Also added a test to multi node qa module that tests the datafeeder, which should have caught this.
Original commit: elastic/x-pack-elasticsearch@89e4875f6c
Now that TLS is required for node to node communication, we no longer need to sign the
authentication information to prevent tampering.
Original commit: elastic/x-pack-elasticsearch@1f86cf2395
Was accidentally injecting the script object, not the string version of the code. Also
added a check so we only inject for Painless scripts (and not groovy, etc).
Minor style tweaks too.
Original commit: elastic/x-pack-elasticsearch@58c7275bd8
Essentially an update to https://github.com/elastic/prelert-legacy/pull/736 . Still does not
default to using shared indices, but adds the capability for two jobs to share the same one
without conflict
Still does not default to using shared indices, just adds the capability for two jobs to share the same one without conflict.
Original commit: elastic/x-pack-elasticsearch@60d93a06ea
By injecting immediately before use, we don't have to store it in the config and return
huge blobs to the user when they request the config
Original commit: elastic/x-pack-elasticsearch@2e53c930ea
Source filtering is currently written as if the fact that an object is accepted
means that all sub fields and objects are implicitly accepted, which is not
true.
Original commit: elastic/x-pack-elasticsearch@afc4440e7a
This node attribute setting defaults to true when ml is enabled and jobs are only opened on nodes where the allocation enabled node attribute is set to true.
Original commit: elastic/x-pack-elasticsearch@fd3f1b3058
This change adds licensing to the maching learning feature, and only allows access to machine learning if a trial or platinum license is installed.
Further, this change also renames `MlPlugin` to `MachineLearning` in line with the other feature plugin names and move the enabled setting to `XPackSettings`
Original commit: elastic/x-pack-elasticsearch@48ea9d781b
This commit removes the undocumented, test used only, setting xpack.monitoring.collection.collectors. It should not be used by users at all, and has been initially created for collector tests.
From elastic/elasticsearch#4957
Original commit: elastic/x-pack-elasticsearch@0fa39a94b5
The Elastic Secrets vault is served via HTTPS with a Let's Encrypt
certificate. The root certificate that cross-signed the Let's Encrypt
certificates were not trusted by the JDK until 8u101. This commit adds a
version check at the start of the build to make it clear the cause of
the underlying issue, and what the fix is.
Relates elastic/x-pack-elasticsearch#541
Original commit: elastic/x-pack-elasticsearch@6bf8076cb6
The ServerTransportFilterIntegrationTests cannot use the mock zen pings as the tests rely on the actual sending and
handling of zen pings to test connectivity to the client profile. The server profile test also needs to use the same
type of pings as the test cluster.
Original commit: elastic/x-pack-elasticsearch@fc389921ca
The SecurityIndexSearcherWrapper was calling toQuery instead of toFilter, which in certain cases can trip the max
clause count check for a boolean query. The same query works fine as a filter and that is what users would expect when
using the query for document level security.
Original commit: elastic/x-pack-elasticsearch@40330636ec
There were two problems:
1. The location for the autodetect process was ES_HOME/config/ml
2. The location for the normalize process was its current working
directory
In both cases the correct location is ES_HOME/config/x-pack
Original commit: elastic/x-pack-elasticsearch@7d8a384fda
When retrying datafeed task only start datafeed when job is in started state.
Run datafeed task on the node where the job task is running.
Let start datafeed api waits until datafeed state has been set to started.
Original commit: elastic/x-pack-elasticsearch@ebf1d3b9aa
This commit removes the NativeRealmMigrator's dependency on the NativeUserStore and instead directly uses the
InternalClient for the migration operations. There are pros and cons to doing it both ways, but I feel this
method makes it more explicit that this is what the migrator is going to do. The downside here is that there
are two places in the code that need to know the inner details of how we store users.
Additionally, by doing this we avoid a race condition between the NativeUsersStore starting and the
NativeRealmMigrator attempting to get all of the reserved users. This race causes the
OldSecurityIndexBackwardsCompatibility tests to fail intermittently.
Original commit: elastic/x-pack-elasticsearch@6c388db535
When a watch gets written by an external process, we should refresh
immediately, so that watches and their state are immediately available,
also via search which is needed for the Watcher UI.
Closeselastic/elasticsearch#4695
Original commit: elastic/x-pack-elasticsearch@8bed60c928
In order to help watcher UI easily gather the status of a watch
and its actions, we should write the watch status in the history
as well.
This commit is doing exactly that. Tests ensure, that the status is not searchable,
as in the watch mapping itself.
This also requires the history template to be changed, thus the counter of the template
had to be increased as well.
Some minor refactorings by making ctors private that dont need to be public
have been happening as well.
Closeselastic/elasticsearch#4735
Original commit: elastic/x-pack-elasticsearch@df8352ceb5
Also, this change allows the credentials to be passed in through
gradle properties, which will allow the unified release to use its own
aws credentials, supplied securely to the build.
Original commit: elastic/x-pack-elasticsearch@62f7a30e59
This extends the DBQ to delete from a pattern, rather than a specific index. Once shared/rollover
indices are implemented, this will be capable of purging results from the matching set.
Original commit: elastic/x-pack-elasticsearch@4ec0944173
After authenticating with vault it can take time for the credentials to be propagated by the AWS API. previously we would just blindly wait for 10 seconds and then try to continue. This change introduces a retry loop where we will do a `headBucket` request every 0.5 seconds until the bucket is accessible or until we have tried 15 times. This means the build is only held up for at most 0.5 seconds after the bucket is accessible.
This is a step towards the final solution since the authentication with vault still happens on every build in the configuraiton phase. A subsequent change will be made to move this out of the configuration phase so that it only runs when the dependencies are required.
Original commit: elastic/x-pack-elasticsearch@ab3abba1ea
Also replaced the DELETING status from JobState with a boolean flag on Job. The state of a job is now stored inside a persistent task in cluster state. Jobs that aren't running don't have a persistent task, so I moved that notion of being deleted to the job config itself.
Original commit: elastic/x-pack-elasticsearch@b0ed82124d
Windows requires named pipes to be created at a specific location so we need to allow access to this special location in the security policy for the machine learning plugin to run on X-Pack
Original commit: elastic/x-pack-elasticsearch@3079e88713