* Fix ExceptionSerializationTests to use getCodeSource instead of getResource.
Using getResource makes this sensitive to unrelated classpath entries,
such as the entitlement bridge library, that get prepended to the classpath.
* FIx logging tests to use org.elasticsearch.index instead of root logger.
Using the root logger makes this sensitive to unrelated
logging, such as from the entitlement library.
* Fix entitlement error message by stashing the module name in ModuleEntitlements.
Taking the actual module name from the class doesn't work in tests,
where those classes are loaded from the classpath and so their module
info is misleading.
* Ignore server locations whose representative class isn't loaded
* Partial initial implementation
* System properties: testOnlyClasspath and enableForTests
* Trivially allow some packages
* DEBUG: use TreeMap in TestScopeResolver for readability
* Special case bouncycastle for security plugin
* Add CONFIG to TestPathLookup
* Add the classpath to the source path list for every plugin
* Add @WithoutEntitlements to tests that run ES nodes
* Set es.entitlement.enableForTests for all libs
* Use @WithoutEntitlements on ingest plugin tests
* Substitute ALL-UNNAMED for module name in non-modular plugins
* Add missing entitlements found by unit tests
* Comment in TestScopeResolver
* Properly compute bridge jar location for patch-module
* Call out nonServerLibs
* Don't build two TestPathLookups
* More comments for meta-tests
* Remove redundant dependencies for bridgeJarConfig.
These are alread set in ElasticsearchJavaBasePlugin.
* Add bridge+agent dependencies only if those exist.
For serverless, those project dependencies don't exist, and we'll need
to add the dependencies differently, using Maven coordinates.
* [CI] Auto commit changes from spotless
* Pass testOnlyPath in environment instead of command line.
It's typically a very very long string, which made Windows angry.
* [CI] Auto commit changes from spotless
* Split testOnlyPathString at File.pathSeparator
* Use doFirst to delay setting testOnlyPath env var
* Trivially allow jimfs (??)
* Don't enforce entitlements on internalClusterTest for now
* Replace forbidden APIs
* Match testOnlyClasspath using URI instead of String.
We already get the "needle" in the form of a URI, so this skips
a step, and has the benefit of also working on Windows.
* [CI] Auto commit changes from spotless
* More forbidden APIs
* Disable configuration cache for LegacyYamlRestTestPluginFuncTest
* Strip carriage-return characters in expected output for ReleaseNotesGeneratorTest.
The template generator also strips these, so we need to do so to make this pass
on Windows.
Note that we use replace("\r", "") where the template generator uses
replace("\\r", ""). The latter didn't work for me when I tried it on Windows,
for reasons I'm not aware of.
* Move configureEntitlements to ElasticsearchTestBasePlugin as-is
* Use matching instead of if
* Remove requireNonNull
* Remove default configuration
* Set inputs instead of dependencies
* Use test.systemProperty
* Respond to PR comments
* Disable entitlement enforcement for ScopedSettingsTests.
This test works by altering the logging on the root logger.
With entitlements enabled, that will cause additional log statements to appear,
which interferes with the test.
* Address PR comments
* Moritz's configureJavaBaseModuleOptions
* Allow for entitlements not yet enforced in serverless
* fix entitlementBridge config after rename
* drop empty file collections
* Remove workaround in LegacyYamlRestTestPluginFuncTest
---------
Co-authored-by: elasticsearchmachine <infra-root+elasticsearchmachine@elastic.co>
Co-authored-by: Lorenzo Dematté <lorenzo.dematte@elastic.co>
Co-authored-by: Moritz Mack <mmack@apache.org>
Newlines are system dependent. The release notes generator uses groovy's
template engine, which produces system dependent newlines. This commit
adjusts the test to account for newlines on both windows and nix
systems.
This brings in the fixes from #130020, with minor fixes to address review
nits from that PR.
Co-authored-by: Martijn van Groningen <martijn.v.groningen@gmail.com>
* Add new option to allow full delegation of tests to gradle in IntelliJ plus docs
* Update CONTRIBUTING.md
Co-authored-by: Rene Groeschke <rene@breskeby.com>
* Update CONTRIBUTING.md
Fix typo in settings file name in docs
---------
Co-authored-by: Rene Groeschke <rene@breskeby.com>
This PR adds project-id to both SnapshotDeletionsInProgress and
RepositoryCleanupInProgress so that they become project aware. Note that
making service code to configure and use the project-id accordingly will
be worked on separately.
Resolves: ES-11380 Relates: #125470
* Delegated authorization using Microsoft Graph (SDK)
---------
Co-authored-by: elasticsearchmachine <infra-root+elasticsearchmachine@elastic.co>
Co-authored-by: Johannes Freden Jansson <johannes.freden@elastic.co>
Co-authored-by: Johannes Fredén <109296772+jfreden@users.noreply.github.com>
We created a new ":Distributed Indexing/Searchable Snapshots" label recently on Github, so I think it makes sense to also have a "Searchable Snapshots" label in the changelog. It also makes sense since there is automatic changelog generation based on the pull request label.
* improve support for bytecode patching signed jars
* Update docs/changelog/128613.yaml
---------
Co-authored-by: elasticsearchmachine <infra-root+elasticsearchmachine@elastic.co>
Co-authored-by: Johannes Freden Jansson <johannes.freden@elastic.co>
This ensures we package an aggregation zip with all artifacts we want to publish to maven central as part of a release.
Running zipAggregation will produce a zip file in the build/nmcp/zip folder. The content of this zip is meant to match the maven artifacts we have currently declared as dra maven artifacts.
Since our unit and IT tests run as unnamed modules we should add `--enable-native-access=ALL-UNNAMED` to suppress the pesky warning that arise from calls to `System::load`.
Restructures docker files for docker distributions
- Put Dockerfiles in specific distro specific folders keeping "Dockerfile" naming convention
- Allows better ide support
- Allows easier renovate integration
- Explicitly set base image in dockerfile
- simplify renovate configuration
- Cleanup DockerBase file to not contain ess fips base image information
This lives now in the Dockerfile content directly
* Workaround docker test issue
* Fix labels for fips image
This builds the infrastructure to disable spotless and some checkstyle
rules on generated imports. This works around the most frustrating part
of ESQL's string template generated files - the imports. It allows
unused and out of order imports. This can let us remove a lot of
cumbersome, tricky, and fairly useless `$if$` blocks from the templates.
This commit upgrades to Lucene 10.2.1 (from a previous 10.2.1-SNAPSHOT).
Given that we're on a snapshot, there are a few things to note:
* No index version update is necessary, we already have IndexVersions.UPGRADE_TO_LUCENE_10_2_1, and there are no format changes in the final non-snapshot release.
We document support for snapshot repositories using `ftp://` URLs but it
seems this functionality has not worked for many years because of
security-manager restrictions, although nobody noticed because it was
not covered by any tests. The migration to the Entitlements framework
means that this functionality now works again, so this commit adds tests
to make sure we do not break it again in future.
AWS SDK v2 has a bug (aws/aws-sdk-java-v2#5968) where PathResolver uses locale-dependent formatting.
This PR adds a patcher to the discovery-ec2 build process to replace calls to String.format(<format>, <args>) with String.format(Locale.ROOT, <format>, <args>).
Relates to ES-11279
Patchers transform specific classes in some "broken" dependencies to ensure they behave correctly (fixing a bug, disabling some undesired or dangerous behaviour, updating calls to deprecated or removed method overloads).
If we upgrade one of the dependencies we patch, we have a concerns that the patchers may not work against the classes in the new version.
This PR addresses this concern by introducing a check on the SHA256 digest of the class, to ensure we are operating on the same bytes the patcher was designed for; if the digest changes that means the class has been changed (e.g. for a dependency update). If that happens, we break the build process with a specific error, so we can double check that the patchers still work against the new classes.
Extracted from #126326
Relates to ES-11279
This addresses feedback we got for our default image at https://github.com/docker-library/official-images/pull/18692
This also introduces separate docker source files to make maintaining those easier.
We cannot take over all suggested changes as we require certain settings to have our packaging tests pass as expected.
In the unexpected case that Elasticsearch dies due to a segfault or
other similar native issue, a core dump is useful in diagnosing the
problem. Yet core dumps are written to the working directory, which is
read-only for most installations of Elasticsearch. This commit changes
the working directory to the logs dir which should always be writeable.
This PR contains the following updates:
| Package | Update | Change | |---|---|---| |
docker.elastic.co/wolfi/chainguard-base-fips | pinDigest | -> `ebfc3f1`
|
---
### Configuration
📅 **Schedule**: Branch creation - "after 1pm on tuesday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once
you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyI6RGVsaXZlcnkvUGFja2FnaW5nIiwiPm5vbi1pc3N1ZSIsIlRlYW06RGVsaXZlcnkiLCJhdXRvLW1lcmdlLXdpdGhvdXQtYXBwcm92YWwiXX0=-->
This PR contains the following updates:
| Package | Update | Change | |---|---|---| |
docker.elastic.co/wolfi/chainguard-base | digest | `c4e10ec` ->
`29150cd` |
---
### Configuration
📅 **Schedule**: Branch creation - "after 1pm on tuesday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once
you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyI6RGVsaXZlcnkvUGFja2FnaW5nIiwiPm5vbi1pc3N1ZSIsIlRlYW06RGVsaXZlcnkiLCJhdXRvLW1lcmdlLXdpdGhvdXQtYXBwcm92YWwiXX0=-->
Patrick Doyle
Ryan Ernst
Jordan Powers
elasticsearchmachine
Benjamin Trent
Rene Groeschke
Chris Hegarty
Luke Whiting
Yang Wang
Moritz Mack
Richard Dennehy
Tanguy Leroux
Brian Seeders
Nik Everett
David Turner
Julio
Lorenzo Dematté
Ignacio Vera
elastic-renovate-prod[bot]
Joe Gallo
Mark Vieira