Merge remote-tracking branch 'upstream/main' into combine_global_chec…

…kpoint_with_location_sync
Tim-Brooks · May 27, 2023 · 7416a13 · 7416a13
2 parents fe18ed6 + e5e2a04
commit 7416a13
Show file tree

Hide file tree

Showing 10 changed files with 472 additions and 6 deletions.
diff --git a/modules/dlm/src/internalClusterTest/java/org/elasticsearch/dlm/DataLifecycleServiceIT.java b/modules/dlm/src/internalClusterTest/java/org/elasticsearch/dlm/DataLifecycleServiceIT.java
@@ -259,6 +259,7 @@ public void testUpdatingLifecycleAppliesToAllBackingIndices() throws Exception {
         });
     }
 
+    @AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/96084")
     public void testAutomaticForceMerge() throws Exception {
         /*
          * This test makes sure that (1) DLM does _not_ call forcemerge on an index in the same DLM pass when it rolls over the index and

diff --git a/...-api-spec/src/main/resources/rest-api-spec/api/security.create_cross_cluster_api_key.json b/...-api-spec/src/main/resources/rest-api-spec/api/security.create_cross_cluster_api_key.json
@@ -0,0 +1,34 @@
+{
+  "security.create_cross_cluster_api_key": {
+    "documentation": {
+      "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-cross-cluster-api-key.html",
+      "description": "Creates a cross-cluster API key for API key based remote cluster access."
+    },
+    "stability": "experimental",
+    "visibility": "feature_flag",
+    "feature_flag": "es.untrusted_remote_cluster_feature_flag_registered",
+    "headers": {
+      "accept": [
+        "application/json"
+      ],
+      "content_type": [
+        "application/json"
+      ]
+    },
+    "url": {
+      "paths": [
+        {
+          "path": "/_security/cross_cluster/api_key",
+          "methods": [
+            "POST"
+          ]
+        }
+      ]
+    },
+    "params": {},
+    "body": {
+      "description": "The request to create a cross-cluster API key",
+      "required": true
+    }
+  }
+}
diff --git a/...-api-spec/src/main/resources/rest-api-spec/api/security.update_cross_cluster_api_key.json b/...-api-spec/src/main/resources/rest-api-spec/api/security.update_cross_cluster_api_key.json
@@ -0,0 +1,39 @@
+{
+  "security.update_cross_cluster_api_key": {
+    "documentation": {
+      "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-update-cross-cluster-api-key.html",
+      "description": "Updates attributes of an existing cross-cluster API key."
+    },
+    "stability": "experimental",
+    "visibility": "feature_flag",
+    "feature_flag": "es.untrusted_remote_cluster_feature_flag_registered",
+    "headers": {
+      "accept": [
+        "application/json"
+      ],
+      "content_type": [
+        "application/json"
+      ]
+    },
+    "url": {
+      "paths": [
+        {
+          "path": "/_security/cross_cluster/api_key/{id}",
+          "methods": [
+            "PUT"
+          ],
+          "parts": {
+            "id": {
+              "type": "string",
+              "description": "The ID of the cross-cluster API key to update"
+            }
+          }
+        }
+      ]
+    },
+    "body": {
+      "description": "The request to update attributes of a cross-cluster API key.",
+      "required": true
+    }
+  }
+}
diff --git a/x-pack/docs/en/rest-api/security.asciidoc b/x-pack/docs/en/rest-api/security.asciidoc
@@ -61,6 +61,7 @@ without requiring basic authentication:
 [[security-api-keys]]
 === API Keys
 
+ifeval::["{release-state}"=="released"]
 Use the following APIs to create, retrieve and invalidate API keys for access
 without requiring basic authentication:
 
@@ -72,6 +73,30 @@ without requiring basic authentication:
 * <<security-api-query-api-key,Query API key>>
 * <<security-api-update-api-key,Update API key>>
 * <<security-api-bulk-update-api-keys,Bulk update API keys>>
+endif::[]
+
+ifeval::["{release-state}"!="released"]
+Use the following APIs to create and update API keys for access via the REST interface
+without requiring basic authentication:
+
+* <<security-api-create-api-key,Create API key>>
+* <<security-api-grant-api-key,Grant API key>>
+* <<security-api-update-api-key,Update API key>>
+* <<security-api-bulk-update-api-keys,Bulk update API keys>>
+
+Use the following APIs to create and update cross-cluster API keys for
+API key based remote cluster access:
+
+* <<security-api-create-cross-cluster-api-key,Create Cross-Cluster API key>>
+* <<security-api-update-cross-cluster-api-key,Update Cross-Cluster API key>>
+
+Use the following APIs to retrieve and invalidate API keys of all types:
+
+* <<security-api-get-api-key,Get API key>>
+* <<security-api-invalidate-api-key,Invalidate API key>>
+* <<security-api-query-api-key,Query API key>>
+* <<security-api-clear-api-key-cache,Clear API key cache>>
+endif::[]
 
 [discrete]
 [[security-user-apis]]
@@ -206,3 +231,7 @@ include::security/get-user-profile.asciidoc[]
 include::security/suggest-user-profile.asciidoc[]
 include::security/update-user-profile-data.asciidoc[]
 include::security/has-privileges-user-profile.asciidoc[]
+ifeval::["{release-state}"!="released"]
+include::security/create-cross-cluster-api-key.asciidoc[]
+include::security/update-cross-cluster-api-key.asciidoc[]
+endif::[]
diff --git a/x-pack/docs/en/rest-api/security/create-cross-cluster-api-key.asciidoc b/x-pack/docs/en/rest-api/security/create-cross-cluster-api-key.asciidoc
@@ -0,0 +1,9 @@
+[role="xpack"]
+[[security-api-create-cross-cluster-api-key]]
+=== Create Cross-Cluster API key API
+
+++++
+<titleabbrev>Create Cross-Cluster API key</titleabbrev>
+++++
+
+TODO: Placeholder
diff --git a/x-pack/docs/en/rest-api/security/update-cross-cluster-api-key.asciidoc b/x-pack/docs/en/rest-api/security/update-cross-cluster-api-key.asciidoc
@@ -0,0 +1,9 @@
+[role="xpack"]
+[[security-api-update-cross-cluster-api-key]]
+=== Update Cross-Cluster API key API
+
+++++
+<titleabbrev>Update Cross-Cluster API key</titleabbrev>
+++++
+
+TODO: Placeholder
diff --git a/x-pack/plugin/build.gradle b/x-pack/plugin/build.gradle
@@ -70,6 +70,7 @@ if (BuildParams.isSnapshotBuild() == false) {
   // cross_cluster_search privilege is only available when untrusted_remote_cluster_feature_flag_registered is enabled
   // which requires snapshot build
   restTestBlacklist.add('privileges/11_builtin/Test get builtin privileges')
+  restTestBlacklist.add('api_key/50_cross_cluster/*')
 }
 
 tasks.named("yamlRestTest").configure {

diff --git a/...eges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java b/...eges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java
@@ -7,6 +7,7 @@
 
 package org.elasticsearch.xpack.security.operator;
 
+import org.elasticsearch.cluster.metadata.DataLifecycle;
 import org.elasticsearch.transport.TcpTransport;
 
 import java.util.Objects;
@@ -108,7 +109,6 @@ public class Constants {
         "cluster:admin/xpack/application/search_application/list",
         "cluster:admin/xpack/application/search_application/put",
         "cluster:admin/xpack/application/search_application/render_query",
-        "cluster:admin/xpack/application/search_application/search",
         "cluster:admin/xpack/ccr/auto_follow_pattern/activate",
         "cluster:admin/xpack/ccr/auto_follow_pattern/delete",
         "cluster:admin/xpack/ccr/auto_follow_pattern/get",
@@ -289,6 +289,7 @@ public class Constants {
         "cluster:monitor/nodes/info",
         "cluster:monitor/nodes/stats",
         "cluster:monitor/nodes/usage",
+        "cluster:monitor/profiling/status/get",
         "cluster:monitor/remote/info",
         "cluster:monitor/settings",
         "cluster:monitor/state",
@@ -410,10 +411,10 @@ public class Constants {
         "indices:admin/data_stream/migrate",
         "indices:admin/data_stream/modify",
         "indices:admin/data_stream/promote",
-        "indices:admin/dlm/delete",
-        "indices:admin/dlm/get",
-        "indices:admin/dlm/put",
-        "indices:admin/dlm/explain",
+        DataLifecycle.isEnabled() ? "indices:admin/dlm/delete" : null,
+        DataLifecycle.isEnabled() ? "indices:admin/dlm/get" : null,
+        DataLifecycle.isEnabled() ? "indices:admin/dlm/put" : null,
+        DataLifecycle.isEnabled() ? "indices:admin/dlm/explain" : null,
         "indices:admin/delete",
         "indices:admin/flush",
         "indices:admin/flush[s]",
@@ -485,6 +486,7 @@ public class Constants {
         "indices:data/read/sql/translate",
         "indices:data/read/sql/async/get", // org.elasticsearch.xpack.core.sql.SqlAsyncActionNames.SQL_ASYNC_GET_RESULT_ACTION_NAME
         "indices:data/read/tv",
+        "indices:data/read/xpack/application/search_application/search",
         "indices:data/read/xpack/ccr/shard_changes",
         "indices:data/read/xpack/enrich/coordinate_lookups",
         "indices:data/read/xpack/graph/explore",

diff --git a/...src/javaRestTest/java/org/elasticsearch/xpack/security/operator/OperatorPrivilegesIT.java b/...src/javaRestTest/java/org/elasticsearch/xpack/security/operator/OperatorPrivilegesIT.java
@@ -94,7 +94,6 @@ public void testOperatorUserCanCallNonOperatorOnlyApi() throws IOException {
         client().performRequest(mainRequest);
     }
 
-    @AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/96105")
     @SuppressWarnings("unchecked")
     public void testEveryActionIsEitherOperatorOnlyOrNonOperator() throws IOException {
         final String message = "An action should be declared to be either operator-only in ["