Commit Graph

39855 Commits

Author SHA1 Message Date
Tal Levy bbb7889236
move security ingest processors to a sub ingest directory (#31306)
It makes sense to introduce new Security ingest
processors (example: #31087), and this change would
give them a good place to be written.
2018-06-13 13:35:41 -07:00
Adrien Grand af58dc56fe Add 5.6.11 version constant. 2018-06-13 22:29:45 +02:00
Adrien Grand 2c17ab7d2a Fix version detection. 2018-06-13 22:29:45 +02:00
Costin Leau 43cb24035e
SQL: Whitelist SQL utility class for better scripting (#30681)
Add SQL class for reusing code inside SQL functions within Painless

Fix #29832
2018-06-13 23:08:18 +03:00
Zachary Tong d4262de83a
[Docs] All Rollup docs experimental, agg limitations, clarify DeleteJob (#31299)
- All rollup pages should be marked as experimental instead of just
the top page
- While the job config docs state which aggregations are allowed, adding
a section which specifically details this in one place is more convenient
for the user
- Add a clarification that the DeleteJob API does not delete the rollup
data, just the rollup job.
2018-06-13 15:42:20 -04:00
Tal Levy 37c4ddd129 Merge branch 'master' into index-lifecycle 2018-06-13 12:13:05 -07:00
Luca Cavanna 664903a70a
CCS: don't proxy requests for already connected node (#31273)
Cross-cluster search selects a subset of nodes for each remote cluster
and sends requests only to them, which will act as a proxy and properly
redirect such requests to the target nodes that hold the relevant data.
What happens today is that every time we send a request to a remote
cluster, it will be sent to the next node in the proxy list
(in round-robin fashion), regardless of whether the target node is
already amongst the ones that we are connected to. In case for instance
we need to send a shard search request to a data node that's also one of
the selected proxy nodes, we may end up sending the request to it
through one of the other proxy nodes.
This commit optimizes this case to make sure that whenever we are
already connected to a remote node, we will send a direct request rather
than using the next proxy node.
There is a side-effect to this, which is that round-robin will be a bit
unbalanced as the data nodes that are also selected as proxies will
receive more requests.
2018-06-13 20:37:12 +02:00
Igor Motov 018d3fc81f Mute ScriptedMetricAggregatorTests testSelfReferencingAggStateAfterMap
Tracked by #31307
2018-06-13 14:18:10 -04:00
Andy Bristol 01d64b128b [test] opensuse packaging turn up debug logging 2018-06-13 11:15:04 -07:00
Dimitris Athanasiou 73742a4be9 Add unreleased version 6.3.1 2018-06-13 17:59:43 +01:00
Colin Goodheart-Smithe 58e9446e00
Removes experimental tag from scripted_metric aggregation (#31298) 2018-06-13 17:24:32 +01:00
Colin Goodheart-Smithe 6c9e0aeca3
Adds API to assign or change the policy for an index (#31277)
* Adds API to assign or change the policy for an index

This api will change `index.lifecycle.name` for all indexes in the
provided pattern as long as they are not currently in the shrink action.

Later changes will loosen this restriction so an index is only reject
if it is currently in the shrink action AND the diff between the old
and new policy includes changes to the shrink action.

Also later changes will detect if the current step is not present in
the new policy and move the index onto the next available step

* Changes name to SetPolicyForIndexAction

Also changes all related Classes and api endpoints

* fixes tests
2018-06-13 17:17:32 +01:00
Colin Goodheart-Smithe 6785391a5f
Merge branch 'master' into index-lifecycle 2018-06-13 16:38:35 +01:00
Zachary Tong a486177a19
[Rollup] Metric config parser must use builder so validation runs (#31159)
The parser for the Metric config was directly instantiating
the config object, rather than using the builder.  That means it was
bypassing the validation logic built into the builder, and would allow
users to create invalid metric configs (like using unsupported metrics).

The job would later blow up and abort due to bad configs, but this isn't
immediately obvious to the user since the PutJob API succeeded.
2018-06-13 11:31:04 -04:00
Colin Goodheart-Smithe 43eaec304b
Fixes ExplainLifecycleRequestTests 2018-06-13 16:15:26 +01:00
David Kyle 88f44a9f66
[ML] Check licence when datafeeds use cross cluster search (#31247)
This change prevents a datafeed using cross cluster search from starting if the remote cluster
does not have x-pack installed and a sufficient license. The check is made only when starting a 
datafeed.
2018-06-13 15:42:18 +01:00
Jason Tedor 7199d5f0e6
Add notion of internal index settings (#31286)
We have some use cases for an index setting to only be manageable by
dedicated APIs rather than be updateable via the update settings
API. This commit adds the notion of an internal index setting. Such
settings can be set on create index requests, they can not be changed
via the update settings API, yet they can be changed by action on behalf
of or triggered by the user via dedicated APIs.
2018-06-13 10:16:46 -04:00
Nik Everett 77bb93557e
Test: Remove broken yml test feature (#31255)
The `requires_replica` yaml test feature hasn't worked for years. This
is what happens if you try to use it:
```
   > Throwable #1: java.lang.NullPointerException
   >    at __randomizedtesting.SeedInfo.seed([E6602FB306244B12:6E341069A8D826EA]:0)
   >    at org.elasticsearch.test.rest.yaml.Features.areAllSupported(Features.java:58)
   >    at org.elasticsearch.test.rest.yaml.section.SkipSection.skip(SkipSection.java:144)
   >    at org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase.test(ESClientYamlSuiteTestCase.java:321)
```

None of our tests use it.
2018-06-13 09:33:06 -04:00
Luca Cavanna 24163d10b7
REST hl client: cluster health to default to cluster level (#31268)
With #29331 we added support for the cluster health API to the
high-level REST client. The transport client does not support the level
parameter, and it always returns all the info needed for shards level
rendering. We have maintained that behaviour when adding support for
cluster health to the high-level REST client, to ease migration, but the
correct thing to do is to default the high-level REST client to
`cluster` level, which is the same default as when going through the
Elasticsearch REST layer.
2018-06-13 15:06:13 +02:00
Colin Goodheart-Smithe 9fd4f3f854
Merge branch 'master' into index-lifecycle 2018-06-13 13:41:17 +01:00
Tom Veasey 66f7dd2c4d
[ML] Update test thresholds to account for changes to memory control (#31289)
To avoid temporary failures, this also disables these tests until elastic/ml-cpp#122 is committed.
2018-06-13 13:12:53 +01:00
Boaz Leskes 8c9360b5a1
Log warnings when cluster state publication failed to some nodes (#31233)
If the publishing of a cluster state to a node fails, we currently only log it as debug information and 
only on the master. This makes it hard to see the cause of (test) failures when logging is set to 
default levels. This PR adds a warn level log on the node receiving the cluster state when it fails to 
deserialise the cluster state and a warn level log on the master with a list of nodes for which 
publication failed.
2018-06-13 13:22:34 +02:00
Tanguy Leroux 8b4d80ad09
Fix AntFixture waiting condition (#31272)
The AntFixture waiting condition is evaluated to false 
but it should be true.
2018-06-13 12:40:22 +02:00
David Turner 489db54e57
Ignore numeric shard count if waiting for ALL (#31265)
Today, if GET /_cluster/health?wait_for_active_shards=all does not immediately
succeed then it throws an exception due to an erroneous and unnecessary call to
ActiveShardCount#enoughShardsActive(). This commit fixes this logic.

Fixes #31151
2018-06-13 11:25:26 +01:00
Dimitris Athanasiou 5c77ebe89d
[ML] Implement new rules design (#31110)
Rules allow users to supply a detector with domain
knowledge that can improve the quality of the results.
The model detects statistically anomalous results but it
has no knowledge of the meaning of the values being modelled.

For example, a detector that performs a population analysis
over IP addresses could benefit from a list of IP addresses
that the user knows to be safe. Then anomalous results for
those IP addresses will not be created and will not affect
the quantiles either.

Another example would be a detector looking for anomalies
in the median value of CPU utilization. A user might want
to inform the detector that any results where the actual
value is less than 5 is not interesting.

This commit introduces a `custom_rules` field to the `Detector`.
A detector may have multiple rules which are combined with `or`.

A rule has 3 fields: `actions`, `scope` and `conditions`.

Actions is a list of what should happen when the rule applies.
The current options include `skip_result` and `skip_model_update`.
The default value for `actions` is the `skip_result` action.

Scope is optional and allows for applying filters on any of the
partition/over/by field. When not defined the rule applies to
all series. The `filter_id` needs to be specified to match the id
of the filter to be used. Optionally, the `filter_type` can be specified
as either `include` (default) or `exclude`. When set to `include`
the rule applies to entities that are in the filter. When set to
`exclude` the rule only applies to entities not in the filter.

There may be zero or more conditions. A condition requires `applies_to`,
`operator` and `value` to be specified. The `applies_to` value can be
either `actual`, `typical` or `diff_from_typical` and it specifies
the numerical value to which the condition applies. The `operator`
(`lt`, `lte`, `gt`, `gte`) and `value` complete the definition.
Conditions are combined with `and` and allow to specify numerical
conditions for when a rule applies.

A rule must either have a scope or one or more conditions. Finally,
a rule with scope and conditions applies when all of them apply.
2018-06-13 11:20:38 +01:00
Alan Woodward eb85852a18
index_prefixes back-compat should test 6.3 (#30951) 2018-06-13 10:53:18 +01:00
Ryan Ernst a65b18f19d Core: Remove plain execute method on TransportAction (#30998)
TransportAction has many variants of execute. One of those variants
executes by returning a future, which is then often blocked on by
calling get(). This commit removes this variant of execute, instead
using a helper method for tests that want to block, or having tests
pass in a PlainActionFuture directly as a listener.

Co-authored-by: Simon Willnauer <simonw@apache.org>
2018-06-13 09:58:13 +02:00
Tanguy Leroux 1f6e874002
Update checkstyle to 8.10.1 (#31269) 2018-06-13 09:22:17 +02:00
Martijn van Groningen 16d593b22f
Set analyzer version in PreBuiltAnalyzerProviderFactory (#31202)
instead of lamda that creates the analyzer
2018-06-13 07:25:19 +02:00
Tim Brooks 56ffe553e5
Modify pipelining handlers to require full requests (#31280)
Currently the http pipelining handlers seem to support chunked http
content. However, this does not make sense. There is a content
aggregator in the pipeline before the pipelining handler. This means the
pipelining handler should only see full http messages. Additionally, the
request handler immediately after the pipelining handler only supports
full messages.

This commit modifies both nio and netty4 pipelining handlers to assert
that an inbound message is a full http message. Additionally it removes
the tests for chunked content.
2018-06-12 23:15:24 -06:00
Jason Tedor 0bfd18cc8b
Revert upgrade to Netty 4.1.25.Final (#31282)
This reverts upgrading to Netty 4.1.25.Final until we have a cleaner
solution to dealing with the object cleaner thread.
2018-06-12 19:26:18 -04:00
Jason Tedor 905663a942
Use armored input stream for reading public key (#31229)
This was silly; Bouncy Castle has an armored input stream for reading
keys in ASCII armor format. This means that we do not need to strip the
header ourselves and base64 decode the key. This had problems anyway
because of discrepancies in the padding that Bouncy Castle would produce
and the JDK base64 decoder was expecting. Now that we armor input/output
the whole way during tests, we fix all random failures in test cases
too.
2018-06-12 19:13:02 -04:00
Tal Levy 2fae7a2ff5 fix explainlifecyclerequesttest 2018-06-12 14:47:39 -07:00
James Baiera f88b9e83cf Fix Netty 4 Server Transport tests. Again. 2018-06-12 15:07:17 -04:00
Luca Cavanna bd51b6b96a
REST hl client: adjust wait_for_active_shards param in cluster health (#31266)
The default wait_for_active_shards is NONE for cluster health, which
differs from all the other API in master, hence we need to make sure to
set the parameter whenever it differs from NONE (0). The test around
this also had a bug, which is why this was not originally uncovered.

Relates to #29331
2018-06-12 21:00:33 +02:00
Luca Cavanna 92eb324776
REST high-level Client: remove deprecated API methods (#31200)
This commit removes all the API methods that accept a `Header` varargs
argument, in favour of the newly introduced API methods that accept a
`RequestOptions` argument.

Relates to #31069
2018-06-12 21:00:06 +02:00
Tal Levy 59ea407333 Merge branch 'master' into index-lifecycle 2018-06-12 10:54:58 -07:00
Costin Leau bd81b95e95 [DOCS] Mark SQL feature as experimental 2018-06-12 19:46:08 +03:00
Lisa Cawley ff0f4ece2f
[DOCS] Updates machine learning custom URL screenshots (#31222) 2018-06-12 08:57:11 -07:00
Jason Tedor 666997830e
Fix naming conventions check for XPackTestCase
This class needs to be abstract or it fails the naming convention check.
2018-06-12 11:34:40 -04:00
Jason Tedor f738b7d9f8
Fix security Netty 4 transport tests
This test suite needs to filter out the object cleaner thread too so
this commit does that.
2018-06-12 11:31:43 -04:00
Jason Tedor a36543531b
Fix race in clear scroll (#31259)
Here is the problem: if two threads are racing and one hits a failure
freeing a context and the other succeeded, we can expose the value of
the has failure marker to the succeeding thread before the failing
thread has had a chance to set the failure marker. This is a problem if
the failing thread counted down the expected number of operations, then
be put to sleep by a gentle lullaby from the OS, and then the other
thread could count down to zero. Since the failing thread did not get to
set the failure marker, the succeeding thread would respond that the
clear scroll succeeded and that makes that thread a liar. This commit
addresses by first setting the failure marker before we potentially
expose its value to another thread.
2018-06-12 10:17:41 -04:00
Albert Zaharovits e988ace5f7
[DOCS] Clarify audit index settings when remote indexing (#30923) 2018-06-12 16:19:43 +03:00
Colin Goodheart-Smithe ff80202353
Merge branch 'master' into index-lifecycle 2018-06-12 12:52:04 +01:00
Yuri Tceretian ef453b31b4
Delete typos in SAML docs (#31199)
* Delete typos in SAML docs saml-guide.asciidoc
2018-06-12 14:45:27 +03:00
Van0SS d5e8a5cd69 REST high-level client: add Cluster Health API (#29331)
Relates to #27205
2018-06-12 13:34:06 +02:00
Dimitris Athanasiou 5f84e18c72
[ML][TEST] Mute tests using rules (#31204)
This is in preparation of pushing the new
rules design in the `ml-cpp` side. These
tests will be switched on again after merging
in the new rules implementation.
2018-06-12 11:36:26 +01:00
Ioannis Kakavas b2e48c9fa7
Support RequestedAuthnContext (#31238)
* Support RequestedAuthnContext

This implements limited support for RequestedAuthnContext by :
- Allowing SP administrators to define a list of authnContextClassRef
to be included in the RequestedAuthnContext of a SAML Authn Request
- Veirifying that the authnContext in the incoming SAML Asertion's
AuthnStatement contains one of the requested authnContextClassRef
- Only EXACT comparison is supported as the semantics of validating
the incoming authnContextClassRef are deployment dependant and
require pre-established rules for MINIMUM, MAXIMUM and BETTER

Also adds necessary AuthnStatement validation as indicated by [1] and
[2]

[1] https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
    3.4.1.4, line 2250-2253
[2] https://kantarainitiative.github.io/SAMLprofiles/saml2int.html
    [SDP-IDP10]
2018-06-12 12:23:40 +03:00
Luca Cavanna 113c1916ee
SyncedFlushResponse to implement ToXContentObject (#31155)
The response currently implements ToXContentFragment although the only time it's used
it is supposed to print out a complete object rather than a fragment. Note that this
is the client version of the response, used only in the high-level client.
2018-06-12 10:27:51 +02:00
olcbean 7d7ead95b2 Add Get Aliases API to the high-level REST client (#28799)
Given the weirdness of the response returned by the get alias API, we went for a client specific response, which allows us to hold the error message, exception and status returned as part of the response together with aliases. See #30536 .

Relates to #27205
2018-06-12 10:26:17 +02:00