Commit Graph

1765 Commits

Author SHA1 Message Date
xuzha 668371c945 Forbid index name with '.' and '..'.
Fixes #13858
2015-10-04 20:05:43 -07:00
Jason Tedor d3cef85352 Remove unnecessary call to MessageDigest.reset 2015-10-04 21:02:50 -04:00
Jason Tedor e5a10e9520 Merge pull request #13907 from jasontedor/hash-be-gone
Remove and forbid use of com.google.common.hash.*
2015-10-04 16:26:12 -04:00
Jason Tedor 67d1c70c2d Remove and forbid use of com.google.common.hash.*
This commit removes and now forbids all uses of
com.google.common.hash.HashCode, com.google.common.hash.HashFunction,
and com.google.common.hash.Hashing across the codebase. This is one of
the few remaining steps in the eventual removal of Guava as a
dependency.

Relates #13224
2015-10-04 16:01:24 -04:00
Simon Willnauer 96206dfd2a [TEST] Work around how OS / GIT handles line separator 2015-10-04 21:46:40 +02:00
xuzha b19be2c34a DiskThresholdDecider check data nodes number
Right now, we allow allocation if there is only a single node in the
cluster. it would be nice to fail open when there is only one data node
(instead of only one node total).

closes #9391
2015-10-03 16:16:51 -07:00
Yannick Welsch cdb00371da Merge pull request #13828 from ywelsch/fix-snapshot-restore-throttling
Snapshot restore operations throttle more than specified
2015-10-03 16:40:27 +02:00
Yannick Welsch 03a4e226f1 Snapshot restore operations throttle more than specified
Lucene's RateLimiter can do too much sleeping on small values (see also #6018).
The issue here is that calls to "pause" are not properly guarded in "restoreFile".

Instead of simply adding the guard, this commit uses the RateLimitingInputStream similar as for "snapshotFile".

Closes #13828
2015-10-03 16:39:00 +02:00
Simon Willnauer 04e892634e Verify Checksum once it has been fully written to fail as soon as possible
Today we are relying on calling Store.verify on the closed stream to validate the
checksum. This is still necessary to catch file truncation but for an actually corrupted
file or checksum we can fail early and check the checksum against the actual metadata
once it's been fully written to the VerifyingIndexOutput.
2015-10-02 21:49:07 +02:00
Jason Tedor 5fbf3494fe Merge pull request #13909 from jasontedor/immutable-collections-be-gone
Remove and forbid use of com.google.common.collect.ImmutableCollection
2015-10-02 15:18:34 -04:00
Jason Tedor 7447eb9842 Remove and forbid use of com.google.common.collect.ImmutableCollection
This commit removes and now forbids all uses of
com.google.common.collect.ImmutableCollection across the codebase. This
is one of the final steps in the eventual removal of Guava as a
dependency.

Relates #13224
2015-10-02 18:27:30 +02:00
Jason Tedor a5f9cd98d8 Remove and forbid use of com.google.common.o.Resources
This commit removes and now forbids all uses of
com.google.common.io.Resources across the codebase. This is one of the
few remaining steps in the eventual removal of Guava as a dependency.

Relates #13224
2015-10-02 17:42:40 +02:00
Michael McCandless 5278cf0d5e Merge pull request #13870 from mikemccand/close_tokenstream
Close TokenStream in finally clause
2015-10-02 14:43:26 +01:00
Xu Zhang 7b74f0ddc9 Merge pull request #13783 from andrestc/feature/disk-used-by-es
Adds disk used by indices to _cat/allocation

closes #13529
2015-10-01 11:26:58 -07:00
Simon Willnauer d9b68a7674 Call verify on index input after copying 2015-10-01 16:48:37 +02:00
Simon Willnauer bd66c4bb0d [TEST] Add some debug output to HasChildQueryBuilderTests 2015-10-01 16:13:34 +02:00
André Carvalho 03c6e8e1cb Adds disk used by indices to _cat/allocation
Sets Store flag on request
2015-10-01 08:16:58 -03:00
Simon Willnauer edac9c17fa [TEST] ensure files are synced otherwise MDW will corrupt them afterwards 2015-10-01 10:46:55 +02:00
David Pilato 264fb5f3a2 Merge remote-tracking branch 'origin/master' 2015-10-01 07:14:08 +02:00
Robert Muir 8c4bc7d10b Nuke ES_CLASSPATH appending, JarHell fail on empty classpath elements
Closes #13880

Squashed commit of the following:

commit 316a328e5032e580ba840db993d907631334aac0
Author: Robert Muir <rmuir@apache.org>
Date:   Wed Sep 30 16:57:47 2015 -0400

    windows is terrible

commit 0406b560c58bf833f8d77af9c7cf3386771dd9c5
Author: Robert Muir <rmuir@apache.org>
Date:   Wed Sep 30 16:43:09 2015 -0400

    Nuke ES_CLASSPATH appending

    Out of box, ES expects its stuff to be in particular places. We should not be appending to ES_CLASSPATH, allowing users to specify stuff there, like we do in elasticsearch.bin.sh

    If the user sets it, its not going to work out of box.

    Closes #13812

commit 415d8972df28eddec322bb6d70100a1993fa95f6
Author: Robert Muir <rmuir@apache.org>
Date:   Wed Sep 30 16:26:35 2015 -0400

    Fail hard on empty classpath elements.

    This can happen easily, if somehow old 1.x shellscripts survive and try to launch 2.x code.
    I have the feeling this happens maybe because of packaging upgrades or something.
    Either way: we can just fail hard and clear in this situation, rather than the current situation
    where CWD might be /, and we might traverse the entire filesystem until we hit an error...

    Relates to #13864
2015-09-30 18:59:27 -04:00
David Pilato 28f82fb568 Update version incompatibility message for plugin manager
When the plugin manager does not find in `plugin-descriptor.properties` the exact same elasticsearch version it was built on
as the current elasticsearch version, it fails with a message like:

```
ERROR: Elasticsearch version [2.0.0-beta1] is too old for plugin [elasticsearch-mapper-attachments]
```

Actually, the message should be:

```
Plugin [elasticsearch-mapper-attachments] is incompatible with Elasticsearch [2.0.0.beta2]. Was designed for version [2.0.0.beta1].
```

The opposite is true. If you try to install a version of a plugin which was built with a newer version of elasticsearch, it will fail the same way:

```
Plugin [elasticsearch-mapper-attachments] is incompatible with Elasticsearch [2.0.0.beta1]. Was designed for version [2.0.0.beta2].
```
2015-10-01 00:35:17 +02:00
Martijn van Groningen eace065931 Merge pull request #13878 from martijnvg/fix_some_messy_tests
fixed some messy tests
2015-09-30 22:13:50 +02:00
Martijn van Groningen dc858d2008 test: fixed some messy tests 2015-09-30 21:48:17 +02:00
Simon Willnauer 5915309939 Fix part size calculation if all parts are of the same size
Relates to #13574
2015-09-30 21:29:00 +02:00
Christoph Büscher 97db3d5ef6 Tests: fix test by making copy of geopoints in assertLuceneQuery 2015-09-30 20:47:39 +02:00
Simon Willnauer 4886562d78 Don't get IndexShard instance in the executor but use already availale instance
We try to get the index shard instance again from the index service on a different
threads while that shard might have already been closed or removed which can cause a NPE
instead of another expected expecption.
2015-09-30 20:43:22 +02:00
Simon Willnauer 9d12c38f44 [TEST] Don't corrupt extraFS files 2015-09-30 20:02:55 +02:00
Simon Willnauer f2ae29a1cb [TEST] don't run check index on an intentionally corrupted index 2015-09-30 20:00:53 +02:00
mikemccand a321300e9c another try-with-resources 2015-09-30 17:46:22 +02:00
Simon Willnauer e38f4cf01e Start making RecoverySourceHandler unittestable
This commit shuffels and rewrites some code in RecoverySourceHandler to make it
simpler and more unittestable. This commit doesn't change all parts of this class
neither is it fully tested yet. It's an important part of the infrastrucutre so I started
to make it better tested but I don't want to change everything in one go since it makes
review simpler and more detailed. Future commits will continue cleaning up the class and
add more tests.
2015-09-30 17:45:29 +02:00
mikemccand dc01450d95 cutover more Analyzer.tokenStream to try-with-resources 2015-09-30 17:37:26 +02:00
Simon Willnauer f0a8c10c87 [TEST] only trim for the comparison 2015-09-30 17:00:39 +02:00
Boaz Leskes 169d06cf9e Internal: Remove the disabled autogenerated id optimization from InternalEngine
If a document is indexed into ES with no id, ES will generate one for it. We used to have an optimization for this case where the engine will not try to resolve the ids of these request in the existing index but immediately try to index them. This optimization has proven to be the source of brittle bugs (solved!) and we disabled it in 1.5, preparing for it to be removed if no performance degradation was found. Since we haven't seen any such degradation we can remove it.

Along with the removal of the optmization, we can remove the autogenerate id flag on indexing requests and the can have duplicate flag. The only downside of the removal of the canHaveDuplicate flag is that we can't make sure any more that when we retry an autogenerated id create operation we will ignore any document already exists exception (See #9125 for background and discussion). To work around this, we don't set the operation to CREATE any more when we generate an id, so the resulting request will never fail when it finds an existing doc but do return a version of 2. I think that's acceptable.

Closes #13857
2015-09-30 16:16:51 +02:00
mikemccand bb613bcacd move close responsibility back down to SuggestUtils.analyze 2015-09-30 15:44:35 +02:00
Simon Willnauer c185a12ef8 Verify actually written checksum in VerifyingIndexOutput
today we don't verify that the actual checksum written to VerifyingIndexOutput
is the actual checksum we are expecting.
2015-09-30 15:33:05 +02:00
Simon Willnauer 6fff824402 Remove ClusterSerivce and IndexSettingsService dependency from IndexShard
We have two unneded heavy dependencies on IndexShard that are unneeded and only cause
trouble if you try to mock index shard. This commit removes IndexSettingsService as well as
ClusterSerivce from IndexShard to simplify future mocking and construction.
2015-09-30 14:19:26 +02:00
mikemccand 433774fa6a close TokenStream in finally 2015-09-30 12:59:00 +02:00
Tanguy Leroux d715dfd16c Fix blob size in writeBlob() method 2015-09-30 12:33:14 +02:00
javanna a3abfab865 Query refactoring: set has_parent & has_child types context properly
While refactoring has_child and has_parent query we lost an important detail around types. The types that the inner query gets executed against shouldn't be the main types of the search request but the parent or child type set to the parent query. We used to use QueryParseContext#setTypesWithPrevious as part of XContentStructure class which has been deleted, without taking care though of setting the types and restoring them as part of the innerQuery#toQuery call.

Meanwhile also we make sure that the original context types are restored in PercolatorQueriesRegistry

Closes #13863
2015-09-30 12:07:26 +02:00
Robert Muir b8b8bdac40 Add 2.2.0 version to master 2015-09-29 19:50:13 -04:00
Robert Muir 6d8c035f70 Add SpecialPermission to guard exceptions to security policy.
Closes #13854

Squashed commit of the following:

commit 42c1166efc55adda0d13fed77de583c0973e44b3
Author: Robert Muir <rmuir@apache.org>
Date:   Tue Sep 29 11:59:43 2015 -0400

    Add paranoia

    Groovy holds on to a classloader, so check it before compilation too.
    I have not reviewed yet what Rhino is doing, but just be safe.

commit b58668a81428e964dd5ffa712872c0a34897fc91
Author: Robert Muir <rmuir@apache.org>
Date:   Tue Sep 29 11:46:06 2015 -0400

    Add SpecialPermission to guard exceptions to security policy.

    In some cases (e.g. buggy cloud libraries, scripting engines), we must
    grant dangerous permissions to contained cases. Those AccessController blocks
    are dangerous, since they truncate the stack, and can allow privilege escalation.

    This PR adds a simple permission to check before each one, so that unprivileged code
    like groovy scripts, can't do anything they shouldn't be allowed to do otherwise.
2015-09-29 17:32:56 -04:00
Robert Muir ad6bc5b94c Throw exception on unsupported OS, so we don't falsely report 'enabled' 2015-09-29 17:16:00 -04:00
Simon Willnauer bdc21078ca [TEST] don't copy write locks or extraFS files 2015-09-29 17:01:46 +02:00
Jason Tedor 464d48cda6 Merge pull request #13847 from jasontedor/workaround-jdk-8056984
Workaround JDK-8056984
2015-09-29 16:49:44 +02:00
Jason Tedor ba0643da2b Workaround JDK-8056984
This commit works around JDK bug JDK-8056984 in the javac compiler.
This bug is impacting CI compilations on JDK 8u25.
2015-09-29 16:45:57 +02:00
Robert Muir d54dd63825 Merge pull request #13844 from rmuir/lock_down_classloader_and_reflection
Clean up scripting permissions.
2015-09-29 10:35:52 -04:00
Simon Willnauer 3b5ed08d49 Refactor StoreRecoveryService to be a simple package private util class
StoreRecoveryService used to be a pretty heavy class with lots of dependencies.
This class was basically not testable in isolation and had an async API with a listener.
This commit refactors this class to be a simple utility classs with a sync API hidden behind
the IndexShard interface. It includes single node tests and moves all the async properities to
the caller side.
Note, this change also removes the mapping update on master from the store recovery code since
it's not needed anymore in 3.0 because all stores have been subject to sync mapping updates such
that the master already has all the mappings for documents that made it into the transaction log.

Closes #13766
2015-09-29 15:59:21 +02:00
Robert Muir eeeb42abef Clean up scripting permissions.
Now that groovy is factored out, we contain this dangerous stuff there.

TODO: look into those test hacks inspecting class protection domains, maybe we can
clean that one up too.

TODO: generalize the GroovyCodeSourcePermission to something all script engines check,
before entering accesscontrollerblocks. this way e.g. groovy script cannot coerce
python engine into creating something with more privs if it gets ahold of it... we
should probably protect the aws/gce hacks in the same way.
2015-09-29 09:54:12 -04:00
Jason Tedor 882fe0784c Merge pull request #13842 from jasontedor/workaround-jdk-8056014
Workaround JDK-8056014
2015-09-29 15:43:25 +02:00
Nik Everett 8a7f9edf02 Merge pull request #13820 from nik9000/immutable_set_be_gone_2
Finish banning ImmutableSet
2015-09-29 15:34:34 +02:00