* Improve message about insecure S3 settings
Clarifies that insecure settings are stored in plaintext and must not be
used. Also removes the mention of the (wrong) system property from the
error message if insecure settings are not permitted.
Backport of #116915 to `7.17`
* CI poke
* Flush response stream in `Ec2DiscoveryTests` (#114101)
This is apparently necessary when running with JDK23. Also cleans up
some warnings in the same test suite.
Closes#114088Closes#114089Closes#114090
* Revert for compat
Fix incompatibility with 8.8 and our internal api usages
- Update ospackage to a version that contains a fix we provided
- Tweak build logic to avoid deprecation warnings
- Use newer permission api
- Use custom shadowplugin
- Rework ElasticsearchDistribution dependencies resolution
- Update Gradle wrapper to 8.8
- Fix one more deprecated permission api usage
- Fix DistroTest dependencies
- Fix permissions in package init.d folder
Updating repository-hdfs, repository-gcs, and vector-tile to all use the same more recent protobuf.
Co-authored-by: Keith Massey <keith.massey@elastic.co>
removed tiny issue on build script that seems like an oversight and doesn't do anything at all
(cherry picked from commit c15f727f2d)
# Conflicts:
# x-pack/plugin/ent-search/build.gradle
Reworking forbiddenApis check to use gradle worker api exposed a bug in
how we resolve krb5kdc keytab information. This fixes the depenendency to krb5kdc keytab configuration and
its builtBy task.
This also changes the usage of krb5kdc keytab files to be passed directly to task classpath as
they are only required at runtime and directly having them as part of javaRestTestRuntimeOnly would mean precommit
requires krb5kdc compose up which we definitely not want
(cherry picked from commit ab0bb4889a)
This commit bumps the follow dependency version for the ingest attachment plugin:
tika-core 1.27 -> 1.28.5
tika-parsers 1.27 -> 1.28.5
commons-io 2.6 -> 2.11
fontbox 2.0.24 -> 2.0.26
poi 4.1.2 -> 5.2.2
poi-ooxml 4.1.2 -> 5.2.2
and poi-/ooxml-schemas is now poi-ooxml-lite and is using 5.2.2
(see poi.apache.org/changes.html)
xmlbeans 3.0.1 -> 5.0.3
These versions were chosen from one of the following POM files:
repo1.maven.org/maven2/org/apache/tika/tika-parent/1.28.5/tika-parent-1.28.5.pom
repo1.maven.org/maven2/org/apache/tika/tika-parsers/1.28.5/tika-parsers-1.28.5.pom
repo1.maven.org/maven2/org/apache/tika/tika-core/1.28.5/tika-core-1.28.5.pom
repo1.maven.org/maven2/org/apache/poi/poi-ooxml-lite/5.2.2/poi-ooxml-lite-5.2.2.pom
This commit syncs the dependencies for discovery GCE plugin with the dependency versions in use in main.
Specifically, this commit upgrades the following for the discovery GCE plugin:
com.google.apis:google-api-services-compute:v1-rev160-1.23.0 -> v1-rev20220322-1.32
com.google.api-client:google-api-client:1.23.0 -> 1.33.1
com.google.oauth-client:google-oauth-client:1.23.0 -> 1.34.1
com.google.code.findbugs:jsr305:1.3.9 -> 3.0.2
and introduces the following for the discovery GCE plugin:
api "com.fasterxml.jackson.core:jackson-core:${versions.jackson}"
api "com.google.http-client:google-http-client-gson:1.41.1"
runtimeOnly 'com.google.guava:guava:32.0.1-jre'
runtimeOnly 'com.google.guava:failureaccess:1.0.1'
api 'io.opencensus:opencensus-api:0.30.0'
api 'io.opencensus:opencensus-contrib-http-util:0.30.0'
api 'io.grpc:grpc-context:1.27.2'
backport of #85132 and #91722
This commit upgrades the non-FIPS jars to the lastest available versions for 7.17.
Bouncy Castle slightly changed their naming as evident by bouncycastle.org/latest_releases.html
They no longer maintain a jdk15on library and instead use strategy for [1.5->1.8) and [1.8 -> ). This commit
adopts the jdk18on libraries with the latest version.
related: #100923
This PR upgrades the version of reactor-netty-http library to the latest v1.0.39 version
and its transitive dependencies reactor-core to v3.4.34 and reactor-netty-core to v1.0.39.
Backport of #102311
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Update gradle wrapper to 8.3 (#97838)
Gradle now fully supports compiling, testing and running on Java 20.
Among other general performance improvements this release introduces --test-dry-run command line option that allows checking if tests are filtered or not by gradle.
Required updating nebula ospackage plugin as setuid was broken in gradle 8.3.
(cherry picked from commit b23e000c30)
# Conflicts:
# build-tools-internal/src/integTest/groovy/org/elasticsearch/gradle/internal/test/rest/LegacyYamlRestCompatTestPluginFuncTest.groovy
# build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/ElasticsearchJavaModulePathPlugin.java
# build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/test/rest/compat/compat/AbstractYamlRestCompatTestPlugin.java
# build-tools-internal/src/main/resources/minimumGradleVersion
# gradle/verification-metadata.xml
# gradle/wrapper/gradle-wrapper.jar
# gradlew
# x-pack/plugin/watcher/qa/with-monitoring/src/javaRestTest/java/org/elasticsearch/smoketest/MonitoringWithWatcherRestIT.java
* [7.17] Use patched nebula os package gradle plugin
* Update testingconvention precommit integ test
* Update Gradle Wrapper to 8.2 (#96686)
- Convention usage has been deprecated and was fixed in our build files
- Fix test dependencies and deprecation
This is a backport of multiple work items related to authentication enhancements for HTTP,
which were originally merged in the 8.8 - 8.9 releases.
Hence, the HTTP (only the netty4-based implementation (default), not the NIO one) authentication
implementation gets a throughput boost (especially for requests failing authn).
Relates to: ES-6188 #92220#95112
* Update Guava dependency version to 32.0.1-jre
* Fix dependencies
* Remove direct dependencies on guava ver.31
* Revert "Remove direct dependencies on guava ver.31"
This reverts commit 1e90a271c2.
The issue with this test failure is actually that we were silently
failing to install the plugin under test into the cluster. The root
cause here was the FIPS security policy file was not copied into cluster
config directory before we attempting to run the plugin installer. Since
we pass the FIPS JVM arguments to all CLI tools as well this caused
plugin installation to fail. We now ensure that these files are copied
before we attempt to run _any_ ES tools.
Closes https://github.com/elastic/elasticsearch/issues/93303
Upgrade to the latest version of the SDK that doesn't have known CVEs
and builds w/o complaining. Since 2.2.0 the automatic retry behaviour
has changed and the old behaviour can still be used as
LegacyStorageRetryStrategy. The default retry strategy would cause some
test failures, and therefore we'd need to explicitly set a retry
strategy.
Relates #92474
This commit adds a new test framework for configuring and orchestrating
test clusters for both Java and YAML REST testing. This will eventually
replace the existing "test-clusters" Gradle plugin and the build-time
cluster orchestration.
* Fix TestResultProcessor api changes
* Fix inputs for generateProviderManifest
* Ignore tests for now until gradle has fixed reporting issue
* Fix dependency substitution in example plugins build
* Use right java bin path on windows
* Add hint to task onlyif when no docker is available
Today if the GCS credentials file setting is invalid we report some kind
of JSON parsing error but it's not clear what JSON is being parsed so
the error is hard to track down. This commit adds the problematic
setting name to the exception message.
