Resolve/cluster allows querying for cluster info only (no index expression required) #119898
Conversation
quux00
added
>enhancement
auto-backport
|
Pinging @elastic/es-search-foundations (Team:Search Foundations) |
|
Hi @quux00, I've created a changelog YAML for you. |
.../main/java/org/elasticsearch/action/admin/indices/resolve/TransportResolveClusterAction.java
Outdated
Show resolved
Hide resolved
server/src/main/java/org/elasticsearch/rest/action/admin/indices/RestResolveClusterAction.java
Show resolved
Hide resolved
...rc/main/java/org/elasticsearch/action/admin/indices/resolve/ResolveClusterActionRequest.java
Outdated
Show resolved
Hide resolved
...rc/main/java/org/elasticsearch/action/admin/indices/resolve/ResolveClusterActionRequest.java
Outdated
Show resolved
Hide resolved
server/src/main/java/org/elasticsearch/transport/RemoteClusterService.java
Outdated
Show resolved
Hide resolved
.../main/java/org/elasticsearch/action/admin/indices/resolve/TransportResolveClusterAction.java
Show resolved
Hide resolved
.../main/java/org/elasticsearch/action/admin/indices/resolve/TransportResolveClusterAction.java
Outdated
Show resolved
Hide resolved
quux00
force-pushed
the
resolve-cluster/cluster-info-only
branch
2 times, most recently
from
05284eb to
5386ee3
Compare
…ssion required)
This enhancement provides users with the ability to query the _resolve/cluster API endpoint without specifying
an index expression to match against. This allows users to quickly test what remote clusters are configured on
a cluster and whether they are available for querying.
This new endpoint works with clusters from older versions.
The new endpoint takes no index expression:
```
GET _resolve/cluster
```
and returns the same information as before except for the "matching_indices" field. Example response:
```
{
"remote1": {
"connected": false,
"skip_unavailable": true
},
"remote2": {
"connected": true,
"skip_unavailable": false,
"version": {
"number": "8.17.0",
"build_flavor": "default",
"minimum_wire_compatibility_version": "7.17.0",
"minimum_index_compatibility_version": "7.0.0"
}
}
}
```
…ng older clusters; updated end user docs
quux00
force-pushed
the
resolve-cluster/cluster-info-only
branch
from
5386ee3 to
46a7f28
Compare
| // Whether this request is being processed on the primary ("local") cluster being queried or on a remote. | ||
| // This is needed when clusterInfoOnly=true since we need to know whether to list out all possible remotes | ||
| // on a node. (We don't want cross-cluster chaining on remotes that might be configured with their own remotes.) | ||
| private final boolean isQueryingCluster; |
There was a problem hiding this comment.
I'd name it as something like queryRemotes, since the ultimate goal of this variable is not to identify the querying cluster but to define whether or not remotes should be queried.
There was a problem hiding this comment.
No, that's not correct. This variable is intended to specify where the request is being processed on the querying cluster (which should forward it to configured remotes) or remotes (where it should not forward to configured remotes, since we don't support cross-cluster chaining).
| @@ -73,6 +82,13 @@ public ResolveClusterActionRequest(StreamInput in) throws IOException { | |||
| this.names = in.readStringArray(); | |||
| this.indicesOptions = IndicesOptions.readIndicesOptions(in); | |||
| this.localIndicesRequested = localIndicesPresent(names); | |||
| if (in.getTransportVersion().onOrAfter(TransportVersions.RESOLVE_CLUSTER_NO_INDEX_EXPRESSION)) { | |||
| this.clusterInfoOnly = in.readBoolean(); | |||
| this.isQueryingCluster = in.readBoolean(); | |||
There was a problem hiding this comment.
I wonder though - is there any case where we get this over the wire and it's not false? I mean, it is true on querying cluster, but querying cluster does not get it over the wire, does it? And the only cluster which does get it over the wire is the remote cluster, which must always make this false. If so, is there any point in serializing this flag at all?
There was a problem hiding this comment.
is there any point in serializing this flag at all?
Yes, the cluster receiving this request needs to know whether it is the primary cluster or a remote cluster that should not do additional remote cluster lookups (cross-cluster chaining). See the first part ofTransportResolveClusterAction.doExecuteForked.
is there any case where we get this over the wire and it's not false?
If there was ever a case where a node could forward the request to a coordinating node on the same cluster it would be true. Not sure that happens, but I'd rather not have to worry about edge cases and just follow the general pattern.
| assertOK(response2); | ||
|
|
||
| Map<String, Object> responseMap2 = responseAsMap(response2); | ||
| System.err.println(">>> responseMap2: " + responseMap2); |
There was a problem hiding this comment.
Should this still be here?
There was a problem hiding this comment.
Probably got left over after a debugging session. 😆
There was a problem hiding this comment.
Thanks. Fixed in next push.
| assertNotNull(remoteClusterResponse.get("version")); | ||
| } | ||
| // { | ||
| // // TEST CASE 12: Resolution against wildcarded remote cluster expression that matches no remotes |
There was a problem hiding this comment.
Why this is commented out? If it's waiting for some other patch or development, it probably should be specified what it is waiting for.
There was a problem hiding this comment.
Yeah, I'll add a code comment.
While my code change in this PR fixes the GET _resolve/cluster/*nosuchcluster:foo problem (where it no longer queries the local cluster instead, even though that is clearly NOT what was asked for) for unsecured clusters, the security layer resolution still hits this problem because it has it's own index resolution pathways :-(
So I plan to figure that out in a follow-on PR and left this test as a reminder that needs doing.
|
LGTM in general, some nitpicks. |
.../main/java/org/elasticsearch/action/admin/indices/resolve/TransportResolveClusterAction.java
Outdated
Show resolved
Hide resolved
| * ElasticsearchSecurityException you can't tell whether the remote cluster is available or not, so mark | ||
| * it as connected=false | ||
| */ | ||
| resolveClusterInfo = new ResolveClusterInfo(false, skipUnavailable, ese.getMessage()); |
There was a problem hiding this comment.
++ on treating security exception as not connected.
| * just "*" since that could be an expensive operation on clusters with thousands of indices/aliases/datastreams | ||
| */ | ||
| String[] dummyIndexExpr = new String[] { DUMMY_INDEX_FOR_OLDER_CLUSTERS }; | ||
| remoteClusterIndices = remoteClusterService.groupIndices(request.indicesOptions(), dummyIndexExpr, false); |
There was a problem hiding this comment.
Depending on the request.indicesOptions(), this may result in security exception or index not found.
allow_no_indices=false-> results inIndexNotFoundExceptionexpand_wildcards=none-> will results inElasticsearchSecurityExceptionif user does not have privileges fordummy*index, becausedummy*is now treated as an index name and not expression
Meaning, the response of these calls will differ:
GET _resolve/cluster?allow_no_indices=true&expand_wildcards=noneGET _resolve/cluster?allow_no_indices=false&expand_wildcards=allGET _resolve/cluster
This is not new behaviour and I'm not sure if this is relevant for this API, but just wanted to raise it since I did not see integration tests that pass any of the indices options.
There was a problem hiding this comment.
Thanks very much for flagging this. I think I'll adjust the impl based on that and add some tests.
…info-only API variant
| if (request.hasParam("ignore_throttled")) { | ||
| indexOptions.add("ignore_throttled"); | ||
| } | ||
| return indexOptions; |
There was a problem hiding this comment.
drive-by comment: do we need to add these to a set?
There was a problem hiding this comment.
Sure. I'll add that in the next push.
💚 Backport successful
|
…ssion required) (elastic#119898) Resolve/cluster allows querying for cluster-info-only (no index expression required) This enhancement provides users with the ability to query the _resolve/cluster API endpoint without specifying an index expression to match against. This allows users to quickly test what remote clusters are configured on a cluster and whether they are available for querying. The new endpoint takes no index expression: ``` GET _resolve/cluster ``` and returns the same information as before except for the "matching_indices" field. Example response: ``` { "remote1": { "connected": false, "skip_unavailable": true }, "remote2": { "connected": true, "skip_unavailable": false, "version": { "number": "8.17.0", "build_flavor": "default", "minimum_wire_compatibility_version": "7.17.0", "minimum_index_compatibility_version": "7.0.0" } } } ``` For backwards compatibility, this new endpoint works with clusters from older versions by querying with the index expression `dummy*` on those older clusters and ignoring the matching_indices value in the response they return.
…ssion required) (#119898) (#120650) Resolve/cluster allows querying for cluster-info-only (no index expression required) This enhancement provides users with the ability to query the _resolve/cluster API endpoint without specifying an index expression to match against. This allows users to quickly test what remote clusters are configured on a cluster and whether they are available for querying. The new endpoint takes no index expression: ``` GET _resolve/cluster ``` and returns the same information as before except for the "matching_indices" field. Example response: ``` { "remote1": { "connected": false, "skip_unavailable": true }, "remote2": { "connected": true, "skip_unavailable": false, "version": { "number": "8.17.0", "build_flavor": "default", "minimum_wire_compatibility_version": "7.17.0", "minimum_index_compatibility_version": "7.0.0" } } } ``` For backwards compatibility, this new endpoint works with clusters from older versions by querying with the index expression `dummy*` on those older clusters and ignoring the matching_indices value in the response they return.
Resolve/cluster allows querying for cluster-info-only (no index expression required)
This enhancement provides users with the ability to query the _resolve/cluster API endpoint without specifying
an index expression to match against. This allows users to quickly test what remote clusters are configured on
a cluster and whether they are available for querying.
This new endpoint works with clusters from older versions by querying with the index expression
dummy*on those older clusters.The new endpoint takes no index expression:
and returns the same information as before except for the "matching_indices" field. Example response: