Merge branch 'main' into TaskCancelledException

Author: iverase

docs/reference/elasticsearch-plugins/index.md

@@ -6,6 +6,12 @@ mapped_pages:
 
 # Elasticsearch plugins [intro]
 
+:::{note}
+This section provides detailed **reference information** for Elasticsearch plugins.
+
+Refer to [Add plugins and extensions](docs-content://deploy-manage/deploy/elastic-cloud/add-plugins-extensions.md) in the **Deploy and manage** section for overview, getting started and conceptual information.
+:::
+
 Plugins are a way to enhance the core Elasticsearch functionality in a custom manner. They range from adding custom mapping types, custom analyzers, native scripts, custom discovery and more.
 
 Plugins contain JAR files, but may also contain scripts and config files, and must be installed on every node in the cluster. After installation, each node must be restarted before the plugin becomes visible.

docs/reference/elasticsearch/configuration-reference/index.md

@@ -4,6 +4,12 @@ navigation_title: "Configuration"
 
 # Elasticsearch configuration reference
 
+:::{note}
+This section provides detailed **reference information** for Elasticsearch configuration.
+
+Refer to [Elasticsearch configuration](docs-content://deploy-manage/deploy/cloud-on-k8s/elasticsearch-configuration.md) in the **Deploy and manage** section for overview, getting started and conceptual information.
+:::
+
 Configuration settings enable you to customize the behavior of Elasticsearch features.
 This reference provides details about each setting, such as its purpose, default behavior, and availability in Elastic Cloud environments.
 

docs/reference/elasticsearch/elasticsearch-audit-events.md

@@ -10,6 +10,12 @@ applies_to:
 
 # Elasticsearch audit events [elasticsearch-audit-events]
 
+:::{note}
+This section provides detailed **reference information** for Elasticsearch audit events.
+
+Refer to [Security event audit logging](docs-content://deploy-manage/security/logging-configuration/security-event-audit-logging.md) in the **Deploy and manage** section for overview, getting started and conceptual information about audit logging.
+:::
+
 When you are [auditing security events](docs-content://deploy-manage/monitor/logging-configuration/enabling-audit-logs.md), a single client request might generate multiple audit events, across multiple cluster nodes. The common `request.id` attribute can be used to correlate the associated events.
 
 This document provides a reference for all types of audit events and their associated [attributes](#audit-event-attributes) in {{es}}. Use [audit event settings](./configuration-reference/auding-settings.md) options to control what gets logged.

docs/reference/elasticsearch/index-lifecycle-actions/index.md

@@ -5,6 +5,12 @@ mapped_pages:
 
 # Index lifecycle actions [ilm-actions]
 
+:::{note}
+This section provides detailed **reference information** for Index lifecycle actions.
+
+Refer to [Index lifecycle management](docs-content://manage-data/lifecycle/index-lifecycle-management.md) in the **Manage data** section for overview, getting started and conceptual information.
+:::
+
 [Allocate](/reference/elasticsearch/index-lifecycle-actions/ilm-allocate.md)
 :   Move shards to nodes with different performance characteristics and reduce the number of replicas.
 

docs/reference/elasticsearch/mapping-reference/index.md

@@ -3,6 +3,12 @@ navigation_title: "Mapping"
 ---
 # Mapping reference
 
+:::{note}
+This section provides detailed **reference information** for mapping.
+
+Refer to [Mapping](docs-content://manage-data/data-store/mapping.md) in the **Manage data** section for overview, getting started and conceptual information.
+:::
+
 Mappings are defined dynamically or explicitly for each document in Elasticsearch.
 This section contains explanations for the following mapping components:
 

docs/reference/elasticsearch/roles.md

@@ -5,6 +5,12 @@ mapped_pages:
 
 # Roles [built-in-roles]
 
+:::{note}
+This section provides detailed **reference information** for Elasticsearch privileges.
+
+Refer to [User roles](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/user-roles.md) in the **Deploy and manage** section for overview, getting started and conceptual information.
+:::
+
 The {{stack-security-features}} apply a default role to all users, including [anonymous users](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/anonymous-access.md). The default role enables users to access the authenticate endpoint, change their own passwords, and get information about themselves.
 
 There is also a set of built-in roles you can explicitly assign to users. These roles have a fixed set of privileges and cannot be updated.

docs/reference/elasticsearch/security-privileges.md

@@ -5,6 +5,12 @@ mapped_pages:
 
 # Elasticsearch privileges [security-privileges]
 
+:::{note}
+This section provides detailed **reference information** for Elasticsearch privileges.
+
+Refer to [User roles](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/user-roles.md) in the **Deploy and manage** section for more information on how role-based access control works.
+:::
+
 This section lists the privileges that you can assign to a role.
 
 ## Cluster privileges [privileges-list-cluster]

docs/reference/ingestion-tools/enrich-processor/index.md

@@ -6,6 +6,11 @@ mapped_pages:
 
 # Ingest processor reference [processors]
 
+:::{note}
+This section provides detailed **reference information** for ingest processors.
+
+Refer to [Transform and enrich data](docs-content://manage-data/ingest/transform-enrich.md) in the **Manage data** section for overview and conceptual information.
+:::
 
 An [ingest pipeline](docs-content://manage-data/ingest/transform-enrich/ingest-pipelines.md) is made up of a sequence of processors that are applied to documents as they are ingested into an index. Each processor performs a specific task, such as filtering, transforming, or enriching data.
 

docs/reference/query-languages/index.md

@@ -5,6 +5,12 @@ applies_to:
 ---
 # Query languages
 
+:::{note}
+This section provides detailed **reference information** for query languages.
+
+Refer to [Query Languages](docs-content://explore-analyze/query-filter/languages.md) in the **Explore and analyze** section for overview, getting started and conceptual information.
+:::
+
 This section contains reference information for Elastic query languages.
 
 * [Query DSL](querydsl.md)

libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap.java

@@ -14,6 +14,7 @@
 import com.sun.tools.attach.AttachNotSupportedException;
 import com.sun.tools.attach.VirtualMachine;
 
+import org.elasticsearch.core.Nullable;
 import org.elasticsearch.core.SuppressForbidden;
 import org.elasticsearch.entitlement.initialization.EntitlementInitialization;
 import org.elasticsearch.entitlement.runtime.policy.Policy;
@@ -33,6 +34,7 @@
 public class EntitlementBootstrap {
 
     public record BootstrapArgs(
+        @Nullable Policy serverPolicyPatch,
         Map<String, Policy> pluginPolicies,
         Function<Class<?>, String> pluginResolver,
         Function<String, Stream<String>> settingResolver,
@@ -78,6 +80,7 @@ public static BootstrapArgs bootstrapArgs() {
      * Activates entitlement checking. Once this method returns, calls to methods protected by Entitlements from classes without a valid
      * policy will throw {@link org.elasticsearch.entitlement.runtime.api.NotEntitledException}.
      *
+     * @param serverPolicyPatch a policy with additional entitlements to patch the embedded server layer policy
      * @param pluginPolicies a map holding policies for plugins (and modules), by plugin (or module) name.
      * @param pluginResolver a functor to map a Java Class to the plugin it belongs to (the plugin name).
      * @param settingResolver a functor to resolve a setting name pattern for one or more Elasticsearch settings.
@@ -94,6 +97,7 @@ public static BootstrapArgs bootstrapArgs() {
      * @param suppressFailureLogClasses   classes for which we do not need or want to log Entitlements failures
      */
     public static void bootstrap(
+        Policy serverPolicyPatch,
         Map<String, Policy> pluginPolicies,
         Function<Class<?>, String> pluginResolver,
         Function<String, Stream<String>> settingResolver,
@@ -114,6 +118,7 @@ public static void bootstrap(
             throw new IllegalStateException("plugin data is already set");
         }
         EntitlementBootstrap.bootstrapArgs = new BootstrapArgs(
+            serverPolicyPatch,
             pluginPolicies,
             pluginResolver,
             settingResolver,