In a follow up (#128993) remaining lenient usage of booleans will be deprecated, to eventually remove everything except for a few places requiring lenient parsing by means of Booleans.parseBooleanLenient - which is a wrapper around Boolean.parseBoolean.
---------
Co-authored-by: Moritz Mack <mmack@apache.org>
Restructures docker files for docker distributions
- Put Dockerfiles in specific distro specific folders keeping "Dockerfile" naming convention
- Allows better ide support
- Allows easier renovate integration
- Explicitly set base image in dockerfile
- simplify renovate configuration
- Cleanup DockerBase file to not contain ess fips base image information
This lives now in the Dockerfile content directly
* Workaround docker test issue
* Fix labels for fips image
* [Test] Rework detecting elasticsearch process in docker tests
This tweaks detecting the elasticsearch process id by using jps instead of ps which has been problematic in the past exceeding available COLUMN sizes due to es commandline invocation getting longer and longer
* Remove few muted tests
* Reuse ps for detecting processes but use pipe to find the right one
jps doesnt work well with different users
* Tweak java command running lookup to work with wolfi
* Cleanup changes
* [CI] Auto commit changes from spotless
---------
Co-authored-by: elasticsearchmachine <infra-root+elasticsearchmachine@elastic.co>
With this PR we restrict the paths we allow access to, forbidding plugins to specify/request entitlements for reading or writing to specific protected directories.
I added this validation to EntitlementInitialization, as I wanted to fail fast and this is the earliest occurrence where we have all we need: PathLookup to resolve relative paths, policies (for plugins, server, agents) and the Paths for the specific directories we want to protect.
Relates to ES-10918
Making the `es.queryable_built_in_roles_enabled` feature flag enabled by default.
This feature makes the built-in roles automatically indexed in `.security` index and available
for querying via Query Role API. The consequence of this is that `.security` index is now
created eagerly (if it's not existing) on cluster formation.
In order to keep the scope of this PR small, the feature is disabled for some of the tests,
because they are either non-trivial to adjust or the gain is not worthy the effort to do it now.
The tests will be adjusted in a follow-up PR and later the flag will be removed completely.
Relates to #117581
Lintian test has been changed to parse the result instead of using exit
code. This was required, because now `mismatched-override` is
non-erasable tag which cannot be ignored for exit code.
Lintian introduced non-backward-compatible format change for overrides
file. Because of that, some overrides are now duplicated in a format for
older versions.
Additionally, Lintian overrides file has been cleaned up to remove the
tags which are no longer failing.
The libs projects are configured to all begin with `elasticsearch-`.
While this is desireable for the artifacts to contain this consistent
prefix, it means the project names don't match up with their
directories. Additionally, it creates complexities for subproject naming
that must be manually adjusted.
This commit adjusts the project names for those under libs to be their
directory names. The resulting artifacts for these libs are kept the
same, all beginning with `elasticsearch-`.
* Replace cloud-ess docker image with wolfi-ess
We just replaced the existing implementation of cloud-ess with what was wolfi-ess which is a wolfi based ess image.
The cloud image itself will be removed in a future commit it was not used anywhere
* Switch to test cloud docker image instead of default docker in packaging pr tests.
This adds way more coverage than the default docker image which is also barely touched
* Add more missing wolfi references to fix tests
* packaging tests require access to docker registry
* Fix symlink for es distributions jdk cacerts in wolfi docker
* Fix native support on wolfi images
* Fix provided keystore packaging tests for wolfi
* Add utils used for testing to wolfi image
* Explicitly set default shell to bash in docker images
* Fix docker config issues
* Apply review feedback around docker login
---------
Co-authored-by: Rene Groeschke <rene@elastic.co>
Memory locking on Windows with the bundled jdk was broken by native
access refactoring. This commit fixes the linking issue, as well as adds
a packaging test to ensure memory locking is invoked on all supported
platforms.
This is an attempt to fix occasional test failures where asserting on a
request response fails because the cluster has not finished
initialization and cannot yet serve requests.
Closes#109660
* Only resolve latest patch version for resolveAllDependencies
This should avoid downloading to many elasticsearch distributions
and reduce disk usage and speed up image creations.
* Some cleanup
Bootstrap checks are an important part of ensuring proper Elasticsearch
configuration. They are often system dependent, so checking they work on
each supported platform should be part of testing. This commit adjusts
packaging tests to enable bootstrap checks.
Previously readiness waited only on a master node being elected.
Recently it was also made to wait on file settings being applied. Yet
the node may be fully started before those file settings are applied.
The test expected readiness was ok after the node finishes starting.
This commit retries the readiness check until it succeeds since
readiness state will be updated async to the node finishing starting.
closes#108523
Packaging tests have several files that may be useful in debugging
failures. Additionally, we sometimes have assertions for which we want
to catch them and emit additional debugging info. This commit guards
the common ways that Elasticsearch is started and assertions are run
with dumping all debug information available.
This commit decouples the version used in enrollment tokens from node
version, as part of the larger effort to make versioning more granular.
The changes are relatively minimal, as the version encoded into
enrollment tokens is not actually used anywhere as far as I can tell,
either in Elasticsearch or Kibana, apart from checks that it is present.
That said, I've been around the block enough times to know better than
to remove a perfectly good version field that's already in something
like this.
kvanerum