Merge branch 'master' into issue_37107

* master: Deprecate _type from LeafDocLookup (elastic#37491) Allow system privilege to execute proxied actions (elastic#37508) Update Put Watch to allow unknown fields (elastic#37494) AwaitsFix testAddNewReplicas SQL: Add protocol tests and remove jdbc_type from drivers response (elastic#37516) SQL: [Docs] Add an ES-SQL column for data types (elastic#37529) IndexMetaData#mappingOrDefault doesn't need to take a type argument. (elastic#37480) Simplify + Cleanup Dead Code in Settings (elastic#37341) Reject all requests that have an unconsumed body (elastic#37504) [Ml] Prevent config snapshot failure blocking migration (elastic#37493) Fix line length for aliases and remove suppression (elastic#37455) Add SSL Configuration Library (elastic#37287) SQL: Remove slightly used meta commands (elastic#37506) Simplify Snapshot Create Request Handling (elastic#37464) Remove the use of AbstracLifecycleComponent constructor elastic#37488 (elastic#37488) [ML] log minimum diskspace setting if forecast fails due to insufficient d… (elastic#37486)
cshtdd · Jan 16, 2019 · d06ba4d · d06ba4d
2 parents 1345cc4 + 3d8c046
commit d06ba4d
Show file tree

Hide file tree

Showing 175 changed files with 6,558 additions and 1,700 deletions.
diff --git a/buildSrc/src/main/resources/checkstyle_suppressions.xml b/buildSrc/src/main/resources/checkstyle_suppressions.xml
@@ -46,10 +46,6 @@
   <suppress files="client[/\\]rest-high-level[/\\]src[/\\]test[/\\]java[/\\]org[/\\]elasticsearch[/\\]client[/\\]documentation[/\\]WatcherDocumentationIT.java" id="SnippetLength" />
   <suppress files="modules[/\\]reindex[/\\]src[/\\]test[/\\]java[/\\]org[/\\]elasticsearch[/\\]client[/\\]documentation[/\\]ReindexDocumentationIT.java" id="SnippetLength" />
 
-  <!-- Hopefully temporary suppression of LineLength on files that don't pass it. We should remove these when we the
-    files start to pass. -->
-  <suppress files="server[/\\]src[/\\]test[/\\]java[/\\]org[/\\]elasticsearch[/\\]aliases[/\\]IndexAliasesIT.java" checks="LineLength" />
-
   <!-- Gradle requires inputs to be seriablizable -->
   <suppress files="buildSrc[/\\]src[/\\]main[/\\]java[/\\]org[/\\]elasticsearch[/\\]gradle[/\\]precommit[/\\]TestingConventionRule.java" checks="RegexpSinglelineJava" />
 </suppressions>
diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/watcher/PutWatchResponse.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/watcher/PutWatchResponse.java
@@ -20,17 +20,15 @@
 
 import org.elasticsearch.common.ParseField;
 import org.elasticsearch.common.xcontent.ObjectParser;
-import org.elasticsearch.common.xcontent.ToXContentObject;
-import org.elasticsearch.common.xcontent.XContentBuilder;
 import org.elasticsearch.common.xcontent.XContentParser;
 
 import java.io.IOException;
 import java.util.Objects;
 
-public class PutWatchResponse implements ToXContentObject {
+public class PutWatchResponse {
 
     private static final ObjectParser<PutWatchResponse, Void> PARSER
-        = new ObjectParser<>("x_pack_put_watch_response", PutWatchResponse::new);
+        = new ObjectParser<>("x_pack_put_watch_response", true, PutWatchResponse::new);
 
     static {
         PARSER.declareString(PutWatchResponse::setId, new ParseField("_id"));
@@ -90,15 +88,6 @@ public int hashCode() {
         return Objects.hash(id, version, created);
     }
 
-    @Override
-    public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
-        return builder.startObject()
-            .field("_id", id)
-            .field("_version", version)
-            .field("created", created)
-            .endObject();
-    }
-
     public static PutWatchResponse fromXContent(XContentParser parser) throws IOException {
         return PARSER.parse(parser, null);
     }

diff --git a/...rest-high-level/src/test/java/org/elasticsearch/client/watcher/PutWatchResponseTests.java b/...rest-high-level/src/test/java/org/elasticsearch/client/watcher/PutWatchResponseTests.java
@@ -18,28 +18,37 @@
  */
 package org.elasticsearch.client.watcher;
 
-import org.elasticsearch.common.xcontent.XContentParser;
-import org.elasticsearch.test.AbstractXContentTestCase;
+import org.elasticsearch.common.xcontent.XContentBuilder;
+import org.elasticsearch.test.ESTestCase;
 
 import java.io.IOException;
 
-public class PutWatchResponseTests extends AbstractXContentTestCase<PutWatchResponse> {
+import static org.elasticsearch.test.AbstractXContentTestCase.xContentTester;
 
-    @Override
-    protected PutWatchResponse createTestInstance() {
-        String id = randomAlphaOfLength(10);
-        long version = randomLongBetween(1, 10);
-        boolean created = randomBoolean();
-        return new PutWatchResponse(id, version, created);
+public class PutWatchResponseTests extends ESTestCase {
+
+    public void testFromXContent() throws IOException {
+        xContentTester(this::createParser,
+            PutWatchResponseTests::createTestInstance,
+            PutWatchResponseTests::toXContent,
+            PutWatchResponse::fromXContent)
+            .supportsUnknownFields(true)
+            .assertToXContentEquivalence(false)
+            .test();
     }
 
-    @Override
-    protected PutWatchResponse doParseInstance(XContentParser parser) throws IOException {
-        return PutWatchResponse.fromXContent(parser);
+    private static XContentBuilder toXContent(PutWatchResponse response, XContentBuilder builder) throws IOException {
+        return builder.startObject()
+            .field("_id", response.getId())
+            .field("_version", response.getVersion())
+            .field("created", response.isCreated())
+            .endObject();
     }
 
-    @Override
-    protected boolean supportsUnknownFields() {
-        return false;
+    private static PutWatchResponse createTestInstance() {
+        String id = randomAlphaOfLength(10);
+        long version = randomLongBetween(1, 10);
+        boolean created = randomBoolean();
+        return new PutWatchResponse(id, version, created);
     }
 }
diff --git a/docs/reference/sql/language/data-types.asciidoc b/docs/reference/sql/language/data-types.asciidoc
@@ -5,41 +5,44 @@
 
 beta[]
 
-Most of {es} <<mapping-types, data types>> are available in {es-sql}, as indicated below:
+Most of {es} <<mapping-types, data types>> are available in {es-sql}, as indicated below.
+As one can see, all of {es} <<mapping-types, data types>> are mapped to the data type with the same
+name in {es-sql}, with the exception of **date** data type which is mapped to **datetime** in {es-sql}:
 
-[cols="^,^m,^"]
+[cols="^,^m,^,^"]
 
 |===
 s|{es} type
+s|{es-sql} type
 s|SQL type
 s|SQL precision
 
-3+h| Core types
-
-| <<null-value, `null`>>      | null        | 0
-| <<boolean, `boolean`>>      | boolean     | 1
-| <<number, `byte`>>          | tinyint     | 3
-| <<number, `short`>>         | smallint    | 5
-| <<number, `integer`>>       | integer     | 10
-| <<number, `long`>>          | bigint      | 19
-| <<number, `double`>>        | double      | 15
-| <<number, `float`>>         | real        | 7
-| <<number, `half_float`>>    | float       | 16
-| <<number, `scaled_float`>>  | float       | 19
-| <<keyword, `keyword`>>      | varchar     | based on <<ignore-above>>
-| <<text, `text`>>            | varchar     | 2,147,483,647
-| <<binary, `binary`>>        | varbinary   | 2,147,483,647
-| <<date, `date`>>            | timestamp   | 24
-| <<ip, `ip`>>                | varchar     | 39
-                                
-3+h| Complex types              
-                                
-| <<object, `object`>>        | struct      | 0
-| <<nested, `nested`>>        | struct      | 0
-
-3+h| Unsupported types
-
-| _types not mentioned above_ | unsupported | 0
+4+h| Core types
+
+| <<null-value, `null`>>      | null          | NULL        | 0
+| <<boolean, `boolean`>>      | boolean       | BOOLEAN     | 1
+| <<number, `byte`>>          | byte          | TINYINT     | 3
+| <<number, `short`>>         | short         | SMALLINT    | 5
+| <<number, `integer`>>       | integer       | INTEGER     | 10
+| <<number, `long`>>          | long          | BIGINT      | 19
+| <<number, `double`>>        | double        | DOUBLE      | 15
+| <<number, `float`>>         | float         | REAL        | 7
+| <<number, `half_float`>>    | half_float    | FLOAT       | 16
+| <<number, `scaled_float`>>  | scaled_float  | FLOAT       | 19
+| <<keyword, `keyword`>>      | keyword       | VARCHAR     | based on <<ignore-above>>
+| <<text, `text`>>            | text          | VARCHAR     | 2,147,483,647
+| <<binary, `binary`>>        | binary        | VARBINARY   | 2,147,483,647
+| <<date, `date`>>            | datetime      | TIMESTAMP   | 24
+| <<ip, `ip`>>                | ip            | VARCHAR     | 39
+
+4+h| Complex types
+
+| <<object, `object`>>        | object        | STRUCT      | 0
+| <<nested, `nested`>>        | nested        | STRUCT      | 0
+
+4+h| Unsupported types
+
+| _types not mentioned above_ | unsupported   | OTHER       | 0
 
 |===
 

diff --git a/libs/ssl-config/build.gradle b/libs/ssl-config/build.gradle
@@ -0,0 +1,42 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+dependencies {
+    compile "org.elasticsearch:elasticsearch-core:${version}"
+
+    if (isEclipse == false || project.path == ":libs:ssl-config-tests") {
+        testCompile("org.elasticsearch.test:framework:${version}") {
+            exclude group: 'org.elasticsearch', module: 'elasticsearch-ssl-config'
+        }
+    }
+
+    testCompile "com.carrotsearch.randomizedtesting:randomizedtesting-runner:${versions.randomizedrunner}"
+    testCompile "junit:junit:${versions.junit}"
+    testCompile "org.hamcrest:hamcrest-all:${versions.hamcrest}"
+}
+
+forbiddenApisMain {
+    replaceSignatureFiles 'jdk-signatures'
+}
+forbiddenPatterns {
+    exclude '**/*.key'
+    exclude '**/*.pem'
+    exclude '**/*.p12'
+    exclude '**/*.jks'
+}
diff --git a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/DefaultJdkTrustConfig.java b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/DefaultJdkTrustConfig.java
@@ -0,0 +1,128 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.common.ssl;
+
+import org.elasticsearch.common.Nullable;
+
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509ExtendedTrustManager;
+import java.io.IOException;
+import java.nio.file.Path;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.function.BiFunction;
+
+/**
+ * This class represents a trust configuration that corresponds to the default trusted CAs of the JDK
+ */
+final class DefaultJdkTrustConfig implements SslTrustConfig {
+
+    private final BiFunction<String, String, String> systemProperties;
+    private final char[] trustStorePassword;
+
+    /**
+     * Create a trust config that uses System properties to determine the TrustStore type, and the relevant password.
+     */
+    DefaultJdkTrustConfig() {
+        this(System::getProperty);
+    }
+
+    /**
+     * Create a trust config that uses supplied {@link BiFunction} to determine the TrustStore type, and the relevant password.
+     */
+    DefaultJdkTrustConfig(BiFunction<String, String, String> systemProperties) {
+        this(systemProperties, isPkcs11Truststore(systemProperties) ? getSystemTrustStorePassword(systemProperties) : null);
+    }
+
+    /**
+     * @param trustStorePassword the password for the truststore. It applies only when PKCS#11 tokens are used, is null otherwise
+     */
+    DefaultJdkTrustConfig(BiFunction<String, String, String> systemProperties, @Nullable char[] trustStorePassword) {
+        this.systemProperties = systemProperties;
+        this.trustStorePassword = trustStorePassword;
+    }
+
+    @Override
+    public X509ExtendedTrustManager createTrustManager() {
+        try {
+            return KeyStoreUtil.createTrustManager(getSystemTrustStore(), TrustManagerFactory.getDefaultAlgorithm());
+        } catch (GeneralSecurityException e) {
+            throw new SslConfigException("failed to initialize a TrustManager for the system keystore", e);
+        }
+    }
+
+    /**
+     * When a PKCS#11 token is used as the system default keystore/truststore, we need to pass the keystore
+     * password when loading, even for reading certificates only ( as opposed to i.e. JKS keystores where
+     * we only need to pass the password for reading Private Key entries ).
+     *
+     * @return the KeyStore used as truststore for PKCS#11 initialized with the password, null otherwise
+     */
+    private KeyStore getSystemTrustStore() {
+        if (isPkcs11Truststore(systemProperties) && trustStorePassword != null) {
+            try {
+                KeyStore keyStore = KeyStore.getInstance("PKCS11");
+                keyStore.load(null, trustStorePassword);
+                return keyStore;
+            } catch (GeneralSecurityException | IOException e) {
+                throw new SslConfigException("failed to load the system PKCS#11 truststore", e);
+            }
+        }
+        return null;
+    }
+
+    private static boolean isPkcs11Truststore(BiFunction<String, String, String> systemProperties) {
+        return systemProperties.apply("javax.net.ssl.trustStoreType", "").equalsIgnoreCase("PKCS11");
+    }
+
+    private static char[] getSystemTrustStorePassword(BiFunction<String, String, String> systemProperties) {
+        return systemProperties.apply("javax.net.ssl.trustStorePassword", "").toCharArray();
+    }
+
+    @Override
+    public Collection<Path> getDependentFiles() {
+        return Collections.emptyList();
+    }
+
+    @Override
+    public String toString() {
+        return "JDK-trusted-certs";
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        final DefaultJdkTrustConfig that = (DefaultJdkTrustConfig) o;
+        return Arrays.equals(this.trustStorePassword, that.trustStorePassword);
+    }
+
+    @Override
+    public int hashCode() {
+        return Arrays.hashCode(trustStorePassword);
+    }
+}