasticsearch@c2a5e60c12
2017-11-29 12:43:53 +00:00
Nik Everett 0cc153f6d3 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@ccc2fc708e
2017-11-28 13:24:36 -05:00
Igor Motov da180bd9f9 Tests: Muted FullClusterRestartIT.testMonitoring
Tracked by elastic/x-pack-elasticsearch#3068

Original commit: elastic/x-pack-elasticsearch@199d4bb6b9
2017-11-28 12:06:10 -05:00
Nik Everett 18e88122eb SQL: Add more error integration tests (elastic/x-pack-elasticsearch#3134)
We didn't have many integration tests for errors other than the security
errors. This adds some and sets up a way we can make sure we are
consistent across the REST, JDBC, and CLI.

relates elastic/x-pack-elasticsearch#3033

Original commit: elastic/x-pack-elasticsearch@debbb2ec46
2017-11-28 11:54:51 -05:00
Alexander Reelsen cdb85d8317 Watcher: Run tests without security enabled (elastic/x-pack-elasticsearch#3060)
In order to support the repository split, this changes the
`AbstractWatcherIntegrationTestCase` to not run with security enabled.

We have a dedicated QA project called `smoke-test-watcher-with-security`,
where tests that explicitely need security should be running.

This commit removes the possibility to enable security as part of the
test case. In addition some tests have been moved over to the dedicated
project.

In addition the `timewarp` functionality cannot be configured with a
system property anymore. This would not have worked anyway, because
tests were already dependent on that  functionality and did not have any
other means of running. A bit of redundant code was removed due to this.

Relates elastic/x-pack-elasticsearch#2925

Original commit: elastic/x-pack-elasticsearch@b24b365ad1
2017-11-28 13:11:49 +01:00
Nik Everett df802b40c8 SQL: Rework SSL testing (elastic/x-pack-elasticsearch#3126)
Drop the ssl tests against the java builtin https server. They were
failing and the failures were undebuggable. I still don't know what was
happening because you can't get any logging out of the server.

Add SSL tests against Elasticsearch because that is what actually needs
to work.

relates elastic/x-pack-elasticsearch#2870

Original commit: elastic/x-pack-elasticsearch@284cf7fb58
2017-11-27 18:52:16 -05:00
Igor Motov 5c88fa0b3b SQL: Add support for plain text output to /_sql endpoint (elastic/x-pack-elasticsearch#3124)
The /_sql endpoint now returns the results in the text format by default. Structured formats are also supported using the format parameter or accept header similar to _cat endpoints.

Original commit: elastic/x-pack-elasticsearch@4353793b83
2017-11-27 18:10:13 -05:00
Igor Motov 626e9b87a1 Merge remote-tracking branch 'elastic/master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@6c5a683209
2017-11-27 09:26:14 -05:00
Alexander Reelsen 6406c9816a Watcher: Add transform input for chained input (elastic/x-pack-elasticsearch#2861)
The chained input in watcher is a useful feature to
call several endpoints before execution a condition.
However it was pretty hard to modify data from a previous
input in order to be able to execute it in another input.

This commit adds a another input, called a `transform` input,
which allows you to do a transform as another input in a chained
input.

See this example

```
"input" : {
  "chain" : {
    "inputs" : [ <1>
      {
        "first" : {
          "simple" : { "path" : "/_search" }
        }
      },
      {
        "second" : {
          "transform" : {
            "script" : "return [ 'path' : 'ctx.payload.first.path' + '/' ]"
          }
        }
      },
      {
        "third" : {
          "http" : {
            "request" : {
              "host" : "localhost",
              "port" : 9200,
              "path" : "{{ctx.payload.second.path}}" <2>
            }
          }
        }
      }
    ]
  }
}
```

This allows for far more flexibility before executing the next input in a chained
one.

Original commit: elastic/x-pack-elasticsearch@3af9ba6e9b
2017-11-27 13:27:56 +01:00
Alexander Reelsen 4fe9ac734b Watcher: Store thread context headers in watch (elastic/x-pack-elasticsearch#2808)
In order to be able to execute a watch as the user, who stored the
watch, this commit stores certain headers of the thread context, that
was used when the watch was stored.

Upon loading the watch the headers are loaded and applied for the
following watcher execution features

* search transform
* search input
* index action

A special case is the execute watch API, which overrides the headers loaded
from the watch with the one of the current request, so that a user
cannot execute this watch with other privileges of the user who stored it.

Only the headers "es-security-runas-user", "_xpack_security_authentication" are
copied for now, as those are needed for our security features.

The headers are stored in watch status in the watch and are not returned by default,
when the GET Watch API is used. A search reveals those of course.

relates elastic/x-pack-elasticsearch#2201

Original commit: elastic/x-pack-elasticsearch@9803bd51c2
2017-11-24 09:15:54 +01:00
David Turner 933c22dce6 Tidy up after elastic/x-pack-elasticsearch#3078 (elastic/x-pack-elasticsearch#3099)
Original commit: elastic/x-pack-elasticsearch@ebe599a422
2017-11-24 08:13:13 +00:00
David Turner 3e8b3491d5 Consolidate version numbering semantics (elastic/x-pack-elasticsearch#3078)
Fixes to the build system, particularly around BWC testing, and to make future
version bumps less painful.

Original commit: elastic/x-pack-elasticsearch@a1d456f30a
2017-11-23 20:23:05 +00:00
Jay Modi 0a683a0e18 Remove InternalClient and InternalSecurityClient (elastic/x-pack-elasticsearch#3054)
This change removes the InternalClient and the InternalSecurityClient. These are replaced with
usage of the ThreadContext and a transient value, `action.origin`, to indicate which component the
request came from. The security code has been updated to look for this value and ensure the
request is executed as the proper user. This work comes from elastic/x-pack-elasticsearch#2808 where @s1monw suggested
that we do this.

While working on this, I came across index template registries and rather than updating them to use
the new method, I replaced the ML one with the template upgrade framework so that we could
remove this template registry. The watcher template registry is still needed as the template must be
updated for rolling upgrades to work (see elastic/x-pack-elasticsearch#2950).

Original commit: elastic/x-pack-elasticsearch@7dbf2f263e
2017-11-22 08:35:18 -07:00
Igor Motov a4915a5714 SQL: remove all remaining NOCOMMITs
relates elastic/x-pack-elasticsearch#2873

Original commit: elastic/x-pack-elasticsearch@68b206efd2
2017-11-21 14:37:59 -05:00
Igor Motov 2fe4da80ad SQL: add filter support in REST action (elastic/x-pack-elasticsearch#3045)
Adds the option to specify an elasticsearch filter in addition to the SQL query by introducing a filter parameter in the REST query which would create a boolean filter if the SQL query generates an elasticsearch query or a constant score query if SQL if the SQL query doesn't generates an elasticsearch query. Usage:

{
   "query": "SELECT * FROM index",
   "filter" : {  "term" : { "tag" : "tech" } }
}

relates elastic/x-pack-elasticsearch#2895

Original commit: elastic/x-pack-elasticsearch@9a73813c7f
2017-11-21 11:40:38 -05:00
Nik Everett b8e082107f Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@bbc72c0368
2017-11-17 12:05:47 -05:00
Alexander Reelsen 0f97e28074 Watcher: Further preparations for source repo split (elastic/x-pack-elasticsearch#3006)
Changes to further prepare for feature split with regards to watcher:

- CryptoService has been moved into watcher
- CryptoService.generateKey() has been moved into SystemKeyTools, only
  used there
- The creation of the http client/notification classes have been moved
  into watcher, no further dependencies on watcher in XPackPlugin
- Each subproject now registers it's own named writeables

Relates elastic/x-pack-elasticsearch#2925

Original commit: elastic/x-pack-elasticsearch@a60c98ba7e
2017-11-17 17:05:07 +01:00
Alexander Reelsen 1933fc71f3 Tests: Mute more monitoring upgrade tests
Relates elastic/x-pack-elasticsearch#2948

Original commit: elastic/x-pack-elasticsearch@942ec95e6e
2017-11-17 13:54:50 +01:00
Igor Motov 193bc5f2b5 Merge remote-tracking branch 'elastic/master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@34a6dde04e
2017-11-15 20:31:22 -05:00
Zachary Tong 3c60c89504 [TEST] Skip "all" instead of "999"
The fake version was apparently making the yaml runner unhappy

Original commit: elastic/x-pack-elasticsearch@04193f9578
2017-11-16 01:29:00 +00:00
Igor Motov 8a1dd59178 Merge remote-tracking branch 'elastic/master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@4805de1874
2017-11-15 17:27:45 -05:00
Zachary Tong 34898f2717 [TEST] AwaitsFix/Skip REST test "qa/rolling_upgrade/60_monitoring"
Test appears to be broken and fails consistently.  See elastic/x-pack-elasticsearch#2948

Original commit: elastic/x-pack-elasticsearch@e3ba8277e3
2017-11-15 20:35:44 +00:00
Nik Everett 56e4c66d1f SQL: Fix IDE build after shading (elastic/x-pack-elasticsearch#3026)
The IDEs don't participate in the shading but gradle does. So we have to
be a little more tricky about how we set up the IDE projects, sadly.

Original commit: elastic/x-pack-elasticsearch@5196756702
2017-11-15 15:33:25 -05:00
Clinton Gormley d833af2046 Rest spec fixes (elastic/x-pack-elasticsearch#2965)
* Rename REST spec xpack.deprecation.info to xpack.migration.deprecations

* Fixed parameter-type naming in xpack.ml.get_model_snapshots

* Fixed QS multi-cluster search test to use cluster.remote_info

Original commit: elastic/x-pack-elasticsearch@ccd35b4a6c
2017-11-15 09:33:19 +01:00
Nik Everett 89e80e0cba Teach SQL to parse Elasticsearch's standard error responses (elastic/x-pack-elasticsearch#2764)
This teaches SQL to parse Elasticsearch's standard error responses
but doesn't change SQL to general Elasticsearch's standard error responses
in all cases. That can come in a followup. We do this parsing with
jackson-core, the same dependency Elasticsearch uses for parsing
json. We shade jackson-core in the JDBC driver so that users don't have to worry about
dependency clashes. We do not do so in the CLI because it is a standalone
application.

We get a few "bonus" changes along the way:
1. We save a copy operation. Before this change responses were spooled
into memory and then parsed. After this change they are parsed directly
from the response stream.
2. We had a few classes entirely to support the spooling operation that we
no longer need: `BytesArray`, `FastByteArrayInputStream`, and
`BasicByteArrayOutputStream`.
3. SQL's `Version` was incorrectly parsing the version from the jar manifest.
We didn't notice because the test was rigged to return `UNKNOWN` because
we *were* running the test from the compiled classes directory instead of the
jar. As part of shading jackson we moved running the tests to running against
the shaded jar. Now we can actually assert that we parse the version correctly.
It turns out we weren't. So I fixed it.

Original commit: elastic/x-pack-elasticsearch@2e8f397bf4
2017-11-14 21:31:35 -05:00
Costin Leau 94d0a2d1ee Polishing for handling subtleties in the JDBC behavior: (elastic/x-pack-elasticsearch#2967)
1. decouple JdbcDriver from other classes to not trigger static
initialization (this happens through JDBC service discovery)
2. reduce visibility of JdbcDriver#close so only on jar unloading it
gets triggered
3. mark 3 methods introduced in Jdbc 4.1 as unsupported (their semantics
are somewhat weird)
4. Move versioning info in one class
5. Hook Version class in both JDBC entry points to perform cp sanity
checks
6. Remove JdbcDataSource#close (DebugLog are closed when the Driver gets
unloaded by the DriverManager) as there can be multiple instances of DS
but only one for Driver known by the DriverManager

Replace Strings with constants
Properly set TZ in security tests as well
JdbcDataSource is more defensive with its internal properties
JdbcConfiguration password parameter is aligned with JDBC DriverManager
Remove usage of JdbcConnection API
Removed JdbcConnection#setTimeZone - this encourages folks to use our
private API which would tie us down.
It is somewhat limiting for folks but it has less downsides overall and
does not trip debugging (which adds a proxy unaware of this method).
Update docs
Add JdbcDataSource into the Jdbc suite

Original commit: elastic/x-pack-elasticsearch@c713665d53
2017-11-15 00:29:41 +02:00
Nik Everett 1a434636fe Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@4c504025ce
2017-11-14 14:30:12 -05:00
jaymode 2f8cd77349 Test: TribeWithSecurityIT should wait for security index to be writeable
This commit adds checks to the TribeWithSecurityIT tests to ensure that the security index is
writeable before making modification operations. Otherwise, we hit errors in tests that are not
always reproducible.

relates elastic/x-pack-elasticsearch#2977

Original commit: elastic/x-pack-elasticsearch@c29bdff7ae
2017-11-14 08:18:55 -07:00
Alexander Reelsen dc42887396 Watcher: Move watcher-only packages into watcher hierarchy (elastic/x-pack-elasticsearch#2933)
In order to prepare for separate source directories, this commit moves
a few packages back into the watcher namespaces. A few of them have been
moved out previously as we thought that it might make sense to have a
dedicated notification API. This wont be the case for watcher on ES
anymore, so we can safely move those back into the watcher space.

Packages affected by this move:

* org.elasticsearch.xpack.common.http
* org.elasticsearch.xpack.common.text
* org.elasticsearch.xpack.common.secret
* org.elasticsearch.xpack.common.stats
* org.elasticsearch.xpack.support
* org.elasticsearch.xpack.notification

Tests have been moved accordingly.

The class `XContentUtils` has been split into one implementation for
watcher and one for security as different methods were used.

Relates elastic/x-pack-elasticsearch#2925

Original commit: elastic/x-pack-elasticsearch@0aec64a7e2
2017-11-14 11:35:10 +01:00
Costin Leau 9a0b43cd17 Fix several NOCOMMITS (elastic/x-pack-elasticsearch#2968)
* Fix several NOCOMMITS

- renamed Assert to Check to make the intent clear
- clarify esMajor/Minor inside connection (thse are actually our own
methods, not part of JDBC API)
- wire pageTimeout into Cursor#nextPage


Original commit: elastic/x-pack-elasticsearch@7626c0a44a
2017-11-14 01:08:10 +02:00
Igor Motov 3c444c4719 SQL: Fix test when random JDK TZ doesn't exist in Joda (elastic/x-pack-elasticsearch#2903)
JodaTime timezone db can be out of date compared to that of the JDK which causes the JDBC Connection to fail when the randomized tests pick a timezone that's available in the JDK but not in Joda, like SystemV/PST8. This is happening because JdbcConnection configuration is using system default timezone and tries to pass it to Elasticsearch that is using joda. This commit, explicitly sets the time zone on JdbcConnection to a time zone randomly selected from a list of timezones that are known to both JDK and Joda.

relates elastic/x-pack-elasticsearch#2812

Original commit: elastic/x-pack-elasticsearch@b02e9794a8
2017-11-10 14:16:11 -05:00
Nik Everett b2285ae66e Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@b9d07ccd0f
2017-11-10 09:34:10 -05:00
Chris Earle efb5b8827b [Monitoring] Add Rolling Upgrade Tests (elastic/x-pack-elasticsearch#2832)
This adds a rolling upgrade test for X-Pack monitoring. It works by using the `_xpack/monitoring/_bulk` endpoint to send arbitrary data, then verify that it exists.

This forces a few things to happen, thereby testing the behavior: 

1. The templates must exist.
2. The elected master node must be "ready" to work (hence the first
point).
3. The same "system_api_version" is accepted by every version of ES.

Original commit: elastic/x-pack-elasticsearch@012e5738bb
2017-11-09 12:49:37 -05:00
Jay Modi e29649a7bc Remove the xpack plugin's dependency on the tribe module (elastic/x-pack-elasticsearch#2901)
This change removes the xpack plugin's dependency on the tribe module, which is not a published
artifact. For the most part this just involves moving some test classes around, but for the
security and tribe integration the usage of constant settings was removed and replaced with the
string names. This is a bit unfortunate, but a test was added in a QA project that depends on tribe
that will alert us if a new setting is added that we need to be aware of.

relates elastic/x-pack-elasticsearch#2656

Original commit: elastic/x-pack-elasticsearch@649a8033e4
2017-11-08 12:39:02 -07:00
Albert Zaharovits 872f2558c9 Halt OpenLDAP fixture (elastic/x-pack-elasticsearch#2929)
Halt OpenLDAP fixture after :x-pack-elasticsearch:qa:openldap-tests:test

Currently the OpenLDAP vagrant fixture is not halted.
Reruning the test will fail because the new fixture instance will try to bind to
the same host ports. Project :x-pack-elasticsearch:qa:openldap-tests:test is
the only one using the OpenLDAP fixture from
:x-pack-elasticsearch:test:openldap-fixture.

relates elastic/x-pack-elasticsearch#2619

Original commit: elastic/x-pack-elasticsearch@bea2f81b76
2017-11-08 19:57:29 +02:00
jaymode 96d0a374a4 Test: fix check for security version after template updater change
This change fixes the check for the version of the security template after the template updater was
changed to only run on the master node in elastic/elasticsearch#27294. Additionally, the wait time
for the cluster to have a yellow status has been increased to account for delayed shards and slower
machines.

Original commit: elastic/x-pack-elasticsearch@a2e72bed12
2017-11-08 10:46:53 -07:00
Igor Motov 6e9c83a7b5 SQL: fix the security index name in audit tests
Original commit: elastic/x-pack-elasticsearch@1155d24e24
2017-11-08 12:12:16 -05:00
Igor Motov 330fdc19c3 SQL: Upgrade JDBC CSV library (elastic/x-pack-elasticsearch#2907)
Upgrades JDBC CSV library to v1.0.34. This version contains a fix for autodetection of column types, which was broken before in tr-TR locale.

relates elastic/x-pack-elasticsearch#2813

Original commit: elastic/x-pack-elasticsearch@a9b94d2969
2017-11-07 11:11:43 -05:00
Nik Everett a211077554 Switch JDBC metadata to indicate all columns nullable (elastic/x-pack-elasticsearch#2835)
We were returning "nullability unknown" but in Elasticsearch all columns
are nullable.

Original commit: elastic/x-pack-elasticsearch@6ceae418ea
2017-11-04 23:28:49 +00:00
Nik Everett 00d30285e1 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@33905ed7be
2017-11-04 19:12:40 -04:00
David Roberts 7b36046f33 Use TestEnvironment factory method to create test Environment objects (elastic/x-pack-elasticsearch#2860)
This is the X-Pack side of elastic/elasticsearch#27235.  To force people
who construct an Environment object in production code to think about the
correct setting of configPath there is no longer a single argument
constructor in the Environment class.  Instead there is a factory method
in the test framework to replace it.  Having this in the test framework
ensures that there is no way to use it in production code.

Original commit: elastic/x-pack-elasticsearch@4860e92d90
2017-11-04 13:25:56 +00:00
Nik Everett 49b295296e SQL: Fail on trailing test specs (elastic/x-pack-elasticsearch#2836)
If you wrote a test at the end of one of SQL's test spec files that was
just a name without a body then the parser would throw the test away.
Now it fails to intiaize the class with an error message telling you
which file is broken.

Original commit: elastic/x-pack-elasticsearch@023a942ca3
2017-11-04 13:17:49 +00:00
Nik Everett 41284cae93 SQL: Fix the name of the indices lookup action (elastic/x-pack-elasticsearch#2840)
Fix the name of the action the SQL uses to lookup index information from
the cluster state. The old name was silly.

Original commit: elastic/x-pack-elasticsearch@805fb29662
2017-11-03 23:37:22 +00:00
Nik Everett 562117a7b7 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@c8368be422
2017-11-03 16:16:50 -04:00
David Roberts ba5dbc4daf Remove uses of single argument Environment constructor from production code (elastic/x-pack-elasticsearch#2852)
Following elastic/elasticsearch#27235 the single argument Environment constructor
is forbidden in production code.  This change removes the last such uses from
X-Pack.

Original commit: elastic/x-pack-elasticsearch@87e72d0d07
2017-11-03 09:12:35 +00:00
Nik Everett 28dc53ac5e Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@ad5707a44f
2017-11-02 00:14:51 -04:00
Jason Tedor 400184bd1c Adjust number of files assertion in packaging tests
This commit adjusts the number of files assertions in the packaging
tests after the number was increased by the addition of certutil and
certutil.bat.

Relates elastic/x-pack-elasticsearch#2561

Original commit: elastic/x-pack-elasticsearch@b1a7800dd6
2017-11-01 22:08:47 -04:00
Nik Everett 2b2bf89fb1 Fix broken SQL security test
Used the wrong user.

Original commit: elastic/x-pack-elasticsearch@334955fbfa
2017-11-01 21:48:46 -04:00
Nik Everett 33f4a8317c JDBC metadata integration with security (elastic/x-pack-elasticsearch#2806)
I realized that we weren't running our DatabaseMetaData tests. One thing led to another and I made these changes:
1. Got the DatabaseMetaData tests running in all three of our QA projects.
2. Fixed the SecurityCatalogFilter to work with `SqlGetIndicesAction`. It worked before, but only for requests that were a `SqlAction` as well as `SqlGetIndicesAction`.
3. Added security test for the JDBC DatabaseMetaData requests. These mirror exactly the security tests that we use for `SHOW TABLES` and `DESCRIBE` but cover the JDBC actions.

Original commit: elastic/x-pack-elasticsearch@7026d83c06
2017-10-30 23:22:12 +00:00
Nik Everett b0dc14f639 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@7af47176fc
2017-10-30 13:50:33 -04:00
Nik Everett d933b1b48b Initial docs for SQL (elastic/x-pack-elasticsearch#2810)
Adds docs for the REST API, translate API, the CLI, and JDBC.

Next we need to add more example queries and documentation for our
extensions.

Original commit: elastic/x-pack-elasticsearch@ed6d1360d2
2017-10-30 17:23:27 +00:00
Jay Modi 4f65d9b527 Retry startup for IndexAuditTrail and version templates (elastic/x-pack-elasticsearch#2755)
This commit removes the FAILED state for the IndexAuditTrail so that we always try to keep starting
the service. Previously, on any exception during startup we moved to a failed state and never tried
to start again. The users only option was to restart the node. This was problematic in the case of
large clusters as there could be common timeouts of cluster state listeners that would cause the
startup of this service to fail.

Additionally, the logic in the IndexAuditTrail to update the template on the current cluster has
been removed and replaced with the use of the TemplateUpgradeService. However, we still need to
maintain the ability to determine if a template on a remote cluster should be PUT. To avoid always
PUTing the template, the version field has been added so it only needs to be PUT once on upgrade.

Finally, the default queue size has been increased as this is another common issue that users hit
with high traffic clusters.

relates elastic/x-pack-elasticsearch#2658

Original commit: elastic/x-pack-elasticsearch@27e2ce7223
2017-10-30 09:11:18 -06:00
Costin Leau a7b559c825 temporarily set UTC as timezone to comply with H2 behavior
Original commit: elastic/x-pack-elasticsearch@00be17cebb
2017-10-28 11:59:13 +03:00
Nik Everett f92684c436 Fix SQL test
Original commit: elastic/x-pack-elasticsearch@14d07c2607
2017-10-27 17:38:34 -04:00
Costin Leau f26a9acdc4 Update ANTLR in qa project as well
Original commit: elastic/x-pack-elasticsearch@58c10398b4
2017-10-27 23:43:37 +03:00
Costin Leau af591b9edd SQL: Remove usage of Settings inside SqlSettings (elastic/x-pack-elasticsearch#2757)
* Remove usage of Settings inside SqlSettings

Also hook client timeouts to the backend
Set UTC as default timezone when using CSV
As the JVM timezone changes, make sure to pin it to UTC since this is what the results are computed against

Original commit: elastic/x-pack-elasticsearch@3e7aad8c1f
2017-10-27 18:55:59 +03:00
Dimitris Athanasiou c7e94b3b4c [ML] Enable overall buckets aggregation at a custom bucket span (elastic/x-pack-elasticsearch#2782)
For the purpose of getting this API consumed by our UI, returning
overall buckets that match the job's largest `bucket_span` can
result in too much data. The UI only ever displays a few buckets
in the swimlane. Their span depends on the time range selected and
the screen resolution, but it will only ever be a relatively
low number.

This PR adds the ability to aggregate overall buckets in a user
specified `bucket_span`. That `bucket_span` may be equal or
greater to the largest job's `bucket_span`. The `overall_score`
of the result overall buckets is the max score of the
corresponding overall buckets with a span equal to the job's
largest `bucket_span`.

The implementation is now chunking the bucket requests
as otherwise the aggregation would fail when too many buckets
are matching.

Original commit: elastic/x-pack-elasticsearch@981f7a40e5
2017-10-27 11:14:13 +01:00
Nik Everett 3d0f57d976 Add remaining security tests (elastic/x-pack-elasticsearch#2797)
This adds all of the security tests I think SQL is going to need for the initial release. SQL is still missing an entire scenario though: SSL enabled. Either way, this removes some `NOCOMMIT`s in `qa/sql/security`. Adding the SSL testing can come later.

Original commit: elastic/x-pack-elasticsearch@851620b606
2017-10-26 17:23:35 +00:00
Nik Everett d7ab14ee54 Fix SQL security build's run config
Now it is the same as the integTest config agian. I should have done
this in elastic/x-pack-elasticsearch#2753 but I forgot.

Original commit: elastic/x-pack-elasticsearch@bbbb8b1dc7
2017-10-19 13:14:30 -04:00
Nik Everett 56ce29c6bf Security tests for SQL's CLI and JDBC (elastic/x-pack-elasticsearch#2770)
Add security tests for SQL's CLI and JDBC features. I do this by factoring out all the "actions" from the existing REST tests into an interface and implement it for REST, CLI, and JDBC. This way we can share the same audit log assertions across tests and we can be sure that the REST, CLI, and JDBC tests cover all the same use cases.

Original commit: elastic/x-pack-elasticsearch@82ff66a520
2017-10-19 17:13:31 +00:00
Nik Everett 65f2b9fe01 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@9fc67cbfee
2017-10-18 10:27:19 -04:00
Simon Willnauer 2d1ce76194 Adopt core that `_flush` and `_force_merge` doesn't refresh anymore (elastic/x-pack-elasticsearch#2752)
Relates to elastic/elasticsearch#27000

Original commit: elastic/x-pack-elasticsearch@52e9951094
2017-10-16 10:16:50 +02:00
Nik Everett 770bc9516c Switch sql audit tests from index to the log file (elastic/x-pack-elasticsearch#2753)
This is *way* faster because we don't have to wait for the audit
events from previous test runs to drain into the index. And we
don't have to wait for the index's refresh cycle. We have to parse
the log lines which is a bit more brittle but it feels worth it
at this point.

Original commit: elastic/x-pack-elasticsearch@4b1758fc32
2017-10-14 12:27:51 +00:00
Nik Everett 99fea5f448 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@d521ecda35
2017-10-13 10:39:28 -04:00
Jason Tedor c35efb7adf Replace global checkpoint sync test
This commit replaces the REST test that the global checkpoint sync
action runs successfully as a privileged user. The test needs to be
replaced because it has a small race condition. Namely, the check that
the post-operation global checkpoint sync was successful could run
before the sync finishes running. To address this, we replace the REST
test with a test where we have a little more control and can assert busy
to avoid this race from failing the test.

Relates elastic/x-pack-elasticsearch#2749

Original commit: elastic/x-pack-elasticsearch@ea585b843c
2017-10-13 10:05:59 -04:00
Costin Leau 353c0c500b Fix and enable datetime tests (elastic/x-pack-elasticsearch#2680)
Firstly, data in H2 is now stored in TIMESTAMP WITH TIME ZONE since H2
does not allow a global TZ to be set and picks the JVM TZ when a record
is read.
JdbcAssert is now aware of this allows TIMESTAMP with TZ == TIMESTAMP

Discovered a serious bug in DateTimeFunction - unfortunately date
histogram is not useful except for year since most extract functions
avoid ordering which a histogram preserves.
Thus most DTF are now terms aggs with scripting.

Improved a bug that caused duplicate functions to not be detected because
of aliasing.

Moved some datetime tests to CSV but the aggs tests now are in sync with
H2

Fixed bug that caused arithmetic on aggs to not be properly resolved by
splitting the processor definition tree to aggName (unresolved) and
aggPath (resolved)

Original commit: elastic/x-pack-elasticsearch@e75ada68f1
2017-10-13 13:52:48 +03:00
Costin Leau 21c8a9168b Add antlr to qa tests for IDE execution
Original commit: elastic/x-pack-elasticsearch@d146b98be3
2017-10-12 23:59:17 +03:00
Nik Everett 69d1a5c5dd Give audit logs more time to show up in SQL tests
CI has been failing since we had to remove our tweaks to the audit
logging configuration due to
https://github.com/elastic/x-pack-elasticsearch/issues/2705

So we increase the timeout. The timeout is very very long, but it
seems like we need it for CI which is often slow.

Original commit: elastic/x-pack-elasticsearch@91a926a031
2017-10-12 13:53:09 -04:00
Nik Everett 69a326dd94 Fix CliErrorsIT in sql security tests
It was disabled because the CLI didn't work with security but
we've since fixed that so we can enable it.

Original commit: elastic/x-pack-elasticsearch@8d9b5ad89b
2017-10-12 12:42:13 -04:00
Nik Everett 852af7de57 Fix error handling in SQL's CLI (elastic/x-pack-elasticsearch#2730)
We weren't returning errors correctly from the server
or catching them correctly in the CLI. This fixes that
and adds simple integration tests.

Original commit: elastic/x-pack-elasticsearch@259da0da6f
2017-10-12 16:32:15 +00:00
Nik Everett 6478713304 Add support for username and password in SQL CLI (elastic/x-pack-elasticsearch#2718)
Add support for username and password in SQL CLI and adds tests that CLI works with security.

Original commit: elastic/x-pack-elasticsearch@39c8dbfc97
2017-10-12 15:55:29 +00:00
Jason Tedor aece28c286 Add test for global checkpoint sync with security
After a write operation on an index, a post-operation global checkpoint
sync fires. Previously, this action fired on the same user as executed
the write action. If the user did not have priviledges for this action,
the global checkpoint sync would fail. With an upstream change in core,
this action now fires as the system user. This commit adds a test that
create a user that has minimal write permissions on an index, but none
that would imply it could execute the global checkpoint sync. This then
serves as a test that the upstream change to fire the global checkpoint
sync as the system user is correct. This test must run as a mulit-node
test so that a replica is a assigned so that the global checkpoint sync
fires in the first place. This test does indeed fail without the
upstream change, and passes with it.

Relates elastic/x-pack-elasticsearch#2744

Original commit: elastic/x-pack-elasticsearch@bf7e771756
2017-10-12 09:19:17 -04:00
Costin Leau fa4504ed28 Fix some NOCOMMITs
Original commit: elastic/x-pack-elasticsearch@1a6ac1e6c6
2017-10-12 14:24:56 +03:00
Costin Leau 57fcbb81cb SQL: Improve JDBC communication (elastic/x-pack-elasticsearch#2660)
* Improve JDBC communication
Jdbc HTTP client uses only one url for messages and relies on / for ping
Fixed ES prefix being discarded (missing /)
Add HEAD handler for JDBC endpoint

Original commit: elastic/x-pack-elasticsearch@389f82262e
2017-10-11 23:03:03 +03:00
Costin Leau 6a1806a3eb Fix line too long
Original commit: elastic/x-pack-elasticsearch@084095a944
2017-10-11 22:32:14 +03:00
Costin Leau d6881e25c9 Use embedded client inside the planner as well
Original commit: elastic/x-pack-elasticsearch@c9d20672be
2017-10-11 22:08:20 +03:00
Nik Everett 125f140620 Fix SQL CLI tests in windows (elastic/x-pack-elasticsearch#2738)
We put the CLI in unix mode so if we send it
`\r\n` (the default in windows) then it'll
spit out extra "you are on a line continuation"
characters (`|`). Instead, we can use `\n`
directly and everything works.

I've also added a timeout to the reads from the
CLI because it makes the tests easier to debug.

Original commit: elastic/x-pack-elasticsearch@69f69f4092
2017-10-11 18:31:45 +00:00
Tanguy Leroux 8484680007 Few fixes in packaging tests
This commit fixes indentation in certgen.bash, adds a check on cluster
health in bootstrap_password.bash and fixes a bug in xpack.bash

Original commit: elastic/x-pack-elasticsearch@d6847f6640
2017-10-11 11:53:10 +02:00
Nik Everett b02e569b38 Speed up audit log testing for SQL (elastic/x-pack-elasticsearch#2721)
SQL was cleaning up the audit logs *after* each test
but this switches it to cleaning up the audit logs
*before* each test. This is faster because we can
generate a lot of audit logs before the first test.

Original commit: elastic/x-pack-elasticsearch@71d8f76667
2017-10-10 16:48:37 -04:00
Nik Everett 9633b1d7bc Remove an @AwaitsFix on test in SQL (elastic/x-pack-elasticsearch#2719)
It has been fixed already, actually.

Original commit: elastic/x-pack-elasticsearch@46c8dacc50
2017-10-10 16:44:21 -04:00
Costin Leau 1cd6fb23ec Make SearchCursor limit aware
Original commit: elastic/x-pack-elasticsearch@c4839bc293
2017-10-10 19:22:42 +03:00
Dimitris Athanasiou 5eea355b33 [ML] Add overall buckets api (elastic/x-pack-elasticsearch#2713)
Adds the GET overall_buckets API.

The REST end point is: GET
/_xpack/ml/anomaly_detectors/job_id/results/overall_buckets

The API returns overall bucket results. An overall bucket
is a summarized bucket result over multiple jobs.
It has the `bucket_span` of the longest job's `bucket_span`.
It also has an `overall_score` that is the `top_n` average of the
max anomaly scores per job.

relates elastic/x-pack-elasticsearch#2693

Original commit: elastic/x-pack-elasticsearch@ba6061482d
2017-10-10 14:41:24 +01:00
Tanguy Leroux 1ed4be1471 Show exit code in Bootstrap Password packaging tests
Also cleans up some files before the test is executed,
and explicitly binds to 127.0.0.1/9200.

Original commit: elastic/x-pack-elasticsearch@778584ea78
2017-10-10 09:51:22 +02:00
Igor Motov 79d6b88763 Merge remote-tracking branch 'elastic/master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@7503023447
2017-10-09 15:47:35 -04:00
David Roberts 9ad961088d [TEST] Wait a little longer for named pipes to open in unit tests (elastic/x-pack-elasticsearch#2712)
Same fix as elastic/x-pack-elasticsearch#987, but for the unit tests.  The slowness affecting EBS
volumes created from snapshots can affect CI as it runs on AWS instances.

Original commit: elastic/x-pack-elasticsearch@306b8110b7
2017-10-09 13:09:17 +01:00
Albert Zaharovits 98347088f9 Fix LDAP Authc connections deadlock (elastic/x-pack-elasticsearch#2587)
Do not execute bind on on the LDAP reader thread

Each LDAP connection has a single associated thread, executing the handlers for async requests; this is managed by the LDAP library. The bind operation is blocking for the connection. It is a deadlock to call bind, if on the LDAP reader thread for the same connection, because waiting for the bind response blocks the thread processing responses (for this connection).
This will execute the bind operation (and the subsequent runnable) on a thread pool after checking for the conflict above.

Closes: elastic/x-pack-elasticsearch#2570, elastic/x-pack-elasticsearch#2620

Original commit: elastic/x-pack-elasticsearch@404a3d8737
2017-10-09 13:06:12 +03:00
Yannick Welsch 20c0e01523 Set minimum_master_nodes on rolling-upgrade test
Companion commit to elastic/elasticsearch#26911

Original commit: elastic/x-pack-elasticsearch@dcdbd14f78
2017-10-09 10:59:58 +02:00
Simon Willnauer cd14f33ae2 Return List instead of an array from settings (elastic/x-pack-elasticsearch#2694)
XPack side of elastic/elasticsearch#26903

Original commit: elastic/x-pack-elasticsearch@f0390974ab
2017-10-09 09:52:34 +02:00
Boaz Leskes 9041211690 Setup debug logging for qa.full-cluster-restart
Original commit: elastic/x-pack-elasticsearch@1f7f8f2a92
2017-10-06 23:02:48 +02:00
Nik Everett 5239e49b75 Fix security tests
The security tests were broken because of
https://github.com/elastic/x-pack-elasticsearch/issues/2705
so this works around it.

Original commit: elastic/x-pack-elasticsearch@34f499d55e
2017-10-06 16:03:01 -04:00
Nik Everett 5806b620c5 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@141332d3fc
2017-10-06 13:57:55 -04:00
Tanguy Leroux a9d7c232be Fix packaging tests
Since elastic/elasticsearch#26878, array and list of settings are
internally represented as actual lists. This makes filtering works
as expected when it comes to filter out arrays/lists.

The packaging tests used to check the presence of the XPack SSL
certificated_authorities setting which should have always been filtered.

By fixing the filtering of settings, elastic/elasticsearch#26878 broke
this packaging test.

This commit changes this test so that it does not expect certificated_authorities
setting to exist in the Nodes Info response.

relates elastic/x-pack-elasticsearch#2688

Original commit: elastic/x-pack-elasticsearch@cb299186b8
2017-10-06 14:36:44 +02:00
Costin Leau 31a952993a Merge remote-tracking branch 'remotes/upstream/master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@2ac0dab27b
2017-10-05 19:16:36 +03:00
Boaz Leskes 45c62cca63 full-cluster-restart tests: prevent shards from going inactive
FullClusterRestartIT.testRecovery relies on the translogs not being flushed

Original commit: elastic/x-pack-elasticsearch@4ee41372b6
2017-10-05 10:10:10 +02:00
Boaz Leskes 0d08e6cb73 Promote common rest test utility methods to ESRestTestCase
We have duplicates in some classes and I was about to create one more.

Original commit: elastic/x-pack-elasticsearch@78ff553992
2017-10-05 10:10:10 +02:00
Simon Willnauer f5864c7291 Move away from `Settings#getAsMap()` (elastic/x-pack-elasticsearch#2661)
Relates to elastic/elasticsearch#26845

Original commit: elastic/x-pack-elasticsearch@0323ea07a5
2017-10-04 01:21:59 -06:00
Costin Leau e0d02033de More JDBC improvements
properly return the precision for VARCHAR
ignore type when specified in index pattern

Original commit: elastic/x-pack-elasticsearch@71a5ac1812
2017-09-30 00:40:57 +03:00
Costin Leau cc66bbaa00 All jdbc client escaping is done on the server
Original commit: elastic/x-pack-elasticsearch@2b8b7c8c2e
2017-09-29 20:09:58 +03:00
Nik Everett c8e69b160e SQL: Fix build
Fix a few forgetten things from the validation change.

Original commit: elastic/x-pack-elasticsearch@807098dc6a
2017-09-28 16:57:58 -04:00
Costin Leau d634314dd1 Add comments to SqlSession
Original commit: elastic/x-pack-elasticsearch@82291d41c8
2017-09-28 22:29:23 +03:00
Costin Leau aca8a5b6c0 Analysis validation (elastic/x-pack-elasticsearch#2651)
Rework unresolved items messages
Update URLs in embedded HttpServers
Add antlr-runtime for embedded classpath

Original commit: elastic/x-pack-elasticsearch@36f0331d90
2017-09-28 22:27:20 +03:00
Igor Motov 5f385d9155 SQL: Disable column type autodetection in CSV tests (elastic/x-pack-elasticsearch#2634)
Related to elastic/x-pack-elasticsearch#2608

Original commit: elastic/x-pack-elasticsearch@d1a45eab15
2017-09-27 18:19:07 -04:00
Costin Leau c33dfe7dbe Hook _translate rest endpoint
Add rest testcase plus fix some NOCOMMITs

Original commit: elastic/x-pack-elasticsearch@150576869c
2017-09-27 18:50:35 +03:00
Igor Motov fdd98f01ed Merge remote-tracking branch 'elastic/master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@273e0a110e
2017-09-26 11:59:49 -04:00
Nik Everett 42dd1947cd SQL: Randomize fetch size in tests (elastic/x-pack-elasticsearch#2626)
Now that we have fetch size working consistently we should randomize
the fetch size that we use in the tests to detect any errors caused
by strange fetch sizes.

Original commit: elastic/x-pack-elasticsearch@2c41fb5309
2017-09-26 10:16:54 -04:00
Tal Levy 048418aca7 add dummy test to LicensingTribeIT for build to pass (elastic/x-pack-elasticsearch#2627)
The true purpose of this test is to introduce another test alongside
the original, so that the test suite passes even if the other test
is skipped due to the assumption it makes about `build.snapshot`.

Original commit: elastic/x-pack-elasticsearch@709d7a5dc5
2017-09-25 22:03:46 -07:00
Nik Everett c7c79bc1c0 Add scrolling support to jdbc (elastic/x-pack-elasticsearch#2524)
* Switch `ResultSet#getFetchSize` from returning the *requested*
fetch size to returning the size of the current page of results.
For scrolling searches without parent/child this'll match the
requested fetch size but for other things it won't. The nice thing
about this is that it lets us tell users a thing to look at if
they are wondering why they are using a bunch of memory.
* Remove all the entire JDBC action and implement it on the REST
layer instead.
* Create some code that can be shared between the cli and jdbc
actions to properly handle errors and request deserialization so
there isn't as much copy and paste between the two. This helps
because it calls out explicitly the places where they are different.
  * I have not moved the CLI REST handle to shared code because
I think it'd be clearer to make that change in a followup PR.
* There is now no more need for constructs that allow iterating
all of the results in the same request. I have not removed these
because I feel that that cleanup is big enough to deserve its own
PR.

Original commit: elastic/x-pack-elasticsearch@3b12afd11c
2017-09-25 14:41:46 -04:00
Igor Motov c31c2af872 SQL: Fix fulltext CSV spec tests (elastic/x-pack-elasticsearch#2608)
Column type autodetect of integer types is broken in JDBC CSV library when it is used in tr-TR locale. The library is using toLowerCase() calls with default locale, which causes it to convert autodetected type name "Int" to lowercase "ınt" in tr-TR locale and not recognize it as an int type afterwards.

This commit adds a temporary workaround that makes the prevents that test from failing by specifying explicit column types in all tests where integer columns are present.

Original commit: elastic/x-pack-elasticsearch@86ca2acd8c
2017-09-25 14:23:07 -04:00
Nik Everett 216058035b Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@b3f6d3fd70
2017-09-25 09:55:17 -04:00
Simon Willnauer e7b5702f50 Adopt settings cleanups from core (elastic/x-pack-elasticsearch#2605)
Relates to elastic/elasticsearch#26739

Original commit: elastic/x-pack-elasticsearch@dd13d099de
2017-09-25 12:27:07 +02:00
Tal Levy d9554955f2 make tribe-node-license validation assume snapshot context (elastic/x-pack-elasticsearch#2589)
Release tests were introduced that sets the `build.snapshot`
system property to `false` to mimic release builds. This invalidates
the hardcoded license signatures that were signed against the
integration test pub/priv keys. This commit modifies the
license-validation assertions to assume the test is running against
those test keys, and will be skipped/ignored when these assertions
fail (which should only occur with `build.snapshot=true`)

Original commit: elastic/x-pack-elasticsearch@871704a3af
2017-09-21 14:39:01 -07:00
Nik Everett 2c183d566e Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@53dc6d4ce7
2017-09-21 15:20:20 -04:00
Nik Everett 71a33323ff SQL: Soften some more NOCOMMITs
Original commit: elastic/x-pack-elasticsearch@910e2485df
2017-09-21 11:33:30 -04:00
Nik Everett 8a05c1b81f Move all sql integration tests into qa (elastic/x-pack-elasticsearch#2432)
Builds on elastic/x-pack-elasticsearch#2403 to move all of sql's integration testing into
qa modules with different running server configurations. The
big advantage of this is that it allows us to test the cli and
jdbc with security present.

Creating a project that depends on both cli and jdbc and the
server has some prickly jar hell issues because cli and jdbc
package their dependencies in the jar. This works around it
in a few days:
1. Include only a single copy of the JDBC dependencies with
careful gradle work.
2. Do not include the CLI on the classpath at all and instead
run it externally.

I say "run it externally" rather than "fork it" because Elasticsearch
tests aren't allowed to fork other processes. This is forbidden
by seccomp on linux and seatbelt on osx and cannot be explicitly
requested like additional security manager settings. So instead
of forking the CLI process directly the tests interact with a test
fixture that isn't bound by Elasticsearch's rules and *can* fork
it.

This forking of the CLI has a nice side effect: it forces us to
make sure that things like security and connection strings other
than `localhost:9200` work. The old test could and did work around
missing features like that. The new tests cannot so I added the
ability to set the connection string. Configuring usernames and
passwords was also not supported but I did not add support for
that, only created the failing test and marked it as `@AwaitsFix`.

Original commit: elastic/x-pack-elasticsearch@560c6815e3
2017-09-21 09:58:52 -04:00
Tanguy Leroux 70687fbef3 [Tests] Add packaging tests for SSL/TLS communication (elastic/x-pack-elasticsearch#2556)
This commit adds a packaging test that uses the certgen tool
to set up a two nodes cluster that uses encrypted communication.

relates elastic/x-pack-elasticsearch#2485

Original commit: elastic/x-pack-elasticsearch@6d2e3c5cd0
2017-09-21 10:12:07 +02:00
Nik Everett 1405773acb Fix serialization for HitExtractorProcessor
Also get more information when SQL fails in IT.

Original commit: elastic/x-pack-elasticsearch@09f6625274
2017-09-20 14:15:35 -04:00
Nik Everett 2df8b0c144 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@dff8c22d99
2017-09-20 12:06:27 -04:00
Tanguy Leroux 0aef18333f Add packaging test for bootstrap password setup (elastic/x-pack-elasticsearch#2509)
relates elastic/x-pack-elasticsearch#2388

Original commit: elastic/x-pack-elasticsearch@cc750155d0
2017-09-19 10:07:39 +02:00
Nik Everett 52ee02da27 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@c25c179ce6
2017-09-18 12:32:46 -04:00
Tim Brooks b3914afd30 Reenable TribeWithSecurityIT tests (elastic/x-pack-elasticsearch#2511)
This is related to elastic/x-pack-elasticsearch#1996. These tests were disabled during the bootstrap
password work. They can now be reenabled. Additionally, I made the test
password used in tests consistent.

Original commit: elastic/x-pack-elasticsearch@5b490c8231
2017-09-15 12:50:54 -06:00
Jay Modi 57de66476c Disable TLS by default (elastic/x-pack-elasticsearch#2481)
This commit adds back the ability to disable TLS on the transport layer and also disables TLS by
default to restore the 5.x behavior. The auto generation of key/cert and bundled CA certificate
have also been removed.

Relates elastic/x-pack-elasticsearch#2463

Original commit: elastic/x-pack-elasticsearch@abc66ec67d
2017-09-14 12:18:54 -06:00
Nik Everett 858f0b2dac Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@9945382d90
2017-09-13 16:45:27 -04:00
Nik Everett 94de0d8041 Replace exception catching with fancy returns (elastic/x-pack-elasticsearch#2454)
Instead of throwing and catching an exception for invalid
indices this returns *why* they are invalid in a convenient
object form that can be thrown as an exception when the index
is required or the entire index can be ignored when listing
indices.

Original commit: elastic/x-pack-elasticsearch@f45cbce647
2017-09-11 14:27:50 -04:00
Jay Modi aaa0510821 Run core's full cluster restart tests with x-pack (elastic/x-pack-elasticsearch#2433)
This change pulls in the o.e.u.FullClusterRestartIT class from core and runs it as part of the
x-pack full cluster restart tests.

Relates elastic/x-pack-elasticsearch#1629

Original commit: elastic/x-pack-elasticsearch@87da59485f
2017-09-08 13:33:33 -06:00
Nik Everett 3f8bf7ccc8 Integrate sql's metadata with security (elastic/x-pack-elasticsearch#2446)
This integrates SQL's metadata calls with security by creating
`SqlIndicesAction` and routing all of SQL's metadata calls through
it. Since it *does* know up from which indices it is working against
it can be an `IndicesRequest.Replaceable` and integrate with the
existing security infrastructure for filtering indices.

This request is implemented fairly similarly to the `GetIndexAction`
with the option to read from the master or from a local copy of
cluster state. Currently SQL forces it to run on the local copy
because the request doesn't properly support serialization. I'd
like to implement that in a followup.

Original commit: elastic/x-pack-elasticsearch@15f9512820
2017-09-08 10:59:47 -04:00
Igor Motov 442e99fb3d SQL: Fix script.max_compilations_per_minute -> script.max_compilations_rate
Original commit: elastic/x-pack-elasticsearch@9c93d6f254
2017-09-07 13:28:47 -04:00
Igor Motov f3193aca5d Merge remote-tracking branch 'elastic/master' into sql-remove-no-commits
Original commit: elastic/x-pack-elasticsearch@f712c08cf1
2017-09-07 12:40:33 -04:00
David Kyle 51603620ee Mute ML rolling upgrade tests. Awaits fix elastic/x-pack-elasticsearch#1760
Original commit: elastic/x-pack-elasticsearch@deaf060818
2017-09-07 14:25:52 +01:00
David Roberts c73d70491a [TEST] Fix error if named pipe already connected (elastic/x-pack-elasticsearch#2423)
On Windows a named pipe server must call ConnectNamedPipe() before using
a named pipe.  However, if the client has already connected then this
function returns a failure code, with detailed error code
ERROR_PIPE_CONNECTED.  The server must check for this, as it means the
connection will work fine.  The Java test that emulates what the C++
would do in production did not have this logic.

This was purely a test problem.  The C++ code used in production already
does the right thing.

relates elastic/x-pack-elasticsearch#2359

Original commit: elastic/x-pack-elasticsearch@e162887f28
2017-09-05 13:39:22 +01:00
David Roberts 500b4ac6b9 [TEST] Improve ML security tests (elastic/x-pack-elasticsearch#2417)
The changes made for elastic/x-pack-elasticsearch#2369 showed that the ML security tests were seriously
weakened by the decision to grant many "minimal" privileges to all users
involved in the tests.  A better solution is to override the auth header
such that a superuser runs setup actions and assertions that work by
querying raw documents in ways that an end user wouldn't.  Then the ML
endpoints can be called with the privileges provided by the ML roles and
nothing else.

Original commit: elastic/x-pack-elasticsearch@4de42d9e54
2017-09-05 10:49:41 +01:00
David Roberts 32b4c18ea3 [ML] Ensure internal client is used where appropriate (elastic/x-pack-elasticsearch#2415)
Implementation details of ML endpoints should be performed using the
internal client, so that the end user only requires permissions for
the public ML endpoints and does not need to know how they are
implemented.  This change fixes some instances where this rule was
not adhered to.

Original commit: elastic/x-pack-elasticsearch@01c8f5172c
2017-09-01 13:16:48 +01:00
Tim Vernum 57a07d6b5a Authorize on shard requests for bulk actions (elastic/x-pack-elasticsearch#2369)
* Add support for authz checks at on shard requests

* Add Rest Tests for authorization

* Bulk security - Only reject individual items, rather than a whole shard

* Sync with core change

* Grant "delete" priv in ML smoketest

This role had index and+bulk privileges but it also needs delete (in order to delete ML model-snapshots)

Original commit: elastic/x-pack-elasticsearch@830e89e652
2017-08-31 11:49:46 -04:00
Nik Everett 97ddee8d1b Shuffle SQL's integration tests some (elastic/x-pack-elasticsearch#2403)
This shuffles all of SQL's QA tests into the `qa/sql` directory, moving
some shared resources into the new `qa:sql` project. It also rigs up
testing of the rest SQL interface in all the sql qa configurations:
without security, with security, and against multiple nodes.

I've had to make some modifications to how we handle the audit log
because it has gotten pretty slow. If these modifications turn out to
not be fast enough then I'll change the test to querying the log files
and drop the audit log index entirely but the index seems to be holding
out for now.

Original commit: elastic/x-pack-elasticsearch@ff3b5a74c1
2017-08-30 17:22:46 -04:00
David Kyle 91635608ef [ML] Rolling upgrade test job configurations with empty strings (elastic/x-pack-elasticsearch#2333)
Original commit: elastic/x-pack-elasticsearch@b61947cca7
2017-08-30 15:20:14 +01:00
Jason Tedor 5cd92ffbbf Remove extraneous newlines from keystore.bash
This commit removes some extraneous trailing newlines from
keystore.bash, the packaging test cases for the interaction between
installing X-Pack and the keystore.

Original commit: elastic/x-pack-elasticsearch@86250ecfbc
2017-08-28 21:09:47 -04:00
Jason Tedor fb7118fde2 Add packaging tests for keystore creation
This commit adds a packaging test that the keystore is created when
X-Pack is installed, and that it has the correct ownership and
permissions.

Relates elastic/x-pack-elasticsearch#2380

Original commit: elastic/x-pack-elasticsearch@27e181d2f6
2017-08-28 20:47:58 -04:00
Nik Everett 972c56dafe Begin migrating SQL's next page (elastic/x-pack-elasticsearch#2271)
Scrolling was only implemented for the `SqlAction` (not jdbc or cli)
and it was implemented by keeping request state on the server. On
principle we try to avoid adding extra state to elasticsearch where
possible because it creates extra points of failure and tends to
have lots of hidden complexity.

This replaces the state on the server with serializing state to the
client. This looks to the user like a "next_page" key with fairly
opaque content. It actually consists of an identifier for the *kind*
of scroll, the scroll id, and a base64 string containing the field
extractors.

Right now this only implements scrolling for `SqlAction`. The plan
is to reuse the same implementation for jdbc and cli in a followup.

This also doesn't implement all of the required serialization.
Specifically it doesn't implement serialization of
`ProcessingHitExtractor` because I haven't implemented serialization
for *any* `ColumnProcessors`.

Original commit: elastic/x-pack-elasticsearch@a8567bc5ec
2017-08-28 08:46:49 -04:00
Nik Everett 29c57bbe0c Handle unshading
Original commit: elastic/x-pack-elasticsearch@5f73cecafb
2017-08-25 17:09:49 -04:00
Nik Everett 8ce2fa3c81 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@0577b07b3d
2017-08-25 16:16:34 -04:00
Michael Basnight e18f04f3eb Revert "Use shaded rest client dependencies" (elastic/x-pack-elasticsearch#2352)
This reverts commit elastic/x-pack-elasticsearch@8605560232.

Relates elastic/elasticsearch#26367

Original commit: elastic/x-pack-elasticsearch@e4cd960504
2017-08-25 14:13:16 -05:00
Alexander Reelsen 9b0a1a34e0 Upgrade: Remove watcher/security upgrade checks (elastic/x-pack-elasticsearch#2338)
The checks are used for the 5.6 to 6.x transition, thus they do
not make sense to keep in 7.x.

Original commit: elastic/x-pack-elasticsearch@c6c6fa819e
2017-08-25 17:24:49 +02:00
David Kyle c6b6a5c804 Fix failing ML test after bucket count change (elastic/x-pack-elasticsearch#2351)
Original commit: elastic/x-pack-elasticsearch@c215ba1c16
2017-08-25 10:25:18 +01:00
Nik Everett 755d961f3b Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@fe0cd15c06
2017-08-23 09:24:25 -04:00
Albert Zaharovits 026729e911 TOKEN_SERVICE_ENABLED_SETTING enabled if HTTP_SSL_ENABLED (elastic/x-pack-elasticsearch#2321)
`authc.token.enabled` is true unless `http.ssl.enabled` is `false` and `http.enabled` is `true`.

* TokenService default enabled if HTTP_ENABLED == false

* Fixed tests that need TokenService explicitly enabled

* [DOC] Default value for `xpack.security.authc.token.enabled`

Original commit: elastic/x-pack-elasticsearch@bd154d16eb
2017-08-23 13:21:30 +03:00
Alexander Reelsen 3f541fa556 Tests: Ensure watcher is started via awaitBusy in bwc test
Original commit: elastic/x-pack-elasticsearch@a8c0cf04c9
2017-08-22 00:39:11 +02:00
Alexander Reelsen 17980ab360 Tests: Remove randomized unsupported code upgrading two indices at once
Original commit: elastic/x-pack-elasticsearch@c86b87927d
2017-08-22 00:09:01 +02:00
Alexander Reelsen 27f39c615b Watcher: Create two index ugprade checks for watcher upgrade (elastic/x-pack-elasticsearch#2298)
As there are two indices to upgrade for watcher, it makes a lot of sense
to also have two upgrade checks.

There is one upgrader for the watches index, which deletes
old templates, adds the new one before and then does the reindexing.
Same for the triggered watches index.

This also means, that there will be two entries popping up in the kibana
UI.

Note: Each upgrade check checks if the other index (for the .watches
upgrade check the triggered watches index and vice versa) is already
upgraded and only if that is true, watcher is restarted.

relates elastic/x-pack-elasticsearch#2238

Original commit: elastic/x-pack-elasticsearch@2c92040ed6
2017-08-21 17:36:16 +02:00
Igor Motov a27c726f72 Merge remote-tracking branch 'elastic/master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@ecbfa82bcf
2017-08-18 15:40:49 -04:00
Simon Willnauer 71827b70a0 Bump token service BWC version to 6.0.0-beta2
Original commit: elastic/x-pack-elasticsearch@ef688f02cb
2017-08-18 17:06:45 +02:00
Nik Everett a68d839edc Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@1f74db9cde
2017-08-18 09:56:29 -04:00
Simon Willnauer ac9ab974f4 Ensure token service can boostrap itself without a pre-shared key (elastic/x-pack-elasticsearch#2240)
Today we require a pre-shared key to use the token service. Beside the
additional setup step it doesn't allow for key-rotation which is a major downside.

This change adds a TokenService private ClusterState.Custom that is used to distribute
the keys used to encrypt tokens. It also has the infrastructur to add automatic key
rotation which is not in use yet but included here to illustrate how it can work down
the road.

This is considered a prototype and requires additioanl integration testing. Yet, it's fully
BWC with a rolling / full cluster restart from a previous version (also from 5.6 to 6.x)
since if the password is set it will just use it instead of generating a new one.
Once we implement the automatic key rotation via the clusterstate we need to ensure that we are
fully upgraded before we do that.
Also note that the ClusterState.Custom is fully transient and will never be serialized to disk.

Original commit: elastic/x-pack-elasticsearch@1ae22f5d41
2017-08-18 14:23:43 +02:00
Igor Motov 09579eb630 Merge remote-tracking branch 'elastic/master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@87d023325e
2017-08-17 15:47:52 -04:00
Simon Willnauer 724325f161 Fallback to `keystore.seed` as a bootstrap password if actual password is not present (elastic/x-pack-elasticsearch#2295)
Today we require the `bootstrap.password` to be present in the keystore in order to
bootstrap xpack. With the addition of `keystore.seed` we have a randomly generated password
per node to do the bootstrapping. This will improve the initial user experience significantly
since the user doesn't need to create a keystore and add a password, they keystore is created
automatically unless already present and is always created with this random seed.

Relates to elastic/elasticsearch#26253

Original commit: elastic/x-pack-elasticsearch@5a984b4fd8
2017-08-17 16:42:32 +02:00
Alexander Reelsen 6d30806996 Watcher: Improvements on the rolling restart tests (elastic/x-pack-elasticsearch#2286)
This improves the rolling restart tests (tests different paths in
different ways) and aligns the upgrade code with the 5.6 branch from

Relates elastic/x-pack-elasticsearch#2238

Original commit: elastic/x-pack-elasticsearch@01b0954558
2017-08-17 11:41:11 +02:00
Alexander Reelsen 0a86f00d7e Tests: Ensure responses are closed in watch backwards compat tests
The HTTP client has to have it's response entities closed, otherwise
it might block further requests because the underlying connection cannot
be reused.

Relates elastic/x-pack-elasticsearch#2004

Original commit: elastic/x-pack-elasticsearch@a24ecb9764
2017-08-16 16:29:52 +02:00
Nik Everett 335838db08 Audit logging for SQL (elastic/x-pack-elasticsearch#2210)
Adapts audit logging to actions that delay getting index access control until the action is started. The audit log will contain an entry for the action itself starting without any associated indices because the indices are not yet known. The audit log will also contain an entry for every time the action resolved security for a set of indices. Since sql resolves indices one at a time it will contain an entry per index.

All of this customization is entirely in the security code. The only SQL change in this PR is to add audit logging support to the integration test.

Original commit: elastic/x-pack-elasticsearch@539bb3c2a8
2017-08-15 14:19:28 -04:00
Nik Everett 02cc23cf21 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@aaad327bd0
2017-08-15 13:05:24 -04:00
Alexander Reelsen 69b3ffa40a Tests: Remove useless wait time in watcher REST test
The rest test waited for the watch to run in the background, but there
were no guarantees that this really happened. Also it waited for five
seconds, instead of just executing the watch manually.

relates elastic/x-pack-elasticsearch#2255

Original commit: elastic/x-pack-elasticsearch@56765a649e
2017-08-14 11:52:26 +02:00
Nik Everett 2207c19afa Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@f9c0bc95d4
2017-08-11 15:41:22 -04:00
Alexander Reelsen 3ad2f5e9f5 Tests: Increase logging for watcher smoke tests
These tests have repeating but not reproducible failures,
where the stash is filled with a second PUT operation and the
watcher stats response does not match. Setting the log to trace
should shed some light on this.

As the smoke tests are only four tests this will not lead to a
log explosion.

Relates elastic/x-pack-elasticsearch#1513, elastic/x-pack-elasticsearch#1874

Original commit: elastic/x-pack-elasticsearch@5832dc7990
2017-08-11 15:29:52 +02:00
Alexander Reelsen 26c5766a0d Tests: Do not delete index templates on bwc tests
In order to run the bwc tests there is no need to delete the
index template at the end of a test run which results
in recreation of those due to all the cluster state listener.

Relates elastic/x-pack-elasticsearch#2228

Original commit: elastic/x-pack-elasticsearch@702d1c61ed
2017-08-11 14:11:50 +02:00
Nik Everett 2b2f831116 Fix broke bwc test in sql
The test was enabled for the wrong versions....

Original commit: elastic/x-pack-elasticsearch@2662a11e0c
2017-08-09 15:58:47 -04:00
Nik Everett c47c66362e Fix content type in test
I'd left it off. Thanks Jenkins!

Original commit: elastic/x-pack-elasticsearch@57b708e414
2017-08-08 15:19:20 -04:00
Nik Everett 570b66638e Add test for index with two types (elastic/x-pack-elasticsearch#2194)
Adds a test that shows *how* SQL fails to address an index with two types
to the full cluster restart tests. Because we're writing this code
against 7.0 don't actually execute the test, but we will execute it when
we merge to 6.x and it *should* work.

Original commit: elastic/x-pack-elasticsearch@b536e9a142
2017-08-08 13:32:13 -04:00
Nik Everett bcd9934050 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@e5809f0785
2017-08-07 11:09:17 -04:00
Alexander Reelsen 2d08477093 Tests: Fix upgrade tests by not running stats against arbitrary hosts
Original commit: elastic/x-pack-elasticsearch@1b858aad52
2017-08-07 13:27:36 +02:00
Alexander Reelsen 8f6874abf9 Tests: Increase logging in watcher upgrade tests to debug test failures
Original commit: elastic/x-pack-elasticsearch@380a8541dc
2017-08-07 11:31:16 +02:00
David Roberts 05cbe8dc0c [ML] Disallow creating a job against a closed results or state index (elastic/x-pack-elasticsearch#2186)
Previously if this was attempted you'd get an NPE (5.x) or hang (6.x).
Following this change you get an error message telling you what the
problem is.

relates elastic/x-pack-elasticsearch#2170

Original commit: elastic/x-pack-elasticsearch@ea12a9ff46
2017-08-07 08:53:12 +01:00
Nik Everett de9adfde81 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@5464f9839f
2017-08-04 16:59:32 -04:00
Nik Everett f241512e33 SQL support for field level security (elastic/x-pack-elasticsearch#2162)
This adds support for field level security to SQL by creating a new type of flow for securing requests that look like sql requests. `AuthorizationService` verifies that the user can execute the request but doesn't check the indices in the request because they are not yet ready. Instead, it adds a `BiFunction` to the context that can be used to check permissions for an index while servicing the request. This allows requests to cooperatively secure themselves. SQL does this by implementing filtering on top of its `Catalog` abstraction and backing that filtering with security's filters. This minimizes the touch points between security and SQL.

Stuff I'd like to do in followups:

What doesn't work at all still:
1. `SHOW TABLES` is still totally unsecured
2. `DESCRIBE TABLE` is still totally unsecured
3. JDBC's metadata APIs are still totally unsecured

What kind of works but not well:
1. The audit trail doesn't show the index being authorized for SQL.

Original commit: elastic/x-pack-elasticsearch@86f88ba2f5
2017-08-04 15:27:27 -04:00
Jay Modi 8b0fb5eae8 Re-enable OpenLDAP tests and run against vagrant instance (elastic/x-pack-elasticsearch#2121)
This commit re-enables the OpenLDAP tests that were previously running against a one-off instance
in AWS but now run against a vagrant fixture. There were some IntegTests that would run against the
OpenLDAP instance randomly but with this change they no longer run against OpenLDAP. This is ok as
the functionality that is tested by these has coverage elsewhere.

relates elastic/x-pack-elasticsearch#1823

Original commit: elastic/x-pack-elasticsearch@ac9bc82297
2017-08-04 09:44:08 -06:00
Nik Everett 35389d3be0 Fix one more test after dropping type awareness
Original commit: elastic/x-pack-elasticsearch@ab6949f353
2017-08-03 17:39:24 -04:00
Nik Everett 4f42de6b1a Fix as many busted tests as I can
Original commit: elastic/x-pack-elasticsearch@5ec24f6818
2017-08-03 17:27:56 -04:00
Jay Modi a7d6138f83 Fix the building of the default URL for the setup password tool (elastic/x-pack-elasticsearch#2176)
This commit fixes the building of the default URL for the setup password tool so that a default
elasticsearch.yml file will still result in a succesful run of the tool.

relates elastic/x-pack-elasticsearch#2174

Original commit: elastic/x-pack-elasticsearch@2291b14875
2017-08-03 15:14:24 -06:00
Nik Everett 0605802d22 Add a multi-node test to sql (elastic/x-pack-elasticsearch#2136)
SQL relies on being able to fetch information about fields from
the cluster state and it'd be disasterous if that information
wasn't available. This should catch that.

Original commit: elastic/x-pack-elasticsearch@1a62747332
2017-08-02 14:39:25 -04:00
Nik Everett 767a43ca44 Move sql rest test into qa (elastic/x-pack-elasticsearch#2149)
Running the sql rest action test inside the server caused a dependency
loop which was failing the build.

Original commit: elastic/x-pack-elasticsearch@43283671d8
2017-08-01 17:23:07 -04:00
Nik Everett a9b72019ad Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@b45f682d72
2017-08-01 16:17:17 -04:00
Ryan Ernst 45a55d16cf Bump master version to 7.0.0-alpha1 (elastic/x-pack-elasticsearch#2135)
This is the xpack side of
https://github.com/elastic/elasticsearch/pull/25876

Original commit: elastic/x-pack-elasticsearch@c86ea25009
2017-08-01 15:48:04 -04:00
Alexander Reelsen 4bf5d9536a Tests: Remove @ClusterScope tests, create REST tests (elastic/x-pack-elasticsearch#2131)
Replacing integration tests with rest tests and unit tests, thus removing integration tests that require start of a new cluster. Removing unused testing methods

Original commit: elastic/x-pack-elasticsearch@265966d80c
2017-08-01 14:15:36 +02:00
Jason Tedor 5b1bf9a31e Remove max script compilation settings in tests
Some standalone tests set the max script compilation limit. However,
this setting is now set in the main cluster setup in core so it is no
longer needed here. This commit removes these obviated settings in
standalone tests.

Original commit: elastic/x-pack-elasticsearch@089328c8d7
2017-08-01 14:57:57 +09:00
Jason Tedor 50b8a56d34 Add packaging assertions for new scripts
This commit adds packaging assertions for recent script additions:
setup-passwords and x-pack-env.

Original commit: elastic/x-pack-elasticsearch@d83624f419
2017-07-30 09:32:39 +09:00
Jay Modi db4c00b565 Update the full cluster restart tests to be more generic (elastic/x-pack-elasticsearch#2107)
The full cluster restart tests are currently geared towards the 5.6 -> 6.0 upgrade and have some
issues when the versions are changed to 6.x -> 7.0. One issue is a real code issue in that the
security code always expects the mappings to have the same version as the version of the node, but
we no longer update the mappings on the security index during a rolling upgrade. We know look at
the index format to determine if the index is up to date.

Original commit: elastic/x-pack-elasticsearch@14c1c72ff6
2017-07-28 10:31:44 -06:00
Nik Everett b755b3e543 Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@b80d0cba1d
2017-07-28 12:06:32 -04:00
Jason Tedor 826df4eb72 Fix migrate tool integration test
The command line flag --path.conf was removed yet this test was still
using it. This commit replaces the usage of this flag in this test with
the new mechanism.

Original commit: elastic/x-pack-elasticsearch@c37050894c
2017-07-28 21:33:54 +09:00
David Kyle bb360c1ff3 Mute MigrateToolIT::testRunMigrateTool
Original commit: elastic/x-pack-elasticsearch@48cb30169a
2017-07-28 11:19:08 +01:00
Nik Everett ec36875872 Sql security take 1 (elastic/x-pack-elasticsearch#2106)
Add some basic security testing/integration.

The good news:
1. Basic security now works. Users without access to an index can't run sql queries against it. Without this change they could.
2. Document level security works! At least so far as I can tell.

The work left to do:
1. Field level security doesn't work properly. I mean, it kind of works in that the field's values don't leak but it just looks like they all have null values.
2. We will need to test scrolling.
3. I've only added tests for the rest sql action. I'll need to add tests for jdbc and the CLI as well.
4. I've only added tests for `SELECT` and have ignored stuff like `DESCRIBE` and `SHOW TABLES`.

Original commit: elastic/x-pack-elasticsearch@b9909bbda0
2017-07-27 17:40:14 -04:00
Michael Basnight 6a7e51d9c0 Use shaded rest client dependencies
This commit modifies all org.apache.http to use the shaded rest clients
org.elasticsearch.client.http packages. It also removes a few unused
licenses due to the change.

Relates elastic/elasticsearch#25780

Original commit: elastic/x-pack-elasticsearch@8605560232
2017-07-24 12:56:17 -05:00
Ali Beyad 5190a05b75 Improves error message on non-upgraded security index (elastic/x-pack-elasticsearch#2061)
This commit improves the error message in 6x if the security index has
not been upgraded, and warns the user that the native realm will not be
functional until the upgrade API is run.

Original commit: elastic/x-pack-elasticsearch@710b7634b4
2017-07-21 15:56:15 -04:00
jaymode 9e14bff948 Test: increase number of script compilations per minute to 20
This commit increases the number of script compilations per minute to 20 to account for security
and watcher upgrade scripts in addition to the scripts contained within cluster alerts.

Relates elastic/x-pack-elasticsearch#2041

Original commit: elastic/x-pack-elasticsearch@6c15cb9b89
2017-07-21 13:49:22 -06:00
Alexander Reelsen 139513fdd3 Tests: Fix WatchBackwardsCompatibilityIT temporarily
the upgrade API is lacking some functionality in a special case,
where triggered_watches exists, but .watches does not. This
deletes the triggered watches index manually until we integrated
this properly in the upgrade API to fix the tests

Original commit: elastic/x-pack-elasticsearch@e9d1b0d35d
2017-07-18 18:00:55 +02:00
Ali Beyad 37cc602aef Adds upgrade API functionality for security (elastic/x-pack-elasticsearch#2012)
This commit adds the upgrade API functionality and script for security.
It also enables previously muted tests that would fail due to the lack
of security upgrade features in testing cluster restarts and old
security index backward compatibility.

Original commit: elastic/x-pack-elasticsearch@4abe9f1263
2017-07-18 11:44:28 -04:00
Alexander Reelsen 8200b18e9f Tests: Allow to run BWC in isolation
The current tests were only able to finish successfully, if the earlier
tests were run as well, you could not run the restart test in isolation.

This commit ensures an upgrade is executed if needed.

Original commit: elastic/x-pack-elasticsearch@616ebbd6eb
2017-07-18 15:29:07 +02:00
Alexander Reelsen 443cfb94be Tests: Ensure waiting time between stopping and starting watcher (elastic/x-pack-elasticsearch#2008)
Otherwise we might run into race conditions that prevent a useful
start up again.

Those tests can be massively improved (no need to run against the real
master node), once the watcher BWC compatible stats are in.

relates elastic/x-pack-elasticsearch#2004

Original commit: elastic/x-pack-elasticsearch@52ca77809c
2017-07-18 10:19:33 +02:00
Tim Brooks 6d04eacdec Require elastic password be bootstrapped (elastic/x-pack-elasticsearch#1962)
This is related to elastic/x-pack-elasticsearch#1217. This commit requires that the elastic password
be bootstrapped for the user to be authenticated. As a result it removes
the special "setup" mode that allowed the user to be authenticated from
localhost.

Additionally, this commit updates the tests to work with this
functionality.

Original commit: elastic/x-pack-elasticsearch@d0d5d697a7
2017-07-13 19:59:50 -05:00
Igor Motov 4de6d9ebe5 Upgrade API: upgrade assistance shouldn't throw 404 on an empty cluster (elastic/x-pack-elasticsearch#1997)
When a user asks for upgrade information for all indices and there are no indices in the cluster, upgrade assistance should just return an empty response indicating that no indices require upgrade or reindexing. This commit also reverts the temporary fix in WatchBackwardsCompatibilityIT tests that was added as a workaround for this issue.

Original commit: elastic/x-pack-elasticsearch@2ea9707867
2017-07-13 17:01:50 -04:00
Alexander Reelsen eb118b365c Tests: Ignore 404 errors in watcher bwc tests
Original commit: elastic/x-pack-elasticsearch@8e583cf293
2017-07-13 13:41:51 +02:00
Alexander Reelsen 32bc0cd5d5 Tests: Add logging and error tracing to watcher bwc tests
Original commit: elastic/x-pack-elasticsearch@4a4b65bcb7
2017-07-13 11:08:48 +02:00
Ryan Ernst df41b8342d Convert put_template uses to put_script in rest tests
Original commit: elastic/x-pack-elasticsearch@5f5f52b955
2017-07-13 00:01:56 -07:00
Tim Vernum e4c8851a24 Convert Realm.authenticate to provide a richer result (elastic/x-pack-elasticsearch#1932)
This allows for messages to be returned, and distinguishes between 4 different results:
- I have authenticated the user
- I don't know how to authenticate that user. Try another realm.
- I tried to authenticate the user, but failed. Try another realm.
- I tried to authenticate the user, but failed. Fail the authentication attempt.

Original commit: elastic/x-pack-elasticsearch@f796949cfb
2017-07-13 14:24:08 +10:00
Simon Willnauer 84ee21ed26 Followup for elastic/elasticsearch#25658 (elastic/x-pack-elasticsearch#1984)
This is the xpack side fo elastic/elasticsearch#25658 which is mainly refactorings
of a ctor and added tests.

Original commit: elastic/x-pack-elasticsearch@d8e2a2a057
2017-07-12 22:19:34 +02:00
Alexander Reelsen e64cf23b13 Watcher: Start watcher on master node only with mixed versions (elastic/x-pack-elasticsearch#1983)
When there are data or master nodes in the cluster, that are older
than ES 6.0 alpha3, then watcher will only start on the master node.

Changed all transport actions to be master node actions, as there is
already a method to decide to run locally, which we can piggyback on.

Original commit: elastic/x-pack-elasticsearch@65cecb6d69
2017-07-12 20:58:47 +02:00
Jack Conradson 32dbfba0c2 Disallow lang to specified in requests where a stored script is used. (elastic/x-pack-elasticsearch#1949)
Requests that execute a stored script will no longer be allowed to specify the lang of the script. This information is stored in the cluster state making only an id necessary to execute against. Putting a stored script will still require a lang.

Original commit: elastic/x-pack-elasticsearch@926a7b2d86
2017-07-12 07:56:08 -07:00
Alexander Reelsen 14c12cfcde Revert "Tests: Disable all watcher BWC tests until fixed correctly"
This reverts commit elastic/x-pack-elasticsearch@8043ec1858.

Original commit: elastic/x-pack-elasticsearch@39180b095c
2017-07-11 00:40:05 +02:00
Alexander Reelsen 4dc13c3698 Tests: Disable all watcher BWC tests until fixed correctly
Original commit: elastic/x-pack-elasticsearch@8043ec1858
2017-07-10 23:12:19 +02:00
Igor Motov 37075bd201 Upgrade API: Add end-to-end bwc test for watcher upgrade (elastic/x-pack-elasticsearch#1939)
This test creates watches in old versions of elasticsearch, upgrades them after upgrading cluster to the latest version and then tests that they were upgraded correctly.

Original commit: elastic/x-pack-elasticsearch@b9d45eb2a5
2017-07-09 11:21:57 -04:00
Tim Brooks d95c365e64 Loosen setup mode restrictions for upgrade tests (elastic/x-pack-elasticsearch#1927)
This commit is related to elastic/x-pack-elasticsearch#1896. Currently setup mode means that the
password must be set post 6.0 for using x-pack. This interferes with
upgrade tests as setting the password fails without a properly
upgraded security index.

This commit loosens two aspects of the security.

1. The old default password will be accept in setup mode (requests
from localhost).
2. All request types can be submitted in setup mode.

Original commit: elastic/x-pack-elasticsearch@8a2a577038
2017-07-06 10:37:48 -05:00
Dimitrios Athanasiou 2e0560528f [TEST] Fix MlBasicMultiNodeIT after changing flush response
Relates elastic/x-pack-elasticsearch#1914

Original commit: elastic/x-pack-elasticsearch@5175bf64d9
2017-07-05 13:30:25 +01:00
Jay Modi a9707a461d Use a secure setting for the watcher encryption key (elastic/x-pack-elasticsearch#1831)
This commit removes the system key from master and changes watcher to use a secure setting instead
for the encryption key.

Original commit: elastic/x-pack-elasticsearch@5ac95c60ef
2017-06-29 14:58:35 -06:00