ESQL: List/get query API

[GalLalouche]

This PR adds two new REST endpoints, for listing queries and getting information on a current query.

• Resolves ESQL: API for listing running queries #124827
• Related to ESQL: Create an API for getting information for a specific running query #124828 (initial work)

Changes from the API specified in the above issues:

• The get API is pretty initial, as we don't have a way of fetching the memory used or number of rows processed.

List queries response:

GET /_query/queries
// returns for each of the running queries
// query_id, start_time, running_time, query

{ "queries" : {
 "abc:1234": {
  "node": "abc",
  "id": 1234,
  "start_time_millis": 14585858875292,
  "running_time_nanos": 762794,
  "query": "FROM logs* | STATS BY hostname"
  },
 "abd:1729": {
  "node": "abd",
  "id":1729,
  "start_time_millis": 14585858823573,
  "running_time_nanos": 90231,
  "query": "FROM orders | LOOKUP country_code ON country"
  }
 } 
}

Get query response:

GET /_query/queries/abc:1234

{
  "id": 1234,
  "node": "abc",
  "start_time_millis": 14585858875292,
  "running_time_nanos": 762794,
  "query": "FROM logs* | STATS BY hostname"
  "coordinating_node": "oTUltX4IQMOUUVeiohTt8A"
  "data_nodes" : [ "DwrYwfytxthse49X4", "i5msnbUyWlpe86e7"]
}

[elasticsearchmachine]

Hi @GalLalouche, I've created a changelog YAML for you.

[elasticsearchmachine]

Pinging @elastic/es-analytical-engine (Team:Analytics)

[idegtiarenko]

The repetition in the endpoint looks surprising to me. Why not /_queries or may be /_cluster/queries?

[GalLalouche]

@costin

[costin]

For the time being we're looking to keep the ESQL APIs under the ESQL prefix(_query) and avoid potential clashes with other rest APIs.
The decision hasn't been finalized though.

[nik9000]

Let's sort this one out after this PR.

[nik9000]

We can move this - we haven't finalized this API.

[costin]

Good first PR.
Add a yaml integration rest test with that checks the output for each endpoint, including working and failing tasks

Moving forward, please create a meta PR for this for follow-up issues:

• query cancellation
• filtering (my doc didn't include any, let's use the task API ones by filtering over nodes and id)
• have a subtask to integrate the user in
• double check that X-Opaque-Id /trace.id information is sent over (and displayed if available) - could be used for filtering also
• follow-up item for memory tracking
• follow-up item for bytes / records read

The meta issue will better reflect the overall status including tasks that are blocking and incoming feedback and keep the code get merged in.

[costin]

As a follow-up, please reach out to the data store / security team to double check what type of security is needed (similar to cat/tasks API) both for listing and cancelling queries.
There might a need to add another permission or reuse an existing one.

[costin]

An alternative is to move the conditional when creating the parameters and have only one consumer creation:

        ActionType<?> action = id != null ? RestEsqlGetQueryAction.INSTANCE : RestEsqlListQueriesAction.INSTANCE;
        Object request = id != null ? new EsqlGetQueryRequest(new TaskId(id)) : new EsqlListQueriesRequest();

        return channel -> client.execute(
                action,
                request,
                new RestToXContentListener<>(channel)
        );

[GalLalouche]

Done.

[costin]

For the time being we're looking to keep the ESQL APIs under the ESQL prefix(_query) and avoid potential clashes with other rest APIs.
The decision hasn't been finalized though.

[idegtiarenko]

I wonder if we should rely on org.elasticsearch.transport.EmptyRequest instead?

[GalLalouche]

It looks like that's a test class... is it used in production?

[nik9000]

Maybe IntOrLongMatcher.

[GalLalouche]

Done.

[nik9000]

Could you move this one to the PausableFieldPlugin stuff?

[GalLalouche]

Done.

[GalLalouche]

Done.

[nik9000]

I think this is on the node, right?

[GalLalouche]

Yes. At some point I renamed a field called node and intellij was kind enough to replace all "node" words with "taskId" in the entire repo. I thought I caught all of them but I guess a few slipped through.

[nik9000]

Leftover?

[GalLalouche]

Yes, but honest it's not worth the refactor in this case.

[nik9000]

More leftover?

[GalLalouche]

Yes, but honest it's not worth the refactor in this case.

[nik9000]

Leftover? I guess we can move this to RestTestCase.

[GalLalouche]

Yep, that's what I did :)

[nik9000]

This one is a ToXContentFragment because it's not a valid value - it's a key and a value.

[GalLalouche]

Done.

[nik9000]

Leftover?

[nik9000]

I guess we can make the [a] dude a constant wherever it's used.

[GalLalouche]

Done.

[GalLalouche]

Good first PR. Add a yaml integration rest test with that checks the output for each endpoint, including working and failing tasks

Moving forward, please create a meta PR for this for follow-up issues:

• query cancellation
• filtering (my doc didn't include any, let's use the task API ones by filtering over nodes and id)
• have a subtask to integrate the user in
• double check that X-Opaque-Id /trace.id information is sent over (and displayed if available) - could be used for filtering also
• follow-up item for memory tracking
• follow-up item for bytes / records read

The meta issue will better reflect the overall status including tasks that are blocking and incoming feedback and keep the code get merged in.

Done: #125662

[jfreden]

Thanks for the review request and sorry for the delay!

My understanding is that there are two new actions EsqlGetQueryAction and EsqlListQueriesAction that use the TransportListTasksAction under the hood and filters either on id or on the type of query (esql). From a least privilege principle point of view I think the existing monitor privilege is too wide, since we get more than we need with it. Adding a monitor_esql would probably make sense, in the same way we did for these features.

I think that would require a new esql origin and then register it here, to execute the actual TransportListTasksAction without the API caller having the monitor privilege.

WDYT?

[GalLalouche]

Thanks @jfreden! I've added the necessary privileges by following the other ones in the classes you mentioned. Could you PTAL?

[jfreden]

If the caller only has monitor_esql I think this would fail because it doesn't have cluster:monitor/tasks/lists (or cluster:monitor*) that's required here. To work around that the executeAsyncWithOrigin can be used. It would be nice with an integration test that covers this. Maybe modify existing to only have the monitor_esql privilege?

[GalLalouche]

Nice catch! I fixed it and added a couple of integration tests.

[jfreden]

The new privilege should also be added to:

• ServerlessSupportedPrivilegesRegistry if it's needed there.
• https://github.com/elastic/elasticsearch/blob/main/docs/reference/elasticsearch/security-privileges.md
• https://github.com/elastic/elasticsearch/blob/main/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/ClusterPrivilegeResolver.java#L420

[jfreden]

Nice!

[jfreden]

Is it possible to validate that this is for EsqlQueryAction or an async EsqlQueryAction? Otherwise you might be able to get any task here? Or maybe I'm missing additional validation?

[GalLalouche]

Not properly, since we would need said task to have started but not yet finished by the time we ask for it. There are other tests that check that it works, but they use a special hack to inject a semaphore in the middle of executing the query. IMO, combining both checks (semaphore + custom privileges) would be too much of a hassle.

[nik9000]

I think we could check the type of the returned task a few lines down. So if you ask for a non-ESQL task it'd reject it.

[GalLalouche]

Done.

[jfreden]

Thanks for implementing the suggested changes! LGTM!

[nik9000]

Let's sort this one out after this PR.

[nik9000]

We can move this - we haven't finalized this API.

[nik9000]

I think we could check the type of the returned task a few lines down. So if you ask for a non-ESQL task it'd reject it.