Commit Graph

40512 Commits

Author SHA1 Message Date
Nhat Nguyen 8703d875c0 TEST: Disable soft-deletes in ParentChildTestCase
Tracked at #33318
2018-08-31 12:54:51 -04:00
Colin Goodheart-Smithe 436d5c4eee
Fixes SecurityIntegTestCase so it always adds at least one alias (#33296)
* Fixes SecurityIntegTestCase so it always adds at least one alias

`SecurityIntegTestCase.createIndicesWithRandomAliases` could randomly
fail because its not gauranteed that the randomness of which aliases to
add to the `IndicesAliasesRequestBuilder` would always select at least
one alias to add. This change fixes the problem by keeping track of
whether we have added an alias to teh request and forcing the last
alias to be added if no other aliases have been added so far.

Closes #30098
Closes #33123e

* Addresses review comments
2018-08-31 17:47:05 +01:00
Alpar Torok db3d32ce91
Fix pom for build-tools (#33300)
Looks like `java-gradle-plugin` reconfigures the pom.
Stop using it since we don't publish to Gradle plugin portal.
2018-08-31 16:48:00 +03:00
Alpar Torok a84a20844b
Lazy evaluate java9home (#33301) 2018-08-31 16:36:57 +03:00
Andrei Stefan 0c4b3162be
SQL: test coverage for JdbcResultSet (#32813)
* Tests for JdbcResultSet
* Added VARCHAR conversion for different types
* Made error messages consistent: they now contain both the type that fails to be converted and the value itself
2018-08-31 16:12:01 +03:00
Alpar Torok f6a570880c
Work around to be able to generate eclipse projects (#33295)
* Work around to be able to generate eclipse projects

https://github.com/gradle/gradle/issues/6582
2018-08-31 16:01:54 +03:00
Pablo Musa a88f8789a0
Highlight that index_phrases only works if no slop is used (#33303)
Highlight that `index_phrases` only works if no slop is used at query time.
2018-08-31 14:48:55 +02:00
Andrei Stefan 20e1b5e2fe
Different handling for security specific errors in the CLI. Fix for https://github.com/elastic/elasticsearch/issues/33230 (#33255) 2018-08-31 13:08:32 +03:00
David Roberts 7345878d33
[ML] Refactor delimited file structure detection (#33233)
1. Use the term "delimited" rather than "separated values"
2. Use a single factory class with arguments to specify the
   delimiter and identification constraints

This change makes it easier to add support for other
delimiter characters.
2018-08-31 08:48:45 +01:00
Costin Leau 73eb4cbbbe
SQL: Support multi-index format as table identifier (#33278)
Extend tableIdentifier to support multi-index format; not just * but
also enumeration and exclusion

Fix #33162
2018-08-31 10:45:25 +03:00
Armin Braun c6cfa08a61
MINOR: Remove Dead Code from PathTrie (#33280)
* The array size checks are redundant since the array sizes
are checked earlier in those methods too
* The removed methods are just not used anywhere
2018-08-31 08:40:27 +02:00
Alpar Torok 44ed5f6306
Enable forbiddenapis server java9 (#33245) 2018-08-31 09:31:55 +03:00
Nhat Nguyen ad4dd086d2 Integrates soft-deletes into Elasticsearch (#33222)
This PR integrates Lucene soft-deletes(LUCENE-8200) into Elasticsearch.
Highlight works in this PR include:

- Replace hard-deletes by soft-deletes in InternalEngine
- Use _recovery_source if _source is disabled or modified (#31106)
- Soft-deletes retention policy based on the global checkpoint (#30335)
- Read operation history from Lucene instead of translog (#30120)
- Use Lucene history in peer-recovery (#30522)

Relates #30086
Closes #29530

---
These works have been done by the whole team; however, these individuals
(lexical order) have significant contribution in coding and reviewing:

Co-authored-by: Adrien Grand <jpountz@gmail.com>
Co-authored-by: Boaz Leskes <b.leskes@gmail.com>
Co-authored-by: Jason Tedor <jason@tedor.me>
Co-authored-by: Martijn van Groningen <martijn.v.groningen@gmail.com>
Co-authored-by: Nhat Nguyen <nhat.nguyen@elastic.co>
Co-authored-by: Simon Willnauer <simonw@apache.org>
2018-08-30 23:46:07 -04:00
Nhat Nguyen 547de71d59 Revert "Integrates soft-deletes into Elasticsearch (#33222)"
Revert to correct co-author tags.
This reverts commit 6dd0aa54f6.
2018-08-30 23:44:57 -04:00
Tim Vernum 273c82d7c9
Add support for "authorization_realms" (#33262)
Authorization Realms allow an authenticating realm to delegate the task
of constructing a User object (with name, roles, etc) to one or more
other realms.

E.g. A client could authenticate using PKI, but then delegate to an LDAP
realm. The LDAP realm performs a "lookup" by principal, and then does
regular role-mapping from the discovered user.

This commit includes:
- authorization_realm support in the pki, ldap, saml & kerberos realms
- docs for authorization_realms
- checks that there are no "authorization chains"
   (whereby "realm-a" delegates to "realm-b", but "realm-b" delegates to "realm-c")

Authorization realms is a platinum feature.
2018-08-31 13:25:27 +10:00
Nhat Nguyen 6dd0aa54f6
Integrates soft-deletes into Elasticsearch (#33222)
This PR integrates Lucene soft-deletes(LUCENE-8200) into Elasticsearch.
Highlight works in this PR include:

- Replace hard-deletes by soft-deletes in InternalEngine
- Use _recovery_source if _source is disabled or modified (#31106)
- Soft-deletes retention policy based on the global checkpoint (#30335)
- Read operation history from Lucene instead of translog (#30120)
- Use Lucene history in peer-recovery (#30522)

Relates #30086
Closes #29530

---
These works have been done by the whole team; however, these individuals
(lexical order) have significant contribution in coding and reviewing:

Co-authored-by: Adrien Grand jpountz@gmail.com
Co-authored-by: Boaz Leskes b.leskes@gmail.com
Co-authored-by: Jason Tedor jason@tedor.me
Co-authored-by: Martijn van Groningen martijn.v.groningen@gmail.com
Co-authored-by: Nhat Nguyen nhat.nguyen@elastic.co
Co-authored-by: Simon Willnauer simonw@apache.org
2018-08-30 22:11:23 -04:00
Tal Levy 86feb7713b [MUTE] SmokeTestWatcherWithSecurityIT flaky tests 2018-08-30 18:13:50 -07:00
Nhat Nguyen 39839f97ef
TEST: Access cluster state directly in assertSeqNos (#33277)
Some AbstractDisruptionTestCase tests start failing since we enabled
assertSeqNos (in #33130). They fail because the assertSeqNos assertion
queries cluster stats while the cluster is disrupted or not formed yet.

This commit switches to use the cluster state and shard stats directly
from the test cluster.

Closes #33251
2018-08-30 19:37:20 -04:00
Lee Hinman 8a2d154bad Update serialization versions for custom IndexMetaData backport 2018-08-30 15:56:53 -06:00
Jack Conradson bbbb11a698
Painless: Fix Bindings Bug (#33274)
When the change was made to the format for in the whitelist for bindings, parameters from
both the constructor and the method were combined into a single list instead of separate 
lists. The check for method parameters was being executed from the start of the combined 
list rather than the correct position. The tests for bindings used a constructor and a method 
that only used the int types so this was not caught. The test has been changed to also use 
a double type and this issue is fixed.
2018-08-30 14:33:32 -07:00
Costin Leau 83c3d7a6cf
SQL: prevent duplicate generation for repeated aggs (#33252)
Prevent generation of duplicate aggs caused by repetitive functions,
leading to invalid query.

Fix #30287
2018-08-31 00:13:03 +03:00
Igor Motov 001b78f704 Replace IndexMetaData.Custom with Map-based custom metadata (#32749)
This PR removes the deprecated `Custom` class in `IndexMetaData`, in favor
of a `Map<String, DiffableStringMap>` that is used to store custom index
metadata. As part of this, there is now no way to set this metadata in a
template or create index request (since it's only set by plugins, or dedicated
REST endpoints).

The `Map<String, DiffableStringMap>` is intended to be a namespaced `Map<String,
String>` (`DiffableStringMap` implements `Map<String, String>`, so the signature
is more like `Map<String, Map<String, String>>`). This is so we can do things
like:

``` java
Map<String, String> ccrMeta = indexMetaData.getCustom("ccr");
```

And then have complete control over the metadata. This also means any
plugin/feature that uses this has to manage its own BWC, as the map is just
serialized as a map. It also means that if metadata is put in the map that isn't
used (for instance, if a plugin were removed), it causes no failures the way
an unregistered `Setting` would.

The reason I use a custom `DiffableStringMap` here rather than a plain
`Map<String, String>` is so the map can be diffed with previous cluster state
updates for serialization.

Supersedes #32683
2018-08-30 13:57:00 -06:00
Simon Willnauer af2eaf2a6c
Remove usage of `index.shrink.source.*` in 7.x (#33271)
We cut over to `index.resize.source.*` but still have these constants
being public in `IndexMetaData`. Those Settings and constants are not needed
in 7.x while we still need to keep the keys known to private settings since
they might be part of the index settings of old indices. We can remove that
in 8.0. Yet, we should remove the settings to make sure they are not used again.
2018-08-30 21:08:35 +02:00
Nhat Nguyen 07faa0b06a TEST: Mute testMonitorClusterHealth
Tracked at #32299
2018-08-30 14:26:32 -04:00
Jim Ferenczi d0630093cd
Fix serialization of empty field capabilities response (#33263)
Fix serialization of empty field capabilities response

When no response are required (no indices match the requested patterns) the
empty response throws an NPE in the transport serialization (writeTo).
2018-08-30 18:07:58 +02:00
Jim Ferenczi 1404dd2a42
Fix nested _source retrieval with includes/excludes (#33180)
If an exclude or an include clause removes an entry to a nested field in the original source at query time,
the creation of nested hits fails with an NPE. This change fixes this exception and replaces the nested document
source with an empty map.

Closes #33163
Closes #33170
2018-08-30 15:15:50 +02:00
Ioannis Kakavas 557eabf7b5
[DOCS] TLS file resources are reloadable (#33258)
Make clearer that file resources that are used as key trust material
are polled and will be reloaded upon modification.
2018-08-30 13:59:19 +03:00
Alexander Reelsen b6f762d131
Watcher: Ensure TriggerEngine start replaces existing watches (#33157)
This commit ensures that when `TriggerService.start()` is called,
we ensure in the trigger engine implementations that current watches are
removed instead of adding to the existing ones in
`TickerScheduleTriggerEngine.start()`

Two additional minor fixes, where the result remains the same but less code gets executed.

1. If the node is not a data node, we forgot to set the status to
STARTING when watcher is being started. This should not be a big issue,
because a non-data node does not spent a lot of time loading as there
are no watches which need loading.
2. If a new cluster state came in during a reload, we had two checks in
place to abort loading the current one. The first one before we load all
the watches of the local node and the second before watcher is starting
with those new watches. Turned out that the first check was not
returning, which meant we always tried to load all the watches, and then
would fail on the second check. This has been fixed here.
2018-08-30 10:53:01 +02:00
Alpar Torok 5cf6e0d4bc
Ignore module-info in jar hell checks (#33011)
* Ignore module-info in JarHell checks
* Add unit test
* integration test to test that jarhell is ran with precommit
2018-08-30 11:41:39 +03:00
David Turner 51cbc61135 Fix docs build after #33241
Recently-merged PR #33241 broke the docs build, and this fixes it.
2018-08-30 09:38:23 +01:00
Albert Zaharovits c31c51dc80
[DOC] Repository GCS ADC not supported (#33238)
Make it clear that automatic default credentials (ADC)
is not supported for the repository-gcs plugin.
"Service Account" method is the only alternative
to authn requests to Google Cloud Storage.
2018-08-30 10:32:08 +03:00
Alpar Torok 9c541b8f72
Upgrade to latest Gradle 4.10 (#32801)
Upgrade to Gradle 4.10
2018-08-30 10:20:38 +03:00
Alpar Torok f097446066
Fix/30904 cluster formation part2 (#32877)
Gradle integration for the Cluster formation plugin with ref counting
2018-08-30 10:17:42 +03:00
Ioannis Kakavas 214652d4af
[TESTS] Pin MockWebServer to TLS1.2 (#33127)
Ensure that the SSLConfigurationReloaderTests can run with JDK 11
by pinning the Server TLS version to TLS1.2. This can be revisited
while tackling the effort to full support TLSv1.3 in
https://github.com/elastic/elasticsearch/issues/32276

Resolves #32124
2018-08-30 09:13:28 +03:00
David Turner 47859e56ac
Move file-based discovery to core (#33241)
Today we support a static list of seed hosts in core Elasticsearch, and allow a
dynamic list of seed hosts to be provided via a file using the `discovery-file`
plugin. In fact the ability to provide a dynamic list of seed hosts is
increasingly useful, so this change moves this functionality to core
Elasticsearch to avoid the need for a plugin.

Furthermore, in order to start up nodes in integration tests we currently
assign a known port to each node before startup, which unfortunately sometimes
fails if another process grabs the selected port in the meantime. By moving the
`discovery-file` functionality into the core product we can use it to avoid
this race.

This change also moves the expected path to the file from
`$ES_PATH_CONF/discovery-file/unicast_hosts.txt` to
`$ES_PATH_CONF/unicast_hosts.txt`. An example of this file is not included in
distributions.

For BWC purposes the plugin still exists, but does nothing more than create the
example file in the old location, and issue a warning when it is used. We also
continue to support the old location for the file, but warn about its
deprecation.

Relates #29244
Closes #33030
2018-08-30 06:43:04 +01:00
Jay Modi f063587083
HLRC: add client side RefreshPolicy (#33209)
With the switch to client side request and response objects, we need a
client side version of RefreshPolicy. This change adds a client side
version of RefreshPolicy along with a method to add it to the
parameters of a request. The existing method to add
WriteRequest.RefreshPolicy to the parameters of a request is now
deprecated.
2018-08-29 21:44:33 -06:00
Yogesh Gaikwad 6fd971040e
[Kerberos] Add unsupported languages for tests (#33253)
Ran for all locales in system to find locales which caused
problems in tests due to incorrect generalized time handling
in simple kdc ldap server.

Closes#33228
2018-08-30 12:08:29 +10:00
Armin Braun cc4d7059bf
Ingest: Add conditional per processor (#32398)
* Ingest: Add conditional per processor
* closes #21248
2018-08-30 03:46:39 +02:00
Zachary Tong d93b2a2e9a
[Rollup] Only allow aggregating on multiples of configured interval (#32052)
We need to limit the search request aggregations to whole multiples
of the configured interval for both histogram and date_histogram.
Otherwise, agg buckets won't overlap with the rolled up buckets
and the results will be incorrect.

For histogram, the validation is very simple: request must be >= the config,
and modulo evenly.

Dates are more tricky.
- If both request and config are fixed dates, we can convert to millis
and treat them just like the histo
- If both are calendar, we make sure the request is >= the config with
a static lookup map that ranks the calendar values relatively.  All
calendar units are "singles", so they are evenly divisible already
- We disallow any other combination (one fixed, one calendar, etc)
2018-08-29 17:10:00 -04:00
Alexander Reelsen 13880bd8c1
Watcher: Reload properly on remote shard change (#33167)
When a node dies that carries a watcher shard or a shard is relocated to
another node, then watcher needs not only trigger a reload on the node
where the shard relocation happened, but also on other nodes where
copies of this shard, as different watches may need to be loaded.

This commit takes the change of remote nodes into account by not only
storing the local shard allocation ids in the WatcherLifeCycleService,
but storing a list of ShardRoutings based on the local active shards.

This also fixes some tests, which had a wrong assumption. Using
`TestShardRouting.newShardRouting` in our tests for cluster state
creation led to the issue of always creating new allocation ids which
implicitely lead to a reload.
2018-08-29 22:42:08 +02:00
Jason Tedor 0f22dbb1cc
Apply settings filter to get cluster settings API (#33247)
Some settings have filters applied to them and we use this in logs and
the get nodes info API. For consistency, we should apply this in the get
cluster settings API too.
2018-08-29 15:56:13 -04:00
Matt Weber 92bd7242a3 Fix classpath security checks for external tests. (#33066)
This commit checks that when we manually add a class to
the codebase map, that it does in-fact not exist on the classpath
in a jar.  This will only be true if we are using the test framework
externally such as when a user develops a plugin.
2018-08-29 12:19:58 -07:00
Hendrik Muhs cfc003d485 [Rollup] Re-factor Rollup Indexer into a generic indexer for re-usability (#32743)
This extracts a super class out of the rollup indexer called the AsyncTwoPhaseIterator. 
The implementor of it can define the query, transformation of the response, 
indexing and the object to persist the position/state of the indexer.

The stats object used by the indexer to record progress is also now abstract, allowing
the implementation provide custom stats beyond what the indexer provides.  It also
allows the implementation to decide how the stats are presented (leaves toXContent()
up to the implementation).

This should allow new projects to reuse the search-then-index persistent task that Rollup
uses, but without the restrictions/baggage of how Rollup has to work internally to
satisfy time-based rollups.
2018-08-29 14:28:21 -04:00
Jack Conradson b52818ec6f
Painless: Add Bindings (#33042)
Add bindings that allow some specialized methods to store permanent state between script executions.
2018-08-29 09:24:56 -07:00
jaymode 6daf8115d6
Update version after client credentials backport
This commit changes the serialization version from V_7_0_0_alpha1 to
V_6_5_0 for the create token request and response with a client
credentials grant type. The client credentials work has now been
backported to 6.x.

Relates #33106
2018-08-29 09:02:32 -06:00
Alpar Torok 3828ec60f5
Fix forbidden apis on FIPS (#33202)
- third party audit detects jar hell with JDK so we disable it
- jdk non portable in forbiddenapis detects classes being used from the
JDK ( for fips ) that are not portable, this is intended so we don't
scan for it on fips.
- different exclusion rules for third party audit on fips

Closes #33179
2018-08-29 17:43:40 +03:00
Simon Willnauer 6a0d4b4a77
Remote 6.x transport BWC Layer for `_shrink` (#33236)
The shrink action was renamed to `_resize` with the addition
or split. This bwc layer is unnecessary on 7.x since 6.latest will
always use the resize action.
2018-08-29 16:43:13 +02:00
markharwood e95c2afe3c Test fix - Graph HLRC tests needed another field adding to randomisation exception list
Related to #33231
2018-08-29 15:19:26 +01:00
Dimitris Athanasiou a5b34c75b0
HLRC: Add ML Get Records API (#33085)
Relates #29827
2018-08-29 15:03:58 +01:00
David Roberts 22415fa2de
[ML] Fix character set finder bug with unencodable charsets (#33234)
Some character sets cannot be encoded and this was tripping
up the binary data check in the ML log structure character
set finder.

The fix is to assume that if ICU4J identifies that some bytes
correspond to a character set that cannot be encoded and those
bytes contain zeroes then the data is binary rather than text.

Fixes #33227
2018-08-29 14:56:02 +01:00