Description
We have not so long ago introduced a setting that allows users to disable expensive queries, which makes Elasticsearch reject some type of queries that are known to be potentially slow, like scripted queries (or based on runtime fields), wildcard queries, regex queries etc.
While we have recently added new potentially slow queries to this existing mechanism, like doc_value only queries, the setting does not cover all ways to run slow queries and may give users a false sense of security.
Additionally, we've been adding more and more ways to run slow queries, Elasticsearch is able to support them much better than it did in the past, thanks to the Async Search API. We've observed that our Solutions rely on expensive queries for core functionalities, and their UI may not even load when users disable the ability to run expensive queries, which makes the setting problematic and mush less useful.
Given that we got requests to make the setting configurable per role (#53607), we should discuss if this is a reliable mechanism that we want to build on top of, or consider other options. Some thoughts to get the discussion started:
- Is it a reasonable expectation for our Solutions to not rely on expensive queries?
- Should Solutions instead have a preemptive check that expensive queries are allowed, otherwise give a clear error message or expose degraded functionalities?
- Should Elasticsearch document that Solutions may rely on expensive queries, hence disallowing them may prevent Solutions from working at all?
- Should Solutions have some kind of mechanism that prevents users from disabling running expensive queries as they rely on them?
- How is the setting used in the wild and is it reliable in those scenarios?
- Is disallowing expensive queries to be considered a security feature?
- Do we have other options when it comes to supporting slow queries, is there still a need to disable them entirely?