This commit adds the ability to refresh tokens that have been obtained by the API using a refresh
token. Refresh tokens are one time use tokens that are valid for 24 hours. The tokens may be used
to get a new access and refresh token if the refresh token has not been invalidated or
already refreshed.
relates elastic/x-pack-elasticsearch#2595
Original commit: elastic/x-pack-elasticsearch@23435eb815
This isn't pretty but it removes our need to compile with parameter
names in the debug symbols and the use of reflection during tree
transforms. `instanceof` is still used. It does so by forcing all
subclasses of `Node` to implement two methods like this:
```
@Override
protected NodeInfo<PercentileRank, Expression> info() {
return info(this, PercentileRank::new, field(), value());
}
@Override
protected Expression replaceChildren(List<Expression> newChildren) {
if (newChildren.size() != 2) {
throw new IllegalArgumentException("Expected [2] children but got [" + newChildren.size() + "]");
}
return new PercentileRank(location(), newChildren.get(0), newChildren.get(1));
}
```
Every. Single. One.
This is tedious and painful and you have to do each one perfectly,
but it *is* checked by the compiler so it is less scary then the reflection
based approach it is replacing. Marginally. It is still pretty terrifying because
it requires so many tiny changes. While the compiler *does* check that
you've made all the right methods it doesn't check that you've implemented
them correctly.
Technically relates elastic/x-pack-elasticsearch#2871 but doesn't really close the "OO all the things" spirit
of elastic/x-pack-elasticsearch#2871.
A change like this deserves a million tests. Instead, I've created a hacky
reflection based test that attempts to verify that all subclasses of `Node`
implement these method correctly for some test verifiable definition of
"correct".
Original commit: elastic/x-pack-elasticsearch@a69ab634f4
This is related to elastic/x-pack-elasticsearch#3246. This commit adds a SSL/TLS layer to the nio
work implemented in the SSLChannelContext and SSLDriver classes.
This work is used to build up a SecurityNioTransport implementation.
This transport does yet offer feature parity with our normal security
transport. It mainly offers SSL/TLS security.
Original commit: elastic/x-pack-elasticsearch@d0e0484418
The cluster state listener used by watch now have two additional checks.
First, when no master node exists in the cluster state, watcher will
stop and the indexing listener will not try to trigger any new watch.
Second, when there is a global cluster write level block, it would not
be possible to update the watches index or write into the watcher
history, so the listener can bail at that case as well.
In addition this also changes the log level from debug to info when
watcher is stopped. It turned out that there are zero insights when or
if watcher is stopped when normal logging is activated. This makes it
super hard for support to know when watcher is stopped or started at all
due to shards being moved around.
Original commit: elastic/x-pack-elasticsearch@5e9ce24380
We need to start Gradle on the same JVM as runtime Java home to ensure
that certain tasks (e.g., third party audit) are run on all the flavors
of the JDK that we support (without this change it would only run on the
same JVM as Gradle which would usually be compiler Java home).
Relates elastic/x-pack-elasticsearch#3588
Original commit: elastic/x-pack-elasticsearch@d5f6a54fbe
* [Security] Handle cache expiry in token service
The keyCache on TokenService.KeyAndCache has a 60 minute expiry.
If the token service was idle for more than 60 minutes, the current
key would be expired and it would then fail to generate user tokens.
Original commit: elastic/x-pack-elasticsearch@fd98130a27
* Security Realms: Predictable ordering for realms
To have predictable ordering of realms, by having secondary
sorting on realm name resulting in stable and consistent documentation.
Documentation update describing how ordering of realms is determined.
Testing done by adding unit test for the change, ran gradle clean check locally.
relates elastic/x-pack-elasticsearch#3403
Original commit: elastic/x-pack-elasticsearch@98c42a8c51
* SQL: Wrap coercion in JdbcResultSet to throw SQLException
This catches the `ClassCastException` that could be thrown when retrieving data
from a result set, instead converting it into a `SQLException`.
Resolveselastic/x-pack-elasticsearch#3207
* Add simple test for incorrect coercion
Original commit: elastic/x-pack-elasticsearch@5480a48d95
We now separate the compiler Java home from the time runtime Java home
(the one that is used to compile class files versus the one that is used
to run tests). This commit adapts x-pack-elasticsearch to this change.
Relates elastic/x-pack-elasticsearch#3477
Original commit: elastic/x-pack-elasticsearch@bdb096e21c
* SQL: update support for nested docs
Expand sample data with nested docs
Optimize source generation for nested parents
Nested objects fields are specified in inner-hits and don't need to be
specified at the top-level query. Further more disable parent source if
not needed.
ComputingFieldRef needs to return the hitName of its wrapped children
otherwise nested values cannot be extracted
Disable GROUP BY/HAVING on nested fields
Update FieldAttribute requirements in the random tests
Original commit: elastic/x-pack-elasticsearch@e44951b5f6
When events are searched to be passed to the autodetect process, they
are currently calculated based on the latest record timestamp, when
a job opens, and `now` when the process is updated.
This commit changes both to be consistent and based on the earliest
valid timestamp for the job. The earliest valid timestamp is the
latest record timestamp minus the job latency.
Relates elastic/x-pack-elasticsearch#3016
Original commit: elastic/x-pack-elasticsearch@7f882ea053
* [Monitoring] Add uptime.ms field to Beats template
* Add cpu mapping [WIP]
* sort fields
* hierarchical - no dots in fields
* add rss, more event metrics, system cpu and os load
* fix some mapping errors
Original commit: elastic/x-pack-elasticsearch@59cbcb4ee5
This change makes the IndexLifecycleManager check for both index existence and up to date mappings
on the index prior to executing the provided runnable. Doing this provides a mechanism to make
non-breaking mapping updates to the security index in minor versions.
relates elastic/x-pack-elasticsearch#3462
Original commit: elastic/x-pack-elasticsearch@80f05d83b4