Changes the behaviour of the role mapping API to perform a "DistinguishedNameMatch"
when the field is a DN. This is achieved by moving the responsibility for defining
the matching rules from the expression to the data (ExpressionModel)
Because the role mapping API is used within the SAML realm, which may or may not be
using DNs, this implementation assumes that the "dn" and "groups" should be
compared as DNs if they parse as a DN.
For SAML this behaviour will generally do the right thing, as members of the "groups"
field might be DNs (if the data is sourced from an LDAP directory) but often will not be.
Original commit: elastic/x-pack-elasticsearch@3a4dfbba79
Consolidates handling of JDBC types conversion into a single file that should simplify maintaining consistency between type handling. Also separates the types that are handled as part of Elasticsearch output and types that are handled as user-supplied parameters.
relates elastic/x-pack-elasticsearch#3556
Original commit: elastic/x-pack-elasticsearch@d251fce66b
This commit fixes SamlSpMetadataBuilderTests#testBuildFullMetadata failures on windows due to
differing newline endings.
Original commit: elastic/x-pack-elasticsearch@3181c96e46
Monitoring creates indices concurrently to the test execution. In that
case ensureYellow might not be enough and will cause test-failures when shards
are not active etc. This change uses a new method added in core to ensure shards
are not initializing anymore.
relates elastic/x-pack-elasticsearch#2672
Relates to elastic/elasticsearch#28416
Original commit: elastic/x-pack-elasticsearch@661e87f2ee
Introduce system commands as alternative to meta HTTP endpoints
Pass in cluster name
Use 'BASE TABLE' instead of 'INDEX' when describing a table to stick
with the SQL terminology
Original commit: elastic/x-pack-elasticsearch@600312b8f7
In order to more easily integrate xpack once it moves into the
elasticsearch repo, references to the existing x-pack-elasticsearch need
to be reduced. This commit introduces a few helper "methods" available
to any project within xpack (through gradle project extension
properties, as closures). All refeerences to project paths now use these
helper methods, except for those pertaining to bwc, which will be
handled in a followup.
Original commit: elastic/x-pack-elasticsearch@850668744c
Now that ML binaries are public, there is no longer a need to use the s3
client to access the bucket, since creds are not needed. This commit
also moves the cpp snapshot project under the ml module, since it is
specific to that and does not need to clutter the plugin dir.
Original commit: elastic/x-pack-elasticsearch@51e77da4ac
This commit removes files leftover from when license tools were part of
the separate license plugin.
Original commit: elastic/x-pack-elasticsearch@c859b4c61a
This change removes the XPackExtension mechanism in favor of
SecurityExtension that can be loaded via SPI and doesn't need
another (duplicate) plugin infrastructure
Original commit: elastic/x-pack-elasticsearch@f39e62a040
The EmailSecretsIntegrationTests did not properly wait for watcher to be
stopped before starting it again.
This test failed a few times per week across master and 6.x branches.
Original commit: elastic/x-pack-elasticsearch@cf20d58b0b
The ML snapshot artifacts bucket is now public, so we no longer need to
grab generated s3 creds from vault. This makes the download task run
noticably faster.
Original commit: elastic/x-pack-elasticsearch@e680e55f3d
This change moves watcher's Cron class in the schedule package of xpack-core so that it can be used by other projects (rollup).
Original commit: elastic/x-pack-elasticsearch@f0aa32ccc2
This commit reenables running ITs in xpack by adding an internalClusterTest to xpack modules that contain ESIntegTestCase tests. The new task allows us to run these independently of rest integ tests, which are disabled for xpack modules because installing the bundled plugins directly is not quite the same as installing via the meta plugin. Some tests (ML) are moved to their own qa module to accommodate the need for a real cluster. A couple tests (monitoring and upgrade) have been marked as AwaitsFix.
Commits that have been folded into this commit:
* Move ML IT tests to qa/ml-native-tests
* Add internalClusterTest task and disable rest integ tests for xpack
modules. Also tweak ML tests and get upgrade tests working
* Adding the keystore and security back to the ml native tests
* Fixing native integ test
* Fix last ML test, add awaits fix to monitoring and upgrade tests
* cleanup PR
* fix checkstyle
Original commit: elastic/x-pack-elasticsearch@3c0ed6fd3b
There have been some failures in CI due to the tribe tests with security taking too long for the
cluster to form and the expected number of node to join. In the thread dumps of the failure, it
can be seen that a node is still initializing and is in a method that could take a decent amount
of time on slow machines (TokenService#computeSecretKey). This commit increases the wait time to
allow for the node to startup and join.
Original commit: elastic/x-pack-elasticsearch@2bf4c96d8f
This commit moves the exception classes that SQL uses to follow the
Elasticsearch convention. In the places where varargs were used, the
`LoggerMessageFormat` (`{}`) standard is used instead.
In also removes on Exception - `ExecutionException` since it seemed to not ever
be beefed up, it can be re-added later if needed.
This removes the varargs version of `ClientException` to push the formatting
back on the caller, since `ClientException` cannot depend on Elasticsearch for
formatting the arguments.
There were also a couple of places where we incorrectly passed the Throwable
cause as a var-arg and were unintentionally swallowing it since `String.format`
discards unused arguments.
Relates to elastic/x-pack-elasticsearch#2880
Original commit: elastic/x-pack-elasticsearch@5f5d580e57
This change simply changes the wording of the message that is returned to the user when
installation of a license is attempted with security enabled and TLS disabled. The term
"production" has been removed as it means something different to users.
See elastic/x-pack-elasticsearch#2636
Original commit: elastic/x-pack-elasticsearch@9739c72d66
The commit switches the CreateTokenRequest and InvalidateTokenRequest to throw an
IllegalArgumentException when the version the request is being serialized to does not support the
request. This fixes test failures due to the use of the AssertingTransportInterceptor testing
serialization with versions prior to 6.2. The IAE is an indication to the
AssertingTranpsortInterceptor that the request does not support the version.
Original commit: elastic/x-pack-elasticsearch@c73abf1bc0
By moving these into the ML module:
1. The classes are in the same module as their unit tests
2. We can extend the JobProvider in the future with functionality
that is not in core
Original commit: elastic/x-pack-elasticsearch@610a89a3d9
This commit changes the token service to use a scroll based approach when finding all tokens by
the realm. Without this, we may only find a few tokens and leave some active that need to be
invalidated.
relates elastic/x-pack-elasticsearch#3688
Original commit: elastic/x-pack-elasticsearch@20e97b6aae