Commit Graph

1103 Commits

Author SHA1 Message Date
Luca Cavanna f0c026d1d9 [TEST] adapt test: delete index doesn't resolve to aliases anymore (elastic/x-pack-elasticsearch#1735)
Original commit: elastic/x-pack-elasticsearch@49629ccea6
2017-06-16 17:46:45 +02:00
Nik Everett d526461bd2 Add basic full cluster restart tests for x-pack (elastic/x-pack-elasticsearch#1743)
Adds tests similar to `:qa:full-cluster-restart` for x-pack. You
run them with `gradle :x-pack:qa:full-cluster-restart:check`.

The actual tests are as basic as it gets: create a doc and load it,
shut down, upgrade to master, startup, and load it. Create a user
and load it, shut down, upgrade to master, startup, and load it.

Relates to elastic/x-pack-elasticsearch#1629

Original commit: elastic/x-pack-elasticsearch@8994bec8e7
2017-06-16 11:44:51 -04:00
Jay Modi ed382807c3 Remove unnecessary initialization of the system key (elastic/x-pack-elasticsearch#1734)
This commit removes unnecessary initialization of the system key in tests that no longer make use
of the system key. It also removes the feature usage for the system key in the SecurityFeatureSet.

Original commit: elastic/x-pack-elasticsearch@b9fffe0bd3
2017-06-16 09:24:03 -06:00
Pier-Hugues Pellerin 76857d7bbe Add support for Logstash' ephemeral_id (elastic/x-pack-elasticsearch#1697)
Logstash now has ephemeral id at the instance level and also at the
pipeline level, we need to add them to the logstash monitoring template.

Original commit: elastic/x-pack-elasticsearch@dfac702d59
2017-06-16 11:08:08 -04:00
David Kyle 02da8e7cd9 [ML] Use bulk request to persist model plots (elastic/x-pack-elasticsearch#1714)
* Use bulk request to persist model plots and model size stats

* Revert persisting model size stats in the bulk request

* Refactor results persister

Original commit: elastic/x-pack-elasticsearch@f51297bfc2
2017-06-16 15:18:16 +01:00
Tim Vernum c63d4e306b Reduce logging for reserved realm authc failures (elastic/x-pack-elasticsearch#1711)
We recently added logging for critical authentication failures as they had previously been silent (with respect to logs) but would cause authentication processing to stop.

However, the reserved realm intentionally uses exceptions to stop any other realm authenticating a reserved user if the password is entered incorrectly.
Since this is the most common use of exceptions in the authc chain, we reduce the logging verbosity in normal cases (drop the stack trace, remove "unexpected") and only log the full details in debug.

Original commit: elastic/x-pack-elasticsearch@686a98010b
2017-06-16 10:46:07 +10:00
Martijn van Groningen 9dddce2e08 Add analysis-common as test dependency to xpack plugin module.
Original commit: elastic/x-pack-elasticsearch@2472585037
2017-06-15 20:50:31 +02:00
Tim Brooks 7c7e47aa0f Add tool to setup passwords for internal users (elastic/x-pack-elasticsearch#1434)
This is related to elastic/x-pack-elasticsearch#1217. This change introduces a tool
bin/x-pack/setup-passwords that will streamline the setting of
internal user passwords. There are two modes of operation. One mode
called auto, automatically generates passwords and prints them to
the console. The second mode called interactive allows the user to 
enter passwords.

All passwords are changed using the elastic superuser. The elastic
password is the first password to be set.

Original commit: elastic/x-pack-elasticsearch@00974234a2
2017-06-15 10:48:02 -05:00
Jay Modi d920cc7348 Remove signing code completely from master (elastic/x-pack-elasticsearch#1719)
After improving the authorization of scroll requests and backporting to 5.x, we no longer need to
have any signing code in master. This commit removes it.

Original commit: elastic/x-pack-elasticsearch@8b65fd9338
2017-06-15 07:51:39 -06:00
Jim Ferenczi 07fcf75dd9 [Test] Fix DocumentLevelSecurityTests and FieldLevelSecurityTests to work with the new format of the parent-join field
Original commit: elastic/x-pack-elasticsearch@cd9f26887b
2017-06-15 15:40:41 +02:00
David Roberts 291aa27562 [ML] Kill autodetect on error writing headers (elastic/x-pack-elasticsearch#1730)
If an exception occurs while sending the initial setup messages to the autodetect
such that it fails rather than reaching the open state then the autodetect process
needs to be killed to prevent it hogging resources.

Relates elastic/x-pack-elasticsearch#1684

Original commit: elastic/x-pack-elasticsearch@1ee80ed9b0
2017-06-15 14:03:41 +01:00
David Roberts b748da1880 [ML] Prevent time_field and control field name in analysis_config (elastic/x-pack-elasticsearch#1729)
In does not make sense for the time_field in the data_description to
be used as a by/over/partition field name, nor the summary_count_field,
categorization_field or as an influencer.  Therefore, configurations
where the time_field in the data_description is used in the
analysis_config are now rejected.

Additionally, it causes a problem communicating with the C++ code if
the control field name (which is '.') is used in the analysis_config,
so this is also rejected at the validation stage.

Relates elastic/x-pack-elasticsearch#1684

Original commit: elastic/x-pack-elasticsearch@e6750a2cda
2017-06-15 13:04:25 +01:00
Boaz Leskes c76bdf61d7 move assertBusy to use CheckException (elastic/x-pack-elasticsearch#1727)
We use assertBusy in many places where the underlying code throw exceptions. Currently we need to wrap those exceptions in a RuntimeException which is ugly.

Companion PR to https://github.com/elastic/elasticsearch/pull/25246

Original commit: elastic/x-pack-elasticsearch@056857273f
2017-06-15 13:24:34 +02:00
Tim Vernum e36f86cf95 Improve upgrade process for reserved users (elastic/x-pack-elasticsearch#1712)
- Don't attempt to upgrade from 2.x
- Attempt up to 10 retries if the migration fails (with increasing back-off between attempts)
- If a cached user is disabled, recheck with the underlying store

The last change is required if the migration takes a long time.
While users are being migrated, they might be marked as disabled, but when the migration is complete they need to be usable immediately.

Original commit: elastic/x-pack-elasticsearch@2621867014
2017-06-15 10:27:23 +10:00
Nik Everett 0970c509bc Remove the assemble task from projects not published (elastic/x-pack-elasticsearch#1721)
Removes the `assemble` task from projects that aren't published
to speed up `gradle assemble` so the unified release can call it.

Original commit: elastic/x-pack-elasticsearch@43dfcc15f3
2017-06-14 19:57:26 -04:00
Igor Motov 8abf4c3119 Tests: Remove QUERY_AND_FETCH BWC actions from the list of known handlers
Relates to elastic/elasticsearch#25223

Original commit: elastic/x-pack-elasticsearch@2da097d1ea
2017-06-14 19:01:14 -04:00
Simon Willnauer 97693b9357 Add scroll support for cross cluster search (elastic/x-pack-elasticsearch#1706)
Original commit: elastic/x-pack-elasticsearch@eadffa396b
2017-06-14 20:38:58 +02:00
Dimitrios Athanasiou 50de99374c [TEST] Start non ML node in BasicDistributedJobsIT.testMlIndicesNotAvailable
Original commit: elastic/x-pack-elasticsearch@71e63b6ea2
2017-06-14 16:43:57 +01:00
Dimitrios Athanasiou 1eb785d8ee [TEST] Minor refactorings in BasicDistributedJobsIT
Original commit: elastic/x-pack-elasticsearch@eab0fe759e
2017-06-14 16:04:06 +01:00
Dimitrios Athanasiou cd119c488f [TEST] Remove test logging for resolved issue elastic/x-pack-elasticsearch#1048
Original commit: elastic/x-pack-elasticsearch@012d2b53c9
2017-06-14 15:21:20 +01:00
David Kyle 1010f73ae7 [ML] Retry after broken scroll (elastic/x-pack-elasticsearch#1713)
Original commit: elastic/x-pack-elasticsearch@b4fc329c52
2017-06-14 15:04:14 +01:00
Alexander Reelsen 4e085f03b7 Tests: Disable watcher in ServerTransportFilterIntegrationTests
These tests are starting their own nodes and do not use the testing
trigger schedule class.

There are occasional test failure due to a race condition where watcher
is in the process of being started, but cannot be shut down properly,
because starting up was not finished when the shut down was called for.

These filter tests do not rely on watcher, so we can disable them for
now, but we still need to fix a race condition in starting/stopping
watcher.

relates elastic/x-pack-elasticsearch#1422

Original commit: elastic/x-pack-elasticsearch@f13bb7a6fb
2017-06-14 15:00:37 +02:00
Chris Earle bb31c09ed0 [Monitoring] Add Mapping for cfs_quota_micros field (elastic/x-pack-elasticsearch#1710)
This maps the cgroup field, which was unmapped (and now mappings are no longer dynamic).

Original commit: elastic/x-pack-elasticsearch@86b4333ebb
2017-06-14 07:37:15 -04:00
Alexander Reelsen 457af97d1f Watcher: Remove handling of _status field (elastic/x-pack-elasticsearch#1701)
There is no need to handle any _status field in
the 6.0 release from now on, as everything has been
taken care in the upgrade API.

Original commit: elastic/x-pack-elasticsearch@606581f4d7
2017-06-14 10:36:46 +02:00
David Roberts e7af52fb8e [ML] Let core ES stop the native controller when ML is disabled (elastic/x-pack-elasticsearch#1704)
This changes part of the logic that was added in elastic/x-pack-elasticsearch#644 and extended
in elastic/x-pack-elasticsearch#1495 so that when ML is disabled we never try to communicate with
the native controller during node shutdown.

The original reason for needing to communicate with the native controller
when ML is disabled was the problem of elastic/prelert-legacy#803.
However, this was fixed in a better way in elastic/elasticsearch#24579.
Now there is considerable benefit in never talking to the native
controller from the plugin code when ML is disabled, because it means
anyone suffering some obscure problem with ML can disable it without
running the risk of uncovering some other obscure problem with shutdown.

Original commit: elastic/x-pack-elasticsearch@9d329483a7
2017-06-14 08:54:57 +01:00
Alexander Reelsen 4346431156 Tests: Ensure watcher is started in REST tests (elastic/x-pack-elasticsearch#1702)
This adds a check in the REST tests to ensure that
watcher is started, and if not, tries to start watcher.

This eliminates test failures where watcher was not in
the correct state due to other tests stopping watcher.

Original commit: elastic/x-pack-elasticsearch@fc547d49b4
2017-06-14 08:34:09 +02:00
Ryan Ernst abe217ebc3 Remove uses of Strings.cleanPath (elastic/x-pack-elasticsearch#1709)
This is the xpack side of
https://github.com/elastic/elasticsearch/pull/25209

Original commit: elastic/x-pack-elasticsearch@4f59f011e9
2017-06-13 21:10:02 -07:00
Suyog Rao fe72991c70 [Logstash] Add new component to x-pack to handle LS features (elastic/x-pack-elasticsearch#1530)
This commit adds a new Logstash component to x-pack to support the config management work. Currently, the functionality in this component is really simple; all it does is upload a new index template for `.logstash` index. This index stores the actual LS configuration.

On this template is bootstrapped in ES, Kibana can write user-created LS configs which adhere to the mapping defined here. In the future, we're looking into adding more functionality on the ES side to handle config documents, but for now, this is simple.

relates elastic/x-pack-elasticsearch#1499, relates elastic/x-pack-elasticsearch#1471

Original commit: elastic/x-pack-elasticsearch@d7cc8675f7
2017-06-13 10:30:30 -07:00
Dimitris Athanasiou f2e2ccae01 [ML] Extract parent field when job has text multi-field (elastic/x-pack-elasticsearch#1705)
In the case where a field is a text multi-field, it has
no doc values and it is not in source. Thus, the datafeed
will not be able to extract it.

However, it is possible to extract it by getting its parent
field instead. This commit implements the logic to look
in parent fields when the field in question is a text field.

Original commit: elastic/x-pack-elasticsearch@f116e89921
2017-06-13 18:00:24 +01:00
Simon Willnauer 65bac10eed Fix API change in SecurityNetty4Transport
Original commit: elastic/x-pack-elasticsearch@f152fb1813
2017-06-13 10:15:26 +02:00
Dimitrios Athanasiou 29811ea1d8 [ML] Write null instead of false for optional boolean that was removed
Original commit: elastic/x-pack-elasticsearch@43f5fc04bd
2017-06-12 17:35:25 +01:00
Dimitrios Athanasiou 1d33fb8b8b [TEST] Add now required mapping for data index in datafeed test
Original commit: elastic/x-pack-elasticsearch@67cf68c5a0
2017-06-12 15:50:16 +01:00
Dimitris Athanasiou 8eb62eac27 [ML] Automate detection of way to extract fields (elastic/x-pack-elasticsearch#1686)
In 5.4.x, the datafeed attempts to get all fields from
doc_values by default. It has a `_source` parameter which
when enabled changes the strategy to instead try to get
all fields from the source.

This has been the most common issue users have been
reporting as it means the datafeed will fail to fetch
any text fields by default.

This change uses the field capabilities API in order
to automatically detect whether a field is aggregatable.
It then extracts such fields from doc_values while the
rest are taken from source. The change also adds
validation to the start datafeed action so that if
fields are missing mappings or the time field is not
aggregatable we respond with an appropriate error.

relates elastic/x-pack-elasticsearch#1649

Original commit: elastic/x-pack-elasticsearch@76e2cc6cb2
2017-06-12 14:56:31 +01:00
Dimitris Athanasiou c9bbc17742 [ML] Make datafeed types optional (elastic/x-pack-elasticsearch#1690)
Specifying types for a datafeed should be optional
as no types is equal to searching through all types.

Original commit: elastic/x-pack-elasticsearch@f61ac01b45
2017-06-12 14:46:53 +01:00
Alexander Reelsen 27b5142de6 Watcher: Fix croneval tool for packaging (elastic/x-pack-elasticsearch#1689)
The croneval script used an old parameter to start up.
This commit removes this parameter, that is used, when a
package is used.

In addition a concrete vagrant test has been added.

relates elastic/x-pack-elasticsearch#1635

Original commit: elastic/x-pack-elasticsearch@ea7b8a08f4
2017-06-12 13:56:26 +02:00
Alexander Reelsen 83a5e022cb Watcher: Reduce logging noise when watcher might be stopped (elastic/x-pack-elasticsearch#1685)
Only log an entry when an actual stop is executed instead of
always logging.

Also added a reason to stop watcher to the methods, so that
debug logs will yield that information.

Original commit: elastic/x-pack-elasticsearch@8efaed0e9a
2017-06-12 10:24:16 +02:00
David Kyle 516696bbec [ML][TEST] Refresh after indexing docs
Original commit: elastic/x-pack-elasticsearch@b64ad1b2c6
2017-06-10 19:12:52 +01:00
Jason Tedor cb62d81bdc Fix compilation for CreateIndexResponse
The constructor for CreateIndexResponse changed to include the index
name. This commit adapts x-pack-elasticsearch to this change.

Original commit: elastic/x-pack-elasticsearch@b078d80cd9
2017-06-09 14:59:55 -04:00
jaymode 741bf85fbf Remove incorrect bwc branch logic from master
Commit elastic/x-pack-elasticsearch@b07aa78a7b was a forward port of logic needed in 5.x to get
the correct bwc branch. However, other changes on master meant that this forward port was not
needed and actually broke the bwc tests. This change removes the incorrect if statement and project name.

Original commit: elastic/x-pack-elasticsearch@9a77269fa6
2017-06-09 10:02:43 -06:00
Alexander Reelsen 709ed7d50e Watcher: Only try to load triggered watches index, if it exists (elastic/x-pack-elasticsearch#1569)
This is mainly a commit to reduce noise in test logfiles when going
through them. When watcher shuts down and another node takes over, it
might try to start watcher again and tries to load triggered watches.
However the triggered watches index could be gone in the meantime due to
further shutdown. This results in logging a stack trace that the index
does not exist.

This commit checks the cluster state before trying to load triggered
watches to prevent an IndexNotFoundException in the logs.

Original commit: elastic/x-pack-elasticsearch@9f26d557d0
2017-06-09 17:51:23 +02:00
Alexander Reelsen d769ee0813 Watcher: Do not pause watcher if not needed (elastic/x-pack-elasticsearch#1681)
This introduces a check to only pause the execution of watcher
when there is no metadata but there was a shard on this node before
that inside of the ClusterStateListener.

This prevents repeated logging that watcher was paused even
though it was not necessary to call anything.

Original commit: elastic/x-pack-elasticsearch@8d3a829ffb
2017-06-09 17:50:35 +02:00
Alexander Reelsen 7f48337bf6 Watcher: Remove index template configuration via cluster settings (elastic/x-pack-elasticsearch#1680)
Watcher had an undocumented feature to configure the settings of any
index template via updating the cluster settings. Instead of changing
the template one could add a setting during runtime that overwrote
what is written in the index template.

As index template are created once and not overwritten, users should
just change the index template - or the concrete index settings like
number of replicas.

This feature was not exposed in our documentation at all.

Original commit: elastic/x-pack-elasticsearch@32e1769925
2017-06-09 17:50:01 +02:00
Ryan Ernst c1a3f50e19 Convert script uses to use source/id keys (elastic/x-pack-elasticsearch#1670)
This is the xpack side of
https://github.com/elastic/elasticsearch/pull/25127

Original commit: elastic/x-pack-elasticsearch@e25bd90825
2017-06-09 08:29:36 -07:00
David Kyle 02a241bdf5 [ML] Refresh index after delete (elastic/x-pack-elasticsearch#1675)
Original commit: elastic/x-pack-elasticsearch@fbbcd0343e
2017-06-09 12:27:30 +01:00
David Kyle d64bea14dc [ML] Closing an unknown job should throw resource not found exception (elastic/x-pack-elasticsearch#1673)
Original commit: elastic/x-pack-elasticsearch@c244d2809b
2017-06-09 10:02:51 +01:00
David Kyle d6e92c19da Fix closing/stopping unassigned jobs/datafeeds (elastic/x-pack-elasticsearch#1672)
Original commit: elastic/x-pack-elasticsearch@9f032ac98f
2017-06-09 09:33:36 +01:00
Chris Earle b31c8e2661 [Monitoring] Remove Specific ClusterStateCollector/Resolver and Tests (elastic/x-pack-elasticsearch#1664)
This removes the Cluster State collector and resolver and moves the collection of the cluster state (and cluster health, which is already included in cluster stats).

This makes the tests a little more stable and removes an extra network hop during monitoring data collection.

Original commit: elastic/x-pack-elasticsearch@44851d2dd6
2017-06-08 15:55:23 -04:00
Chris Earle 3f5ae2d54f Always use the lower version in resource tests
Original commit: elastic/x-pack-elasticsearch@47aa744acf
2017-06-08 15:39:52 -04:00
jaymode dad15b8d6c Fix branch logic for bwc tests in the same major version
When testing against the previous 5.x release, the bwc project incorrectly would checkout the 5.x
branch instead of the 5.5 branch as it still had the logic that applies for major versions bwc. This change adds
a check to compare the major version when making the decision on the branch to use.

Original commit: elastic/x-pack-elasticsearch@b07aa78a7b
2017-06-08 11:40:45 -06:00
David Roberts f097ff906d Ensure only 1 in-flight request to create each watcher index template (elastic/x-pack-elasticsearch#1660)
The aim of this change is to prevent many identical requests to create
watcher index templates being submitted when a cluster first starts up
and many cluster state updates are happening.  Prior to this change, if
watcher's original index template creation requests queued up behind other
cluster state change requests then for each other request watcher would
re-request creation of all its index templates.  After this change it
uses a strategy similar to that used by ML to only have one creation
request per index template in the cluster state change queue at any time.

Relates elastic/x-pack-elasticsearch#1368
Relates elastic/x-pack-elasticsearch#1631
Relates elastic/x-pack-elasticsearch#1650

Original commit: elastic/x-pack-elasticsearch@ad87bf3f78
2017-06-08 10:05:39 +01:00
Tim Vernum 29c11c30f3 Settings filter should rely directly on realm settings (elastic/x-pack-elasticsearch#1669)
The security module had special cases for realm settings that should be filtered,
but since elastic/x-pack-elasticsearch@2c76a13 / elastic/elasticsearch#4311 it's possible to use the existing realm
setting objects to do that.

Original commit: elastic/x-pack-elasticsearch@0651afe987
2017-06-08 18:05:02 +10:00
David Roberts 7aa1114eca [ML] Make get_job_stats robust to missing results indices (elastic/x-pack-elasticsearch#1662)
Although the job stats for jobs with missing results indices are clearly
ruined, it's better to provide zeroes for the missing values and show the
stats for other jobs than to fail the whole request. This means the UI
can continue to function.

relates elastic/x-pack-elasticsearch#1656

Original commit: elastic/x-pack-elasticsearch@a06fa994a5
2017-06-08 08:33:06 +01:00
Jack Conradson d7658bd9a2 Generate Painless Factory for Creating Script Instances. (elastic/x-pack-elasticsearch#1667)
Original commit: elastic/x-pack-elasticsearch@bda1668eec
2017-06-07 16:06:30 -07:00
Chris Earle adc82e7323 make racey test a bit more flexible
Original commit: elastic/x-pack-elasticsearch@6d5c1110bf
2017-06-07 11:03:44 -04:00
David Kyle ba3e258470 [ML] Wait for job deletion if it is in the deleting state (elastic/x-pack-elasticsearch#1651)
* Wait for job deletion if it is in the deleting  state

* Tolerate errors if multiple force delete requests

Original commit: elastic/x-pack-elasticsearch@1f0c9fbb86
2017-06-07 15:41:29 +01:00
David Kyle ae299f633e [ML] Validate initial job settings (elastic/x-pack-elasticsearch#1646)
* [ML] Validate initial job settings

* Add same job creation checks to the validate endpoint

Original commit: elastic/x-pack-elasticsearch@ab76cf9ea2
2017-06-07 09:34:58 +01:00
Alexander Reelsen 87edc4bfdd Watcher: Only delete triggered watch if watch was known (elastic/x-pack-elasticsearch#1562)
When a user executes a watch and specifies it as part of the
execute watch API, no triggered watch is created, as the watch
cannot be picked up anymore (it only leaves for the duration of
the request).

However until now the TriggeredWatchStore was invoked and tried
to delete this non-existing triggered watch, resulting in some
log cluttering.

This commit removes this try to delete a non-existing triggered
watch.

Original commit: elastic/x-pack-elasticsearch@3db125cea2
2017-06-07 09:19:24 +02:00
Chris Earle 4b2d4a1e3b Simplify ClusterStateTests until resolvers are removed to make less racey
Original commit: elastic/x-pack-elasticsearch@bd44bf6a3b
2017-06-07 00:37:27 -04:00
Jason Tedor 4517892951 Remove uses of unnecessary callback interface
This commit removes uses of a callback interface that is unnecessary in
core as we can use java.util.function.Consumer instead.

Relates elastic/x-pack-elasticsearch#1654

Original commit: elastic/x-pack-elasticsearch@21f470e974
2017-06-06 20:50:16 -04:00
Igor Motov 55a8bc87e4 Add missed action to KnownActionsTests (elastic/x-pack-elasticsearch#1633)
Patching KnownActionsTests for now until we can decided what we want to do with it in a long term in elastic/x-pack-elasticsearch#1489

Original commit: elastic/x-pack-elasticsearch@9f9288c0e2
2017-06-06 16:42:00 -04:00
jaymode 48c34ec8ac Update version for signing scrolls after backport
This commit updates the version in security that we use to check a version that needs a signed
scroll id. After backporting we can talk to 5.5 without signing.

Relates elastic/x-pack-elasticsearch#1416

Original commit: elastic/x-pack-elasticsearch@8653fce1e5
2017-06-06 13:55:36 -06:00
Chris Earle e5ee80c292 [Monitoring] Upgrade Indices to remove usage of _type (elastic/x-pack-elasticsearch#1616)
This is just the culmination of all of the minor PRs associated with 1068. It will:

- Drop the `.monitoring-data-N` index
- Drop use of `_type` in all cases (replaced by `doc` and a new `type` field)
- Drop the API version from the template name (e.g., instead of `.monitoring-es-6` we now use `.monitoring-es`).
- Change API version to `-6-` from `-2-`.
- Both exporters handle versioned resources (templates, pipelines, and watches)
- HTTP exporters will optionally (true by default) publish placeholders for the old, `-2` templates.

When this is backported, it will need to:

- Change `index_patterns` to `template` within the templates.
- Downgrade the version requirements for the templates, pipeline, and watches _and_ the HTTP exporter itself (all require 6.0)

This is a companion to the feature branch in X-Pack Kibana elastic/x-pack-kibana/pull/1318 and they need to be merged at the same time.

Original commit: elastic/x-pack-elasticsearch@6031cfffa4
2017-06-06 14:29:52 -04:00
Jay Modi 2d893df7e9 Add better authorization for scroll requests and remove signing (elastic/x-pack-elasticsearch#1416)
This commit adds better security for scroll requests in that they are now tied to a single user as
we only authorize the request that creates the scroll. This is accomplished by adding a
SearchOperationListener that listens for new scroll contexts and stores the authentication on the
ScrollContext. Then upon
retrieval of the search context for a query or fetch, the current authentication is compared to the
authentication that was present when the scroll context was created. If the current authentication
belongs to a different user, then a SearchContextMissingException will be thrown to prevent leaking
a valid vs invalid scroll id.

Additionally, signing of a scroll id is only performed when there is a older node in the cluster
that would expect the scroll id to be signed. Once this is backported to 5.x, we can remove this
bwc layer for 6.0/master.

Original commit: elastic/x-pack-elasticsearch@0e5dcafd32
2017-06-06 10:23:18 -06:00
Martijn van Groningen 15022670e2 security: Add FLS & DLS tests for join field
Original commit: elastic/x-pack-elasticsearch@3a35743ccc
2017-06-06 16:44:19 +02:00
Dimitris Athanasiou 3f6e640f90 [ML] Add force delete datafeed action (elastic/x-pack-elasticsearch#1623)
When a user or client intend to delete a datafeed
and its job, there is benefit into ensuring the
datafeed has gracefully stopped (ie no data loss).
In constrast, the desired behaviour is to stop and
delete the datafeed as quickly as possible.

This change adds a force option to the delete
datafeed action. When the delete is forced,
the datafeed is isolated, its task removed and,
finally, the datafeed itself is removed from the
metadata.

relates elastic/x-pack-elasticsearch#1533

Original commit: elastic/x-pack-elasticsearch@5ae0168bf2
2017-06-06 13:39:36 +01:00
David Roberts c2575288d8 [ML] Account for the possibility of no ML metadata existing (elastic/x-pack-elasticsearch#1648)
We try to install empty ML metadata as soon as possible after startup
if none exists.  However, this still leaves a short gap when the cluster
is active with no ML metadata.  To avoid problems, functions that use
the ML metadata should treat this situation as equivalent to having
empty ML metadata.

relates elastic/x-pack-elasticsearch#1643

Original commit: elastic/x-pack-elasticsearch@8f0e00cda8
2017-06-06 13:27:23 +01:00
David Roberts 0d2b127fd7 [TEST] Wait for stable cluster to avoid spurious test failures
Original commit: elastic/x-pack-elasticsearch@4c0d9a0fac
2017-06-06 10:23:54 +01:00
Luca Cavanna f09ccbc6cb Adapt indices resolution to new ignoreAliases index option (elastic/x-pack-elasticsearch#1622)
ignoreAliases allows to resolve index expressions against concrete indices only, rather than against indices and aliases. It is used for now only in IndicesAliasesRequest and the indices resolution code in the security plugin needs to be adapted accordingly.

Original commit: elastic/x-pack-elasticsearch@ae964eade9
2017-06-06 11:02:07 +02:00
David Roberts 41ef0b827f [ML] Add a write alias for persisting job results (elastic/x-pack-elasticsearch#1636)
This commit switches over to two index aliases per job: one for reading
and one for writing.  In the future this will allow the addition of a
rollover endpoint for ML results indices.  (Rollover is still not possible
following this change, but the change to make it possible in the future
should not be a breaking change now.)

Relates elastic/x-pack-elasticsearch#1599
relates elastic/x-pack-elasticsearch#827

Original commit: elastic/x-pack-elasticsearch@d648f4631f
2017-06-06 09:44:11 +01:00
David Kyle ce0315abc4 [ML] Add force delete job option (elastic/x-pack-elasticsearch#1612)
* Add force delete job option

* Can’t kill a process on a 5.4 node

* Address review comments

* Rename KillAutodetectAction -> KillProcessAction

* Review comments

* Cancelling task is superfluous after it has been killed

* Update docs

* Revert "Cancelling task is superfluous after it has been killed"

This reverts commit 576950e2e1ee095b38174d8b71de353c082ae953.

* Remove unnecessary TODOs and logic that doesn't alwasys force close

Original commit: elastic/x-pack-elasticsearch@f8c8b38217
2017-06-06 09:41:33 +01:00
Tim Vernum a12b384906 [TEST] Force LDAP connection to close at end of test (elastic/x-pack-elasticsearch#1620)
This test would sometime leak threads.
The "Timer thread for LDAPConnection" is created by the unboundid SDK - closing the connection should force the thread to terminate

Original commit: elastic/x-pack-elasticsearch@bd58a17a59
2017-06-06 17:47:28 +10:00
Alexander Reelsen 376c9be6fa Watcher: Ensure reloading happens based on watch index instead of alias (elastic/x-pack-elasticsearch#1544)
The cluster state listener to decide if watcher should be reloaded was
assuming that no aliases could be used and thus wrongly could trigger
a reload, which could have lead to wrong test results.

During debugging I also added a reason for reloading and fixed another
wrong test assumption.

Also the listener does not rely on previous cluster state, but stores this
in instance variable, as we need to compare with local state and not the
previous cluster state.

Original commit: elastic/x-pack-elasticsearch@582783a66d
2017-06-06 09:39:11 +02:00
Tim Vernum fe37109c3f [DOCS] [Security] Documentation for Role Mapping API (elastic/x-pack-elasticsearch#1474)
Includes:
- Extensive changes to "mapping roles" section
- New section for role mapping API
- Updates to LDAP/AD/PKI realms to refer to API based role mapping 
- Updates to LDAP/AD realms: `unmapped_groups_as_roles` only looks at file-based mappings 
- Updates to LDAP/AD realms: new setting for "metadata"

Original commit: elastic/x-pack-elasticsearch@6349f665f5
2017-06-06 14:12:31 +10:00
Tim Vernum 6e7102845b [TESTS] run-as in SecurityServerTransportInterceptorTests (elastic/x-pack-elasticsearch#1475)
Changed existing tests to randomly include a separate "authenticating-user" to verify that the behaviours are correct when run-as is used.
Also includes random roles to completeness.

Related to: elastic/x-pack-elasticsearch@637a865 elastic/x-pack-elasticsearch#1391

Original commit: elastic/x-pack-elasticsearch@e4006bc80a
2017-06-06 14:08:14 +10:00
Tim Vernum 98cdc15038 [Security] Support anon-bind without pooling (elastic/x-pack-elasticsearch#1491)
Make LDAP User-Search work with anonymous bind (bind_dn not set) and connection pooling disabled.

Original commit: elastic/x-pack-elasticsearch@b2c7703fb0
2017-06-06 14:07:07 +10:00
David Kyle 5f76bbd58d [ML] Validate that no documents exist with the new job_id (elastic/x-pack-elasticsearch#1624)
* Validate that no documents exist with the new job_id

Original commit: elastic/x-pack-elasticsearch@acdfb7b5a9
2017-06-05 14:11:34 +01:00
David Roberts 955968c53c [ML] Delete one type at a time when deleting model snapshots (elastic/x-pack-elasticsearch#1637)
This avoids log spam about being unable to create new mappings in indices
that are set to only allow one type.  (It doesn't actually have any effect
on the deletion, which was working before despite the failure to create new
mappings for the legacy types referenced by the delete request.)

relates elastic/x-pack-elasticsearch#1634

Original commit: elastic/x-pack-elasticsearch@061ce7acf1
2017-06-05 13:46:24 +01:00
Ryan Ernst 7ee8eccf95 Script: Convert uses of CompiledTemplate to TemplateScript (elastic/x-pack-elasticsearch#1630)
This is the xpack side of elastic/elasticsearch#25032

Original commit: elastic/x-pack-elasticsearch@ba7df4f6ce
2017-06-02 13:41:33 -07:00
Nik Everett a27ded98c6 Test: crank up logging on LicensingTests
We've seen some failures of the LicensingTests that we don't have enough
information to debug:
https://internal-ci.elastic.co/job/elastic+x-pack-elasticsearch+master+periodic/2220/consoleFull

So this cranks up the logging of the bits we expect to see the failures
in.

Original commit: elastic/x-pack-elasticsearch@d28c1051a4
2017-06-02 11:38:26 -04:00
David Roberts 67ddbf1fac [ML] Don't serialise the detector_index field to cluster state (elastic/x-pack-elasticsearch#1628)
Because:

1. It's pointless, as new detector_index values are assigned when an
   analysis_config is parsed
2. It creates a backwards compatibility issue when upgrading from v5.4

Original commit: elastic/x-pack-elasticsearch@2f61aa457e
2017-06-02 16:38:18 +01:00
Chris Earle 8e76265c26 Always Accumulate Transport Exceptions (elastic/x-pack-elasticsearch#1619)
This is the x-pack side of the removal of `accumulateExceptions()` for both `TransportNodesAction` and `TransportTasksAction`.

There are occasional, random failures that occur during API calls that are silently ignored from the caller's perspective, which also leads to weird API responses that have no response and also no errors, which is obviously untrue.

Original commit: elastic/x-pack-elasticsearch@9b57321549
2017-06-02 10:01:21 -04:00
David Roberts babe27afe0 [ML] Add a detector_index field to detectors, and use it for updates (elastic/x-pack-elasticsearch#1613)
Detectors now have a field called detector_index.  This is also now the
field that needs to be supplied when updating a detector.  (Previously
it was simply index, which was confusing.)

When detectors are added to an analysis_config it will reassign
ascending detector_index values starting from 0.  The intention is
never to allow deletion of detectors from an analysis_config, but
possibly to allow disabling them in the future.  This ensures that
detector_index values in results will always tie up with detector_ids
in the detectors that created them.

relates elastic/x-pack-elasticsearch#1275

Original commit: elastic/x-pack-elasticsearch@20a660b07b
2017-06-02 10:26:01 +01:00
Colin Goodheart-Smithe 36b8fe9b29 Adds nodes usage action to known actions list (elastic/x-pack-elasticsearch#1111)
* Adds nodes usage action to known actions list

* Adds name to all rest actions

Original commit: elastic/x-pack-elasticsearch@77ae827a66
2017-06-02 08:46:48 +01:00
Tanguy Leroux 261bf8d78d [Test] LocalExporterTests should wait for exporters to terminate in a finally block (elastic/x-pack-elasticsearch#1581)
At the end of the test, LocalExporterTests checks if no more monitoring
 data are exporter by checking multiple times the last time nodes_stats
 documents were exported, stopping after 10 seconds. It does this in a
 @After annotated method but it would be better to do this in a finally
 block. Also, it should search for node_stats documents only if the
 monitoring indices exist and are searchable to avoid some "all shards
 failed" failures.

Original commit: elastic/x-pack-elasticsearch@90ffb4affd
2017-06-02 09:12:49 +02:00
David Roberts bf068e9ec3 [ML] Avoid stack traces in the log when deleting jobs (elastic/x-pack-elasticsearch#1615)
Now we've set the option for one type per index it causes a stack trace
in to be logged if we issue a request to delete two documents with
different types.  We only do this to cover the case of documents left
over from v5.4.  We can avoid it by deleting by query using just the
document IDs.

Original commit: elastic/x-pack-elasticsearch@2abffc7d95
2017-06-01 17:10:41 +01:00
Alexander Reelsen 730cfd7c7a Watcher: Remote WatcherClientProxy/ClientProxy class (elastic/x-pack-elasticsearch#1561)
This commit removes ClientProxy and WatcherClientProxy classes. They
were added in times, where there were issues with guice and circular
dependencies. However there is no guice anymore and on top of that
the classes do not add any value.

We can switch to use a regular client, but have to make sure that
the InternalClient is injected in all the transport actions as those
is able to query data, when security is enabled.

Original commit: elastic/x-pack-elasticsearch@763a79b2f7
2017-06-01 16:30:21 +02:00
Dimitris Athanasiou 15e53280dc [ML] Allow datafeed to start when job is opening (elastic/x-pack-elasticsearch#1611)
The goal of this change is to allow datafeeds to start
when the job is in the opening state. This makes the API
more async and it allows clients like the ML UI to open a
job and start its datafeed without having to manage the
complexity of dealing with timeouts due to the job taking
time to open due to restoring a large state.

In order to achieve this, this commit does a number of things:

  - accepts a start datafeed request when the job is opening
  - adds logic to the DatafeedManager to wait before running the
  datafeed task until the job is opened
  - refactord the datafeed node selection logic into its own class
  - splitd selection issues in critical and non-critical with regard
  to creating the datafeed task
  - refactord the unit tests to make simpler to write & understand
  - adds unit tests for added and modified functionality
  - changes the response when the datafeed cannot be started to
  be a conflict exception

relates elastic/x-pack-elasticsearch#1535

Original commit: elastic/x-pack-elasticsearch@c83196155d
2017-06-01 12:00:46 +01:00
Tim Vernum fe33d8eba4 [Security] Include doc-type in _id for tokens (elastic/x-pack-elasticsearch#1473)
In preparation for the removal of types, new security types like invalidated-tokens are stored in the .security
index under the generic "doc" type, with a query filter on `doc_type`.

In order to avoid id clashes, we also need to use that doc_type as part of the document id.

relates elastic/x-pack-elasticsearch#1300

Original commit: elastic/x-pack-elasticsearch@469724a228
2017-06-01 10:48:52 +10:00
David Roberts 6484f812c0 [ML] Change the root_cause of error responses to be more informative (elastic/x-pack-elasticsearch#1598)
When an error response contains multiple layers of errors, Kibana displays
the one labelled root_cause.  The definition of root_cause is the most
deeply nested ElasticsearchException.  Therefore, it is of great benefit to
the UI if our config validation returns the actual problem in an
ElasticsearchException rather than an IllegalArgumentException.

This commit also adds an extra validation check to catch the case of a
single job config containing fields x.y as well as x earlier.  Previously
this was caught when we tried to create results mappings, and was
accompanied by an error suggesting that using a dedicated results index
would help, when clearly it won't for a clash in a single job config.

Fixes elastic/x-pack-kibana#1387
Fixes elastic/prelert-legacy#349

Original commit: elastic/x-pack-elasticsearch@7d1b7def6c
2017-05-31 14:42:10 +01:00
David Roberts ef25e2b604 [ML] When deleting a filter refresh the index immediately (elastic/x-pack-elasticsearch#1587)
Otherwise it's possible that the get_filter endpoint can return a filter that's been
deleted. Although this is the behaviour of the search API, specific metadata
management APIs should provide better guarantees.

Original commit: elastic/x-pack-elasticsearch@818495f176
2017-05-31 14:36:43 +01:00
markharwood 518f8a9120 Graph - reinstate correct Graph REST endpoint implementationof the form `_xpack/graph/_explore`. (elastic/x-pack-elasticsearch#1589)
Previous versions accidentally introduced an unconventional format for x-pack plugins.

relates elastic/x-pack-elasticsearch#1570

Original commit: elastic/x-pack-elasticsearch@38c42ae150
2017-05-31 14:17:34 +01:00
David Kyle 1759f70ceb [ML] Fix bwc streaming close job requests to v5.4 nodes (elastic/x-pack-elasticsearch#1586)
Original commit: elastic/x-pack-elasticsearch@0f02c8ddde
2017-05-31 10:28:16 +01:00
Suyog Rao e7b492e450 [Logstash] Add new reserved role for managing LS configs (elastic/x-pack-elasticsearch#1531)
Adds a new reserved role called `logstash_admin` that provides access
to `.logstash-*` index for managing configurations.

Will add documentation in old x-pack dir

relates elastic/x-pack-elasticsearch#609

Original commit: elastic/x-pack-elasticsearch@48c40e01f8
2017-05-30 15:04:16 -07:00
Nik Everett 503717b915 Build: allow building snapshot of release branches (elastic/x-pack-elasticsearch#1582)
This allows us to build both 5.5.0-SNAPSHOT and 5.4.1-SNAPSHOT
artifacts for backwards compatibility testing. It is a port of
elastic/elasticsearch:24870 to x-pack and will be super useful
when elastic/elasticsearch:24846 is ported to x-pack.

Original commit: elastic/x-pack-elasticsearch@0ea443f488
2017-05-30 09:04:27 -04:00
David Roberts 374e54233d [TEST] Ensure a well-defined cleanup order for YAML tests (elastic/x-pack-elasticsearch#1585)
Previously there were two @After methods in the XPackRestIT class, and
there is no guarantee about the order in which these run.  This commit
replaces these with a single @After method that calls the cleanup methods
in a well-defined order.

Original commit: elastic/x-pack-elasticsearch@d3ab366591
2017-05-30 13:19:06 +01:00
Tim Vernum e177f79aa3 Support wildcards in has_privileges API (elastic/x-pack-elasticsearch#1454)
The has_privileges API now supports wildcards.
The semantics are that the user must have a superset of the wildcard being checked.

---------------------
Role | Check | Result
---------------------
*    | foo*  | true
f*   | foo*  | true
foo* | foo*  | true
foo* | foo?  | true
foo? | foo?  | true
foo? | foo*  | false
foo  | foo*  | false

Original commit: elastic/x-pack-elasticsearch@817550db17
2017-05-30 13:40:29 +10:00
Tim Vernum da40720ef0 Rename LDAP setting meta_data to metadata (elastic/x-pack-elasticsearch#1455)
We don't hyphenate metadata anywhere else.
Also added tests for the LdapMetaDataResolver as they were completely absent.

Original commit: elastic/x-pack-elasticsearch@eec647ba93
2017-05-30 13:38:40 +10:00
Tanguy Leroux e977bdbf1f [Test] @AwaitsFix on BootStrapTests.testMixedTriggeredWatchLoading
It seems that it's going to be fixed by elastic/x-pack-elasticsearch#1544.

Original commit: elastic/x-pack-elasticsearch@4dce689b5b
2017-05-29 14:10:16 +02:00
Nik Everett 4e39bbb84a Rename some version constants to handle changes in core (elastic/x-pack-elasticsearch#1575)
Handle core renaming some constants.

Original commit: elastic/x-pack-elasticsearch@6db55e0225
2017-05-26 18:36:48 -04:00
David Roberts cc96580cd6 [ML] Remove record_count from bucket results (elastic/x-pack-elasticsearch#1568)
relates elastic/x-pack-elasticsearch#1564

Original commit: elastic/x-pack-elasticsearch@0caff1a735
2017-05-26 16:57:40 +01:00
David Kyle b284fc3c91 [Ml] Read v5.4 datacounts (elastic/x-pack-elasticsearch#1565)
* Read v54 datacounts

* Rename method legacyDocumentId -> v54DocumentId

Original commit: elastic/x-pack-elasticsearch@7dd297c287
2017-05-26 16:29:21 +01:00
Dimitris Athanasiou 8dc50990a3 [ML] Enable single_type on ML indices (elastic/x-pack-elasticsearch#1566)
Relates elastic/x-pack-elasticsearch#668

Original commit: elastic/x-pack-elasticsearch@7e11ed2774
2017-05-26 15:51:42 +01:00
Dimitrios Athanasiou 8ec9427196 [TEST] Fix YAML tests for single type and new id changes
Original commit: elastic/x-pack-elasticsearch@a3b2bd6643
2017-05-26 15:43:15 +01:00
Dimitrios Athanasiou 9ed06ba15e [ML] Remove duplicate tests from MlJobIT
This deletes tests getting results from MlJobIT since
such tests already exist in a form that is simpler to
understand and maintain in the YAML suite.

Original commit: elastic/x-pack-elasticsearch@b708e24877
2017-05-26 13:44:45 +01:00
Dimitris Athanasiou 156059e065 [ML] Add missing mappings on job open (elastic/x-pack-elasticsearch#1563)
As we now have single mappings for a doc type,
we need to add these mappings if they are missing
from existing indices that were created in 5.4.

Relates elastic/x-pack-elasticsearch#668

Original commit: elastic/x-pack-elasticsearch@1693807b6e
2017-05-26 13:13:21 +01:00
David Roberts fffe424625 [ML] Switch state to use _type "doc" (elastic/x-pack-elasticsearch#1552)
This commit means that newly created ML state indices will have a single
type named "doc", and newly persisted state documents will have type
"doc" too.

Retrieving state is only supported for type "doc".

When deleting state, documents with the old types are deleted in addition
to those with type "doc".  This means jobs created by the beta can be fully
deleted.

Relates elastic/x-pack-elasticsearch#668

Original commit: elastic/x-pack-elasticsearch@29c07d40f1
2017-05-26 10:51:29 +01:00
Ryan Ernst bb71839b85 Build: Switch ml snapshot dependency to a local project (elastic/x-pack-elasticsearch#1559)
This commit adds an internal project call ml-cpp-snapshot which when
built will pull the ml cpp zip file from the prelert bucket. The GET
request has retries added to handle the dynamic aws creds eventual
consistency.

Original commit: elastic/x-pack-elasticsearch@1bba7d0f08
2017-05-26 01:15:12 -07:00
Ryan Ernst 4ecd1e5d50 Fix mock painless to use mock compiled script for generating
search/executable scripts

Original commit: elastic/x-pack-elasticsearch@362432664b
2017-05-26 00:35:36 -07:00
Ryan Ernst d9816fac58 Update uses of script factory types to new names (elastic/x-pack-elasticsearch#1560)
This is the xpack side of
https://github.com/elastic/elasticsearch/pull/24897

Original commit: elastic/x-pack-elasticsearch@d61f4e1da2
2017-05-26 00:03:00 -07:00
Ryan Ernst 77f441b1a0 Update signature for getScriptEngine method of script plugins
This is the xpack side of
https://github.com/elastic/elasticsearch/pull/24896

Original commit: elastic/x-pack-elasticsearch@6b06f5e758
2017-05-25 16:56:00 -07:00
Ryan Ernst d3b3fe783d Use new context constants for SearchScript and ExecutableScript (elastic/x-pack-elasticsearch#1550)
This is the xpack side of
https://github.com/elastic/elasticsearch/pull/24883.

Original commit: elastic/x-pack-elasticsearch@9e612ec222
2017-05-25 12:18:55 -07:00
Jay Modi f5e86cabaf Move PkiRealm checks for SSL and client authentication to a bootstrap check (elastic/x-pack-elasticsearch#1442)
This commit cleans up the check for SSL with client authentication when a PKI realm is enabled by
moving it from the realm to a actual bootstrap check.

A bug was found during this cleanup in the check for transport profiles and that is also fixed in
this commit.

relates elastic/x-pack-elasticsearch#420

Original commit: elastic/x-pack-elasticsearch@3aa6a3edc0
2017-05-25 12:58:45 -06:00
Dimitris Athanasiou 1e86f55746 [ML] Fix search that fetches results for renormalization (elastic/x-pack-elasticsearch#1556)
The commit that converted the results index into single type
broke the search for fetching results for renormalization.
This commit fixes that.

Original commit: elastic/x-pack-elasticsearch@1ca7517adc
2017-05-25 17:54:13 +01:00
Dimitris Athanasiou 9b655ce6f1 [ML] Improve logging while removing expired data (elastic/x-pack-elasticsearch#1554)
relates elastic/x-pack-elasticsearch#1286

Original commit: elastic/x-pack-elasticsearch@4f938fa14b
2017-05-25 14:40:09 +01:00
Dimitris Athanasiou 779e6f6dba [ML] Handle requests with source (elastic/x-pack-elasticsearch#1553)
REST endpoints that support GET and POST need
to also support source parsing. As these
endpoints can accept a body but some clients
do not allow doing a GET with a request body,
elasticsearch has support for parsing via a
source URI parameter. This commit adds source
handling to all such endpoints.

relates elastic/x-pack-elasticsearch#1204

Original commit: elastic/x-pack-elasticsearch@3949ea31fe
2017-05-25 11:57:16 +01:00
David Kyle ce25e1f4f3 [ML] Don’t wait on flush ack if results parser has failed (elastic/x-pack-elasticsearch#1540)
Original commit: elastic/x-pack-elasticsearch@f1a82ae315
2017-05-25 10:52:44 +01:00
David Kyle 6befa83337 [ML] Reinstate DatafeedJobsIT::testRealtime_multipleStopCalls test (elastic/x-pack-elasticsearch#1542)
* Handle exception in action

Original commit: elastic/x-pack-elasticsearch@2c2f28115f
2017-05-25 10:02:14 +01:00
David Roberts 1bfc864193 [ML] Normalize records and buckets separately (elastic/x-pack-elasticsearch#1524)
Previously we used to normalize records with their buckets.  This required
nested scrolls: an outer scroll over buckets, then a nested scroll for
records in each bucket.  This was fragile.

The new approach is to simply scroll first through buckets, then through
records.  This is made possible because we no longer store max_record_score
on buckets nor bucket anomaly_score on records.

While making these changes I noticed that the PerPartitionMaxProbabilities
class was redundant (because it was storing max_record_score in the case of
per-partition normalization), so I removed it.  I also removed a redundant
Map from the Bucket class and fixed its equals() and hashCode() methods.

relates elastic/x-pack-elasticsearch#1115

Original commit: elastic/x-pack-elasticsearch@efbee63573
2017-05-25 08:50:56 +01:00
Ryan Ernst aae7cf0b0f Update test script engines to use generic compile method (elastic/x-pack-elasticsearch#1546)
This is the xpack side of https://github.com/elastic/elasticsearch/pull/24873

Original commit: elastic/x-pack-elasticsearch@1779afa6bc
2017-05-24 20:06:51 -07:00
Ryan Ernst 3b58334efb Refactor script context generic types (elastic/x-pack-elasticsearch#1547)
This is the xpack side of
https://github.com/elastic/elasticsearch/pull/24877

Original commit: elastic/x-pack-elasticsearch@4f3a1a27e6
2017-05-24 19:20:59 -07:00
Alexander Reelsen 463c337d62 Tests: Ensure HTTPClient does not follow redirects after post
Relates elastic/x-pack-elasticsearch#470

Original commit: elastic/x-pack-elasticsearch@5333a65c0e
2017-05-24 23:46:14 +02:00
Ryan Ernst 9a7c28786a Scripting: Use type aware script contexts (elastic/x-pack-elasticsearch#1538)
This creates two different script contexts for watcher, one which may be
used for SearchScript, and another for ExecutableScript.
This is the xpack side of elastic/elasticsearch#24868.

Original commit: elastic/x-pack-elasticsearch@9ae3d45fed
2017-05-24 14:29:25 -07:00
Dimitris Athanasiou d7e528f7f7 [ML] Reject put datafeed for job that is marked as deleted (elastic/x-pack-elasticsearch#1537)
Deleting a job issues 2 cluster state updates.
The first marks the job as deleted.
The second actually removes the job.
Both check that there is no datafeed referring to the job.
If a put datafeed request arrives between those 2 cluster
state updates, the datafeed gets created and the final
job cluster state update fails. This means we end up with
both the job and the datafeed, but the job's results and
state have been deleted.

This commit changes the behaviour so that the put
datafeed request fails for a job that is marked as deleted
as this scenario is avoiding partially executing an action.

relates elastic/x-pack-elasticsearch#1510 

Original commit: elastic/x-pack-elasticsearch@76fa0f0b1a
2017-05-24 18:34:03 +01:00
Alexander Reelsen ccf3fa2579 Watcher: Muting failing BootStrapTests.testTriggeredWatchLoading test
Relates elastic/x-pack-elasticsearch#1309

Original commit: elastic/x-pack-elasticsearch@ed03afc4d1
2017-05-24 14:55:39 +02:00
Dimitris Athanasiou 71fe599592 [ML] Single doc type for results index (elastic/x-pack-elasticsearch#1528)
This commit changes all results to use the single doc type.
All searches were adjusted to work without the need to specify
type which ensures BWC with 5.4 results.

Additional work is needed to put the new doc mapping in indices
created with 5.4 but it will be done in separate PR.

Relates elastic/x-pack-elasticsearch#668

Original commit: elastic/x-pack-elasticsearch@041c88ac2d
2017-05-24 13:24:32 +01:00
Alexander Reelsen 3d057991e0 Tests: Various watcher test improvements
* Reduced a longish timeout to a shorter one, as a watch should be
  executed in a HTTP test.
* Ensured that the TimeThrottleIntegration tests only query for own
  watches in the watch history, also use random names for watch ids
* HipChatServiceTests configured deprecated logging package, so it was
  not possible to follow the HTTP calls to the hipchat service endpoint.

relates elastic/x-pack-elasticsearch#1514
Relates elastic/x-pack-elasticsearch#1515

Original commit: elastic/x-pack-elasticsearch@adb492e4e9
2017-05-24 14:08:02 +02:00
David Kyle caad9035fd Mark failing test AwaitsFix
Original commit: elastic/x-pack-elasticsearch@c117ef9947
2017-05-24 12:25:34 +01:00
David Kyle b083062689 [ML] Add document type to ID (elastic/x-pack-elasticsearch#1525)
* Add document type to ID

* Delete v5.4 quantiles

Original commit: elastic/x-pack-elasticsearch@d1f383b972
2017-05-24 11:43:25 +01:00
David Kyle fc2d1266f4 Fix compilation
Original commit: elastic/x-pack-elasticsearch@6d34ac5a0c
2017-05-24 10:04:08 +01:00
David Kyle d9882be292 [ML] Use unique and predictable IDs for result docs (elastic/x-pack-elasticsearch#1521)
* Remove sequenceNum from anomaly records and influencers

* Generate unqiue IDs without sequence numbers

* Remove more instances of sequence_num

* Handle parsing sequnce_num from v5.4

Original commit: elastic/x-pack-elasticsearch@e60b206daf
2017-05-24 09:59:17 +01:00
Ryan Ernst b664e66a0d Test: Simplify watch stats test script engine (elastic/x-pack-elasticsearch#1520)
This commit simplifies the WatchStatsTests to use a MockScriptPlugin.
The latch script engine previously depended on a static instance of the
engine to contain the latches. These are now moved to statics of the
test class itself.

Original commit: elastic/x-pack-elasticsearch@4170cd1bd3
2017-05-23 12:23:05 -07:00
Andrew Cholakian ae778cc66f Move logstash-states template into the main logstash template (elastic/x-pack-elasticsearch#1490)
This is a revert of elastic/x-pack-elasticsearch@1940d79d13.
and also moves the template to boot

Original commit: elastic/x-pack-elasticsearch@434183b0e9
2017-05-23 09:20:46 -05:00
Jason Tedor 275bfc0e51 Mark failing exporter template test as awaits fix
This test is failing for eleven days and needs to be looked at.

Original commit: elastic/x-pack-elasticsearch@b16b95f333
2017-05-23 09:48:21 -04:00
David Kyle ea0f3fe4a0 [ML] Wait for a stopping datafeed (elastic/x-pack-elasticsearch#1461)
* [ML] Wait for a stopping datafeed

* Fix compilation after rebase

* Address review comments

Original commit: elastic/x-pack-elasticsearch@2baed641e9
2017-05-23 14:31:19 +01:00
Ali Beyad ec175debd0 Enables security to work with index aliases (elastic/x-pack-elasticsearch#1496)
This commit enables security to work with an index named .security (as
it could before) OR an alias named .security that points to a concrete
index by a different name that has the security index.  This prepares
the ability to migrate from a 5.x to 6.x security index that allows
changing and re-indexing the underlying security index while maintaining
a .security alias that points to the underlying updated index.

relates elastic/x-pack-elasticsearch#1216

Original commit: elastic/x-pack-elasticsearch@9fee12e5a0
2017-05-23 09:10:06 -04:00
Alexander Reelsen 521b7a1940 Watcher: Support setting of markdown in attachments (elastic/x-pack-elasticsearch#1492)
Watcher: Support setting of markdown in attachments

This allows to set the `mrkdwn_in` array in slack attachments to specify which fields should contain markdown.
See https://api.slack.com/docs/message-formatting#message_formatting

This is mainly useful for the text and pretext fields in an attachment.

relates elastic/x-pack-elasticsearch#403

Original commit: elastic/x-pack-elasticsearch@ee4180e4bf
2017-05-23 13:33:00 +02:00
David Roberts e198845614 [ML] Avoid masses of log spam/stack traces on shutdown (elastic/x-pack-elasticsearch#1495)
Suppress many job/datafeed errors if a node is known to be shutting down. Also, ensure started datafeeds and open jobs don't end up stopped/failed due to errors as the shutdown progresses, as this would prevent them automatically relocating to a different node.

relates elastic/x-pack-elasticsearch#1114

Original commit: elastic/x-pack-elasticsearch@e56a7dbea1
2017-05-23 10:05:27 +01:00
Ali Beyad 958ee95f26 [TEST] mute watcher test failure that is being tracked in elastic/x-pack-elasticsearch#1517
Original commit: elastic/x-pack-elasticsearch@a28b7ce3a5
2017-05-22 22:01:31 -04:00
Ryan Ernst 68e0bc419a Use simplified ScriptContext (elastic/x-pack-elasticsearch#1502)
This is the xpack side of elastic/elasticsearch#24818

Original commit: elastic/x-pack-elasticsearch@0edbbab431
2017-05-22 13:11:23 -07:00
Ali Beyad f158be89b8 [TEST] fixes tests that attempt to delete documents from missing
indices, as that is now prohibited by elastic/elasticsearch#24518

relates elastic/x-pack-elasticsearch#1511

Original commit: elastic/x-pack-elasticsearch@026a516196
2017-05-22 13:16:53 -04:00
Ali Beyad e0a8881cfc [TEST] mute failing tests, which are tracked in elastic/x-pack-elasticsearch#1511
Original commit: elastic/x-pack-elasticsearch@e23dd847f3
2017-05-22 12:19:56 -04:00
Dimitris Athanasiou aff8258398 [ML] Change result index searches to not use _type (elastic/x-pack-elasticsearch#1509)
Adjusts the searches for

- buckets
- categories
- model snapshots

to not use _type.

Relates elastic/x-pack-elasticsearch#668

Original commit: elastic/x-pack-elasticsearch@8269609705
2017-05-22 14:44:39 +01:00
Hendrik Muhs edc299a532 move verification so that test is in order (elastic/x-pack-elasticsearch#1504)
improves test by taking order of statuses into account

Original commit: elastic/x-pack-elasticsearch@0d214714d3
2017-05-22 15:44:09 +02:00
David Kyle 1873624a18 Fix failing line length checks
Original commit: elastic/x-pack-elasticsearch@6a493a70a4
2017-05-22 12:39:51 +01:00
David Kyle 8e890d0365 Fix test
Original commit: elastic/x-pack-elasticsearch@cdf7950d3f
2017-05-22 12:36:15 +01:00
David Kyle 0425f58d80 [ML] Give test jobs meaningful names (elastic/x-pack-elasticsearch#1508)
Original commit: elastic/x-pack-elasticsearch@97bec3b1e9
2017-05-22 12:22:39 +01:00
David Roberts 5b2ef6e98e [ML] Ignore IndexNotFoundException when deleting quantiles (elastic/x-pack-elasticsearch#1507)
Relates elastic/elasticsearch#24518

Original commit: elastic/x-pack-elasticsearch@34ee52443c
2017-05-22 11:04:27 +01:00
Hendrik Muhs 527dcfd98d [ML] Make job closing robust against crashes in autodetect and other misbehavior (elastic/x-pack-elasticsearch#1480)
Set job to failed if autodetect manager fails closing, fix force closing of jobs that hang in closing 
state, set timeout when waiting for clusterstate update, disallow closing of failed jobs with normal 
close

relates elastic/x-pack-elasticsearch#1453 

Original commit: elastic/x-pack-elasticsearch@493cf85e22
2017-05-22 08:48:33 +02:00
Simon Willnauer 392e67851e Preserve aliases in index permissions (elastic/x-pack-elasticsearch#1501)
Aliases might be contained in requests that check index permissions
to disable caches etc. This commit preserves permissions for
aliases as well.

Original commit: elastic/x-pack-elasticsearch@233195aeba
2017-05-20 21:34:38 +02:00
Ryan Ernst 883f5d8a7a Remove overrides of isInlineScriptEnabled (elastic/x-pack-elasticsearch#1500)
This is the xpack side of elastic/elasticsearch#24815

Original commit: elastic/x-pack-elasticsearch@5aa314a49d
2017-05-20 12:01:34 -07:00
David Roberts fa95474ab8 [BUILD] Change ordering of Java compilation and ML C++ notice extraction
May help to avoid problems with the speed of temporary AWS credentials
propagation (see elastic/x-pack-logstash#73)

Original commit: elastic/x-pack-elasticsearch@c78e00cda5
2017-05-19 13:36:40 +01:00
Tim Vernum b689159077 [TEST] Mock getVersion on channel for ServerTransportFilterTests
Original commit: elastic/x-pack-elasticsearch@0b48c21eb0
2017-05-19 10:15:49 +10:00
Jack Conradson b92a2f6582 Remove deprecated script settings. (elastic/x-pack-elasticsearch#1469)
Original commit: elastic/x-pack-elasticsearch@069e5a1087
2017-05-18 13:32:57 -07:00
Jay Modi 667f842f92 Fix authentication forward compatibility (elastic/x-pack-elasticsearch#1481)
The authentication object was changed in 5.4.0 in that it was conditionally signed depending on
the version and other factors. A bug was introduced however that causes the authentication to
actually get written with the version of the node it is being sent to even if that version is
greater than the version of the current node, which causes rolling upgrades to fail.

Original commit: elastic/x-pack-elasticsearch@a718ff8a52
2017-05-18 15:30:53 -04:00
David Kyle e5810f894c [ML] Catch exceptions in AutoDetectResultProcessor#process and continue (elastic/x-pack-elasticsearch#1484)
Original commit: elastic/x-pack-elasticsearch@f1f6a322e0
2017-05-18 18:40:41 +01:00
Dimitris Athanasiou 1bb7651dba [ML] Refactor filters API to not use _type (elastic/x-pack-elasticsearch#1483)
- Removes dependence on _type for filters.
- Changes the put filter API to take the id in the URI
- Prepares .ml-meta index to be able to host more types in future

Relates elastic/x-pack-elasticsearch#668

Original commit: elastic/x-pack-elasticsearch@d4cffa9382
2017-05-18 18:09:20 +01:00
David Kyle f3c94915b0 [ML] Add sort parameter for get buckets (elastic/x-pack-elasticsearch#1464)
* Add sort parameter for get buckets

* Add secondary sort by time

* Use default values from actions in rest requests

Original commit: elastic/x-pack-elasticsearch@a530c0bed6
2017-05-18 16:40:54 +01:00
Alexander Reelsen 3f68b4facd Watcher: Use existing plugin hook to delete all old templates (elastic/x-pack-elasticsearch#1425)
This commit ensures the old 5.x index templates are removed
using the existing plugin hook, instead of the self written part.

Original commit: elastic/x-pack-elasticsearch@6faf08d98d
2017-05-18 14:21:27 +02:00
Alexander Reelsen 55359433ae Watcher: Return proper GetWatchResponse if watcher index is missing (elastic/x-pack-elasticsearch#1462)
This ensures that the same responses is returned, when a watch is
missing and when the whole watch index is missing for the
GetWatchResponse.

relates elastic/x-pack-elasticsearch#1409

Original commit: elastic/x-pack-elasticsearch@88a7335fa9
2017-05-18 14:19:18 +02:00
Alexander Reelsen adf480f8fd Watcher: Rename watch and triggered watch types to `doc (elastic/x-pack-elasticsearch#1414)
Note: This disables the BWC tests until the upgrade API is here

Original commit: elastic/x-pack-elasticsearch@8011fa06e3
2017-05-18 11:46:03 +02:00
Ryan Ernst 4c3e82604d Convert native script uses to mock scripts (elastic/x-pack-elasticsearch#1465)
This is the xpack side of elastic/elasticsearch#24726

Original commit: elastic/x-pack-elasticsearch@0428fe1d16
2017-05-17 14:56:59 -07:00
Ryan Ernst f7705eac86 Remove file scripts (elastic/x-pack-elasticsearch#1399)
This is the xpack side of elastic/elasticsearch#24627


Original commit: elastic/x-pack-elasticsearch@4d1c745d74
2017-05-17 14:42:46 -07:00
Ryan Ernst 573da95e26 Use new wireCompatVersions property instead of bwcVersion (elastic/x-pack-elasticsearch#1466)
This is the xpack side of elastic/elasticsearch#24748

Original commit: elastic/x-pack-elasticsearch@8b7dd5cdbe
2017-05-17 12:58:51 -07:00
Dimitrios Athanasiou 05daaa8a3c [ML] Fix compilation errors after Version changes
Original commit: elastic/x-pack-elasticsearch@745c1dffac
2017-05-17 18:32:47 +01:00
Dimitrios Athanasiou 646a3acd56 [ML] Fix line width in OpenJobAction
Original commit: elastic/x-pack-elasticsearch@0798745449
2017-05-17 18:14:03 +01:00
Dimitris Athanasiou f0cb7b816d [ML] Add compatibility checks while opening a job (elastic/x-pack-elasticsearch#1458)
This commit adds compatibility checks while opening a job:

- Checks that jobs without versions (< 5.5) are not opened
- Checks that jobs with incompatible types are not opened

Original commit: elastic/x-pack-elasticsearch@a3adab733e
2017-05-17 18:10:36 +01:00
Simon Willnauer d2e1b31bc7 Fix static / version based BWC tests (elastic/x-pack-elasticsearch#1456)
With the leniency in Version.java we missed to really setup BWC
testing for static indices. This change brings back the testing and adds
missing bwc indices.

Relates to elastic/elasticsearch#24732

Original commit: elastic/x-pack-elasticsearch@85e6270338
2017-05-17 17:28:35 +02:00
Dimitrios Athanasiou b9ccee8731 [TEST] Rename remaining yaml tests to yml
Original commit: elastic/x-pack-elasticsearch@5ee8b9ab7b
2017-05-17 15:59:51 +01:00
David Kyle bbf397181e [ML] New JobState enum values needs to be bwc with 5.4 (elastic/x-pack-elasticsearch#1444)
Original commit: elastic/x-pack-elasticsearch@b44d167719
2017-05-17 10:18:08 +01:00
David Kyle abbdf232aa [ML] Test ML with the Transport Client (elastic/x-pack-elasticsearch#1440)
* Hide ML actions for tribe node client
* Remove unused parameters
* Enable ML actions and rest endpoints for the transport client
* Create the ML components for the transport client
* Add ml transport client tests

Original commit: elastic/x-pack-elasticsearch@509007ca29
2017-05-16 14:34:44 +01:00
Dimitris Athanasiou dda456fb76 [ML] Add job version (elastic/x-pack-elasticsearch#1437)
relates elastic/x-pack-elasticsearch#1396

Original commit: elastic/x-pack-elasticsearch@3148c76d7f
2017-05-16 13:28:52 +01:00
Dimitrios Athanasiou e047598ca9 [ML] Fix timestamp comparison in scroll extractor cancellation logic
Original commit: elastic/x-pack-elasticsearch@1b3f88adf0
2017-05-16 13:26:57 +01:00
David Kyle 9f23c2c171 [ML] Wait for closing jobs in a close request (elastic/x-pack-elasticsearch#1398)
* Remove repeated calls to validateAndReturnJobTask

* Wait for closing job

* Refactor resolving job ids

* More close job unit tests

* Don’t finalise closing jobs twice

Original commit: elastic/x-pack-elasticsearch@20616d6f0a
2017-05-16 10:55:05 +01:00
Tanguy Leroux 9a06b5ee77 [Test] Converts LocalExporterTests.testLocalExporterFlush() as REST test (elastic/x-pack-elasticsearch#969)
The LocalExporterTests.testLocalExporterFlush() test was removed in elastic/x-pack-elasticsearch#835 when
LocalExporterTests was changed. This test verified that export exceptions are
thrown when monitoring documents are exported using the Monitoring Bulk API but
the underlying  monitoring indices are closed.

This commit reintroduces this test, but as a REST test this time.

relates elastic/x-pack-elasticsearch#416

Original commit: elastic/x-pack-elasticsearch@0a42f9a1be
2017-05-16 10:08:40 +02:00
Ryan Ernst ef3b954f63 Scripts: Convert template uses to return String instead of BytesReference (elastic/x-pack-elasticsearch#1279)
This is the xpack side of elastic/elasticsearch#24447. The one caveat is
there are a number of places within the xpack api that use
BytesReference to pass down to templates. These are convert to encode
into a BytesArray when necessary, so as not to require changing all of
those apis here at once, but they should all be convert to String as
well.

Original commit: elastic/x-pack-elasticsearch@8399b9d8c3
2017-05-15 22:37:51 -07:00
Jay Modi f5cd833af4 Use epoch millis for token expiration instead of ZonedDateTime (elastic/x-pack-elasticsearch#1417)
For user tokens, we were storing the expiration time as a date with the date time format in the
mappings. Occasionally, we would get CI failures due to parsing the date and having an invalid
format. This change simplifies the user tokens to simply use an Instant and convert it to the epoch
millis when we index the document. This eliminates the need for a date formatter and should ensure
we no longer have issues with parsing the dates.

Additionally, the TokenAuthIntegTests#testExpireMultipleTimes could fail if the token was expired
but the approximation for the expiration time was after the current time. In order to resolve this
we get the exact expiration time from the token and use that in the test.

relates elastic/x-pack-elasticsearch#1255

Original commit: elastic/x-pack-elasticsearch@d4bf53e7bc
2017-05-15 14:20:12 -06:00
Igor Motov 53753311f3 Move ReindexAction class to core (elastic/x-pack-elasticsearch#1426)
X-Pack counterpart of elastic/elasticsearch#24684

Relates to elastic/x-pack-elasticsearch#24578

Original commit: elastic/x-pack-elasticsearch@e5cd09cf4b
2017-05-15 14:29:17 -04:00
Tanguy Leroux ffcee524c5 Make SignificantTerms.Bucket an interface rather than an abstract class
Related to elastic/elasticsearch#24670

Original commit: elastic/x-pack-elasticsearch@e5b0123fbc
2017-05-15 15:19:19 +02:00
Dimitris Athanasiou e36e2c604d [ML] Write updated model snapshot to its original index (elastic/x-pack-elasticsearch#1415)
When we update a model snapshot we need to write it back to
the exact index where we read it from. This is necessary
for rollover as otherwise we would end up with two different
versions of the same snapshot.

Relates elastic/x-pack-elasticsearch#827

Original commit: elastic/x-pack-elasticsearch@b5d1ab38a7
2017-05-15 12:00:15 +01:00
Tim Vernum 463133b7de [Security] Cross cluster wildcard security (elastic/x-pack-elasticsearch#1290)
Support the resolution of remote index names, including those that contain wildcards in the cluster name or index part)

Specifically these work:
- `GET /remote*:foo/_search`
- `GET /*:foo/_search`
- `GET /*:foo,*/_search`
- `GET /remote:*/_search`
- `GET /*:*/_search`

This change assumes that every user is allowed to attempt a cross-cluster search against any remote index, and the actual authorisation of indices happens on the remote nodes. Thus ` GET /*:foo/_search` will expand to search the `foo` index on every registered remote without consideration of the roles and privileges that the user has on the source cluster.

Original commit: elastic/x-pack-elasticsearch@b45041aaa3
2017-05-15 15:02:13 +10:00
Andrew Cholakian 6413dcd759 [Logstash] New mapping for pipeline viewer (elastic/x-pack-elasticsearch#573)
Add `logstash-states` + other mapping fields for logstash pipeline viewer
This is part of https://github.com/elastic/x-pack-logstash/pull/25

Original commit: elastic/x-pack-elasticsearch@1940d79d13
2017-05-12 18:31:59 -05:00
Jason Tedor 879b4457f3 Update Netty to 4.1.11.Final
This commit upgrades the Netty dependency from 4.1.10.Final to
4.1.11.Final.

Relates elastic/x-pack-elasticsearch#1418

Original commit: elastic/x-pack-elasticsearch@1944a6f5f9
2017-05-12 15:54:05 -04:00
Dimitris Athanasiou 0ac38b05e4 [ML] Require job to have explicit data_description (elastic/x-pack-elasticsearch#1411)
relates elastic/x-pack-elasticsearch#1187

Original commit: elastic/x-pack-elasticsearch@aa2051f959
2017-05-12 17:24:27 +01:00
Alexander Reelsen 50e9e413da Watcher: Make watch history use doc type instead of watch_record (elastic/x-pack-elasticsearch#1311)
As this does not require any reindexing this is easy to fix by just
changing the watch history template.

In addition the old templates are deleted on start up and the new ones
are instantiated.

Original commit: elastic/x-pack-elasticsearch@7e1ad495ad
2017-05-12 16:52:57 +02:00
Jim Ferenczi de1d98b135 Adapt x-pack after the parent/child modularisation (elastic/x-pack-elasticsearch#1407)
This is the x-pack side of elastic/elasticsearch#24634
The hasChild, hasParent queries and the children agg are now in a module.

Original commit: elastic/x-pack-elasticsearch@e9b1296fc3
2017-05-12 15:59:40 +02:00
javanna 4f073cd4bd fix typo in AuthorizationService comment
Original commit: elastic/x-pack-elasticsearch@f747df0311
2017-05-12 11:18:01 +02:00
Simon Willnauer 0215356f12 Remove XPackDeleteByQueryAction BWC (elastic/x-pack-elasticsearch#1400)
5.5 will use delete by query from the module directly and has the
BWC layer in-place. This change therefore removes the BWC layer from 6.0

Relates to elastic/x-pack-elasticsearch#1378

Original commit: elastic/x-pack-elasticsearch@d4d4d6bc61
2017-05-12 10:19:21 +02:00
Simon Willnauer 2e34f160ff [TEST] Add ReindexPlugin to AutodetectResultProcessorIT
Original commit: elastic/x-pack-elasticsearch@acd19bf25c
2017-05-11 21:51:02 +02:00
Simon Willnauer 891c2a6c3f Replace XPacks delete_by_query impl with the core impl (elastic/x-pack-elasticsearch#1378)
This can now be shared with core once elastic/elasticsearch#24578

Original commit: elastic/x-pack-elasticsearch@42bbd75aee
2017-05-11 20:23:55 +02:00
Nik Everett 3ad2da0d87 Fix ordering
Core changed how you specify bucket ordering so we need to change
too.

Original commit: elastic/x-pack-elasticsearch@73d09f64c7
2017-05-11 13:44:17 -04:00
Nik Everett 16aa600830 Fix http request round trip tests
I broke this by adding more randomization to core's randomTimeValue
method. Now it produces valid time values that don't round trip
properly over the XContent API. This change causes the test to skip
trying to round trip time these sorts of time values.

Original commit: elastic/x-pack-elasticsearch@dcdd588bdb
2017-05-11 13:29:33 -04:00
Dimitrios Athanasiou 9ccf617a95 [TEST] Add explanation for custom random time value in ChunkingConfigTests
Original commit: elastic/x-pack-elasticsearch@9e03fb833f
2017-05-11 16:26:00 +01:00
Dimitrios Athanasiou 2e1ac420d7 [TEST] Fix ChunkingConfigTests due to time value randomization
Original commit: elastic/x-pack-elasticsearch@c145b399b6
2017-05-11 16:04:38 +01:00
Dimitris Athanasiou ba40994b1f [ML] Separate read from write index for results (elastic/x-pack-elasticsearch#1397)
This is in preparation of introducing a write alias.
It adjusts all requests to persist results to do so
using a method that returns the write alias (even though
it currently returns the same as the read alias).

Relates elastic/x-pack-elasticsearch#827

Original commit: elastic/x-pack-elasticsearch@1358dd8dcf
2017-05-11 14:44:40 +01:00
jaymode 4d3bc71327 Test: randomly assign the superuser role in RunAsIntegTests
This commit updates the RunAsIntegTests to randomly assign the superuser role to the user that
is authenticating with the cluster but the request is being run as a different user. This provides
additional validation that the authorization errors are actually coming from the user the request
is running as and not due to the authenticating user's privileges.

Original commit: elastic/x-pack-elasticsearch@c6360d13e6
2017-05-11 09:18:57 -04:00
Dimitris Athanasiou 69f9fa8ae9 [ML] Map new fields as keywords in results index (elastic/x-pack-elasticsearch#1387)
Each job introduces new fields to the results index matching
the analysis terms. When the job is created, mappings for those
are added explicitly. However, when rollover is introduced, that
will not be the case. This commit prepares for that by adding
dynamic mapping of new fields as keyword.

Relates elastic/x-pack-elasticsearch#827

Original commit: elastic/x-pack-elasticsearch@8f6cd09a71
2017-05-11 13:47:31 +01:00
David Roberts c4c57e6497 [TEST] Unit test that ML handles configs with brackets in field names (elastic/x-pack-elasticsearch#1395)
Original commit: elastic/x-pack-elasticsearch@a1d12bc254
2017-05-11 10:54:39 +01:00
Tim Vernum f3d5cf229b Change user cache TTL to be based on write not access time (elastic/x-pack-elasticsearch#1373)
This was the behaviour in Shield 2.x, but it was accidentally changed during migration to X-Pack 5.x

Original commit: elastic/x-pack-elasticsearch@de0bf5e688
2017-05-11 14:02:57 +10:00
Ryan Ernst f59b71629a Fix user copied in SecurityContext.executeAfterRewritingAuthentication (elastic/x-pack-elasticsearch#1391)
Also added a unit test for this method

Original commit: elastic/x-pack-elasticsearch@637a865119
2017-05-10 18:00:04 -07:00
Dimitrios Athanasiou 25505fad95 [TEST] Add missing verification in AutoDetectResultProcessorTests
Original commit: elastic/x-pack-elasticsearch@22b620a947
2017-05-10 17:59:54 +01:00
Dimitris Athanasiou 49eb5ea136 [ML] Retrieve model snapshot via search (elastic/x-pack-elasticsearch#1376)
This removes the last remaining GET in JobProvider.

Relates elastic/x-pack-elasticsearch#827

Original commit: elastic/x-pack-elasticsearch@820344be67
2017-05-10 17:26:37 +01:00
David Kyle 0c0961134d Fix compilation
Original commit: elastic/x-pack-elasticsearch@f4dc2c5ce7
2017-05-10 16:16:49 +01:00
David Kyle fdf86967ce [ML] Fix bug initialising ML MetaData (elastic/x-pack-elasticsearch#1386)
Slightly different to the commit I just reverted (elastic/x-pack-elasticsearch#1352)

Original commit: elastic/x-pack-elasticsearch@46339418ae
2017-05-10 16:06:13 +01:00
David Roberts 7a32304f2c [ML] Don't try to gracefully shut down the controller on unsupported platforms (elastic/x-pack-elasticsearch#1384)
It just wastes 20 seconds while we timeout trying to open named pipes that cannot
possibly have been created.

Original commit: elastic/x-pack-elasticsearch@4e447874f6
2017-05-10 16:03:16 +01:00
David Kyle 1994b42cd5 Revert "[ML] Fix bug initialising ML Metadata (elastic/x-pack-elasticsearch#1377)"
This reverts commit elastic/x-pack-elasticsearch@4e4923634a.

Original commit: elastic/x-pack-elasticsearch@3de80a1577
2017-05-10 15:56:49 +01:00
Hendrik Muhs c43ae014b4 Replace timestamp initialization 'now' to an explicit timestamp. (elastic/x-pack-elasticsearch#1383)
fixes build errors. Still ensures that the timestamp is set to 'now' if the parsed logfile misses it.

Original commit: elastic/x-pack-elasticsearch@cf60e8d76b
2017-05-10 16:17:30 +02:00
David Kyle d34192ff6f [ML] Fix bug initialising ML Metadata (elastic/x-pack-elasticsearch#1377)
* Fix bug initialising ML MetaData


Original commit: elastic/x-pack-elasticsearch@4e4923634a
2017-05-10 15:01:37 +01:00
Dimitris Athanasiou a5a44a2e2e [ML] Also revert quantiles and model_size_stats (elastic/x-pack-elasticsearch#1369)
When a model snapshot is reverted, we should also revert
quantiles and model_size_stats to the ones of the reverted
snapshot.

relates elastic/x-pack-elasticsearch#1342

Original commit: elastic/x-pack-elasticsearch@ddabe40470
2017-05-10 12:04:22 +01:00
David Roberts cd99024599 [ML] Validate job configs before transport (elastic/x-pack-elasticsearch#1375)
If invalid job configs are transported to the master node then the root
cause of the validation exception gets reported as a remote_transport_exception,
which is extremely confusing.

This commit moves the validation of job configurations to the first node that
handles the action.

Fixes elastic/x-pack-kibana#1172

Original commit: elastic/x-pack-elasticsearch@5ed59d2a6f
2017-05-10 10:55:16 +01:00
Tanguy Leroux f3b3df0911 [Test] Ensure monitoring indices are yellow in LocalExporterTests
Before searching for documents in monitoring indices, we need to ensure
that they exist and are available.

Original commit: elastic/x-pack-elasticsearch@29db55a1fe
2017-05-10 09:53:59 +02:00
Ryan Ernst 85deb1f8f7 Rename ScriptEngineService to ScriptEngine (elastic/x-pack-elasticsearch#1374)
This is the xpack side of elastic/elasticsearch#24574

Original commit: elastic/x-pack-elasticsearch@4d37021f6d
2017-05-10 00:47:39 -07:00
Hendrik Muhs c1016f3c3d [ML] simple log throttler for autodetect logging (elastic/x-pack-elasticsearch#1323)
Adds a simple log throttler for autodetect logging, summarizes log messages if
they repeat often in a short time period. Throttler gets disabled for debug logging.

relates to: https://github.com/elastic/machine-learning-cpp/issues/111

Original commit: elastic/x-pack-elasticsearch@6729b1fd7c
2017-05-10 09:25:05 +02:00
Ryan Ernst 940ca229aa Fix xpack test using deprecated setting
Original commit: elastic/x-pack-elasticsearch@f98d24782b
2017-05-09 17:32:50 -07:00
Ryan Ernst 1c3d907748 Reverse runAs user setup to store authenticated user inside runAs user (elastic/x-pack-elasticsearch#1371)
Original commit: elastic/x-pack-elasticsearch@8276662298
2017-05-09 13:49:14 -07:00
Jay Modi 590eea57ac Add a base security rest handler (elastic/x-pack-elasticsearch#1239)
This commit adds a base rest handler for security that handles the license checking in the security
apis. This was done previously in some rest handlers but not all and actually had issues where a
value would be returned but we may not have consumed all of the request parameters, which could
lead to a different response being returned than what we would have expected.

relates elastic/x-pack-elasticsearch#1236

Original commit: elastic/x-pack-elasticsearch@2f1100b64a
2017-05-09 14:47:11 -04:00
Chris Earle 7965def49c [TEST] Mark test with AwaitsFix for elastic/x-pack-elasticsearch#1353
Original commit: elastic/x-pack-elasticsearch@a9705d3816
2017-05-09 11:29:39 -04:00
Nik Everett 387944b95a Add defense against broken scrolls (elastic/x-pack-elasticsearch#1327)
Adds defenseagainst broken scrolls to the fetching roles and users.
While Elasticsearch *shouldn't* send broken scrolls it has done so
in the past and when it does this causes security to consume the
entire heap and crash. This changes it so we instead fail the request
with a message about the scroll being broken.

Relates to elastic/x-pack-elasticsearch#1299

Original commit: elastic/x-pack-elasticsearch@dfef87e757
2017-05-09 11:18:15 -04:00
Tanguy Leroux 0a860df9f9 [Test] Restore random documents indexing in LocalExporterTests (elastic/x-pack-elasticsearch#1328)
In elastic/x-pack-elasticsearch#1212, we removed a randomized condition that inserts documents when
the exporter is enabled but before the monitoring is started. This
condition should not have been removed as it allows to test that the
exporters are correctly initialized when the Monitoring Bulk API is used
 by an external application.

This commit also fixed a failure when a search request fails because the
 monitoring indices are not yet ready (see
 https://github.com/elastic/x-pack-elasticsearch/issues/956#issuecomment-298338589)

Original commit: elastic/x-pack-elasticsearch@73ab535ae0
2017-05-09 09:39:25 +02:00
jaymode b450664766 Test: ensure system supports ECDSA before running EllicpticCurveSSLTests
Some JDKs do not support the ECDSA cipher suites that we use in the EllipticCurveSSLTests, which
is the underlying cause of some CI failures. This change ensures there is at least one enabled
ECDSA cipher before testing that a connection can be made.

relates elastic/x-pack-elasticsearch#1278

Original commit: elastic/x-pack-elasticsearch@f6c93d776c
2017-05-08 12:36:20 -04:00
David Kyle e5b11d0222 [ML] Not an error to close a job twice (elastic/x-pack-elasticsearch#1340)
* [ML] Not an error to close a job twice

* Error if job is opening

* Address review comments

* Test closed job isn’t resolved

Original commit: elastic/x-pack-elasticsearch@7da7b24c08
2017-05-08 16:34:46 +01:00
David Roberts 9264ad541e [ML] Only attempt to get the native code version when ML is enabled (elastic/x-pack-elasticsearch#1346)
Originally we used to try to get the native code version even when ML was disabled.
However, this has proved to be an annoyance in cases where people running on
unsupported platforms have disabled ML. This commit means we'll only try to get
the native code version if ML is enabled on a node.

Original commit: elastic/x-pack-elasticsearch@778d6708d2
2017-05-08 16:16:23 +01:00
Dimitris Athanasiou 28f2ba3ef8 [ML] Retrieve data counts via search (elastic/x-pack-elasticsearch#1339)
Relates elastic/x-pack-elasticsearch#827

Original commit: elastic/x-pack-elasticsearch@73a6848526
2017-05-08 13:02:07 +01:00
David Kyle 4e25e1a24d [ML] Use XContentBuilders in try with resource statements (elastic/x-pack-elasticsearch#1329)
* [ML] Use XContentBuilders in try with resource statements

* Address review comments

Original commit: elastic/x-pack-elasticsearch@ef5b45e2f4
2017-05-08 11:41:23 +01:00
Tim Vernum 0a15b03395 [TESTS] A proper fix to MultipleAdRealmTests
Original commit: elastic/x-pack-elasticsearch@f04b3ebb7a
2017-05-08 00:17:00 +10:00
Chris Earle f18a7f0f68 [Monitoring] Remove unused "node" _type from .monitoring-data-2 (elastic/x-pack-elasticsearch#1333)
This removes the "node" type from `.monitoring-data-2`. This data is sent to _both_ the time-based and non-time-based indexes for Elasticsearch, but the UI only used the time-based variant already.

This is another step in the process of removing the `.monitoring-data-2` index. There is now only one `_type` left in that index: `cluster_info`, which is used by the UI and phone home stats because it contains the license details _and_ the `stack_stats` (e.g., `xpack_usage`).

Original commit: elastic/x-pack-elasticsearch@2cadb5939d
2017-05-05 17:48:30 -04:00
Tanguy Leroux 327ac9898d Fix compilation errors after elastic/elasticsearch/elastic/x-pack-elasticsearch#24492
Original commit: elastic/x-pack-elasticsearch@06d0c17165
2017-05-05 21:27:09 +02:00
Dimitris Athanasiou 3570eb32d3 [ML] Retrieve model_size_stats via search (elastic/x-pack-elasticsearch#1326)
This is a task towards allowing rollover.

Multiple model_size_stats are stored in order to allow
analytics of the memory usage over time. The job _stats
need to display the latest model_size_stats. Before this
commit, the latest model_size_stats was being stored with
a special ID and it was retrieved using that ID. This
does not lend itself well for rollover as we would end up
with multiple of those special IDs in the rolled indices.

This commit removes the need to store a special model_size_stats
version. Job _stats now retrieve the model_size_stats by searching
for the latest one. It also uses a manual ID for all model_size_stats
in order to maintain a single document per log_time.

Relates elastic/x-pack-elasticsearch#827

Original commit: elastic/x-pack-elasticsearch@b2796e9b08
2017-05-05 17:05:39 +01:00
Chris Earle 8ab46e800c [Monitoring] Stop Accepting .monitoring-data-N index requests via REST (elastic/x-pack-elasticsearch#1318)
Now that the Monitoring UI no longer checks the `.monitoring-data-2` index
for Kibana, Logstash, or Beats data, we can stop accepting the duplicated
data in that index (the _exact_ same documents are also indexed into the
time-based index for each product).

This ignores rather than rejects requests that contain such documents to
allow older clients to communicate with a 5.5+ monitoring cluster.

Original commit: elastic/x-pack-elasticsearch@def472cf2e
2017-05-05 11:53:43 -04:00
Tim Vernum 384486d6dd [TESTS] Really fix MultipleAdRealmTests (I think)
Original commit: elastic/x-pack-elasticsearch@dc1eb4eb93
2017-05-05 10:45:11 +10:00
Igor Motov 9a800cac60 Switch to StreamInput.readEnum and StreamOutput.writeEnum (elastic/x-pack-elasticsearch#1313)
Start using StreamInput.readEnum and StreamOutput.writeEnum for enum serialization.

Relates to elastic/elasticsearch#24475

Original commit: elastic/x-pack-elasticsearch@67ca571458
2017-05-04 18:03:05 -04:00
Dimitris Athanasiou 9e3d5d6cf3 [ML] Provide better error message when doc values are unavailable (elastic/x-pack-elasticsearch#1312)
relates elastic/x-pack-elasticsearch#1305

Original commit: elastic/x-pack-elasticsearch@2e8ccc340b
2017-05-04 17:12:49 +01:00
Dimitris Athanasiou 4241469c89 [ML] Correctly print job state when delete job fails (elastic/x-pack-elasticsearch#1310)
relates elastic/x-pack-elasticsearch#1307

Original commit: elastic/x-pack-elasticsearch@25fb18ed0b
2017-05-04 15:17:48 +01:00
Adrien Grand ea31227a89 Do not create the monitoring index before the exporter service is started.
This prevents the template from being applied.

relates elastic/x-pack-elasticsearch#1308

Original commit: elastic/x-pack-elasticsearch@c9fcea42ce
2017-05-04 14:40:32 +02:00
Dimitris Athanasiou 2290b93aa3 [ML] Ignore interim results during renormalization (elastic/x-pack-elasticsearch#1298)
relates elastic/x-pack-elasticsearch#1193

Original commit: elastic/x-pack-elasticsearch@6f5e354bdd
2017-05-04 11:38:52 +01:00
Dimitris Athanasiou 7f2c7dbe17 [ML] Rename datafeed indexes to indices (elastic/x-pack-elasticsearch#1297)
Renames datafeed indexes to indices but keeps indexes
as a synonym while parsing.

relates elastic/x-pack-elasticsearch#1292

Original commit: elastic/x-pack-elasticsearch@1fcdd97f88
2017-05-04 11:37:12 +01:00
Tim Vernum b922b37c3f [TEST] Fixes for randomised failures
- role_mapping.native is always present, but contains no entries if the security index is unavailable
- file based role mapping does not allow duplicate keys

Original commit: elastic/x-pack-elasticsearch@734cf7e2c0
2017-05-04 20:18:28 +10:00
Adrien Grand bbb3d008f2 Only allow indices to have a single type by default. (elastic/x-pack-elasticsearch#1212)
Sibling of elastic/elasticsearch#24317

Original commit: elastic/x-pack-elasticsearch@a57decdf9f
2017-05-04 10:23:23 +02:00
Alexander Reelsen 4078b2f1b2 Watcher: Replace _status field with status (elastic/x-pack-elasticsearch#1285)
As fields with underscores will be disallowed in master, and we have to
prepare the upgrade, this commit renames the _status field to status.

When the 5.x upgrade logic is in place in the 5.x we can remove all the
old style _status handling from the master branch.

Note: All the BWC compatibility tests, that load 5.x indices are now
faking a finished upgrade by adding the `status` field to the mapping
of the watches index.

Original commit: elastic/x-pack-elasticsearch@9d5cc9aaec
2017-05-04 10:08:34 +02:00
Tim Vernum 8633fd1f07 [TESTS] Fix problem with AD integration test
In some cases (based on the randomisation) the primary-realm would have no mappings, but the secondary-realm would.
If this occurred we wouldn't write out any mappings and the secondary-realm would not authorize the access being tested

Original commit: elastic/x-pack-elasticsearch@8e81ec9dd7
2017-05-04 18:05:26 +10:00
Jim Ferenczi 770404200e [TEST] Fix test that breaks compilation due to an invalid usage of ListenableActionFuture
Original commit: elastic/x-pack-elasticsearch@b92d06c9b1
2017-05-04 08:33:06 +02:00
Tim Vernum 6adf4fd3af Role Mapping API (elastic/x-pack-elasticsearch#925)
This introduces a role-mapping API to X-Pack security.

Features:
- A `GET`/`PUT`/`DELETE` API at `/_xpack/security/role_mapping/`
- Role-mappings are stored in the `.security` index 
- A custom expression language (in JSON) for expressing the mapping rules 
- Supported in LDAP/AD and PKI realms
- LDAP realm also supports loading arbitrary meta-data (which can be used in the mapping rules)
- A CompositeRoleMapper unifies roles from the existing file based mapper, and the new API based mapper.
- Usage stats for native role mappings

Original commit: elastic/x-pack-elasticsearch@d9972ed1da
2017-05-04 13:38:50 +10:00
Luca Cavanna 500170c456 [TEST] Remove more unnecessary ListenableActionFuture usages (elastic/x-pack-elasticsearch#1283)
Original commit: elastic/x-pack-elasticsearch@9dfe7ea6f9
2017-05-03 16:35:15 +02:00
Tim Brooks 106a26b399 Remove unneeded usages of listenable futures (elastic/x-pack-elasticsearch#1261)
This is related to elastic/elasticsearch#24412. That commit changed how
ListenableActionFuture implementations are created. This commit
updates x-pack to be compatible with those changes. In particular, all
the usages of ListenableActionFuture in x-pack could be replaced with
PlainActionFuture as the "listening" functionality was not being used.

Original commit: elastic/x-pack-elasticsearch@7c8d8e3df9
2017-05-03 09:23:39 -05:00
Dimitrios Athanasiou d140b3028d [ML] Reuse encapsulated delete-by-query request
Original commit: elastic/x-pack-elasticsearch@cc0f2ce815
2017-05-03 14:58:22 +01:00
Dimitris Athanasiou 3f73748d14 [ML] Use delete-by-query in JobDataDeleter (elastic/x-pack-elasticsearch#1274)
JobDataDeleter handles the deletion logic for 3 cases:

1. deleting a model snapshot and its state docs
2. deleting all results after a timestamp
3. deleting all interim results

The last 2 are currently implemented by manually performing
a search and scroll and then adding matching hits in a bulk
delete action. This operation is exactly what delete-by-query
does.

This commit changes JobDataDeleter to use delete-by-query. This
makes the code simpler and less error-prone. The downside is
losing some logging which seems non-critical. Unit tests for
JobDataDeleter are also removed as they are heavily mocked tests,
adding little value and high maintenance cost. This functionality
is tested by integration tests already.

relates elastic/x-pack-elasticsearch#821

Original commit: elastic/x-pack-elasticsearch@7da91332bd
2017-05-03 14:51:41 +01:00
Dimitris Athanasiou 3e9c36838d [ML] Remove get model snapshot by description functionality (elastic/x-pack-elasticsearch#1288)
relates elastic/x-pack-elasticsearch#1284

Original commit: elastic/x-pack-elasticsearch@780feea5c1
2017-05-03 13:20:52 +01:00
Luca Cavanna 796e23a02a Adapt to ActionRequestBuilder#execute changes (elastic/x-pack-elasticsearch#1263)
Original commit: elastic/x-pack-elasticsearch@c2d7aa562c
2017-05-03 11:21:06 +02:00
Hendrik Muhs 9d8fea9a32 [ML] expose low and high median functions (elastic/x-pack-elasticsearch#1272)
Expose low and high median functions implemented downstream in machinelearning-cpp.

Original commit: elastic/x-pack-elasticsearch@3863e9d41c
2017-05-03 09:46:10 +02:00
Daniel Mitterdorfer 240bd5bfa7 Mute EllipticCurveSSLTests
Relates elastic/x-pack-elasticsearch#1278

Original commit: elastic/x-pack-elasticsearch@3e5dbf5fe6
2017-05-03 07:57:27 +02:00
Alexander Reelsen 3a0bc504a9 Watcher: Exeuting a watch returns a proper 404 (elastic/x-pack-elasticsearch#1273)
A test failure uncovered that handling non existing watches in the
execute watch API could lead to 500 errors instead of 404 because
they were not handled correctly.

relates elastic/x-pack-elasticsearch#1120

Original commit: elastic/x-pack-elasticsearch@c17a07ae3e
2017-05-02 16:01:45 +02:00
Alexander Reelsen ff6283bf80 Tests: Ignore existing watches index in REST test
This test should ensure, that a missing watch on an existing index
causes an error, thus it can ignore if the .watches index already
exists.

relates elastic/x-pack-elasticsearch#1155

Original commit: elastic/x-pack-elasticsearch@89c56cb2be
2017-05-02 14:16:19 +02:00
Tanguy Leroux 9e14141a8e [Test] Fix NPE in LocalExporterTests
This commit fixes a NullPointerException in the LocalExporterTests.

Original commit: elastic/x-pack-elasticsearch@e28516135f
2017-05-02 13:55:47 +02:00
David Kyle f3f387bd9c [ML] Give jobs meaningful and unique names in the yaml rest tests. (elastic/x-pack-elasticsearch#1271)
Original commit: elastic/x-pack-elasticsearch@b096de55c1
2017-05-02 11:36:33 +01:00
Alexander Reelsen c62f6f8177 Watcher: Distributed watch execution (elastic/x-pack-elasticsearch#544)
The distribution of watches now happens on the node which holds the
watches index, instead of on the master node. This requires several
changes to the current implementation.

1. Running on shards and replicas
   In order to run watches on the nodes with the watches index on its
   primaries and replicas. To ensure that watches do not run twice, there is
   a logic which checks the local shards, runs a murmurhash on the id and
   runs modulo against the number of shards and replicas, this is the way to
   find out, if a watch should run local. Reloading happens
2. Several master node actions moved to a HandledTransportAction, as they
   are basically just aliases for indexing actions, among them the
   put/delete/get watch actions, the acknowledgement action, the de/activate
   actions
3. Stats action moved to a broadcast node action, because we potentially
   have to query every node to get watcher statistics
4. Starting/Stopping watcher now is a master node action, which updates
   the cluster state and then listeners acts on those. Because of this watches
   can be running on two systems, if you those have different cluster state
   versions, until the new watcher state is propagated
5. Watcher is started on all nodes now. With the exception of the ticker
   schedule engine most classes do not need a lot of resources while running.
   However they have to run, because of the execute watch API, which can hit
   any node - it does not make sense to find the right shard for this watch
   and only then execute (as this also has to work with a watch, that has not
   been stored before)
6. By using a indexing operation listener, each storing of a watch now
   parses the watch first and only stores on successful parsing
7. Execute watch API now uses the watcher threadpool for execution
8. Getting the number of watches for the stats now simply queries the
   different execution engines, how many watches are scheduled, so this is
   not doing a search anymore

There will be follow up commits on this one, mainly to ensure BWC compatibility.

Original commit: elastic/x-pack-elasticsearch@0adb46e658
2017-05-02 10:12:46 +02:00
Jason Tedor 718518fe85 Disable setting available processors in tests
Within the same JVM, setting the number of processors available to Netty
can only be done once. However, tests randomize the number of processors
and so without intervention would attempt to set this value multiple
times. Therefore, we need to use a flag that prevents setting this value
in tests.

Relates elastic/x-pack-elasticsearch#1266

Original commit: elastic/x-pack-elasticsearch@d127149725
2017-05-01 19:27:45 -04:00
Jason Tedor bec3102e06 Upgrade Netty to 4.1.10.Final
This commit upgrades the Netty dependency from version 4.1.9.Final to
version 4.1.10.Final.

Relates elastic/x-pack-elasticsearch#1262

Original commit: elastic/x-pack-elasticsearch@aac7aa351c
2017-05-01 10:25:42 -04:00
Yannick Welsch a9aa3e2329 Revert "Test: get more information when sporadic NPE"
This reverts commit elastic/x-pack-elasticsearch@3e08725fc7.

Original commit: elastic/x-pack-elasticsearch@dc85c2b194
2017-04-29 10:51:35 +02:00
Yannick Welsch 308d5e0ae3 Don't call ClusterService.state() in a ClusterStateUpdateTask
The current state is readily available as a parameter

Original commit: elastic/x-pack-elasticsearch@a09929aa82
2017-04-29 10:50:56 +02:00
Yannick Welsch e3834da05e [TEST] Wait for trial license to be generated before running LicensesManagerServiceTests
Many of the tests assume that the trial license has already been generated before the test gets to run. As this is asynchronously triggered upon node
startup, however, there is no guarantee that trial license generation has completed before the tests get to execute, leading to null values when
checking clusterService.state().metaData().custom(LicensesMetaData.TYPE).

Original commit: elastic/x-pack-elasticsearch@d909c9ba95
2017-04-29 10:50:56 +02:00
Dimitrios Athanasiou ee5e66bb0d [ML] Make updateDatafeed var in UpdateDatafeedAction volatile
Original commit: elastic/x-pack-elasticsearch@d8461d0960
2017-04-28 17:58:55 +01:00
Dimitris Athanasiou 5a70eac6e8 [ML] Delete and Update datafeed actions should use current cluster state (elastic/x-pack-elasticsearch#1254)
relates elastic/x-pack-elasticsearch#1253

Original commit: elastic/x-pack-elasticsearch@bdf695e694
2017-04-28 17:53:59 +01:00
Nik Everett 459b77478e Test: get more information when sporadic NPE
LicenseManagerServiceTests sometimes fails in jenkins, but fairly
rarely. We don't get useful logs when it does. This cranks up
the log level and adds some more assertions so we can better track
down where the failure comes from.

Relates to elastic/x-pack-elasticsearch#222

Original commit: elastic/x-pack-elasticsearch@3e08725fc7
2017-04-28 11:34:48 -04:00
David Roberts 892d803a6a [ML] When putting a datafeed use runas user for index privilege check (elastic/x-pack-elasticsearch#1245)
When a user creates a datafeed, as well as checking they have permission
to create a datafeed we also check that they have permission to search the
indices they've configured the datafeed to search.

Previously this second check was erroneously done for the user who issued
the put_datafeed request, whereas it should be done as the runas user for
that request.

Original commit: elastic/x-pack-elasticsearch@4c35204c66
2017-04-28 13:38:53 +01:00
Dimitrios Athanasiou 57382390ab [TEST] Delete job from DatafeedJobsIT.testRealtime in clean up
relates elastic/x-pack-elasticsearch#1246

Original commit: elastic/x-pack-elasticsearch@9ca07f1308
2017-04-28 11:00:51 +01:00
Yannick Welsch c551bcba5c Separate publishing from applying cluster states
Companion commit to elastic/elasticsearch#24236

Original commit: elastic/x-pack-elasticsearch@d685478f5d
2017-04-28 09:35:20 +02:00
Zachary Tong 6147e2ba6a Remove now-unnecessary cast
Original commit: elastic/x-pack-elasticsearch@fcbbe5a919
2017-04-27 17:16:30 -04:00
Dimitrios Athanasiou f341b336a5 [ML] Correctly pass job_id from job task to logger
Original commit: elastic/x-pack-elasticsearch@1c73bccaec
2017-04-27 20:02:15 +01:00
Dimitrios Athanasiou b796388431 [ML] Delete intervening results after now as well
When we revert to snapshot, if we delete intervening results
we should delete with an open end on the time range for the
case when future data has been posted to the job.

Original commit: elastic/x-pack-elasticsearch@c3f5e8f19e
2017-04-27 16:38:23 +01:00
Nik Everett 677ea404f7 Remove most usages of 1-arg Script ctor (elastic/x-pack-elasticsearch#1207)
The one argument ctor for `Script` creates a script with the
default language but most usages of are for testing and either
don't care about the language or are for use with
`MockScriptEngine`. This replaces most usages of the one argument
ctor on `Script` with calls to `ESTestCase#mockScript` to make
it clear that the tests don't need the default scripting language.

Original commit: elastic/x-pack-elasticsearch@c1d05b7357
2017-04-27 11:35:42 -04:00
Yannick Welsch 779e8f6771 [TEST] Reenable IndicesStatsTests
Commit elastic/x-pack-elasticsearch@4165beb90 should have fixed the test failures.

Original commit: elastic/x-pack-elasticsearch@67b8aac14c
2017-04-27 17:04:45 +02:00
Jay Modi 1d08b4d1fb Rest endpoints for token based access (elastic/x-pack-elasticsearch#1235)
This commit adds rest endpoints for the creation of a new token and invalidation of an existing
token. This builds upon the functionality that was introduced in elastic/x-pack-elasticsearch#1029.

relates elastic/x-pack-elasticsearch#8

Original commit: elastic/x-pack-elasticsearch@d56611dfa3
2017-04-27 11:04:31 -04:00
Jay Modi f7fb02f21f Ensure we always respect a user specified filter in the AD realm (elastic/x-pack-elasticsearch#1161)
When the active directory realm was refactored to add support for authenticating against multiple
domains, only the default authenticator respected the user_search.filter setting. This commit moves
this down to the base authenticator and also changes the UPN filter to not include sAMAccountName
in the filter.

Original commit: elastic/x-pack-elasticsearch@d2c19c9bee
2017-04-27 10:20:59 -04:00
Dimitrios Athanasiou 4f12f04c65 [TEST] Fix line width checkstyle error
Original commit: elastic/x-pack-elasticsearch@0d62752c0e
2017-04-27 14:03:07 +01:00
Dimitrios Athanasiou 4c9b4132c9 [TEST] Refactor ML integration test framework
- Removes need to handle exception from action methods
- Clearly renames DatafeedJobIT to DatafeedJobsRestIT to distinguish
  from DatafeedJobsIT
- Refactors DatafeedJobsIT to reuse MlNativeAutodetectIntegTestCase

Original commit: elastic/x-pack-elasticsearch@5bd0c01391
2017-04-27 13:43:28 +01:00
Tim Vernum ddf5fd68c2 Add ClusterSearchShardsAction to "read_cross_cluster" privilege (elastic/x-pack-elasticsearch#1231)
Cross cluster search uses ClusterSearchShardsAction under the covers.
Without this change, you would need both "read_cross_cluster" and "view_index_metadata" privilegs in order to have permission to execute searches from a remote cluster.

Original commit: elastic/x-pack-elasticsearch@65a6aff329
2017-04-27 22:39:13 +10:00
Dimitrios Athanasiou 7e62eb6255 [TEST] Wait for job to close from DatafeedJobsIT.testLookbackOnly
relates elastic/x-pack-elasticsearch#1228

Original commit: elastic/x-pack-elasticsearch@77055bd128
2017-04-27 12:57:50 +01:00
Yannick Welsch 983fb95a2a [TEST] Disable GraphTests.testSignificanceQueryCrawl
as it sporadically fails

Relates to elastic/x-pack-elasticsearch#918

Original commit: elastic/x-pack-elasticsearch@e2a8a79e62
2017-04-27 09:34:56 +02:00
Jay Modi 69837cd817 Fix DLS query merging when there are groups with/without DLS (elastic/x-pack-elasticsearch#1203)
If a single permission set does not have a query defined then this should be considered as the user
not having document level security for the indices matching that pattern. However, the lack of
document level security was not being taken into account and document level security was being
applied when it should not have been.

Original commit: elastic/x-pack-elasticsearch@f5777c2f37
2017-04-26 16:06:15 -04:00
jaymode a7d9e92f25 Test: wait for all token expiration jobs to finish
This adds a best effort wait for the token expiration jobs to finish to hopefully address the
issues in tests with on going requests and locked shards.

Relates elastic/x-pack-elasticsearch#1220

Original commit: elastic/x-pack-elasticsearch@ae789c1e58
2017-04-26 15:40:56 -04:00
Dimitrios Athanasiou b54de1bb91 [TEST] Give time for results to be searchable in UpdateInterimResultsIT
Original commit: elastic/x-pack-elasticsearch@7c28860dd5
2017-04-26 18:46:33 +01:00
Martijn van Groningen 295a4049a3 [ML] Use allocation id as key in `AutodetectProcessManager#autoDetectCommunicatorByJob` map instead of job id.
Relates to elastic/x-pack-elasticsearch#921

Original commit: elastic/x-pack-elasticsearch@21383fd51c
2017-04-26 19:33:41 +02:00
Dimitris Athanasiou 1f57a53b3e [ML] Correct error message for invalid job_id (elastic/x-pack-elasticsearch#1218)
relates elastic/x-pack-elasticsearch#1211

Original commit: elastic/x-pack-elasticsearch@5389a43706
2017-04-26 18:17:06 +01:00
Yannick Welsch 444cbfc283 [TEST] Fix monitoring tests that are flaky in the presence of replicas
Many tests in monitoring use the pattern of calling first awaitMonitoringDocsCount, and then doing a search that checks certain properties, assuming
that the doc count is correct at that point. In the presence of replicas, awaitMonitoringDocsCount might not wait for all shard copies to have the
desired property. A subsequent search might then hit a shard where the property does not hold. As these tests randomize the number of replicas
(through the random_index_template), it easier to constrain awaitMonitoringDocsCount just to the primary and then do subsequent checks just by
querying the primary.

Original commit: elastic/x-pack-elasticsearch@4165beb903
2017-04-26 19:12:45 +02:00
jaymode 4a36cd77ee Test: bind regular socket instead of server socket so connection cannot be accepted
This commit creates a single server socket that will be connected to by local sockets. The local
sockets will use the port of the previously stopped ldap server as the local port. This will
prevent the ldap library from establishing a connection. The previous use of server sockets for
this did not work on all operating systems as the backlog parameter has platform specific meaning.

Original commit: elastic/x-pack-elasticsearch@03b6bf39d4
2017-04-26 12:41:12 -04:00
David Roberts f3f9cb6d74 [ML] Stop using the management thread pool unnecessarily for ML actions (elastic/x-pack-elasticsearch#1213)
The management thread pool only has 5 threads and clogging it up makes
monitoring think the cluster is dead.

relates elastic/x-pack-elasticsearch#1210

Original commit: elastic/x-pack-elasticsearch@f4ad7578d9
2017-04-26 17:17:26 +01:00
jaymode 6b4db0fc36 Test: remove usage of forbidden api (socket connect)
Original commit: elastic/x-pack-elasticsearch@5903973762
2017-04-26 11:39:27 -04:00
jaymode 123a660720 Test: add awaits fix for SessionFactoryLoadBalancingTests
Original commit: elastic/x-pack-elasticsearch@6412d12283
2017-04-26 11:25:30 -04:00
jaymode c9d039525c Test: add more debug output for SessionFactoryLoadBalancingTests failures
Original commit: elastic/x-pack-elasticsearch@206048b94d
2017-04-26 11:15:07 -04:00
jaymode c1c66f38ea Test: specify a timeout for background operation
This commit adds a timeout for the expiration of invalidated tokens so that we can expect that the
requests will have been finished before we do the assertions on the internal test cluster.

Original commit: elastic/x-pack-elasticsearch@2928706224
2017-04-26 10:34:17 -04:00
Dimitrios Athanasiou 708190f356 [TEST] Add model snapshot restore integration test
Relates elastic/x-pack-elasticsearch#882

Original commit: elastic/x-pack-elasticsearch@fbb983e63b
2017-04-26 14:29:55 +01:00
Jay Modi 295051ee8c Add a short-lived token based access mechanism (elastic/x-pack-elasticsearch#1029)
This commit adds a token based access mechanism that is a subset of the OAuth 2.0 protocol. The
token mechanism takes the same values as a OAuth 2 standard (defined in RFC 6749 and RFC 6750),
but differs in that we use XContent for the body instead of form encoded values. Additionally, this
PR provides a mechanism for expiration of a token; this can be used to implement logout
functionality that prevents the token from being used again.

The actual tokens are encrypted using AES-GCM, which also provides authentication. The key for
encryption is derived from a salt value and a passphrase that is stored on each node in the
secure settings store. By default, the tokens have an expiration time of 20 minutes and is
configurable up to a maximum of one hour.

Relates elastic/x-pack-elasticsearch#8

Original commit: elastic/x-pack-elasticsearch@3d201ac2bf
2017-04-26 08:00:03 -04:00
Martijn van Groningen c6c63c471c The xpack side of elastic/x-pack-elasticsearch#24115
Original commit: elastic/x-pack-elasticsearch@862180a169
2017-04-26 11:28:01 +02:00
Dimitrios Athanasiou 9828161cff [TEST] Remove broken test from jobs_get_result_categories.yaml
The YAML framework randomly sends the body wrapped in a `source`
field if the API supports GET. Our API doesn't handle `source`.
Taking the test out.

relates elastic/x-pack-elasticsearch#1200

Original commit: elastic/x-pack-elasticsearch@fa77c071b2
2017-04-25 17:07:30 +01:00
Martijn van Groningen ee650b3189 [ml] Use allocation id as key in `runningDatafeeds` map instead of datafeed id
Original commit: elastic/x-pack-elasticsearch@156e3275b1
2017-04-25 17:55:27 +02:00
Dimitris Athanasiou 32128894a5 [ML] Delete interim results after job re-opening (elastic/x-pack-elasticsearch#1194)
This is an issue where a bucket can have both interim results and
non-interim results, a bucket should never have both at the same time.
The steps to cause this situation are:

1. Flush a running job and create interim results
2. Close that job (this does not delete interim results)
3. Re-open the job and POST data
4. The job will eventually emit a bucket result which mingles with the
existing interim results

Normally interim results are deleted by AutoDetectResultProcessor when a
bucket is parsed following a flush command. Because of the close and
re-opening of the job AutoDetectResultProcessor no longer knows that a
previous flush command creating interim results.

The fix is to always delete interim results the first time
AutoDetectResultProcessor sees a bucket.

relates elastic/x-pack-elasticsearch#1188

Original commit: elastic/x-pack-elasticsearch@5326455f54
2017-04-25 16:32:58 +01:00
jaymode ef571568f4 Test: ensure ports that should fail are not bound to by other tests
In the SessionFactoryLoadBalancingTests, we sometime want a connection to a certain IP and Port to
fail as a way to mock an unresponsive/disconnected LDAP server. The test does this by starting up
multiple LDAP servers and then shutting some down. When the server is shut down the port that it
was bound to is open for another process or test to bind to, which can lead to sporadic failures in
CI. This change is a best effort attempt to prevent this by binding a server socket to the port and
filling its backlog so other connections should fail.

Relates elastic/x-pack-elasticsearch#1195

Original commit: elastic/x-pack-elasticsearch@b31a560c93
2017-04-25 11:17:05 -04:00
David Kyle 2d9fd0ed16 [ML] Only audit job creation after it was successful (elastic/x-pack-elasticsearch#1198)
Original commit: elastic/x-pack-elasticsearch@37af6cbf69
2017-04-25 16:07:47 +01:00
Dimitrios Athanasiou 612dcda8ae [TEST] Increase base job bucket_span to 1h
The DatafeedJobsIT.testRealtime test fails from time to time.
The test seems to take a long time to execute the flush action
after the lookback. This could make sense as the test produces
a few records over the span of a week with 5 minutes bucket_span.
Thus, flush will end up doing a lot of word to create results
for so many buckets.

This change increases the bucket_span to 1 hour. Hopefully, this
will stop the failures.

Relates elastic/x-pack-elasticsearch#1162

Original commit: elastic/x-pack-elasticsearch@4366907371
2017-04-25 15:32:44 +01:00
Dimitris Athanasiou 7f64f37c46 [ML] Fix POST version of get categories API (elastic/x-pack-elasticsearch#1184)
Also improves PageParams parsing to fill in defaults.

relates elastic/x-pack-elasticsearch#1180

Original commit: elastic/x-pack-elasticsearch@fccd7795ca
2017-04-25 14:44:10 +01:00
Martijn van Groningen 415d40e6fc test: improved assertion
Original commit: elastic/x-pack-elasticsearch@8361d2e27d
2017-04-25 12:16:01 +02:00
Martijn van Groningen a3e7c65ba4 [ML] Upon task cancel stop datafeed immediately.
Original commit: elastic/x-pack-elasticsearch@0401ca3d33
2017-04-25 11:56:44 +02:00
David Kyle bd40dd36c9 [ML] Hide partition_scores field if empty (elastic/x-pack-elasticsearch#1189)
Original commit: elastic/x-pack-elasticsearch@5dec266e0d
2017-04-25 10:48:53 +01:00
Martijn van Groningen 6c0613f36f fix mocking in tests
Original commit: elastic/x-pack-elasticsearch@b43de1ea2b
2017-04-25 09:52:12 +02:00
Ryan Ernst 105b689ec0 Templates: Convert template uses to ScriptService.compileTemplate (elastic/x-pack-elasticsearch#1170)
This is the xpack side of elastic/elasticsearch#24280

Original commit: elastic/x-pack-elasticsearch@90b7b2c6b7
2017-04-24 15:45:26 -07:00
Jay Modi 2c2261881d Fix support for elliptic curve certificates in PEM files (elastic/x-pack-elasticsearch#1050)
This commit fixes the support for elliptic curve certificates that are specified as a PEM file.
These certificates and private keys can now be read properly and a integration test was added to
ensure that TLS also functions correctly with these certificates.

Original commit: elastic/x-pack-elasticsearch@6d6d579c88
2017-04-24 11:31:10 -04:00
Martijn van Groningen a98d593576 [ML] Use JobTaskStatus#staleTask(...) instead of PersistentTask#needsReassignement(...) for checking whether a job task is stale when allocation a datafeed to a node.
Original commit: elastic/x-pack-elasticsearch@0952c455fe
2017-04-24 14:56:25 +02:00
David Kyle 0b267242f1 [ML] Refresh indices after job deletion (elastic/x-pack-elasticsearch#1174)
* Refresh indices after job deletion

* Make refresh index option explicit

Original commit: elastic/x-pack-elasticsearch@d3c819966b
2017-04-24 13:55:36 +01:00
Jay Modi 1c1837fddd Reduce spamming of logs on common SSL exceptions (elastic/x-pack-elasticsearch#1083)
This commit reduces spamming of the logs when a common SSL exception is encountered such as a
client not trusting the server's certificate or a plaintext request sent to a channel that expects
TLS traffic.

relates elastic/x-pack-elasticsearch#1062

Original commit: elastic/x-pack-elasticsearch@94959e79f6
2017-04-24 07:51:24 -04:00
Jay Modi f063af9ee3 Log INFO message when reloading SSL configuration file changes (elastic/x-pack-elasticsearch#1082)
This commit adds a INFO level log message to indicate that a file was reloaded and the SSL contexts
using the file were also updated.

relates elastic/x-pack-elasticsearch#1063

Original commit: elastic/x-pack-elasticsearch@f53f7019de
2017-04-24 07:46:14 -04:00
David Kyle 2c6a4d8627 [ML] Fix filter influencers by score
Add more test coverage

Original commit: elastic/x-pack-elasticsearch@45b06d2a5b
2017-04-24 11:31:51 +01:00
Martijn van Groningen 5dc8c71e65 [TEST] Increased datafeed logging
Original commit: elastic/x-pack-elasticsearch@403bc28dea
2017-04-24 10:48:53 +02:00
Ryan Ernst c5b14197d4 Remove uses of ScriptService.executable which takes Script (elastic/x-pack-elasticsearch#1164)
This is the xpack side of elastic/elasticsearch#24264

Original commit: elastic/x-pack-elasticsearch@ac36bc32aa
2017-04-21 17:52:27 -07:00
David Kyle 72a9bffff8 [ML] Proceed on conflict when deleting job docs. (elastic/x-pack-elasticsearch#1157)
Original commit: elastic/x-pack-elasticsearch@b1b98ec268
2017-04-21 16:45:14 +01:00
Dimitris Athanasiou e0b6630e3d [ML] Add the current job state in conflict error messages (elastic/x-pack-elasticsearch#1158)
Relates elastic/x-pack-elasticsearch#878

Original commit: elastic/x-pack-elasticsearch@2be8b6c9a1
2017-04-21 16:42:39 +01:00
Dimitrios Athanasiou 73feee6317 [ML] Reduce timeout to 5s while indexing notifications
Original commit: elastic/x-pack-elasticsearch@b144f366f4
2017-04-21 14:58:21 +01:00
Dimitris Athanasiou 546faa3b9b [ML] Ignore non-bulk-action blocks in StateProcessor (elastic/x-pack-elasticsearch#1154)
This is in preparation for the autodetect process writing out
a block of spaces in order to flush the buffer at the end of
state persisting.

Relates elastic/x-pack-elasticsearch#1140

Original commit: elastic/x-pack-elasticsearch@fedf1d204c
2017-04-21 11:30:04 +01:00
David Kyle 52c8469225 [ML] Fix test failure by preventing random string from being ‘by’, ‘over’ or ‘count’
Original commit: elastic/x-pack-elasticsearch@8c79af0b77
2017-04-21 11:04:22 +01:00
David Roberts e549bc4ef9 [ML] Index the audit notification before responding to a delete request (elastic/x-pack-elasticsearch#1150)
This change prevents the situation where cleanup of ML indices immediately
after deleting a job leaves the audit notification in limbo because the index
it was due to be indexed into has been deleted.

Relates elastic/x-pack-elasticsearch#1142

Original commit: elastic/x-pack-elasticsearch@300e9c36ce
2017-04-21 10:17:33 +01:00
Luca Cavanna fc316bd947 [TEST] adapt to Aggregations being an abstract class with final methods (elastic/x-pack-elasticsearch#1128)
Original commit: elastic/x-pack-elasticsearch@080548e411
2017-04-20 21:31:42 +02:00
David Kyle a11e52fea2 [ML] Add check to prevent NoSuchElementException (elastic/x-pack-elasticsearch#1147)
Original commit: elastic/x-pack-elasticsearch@dca4020734
2017-04-20 18:10:32 +01:00
Chris Earle f9b8c82137 [Security] Remove cluster:monitor Privilege from kibana_user (elastic/x-pack-elasticsearch#1097)
Ordinary Kibana users should not have access to the cluster state of ES,
and therefore they should not be able to access ML jobs without explicit
permission.

Original commit: elastic/x-pack-elasticsearch@77273d561a
2017-04-20 12:50:11 -04:00
Dimitrios Athanasiou 1f9ddb6937 [TEST] Increase ml datafeed logging to understand test failure
DatafeedJobsIT has been failing. This change increases logging
to investigate those failures.

Original commit: elastic/x-pack-elasticsearch@0c7c29ac29
2017-04-20 17:18:11 +01:00
Alexander Reelsen 50dff91a3a Watcher: Fix resetting of ack status on unmet condition (elastic/x-pack-elasticsearch#1141)
When a condition is unmet, the ack status of the actions needs to be
resetted again, so that new alerts can be triggered.

Due to a bugfix this functionality was removed from ES 5.0.0-alpha5
onwards.

relates elastic/x-pack-elasticsearch#1123

Original commit: elastic/x-pack-elasticsearch@83db2cecf9
2017-04-20 15:19:25 +01:00
Dimitris Athanasiou 13d3b353c6 [TEST] Wait for pending tasks on test clean up... (elastic/x-pack-elasticsearch#1137)
.. in MlNativeAutodetectIntegTestCase.

We wait for pending tasks to finish from REST tests but not
from the ones using a native autodetect. This commit adds the
waiting in those tests too.

Relates elastic/x-pack-elasticsearch#1136

Original commit: elastic/x-pack-elasticsearch@a7a5455c78
2017-04-20 14:03:38 +01:00
Dimitris Athanasiou a2124b68e1 [ML] Invert interim result inclusion strategy (elastic/x-pack-elasticsearch#1139)
This changes the get-result actions to include interim
results by default. The former include_interim param is
now changed into an exclude_interim param.

relates elastic/x-pack-elasticsearch#1091

Original commit: elastic/x-pack-elasticsearch@c55a9a89d7
2017-04-20 13:52:35 +01:00
David Roberts bf543f0735 [TEST] Report more detail if waitForPendingTasks times out
Original commit: elastic/x-pack-elasticsearch@63ca54b851
2017-04-20 13:10:48 +01:00
David Roberts bd58856e6f [ML] Remove obsolete comment
Original commit: elastic/x-pack-elasticsearch@5637f95311
2017-04-20 11:00:27 +01:00
David Roberts 99def2bd33 [ML] Increase the wait time for AWS credentials to propagate
This was timing out a lot yesterday from the London office

Original commit: elastic/x-pack-elasticsearch@a0989c2a0f
2017-04-20 09:54:00 +01:00
Igor Motov 7656e4a67b Persistent tasks: require allocation id on task completion (elastic/x-pack-elasticsearch#1107)
Persistent tasks should verify that completion notification is done for correct version of the task, otherwise a delayed notification from an old node can accidentally close a newly reassigned task.

Original commit: elastic/x-pack-elasticsearch@478bb6e730
2017-04-19 15:42:55 -04:00
Dimitrios Athanasiou a0099cace6 [TEST] Call get on update job action from DetectionRulesIT
This was the reason for the intermittent failures of this test.

Original commit: elastic/x-pack-elasticsearch@e8605590a1
2017-04-19 19:52:16 +01:00
Martijn van Groningen 7ee48846ec [ML] Auto job close should use the current node as coordinating node.
Original commit: elastic/x-pack-elasticsearch@4f3f8f9915
2017-04-19 20:23:16 +02:00
Colin Goodheart-Smithe 7cb2be2e5c Adds a check to wait for active tasks for XPackRestIT (elastic/x-pack-elasticsearch#964)
* Adds a check to wait for active tasks for XPackRestIT

* uses test logger

* Change to use assertBusy instead of awaitBusy

* fixes failures with active tasks remaining

* Moves wait for pending tasks into MlRestTestStateCleaner

* remove unecessary log line

Original commit: elastic/x-pack-elasticsearch@1f098dbb64
2017-04-19 17:36:30 +01:00
Martijn van Groningen 06c4a3223b [ML] Having no datafeed tasks can happen.
Original commit: elastic/x-pack-elasticsearch@b752ce4f0f
2017-04-19 16:49:19 +02:00
David Roberts 4255f6dae6 [ML] Further reduce log file noise (elastic/x-pack-elasticsearch#1126)
Original commit: elastic/x-pack-elasticsearch@65301281d2
2017-04-19 15:19:15 +01:00
Dimitrios Athanasiou 8e7fd1421c [ML] Fix typo: decending -> descending
Original commit: elastic/x-pack-elasticsearch@d0b3a6a4b9
2017-04-19 15:18:01 +01:00
Dimitris Athanasiou 96cfbc8f4c [ML] Remove partition_field param from GetBucketsAction (elastic/x-pack-elasticsearch#1122)
Relates elastic/x-pack-elasticsearch#1119


Original commit: elastic/x-pack-elasticsearch@c87fdbc031
2017-04-19 14:07:51 +01:00
Dimitrios Athanasiou 03170d870b [ML] Remove expand from get-records REST spec
Relates elastic/x-pack-elasticsearch#1119

Original commit: elastic/x-pack-elasticsearch@d034a7ee5d
2017-04-19 13:30:34 +01:00
Dimitrios Athanasiou 02d1350778 [TEST] Change the serialization order back to keep tests happy
Original commit: elastic/x-pack-elasticsearch@2b83697395
2017-04-19 13:27:48 +01:00
Dimitris Athanasiou 9865d5b955 [ML] Fix detector rules and add integ test (elastic/x-pack-elasticsearch#1084)
Relates elastic/x-pack-elasticsearch#882

Original commit: elastic/x-pack-elasticsearch@fd1cc0d402
2017-04-19 12:23:38 +01:00
David Kyle d8a70138cd [TEST] Give jobs meaningful names in ML integ tests (elastic/x-pack-elasticsearch#1103)
Original commit: elastic/x-pack-elasticsearch@aaf1807172
2017-04-19 12:00:53 +01:00
Ryan Ernst b86cdd6c8e Test: Update rest base class parameters signature (elastic/x-pack-elasticsearch#1101)
This is the xpack side of elastic/elasticsearch#21392

Original commit: elastic/x-pack-elasticsearch@b760815f54
2017-04-18 15:07:14 -07:00
Chris Earle b1c0631e46 [TEST] Test explicitly for the watch we're interested in
Original commit: elastic/x-pack-elasticsearch@71bd0aee7e
2017-04-18 17:00:30 -04:00
Chris Earle 165291a23c Check for specific watch in watch test
Original commit: elastic/x-pack-elasticsearch@e778f14714
2017-04-18 15:57:52 -04:00
Chris Earle c27bb16141 [Monitoring] Use Exporter to create watches in Monitoring Cluster (elastic/x-pack-elasticsearch#994)
By creating the watches via the exporter, we get to afford ourselves
with a much more automatic and simpler set of security permissions.

This does limit us in a few ways (e.g., every exporter has to deal with
cluster alerts itself, which means that newer releases of Kibana cannot
help by adding newer cluster alerts for older, still-monitored
clusters).

Original commit: elastic/x-pack-elasticsearch@448ef313c3
2017-04-18 12:59:46 -04:00
Chris Earle a11f77aea0 [Monitoring] Convert "" _id to null (elastic/x-pack-elasticsearch#1098)
When Logstash 5.2 - 5.3 submit documents via the `_xpack/monitoring/_bulk`
endpoint, it sends its time-based documents with an explicit `_id` of
`""`.

This used to be automatically ignored by Monitoring, but we now accept the
_id that we are given (including `null`). ES, prior to 5.3.1, accepted
`""` as a valid `_id` through the `_bulk` endpoint, which means that it
blindly accepted and overwrote documents given that ID, meaning that all
Logstash instances "shared" the exact same document and therefore the UI
becomes useless.

This change allows `""` to be used and it simply replaces that value, and
only that value, with `null`. This enables backwards compatibility with LS
5.2 - 5.3.0.

Original commit: elastic/x-pack-elasticsearch@889578e61e
2017-04-18 12:24:15 -04:00
Adrien Grand 98c4dc6a92 Upgrade to a snapshot of Lucene 7. (elastic/x-pack-elasticsearch#1102)
Original commit: elastic/x-pack-elasticsearch@2c145e4160
2017-04-18 15:35:55 +02:00
Colin Goodheart-Smithe 51de15dcf1 Fixes compile errors in Eclipse due to generics
PersistentTasksCustomMetadata was using a generic param named `Params`. This conflicted with the imported interface `ToXContent.Params`. The java compiler was preferring the generic param over the interface so everything was fine but Eclipse apparently prefers the interface int his case which was screwing up the Hierarchy and causing compile errors in Eclipse. This changes fixes it by renaming the Generic param to `P`

Original commit: elastic/x-pack-elasticsearch@8528870684
2017-04-18 12:50:05 +01:00
Tim Vernum 4d557afaa4 Improvements in preparation for multiple security indices (elastic/x-pack-elasticsearch#1074)
- Mark all security indices (that is all indices managed by SecurityLifecycleService) as "superuser only" (only superuser role can have direct permissions)
- Add unit tests for IndexLifecycleManager

Original commit: elastic/x-pack-elasticsearch@e4478825e0
2017-04-18 15:22:19 +10:00
Jay Modi b59b6bbdd4 Remove SecuredString and use SecureString from elasticsearch core (elastic/x-pack-elasticsearch#1092)
This commit removes the SecuredString class that was previously used throughout the security code
and replaces it with the SecureString class from core that was added as part of the new secure
settings infrastructure.

relates elastic/x-pack-elasticsearch#421

Original commit: elastic/x-pack-elasticsearch@e9cd117ca1
2017-04-17 13:28:46 -04:00
jaymode 453bf907ca Test: expand wildcards when testing wildcard expression
Original commit: elastic/x-pack-elasticsearch@f5b74383a9
2017-04-14 10:05:25 -04:00