Although the build passes on the command line the Eclipse compiler complains that the client.execute() call on line 216 does not have correct arguments because of the lack of generics. This changes adds the generics to the action variable to solve the error in Eclipse. The change is very low risk and should not adversely affect the build on the command line nor in intelliJ IDEA
Original commit: elastic/x-pack-elasticsearch@08f3548556
Followup to https://github.com/elastic/elasticsearch/pull/14914
Shield has to request read-write access to all system properties
due to silliness in UnboundID sdk (556a203094/src/com/unboundid/util/Debug.java (L166))
We should followup with a pull request to them, to not use System.getProperties() here which
returns a mutable map (hence: read-write to "*").
Furthermore, the hack has to be wrapped in another hack because gradle doesn't add
shield's plugin metadata to the classpath. Of course, if we weren't testing with two
plugins in the classpath (which is not very realistic) this would be a non-issue.
Original commit: elastic/x-pack-elasticsearch@612cacde6a
This change removes the project attachment support, and instead relies
on x-plugins being checked out under extra-plugins/x-plugins within an
elasticsearch checkout. The only real change, other than removing
unnecessary code, was to rename the license/core project because gradle
project substitution has a bug which causes it to try and use ES core as
the substitution. (Unfortunately this is not reproduceable with a simple
example, so I have not yet filed an issue with gradle).
Original commit: elastic/x-pack-elasticsearch@fa315ffcb5
This change disables document and field level security by default so that we are able to maintain
bulk update functionality. Users that enable DLS/FLS will not have this functionality. Additionally,
if a user tries to configure DLS/FLS in a role without enabling it, the role will be skipped during
parsing and a log message will be logged at the error level.
See elastic/elasticsearch#938
Original commit: elastic/x-pack-elasticsearch@60c7519092
This commit reverts a previous change where searcher were not wrapped when the RequestContext
could not be found. If DLS/FLS is enabled, which is the default, any bulk request that contains an
update request will not be permitted. This change also exposes the ability to completely disable DLS
and FLS so that users who are not using these features can still use bulk updates.
See elastic/elasticsearch#938
Original commit: elastic/x-pack-elasticsearch@513782db1c
Previously, when the RequestContext could not be located a FieldSubsetReader was returned that only
allowed meta fields to be read. This was done for safety in case there was an API missed so we did not
leak data. However, this causes issues because some requests in elasticsearch execute on a different
thread than the one with the RequestContext so we effectively lose this context and prevent access to
the fields in the document. This is especially problematic with update requests, because that means that
fields that aren't included in the updated document will be lost.
This commit removes the wrapping of the readers in this case and adds tests for bulk updates.
Closeselastic/elasticsearch#938
Original commit: elastic/x-pack-elasticsearch@74c8059da0
In elastic/elasticsearchelastic/elasticsearch#14668, transitive dependencies were removed
from elasticsearch, and plugins now no longer get transitive deps
either. This commit fixes xplugins to remove transitive deps.
Original commit: elastic/x-pack-elasticsearch@5c41657b6e
Currently, running any task while attached to elasticsearch will also
try to run that task in all elasticsearch projects. This change causes
x-plugins to be moved into a subproject when attached. It does this by
dynamically creating a fake root project, and making this root project
think it is attached to the existing attachments, along with x-plugins
itself.
This also fixes buildSrc so attachment to elasticsearch's buildSrc
actually works.
Original commit: elastic/x-pack-elasticsearch@da0adf1da5
This commit adds SuppressForbidden annotations to command line tools to
still allow to call System#exit() (see also issue 12596 in ES core).
Original commit: elastic/x-pack-elasticsearch@1dd3f1dcb1
The cache provides a get method with a callable to load the value into the cache. Our callable
performs authentication and then returns a value. The issue with this is that the cache will queue
concurrent calls if a value is already being loaded and return the result to all callers. This is
problematic since the key is only the username and we do not validate the credentials as part of
the get call. This means it is possible for valid credentials to be returned a null user and authentication
fails.
Additionally, another variant exists where it is possible for invalid credentials to be returned a valid
user, which allows an attacker to gain access by only knowing a username and issuing a large number
of concurrent requests.
Closeselastic/elasticsearch#860
Original commit: elastic/x-pack-elasticsearch@3d122d3bbb
debadair
Colin Goodheart-Smithe
Ryan Ernst
Robert Muir
jaymode
Tanguy Leroux
Martijn van Groningen
Chris Earle
Lee Hinman
Areek Zillur
Simon Willnauer
Simon Willnauer
Daniel Mitterdorfer
javanna
Suyog Rao