Merge remote-tracking branch 'es/master' into enrich

docs/java-rest/high-level/ml/put-data-frame-analytics.asciidoc

@@ -75,25 +75,45 @@ include-tagged::{doc-tests-file}[{api}-dest-config]
 ==== Analysis
 
 The analysis to be performed.
-Currently, only one analysis is supported: +OutlierDetection+.
+Currently, the supported analyses include : +OutlierDetection+, +Regression+.
+
+===== Outlier Detection
 
 +OutlierDetection+ analysis can be created in one of two ways:
 
 ["source","java",subs="attributes,callouts,macros"]
 --------------------------------------------------
-include-tagged::{doc-tests-file}[{api}-analysis-default]
+include-tagged::{doc-tests-file}[{api}-outlier-detection-default]
 --------------------------------------------------
 <1> Constructing a new OutlierDetection object with default strategy to determine outliers
 
 or
 ["source","java",subs="attributes,callouts,macros"]
 --------------------------------------------------
-include-tagged::{doc-tests-file}[{api}-analysis-customized]
+include-tagged::{doc-tests-file}[{api}-outlier-detection-customized]
 --------------------------------------------------
 <1> Constructing a new OutlierDetection object
 <2> The method used to perform the analysis
 <3> Number of neighbors taken into account during analysis
 
+===== Regression
+
++Regression+ analysis requires to set which is the +dependent_variable+ and
+has a number of other optional parameters:
+
+["source","java",subs="attributes,callouts,macros"]
+--------------------------------------------------
+include-tagged::{doc-tests-file}[{api}-regression]
+--------------------------------------------------
+<1> Constructing a new Regression builder object with the required dependent variable
+<2> The lambda regularization parameter. A non-negative double.
+<3> The gamma regularization parameter. A non-negative double.
+<4> The applied shrinkage. A double in [0.001, 1].
+<5> The maximum number of trees the forest is allowed to contain. An integer in [1, 2000].
+<6> The fraction of features which will be used when selecting a random bag for each candidate split. A double in (0, 1].
+<7> The name of the prediction field in the results object.
+<8> The percentage of training-eligible rows to be used in training. Defaults to 100%.
+
 ==== Analyzed fields
 
 FetchContext object containing fields to be included in / excluded from the analysis
@@ -113,4 +133,4 @@ The returned +{response}+ contains the newly created {dataframe-analytics-config
 ["source","java",subs="attributes,callouts,macros"]
 --------------------------------------------------
 include-tagged::{doc-tests-file}[{api}-response]
---------------------------------------------------
+--------------------------------------------------

docs/java-rest/high-level/security/delegate-pki-authentication.asciidoc

@@ -0,0 +1,62 @@
+--
+:api: delegate-pki
+:request: DelegatePkiAuthenticationRequest
+:response: DelegatePkiAuthenticationResponse
+--
+
+[id="{upid}-{api}"]
+=== Delegate PKI Authentication API
+
+This API is called by *smart* proxies to Elasticsearch, such as Kibana, that
+terminate the user's TLS session but that still wish to authenticate the user
+on the Elasticsearch side using a PKI realm, which normally requires users to
+authenticate over TLS directly to Elasticsearch. It implements the exchange of
+the client's {@code X509Certificate} chain from the TLS authentication into an
+Elasticsearch access token.
+
+IMPORTANT: The association between the subject public key in the target
+certificate and the corresponding private key is *not* validated. This is part
+of the TLS authentication process and it is delegated to the proxy calling this
+API. The proxy is *trusted* to have performed the TLS authentication, and this
+API translates that authentication into an Elasticsearch access token.
+
+[id="{upid}-{api}-request"]
+==== Delegate PKI Authentication Request
+
+The request contains the client's {@code X509Certificate} chain. The
+certificate chain is represented as a list where the first element is the
+target certificate containing the subject distinguished name that is requesting
+access. This may be followed by additional certificates, with each subsequent
+certificate being the one used to certify the previous one. The certificate
+chain is validated according to RFC 5280, by sequentially considering the trust
+configuration of every installed {@code PkiRealm} that has {@code
+PkiRealmSettings#DELEGATION_ENABLED_SETTING} set to {@code true} (default is
+{@code false}). A successfully trusted target certificate is also subject to
+the validation of the subject distinguished name according to that respective's
+realm {@code PkiRealmSettings#USERNAME_PATTERN_SETTING}.
+
+["source","java",subs="attributes,callouts,macros"]
+--------------------------------------------------
+include-tagged::{doc-tests}/SecurityDocumentationIT.java[delegate-pki-request]
+--------------------------------------------------
+
+include::../execution.asciidoc[]
+
+[id="{upid}-{api}-response"]
+==== Delegate PKI Authentication Response
+
+The returned +{response}+ contains the following properties:
+
+`accessToken`:: This is the newly created access token.
+   It can be used to authenticate to the Elasticsearch cluster.
+`type`:: The type of the token, this is always `"Bearer"`.
+`expiresIn`:: The length of time (in seconds) until the token will expire.
+   The token will be considered invalid after that time.
+
+["source","java",subs="attributes,callouts,macros"]
+--------------------------------------------------
+include-tagged::{doc-tests}/SecurityDocumentationIT.java[delegate-pki-response]
+--------------------------------------------------
+<1> The `accessToken` can be used to authentication to Elasticsearch.
+
+

docs/java-rest/high-level/security/get-api-key.asciidoc

@@ -21,6 +21,8 @@ The +{request}+ supports retrieving API key information for
 
 . All API keys for a specific user in a specific realm
 
+. A specific key or all API keys owned by the current authenticated user
+
 ===== Retrieve a specific API key by its id
 ["source","java",subs="attributes,callouts,macros"]
 --------------------------------------------------
@@ -51,6 +53,12 @@ include-tagged::{doc-tests-file}[get-user-api-keys-request]
 include-tagged::{doc-tests-file}[get-user-realm-api-keys-request]
 --------------------------------------------------
 
+===== Retrieve all API keys for the current authenticated user
+["source","java",subs="attributes,callouts,macros"]
+--------------------------------------------------
+include-tagged::{doc-tests-file}[get-api-keys-owned-by-authenticated-user-request]
+--------------------------------------------------
+
 include::../execution.asciidoc[]
 
 [id="{upid}-{api}-response"]

docs/java-rest/high-level/security/invalidate-api-key.asciidoc

@@ -21,6 +21,8 @@ The +{request}+ supports invalidating
 
 . All API keys for a specific user in a specific realm
 
+. A specific key or all API keys owned by the current authenticated user
+
 ===== Specific API key by API key id
 ["source","java",subs="attributes,callouts,macros"]
 --------------------------------------------------
@@ -51,6 +53,12 @@ include-tagged::{doc-tests-file}[invalidate-user-api-keys-request]
 include-tagged::{doc-tests-file}[invalidate-user-realm-api-keys-request]
 --------------------------------------------------
 
+===== Retrieve all API keys for the current authenticated user
+["source","java",subs="attributes,callouts,macros"]
+--------------------------------------------------
+include-tagged::{doc-tests-file}[invalidate-api-keys-owned-by-authenticated-user-request]
+--------------------------------------------------
+
 include::../execution.asciidoc[]
 
 [id="{upid}-{api}-response"]