This is related to elastic/elasticsearch#22116. In the tests there are multiple usages of
server implementations that `accept()` socket connections. To avoid
throwing `SecurityException` when using the `SecurityManager` these
operations must be privileged. Additionally, x-pack:elasticsearch
requires `accept` permission. This was added in the plugin-security
policy file.
Original commit: elastic/x-pack-elasticsearch@057e2abb1f
Now that /_bulk requests are handled on a shard level, the entire request isn't
rejected, instead, each individual request is rejected. This changes the assert
accordingly.
Relates to elastic/elasticsearch#4441
Original commit: elastic/x-pack-elasticsearch@7ca777b574
Instead of shoehorning everything into `isCompositeAction`, add a new
`isTranslatedToBulkAction` method.
Original commit: elastic/x-pack-elasticsearch@053faae505
This change ensure that the ThreadContext is always restored after an action has been invoked when
going through the SecurityActionFilter and authentication and authorization is enabled.
Original commit: elastic/x-pack-elasticsearch@5da70bd6fa
This removes the "skipped exporter" logging at the info level in favor of debug level. The LocalExporter has been updated so that non-elected master nodes will log a "waiting for elected master node..." message when they're ready, but are stuck waiting for the master node to setup indices.
Original commit: elastic/x-pack-elasticsearch@3f8b58bc37
Turns out that this test became flaky on dev machines with specific DNS setup.
This test uses an index action to provoke an error, thus there is no dependency
on anything network specific.
The reason it was uncovered now, was due to the change to the Apache HTTP client which is doing DNS lookups. This DNS lookup happened inadvertantly because of a bug in the test, which had a URI like http://http://127.0.0.1.... However having web request was not needed at all, so it was replaced.
Closeselastic/elasticsearch#4561
Original commit: elastic/x-pack-elasticsearch@158516b5e5
The CompositeRolesStoreTests#testNegativeLookupsAreCached test had a bug where it was expected to
retrieve the superuser role but the mockito verification on the call failed. This was because there
is also randomization on the number of times to call, which could be 0.
Closeselastic/elasticsearch#4562
Original commit: elastic/x-pack-elasticsearch@5c62df15b7
We frequently have support requests to diagnose LDAP realm problems.
One of the tools that would be useful in those cases is to be able to turn on trace logging and be able to see the LDAP searches and their results
Original commit: elastic/x-pack-elasticsearch@632d8e4f19
This commit marks ActionThrottleTests#testFailingActionDoesGetThrottled
as awaits fix as this test fails reliably.
Original commit: elastic/x-pack-elasticsearch@465c48b603
Changes required are for two reasons:
1) SearchResponse is a self contained valid object which doesn't need to be wrapped in a new object anymore
2) RestToXContentBuilderListener requires ToXContentObject, hence GraphExploreResponse needs to be moved over
Original commit: elastic/x-pack-elasticsearch@12277d0220
This commit renames the current AgentService into MonitoringService and changes the way it works: it was previously based on thread sleeping and it now use thread scheduling instead.
At every given time interval, a MonitoringExecution is executed. It first checks if monitoring data can be collected and if so it will collect data from Collectors and then export the data using the Exporters. There are cases where the data cannot be collected: when the service is stopping, when the interval has been set to -1 after the MonitoringExecution has been scheduled, or when the previous data collection is not yet terminated. In this last case, MonitoringExecution will still be executed at the given interval but will not collect any data.
All tasks are executed on the generic thread pool.
closeselastic/elasticsearch#2866
Original commit: elastic/x-pack-elasticsearch@d37b4d3731
Watcher: Use Apache HttpClient for internal Watcher HttpClient
The current implementation based on URLConnection has several drawbacks.
* If server returned HTTP header but then got stuck, no timeout would help, the connection remained stuck
* GET requests with a body were not supported, the method was silently changed to POST
* More complex handling of input/error stream handling, the body could not be read from a single input stream
NOTE: This is a BWC breaker. From now on every part of the URL needs to be encoded properly before it is configured in the requeust builder. This requires an upgrade of all watches.
Closeselastic/elasticsearch#1141
Original commit: elastic/x-pack-elasticsearch@bbc8f85dd8
An integration test was failing due to the possibility of the
.watch index being an alias (which only happens rarely).
Original commit: elastic/x-pack-elasticsearch@d53a4ebdd4
Ali Beyad
Simon Willnauer
Tim Brooks
Tanguy Leroux
Jason Tedor
Lee Hinman
Suyog Rao
javanna
Jay Modi
Chris Earle
Nik Everett
Alexander Reelsen
Yannick Welsch
jaymode
Tim Vernum