Only the Logstash and Kibana version mismatch watches contain a time
filter, the others are only sorting by timestamp. In combination with
searching in all `.monitoring-es-*` indices, this is IMO pretty resource
intensive, as we cannot exit early on any search request.
This commit adds time based filters to remaining three watches, using
the same range than the other two.
Original commit: elastic/x-pack-elasticsearch@3eb6bf0de2
* Fix license messaging for Logstash functionality
With a Basic license, users are still able to perform CRUD operations on the `.logstash` index, therefore manage their Logstash pipelines. However, Logstash itself will not pick up any changes from this index and act on them. With an expired license Logstash functionality continues to operate as normal.
* Fixing messages after feedback
* Removing extraneous tabs at end of line
* Fixing typo
Original commit: elastic/x-pack-elasticsearch@bc069cf00f
Verify that the configuration directory `$ES_PATH_CONF/x-pack`
exists before attempting to run any of the `users` commands, and
return a helpful error message to the user if it doesn't.
Original commit: elastic/x-pack-elasticsearch@6d663b6654
This changes the default behavior of .monitoring indices to be green on one-node clusters, instead of constantly yellow.
Note: This only impacts .monitoring* indices. Watcher indices currently still require a replica.
Original commit: elastic/x-pack-elasticsearch@6eb8a48a9f
* Rename folder x-pack-core -> core
The jar remains 'x-pack-core-*.jar'
* Put group in top-level build.gradle instead of plugin/core/build.gradle
Original commit: elastic/x-pack-elasticsearch@b23452fa55
This commit adds additional checks around resize operations and alias creation operations to
add an extra layer of security around these APIs.
Original commit: elastic/x-pack-elasticsearch@b79f16673c
Upon selecting a node to run a datafeed we normally check that the
data indices exists and their primaries are active. However, these
checks cannot be applied for CCS to a remote cluster. This commit
skips these checks for remote indices.
This removes the last obstacle for running CCS datafeeds.
Relates elastic/x-pack-elasticsearch#1071
Original commit: elastic/x-pack-elasticsearch@092f44feee
SQL used to have some changes to security. We've since reverted them but
we have some leftover stuff like import reordering and spacing changes.
We may as well remove them so merging SQL to master is smaller.
Original commit: elastic/x-pack-elasticsearch@c632256ddd
This commits adds a new end point for closing in-flight cursors, it also ensures that all cursors are properly closed by adding after test checks that ensures that we don't leave any search context open.
relates elastic/x-pack-elasticsearch#2878
Original commit: elastic/x-pack-elasticsearch@1052ea28dc
This commit updates x-pack to be compatible with
elastic/elasticsearch#27711. That commit removed the need for channels
to be internally tracked inside transport implementations. This commit
removes a test mocking class that is not necessary after that change.
Original commit: elastic/x-pack-elasticsearch@75d99ba1d1
This creates a basic skeleton for the plugin split by adding folders and example
`build.gradle` files. It also includes a non-implemented `migrate-plugins.sh`
script that we can fill in at a later time.
Relates to elastic/x-pack-elasticsearch#2925
Original commit: elastic/x-pack-elasticsearch@2ab035d6b6
Generate passwords from [A-Za-z0-9] so that they are safe to be
used in shell scripts.
Entropy deterioration is not significant (124.9 -> 119), generated
passwords still meet guidelines and best practices regarding length
and complexity.
Resolveselastic/x-pack-elasticsearch#3087
Original commit: elastic/x-pack-elasticsearch@078639e7c2
Hopefully fixes the Windows CI failures that break on cloning the repository into a target directory with a lengthy path name.
Original commit: elastic/x-pack-elasticsearch@fe18e95d3f
When using the security networking implementations, the Netty jars that
are in play are those that are loaded in the X-Pack classloader. This
means that permissions granted to the Netty jars loaded in the
transport-netty4 module classloader do nothing. Instead, we have to
grant the same permissions to the Netty jars in the X-Pack
classloader. This commit does this.
Relates elastic/x-pack-elasticsearch#3247
Original commit: elastic/x-pack-elasticsearch@91780597b9
* Add Special Event
* Add special events to update process
* Add time condition and skip rule actions.
* Update special events
* Address review comments
Original commit: elastic/x-pack-elasticsearch@80500ded76
Given that we get now filtered mappings directly from the get index API (in case security is configured with FLS), we don't need the security filter nor the filtered catalog. That means we can remove the delayed action support also from AuthorizationService and rather make SQLAction a composite action like others. It will be authorized as an action, but its indices won't be checked while that will happen with its inner actions (get index and search) which need to be properly authorized.
Also, SQLGetIndicesAction is not needed anymore, as its purpose was to retrieve the indices access resolver put in the context by the security plugin for delayed actions, which are not supported anymore.
This commit kind of reverts elastic/x-pack-elasticsearch#2162, as it is now possible to integrate with security out-of-the-box
relates elastic/x-pack-elasticsearch#2934
Original commit: elastic/x-pack-elasticsearch@64d5044426
This PR uses a new extension point that's being added to Elasticsearch (see https://github.com/elastic/elasticsearch/pull/27603) so that the security plugin can filter the mappings fields returned by get index, get mappings, get field mappings and field capabilities API.
This effort aims at filtering information returned by API in the `indices/admin` category and field capabilities. It doesn't filter what the cluster state api returns as that is a cluster level operation.
One question is about backwards compatibility given that we would like to have this in 6.2. Shall we treat this as a bug as mappings should have been filtered before? Not sure if it's going to break existing integrations.
relates elastic/x-pack-elasticsearch#340
Original commit: elastic/x-pack-elasticsearch@d7e3fd3fa1
Before this was done it was easy to get into the situation where a
job created in 5.x with a default model memory limit of 4GB could not
be opened on any node in the cluster. Following this change this
problem will no longer occur for jobs that ran for a decent amount of
time on the old cluster.
relates elastic/x-pack-elasticsearch#3181
Original commit: elastic/x-pack-elasticsearch@cb029debba
The watcher threadpool size was always five times the CPU core
count, resulting in a huge threadpool when with even 24 cores.
This changes the behaviour to be five times the number of cores
by default - as watcher is usually waiting on I/O you should have more
threads than cores, but it maxes out with 50 threads, unless the number
of available cores is higher than that.
relates elastic/x-pack-elasticsearch#3052
Original commit: elastic/x-pack-elasticsearch@eab5deb113
Alexander Reelsen
Shaunak Kashyap
Colin Goodheart-Smithe
Ioannis Kakavas
Chris Earle
Costin Leau
Lee Hinman
Nik Everett
Jay Modi
Dimitris Athanasiou
Tanguy Leroux
David Kyle
David Roberts
Igor Motov
Tim Brooks
Jason Tedor
Yannick Welsch
javanna
Tim Vernum
Nhat Nguyen
Luca Cavanna