elastic-enterprise-search 8.5.0 → 8.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 370baa568c7b78d3fa58a0c322732c106163b3f91845841287b968966ca70717
-  data.tar.gz: 76108e767bc9e72f6ca6c981629f69a8c9e99106b07dc460761aaf089be4c86a
+  metadata.gz: 39e7df6602a80c776dda6da6ca3bc760170d0f7cee394e5e9ab805093851f054
+  data.tar.gz: 06be17689a9957f56f41a5547f1a475d30b6f7ae2db0771b3a9becd5f1cdb9b2
 SHA512:
-  metadata.gz: 17ebc4758f08ae8a5e198d02fa45016525f080d8cc357b9a3b5ad82b2b208c89e5534e05f61e784cccc4ab4b9d30c79e6737845f52cd25bc1741ceff95bc893e
-  data.tar.gz: 0252bf54a1828983f1a8daac3ae4fb123a814aaa4f9d195df7284cea265542cb370242c71dd5fb9c2832f81650e5b17f3b58da8ae585fc08e5e7aff03881b7a3
+  metadata.gz: 36994506a1019e7a84134c9e2116e9299d6a14e9b1ef34b6044a63efaf4d587b7026c61b0d8edaecb59d1936f883b44593fb8df0ae4417544a0396d319f33aff
+  data.tar.gz: 50c34b6d1fb5d9671b568d464c5be690c924ace7c6e32e1daa7b703f0e1f75c259a34d47db8f5b572c816260f2ef2433b82f2623e31fd477e63c3b9cca25b722

data/.buildkite/Dockerfile

@@ -0,0 +1,13 @@
+ARG RUBY_VERSION=${RUBY_VERSION:-3.1}
+FROM ruby:$RUBY_VERSION
+
+ENV QUIET=true
+ENV CI=true
+
+# Install required tools
+RUN apt-get -q update && apt-get -y install zip curl
+
+WORKDIR /code/enterprise-search-ruby
+COPY . .
+
+RUN bundle install

data/.buildkite/certs/README.md

@@ -0,0 +1,50 @@
+# CI certificates
+
+This directory contains certificates that can be used to test against Elasticsearch in CI
+
+## Generating new certificates using the Certificate Authority cert and key
+
+The `ca.crt` and `ca.key` can be used to generate any other certificates that may be needed
+for CI. Perhaps the easiest way to do so is using 
+[`elasticsearch-certutil`](https://www.elastic.co/guide/en/elasticsearch/reference/current/certutil.html)
+
+Using the elasticsearch docker container, run the following from the `.ci/certs` directory
+
+```sh
+docker run \
+  -v "$PWD:/var/tmp" \
+  --rm docker.elastic.co/elasticsearch/elasticsearch:7.6.1 \
+  ./bin/elasticsearch-certutil cert \
+  --ca-cert /var/tmp/ca.crt --ca-key /var/tmp/ca.key --pem \
+  --out /var/tmp/bundle.zip
+```
+
+This will output a `bundle.zip` file containing a directory named `instance` containing 
+`instance.crt` and `instance.key` in PEM format.
+
+The CN Subject name can be changed using
+
+```sh
+docker run \
+  -v "$PWD:/var/tmp" \
+  --rm docker.elastic.co/elasticsearch/elasticsearch:7.6.1 \
+  ./bin/elasticsearch-certutil cert \
+  --ca-cert /var/tmp/ca.crt --ca-key /var/tmp/ca.key --pem \
+  --out /var/tmp/bundle.zip \
+  --name foo
+```
+
+The directory in `bundle.zip` will now be named `foo` and contain 
+`foo.crt` and `foo.key` in PEM format.
+
+Additional DNS and IP SAN entries can be added with `--dns` and `--ip`, respectively.
+
+```sh
+docker run \
+  -v "$PWD:/var/tmp" \
+  --rm docker.elastic.co/elasticsearch/elasticsearch:7.6.1 \
+  ./bin/elasticsearch-certutil cert \
+  --ca-cert /var/tmp/ca.crt --ca-key /var/tmp/ca.key --pem \
+  --out /var/tmp/bundle.zip \
+  --dns instance --dns localhost --dns es1 --ip 127.0.0.1 --ip ::1
+```

data/.buildkite/certs/ca.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIVAJQLm8V2LcaCTHUcoIfO+KL63nG3MA0GCSqGSIb3DQEB
+CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
+ZXJhdGVkIENBMB4XDTIwMDIyNjA1NTA1N1oXDTIzMDIyNTA1NTA1N1owNDEyMDAG
+A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYyajkPvGtUOE5M1OowQfB
+kWVrWjo1+LIxzgCeRHp0YztLtdVJ0sk2xoSrt2uZpxcPepdyOseLTjFJex1D2yCR
+AEniIqcFif4G72nDih2LlbhpUe/+/MTryj8ZTkFTzI+eMmbQi5FFMaH+kwufmdt/
+5/w8YazO18SxxJUlzMqzfNUrhM8vvvVdxgboU7PWhk28wZHCMHQovomHmzclhRpF
+N0FMktA98vHHeRjH19P7rNhifSd7hZzoH3H148HVAKoPgqnZ6vW2O2YfAWOP6ulq
+cyszr57p8fS9B2wSdlWW7nVHU1JuKcYD67CxbBS23BeGFgCj4tiNrmxO8S5Yf85v
+AgMBAAGjUzBRMB0GA1UdDgQWBBSWAlip9eoPmnG4p4OFZeOUBlAbNDAfBgNVHSME
+GDAWgBSWAlip9eoPmnG4p4OFZeOUBlAbNDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQA19qqrMTWl7YyId+LR/QIHDrP4jfxmrEELrAL58q5Epc1k
+XxZLzOBSXoBfBrPdv+3XklWqXrZjKWfdkux0Xmjnl4qul+srrZDLJVZG3I7IrITh
+AmQUmL9MuPiMnAcxoGZp1xpijtW8Qmd2qnambbljWfkuVaa4hcVRfrAX6TciIQ21
+bS5aeLGrPqR14h30YzDp0RMmTujEa1o6ExN0+RSTkE9m89Q6WdM69az8JW7YkWqm
+I+UCG3TcLd3TXmN1zNQkq4y2ObDK4Sxy/2p6yFPI1Fds5w/zLfBOvvPQY61vEqs8
+SCCcQIe7f6NDpIRIBlty1C9IaEHj7edyHjF6rtYb
+-----END CERTIFICATE-----

data/.buildkite/certs/ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEA2Mmo5D7xrVDhOTNTqMEHwZFla1o6NfiyMc4AnkR6dGM7S7XV
+SdLJNsaEq7drmacXD3qXcjrHi04xSXsdQ9sgkQBJ4iKnBYn+Bu9pw4odi5W4aVHv
+/vzE68o/GU5BU8yPnjJm0IuRRTGh/pMLn5nbf+f8PGGsztfEscSVJczKs3zVK4TP
+L771XcYG6FOz1oZNvMGRwjB0KL6Jh5s3JYUaRTdBTJLQPfLxx3kYx9fT+6zYYn0n
+e4Wc6B9x9ePB1QCqD4Kp2er1tjtmHwFjj+rpanMrM6+e6fH0vQdsEnZVlu51R1NS
+binGA+uwsWwUttwXhhYAo+LYja5sTvEuWH/ObwIDAQABAoIBAQC8QDGnMnmPdWJ+
+13FYY3cmwel+FXXjFDk5QpgK15A2rUz6a8XxO1d7d1wR+U84uH4v9Na6XQyWjaoD
+EyPQnuJiyAtgkZLUHoY244PGR5NsePEQlBSCKmGeF5w/j1LvP/2e9EmP4wKdQYJY
+nLxFNcgEBCFnFbKIU5n8fKa/klybCrwlBokenyBro02tqH4LL7h1YMRRrl97fv1V
+e/y/0WcMN+KnMglfz6haimBRV2yamCCHHmBImC+wzOgT/quqlxPfI+a3ScHxuA65
+3QyCavaqlPh+T3lXnN/Na4UWqFtzMmwgJX2x1zM5qiln46/JoDiXtagvV43L3rNs
+LhPRFeIRAoGBAPhEB7nNpEDNjIRUL6WpebWS9brKAVY7gYn7YQrKGhhCyftyaiBZ
+zYgxPaJdqYXf+DmkWlANGoYiwEs40QwkR/FZrvO4+Xh3n3dgtl59ZmieuoQvDsG+
+RYIj+TfBaqhewhZNMMl7dxz7DeyQhyRCdsvl3VqJM0RuOsIrzrhCIEItAoGBAN+K
+lgWI7swDpOEaLmu+IWMkGImh1LswXoZqIgi/ywZ7htZjPzidOIeUsMi+lrYsKojG
+uU3sBxASsf9kYXDnuUuUbGT5M/N2ipXERt7klUAA/f5sg1IKlTrabaN/HGs/uNtf
+Efa8v/h2VyTurdPCJ17TNpbOMDwX1qGM62tyt2CLAoGBAIHCnP8iWq18QeuQTO8b
+a3/Z9hHRL22w4H4MI6aOB6GSlxuTq6CJD4IVqo9IwSg17fnCy2l3z9s4IqWuZqUf
++XJOW8ELd2jdrT2qEOfGR1Z7UCVyqxXcq1vgDYx0zZh/HpalddB5dcJx/c8do2Ty
+UEE2PcHqYB9uNcvzNbLc7RtpAoGBALbuU0yePUTI6qGnajuTcQEPpeDjhRHWSFRZ
+ABcG1N8uMS66Mx9iUcNp462zgeP8iqY5caUZtMHreqxT+gWKK7F0+as7386pwElF
+QPXgO18QMMqHBIQb0vlBjJ1SRPBjSiSDTVEML1DljvTTOX7kEJHh6HdKrmBO5b54
+cqMQUo53AoGBAPVWRPUXCqlBz914xKna0ZUh2aesRBg5BvOoq9ey9c52EIU5PXL5
+0Isk8sWSsvhl3tjDPBH5WuL5piKgnCTqkVbEHmWu9s1T57Mw6NuxlPMLBWvyv4c6
+tB9brOxv0ui3qGMuBsBoDKbkNnwXyOXLyFg7O+H4l016A3mLQzJM+NGV
+-----END RSA PRIVATE KEY-----

data/.buildkite/certs/testnode.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAkqgAwIBAgIVAIZQH0fe5U+bGQ6m1JUBO/AQkQ/9MA0GCSqGSIb3DQEB
+CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
+ZXJhdGVkIENBMB4XDTIwMDMyNzE5MTcxMVoXDTIzMDMyNzE5MTcxMVowEzERMA8G
+A1UEAxMIaW5zdGFuY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB
+fco1t1+sE1gTwTVGcXKZqJTP2GjMHM0cfJE5KKfwC5B+pHADRT6FZxvepgKjEBDt
+CK+2Rmotyeb15XXMSKguNhyT+2PuKvT5r05L7P91XRYXrwxG2swJPtct7A87xdFa
+Ek+YRpqGGmTaux2jOELMiAmqEzoj6w/xFq+LF4SolTW4wOL2eLFkEFHBX2oCwU5T
+Q+B+7E9zL45nFWlkeRGJ+ZQTnRNZ/1r4N9A9Gtj4x/H1/y4inWndikdxAb5QiEYJ
+T+vbQWzHYWjz13ttHJsz+6T8rvA1jK+buHgVh4K8lV13X9k54soBqHB8va7/KIJP
+g8gvd6vusEI7Bmfl1as7AgMBAAGjgYswgYgwHQYDVR0OBBYEFKnnpvuVYwtFSUis
+WwN9OHLyExzJMB8GA1UdIwQYMBaAFJYCWKn16g+acbing4Vl45QGUBs0MDsGA1Ud
+EQQ0MDKCCWxvY2FsaG9zdIIIaW5zdGFuY2WHBH8AAAGHEAAAAAAAAAAAAAAAAAAA
+AAGCA2VzMTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAPNsIoD4GBrTgR
+jfvBuHS6eU16P95m16O8Mdpr4SMQgWLQUhs8aoVgfwpg2TkbCWxOe6khJOyNm7bf
+fW4aFQ/OHcQV4Czz3c7eOHTWSyMlCOv+nRXd4giJZ5TOHw1zKGmKXOIvhvE6RfdF
+uBBfrusk164H4iykm0Bbr/wo4d6wuebp3ZYLPw5zV0D08rsaR+3VJ9VxWuFpdm/r
+2onYOohyuX9DRjAczasC+CRRQN4eHJlRfSQB8WfTKw3EloRJJDAg6SJyGiAJ++BF
+hnqfNcEyKes2AWagFF9aTbEJMrzMhH+YB5F+S/PWvMUlFzcoocVKqc4pIrjKUNWO
+6nbTxeAB
+-----END CERTIFICATE-----

data/.buildkite/certs/testnode.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwX3KNbdfrBNYE8E1RnFymaiUz9hozBzNHHyROSin8AuQfqRw
+A0U+hWcb3qYCoxAQ7QivtkZqLcnm9eV1zEioLjYck/tj7ir0+a9OS+z/dV0WF68M
+RtrMCT7XLewPO8XRWhJPmEaahhpk2rsdozhCzIgJqhM6I+sP8RavixeEqJU1uMDi
+9nixZBBRwV9qAsFOU0PgfuxPcy+OZxVpZHkRifmUE50TWf9a+DfQPRrY+Mfx9f8u
+Ip1p3YpHcQG+UIhGCU/r20Fsx2Fo89d7bRybM/uk/K7wNYyvm7h4FYeCvJVdd1/Z
+OeLKAahwfL2u/yiCT4PIL3er7rBCOwZn5dWrOwIDAQABAoIBAFcm4ICnculf4Sks
+umFbUiISA81GjZV6V4zAMu1K+bGuk8vnJyjh9JJD6hK0NbXa07TgV7zDJKoxKd2S
+GCgGhfIin2asMcuh/6vDIYIjYsErR3stdlsnzAVSD7v4ergSlwR6AO32xz0mAE1h
+QK029yeHEstPU72/7/NIo5MD6dXAbut1MzgijZD8RQo1z21D6qmLcPTVTfkn7a3W
+MY3y7XUIkA1TOyIRsH3k6F6NBWkvtXbwOUeLCJ14EvS8T9BqhIhPDZv8mQTRLDOD
+tQRyC4Cnw+UhYmnMFJhj6N2jpTBv/AdoKcRC56uBJyPW+dxj6i4e7n3pQuxqRvpI
+LLJJsskCgYEA4QQxzuJizLKV75rE+Qxg0Ej0Gid1aj3H5eeTZOUhm9KC8KDfPdpk
+msKaNzJq/VDcqHPluGS1jYZVgZlal1nk5xKBcbQ4n297VPVd+sLtlf0bj4atlDUO
++iOVo0H7k5yWvj+TzVRlc5zjDLcnQh8i+22o3+65hIrb2zpzg/cCZJ8CgYEA3CJX
+bjmWPQ0uZVIa8Wz8cJFtKT9uVl7Z3/f6HjN9I0b/9MmVlNxQVAilVwhDkzR/UawG
+QeRFBJ6XWRwX0aoMq+O9VSNu/R2rtEMpIYt3LwbI3yw6GRoCdB5qeL820O+KX5Fl
+/z+ZNgrHgA1yKPVf+8ke2ZtLEqPHMN+BMuq8t+UCgYEAy0MfvzQPbbuw55WWcyb0
+WZJdNzcHwKX4ajzrj4vP9VOPRtD7eINMt+QsrMnVjei6u0yeahhHTIXZvc2K4Qeq
+V/YGinDzaUqqTU+synXFauUOPXO6XxQi6GC2rphPKsOcBFWoLSYc0vgYvgbA5uD7
+l8Yyc77RROKuwfWmHcJHHh8CgYBurGFSjGdJWHgr/oSHPqkIG0VLiJV7nQJjBPRd
+/Lr8YnTK6BJpHf7Q0Ov3frMirjEYqakXtaExel5TMbmT8q+eN8h3pnHlleY+oclr
+EQghv4J8GWs4NYhoQuZ6wH/ZuaTS+XHTS3FG51J3wcrUZtET8ICvHNE4lNjPbH8z
+TysENQKBgHER1RtDFdz+O7mlWibrHk8JDgcVdZV/pBF+9cb7r/orkH9RLAHDlsAO
+tuSVaQmm5eqgaAxMamBXSyw1lir07byemyuEDg0mJ1rNUGsAY8P+LWr579gvKMme
+5gvrJr99JkBTV3z+TiL7dZa52eW00Ijqg2qcbHGpq3kXWWkbd8Tn
+-----END RSA PRIVATE KEY-----

data/.buildkite/certs/testnode_no_san.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIzCCAgugAwIBAgIVAMTO6uVx9dLox2t0lY4IcBKZXb5WMA0GCSqGSIb3DQEB
+CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
+ZXJhdGVkIENBMB4XDTIwMDIyNjA1NTA1OVoXDTIzMDIyNTA1NTA1OVowEzERMA8G
+A1UEAxMIaW5zdGFuY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK
+YLTOikVENiN/qYupOsoXd7VYYnryyfCC/dK4FC2aozkbqjFzBdvPGAasoc4yEiH5
+CGeXMgJuOjk1maqetmdIsw00j4oHJviYsnGXzxxS5swhD7spcW4Uk4V4tAUzrbfT
+vW/2WW/yYCLe5phVb2chz0jL+WYb4bBmdfs/t6RtP9RqsplYAmVp3gZ6lt2YNtvE
+k9gz0TVk3DuO1TquIClfRYUjuywS6xDSvxJ8Jl91EfDWM8QU+9F+YAtiv74xl2U3
+P0wwMqNvMxf9/3ak3lTQGsgO4L6cwbKpVLMMzxSVunZz/sgl19xy3qHHz1Qr2MjJ
+/2c2J7vahUL4NPRkjJClAgMBAAGjTTBLMB0GA1UdDgQWBBS2Wn8E2VZv4oenY+pR
+O8G3zfQXhzAfBgNVHSMEGDAWgBSWAlip9eoPmnG4p4OFZeOUBlAbNDAJBgNVHRME
+AjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAvwPvCiJJ6v9jYcyvYY8I3gP0oCwrylpRL
+n91UlgRSHUmuAObyOoVN5518gSV/bTU2SDrstcLkLFxHvnfpoGJoxsQEHuGxwDRI
+nhYNd62EKLerehNM/F9ILKmvTh8f6QPCzjUuExTXv+63l2Sr6dBS7FHsGs6UKUYO
+llM/y9wMZ1LCuZuBg9RhtgpFXRSgDM9Z7Begu0d/BPX9od/qAeZg9Arz4rwUiCN4
+IJOMEBEPi5q1tgeS0Fb1Grpqd0Uz5tZKtEHNKzLG+zSMmkneL62Nk2HsmEFZKwzg
+u2pU42UaUE596G6o78s1aLn9ICcElPHTjiuZNSiyuu9IzvFDjGQw
+-----END CERTIFICATE-----

data/.buildkite/certs/testnode_no_san.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAymC0zopFRDYjf6mLqTrKF3e1WGJ68snwgv3SuBQtmqM5G6ox
+cwXbzxgGrKHOMhIh+QhnlzICbjo5NZmqnrZnSLMNNI+KByb4mLJxl88cUubMIQ+7
+KXFuFJOFeLQFM623071v9llv8mAi3uaYVW9nIc9Iy/lmG+GwZnX7P7ekbT/UarKZ
+WAJlad4GepbdmDbbxJPYM9E1ZNw7jtU6riApX0WFI7ssEusQ0r8SfCZfdRHw1jPE
+FPvRfmALYr++MZdlNz9MMDKjbzMX/f92pN5U0BrIDuC+nMGyqVSzDM8Ulbp2c/7I
+Jdfcct6hx89UK9jIyf9nNie72oVC+DT0ZIyQpQIDAQABAoIBADAh7f7NjgnaInlD
+ds8KB3SraPsbeQhzlPtiqRJU4j/MIFH/GYG03AGWQkget67a9y+GmzSvlTpoKKEh
+6h2TXl9BDpv4o6ht0WRn1HJ5tM/Wyqf2WNpTew3zxCPgFPikkXsPrChYPzLTQJfp
+GkP/mfTFmxfAOlPZSp4j41zVLYs53eDkAegFPVfKSr1XNNJ3QODLPcIBfxBYsiC9
+oU+jRW8xYuj31cEl5k5UqrChJ1rm3mt6cguqXKbISuoSvi13gXI6DccqhuLAU+Kr
+ib2XYrRP+pWocZo/pM9WUVoNGtFxfY88sAQtvG6gDKo2AURtFyq84Ow0h9mdixV/
+gRIDPcECgYEA5nEqE3OKuG9WuUFGXvjtn4C0F6JjflYWh7AbX51S4F6LKrW6/XHL
+Rg4BtF+XReT7OQ6llsV8kZeUxsUckkgDLzSaA8lysNDV5KkhAWHfRqH//QKFbqZi
+JL9t3x63Qt81US8s2hQk3khPYTRM8ZB3xHiXvZYSGC/0x/DxfEO3QJECgYEA4NK5
+sxtrat8sFz6SK9nWEKimPjDVzxJ0hxdX4tRq/JdOO5RncawVqt6TNP9gTuxfBvhW
+MhJYEsQj8iUoL1dxo9d1eP8HEANNV0iX5OBvJNmgBp+2OyRSyr+PA55+wAxYuAE7
+QKaitOjW57fpArNRt2hQyiSzTuqUFRWTWJHCWNUCgYAEurPTXF6vdFGCUc2g61jt
+GhYYGhQSpq+lrz6Qksj9o9MVWE9zHh++21C7o+6V16I0RJGva3QoBMVf4vG4KtQt
+5tV2WG8LI+4P2Ey+G4UajP6U8bVNVQrUmD0oBBhcvfn5JY+1Fg6/pRpD82/U0VMz
+7AmpMWhDqNBMPiymkTk0kQKBgCuWb05cSI0ly4SOKwS5bRk5uVFhYnKNH255hh6C
+FGP4acB/WzbcqC7CjEPAJ0nl5d6SExQOHmk1AcsWjR3wlCWxxiK5PwNJwJrlhh1n
+reS1FKN0H36D4lFQpkeLWQOe4Sx7gKNeKzlr0w6Fx3Uwku0+Gju2tdTdAey8jB6l
+08opAoGAEe1AuR/OFp2xw6V8TH9UHkkpGxy+OrXI6PX6tgk29PgB+uiMu4RwbjVz
+1di1KKq2XecAilVbnyqY+edADxYGbSnci9x5wQRIebfMi3VXKtV8NQBv2as6qwtW
+JDcQUWotOHjpdvmfJWWkcBhbAKrgX8ukww00ZI/lC3/rmkGnBBg=
+-----END RSA PRIVATE KEY-----

data/.buildkite/functions/cleanup.sh

@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+#
+# Shared cleanup routines between different steps
+#
+# Please source .ci/functions/imports.sh as a whole not just this file
+#
+# Version 1.0.0
+# - Initial version after refactor
+
+function cleanup_volume {
+  if [[ "$(docker volume ls -q -f name=$1)" ]]; then
+    echo -e "\033[34;1mINFO:\033[0m Removing volume $1\033[0m"
+    (docker volume rm "$1") || true
+  fi
+}
+function container_running {
+  if [[ "$(docker ps -q -f name=$1)" ]]; then
+    return 0;
+    else return 1;
+  fi
+}
+function cleanup_node {
+  if container_running "$1"; then
+    echo -e "\033[34;1mINFO:\033[0m Removing container $1\033[0m"
+    (docker container rm --force --volumes "$1") || true
+  fi
+  if [[ -n "$1" ]]; then
+    echo -e "\033[34;1mINFO:\033[0m Removing volume $1-${suffix}-data\033[0m"
+    cleanup_volume "$1-${suffix}-data"
+  fi
+}
+function cleanup_network {
+  if [[ "$(docker network ls -q -f name=$1)" ]]; then
+    echo -e "\033[34;1mINFO:\033[0m Removing network $1\033[0m"
+    (docker network rm "$1") || true
+  fi
+}
+
+function cleanup_trap {
+  status=$?
+  set +x
+  if [[ "$DETACH" != "true" ]]; then
+    echo -e "\033[34;1mINFO:\033[0m clean the network if not detached (start and exit)\033[0m"
+    cleanup_all_in_network "$1"
+  fi
+  # status is 0 or SIGINT
+  if [[ "$status" == "0" || "$status" == "130" ]]; then
+    echo -e "\n\033[32;1mSUCCESS run-tests\033[0m"
+    exit 0
+  else
+    echo -e "\n\033[31;1mFAILURE during run-tests\033[0m"
+    exit ${status}
+  fi
+};
+function cleanup_all_in_network {
+
+  if [[ -z "$(docker network ls -q -f name="^$1\$")" ]]; then
+    echo -e "\033[34;1mINFO:\033[0m $1 is already deleted\033[0m"
+    return 0
+  fi
+  containers=$(docker network inspect -f '{{ range $key, $value := .Containers }}{{ printf "%s\n" .Name}}{{ end }}' $1)
+  while read -r container; do
+    cleanup_node "$container"
+  done <<< "$containers"
+  cleanup_network $1
+  echo -e "\033[32;1mSUCCESS:\033[0m Cleaned up and exiting\033[0m"
+};

data/.buildkite/functions/imports.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+#
+# Sets up all the common variables and imports relevant functions
+#
+# Version 1.0.1
+# - Initial version after refactor
+# - Validate STACK_VERSION asap
+
+function require_stack_version() {
+  if [[ -z $STACK_VERSION ]]; then
+    echo -e "\033[31;1mERROR:\033[0m Required environment variable [STACK_VERSION] not set\033[0m"
+    exit 1
+  fi
+}
+
+require_stack_version
+
+if [[ -z $es_node_name ]]; then
+  # only set these once
+  set -euo pipefail
+  export TEST_SUITE=${TEST_SUITE-free}
+  export SERVICE=${SERVICE-}
+  export RUNSCRIPTS=${RUNSCRIPTS-}
+  export DETACH=${DETACH-false}
+  export CLEANUP=${CLEANUP-false}
+
+  export es_node_name=instance
+  export elastic_password=changeme
+  export elasticsearch_image=elasticsearch
+  export elasticsearch_url=https://elastic:${elastic_password}@${es_node_name}:9200
+  if [[ $TEST_SUITE != "platinum" ]]; then
+    export elasticsearch_url=http://${es_node_name}:9200
+  fi
+  export external_elasticsearch_url=${elasticsearch_url/$es_node_name/localhost}
+  export elasticsearch_container="${elasticsearch_image}:${STACK_VERSION}"
+
+  export suffix=rest-test
+  export moniker=$(echo "$elasticsearch_container" | tr -C "[:alnum:]" '-')
+  export network_name=${moniker}${suffix}
+
+  export ssl_cert="${script_path}/certs/testnode.crt"
+  export ssl_key="${script_path}/certs/testnode.key"
+  export ssl_ca="${script_path}/certs/ca.crt"
+
+fi
+
+  export script_path=$(dirname $(realpath -s $0))
+  source $script_path/functions/cleanup.sh
+  source $script_path/functions/wait-for-container.sh
+  trap "cleanup_trap ${network_name}" EXIT
+
+
+if [[ "$CLEANUP" == "true" ]]; then
+  cleanup_all_in_network $network_name
+  exit 0
+fi
+
+echo -e "\033[34;1mINFO:\033[0m Creating network $network_name if it does not exist already \033[0m"
+docker network inspect "$network_name" > /dev/null 2>&1 || docker network create "$network_name"
+

data/.buildkite/functions/wait-for-container.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+#
+# Exposes a routine scripts can call to wait for a container if that container set up a health command
+#
+# Please source .ci/functions/imports.sh as a whole not just this file
+#
+# Version 1.0.1
+# - Initial version after refactor
+# - Make sure wait_for_contiainer is silent
+
+function wait_for_container {
+  set +x
+  until ! container_running "$1" || (container_running "$1" && [[ "$(docker inspect -f "{{.State.Health.Status}}" ${1})" != "starting" ]]); do
+    echo ""
+    docker inspect -f "{{range .State.Health.Log}}{{.Output}}{{end}}" ${1}
+    echo -e "\033[34;1mINFO:\033[0m waiting for node $1 to be up\033[0m"
+    sleep 20;
+  done;
+
+  # Always show logs if the container is running, this is very useful both on CI as well as while developing
+  if container_running $1; then
+    docker logs $1
+  fi
+
+  if ! container_running $1 || [[ "$(docker inspect -f "{{.State.Health.Status}}" ${1})" != "healthy" ]]; then
+    cleanup_all_in_network $2
+    echo
+    echo -e "\033[31;1mERROR:\033[0m Failed to start $1 in detached mode beyond health checks\033[0m"
+    echo -e "\033[31;1mERROR:\033[0m dumped the docker log before shutting the node down\033[0m"
+    return 1
+  else
+    echo
+    echo -e "\033[32;1mSUCCESS:\033[0m Detached and healthy: ${1} on docker network: ${network_name}\033[0m"
+    return 0
+  fi
+}

data/.buildkite/log-results.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+#
+# This script is intended to be run after the build in a Buildkite pipeline
+echo "--- Test summary"
+buildkite-agent artifact download "tmp/*.html" .
+
+files="tmp/*.html"
+for f in $files; do
+  SERVICE=`echo $f | grep -o "\(appsearch\|enterprisesearch\|workplacesearch\)"`
+  RUBY_VERSION=`echo $f | grep -Po "(\d+\.)+\d+"`
+  EXAMPLES=`cat $f | grep -o "[0-9]\+ example" | tail -1`
+  FAILURES=`cat $f | grep -o "[0-9]\+ failure" | tail -1`
+  PENDING=`cat $f | grep -o "[0-9]\+ pending" | tail -1`
+  echo "--- :rspec: $EXAMPLES - :x: $FAILURES - :pinched_fingers: $PENDING :test_tube: $SERVICE :ruby: $RUBY_VERSION"
+done

data/.buildkite/pipeline.yml

@@ -0,0 +1,25 @@
+steps:
+  - label: ":elastic-enterprise-search: Enterprise Search :rspec: {{ matrix.service }} :ruby: v{{ matrix.ruby }}"
+    agents:
+      provider: "gcp"
+    env:
+      RUBY_VERSION: "{{ matrix.ruby }}"
+      SERVICE: "{{ matrix.service }}"
+      STACK_VERSION: 8.6-SNAPSHOT
+    matrix:
+      setup:
+        ruby:
+          - "3.2"
+          - "3.1"
+          - "3.0"
+          - "2.7"
+        service:
+          - enterprisesearch
+          - appsearch
+          - workplacesearch
+    command: ./.buildkite/run-tests.sh
+    artifact_paths: "tmp/*"
+  - wait: ~
+    continue_on_failure: true
+  - label: "Log Results"
+    command: ./.buildkite/log-results.sh

data/.buildkite/run-client.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+#
+# Once called Elasticsearch and Enteprise Search should be up and running
+#
+script_path=$(dirname $(realpath -s $0))
+source $script_path/functions/imports.sh
+set -euo pipefail
+
+export RUBY_VERSION=${RUBY_VERSION:-3.1}
+
+echo "--- Pinging Elasticsearch :elasticsearch:"
+curl --insecure --fail $external_elasticsearch_url/_cluster/health?pretty
+
+enterprise_search_url="http://localhost:3002"
+echo "--- Pinging Enterprise Search :elastic-enterprise-search:"
+curl -I --fail $enterprise_search_url
+
+echo "--- :ruby: Building Docker image"
+docker build \
+       --file $script_path/Dockerfile \
+       --tag elastic/enterprise-search-ruby \
+       --build-arg RUBY_VERSION=${RUBY_VERSION} \
+       .
+
+echo "--- :ruby: Running $SERVICE tests"
+docker run \
+       --network ${network_name} \
+       --name enterprise-search-ruby \
+       --env "ELASTIC_ENTERPRISE_HOST=http://${CONTAINER_NAME}:3002" \
+       --env "SERVICE=${SERVICE}" \
+       --rm \
+       --volume `pwd`:/code/enterprise-search-ruby \
+       elastic/enterprise-search-ruby \
+       rake spec:integration:${SERVICE}
+

data/.buildkite/run-elasticsearch.sh

@@ -0,0 +1,150 @@
+#!/usr/bin/env bash
+#
+# Launch one or more Elasticsearch nodes via the Docker image,
+# to form a cluster suitable for running the REST API tests.
+#
+# Export the STACK_VERSION variable, eg. '8.0.0-SNAPSHOT'.
+# Export the TEST_SUITE variable, eg. 'free' or 'platinum' defaults to 'free'.
+# Export the NUMBER_OF_NODES variable to start more than 1 node
+
+# Version 1.6.1
+# - Initial version of the run-elasticsearch.sh script
+# - Deleting the volume should not dependent on the container still running
+# - Fixed `ES_JAVA_OPTS` config
+# - Moved to STACK_VERSION and TEST_VERSION
+# - Refactored into functions and imports
+# - Support NUMBER_OF_NODES
+# - Added 5 retries on docker pull for fixing transient network errors
+# - Added flags to make local CCR configurations work
+# - Added action.destructive_requires_name=false as the default will be true in v8
+# - Added ingest.geoip.downloader.enabled=false as it causes false positives in testing
+# - Moved ELASTIC_PASSWORD and xpack.security.enabled to the base arguments for "Security On by default"
+# - Use https only when TEST_SUITE is "platinum", when "free" use http
+# - Set xpack.security.enabled=false for "free" and xpack.security.enabled=true for "platinum"
+
+script_path=$(dirname $(realpath -s $0))
+source $script_path/functions/imports.sh
+set -euo pipefail
+
+echo -e "\033[34;1mINFO:\033[0m Take down node if called twice with the same arguments (DETACH=true) or on seperate terminals \033[0m"
+cleanup_node $es_node_name
+
+master_node_name=${es_node_name}
+cluster_name=${moniker}${suffix}
+
+declare -a volumes
+environment=($(cat <<-END
+  --env ELASTIC_PASSWORD=$elastic_password
+  --env node.name=$es_node_name
+  --env cluster.name=$cluster_name
+  --env cluster.initial_master_nodes=$master_node_name
+  --env discovery.seed_hosts=$master_node_name
+  --env cluster.routing.allocation.disk.threshold_enabled=false
+  --env bootstrap.memory_lock=true
+  --env node.attr.testattr=test
+  --env path.repo=/tmp
+  --env repositories.url.allowed_urls=http://snapshot.test*
+  --env action.destructive_requires_name=false
+  --env ingest.geoip.downloader.enabled=false
+  --env cluster.deprecation_indexing.enabled=false
+END
+))
+if [[ "$TEST_SUITE" == "platinum" ]]; then
+  environment+=($(cat <<-END
+    --env xpack.security.enabled=true
+    --env xpack.license.self_generated.type=trial
+    --env xpack.security.http.ssl.enabled=true
+    --env xpack.security.http.ssl.verification_mode=certificate
+    --env xpack.security.http.ssl.key=certs/testnode.key
+    --env xpack.security.http.ssl.certificate=certs/testnode.crt
+    --env xpack.security.http.ssl.certificate_authorities=certs/ca.crt
+    --env xpack.security.transport.ssl.enabled=true
+    --env xpack.security.transport.ssl.verification_mode=certificate
+    --env xpack.security.transport.ssl.key=certs/testnode.key
+    --env xpack.security.transport.ssl.certificate=certs/testnode.crt
+    --env xpack.security.transport.ssl.certificate_authorities=certs/ca.crt
+END
+))
+  volumes+=($(cat <<-END
+    --volume $ssl_cert:/usr/share/elasticsearch/config/certs/testnode.crt
+    --volume $ssl_key:/usr/share/elasticsearch/config/certs/testnode.key
+    --volume $ssl_ca:/usr/share/elasticsearch/config/certs/ca.crt
+END
+))
+else
+  environment+=($(cat <<-END
+    --env node.roles=data,data_cold,data_content,data_frozen,data_hot,data_warm,ingest,master,ml,remote_cluster_client,transform
+    --env xpack.security.enabled=false
+    --env xpack.security.http.ssl.enabled=false
+END
+))
+fi
+
+cert_validation_flags=""
+if [[ "$TEST_SUITE" == "platinum" ]]; then
+  cert_validation_flags="--insecure --cacert /usr/share/elasticsearch/config/certs/ca.crt --resolve ${es_node_name}:443:127.0.0.1"
+fi
+
+echo "--- :elasticsearch: Environment setup"
+echo "TEST_SUITE: $TEST_SUITE"
+echo "Elasticsearch URL: $elasticsearch_url"
+echo "Elasticsearch External URL: $external_elasticsearch_url"
+
+
+echo "--- :elasticsearch: Running container"
+# Pull the container, retry on failures up to 5 times with
+# short delays between each attempt. Fixes most transient network errors.
+docker_pull_attempts=0
+until [ "$docker_pull_attempts" -ge 5 ]
+do
+   docker pull docker.elastic.co/elasticsearch/"$elasticsearch_container" && break
+   docker_pull_attempts=$((docker_pull_attempts+1))
+   echo "Failed to pull image, retrying in 10 seconds (retry $docker_pull_attempts/5)..."
+   sleep 10
+done
+
+NUMBER_OF_NODES=${NUMBER_OF_NODES-1}
+http_port=9200
+for (( i=0; i<$NUMBER_OF_NODES; i++, http_port++ )); do
+  node_name=${es_node_name}$i
+  node_url=${external_elasticsearch_url/9200/${http_port}}$i
+  if [[ "$i" == "0" ]]; then node_name=$es_node_name; fi
+  environment+=($(cat <<-END
+    --env node.name=$node_name
+END
+))
+  echo "$i: $http_port $node_url "
+  volume_name=${node_name}-${suffix}-data
+  volumes+=($(cat <<-END
+    --volume $volume_name:/usr/share/elasticsearch/data${i}
+END
+))
+
+  # make sure we detach for all but the last node if DETACH=false (default) so all nodes are started
+  local_detach="true"
+  if [[ "$i" == "$((NUMBER_OF_NODES-1))" ]]; then local_detach=$DETACH; fi
+  echo -e "\033[34;1mINFO:\033[0m Starting container $node_name \033[0m"
+  set -x
+  docker run \
+    --name "$node_name" \
+    --network "$network_name" \
+    --env "ES_JAVA_OPTS=-Xms1g -Xmx1g -da:org.elasticsearch.xpack.ccr.index.engine.FollowingEngineAssertions" \
+    "${environment[@]}" \
+    "${volumes[@]}" \
+    --publish "$http_port":9200 \
+    --ulimit nofile=65536:65536 \
+    --ulimit memlock=-1:-1 \
+    --detach="$local_detach" \
+    --health-cmd="curl $cert_validation_flags --fail $elasticsearch_url/_cluster/health || exit 1" \
+    --health-interval=2s \
+    --health-retries=20 \
+    --health-timeout=2s \
+    --rm \
+    docker.elastic.co/elasticsearch/"$elasticsearch_container";
+
+  set +x
+  if wait_for_container "$es_node_name" "$network_name"; then
+    echo -e "\033[32;1mSUCCESS:\033[0m Running on: $node_url\033[0m"
+  fi
+
+done

data/.buildkite/run-enterprise-search.sh

@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+#
+# Launch one App Search node via the Docker image,
+# to form a cluster suitable for running the REST API tests.
+#
+# Export the STACK_VERSION variable, eg. '8.0.0-SNAPSHOT'.
+
+# Version 1.1.0
+# - Initial version of the run-app-search.sh script
+# - Refactored .ci version
+
+script_path=$(dirname $(realpath -s $0))
+source $script_path/functions/imports.sh
+set -euo pipefail
+
+CONTAINER_NAME=${CONTAINER_NAME-enterprise-search}
+APP_SEARCH_SECRET_SESSION_KEY=${APP_SEARCH_SECRET_SESSION_KEY-int_test_secret}
+
+echo -e "\033[34;1mINFO:\033[0m Take down node if called twice with the same arguments (DETACH=true) or on seperate terminals \033[0m"
+cleanup_node $CONTAINER_NAME
+
+http_port=3002
+url=http://127.0.0.1:${http_port}
+
+# Pull the container, retry on failures up to 5 times with
+# short delays between each attempt. Fixes most transient network errors.
+docker_pull_attempts=0
+until [ "$docker_pull_attempts" -ge 5 ]
+do
+   docker pull docker.elastic.co/enterprise-search/enterprise-search:"$STACK_VERSION" && break
+   docker_pull_attempts=$((docker_pull_attempts+1))
+   echo "Failed to pull image, retrying in 10 seconds (retry $docker_pull_attempts/5)..."
+   sleep 10
+done
+
+echo -e "\033[34;1mINFO:\033[0m Starting container $CONTAINER_NAME \033[0m"
+set -x
+docker run \
+  --name "$CONTAINER_NAME" \
+  --network "$network_name" \
+  --env "elasticsearch.host=$elasticsearch_url" \
+  --env "elasticsearch.username=elastic" \
+  --env "elasticsearch.password=$elastic_password" \
+  --env "ENT_SEARCH_DEFAULT_PASSWORD=$elastic_password" \
+  --env "secret_management.encryption_keys=[$APP_SEARCH_SECRET_SESSION_KEY]" \
+  --env "enterprise_search.listen_port=$http_port" \
+  --env "log_level=info" \
+  --env "hide_version_info=false" \
+  --env "worker.threads=2" \
+  --env "allow_es_settings_modification=true" \
+  --env "JAVA_OPTS=-Xms1g -Xmx2g" \
+  --env "elasticsearch.ssl.enabled=true" \
+  --env "elasticsearch.ssl.verify=true" \
+  --env "elasticsearch.ssl.certificate=/usr/share/app-search/config/certs/testnode.crt" \
+  --env "elasticsearch.ssl.certificate_authority=/usr/share/app-search/config/certs/ca.crt" \
+  --env "elasticsearch.ssl.key=/usr/share/app-search/config/certs/testnode.key" \
+  --env "ELASTICSEARCH_SEARCH_API=true" \
+  --volume $ssl_cert:/usr/share/app-search/config/certs/testnode.crt \
+  --volume $ssl_key:/usr/share/app-search/config/certs/testnode.key \
+  --volume $ssl_ca:/usr/share/app-search/config/certs/ca.crt \
+  --publish "$http_port":3002 \
+  --detach="$DETACH" \
+  --health-cmd="curl --insecure --fail ${url} || exit 1" \
+  --health-interval=30s \
+  --health-retries=50 \
+  --health-timeout=10s \
+  --rm \
+  docker.elastic.co/enterprise-search/enterprise-search:"$STACK_VERSION";
+
+if wait_for_container "$CONTAINER_NAME" "$network_name"; then
+  echo -e "\033[32;1mSUCCESS:\033[0m Running on: ${url}\033[0m"
+fi

data/.buildkite/run-tests.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+#
+# Script to run Enterprise Search container and Enterprise Search client integration tests on Buildkite
+#
+# Version 0.1
+#
+export TEST_SUITE=platinum
+export CONTAINER_NAME=enterprise-search
+
+script_path=$(dirname $(realpath -s $0))
+source $script_path/functions/imports.sh
+set -euo pipefail
+
+echo "--- Create the elastic network"
+docker network create elastic
+
+echo "--- :elasticsearch: Starting Elasticsearch"
+DETACH=true bash $script_path/run-elasticsearch.sh
+
+echo "--- :elastic-enterprise-search: Starting Enterprise Search"
+DETACH=true bash $script_path/run-enterprise-search.sh
+
+echo "+++ :ruby: Run Client"
+bash $script_path/run-client.sh

data/.ci/.env

@@ -0,0 +1,9 @@
+ELASTIC_PASSWORD=changeme
+KIBANA_PASSWORD=changeme
+ES_PORT=9200
+CLUSTER_NAME=es-cluster
+LICENSE=trial
+MEM_LIMIT=1073741824
+KIBANA_PORT=5601
+ENTERPRISE_SEARCH_PORT=3002
+ENCRYPTION_KEYS=secret

data/.ci/docker-compose.yml

@@ -0,0 +1,166 @@
+
+version: "2.2"
+
+services:
+  setup:
+    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
+    volumes:
+      - certs:/usr/share/elasticsearch/config/certs
+    user: "0"
+    command: >
+      bash -c '
+        if [ x${ELASTIC_PASSWORD} == x ]; then
+          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
+          exit 1;
+        elif [ x${KIBANA_PASSWORD} == x ]; then
+          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
+          exit 1;
+        fi;
+        if [ ! -f certs/ca.zip ]; then
+          echo "Creating CA";
+          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
+          unzip config/certs/ca.zip -d config/certs;
+        fi;
+        if [ ! -f certs/certs.zip ]; then
+          echo "Creating certs";
+          echo -ne \
+          "instances:\n"\
+          "  - name: es01\n"\
+          "    dns:\n"\
+          "      - es01\n"\
+          "      - localhost\n"\
+          "    ip:\n"\
+          "      - 127.0.0.1\n"\
+          > config/certs/instances.yml;
+          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
+          unzip config/certs/certs.zip -d config/certs;
+        fi;
+        echo "Setting file permissions"
+        chown -R root:root config/certs;
+        find . -type d -exec chmod 750 \{\} \;;
+        find . -type f -exec chmod 640 \{\} \;;
+        echo "Waiting for Elasticsearch availability";
+        until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
+        echo "Setting kibana_system password";
+        until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
+        echo "All done!";
+      '
+    healthcheck:
+      test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
+      interval: 1s
+      timeout: 5s
+      retries: 120
+
+  es01:
+    depends_on:
+      setup:
+        condition: service_healthy
+    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
+    volumes:
+      - certs:/usr/share/elasticsearch/config/certs
+      - esdata01:/usr/share/elasticsearch/data
+    ports:
+      - ${ES_PORT}:9200
+    environment:
+      - node.name=es01
+      - cluster.name=${CLUSTER_NAME}
+      - cluster.initial_master_nodes=es01
+      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
+      - bootstrap.memory_lock=true
+      - xpack.security.enabled=true
+      - xpack.security.http.ssl.enabled=true
+      - xpack.security.http.ssl.key=certs/es01/es01.key
+      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
+      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
+      - xpack.security.http.ssl.verification_mode=certificate
+      - xpack.security.transport.ssl.enabled=true
+      - xpack.security.transport.ssl.key=certs/es01/es01.key
+      - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
+      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
+      - xpack.security.transport.ssl.verification_mode=certificate
+      - xpack.license.self_generated.type=trial
+    mem_limit: ${MEM_LIMIT}
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+    healthcheck:
+      test:
+        [
+            "CMD-SHELL",
+            "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
+        ]
+      interval: 10s
+      timeout: 10s
+      retries: 120
+
+  kibana:
+    depends_on:
+      es01:
+        condition: service_healthy
+    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
+    volumes:
+      - certs:/usr/share/kibana/config/certs
+      - kibanadata:/usr/share/kibana/data
+    ports:
+      - ${KIBANA_PORT}:5601
+    environment:
+      - SERVERNAME=kibana
+      - ELASTICSEARCH_HOSTS=https://es01:9200
+      - ELASTICSEARCH_USERNAME=kibana_system
+      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
+      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
+      - ENTERPRISESEARCH_HOST=http://enterprisesearch:${ENTERPRISE_SEARCH_PORT}
+    mem_limit: ${MEM_LIMIT}
+    healthcheck:
+      test:
+        [
+            "CMD-SHELL",
+            "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
+        ]
+      interval: 10s
+      timeout: 10s
+      retries: 120
+
+  enterprisesearch:
+    depends_on:
+      es01:
+        condition: service_healthy
+      kibana:
+        condition: service_healthy
+    image: docker.elastic.co/enterprise-search/enterprise-search:${STACK_VERSION}
+    volumes:
+      - certs:/usr/share/enterprise-search/config/certs
+      - enterprisesearchdata:/usr/share/enterprise-search/config
+    ports:
+      - ${ENTERPRISE_SEARCH_PORT}:3002
+    environment:
+      - SERVERNAME=enterprisesearch
+      - secret_management.encryption_keys=[${ENCRYPTION_KEYS}]
+      - allow_es_settings_modification=true
+      - elasticsearch.host=https://es01:9200
+      - elasticsearch.username=elastic
+      - elasticsearch.password=${ELASTIC_PASSWORD}
+      - elasticsearch.ssl.enabled=true
+      - elasticsearch.ssl.certificate_authority=/usr/share/enterprise-search/config/certs/ca/ca.crt
+      - kibana.external_url=http://kibana:5601
+    mem_limit: ${MEM_LIMIT}
+    healthcheck:
+      test:
+        [
+            "CMD-SHELL",
+            "curl -s -I http://localhost:3002 | grep -q 'HTTP/1.1 302 Found'",
+        ]
+      interval: 10s
+      timeout: 10s
+      retries: 120
+
+volumes:
+  certs:
+    driver: local
+  enterprisesearchdata:
+    driver: local
+  esdata01:
+    driver: local
+  kibanadata:
+    driver: local

data/.ci/jobs/{elastic+enterprise-search-ruby+8.2.yml → elastic+enterprise-search-ruby+8.5.yml}

@@ -1,12 +1,12 @@
 ---
 - job:
-    name: elastic+enterprise-search-ruby+8.2
-    display-name: 'elastic / enterprise-search-ruby # 8.2'
-    description: Testing the enterprise-search-ruby 8.2 branch.
+    name: elastic+enterprise-search-ruby+8.5
+    display-name: 'elastic / enterprise-search-ruby # 8.5'
+    description: Testing the enterprise-search-ruby 8.5 branch.
     junit_results: "*-junit.xml"
     parameters:
     - string:
         name: branch_specifier
-        default: refs/heads/8.2
+        default: refs/heads/8.5
         description: the Git branch specifier to build (<branchName>, <tagName>,
           <commitId>, etc.)

data/.ci/run-kibana.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+script_path=$(dirname $(realpath -s $0))
+source $script_path/functions/imports.sh
+set -euo pipefail
+
+docker run \
+       --name "kibana" \
+       --network "$network_name" \
+       --publish "5601:5601" \
+       --interactive \
+       --tty \
+       --rm \
+       --env "ENTERPRISESEARCH_HOST=http://localhost:3002" \
+       "docker.elastic.co/kibana/kibana:${STACK_VERSION}"
+
+# --volume $ssl_ca:/usr/share/elasticsearch/config/certs/ca.crt \
+
+# --env "ELASTICSEARCH_HOSTS=${elasticsearch_url}" \
+  # --env "ELASTICSEARCH_USERNAME=enterprise_search" \
+  # --env "ELASTICSEARCH_PASSWORD=${elastic_password}" \
+  # --env "ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=${ssl_ca}" \

data/.ci/run-stack.sh

@@ -0,0 +1 @@
+STACK_VERSION=${STACK_VERSION} docker-compose up --remove-orphans

data/.ci/test-matrix.yml

@@ -5,7 +5,7 @@ RUBY_VERSION:
   - 2.7
 
 STACK_VERSION:
-  - 8.5.0-SNAPSHOT
+  - 8.6-SNAPSHOT
 
 SERVICE:
   - appsearch

data/.github/workflows/testing.yml

@@ -27,7 +27,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby: [ jruby-9.3 ]
+        ruby: [ jruby-9.3, jruby-9.4 ]
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2

data/.gitignore

@@ -11,4 +11,5 @@ doc
 .#*
 *junit.xml
 .byebug_history
-coverage
+coverage
+tmp

data/README.md

@@ -20,7 +20,7 @@ Or add it to your project's Gemfile:
 gem 'elastic-enterprise-search', 'VERSION'
 ```
 
-The Enterprise Search client is implemented with [`elastic-transport`](https://github.com/elastic/elastic-transport-ruby/) as the HTTP layer, which uses [Faraday](https://rubygems.org/gems/faraday). Faraday supports several [adapters](https://lostisland.github.io/faraday/adapters/) and will use `Net::HTTP` by default. For optimal performance with the Enterprise Search API, we suggest using an HTTP library which supports persistent ("keep-alive") connections. For the standard Ruby implementation, this could be https://github.com/drbrain/net-http-persistent[Net::HTTP::Persistent], [patron](https://github.com/toland/patron) or [Typhoeus](https://github.com/typhoeus/typhoeus). For JRuby, [Manticore](https://github.com/cheald/manticore) is a great option as well. Require the library for the adapter in your code and then pass in the `:adapter` parameter to the client when you initialize it:
+The Enterprise Search client is implemented with [`elastic-transport`](https://github.com/elastic/elastic-transport-ruby/) as the HTTP layer, which uses [Faraday](https://rubygems.org/gems/faraday). Faraday supports several [adapters](https://lostisland.github.io/faraday/adapters/) and will use `Net::HTTP` by default. For optimal performance with the Enterprise Search API, we suggest using an HTTP library which supports persistent ("keep-alive") connections. For the standard Ruby implementation, this could be [Net::HTTP::Persistent](https://github.com/drbrain/net-http-persistent), [patron](https://github.com/toland/patron) or [Typhoeus](https://github.com/typhoeus/typhoeus). For JRuby, [Manticore](https://github.com/cheald/manticore) is a great option as well. Require the library for the adapter in your code and then pass in the `:adapter` parameter to the client when you initialize it:
 
 ```ruby
 require 'elastic-enterprise-search'

data/docs/guide/release_notes/717.asciidoc

@@ -1,6 +1,18 @@
 [[release_notes_717]]
 === 7.17 Release notes
 
+[discrete]
+[[release_notes_7171]]
+=== 7.17.1 Release notes
+
+- Updates in Documentation: CHANGELOG, CODE_OF_CONDUCT, CONTRIBUTING, NOTICE, README
+- Adds the option to specify an adapter for Faraday when initializing a client. See https://github.com/elastic/enterprise-search-ruby/blob/main/README.md#elastic-enterprise-search-client[README]
+- Fixes typo in meta data for CLIENT_NAME.
+
+[discrete]
+[[release_notes_7170]]
+=== 7.17.0 Release notes
+
 [discrete]
 ==== General
 

data/docs/guide/release_notes/86.asciidoc

@@ -0,0 +1,9 @@
+[[release_notes_86]]
+=== 8.6 Release notes
+
+[discrete]
+[[release_notes_860]]
+=== 8.6.0 Release notes
+
+- Tested versions of Ruby for 8.6.0: Ruby (MRI) 2.7, 3.0 and 3.1, JRuby 9.3 and JRuby 9.4.
+- Updated for compatibility with Elastic Enterprise Search 8.6's API.

data/docs/guide/release_notes/index.asciidoc

@@ -4,6 +4,7 @@
 [discrete]
 === 8.x
 
+* <<release_notes_86, 8.6.0 Release Notes>>
 * <<release_notes_85, 8.5.0 Release Notes>>
 * <<release_notes_84, 8.4.0 Release Notes>>
 * <<release_notes_83, 8.3.0 Release Notes>>
@@ -23,6 +24,7 @@
 * <<release_notes_711, 7.11.0 Release Notes>>
 * <<release_notes_710, 7.10.0.beta.1 Release Notes>>
 
+include::86.asciidoc[]
 include::85.asciidoc[]
 include::84.asciidoc[]
 include::83.asciidoc[]

data/elastic-enterprise-search.gemspec

@@ -54,7 +54,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rspec', '~> 3.9.0'
   s.add_development_dependency 'rspec_junit_formatter'
   s.add_development_dependency 'rubocop', '~> 1'
-  s.add_development_dependency 'vcr', '~> 3.0.3'
+  s.add_development_dependency 'vcr'
   s.add_development_dependency 'webmock'
   # Adapters
   s.add_development_dependency 'faraday-httpclient'

data/lib/elastic/enterprise-search/version.rb

@@ -19,6 +19,6 @@
 
 module Elastic
   module EnterpriseSearch
-    VERSION = '8.5.0'
+    VERSION = '8.6.0'
   end
 end

data/spec/enterprise-search/client_spec.rb

@@ -96,7 +96,7 @@ describe Elastic::EnterpriseSearch::Client do
   context 'meta-header' do
     let(:transport) { Elastic::EnterpriseSearch::Client.new.instance_variable_get('@transport') }
     let(:subject) { transport.transport.connections.first.connection.headers }
-    let(:regexp) { /^[a-z]{1,}=[a-z0-9.\-]{1,}(?:,[a-z]{1,}=[a-z0-9._-]+)*$/ }
+    let(:regexp) { /^[a-z]{1,}=[a-z0-9.-]{1,}(?:,[a-z]{1,}=[a-z0-9._-]+)*$/ }
 
     it 'sends the correct meta header to transport' do
       expect(subject['x-elastic-client-meta']).to match(regexp)

data/spec/spec_helper.rb

@@ -32,6 +32,10 @@ RSpec.configure do |config|
 
   config.add_formatter('documentation')
   config.add_formatter('RspecJunitFormatter', 'enterprise-search-junit.xml')
+  config.add_formatter(
+    'RSpec::Core::Formatters::HtmlFormatter',
+    "tmp/enterprise-search-#{ENV['SERVICE']}-#{RUBY_VERSION}.html"
+  )
 
   VCR.configure do |c|
     c.cassette_library_dir = 'spec/fixtures/vcr'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: elastic-enterprise-search
 version: !ruby/object:Gem::Version
-  version: 8.5.0
+  version: 8.6.0
 platform: ruby
 authors:
 - Fernando Briano
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-11-02 00:00:00.000000000 Z
+date: 2023-01-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: elastic-transport
@@ -118,16 +118,16 @@ dependencies:
   name: vcr
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.3
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.3
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -207,6 +207,24 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".buildkite/Dockerfile"
+- ".buildkite/certs/README.md"
+- ".buildkite/certs/ca.crt"
+- ".buildkite/certs/ca.key"
+- ".buildkite/certs/testnode.crt"
+- ".buildkite/certs/testnode.key"
+- ".buildkite/certs/testnode_no_san.crt"
+- ".buildkite/certs/testnode_no_san.key"
+- ".buildkite/functions/cleanup.sh"
+- ".buildkite/functions/imports.sh"
+- ".buildkite/functions/wait-for-container.sh"
+- ".buildkite/log-results.sh"
+- ".buildkite/pipeline.yml"
+- ".buildkite/run-client.sh"
+- ".buildkite/run-elasticsearch.sh"
+- ".buildkite/run-enterprise-search.sh"
+- ".buildkite/run-tests.sh"
+- ".ci/.env"
 - ".ci/.gitignore"
 - ".ci/Dockerfile"
 - ".ci/certs/README.md"
@@ -216,21 +234,24 @@ files:
 - ".ci/certs/testnode.key"
 - ".ci/certs/testnode_no_san.crt"
 - ".ci/certs/testnode_no_san.key"
+- ".ci/docker-compose.yml"
 - ".ci/functions/cleanup.sh"
 - ".ci/functions/imports.sh"
 - ".ci/functions/wait-for-container.sh"
 - ".ci/jobs/defaults.yml"
 - ".ci/jobs/elastic+enterprise-search-ruby+7.17.yml"
-- ".ci/jobs/elastic+enterprise-search-ruby+8.2.yml"
 - ".ci/jobs/elastic+enterprise-search-ruby+8.3.yml"
 - ".ci/jobs/elastic+enterprise-search-ruby+8.4.yml"
+- ".ci/jobs/elastic+enterprise-search-ruby+8.5.yml"
 - ".ci/jobs/elastic+enterprise-search-ruby+main.yml"
 - ".ci/jobs/elastic+enterprise-search-ruby+pull-request.yml"
 - ".ci/make.sh"
 - ".ci/run-elasticsearch.sh"
 - ".ci/run-enterprise-search.sh"
+- ".ci/run-kibana.sh"
 - ".ci/run-local.sh"
 - ".ci/run-repository.sh"
+- ".ci/run-stack.sh"
 - ".ci/run-tests"
 - ".ci/test-matrix.yml"
 - ".github/check_license_headers.rb"
@@ -269,6 +290,7 @@ files:
 - docs/guide/release_notes/83.asciidoc
 - docs/guide/release_notes/84.asciidoc
 - docs/guide/release_notes/85.asciidoc
+- docs/guide/release_notes/86.asciidoc
 - docs/guide/release_notes/index.asciidoc
 - docs/guide/workplace-search-api.asciidoc
 - elastic-enterprise-search.gemspec