add migrated files

Author: colleenmcginnis

docs/docset.yml

@@ -0,0 +1,51 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/elasticsearch/client/java-api-client/current/_basic_authentication.html
+---
+
+# Basic authentication [_basic_authentication]
+
+Configuring basic authentication can be done by providing an `HttpClientConfigCallback` while building the `RestClient` through its builder. The interface has one method that receives an instance of [`org.apache.http.impl.nio.client.HttpAsyncClientBuilder`](https://hc.apache.org/httpcomponents-asyncclient-4.1.x/current/httpasyncclient/apidocs/org/apache/http/impl/nio/client/HttpAsyncClientBuilder.md) as an argument and has the same return type. The http client builder can be modified and then returned. In the following example we set a default credentials provider that requires basic authentication.
+
+```java
+final CredentialsProvider credentialsProvider =
+    new BasicCredentialsProvider();
+credentialsProvider.setCredentials(AuthScope.ANY,
+    new UsernamePasswordCredentials("user", "test-user-password"));
+
+RestClientBuilder builder = RestClient.builder(
+    new HttpHost("localhost", 9200))
+    .setHttpClientConfigCallback(new HttpClientConfigCallback() {
+        @Override
+        public HttpAsyncClientBuilder customizeHttpClient(
+                HttpAsyncClientBuilder httpClientBuilder) {
+            return httpClientBuilder
+                .setDefaultCredentialsProvider(credentialsProvider);
+        }
+    });
+```
+
+Preemptive Authentication can be disabled, which means that every request will be sent without authorization headers to see if it is accepted and, upon receiving an HTTP 401 response, it will resend the exact same request with the basic authentication header. If you wish to do this, then you can do so by disabling it via the `HttpAsyncClientBuilder`:
+
+```java
+final CredentialsProvider credentialsProvider =
+    new BasicCredentialsProvider();
+credentialsProvider.setCredentials(AuthScope.ANY,
+    new UsernamePasswordCredentials("user", "test-user-password"));
+
+RestClientBuilder builder = RestClient.builder(
+    new HttpHost("localhost", 9200))
+    .setHttpClientConfigCallback(new HttpClientConfigCallback() {
+        @Override
+        public HttpAsyncClientBuilder customizeHttpClient(
+                HttpAsyncClientBuilder httpClientBuilder) {
+            httpClientBuilder.disableAuthCaching(); <1>
+            return httpClientBuilder
+                .setDefaultCredentialsProvider(credentialsProvider);
+        }
+    });
+```
+
+1. Disable preemptive authentication
+
+

docs/images/create-api-key.png

@@ -0,0 +1,95 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/elasticsearch/client/java-api-client/current/_encrypted_communication.html
+---
+
+# Encrypted communication [_encrypted_communication]
+
+Encrypted communication using TLS can also be configured through the `HttpClientConfigCallback`. The [`org.apache.http.impl.nio.client.HttpAsyncClientBuilder`](https://hc.apache.org/httpcomponents-asyncclient-4.1.x/current/httpasyncclient/apidocs/org/apache/http/impl/nio/client/HttpAsyncClientBuilder.md) received as an argument exposes multiple methods to configure encrypted communication: `setSSLContext`, `setSSLSessionStrategy` and `setConnectionManager`, in order of precedence from the least important.
+
+When accessing an Elasticsearch cluster that is setup for TLS on the HTTP layer, the client needs to trust the certificate that Elasticsearch is using. The following is an example of setting up the client to trust the CA that has signed the certificate that Elasticsearch is using, when that CA certificate is available in a PKCS#12 keystore:
+
+```java
+Path trustStorePath = Paths.get("/path/to/truststore.p12");
+KeyStore truststore = KeyStore.getInstance("pkcs12");
+try (InputStream is = Files.newInputStream(trustStorePath)) {
+    truststore.load(is, keyStorePass.toCharArray());
+}
+SSLContextBuilder sslBuilder = SSLContexts.custom()
+    .loadTrustMaterial(truststore, null);
+final SSLContext sslContext = sslBuilder.build();
+RestClientBuilder builder = RestClient.builder(
+    new HttpHost("localhost", 9200, "https"))
+    .setHttpClientConfigCallback(new HttpClientConfigCallback() {
+        @Override
+        public HttpAsyncClientBuilder customizeHttpClient(
+                HttpAsyncClientBuilder httpClientBuilder) {
+            return httpClientBuilder.setSSLContext(sslContext);
+        }
+    });
+```
+
+The following is an example of setting up the client to trust the CA that has signed the certificate that Elasticsearch is using, when that CA certificate is available as a PEM encoded file.
+
+```java
+Path caCertificatePath = Paths.get("/path/to/ca.crt");
+CertificateFactory factory =
+    CertificateFactory.getInstance("X.509");
+Certificate trustedCa;
+try (InputStream is = Files.newInputStream(caCertificatePath)) {
+    trustedCa = factory.generateCertificate(is);
+}
+KeyStore trustStore = KeyStore.getInstance("pkcs12");
+trustStore.load(null, null);
+trustStore.setCertificateEntry("ca", trustedCa);
+SSLContextBuilder sslContextBuilder = SSLContexts.custom()
+    .loadTrustMaterial(trustStore, null);
+final SSLContext sslContext = sslContextBuilder.build();
+RestClient.builder(
+    new HttpHost("localhost", 9200, "https"))
+    .setHttpClientConfigCallback(new HttpClientConfigCallback() {
+        @Override
+        public HttpAsyncClientBuilder customizeHttpClient(
+            HttpAsyncClientBuilder httpClientBuilder) {
+            return httpClientBuilder.setSSLContext(sslContext);
+        }
+    });
+```
+
+When Elasticsearch is configured to require client TLS authentication, for example when a PKI realm is configured, the client needs to provide a client certificate during the TLS handshake in order to authenticate. The following is an example of setting up the client for TLS authentication with a certificate and a private key that are stored in a PKCS#12 keystore.
+
+```java
+Path trustStorePath = Paths.get("/path/to/your/truststore.p12");
+Path keyStorePath = Paths.get("/path/to/your/keystore.p12");
+KeyStore trustStore = KeyStore.getInstance("pkcs12");
+KeyStore keyStore = KeyStore.getInstance("pkcs12");
+try (InputStream is = Files.newInputStream(trustStorePath)) {
+    trustStore.load(is, trustStorePass.toCharArray());
+}
+try (InputStream is = Files.newInputStream(keyStorePath)) {
+    keyStore.load(is, keyStorePass.toCharArray());
+}
+SSLContextBuilder sslBuilder = SSLContexts.custom()
+    .loadTrustMaterial(trustStore, null)
+    .loadKeyMaterial(keyStore, keyStorePass.toCharArray());
+final SSLContext sslContext = sslBuilder.build();
+RestClientBuilder builder = RestClient.builder(
+    new HttpHost("localhost", 9200, "https"))
+    .setHttpClientConfigCallback(new HttpClientConfigCallback() {
+        @Override
+        public HttpAsyncClientBuilder customizeHttpClient(
+            HttpAsyncClientBuilder httpClientBuilder) {
+            return httpClientBuilder.setSSLContext(sslContext);
+        }
+    });
+```
+
+If the client certificate and key are not available in a keystore but rather as PEM encoded files, you cannot use them directly to build an SSLContext. You must rely on external libraries to parse the PEM key into a PrivateKey instance. Alternatively, you can use external tools to build a keystore from your PEM files, as shown in the following example:
+
+```
+openssl pkcs12 -export -in client.crt -inkey private_key.pem \
+        -name "client" -out client.p12
+```
+
+If no explicit configuration is provided, the [system default configuration](https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.md#CustomizingStores) will be used.
+

docs/images/es-endpoint.jpg

@@ -0,0 +1,16 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/elasticsearch/client/java-api-client/current/_license.html
+---
+
+# License [_license]
+
+Copyright 2013-2019 Elasticsearch
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
+
+```
+http://www.apache.org/licenses/LICENSE-2.0
+```
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+

docs/images/otel-waterfall-instrumented-without-http.jpg

@@ -0,0 +1,35 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/elasticsearch/client/java-api-client/current/_maven_repository.html
+---
+
+# Maven Repository [_maven_repository]
+
+The REST client sniffer is subject to the same release cycle as Elasticsearch. Replace the version with the desired sniffer version, first released with `5.0.0-alpha4`. There is no relation between the sniffer version and the Elasticsearch version that the client can communicate with. Sniffer supports fetching the nodes list from Elasticsearch 2.x and onwards.
+
+If you are looking for a SNAPSHOT version, the Elastic Maven Snapshot repository is available at [https://snapshots.elastic.co/maven/](https://snapshots.elastic.co/maven/).
+
+## Maven configuration [_maven_configuration]
+
+Here is how you can configure the dependency using maven as a dependency manager. Add the following to your `pom.xml` file:
+
+```xml
+<dependency>
+    <groupId>org.elasticsearch.client</groupId>
+    <artifactId>elasticsearch-rest-client-sniffer</artifactId>
+    <version>9.0.0-beta1</version>
+</dependency>
+```
+
+
+## Gradle configuration [_gradle_configuration]
+
+Here is how you can configure the dependency using gradle as a dependency manager. Add the following to your `build.gradle` file:
+
+```groovy
+dependencies {
+    compile 'org.elasticsearch.client:elasticsearch-rest-client-sniffer:9.0.0-beta1'
+}
+```
+
+

docs/images/otel-waterfall-instrumented.jpg

@@ -0,0 +1,50 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/elasticsearch/client/java-api-client/current/_node_selector.html
+---
+
+# Node selector [_node_selector]
+
+The client sends each request to one of the configured nodes in round-robin fashion. Nodes can optionally be filtered through a node selector that needs to be provided when initializing the client. This is useful when sniffing is enabled, in case no dedicated master nodes should be hit by HTTP requests. For each request the client will run the eventually configured node selector to filter the node candidates, then select the next one in the list out of the remaining ones.
+
+```java
+RestClientBuilder builder = RestClient.builder(
+        new HttpHost("localhost", 9200, "http"));
+builder.setNodeSelector(new NodeSelector() { <1>
+    @Override
+    public void select(Iterable<Node> nodes) {
+        /*
+         * Prefer any node that belongs to rack_one. If none is around
+         * we will go to another rack till it's time to try and revive
+         * some of the nodes that belong to rack_one.
+         */
+        boolean foundOne = false;
+        for (Node node : nodes) {
+            String rackId = node.getAttributes().get("rack_id").get(0);
+            if ("rack_one".equals(rackId)) {
+                foundOne = true;
+                break;
+            }
+        }
+        if (foundOne) {
+            Iterator<Node> nodesIt = nodes.iterator();
+            while (nodesIt.hasNext()) {
+                Node node = nodesIt.next();
+                String rackId = node.getAttributes().get("rack_id").get(0);
+                if ("rack_one".equals(rackId) == false) {
+                    nodesIt.remove();
+                }
+            }
+        }
+    }
+});
+```
+
+1. Set an allocation aware node selector that allows to pick a node in the local rack if any available, otherwise go to any other node in any rack. It acts as a preference rather than a strict requirement, given that it goes to another rack if none of the local nodes are available, rather than returning no nodes in such case which would make the client forcibly revive a local node whenever none of the nodes from the preferred rack is available.
+
+
+::::{warning}
+Node selectors that do not consistently select the same set of nodes will make round-robin behaviour unpredictable and possibly unfair. The preference example above is fine as it reasons about availability of nodes which already affects the predictability of round-robin. Node selection should not depend on other external factors or round-robin will not work properly.
+::::
+
+

docs/images/otel-waterfall-retries.jpg

@@ -0,0 +1,24 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/elasticsearch/client/java-api-client/current/_number_of_threads.html
+---
+
+# Number of threads [_number_of_threads]
+
+The Apache Http Async Client starts by default one dispatcher thread, and a number of worker threads used by the connection manager, as many as the number of locally detected processors (depending on what `Runtime.getRuntime().availableProcessors()` returns). The number of threads can be modified as follows:
+
+```java
+RestClientBuilder builder = RestClient.builder(
+    new HttpHost("localhost", 9200))
+    .setHttpClientConfigCallback(new HttpClientConfigCallback() {
+        @Override
+        public HttpAsyncClientBuilder customizeHttpClient(
+                HttpAsyncClientBuilder httpClientBuilder) {
+            return httpClientBuilder.setDefaultIOReactorConfig(
+                IOReactorConfig.custom()
+                    .setIoThreadCount(1)
+                    .build());
+        }
+    });
+```
+

docs/reference/_basic_authentication.md

@@ -0,0 +1,41 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/elasticsearch/client/java-api-client/current/_other_authentication_methods.html
+---
+
+# Other authentication methods [_other_authentication_methods]
+
+## Elasticsearch Token Service tokens [_elasticsearch_token_service_tokens]
+
+If you want the client to authenticate with an Elasticsearch access token, set the relevant HTTP request header. If the client makes requests on behalf of a single user only, you can set the necessary `Authorization` header as a default header as shown in the following example:
+
+```java
+RestClientBuilder builder = RestClient.builder(
+    new HttpHost("localhost", 9200, "http"));
+Header[] defaultHeaders =
+    new Header[]{new BasicHeader("Authorization",
+        "Bearer u6iuAxZ0RG1Kcm5jVFI4eU4tZU9aVFEwT2F3")};
+builder.setDefaultHeaders(defaultHeaders);
+```
+
+
+## Elasticsearch API keys [_elasticsearch_api_keys]
+
+If you want the client to authenticate with an Elasticsearch API key, set the relevant HTTP request header. If the client makes requests on behalf of a single user only, you can set the necessary `Authorization` header as a default header as shown in the following example:
+
+```java
+String apiKeyId = "uqlEyn8B_gQ_jlvwDIvM";
+String apiKeySecret = "HxHWk2m4RN-V_qg9cDpuX";
+String apiKeyAuth =
+    Base64.getEncoder().encodeToString(
+        (apiKeyId + ":" + apiKeySecret)
+            .getBytes(StandardCharsets.UTF_8));
+RestClientBuilder builder = RestClient.builder(
+    new HttpHost("localhost", 9200, "http"));
+Header[] defaultHeaders =
+    new Header[]{new BasicHeader("Authorization",
+        "ApiKey " + apiKeyAuth)};
+builder.setDefaultHeaders(defaultHeaders);
+```
+
+

docs/reference/_encrypted_communication.md

@@ -0,0 +1,14 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/elasticsearch/client/java-api-client/current/_others.html
+---
+
+# Others [_others]
+
+For any other required configuration needed, the Apache HttpAsyncClient docs should be consulted: [https://hc.apache.org/httpcomponents-asyncclient-4.1.x/](https://hc.apache.org/httpcomponents-asyncclient-4.1.x/) .
+
+::::{note}
+If your application runs under the security manager you might be subject to the JVM default policies of caching positive hostname resolutions indefinitely and negative hostname resolutions for ten seconds. If the resolved addresses of the hosts to which you are connecting the client to vary with time then you might want to modify the default JVM behavior. These can be modified by adding [`networkaddress.cache.ttl=<timeout>`](https://docs.oracle.com/javase/8/docs/technotes/guides/net/properties.md) and [`networkaddress.cache.negative.ttl=<timeout>`](https://docs.oracle.com/javase/8/docs/technotes/guides/net/properties.md) to your [Java security policy](https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.md).
+::::
+
+

docs/reference/_license.md

@@ -0,0 +1,36 @@
+---
+mapped_pages:
+  - https://www.elastic.co/guide/en/elasticsearch/client/java-api-client/current/_timeouts.html
+---
+
+# Timeouts [_timeouts]
+
+Configuring requests timeouts can be done by providing an instance of `RequestConfigCallback` while building the `RestClient` through its builder. The interface has one method that receives an instance of [`org.apache.http.client.config.RequestConfig.Builder`](https://hc.apache.org/httpcomponents-client-4.5.x/current/httpclient/apidocs/org/apache/http/client/config/RequestConfig.Builder.md) as an argument and has the same return type. The request config builder can be modified and then returned. In the following example we increase the connect timeout (defaults to 1 second) and the socket timeout (defaults to 30 seconds).
+
+```java
+RestClientBuilder builder = RestClient.builder(
+    new HttpHost("localhost", 9200))
+    .setRequestConfigCallback(
+        new RestClientBuilder.RequestConfigCallback() {
+            @Override
+            public RequestConfig.Builder customizeRequestConfig(
+                    RequestConfig.Builder requestConfigBuilder) {
+                return requestConfigBuilder
+                    .setConnectTimeout(5000)
+                    .setSocketTimeout(60000);
+            }
+        });
+```
+
+Timeouts also can be set per request with RequestOptions, which overrides RestClient customizeRequestConfig.
+
+```java
+RequestConfig requestConfig = RequestConfig.custom()
+    .setConnectTimeout(5000)
+    .setSocketTimeout(60000)
+    .build();
+RequestOptions options = RequestOptions.DEFAULT.toBuilder()
+    .setRequestConfig(requestConfig)
+    .build();
+```
+