This change allows reads of our native users and roles when the template version has not been updated to
match the current version. This is useful for rolling upgrades where the nodes are also being actively
queried and/or indexed into. Without this, we can wreak havoc on a cluster by causing exceptions during
replication, which leads to shard failures. On nodes that match the version defined in the template,
write operations are allowed since we know that we are backwards compatible in terms of format but we
may have added new fields and shouldn't index them until the mappings and template have been updated.
As part of this, the rolling upgrade tests from core were used as the basis for a very basic set of tests
for doing a rolling upgrade with x-pack.
Closeselastic/elasticsearch#4126
Original commit: elastic/x-pack-elasticsearch@9be518ef00
Currently, a tribe node ignored underlying cluster licenses
due to inablity to select an appropriate license from multiple
licenses. Now that tribe node supports merging custom metadata
(elasticsearch#elastic/elasticsearch#21552), we can enable license support in tribe
node.
Now, tribe node chooses license with the highest operation
mode from underlying cluster licenses. This commit also
adds integration tests for licensing to verify that:
- autogenerated trial license propagates to tribe node
- tribe node chooses the highest operation mode license
- removing a license from underlying cluster license is
removed from tribe
closeselastic/elasticsearch#3212
Original commit: elastic/x-pack-elasticsearch@b5c003decd
This commit changes the toXContent() method so that it generates content that can be parsed again by the parse() method. Before this commit, the authentication of the HTTP request is rendered as:
{ "auth": {"username": "foo", "password": "bar" } }
but the parsing method expects the authentication type to be a root object:
{ "auth": { "basic" : {"username": "foo", "password": "bar" } } }
The toXContent method has been adapted to include the type of authentication in the generated content.
Original commit: elastic/x-pack-elasticsearch@b740466109
This removes the mock webserver trying to bind to a port range, just
try to bind to any port.
Also removed unneeded wrapper class in the process.
Original commit: elastic/x-pack-elasticsearch@19b6ac393a
When a fatal error is thrown on the network layer, such an error never
makes its way to the uncaught exception handler. This prevents the node
from being torn down if an out of memory error or other fatal error is
thrown while handling HTTP or transport traffic. This commit adds logic
to ensure that such errors bubble their way up to the uncaught exception
handler, even though Netty tries really hard to swallow everything.
Original commit: elastic/x-pack-elasticsearch@f76757674f
This commit aims to fix the regularly failing test OldMonitoringIndicesBackwardsCompatibilityTests. It enables/disables monitoring data collection using time interval "-1" as well as stopping AgentService instances directly and checks multiple times if indices are still present at the end of the test.
closeselastic/elasticsearch#3999
Original commit: elastic/x-pack-elasticsearch@8ac785061a
* Record audit trail even if indicies-resolver throws exception
If the IndicesAndAliasesResolver throws an exception, treat is as "accessDenied" for the purpose of the audit-trail.
This can occur when an index request has a wildcard that doesn't match (and "allowNoIndices" is false)
Closeselastic/elasticsearch#3719
Original commit: elastic/x-pack-elasticsearch@ca6567e5ed
RemoteIndexAuditTrailStartingTests has been failing quite often due to several
race conditions. This change simplifies the test (one node per cluster, local and
remote) and fixes some issues in IndexAuditTrail. The interrupt based shutdown has
been removed from the `QueueConsumer` and an additional health call has been added
to trigger another start attempt if the first one failed. This stabilize the test
that now run in 1 second rather than 1 minute.
Original commit: elastic/x-pack-elasticsearch@a1c8131cd2
This commit responds to a chance in core which modified the interface
for ThreadPool#executor and ThreadPool#generic to return an executor
service rather than an executor.
Relates elastic/elasticsearch#4107
Original commit: elastic/x-pack-elasticsearch@7c7c6a3b90
This is a followup from elastic/elasticsearchelastic/elasticsearch#21590 and needs to be
committed first or at the same time since netty_3 is removed
Original commit: elastic/x-pack-elasticsearch@131d74dd6b
If these tests were in `:core` then then `IT` would be an appropriate
suffix, but in xplugins they should have `Tests`. This moves them
from the `integTest` task to the `test` task which is a good idea
because it lets them run in parallel with the other tests. Naming
them `IT` means that they are run not in parallel and they are run
with a running instance of Elasticsearch which they don't need.
This cuts the build from 15.5 minutes to 13.5 minutes for me.
Original commit: elastic/x-pack-elasticsearch@7b4bcf8bc5
This commit fixes a compilation issue introduced by the merge of
sequence numbers branch into master. This merge introduced a new
constructor parameter for ShardStats.
Original commit: elastic/x-pack-elasticsearch@b234b8ee50
This commit migrates the authentication service to an asynchronous model where we use listeners
instead of blocking and waiting for the authentication to return. This is the first part of making
authentication asynchronous as we still have blocking I/O inside of realms.
See elastic/elasticsearch#3790
Original commit: elastic/x-pack-elasticsearch@9339af4af8
In the authentication service, we currently only copy the username and roles of the
user that was authenticated but we should instead preserve all of their information
in the newly created user object. This change does that through the user of a new
constructor in the user class that takes in both users.
Closeselastic/elasticsearch#3877
Original commit: elastic/x-pack-elasticsearch@7455078841
If a authenticated user with run as permission attempts to run as an unknown user, the unknown
user will be assigned the default role and anonymous role if enabled. This change prevents this
from happening as we require the run as user to have been looked up by a realm.
Closeselastic/elasticsearch#3878
Original commit: elastic/x-pack-elasticsearch@034f44757d
This commit adds a new Gradle sub project that makes use of the VagrantTestPlugin in order to test the installation of X-Pack.
Original commit: elastic/x-pack-elasticsearch@e09db6602c
The internal test cluster now auto manages min_master_nodes ( see https://github.com/elastic/elasticsearch/pull/21458 ). This requires some code changes but also changes the timings of forming a cluster. This has had a funny side effect where the master is no longer always the first node to be started in the cluster. This caused issues with watcher tests which freeze time.
Original commit: elastic/x-pack-elasticsearch@1e5ea8ae94
This change mocks the ClusterService and sets it up so that when remote indexing, we see the
current node as the master.
Original commit: elastic/x-pack-elasticsearch@1f26b3df1f
This commit stops the index audit trail from executing blocking calls on the cluster
state update thread. Blocking calls were executed when indexing to a remote cluster
to get that cluster's state and also possibly put a template and mappings.
Closeselastic/elasticsearch#3989
Original commit: elastic/x-pack-elasticsearch@fc42efc639
* monitoring ui- add status column to indices listing
* add space before sort icon
* correctly identify sortColObj
* make metrics on index listing bigger
Original commit: elastic/x-pack-elasticsearch@01197214a6
Template test is easy to fix. I have no idea what is up with the
dynamic index name test. It is finding results on the wrong time.
Original commit: elastic/x-pack-elasticsearch@535676164c