diff --git a/elasticsearch/license/base/build.gradle b/elasticsearch/license/base/build.gradle index 6263d20cd4e..c76fb7c7579 100644 --- a/elasticsearch/license/base/build.gradle +++ b/elasticsearch/license/base/build.gradle @@ -5,6 +5,8 @@ dependencies { testCompile "org.elasticsearch.test:framework:${version}" } +compactProfile = 'full' + dependencyLicenses.enabled = false jar { diff --git a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/CryptUtils.java b/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/CryptUtils.java index 2cf0e4330de..6940d121402 100644 --- a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/CryptUtils.java +++ b/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/CryptUtils.java @@ -6,8 +6,6 @@ package org.elasticsearch.license.core; -import org.elasticsearch.common.Base64; - import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; @@ -27,6 +25,7 @@ import java.security.SecureRandom; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; +import java.util.Base64; public class CryptUtils { private static final int minimumPadding = 20; @@ -251,6 +250,6 @@ public class CryptUtils { private static char[] hashPassPhrase(String passPhrase) throws NoSuchAlgorithmException { final byte[] passBytes = passPhrase.getBytes(StandardCharsets.UTF_8); final byte[] digest = MessageDigest.getInstance(passHashAlgorithm).digest(passBytes); - return new String(Base64.encodeBytesToBytes(digest), StandardCharsets.UTF_8).toCharArray(); + return Base64.getEncoder().encodeToString(digest).toCharArray(); } } diff --git a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/License.java b/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/License.java index 6e9e9fd4816..9acb3a6f4ee 100644 --- a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/License.java +++ b/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/License.java @@ -8,7 +8,6 @@ package org.elasticsearch.license.core; import org.apache.lucene.util.CollectionUtil; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchParseException; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; import org.elasticsearch.common.xcontent.ToXContent; @@ -20,6 +19,7 @@ import java.io.IOException; import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; import java.util.ArrayList; +import java.util.Base64; import java.util.Comparator; import java.util.List; import java.util.Locale; @@ -388,7 +388,7 @@ public class License implements ToXContent { } // not a license spec if (builder.signature != null) { - byte[] signatureBytes = Base64.decode(builder.signature); + byte[] signatureBytes = Base64.getDecoder().decode(builder.signature); ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes); int version = byteBuffer.getInt(); // we take the absolute version, because negative versions @@ -415,10 +415,10 @@ public class License implements ToXContent { */ public static boolean isAutoGeneratedLicense(String signature) { try { - byte[] signatureBytes = Base64.decode(signature); + byte[] signatureBytes = Base64.getDecoder().decode(signature); ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes); return byteBuffer.getInt() < 0; - } catch (IOException e) { + } catch (IllegalArgumentException e) { throw new IllegalStateException(e); } } diff --git a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/LicenseVerifier.java b/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/LicenseVerifier.java index 51ace787491..1bef3dc58e7 100644 --- a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/LicenseVerifier.java +++ b/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/LicenseVerifier.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.license.core; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; @@ -18,6 +17,7 @@ import java.security.NoSuchAlgorithmException; import java.security.Signature; import java.security.SignatureException; import java.util.Arrays; +import java.util.Base64; import java.util.Collections; /** @@ -35,7 +35,7 @@ public class LicenseVerifier { byte[] signedContent = null; byte[] signatureHash = null; try { - byte[] signatureBytes = Base64.decode(license.signature()); + byte[] signatureBytes = Base64.getDecoder().decode(license.signature()); ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes); int version = byteBuffer.getInt(); int magicLen = byteBuffer.getInt(); @@ -53,7 +53,7 @@ public class LicenseVerifier { rsa.initVerify(CryptUtils.readEncryptedPublicKey(encryptedPublicKeyData)); rsa.update(contentBuilder.bytes().toBytes()); return rsa.verify(signedContent) - && Arrays.equals(Base64.encodeBytesToBytes(encryptedPublicKeyData), signatureHash); + && Arrays.equals(Base64.getEncoder().encode(encryptedPublicKeyData), signatureHash); } catch (IOException | NoSuchAlgorithmException | SignatureException | InvalidKeyException e) { throw new IllegalStateException(e); } finally { diff --git a/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java b/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java index c9a99623930..915c9ba86dc 100644 --- a/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java +++ b/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.license.licensor; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; @@ -22,6 +21,7 @@ import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.Signature; import java.security.SignatureException; +import java.util.Base64; import java.util.Collections; /** @@ -63,7 +63,7 @@ public class LicenseSigner { final byte[] magic = new byte[MAGIC_LENGTH]; SecureRandom random = new SecureRandom(); random.nextBytes(magic); - final byte[] hash = Base64.encodeBytesToBytes(Files.readAllBytes(publicKeyPath)); + final byte[] hash = Base64.getEncoder().encode(Files.readAllBytes(publicKeyPath)); assert hash != null; byte[] bytes = new byte[4 + 4 + MAGIC_LENGTH + 4 + hash.length + 4 + signedContent.length]; ByteBuffer byteBuffer = ByteBuffer.wrap(bytes); @@ -76,7 +76,7 @@ public class LicenseSigner { .put(signedContent); return License.builder() - .fromLicenseSpec(licenseSpec, Base64.encodeBytes(bytes)) + .fromLicenseSpec(licenseSpec, Base64.getEncoder().encodeToString(bytes)) .build(); } } diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformIT.java b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformIT.java index 335dea193a9..dc13579070b 100644 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformIT.java +++ b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformIT.java @@ -10,7 +10,6 @@ import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.search.SearchType; import org.elasticsearch.client.Requests; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.bytes.BytesArray; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.io.Streams; @@ -60,6 +59,7 @@ import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.util.ArrayList; +import java.util.Base64; import java.util.Collection; import java.util.HashMap; import java.util.Map; @@ -214,7 +214,7 @@ public class SearchTransformIT extends ESIntegTestCase { assertThat(map.get("query"), instanceOf(String.class)); String queryAsBase64 = (String) map.get("query"); - String decodedQuery = new String(Base64.decode(queryAsBase64), StandardCharsets.UTF_8); + String decodedQuery = new String(Base64.getDecoder().decode(queryAsBase64), StandardCharsets.UTF_8); assertThat(decodedQuery, containsString("_unknown_query_")); } diff --git a/elasticsearch/x-dev-tools/smoke_test_xpack_rc.py b/elasticsearch/x-dev-tools/smoke_test_xpack_rc.py index fd4efcd7e2e..003d3a58c09 100644 --- a/elasticsearch/x-dev-tools/smoke_test_xpack_rc.py +++ b/elasticsearch/x-dev-tools/smoke_test_xpack_rc.py @@ -140,12 +140,12 @@ def smoke_test_release(release, files, expected_hash): # put the supplied license to ensure that system was built with license = read_fully(os.path.join(os.path.dirname(__file__), 'license.json')) - conn.request('PUT', '/_license?acknowledge=true', license, headers=headers) + conn.request('PUT', '/_xpack/license?acknowledge=true', license, headers=headers) res = conn.getresponse() # reading the result, so we can execute the next request on the same connection license_resp = json.loads(res.read().decode('utf-8')) if res.status != 200: - raise RuntimeError('Could not PUT _license, got status %s' % res.status) + raise RuntimeError('Could not PUT _xpack/license, got status %s' % res.status) if license_resp['license_status'] != 'valid': raise RuntimeError('Expected license to be valid, but was %s' % license_resp['license_status']) diff --git a/elasticsearch/x-pack/build.gradle b/elasticsearch/x-pack/build.gradle index a9e223f3f74..5f4431a1399 100644 --- a/elasticsearch/x-pack/build.gradle +++ b/elasticsearch/x-pack/build.gradle @@ -35,6 +35,10 @@ dependencies { compile 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:r239' compile 'com.google.guava:guava:16.0.1' // needed by watcher for the html sanitizer and shield tests for jimfs compile 'com.sun.mail:javax.mail:1.5.3' + // HACK: java 9 removed javax.activation from the default modules, so instead of trying to add modules, which would have + // to be conditionalized for java 8/9, we pull in the classes directly + compile 'javax.activation:activation:1.1' + testCompile 'org.subethamail:subethasmtp:3.1.7' // needed for subethasmtp, has @GuardedBy annotation testCompile 'com.google.code.findbugs:jsr305:3.0.1' @@ -169,6 +173,42 @@ thirdPartyAudit.excludes = [ 'com.google.common.cache.Striped64$Cell', 'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator', 'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1', + + // pulled in as external dependency to work on java 9 + 'com.sun.activation.registries.LineTokenizer', + 'com.sun.activation.registries.LogSupport', + 'com.sun.activation.registries.MailcapFile', + 'com.sun.activation.registries.MailcapParseException', + 'com.sun.activation.registries.MailcapTokenizer', + 'com.sun.activation.registries.MimeTypeEntry', + 'com.sun.activation.registries.MimeTypeFile', + 'javax.activation.ActivationDataFlavor', + 'javax.activation.CommandInfo', + 'javax.activation.CommandMap', + 'javax.activation.CommandObject', + 'javax.activation.DataContentHandler', + 'javax.activation.DataContentHandlerFactory', + 'javax.activation.DataHandler$1', + 'javax.activation.DataHandler', + 'javax.activation.DataHandlerDataSource', + 'javax.activation.DataSource', + 'javax.activation.DataSourceDataContentHandler', + 'javax.activation.FileDataSource', + 'javax.activation.FileTypeMap', + 'javax.activation.MailcapCommandMap', + 'javax.activation.MimeType', + 'javax.activation.MimeTypeParameterList', + 'javax.activation.MimeTypeParseException', + 'javax.activation.MimetypesFileTypeMap', + 'javax.activation.ObjectDataContentHandler', + 'javax.activation.SecuritySupport$1', + 'javax.activation.SecuritySupport$2', + 'javax.activation.SecuritySupport$3', + 'javax.activation.SecuritySupport$4', + 'javax.activation.SecuritySupport$5', + 'javax.activation.SecuritySupport', + 'javax.activation.URLDataSource', + 'javax.activation.UnsupportedDataTypeException' ] // someone figure out what the x-plugins logic should be diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesMetaData.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesMetaData.java index 6ac3f8d6acd..de8dc139750 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesMetaData.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesMetaData.java @@ -9,7 +9,6 @@ import org.apache.lucene.util.CollectionUtil; import org.elasticsearch.Version; import org.elasticsearch.cluster.AbstractDiffable; import org.elasticsearch.cluster.metadata.MetaData; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; import org.elasticsearch.common.xcontent.ToXContent; @@ -21,6 +20,7 @@ import org.elasticsearch.license.core.License; import java.io.IOException; import java.util.ArrayList; +import java.util.Base64; import java.util.Collections; import java.util.EnumSet; import java.util.List; @@ -114,7 +114,7 @@ public class LicensesMetaData extends AbstractDiffable implemen while (parser.nextToken() != XContentParser.Token.END_ARRAY) { if (parser.currentToken().isValue()) { // trial license - byte[] data = decrypt(Base64.decode(parser.text())); + byte[] data = decrypt(Base64.getDecoder().decode(parser.text())); try (XContentParser trialLicenseParser = XContentFactory.xContent(XContentType.JSON).createParser(data)) { trialLicenseParser.nextToken(); @@ -186,7 +186,7 @@ public class LicensesMetaData extends AbstractDiffable implemen XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON); license.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap(License.LICENSE_SPEC_VIEW_MODE, "true"))); - streamOutput.writeString(Base64.encodeBytes(encrypt(contentBuilder.bytes().toBytes()))); + streamOutput.writeString(Base64.getEncoder().encodeToString(encrypt(contentBuilder.bytes().toBytes()))); } } else { if (license == LICENSE_TOMBSTONE) { @@ -209,7 +209,7 @@ public class LicensesMetaData extends AbstractDiffable implemen } int numTrialLicenses = streamInput.readVInt(); for (int i = 0; i < numTrialLicenses; i++) { - byte[] data = decrypt(Base64.decode(streamInput.readString())); + byte[] data = decrypt(Base64.getDecoder().decode(streamInput.readString())); try (XContentParser trialLicenseParser = XContentFactory.xContent(XContentType.JSON).createParser(data)) { trialLicenseParser.nextToken(); License pre20TrialLicense = License.fromXContent(trialLicenseParser); diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesService.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesService.java index c7b79bba5c6..4368267727b 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesService.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesService.java @@ -149,7 +149,7 @@ public class LicensesService extends AbstractLifecycleComponent } private void populateExpirationCallbacks() { - expirationCallbacks.add(new ExpirationCallback.Pre(days(7), days(30), days(1)) { + expirationCallbacks.add(new ExpirationCallback.Pre(days(7), days(25), days(1)) { @Override public void on(License license) { String general = LoggerMessageFormat.format(null, "\n" + @@ -174,9 +174,9 @@ public class LicensesService extends AbstractLifecycleComponent } } } - logger.error("{}", builder); + logger.warn("{}", builder); } else { - logger.error("{}", general); + logger.warn("{}", general); } } } @@ -206,9 +206,9 @@ public class LicensesService extends AbstractLifecycleComponent } } } - logger.error("{}", builder.toString()); + logger.warn("{}", builder.toString()); } else { - logger.error("{}", general); + logger.warn("{}", general); } } } @@ -238,9 +238,9 @@ public class LicensesService extends AbstractLifecycleComponent } } } - logger.error("{}", builder.toString()); + logger.warn("{}", builder.toString()); } else { - logger.error("{}", general); + logger.warn("{}", general); } } } diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/TrialLicense.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/TrialLicense.java index d63753e7666..814e220cd7b 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/TrialLicense.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/TrialLicense.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.license.plugin.core; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; @@ -15,6 +14,7 @@ import org.elasticsearch.license.core.License; import java.io.IOException; import java.nio.ByteBuffer; +import java.util.Base64; import java.util.Collections; import static org.elasticsearch.license.core.CryptUtils.decrypt; @@ -39,7 +39,7 @@ public class TrialLicense { byteBuffer.putInt(-License.VERSION_CURRENT) .putInt(encrypt.length) .put(encrypt); - signature = Base64.encodeBytes(bytes); + signature = Base64.getEncoder().encodeToString(bytes); } catch (IOException e) { throw new IllegalStateException(e); } @@ -48,7 +48,7 @@ public class TrialLicense { public static boolean verify(final License license) { try { - byte[] signatureBytes = Base64.decode(license.signature()); + byte[] signatureBytes = Base64.getDecoder().decode(license.signature()); ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes); int version = byteBuffer.getInt(); int contentLen = byteBuffer.getInt(); diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestDeleteLicenseAction.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestDeleteLicenseAction.java index 5bcede84797..c4a891b0a71 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestDeleteLicenseAction.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestDeleteLicenseAction.java @@ -23,7 +23,7 @@ public class RestDeleteLicenseAction extends BaseRestHandler { @Inject public RestDeleteLicenseAction(Settings settings, RestController controller, Client client) { super(settings, client); - controller.registerHandler(DELETE, "/_license", this); + controller.registerHandler(DELETE, "/_xpack/license", this); } @Override diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestGetLicenseAction.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestGetLicenseAction.java index bf8200f30ad..933dbf73be2 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestGetLicenseAction.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestGetLicenseAction.java @@ -34,7 +34,7 @@ public class RestGetLicenseAction extends BaseRestHandler { @Inject public RestGetLicenseAction(Settings settings, RestController controller, Client client) { super(settings, client); - controller.registerHandler(GET, "/_license", this); + controller.registerHandler(GET, "/_xpack/license", this); } /** diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestPutLicenseAction.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestPutLicenseAction.java index a7953e35b7d..d6374654266 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestPutLicenseAction.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestPutLicenseAction.java @@ -30,8 +30,8 @@ public class RestPutLicenseAction extends BaseRestHandler { @Inject public RestPutLicenseAction(Settings settings, RestController controller, Client client) { super(settings, client); - controller.registerHandler(PUT, "/_license", this); - controller.registerHandler(POST, "/_license", this); + controller.registerHandler(PUT, "/_xpack/license", this); + controller.registerHandler(POST, "/_xpack/license", this); } @Override diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/TrialLicenseTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/TrialLicenseTests.java index 716c33b1b59..d520ae0e3d7 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/TrialLicenseTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/TrialLicenseTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.license.plugin; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -17,6 +16,7 @@ import org.elasticsearch.test.ESTestCase; import java.io.IOException; import java.nio.ByteBuffer; +import java.util.Base64; import java.util.Collections; import java.util.UUID; @@ -102,7 +102,7 @@ public class TrialLicenseTests extends ESTestCase { byteBuffer.putInt(-spec.version()) .putInt(encrypt.length) .put(encrypt); - signature = Base64.encodeBytes(bytes); + signature = Base64.getEncoder().encodeToString(bytes); } catch (IOException e) { throw new IllegalStateException(e); } diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesMetaDataSerializationTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesMetaDataSerializationTests.java index cb02eda63c2..5ca36015575 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesMetaDataSerializationTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesMetaDataSerializationTests.java @@ -9,7 +9,6 @@ import org.elasticsearch.Version; import org.elasticsearch.cluster.metadata.MetaData; import org.elasticsearch.cluster.metadata.RepositoriesMetaData; import org.elasticsearch.cluster.metadata.RepositoryMetaData; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.io.stream.ByteBufferStreamInput; import org.elasticsearch.common.io.stream.BytesStreamOutput; import org.elasticsearch.common.settings.Settings; @@ -26,6 +25,7 @@ import org.elasticsearch.license.plugin.TestUtils; import org.elasticsearch.test.ESTestCase; import java.nio.ByteBuffer; +import java.util.Base64; import java.util.Collections; import java.util.UUID; @@ -113,7 +113,7 @@ public class LicensesMetaDataSerializationTests extends ESTestCase { builder.startArray("trial_licenses"); XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON); trialLicense.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap(License.LICENSE_SPEC_VIEW_MODE, "true"))); - builder.value(Base64.encodeBytes(encrypt(contentBuilder.bytes().toBytes()))); + builder.value(Base64.getEncoder().encodeToString(encrypt(contentBuilder.bytes().toBytes()))); builder.endArray(); builder.startArray("signed_licenses"); builder.endArray(); @@ -143,7 +143,7 @@ public class LicensesMetaDataSerializationTests extends ESTestCase { builder.startArray("trial_licenses"); contentBuilder = XContentFactory.contentBuilder(XContentType.JSON); trialLicense.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap(License.LICENSE_SPEC_VIEW_MODE, "true"))); - builder.value(Base64.encodeBytes(encrypt(contentBuilder.bytes().toBytes()))); + builder.value(Base64.getEncoder().encodeToString(encrypt(contentBuilder.bytes().toBytes()))); builder.endArray(); builder.startArray("signed_licenses"); signedLicense.toXContent(builder, ToXContent.EMPTY_PARAMS); @@ -162,7 +162,7 @@ public class LicensesMetaDataSerializationTests extends ESTestCase { builder.startArray("trial_licenses"); contentBuilder = XContentFactory.contentBuilder(XContentType.JSON); trialLicense.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap(License.LICENSE_SPEC_VIEW_MODE, "true"))); - builder.value(Base64.encodeBytes(encrypt(contentBuilder.bytes().toBytes()))); + builder.value(Base64.getEncoder().encodeToString(encrypt(contentBuilder.bytes().toBytes()))); builder.endArray(); builder.startArray("signed_licenses"); signedLicense.toXContent(builder, ToXContent.EMPTY_PARAMS); @@ -190,7 +190,7 @@ public class LicensesMetaDataSerializationTests extends ESTestCase { output.writeVInt(1); XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON); trialLicense.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap(License.LICENSE_SPEC_VIEW_MODE, "true"))); - output.writeString(Base64.encodeBytes(encrypt(contentBuilder.bytes().toBytes()))); + output.writeString(Base64.getEncoder().encodeToString(encrypt(contentBuilder.bytes().toBytes()))); byte[] bytes = output.bytes().toBytes(); ByteBufferStreamInput input = new ByteBufferStreamInput(ByteBuffer.wrap(bytes)); diff --git a/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.delete.json b/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.delete.json index 903a0ed361d..f30f75fc478 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.delete.json +++ b/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.delete.json @@ -3,8 +3,8 @@ "documentation": "https://www.elastic.co/guide/en/shield/current/license-management.html", "methods": ["DELETE"], "url": { - "path": "/_license", - "paths": ["/_license"], + "path": "/_xpack/license", + "paths": ["/_xpack/license"], "parts" : {} }, "body": null diff --git a/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.get.json b/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.get.json index ad01451d51a..88d6d6b2d77 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.get.json +++ b/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.get.json @@ -3,8 +3,8 @@ "documentation": "https://www.elastic.co/guide/en/shield/current/license-management.html", "methods": ["GET"], "url": { - "path": "/_license", - "paths": ["/_license"], + "path": "/_xpack/license", + "paths": ["/_xpack/license"], "parts" : { }, "params": { diff --git a/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.post.json b/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.post.json index d7aa3dbc56f..3596a0b547b 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.post.json +++ b/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.post.json @@ -3,8 +3,8 @@ "documentation": "https://www.elastic.co/guide/en/shield/current/license-management.html", "methods": ["PUT", "POST"], "url": { - "path": "/_license", - "paths": ["/_license"], + "path": "/_xpack/license", + "paths": ["/_xpack/license"], "parts" : { }, "params": { diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java index 5137b1a867f..cbbb1a097d2 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java @@ -9,7 +9,6 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.SpecialPermission; import org.elasticsearch.Version; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; import org.elasticsearch.common.inject.Inject; @@ -53,6 +52,7 @@ import java.security.AccessController; import java.security.KeyStore; import java.security.PrivilegedAction; import java.util.ArrayList; +import java.util.Base64; import java.util.Collection; import java.util.Map; import java.util.stream.Collectors; @@ -683,7 +683,7 @@ public class HttpExporter extends Exporter { void apply(HttpURLConnection connection) throws UnsupportedEncodingException { String userInfo = username + ":" + (password != null ? new String(password) : ""); - String basicAuth = "Basic " + Base64.encodeBytes(userInfo.getBytes("ISO-8859-1")); + String basicAuth = "Basic " + Base64.getEncoder().encodeToString(userInfo.getBytes("ISO-8859-1")); connection.setRequestProperty("Authorization", basicAuth); } } diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/AbstractCollectorTestCase.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/AbstractCollectorTestCase.java index c9d20457c6b..ff72a714fc7 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/AbstractCollectorTestCase.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/AbstractCollectorTestCase.java @@ -161,7 +161,7 @@ public abstract class AbstractCollectorTestCase extends MarvelIntegTestCase { public void run() { for (String nodeId : internalCluster().getNodeNames()) { try { - assertTrue(waitForNoBlocksOnNode(nodeId)); + waitForNoBlocksOnNode(nodeId); } catch (Exception e) { fail("failed to wait for no blocks on node [" + nodeId + "]: " + e.getMessage()); } @@ -170,13 +170,12 @@ public abstract class AbstractCollectorTestCase extends MarvelIntegTestCase { }); } - public boolean waitForNoBlocksOnNode(final String nodeId) throws Exception { - return assertBusy(() -> { + public void waitForNoBlocksOnNode(final String nodeId) throws Exception { + assertBusy(() -> { ClusterBlocks clusterBlocks = client(nodeId).admin().cluster().prepareState().setLocal(true).execute().actionGet().getState().blocks(); assertTrue(clusterBlocks.global().isEmpty()); assertTrue(clusterBlocks.indices().values().isEmpty()); - return true; }, 30L, TimeUnit.SECONDS); } diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/AbstractExporterTemplateTestCase.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/AbstractExporterTemplateTestCase.java index 2986a0f28e3..3cbf9fbbfc9 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/AbstractExporterTemplateTestCase.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/AbstractExporterTemplateTestCase.java @@ -121,7 +121,8 @@ public abstract class AbstractExporterTemplateTestCase extends MarvelIntegTestCa assertNotNull(exporters); // Wait for exporting bulks to be ready to export - assertBusy(() -> assertThat(exporters.openBulk(), notNullValue())); + Runnable busy = () -> assertThat(exporters.openBulk(), notNullValue()); + assertBusy(busy); exporters.export(collector.collect()); } diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporterTemplateTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporterTemplateTests.java index c9dd36c7716..dae09e0131f 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporterTemplateTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporterTemplateTests.java @@ -93,7 +93,8 @@ public class HttpExporterTemplateTests extends AbstractExporterTemplateTestCase @Override protected void awaitIndexExists(String index) throws Exception { - assertBusy(() -> assertThat("could not find index " + index, dispatcher.hasIndex(index), is(true)), 10, TimeUnit.SECONDS); + Runnable busy = () -> assertThat("could not find index " + index, dispatcher.hasIndex(index), is(true)); + assertBusy(busy, 10, TimeUnit.SECONDS); } class MockServerDispatcher extends Dispatcher { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java index 5dafd0a585e..343b08d50c4 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java @@ -7,7 +7,6 @@ package org.elasticsearch.shield.authc; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.Version; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.Strings; import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.inject.Inject; @@ -29,6 +28,7 @@ import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportMessage; import java.io.IOException; +import java.util.Base64; import static org.elasticsearch.shield.Security.setting; import static org.elasticsearch.shield.support.Exceptions.authenticationError; @@ -157,7 +157,7 @@ public class InternalAuthenticationService extends AbstractComponent implements static User decodeUser(String text) { try { - byte[] bytes = Base64.decode(text); + byte[] bytes = Base64.getDecoder().decode(text); StreamInput input = StreamInput.wrap(bytes); Version version = Version.readVersion(input); input.setVersion(version); @@ -173,7 +173,7 @@ public class InternalAuthenticationService extends AbstractComponent implements Version.writeVersion(Version.CURRENT, output); User.writeTo(user, output); byte[] bytes = output.bytes().toBytes(); - return Base64.encodeBytes(bytes); + return Base64.getEncoder().encodeToString(bytes); } catch (IOException ioe) { if (logger != null) { logger.error("could not encode authenticated user in message header... falling back to token headers", ioe); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/ReservedRealm.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/ReservedRealm.java index c1b70169a06..115ef62a5f1 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/ReservedRealm.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/ReservedRealm.java @@ -18,7 +18,7 @@ import org.elasticsearch.shield.support.Exceptions; import org.elasticsearch.shield.user.AnonymousUser; import org.elasticsearch.shield.user.KibanaUser; import org.elasticsearch.shield.user.User; -import org.elasticsearch.shield.user.XPackUser; +import org.elasticsearch.shield.user.ElasticUser; import java.util.Arrays; import java.util.Collection; @@ -86,7 +86,7 @@ public class ReservedRealm extends CachingUsernamePasswordRealm { public static boolean isReserved(String username) { assert username != null; switch (username) { - case XPackUser.NAME: + case ElasticUser.NAME: case KibanaUser.NAME: return true; default: @@ -97,8 +97,8 @@ public class ReservedRealm extends CachingUsernamePasswordRealm { public static User getUser(String username) { assert username != null; switch (username) { - case XPackUser.NAME: - return XPackUser.INSTANCE; + case ElasticUser.NAME: + return ElasticUser.INSTANCE; case KibanaUser.NAME: return KibanaUser.INSTANCE; default: @@ -111,9 +111,9 @@ public class ReservedRealm extends CachingUsernamePasswordRealm { public static Collection users() { if (AnonymousUser.enabled()) { - return Arrays.asList(XPackUser.INSTANCE, KibanaUser.INSTANCE, AnonymousUser.INSTANCE); + return Arrays.asList(ElasticUser.INSTANCE, KibanaUser.INSTANCE, AnonymousUser.INSTANCE); } - return Arrays.asList(XPackUser.INSTANCE, KibanaUser.INSTANCE); + return Arrays.asList(ElasticUser.INSTANCE, KibanaUser.INSTANCE); } private char[] getPasswordHash(final String username) { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/Hasher.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/Hasher.java index 528e0b2a5e6..73acdaaf8ac 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/Hasher.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/Hasher.java @@ -5,13 +5,12 @@ */ package org.elasticsearch.shield.authc.support; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.Randomness; import org.elasticsearch.common.hash.MessageDigests; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; +import java.util.Base64; import java.util.Locale; import java.util.Random; @@ -145,7 +144,7 @@ public enum Hasher { byte[] textBytes = CharArrays.toUtf8Bytes(text.internalChars()); MessageDigest md = MessageDigests.sha1(); md.update(textBytes); - String hash = Base64.encodeBytes(md.digest()); + String hash = Base64.getEncoder().encodeToString(md.digest()); return (SHA1_PREFIX + hash).toCharArray(); } @@ -158,7 +157,7 @@ public enum Hasher { byte[] textBytes = CharArrays.toUtf8Bytes(text.internalChars()); MessageDigest md = MessageDigests.sha1(); md.update(textBytes); - String passwd64 = Base64.encodeBytes(md.digest()); + String passwd64 = Base64.getEncoder().encodeToString(md.digest()); String hashNoPrefix = hashStr.substring(SHA1_PREFIX.length()); return SecuredString.constantTimeEquals(hashNoPrefix, passwd64); } @@ -169,7 +168,7 @@ public enum Hasher { public char[] hash(SecuredString text) { MessageDigest md = MessageDigests.md5(); md.update(CharArrays.toUtf8Bytes(text.internalChars())); - String hash = Base64.encodeBytes(md.digest()); + String hash = Base64.getEncoder().encodeToString(md.digest()); return (MD5_PREFIX + hash).toCharArray(); } @@ -182,7 +181,7 @@ public enum Hasher { hashStr = hashStr.substring(MD5_PREFIX.length()); MessageDigest md = MessageDigests.md5(); md.update(CharArrays.toUtf8Bytes(text.internalChars())); - String computedHashStr = Base64.encodeBytes(md.digest()); + String computedHashStr = Base64.getEncoder().encodeToString(md.digest()); return SecuredString.constantTimeEquals(hashStr, computedHashStr); } }, @@ -194,7 +193,7 @@ public enum Hasher { md.update(CharArrays.toUtf8Bytes(text.internalChars())); char[] salt = SaltProvider.salt(8); md.update(CharArrays.toUtf8Bytes(salt)); - String hash = Base64.encodeBytes(md.digest()); + String hash = Base64.getEncoder().encodeToString(md.digest()); char[] result = new char[SSHA256_PREFIX.length() + salt.length + hash.length()]; System.arraycopy(SSHA256_PREFIX.toCharArray(), 0, result, 0, SSHA256_PREFIX.length()); System.arraycopy(salt, 0, result, SSHA256_PREFIX.length(), salt.length); @@ -213,7 +212,7 @@ public enum Hasher { MessageDigest md = MessageDigests.sha256(); md.update(CharArrays.toUtf8Bytes(text.internalChars())); md.update(new String(saltAndHash, 0, 8).getBytes(StandardCharsets.UTF_8)); - String computedHash = Base64.encodeBytes(md.digest()); + String computedHash = Base64.getEncoder().encodeToString(md.digest()); return SecuredString.constantTimeEquals(computedHash, new String(saltAndHash, 8, saltAndHash.length - 8)); } }, diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java index 096709d04f3..4dd4f0f08d7 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java @@ -5,13 +5,12 @@ */ package org.elasticsearch.shield.authc.support; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.shield.authc.AuthenticationToken; -import java.io.IOException; import java.nio.CharBuffer; import java.util.Arrays; +import java.util.Base64; import java.util.Objects; import static org.elasticsearch.shield.support.Exceptions.authenticationError; @@ -85,8 +84,8 @@ public class UsernamePasswordToken implements AuthenticationToken { char[] userpasswd; try { - userpasswd = CharArrays.utf8BytesToChars(Base64.decode(headerValue.substring(BASIC_AUTH_PREFIX.length()).trim())); - } catch (IllegalArgumentException | IOException e) { + userpasswd = CharArrays.utf8BytesToChars(Base64.getDecoder().decode(headerValue.substring(BASIC_AUTH_PREFIX.length()).trim())); + } catch (IllegalArgumentException e) { throw authenticationError("invalid basic authentication header encoding", e); } @@ -109,7 +108,7 @@ public class UsernamePasswordToken implements AuthenticationToken { chars.put(username).put(':').put(passwd.internalChars()); //TODO we still have passwords in Strings in headers - String basicToken = Base64.encodeBytes(CharArrays.toUtf8Bytes(chars.array())); + String basicToken = Base64.getEncoder().encodeToString(CharArrays.toUtf8Bytes(chars.array())); return "Basic " + basicToken; } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaRole.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaRole.java index 83dede30eb6..c2511efbc3a 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaRole.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaRole.java @@ -17,7 +17,7 @@ public class KibanaRole extends Role { private static final String[] CLUSTER_PRIVILEGES = new String[] { "monitor", MonitoringBulkAction.NAME}; private static final RoleDescriptor.IndicesPrivileges[] INDICES_PRIVILEGES = new RoleDescriptor.IndicesPrivileges[] { - RoleDescriptor.IndicesPrivileges.builder().indices(".kibana").privileges("all").build() }; + RoleDescriptor.IndicesPrivileges.builder().indices(".kibana*", ".reporting-*").privileges("all").build() }; public static final String NAME = "kibana"; public static final RoleDescriptor DESCRIPTOR = new RoleDescriptor(NAME, CLUSTER_PRIVILEGES, INDICES_PRIVILEGES, null); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java index 207c9851a19..30994e722f2 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java @@ -6,7 +6,6 @@ package org.elasticsearch.shield.crypto; import org.elasticsearch.ElasticsearchException; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.component.AbstractLifecycleComponent; import org.elasticsearch.common.inject.Inject; @@ -39,6 +38,7 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.Arrays; +import java.util.Base64; import java.util.Collections; import java.util.List; import java.util.Objects; @@ -138,11 +138,7 @@ public class InternalCryptoService extends AbstractLifecycleComponent USERNAME_SETTING = new Setting<>(setting("authc.anonymous.username"), DEFAULT_ANONYMOUS_USERNAME, s -> s, Property.NodeScope); public static final Setting> ROLES_SETTING = diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/ElasticUser.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/ElasticUser.java new file mode 100644 index 00000000000..9cd0840fb18 --- /dev/null +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/ElasticUser.java @@ -0,0 +1,42 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.shield.user; + +import org.elasticsearch.shield.authz.permission.SuperuserRole; +import org.elasticsearch.shield.user.User.ReservedUser; + +/** + * The reserved {@code elastic} superuser. As full permission/access to the cluster/indices and can + * run as any other user. + */ +public class ElasticUser extends ReservedUser { + + public static final String NAME = "elastic"; + public static final String ROLE_NAME = SuperuserRole.NAME; + public static final ElasticUser INSTANCE = new ElasticUser(); + + private ElasticUser() { + super(NAME, ROLE_NAME); + } + + @Override + public boolean equals(Object o) { + return INSTANCE == o; + } + + @Override + public int hashCode() { + return System.identityHashCode(this); + } + + public static boolean is(User user) { + return INSTANCE.equals(user); + } + + public static boolean is(String principal) { + return NAME.equals(principal); + } +} diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/SystemUser.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/SystemUser.java index 9b88b280ff7..2f2ed7a6c80 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/SystemUser.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/SystemUser.java @@ -16,8 +16,8 @@ import java.util.function.Predicate; */ public class SystemUser extends User { - public static final String NAME = "__es_system_user"; - public static final String ROLE_NAME = "__es_system_role"; + public static final String NAME = "_system"; + public static final String ROLE_NAME = "_system"; public static final User INSTANCE = new SystemUser(); @@ -41,6 +41,10 @@ public class SystemUser extends User { return INSTANCE.equals(user); } + public static boolean is(String principal) { + return NAME.equals(principal); + } + public static boolean isAuthorized(String action) { return PREDICATE.test(action); } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/User.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/User.java index b47aa1067d9..9818e745421 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/User.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/User.java @@ -187,12 +187,14 @@ public class User implements ToXContent { public static User readFrom(StreamInput input) throws IOException { if (input.readBoolean()) { String name = input.readString(); - if (SystemUser.NAME.equals(name)) { + if (SystemUser.is(name)) { return SystemUser.INSTANCE; + } else if (XPackUser.is(name)) { + return XPackUser.INSTANCE; } User user = ReservedRealm.getUser(name); if (user == null) { - throw new IllegalStateException("invalid internal user"); + throw new IllegalStateException("invalid reserved user"); } return user; } @@ -217,6 +219,9 @@ public class User implements ToXContent { if (SystemUser.is(user)) { output.writeBoolean(true); output.writeString(SystemUser.NAME); + } else if (XPackUser.is(user)) { + output.writeBoolean(true); + output.writeString(XPackUser.NAME); } else if (ReservedRealm.isReserved(user.principal())) { output.writeBoolean(true); output.writeString(user.principal()); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/XPackUser.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/XPackUser.java index 84de4f8f0b2..059eb454f30 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/XPackUser.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/XPackUser.java @@ -12,9 +12,9 @@ import org.elasticsearch.shield.user.User.ReservedUser; * XPack internal user that manages xpack. Has all cluster/indices permissions for watcher, * shield and monitoring to operate. */ -public class XPackUser extends ReservedUser { +public class XPackUser extends User { - public static final String NAME = "elastic"; + public static final String NAME = "_xpack"; public static final String ROLE_NAME = SuperuserRole.NAME; public static final XPackUser INSTANCE = new XPackUser(); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java index db7d5d3048e..f99bfef4aff 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java @@ -9,8 +9,6 @@ import org.apache.lucene.search.join.ScoreMode; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.action.get.GetResponse; import org.elasticsearch.action.get.MultiGetResponse; -import org.elasticsearch.action.percolate.PercolateResponse; -import org.elasticsearch.action.percolate.PercolateSourceBuilder; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.termvectors.MultiTermVectorsResponse; import org.elasticsearch.action.termvectors.TermVectorsRequest; @@ -605,86 +603,6 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase { assertThat(searchResponse.getHits().getAt(1).id(), equalTo("c2")); } - public void testPercolateApi() { - assertAcked(client().admin().indices().prepareCreate("test") - .addMapping("query", "query", "type=percolator", "field1", "type=text", "field2", "type=text", "field3", "type=text") - ); - client().prepareIndex("test", "query", "1") - .setSource("{\"query\" : { \"match_all\" : {} }, \"field1\" : \"value1\"}") - .setRefresh(true) - .get(); - - // Percolator without a query just evaluates all percolator queries that are loaded, so we have a match: - PercolateResponse response = client() - .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - - response = client() - .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(0L)); - - response = client() - .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user3", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - - // Percolator with a query on a document that the current user can see. Percolator will have one query to evaluate, so there is a - // match: - response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateQuery(termQuery("field1", "value1")) - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - - // Percolator with a query on a document that the current user can't see. Percolator will not have queries to evaluate, so there - // is no match: - response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateQuery(termQuery("field1", "value1")) - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(0L)); - - response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user3", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateQuery(termQuery("field1", "value1")) - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - - assertAcked(client().admin().indices().prepareClose("test")); - assertAcked(client().admin().indices().prepareOpen("test")); - ensureGreen("test"); - - // Ensure that the query loading that happens at startup has permissions to load the percolator queries: - response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - } - public void testScroll() throws Exception { assertAcked(client().admin().indices().prepareCreate("test") .setSettings(Settings.builder().put(IndicesRequestCache.INDEX_CACHE_REQUEST_ENABLED_SETTING.getKey(), true)) diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java index c8430ea1c8e..a887783b017 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java @@ -10,8 +10,6 @@ import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.action.fieldstats.FieldStatsResponse; import org.elasticsearch.action.get.GetResponse; import org.elasticsearch.action.get.MultiGetResponse; -import org.elasticsearch.action.percolate.PercolateResponse; -import org.elasticsearch.action.percolate.PercolateSourceBuilder; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.termvectors.MultiTermVectorsResponse; import org.elasticsearch.action.termvectors.TermVectorsRequest; @@ -1122,49 +1120,6 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { assertThat(response.getResponses()[0].getResponse().getFields().terms("field2").size(), equalTo(1L)); } - public void testPercolateApi() { - assertAcked(client().admin().indices().prepareCreate("test") - .addMapping("query", "query", "type=percolator", "field1", "type=text", "field2", "type=text") - ); - client().prepareIndex("test", "query", "1") - .setSource("{\"query\" : { \"match_all\" : {} }, \"field1\" : \"value1\"}") - .setRefresh(true) - .get(); - - // Percolator without a query just evaluates all percolator queries that are loaded, so we have a match: - PercolateResponse response = client() - .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - - // Percolator with a query on a field that the current user can't see. Percolator will not have queries to evaluate, so there is - // no match: - response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateQuery(termQuery("field1", "value1")) - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(0L)); - - assertAcked(client().admin().indices().prepareClose("test")); - assertAcked(client().admin().indices().prepareOpen("test")); - ensureGreen("test"); - - // Ensure that the query loading that happens at startup has permissions to load the percolator queries: - response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - } - public void testParentChild() { assertAcked(prepareCreate("test") .addMapping("parent") diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportAuthenticateActionTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportAuthenticateActionTests.java index 20e553750bc..4cb4cd9bf24 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportAuthenticateActionTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportAuthenticateActionTests.java @@ -11,10 +11,10 @@ import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.shield.SecurityContext; +import org.elasticsearch.shield.user.ElasticUser; import org.elasticsearch.shield.user.KibanaUser; import org.elasticsearch.shield.user.SystemUser; import org.elasticsearch.shield.user.User; -import org.elasticsearch.shield.user.XPackUser; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportService; @@ -83,7 +83,7 @@ public class TransportAuthenticateActionTests extends ESTestCase { } public void testValidUser() { - final User user = randomFrom(XPackUser.INSTANCE, KibanaUser.INSTANCE, new User("joe")); + final User user = randomFrom(ElasticUser.INSTANCE, KibanaUser.INSTANCE, new User("joe")); SecurityContext securityContext = mock(SecurityContext.class); when(securityContext.getUser()).thenReturn(user); TransportAuthenticateAction action = new TransportAuthenticateAction(Settings.EMPTY, mock(ThreadPool.class), diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportChangePasswordActionTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportChangePasswordActionTests.java index ab51cb976ee..06e113bf695 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportChangePasswordActionTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportChangePasswordActionTests.java @@ -14,10 +14,10 @@ import org.elasticsearch.shield.authc.esnative.NativeUsersStore; import org.elasticsearch.shield.authc.support.Hasher; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.user.AnonymousUser; +import org.elasticsearch.shield.user.ElasticUser; import org.elasticsearch.shield.user.KibanaUser; import org.elasticsearch.shield.user.SystemUser; import org.elasticsearch.shield.user.User; -import org.elasticsearch.shield.user.XPackUser; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportService; @@ -109,7 +109,7 @@ public class TransportChangePasswordActionTests extends ESTestCase { } public void testValidUser() { - final User user = randomFrom(XPackUser.INSTANCE, KibanaUser.INSTANCE, new User("joe")); + final User user = randomFrom(ElasticUser.INSTANCE, KibanaUser.INSTANCE, new User("joe")); NativeUsersStore usersStore = mock(NativeUsersStore.class); ChangePasswordRequest request = new ChangePasswordRequest(); request.username(user.principal()); @@ -147,7 +147,7 @@ public class TransportChangePasswordActionTests extends ESTestCase { } public void testException() { - final User user = randomFrom(XPackUser.INSTANCE, KibanaUser.INSTANCE, new User("joe")); + final User user = randomFrom(ElasticUser.INSTANCE, KibanaUser.INSTANCE, new User("joe")); NativeUsersStore usersStore = mock(NativeUsersStore.class); ChangePasswordRequest request = new ChangePasswordRequest(); request.username(user.principal()); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java index 9facc8cf499..f0dcbaf5148 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java @@ -8,7 +8,6 @@ package org.elasticsearch.shield.authc; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.Version; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.io.stream.BytesStreamOutput; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.settings.Settings; @@ -37,6 +36,7 @@ import org.junit.Rule; import org.junit.rules.ExpectedException; import java.util.Arrays; +import java.util.Base64; import java.util.Collections; import static org.elasticsearch.shield.support.Exceptions.authenticationError; @@ -751,7 +751,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase { User user = new User("username", "r1", "r2", "r3"); String text = InternalAuthenticationService.encodeUser(user, null); - StreamInput input = StreamInput.wrap(Base64.decode(text)); + StreamInput input = StreamInput.wrap(Base64.getDecoder().decode(text)); Version version = Version.readVersion(input); assertThat(version, is(Version.CURRENT)); } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java index 432b1726b29..8ef07027eb1 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java @@ -16,25 +16,25 @@ import org.elasticsearch.common.bytes.BytesArray; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.rest.RestStatus; import org.elasticsearch.shield.ShieldTemplateService; +import org.elasticsearch.shield.action.role.DeleteRoleResponse; +import org.elasticsearch.shield.action.role.GetRolesResponse; import org.elasticsearch.shield.action.user.AuthenticateAction; import org.elasticsearch.shield.action.user.AuthenticateRequest; import org.elasticsearch.shield.action.user.AuthenticateResponse; import org.elasticsearch.shield.action.user.ChangePasswordResponse; -import org.elasticsearch.shield.authz.permission.KibanaRole; -import org.elasticsearch.shield.authz.permission.SuperuserRole; -import org.elasticsearch.shield.user.AnonymousUser; -import org.elasticsearch.shield.user.KibanaUser; -import org.elasticsearch.shield.user.SystemUser; -import org.elasticsearch.shield.user.User; -import org.elasticsearch.shield.action.role.DeleteRoleResponse; -import org.elasticsearch.shield.action.role.GetRolesResponse; import org.elasticsearch.shield.action.user.DeleteUserResponse; import org.elasticsearch.shield.action.user.GetUsersResponse; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authz.RoleDescriptor; +import org.elasticsearch.shield.authz.permission.KibanaRole; import org.elasticsearch.shield.authz.permission.Role; +import org.elasticsearch.shield.authz.permission.SuperuserRole; import org.elasticsearch.shield.client.SecurityClient; -import org.elasticsearch.shield.user.XPackUser; +import org.elasticsearch.shield.user.AnonymousUser; +import org.elasticsearch.shield.user.ElasticUser; +import org.elasticsearch.shield.user.KibanaUser; +import org.elasticsearch.shield.user.SystemUser; +import org.elasticsearch.shield.user.User; import org.elasticsearch.test.NativeRealmIntegTestCase; import org.elasticsearch.test.ShieldSettingsSource; import org.junit.BeforeClass; @@ -457,7 +457,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase { } public void testOperationsOnReservedUsers() throws Exception { - final String username = randomFrom(XPackUser.NAME, KibanaUser.NAME); + final String username = randomFrom(ElasticUser.NAME, KibanaUser.NAME); IllegalArgumentException exception = expectThrows(IllegalArgumentException.class, () -> securityClient().preparePutUser(username, randomBoolean() ? "changeme".toCharArray() : null, "admin").get()); assertThat(exception.getMessage(), containsString("user [" + username + "] is reserved")); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmIntegTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmIntegTests.java index 7251bd85fed..c1f549bf058 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmIntegTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmIntegTests.java @@ -7,8 +7,8 @@ package org.elasticsearch.shield.authc.esnative; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse; +import org.elasticsearch.shield.user.ElasticUser; import org.elasticsearch.shield.user.KibanaUser; -import org.elasticsearch.shield.user.XPackUser; import org.elasticsearch.shield.action.user.ChangePasswordResponse; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.test.NativeRealmIntegTestCase; @@ -29,7 +29,7 @@ public class ReservedRealmIntegTests extends NativeRealmIntegTestCase { private static final SecuredString DEFAULT_PASSWORD = new SecuredString("changeme".toCharArray()); public void testAuthenticate() { - for (String username : Arrays.asList(XPackUser.NAME, KibanaUser.NAME)) { + for (String username : Arrays.asList(ElasticUser.NAME, KibanaUser.NAME)) { ClusterHealthResponse response = client() .filterWithHeader(singletonMap("Authorization", basicAuthHeaderValue(username, DEFAULT_PASSWORD))) .admin() @@ -42,7 +42,7 @@ public class ReservedRealmIntegTests extends NativeRealmIntegTestCase { } public void testChangingPassword() { - String username = randomFrom(XPackUser.NAME, KibanaUser.NAME); + String username = randomFrom(ElasticUser.NAME, KibanaUser.NAME); final char[] newPassword = "supersecretvalue".toCharArray(); if (randomBoolean()) { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java index 80fb786688a..f803306aae4 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java @@ -13,9 +13,9 @@ import org.elasticsearch.shield.authc.support.Hasher; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.user.AnonymousUser; +import org.elasticsearch.shield.user.ElasticUser; import org.elasticsearch.shield.user.KibanaUser; import org.elasticsearch.shield.user.User; -import org.elasticsearch.shield.user.XPackUser; import org.elasticsearch.test.ESTestCase; import org.junit.Before; @@ -49,7 +49,7 @@ public class ReservedRealmTests extends ESTestCase { public void testUserStoreNotStarted() { when(usersStore.started()).thenReturn(false); final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore); - final String principal = randomFrom(XPackUser.NAME, KibanaUser.NAME); + final String principal = randomFrom(ElasticUser.NAME, KibanaUser.NAME); ElasticsearchSecurityException expected = expectThrows(ElasticsearchSecurityException.class, () -> reservedRealm.doAuthenticate(new UsernamePasswordToken(principal, DEFAULT_PASSWORD))); @@ -65,7 +65,7 @@ public class ReservedRealmTests extends ESTestCase { when(usersStore.shieldIndexExists()).thenReturn(true); } final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore); - final User expected = randomFrom((User) XPackUser.INSTANCE, (User) KibanaUser.INSTANCE); + final User expected = randomFrom((User) ElasticUser.INSTANCE, KibanaUser.INSTANCE); final String principal = expected.principal(); final User authenticated = reservedRealm.doAuthenticate(new UsernamePasswordToken(principal, DEFAULT_PASSWORD)); @@ -81,7 +81,7 @@ public class ReservedRealmTests extends ESTestCase { public void testAuthenticationWithStoredPassword() throws Throwable { final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore); - final User expectedUser = randomFrom((User) XPackUser.INSTANCE, (User) KibanaUser.INSTANCE); + final User expectedUser = randomFrom((User) ElasticUser.INSTANCE, KibanaUser.INSTANCE); final String principal = expectedUser.principal(); final SecuredString newPassword = new SecuredString("foobar".toCharArray()); when(usersStore.shieldIndexExists()).thenReturn(true); @@ -107,7 +107,7 @@ public class ReservedRealmTests extends ESTestCase { public void testLookup() { final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore); - final User expectedUser = randomFrom((User) XPackUser.INSTANCE, (User) KibanaUser.INSTANCE); + final User expectedUser = randomFrom((User) ElasticUser.INSTANCE, KibanaUser.INSTANCE); final String principal = expectedUser.principal(); final User user = reservedRealm.doLookupUser(principal); @@ -120,7 +120,7 @@ public class ReservedRealmTests extends ESTestCase { } public void testHelperMethods() { - final User expectedUser = randomFrom((User) XPackUser.INSTANCE, KibanaUser.INSTANCE); + final User expectedUser = randomFrom((User) ElasticUser.INSTANCE, KibanaUser.INSTANCE); final String principal = expectedUser.principal(); assertThat(ReservedRealm.isReserved(principal), is(true)); assertThat(ReservedRealm.getUser(principal), sameInstance(expectedUser)); @@ -129,19 +129,20 @@ public class ReservedRealmTests extends ESTestCase { assertThat(ReservedRealm.isReserved(notExpected), is(false)); assertThat(ReservedRealm.getUser(notExpected), nullValue()); - assertThat(ReservedRealm.users(), containsInAnyOrder((User) XPackUser.INSTANCE, KibanaUser.INSTANCE)); + assertThat(ReservedRealm.users(), containsInAnyOrder((User) ElasticUser.INSTANCE, KibanaUser.INSTANCE)); } public void testFailedAuthentication() { final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore); // maybe cache a successful auth if (randomBoolean()) { - User user = reservedRealm.authenticate(new UsernamePasswordToken(XPackUser.NAME, new SecuredString("changeme".toCharArray()))); - assertThat(user, sameInstance(XPackUser.INSTANCE)); + User user = reservedRealm.authenticate( + new UsernamePasswordToken(ElasticUser.NAME, new SecuredString("changeme".toCharArray()))); + assertThat(user, sameInstance(ElasticUser.INSTANCE)); } try { - reservedRealm.authenticate(new UsernamePasswordToken(XPackUser.NAME, new SecuredString("foobar".toCharArray()))); + reservedRealm.authenticate(new UsernamePasswordToken(ElasticUser.NAME, new SecuredString("foobar".toCharArray()))); fail("authentication should throw an exception otherwise we may allow others to impersonate reserved users..."); } catch (ElasticsearchSecurityException e) { assertThat(e.getMessage(), containsString("failed to authenticate")); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java index 8e18018dac6..44a1c2730a8 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java @@ -92,6 +92,7 @@ public class UsersToolTests extends CommandTestCase { public static void closeJimfs() throws IOException { if (jimfs != null) { jimfs.close(); + jimfs = null; } } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java index b09a856da10..44db35ba2dc 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java @@ -119,7 +119,7 @@ public class OpenLdapTests extends ESTestCase { Map stats = realm.usageStats(); assertThat(stats, is(notNullValue())); - assertThat(stats, hasEntry("size", "small")); + assertThat(stats, hasEntry("size", "tiny")); assertThat(stats, hasEntry("ssl", true)); assertThat(stats, hasEntry("user_search", userSearch)); assertThat(stats, hasEntry("load_balance_type", loadBalanceType)); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealmTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealmTests.java index 8549a18f220..74e088fa589 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealmTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealmTests.java @@ -20,7 +20,7 @@ public class UsernamePasswordRealmTests extends ESTestCase { int count = randomIntBetween(0, 1000); UsernamePasswordRealm.UserbaseSize size = UsernamePasswordRealm.UserbaseSize.resolve(count); if (count < 10) { - assertThat(size, is(UsernamePasswordRealm.UserbaseSize.SMALL)); + assertThat(size, is(UsernamePasswordRealm.UserbaseSize.TINY)); } else if (count < 100) { assertThat(size, is(UsernamePasswordRealm.UserbaseSize.SMALL)); } else if (count < 500) { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordTokenTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordTokenTests.java index 6981b7a36db..c8ea49237d3 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordTokenTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordTokenTests.java @@ -6,7 +6,6 @@ package org.elasticsearch.shield.authc.support; import org.elasticsearch.ElasticsearchSecurityException; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.ESTestCase; @@ -14,6 +13,7 @@ import org.junit.Rule; import org.junit.rules.ExpectedException; import java.nio.charset.StandardCharsets; +import java.util.Base64; import static org.elasticsearch.test.ShieldTestsUtils.assertAuthenticationException; import static org.hamcrest.Matchers.equalTo; @@ -35,7 +35,7 @@ public class UsernamePasswordTokenTests extends ESTestCase { assertThat(header, notNullValue()); assertTrue(header.startsWith("Basic ")); String token = header.substring("Basic ".length()); - token = new String(Base64.decode(token), StandardCharsets.UTF_8); + token = new String(Base64.getDecoder().decode(token), StandardCharsets.UTF_8); int i = token.indexOf(":"); assertTrue(i > 0); String username = token.substring(0, i); @@ -46,7 +46,7 @@ public class UsernamePasswordTokenTests extends ESTestCase { public void testExtractToken() throws Exception { ThreadContext threadContext = new ThreadContext(Settings.EMPTY); - String header = "Basic " + Base64.encodeBytes("user1:test123".getBytes(StandardCharsets.UTF_8)); + String header = "Basic " + Base64.getEncoder().encodeToString("user1:test123".getBytes(StandardCharsets.UTF_8)); threadContext.putHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, header); UsernamePasswordToken token = UsernamePasswordToken.extractToken(threadContext); assertThat(token, notNullValue()); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaRoleTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaRoleTests.java index b4452578074..6aefb0b1f5e 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaRoleTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaRoleTests.java @@ -22,6 +22,8 @@ import org.elasticsearch.shield.user.User; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.transport.TransportRequest; +import java.util.Arrays; + import static org.hamcrest.Matchers.is; /** @@ -45,17 +47,27 @@ public class KibanaRoleTests extends ESTestCase { assertThat(KibanaRole.INSTANCE.runAs().isEmpty(), is(true)); } - public void testIndices() { - final String kibanaIndex = ".kibana"; - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher("indices:foo").test(kibanaIndex), is(true)); - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher("indices:bar").test(kibanaIndex), is(true)); - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(DeleteIndexAction.NAME).test(kibanaIndex), is(true)); - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(CreateIndexAction.NAME).test(kibanaIndex), is(true)); - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(IndexAction.NAME).test(kibanaIndex), is(true)); - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(DeleteAction.NAME).test(kibanaIndex), is(true)); - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(UpdateSettingsAction.NAME).test(kibanaIndex), is(true)); - + public void testUnauthorizedIndices() { assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(IndexAction.NAME).test("foo"), is(false)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(IndexAction.NAME).test(".reporting"), is(false)); assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher("indices:foo").test(randomAsciiOfLengthBetween(8, 24)), is(false)); } + + public void testKibanaIndices() { + Arrays.asList(".kibana", ".kibana-devnull").forEach(this::testAllIndexAccess); + } + + public void testReportingIndices() { + testAllIndexAccess(".reporting-" + randomAsciiOfLength(randomIntBetween(0, 13))); + } + + private void testAllIndexAccess(String index) { + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher("indices:foo").test(index), is(true)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher("indices:bar").test(index), is(true)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(DeleteIndexAction.NAME).test(index), is(true)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(CreateIndexAction.NAME).test(index), is(true)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(IndexAction.NAME).test(index), is(true)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(DeleteAction.NAME).test(index), is(true)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(UpdateSettingsAction.NAME).test(index), is(true)); + } } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java index 6b5a83d147a..6dc6bbabd26 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java @@ -358,7 +358,7 @@ public class FileRolesStoreTests extends ESTestCase { assertThat(messages, notNullValue()); assertThat(messages, hasSize(4)); // the system role will always be checked first - assertThat(messages.get(0).text, containsString("role [__es_system_role] is reserved")); + assertThat(messages.get(0).text, containsString("role [_system] is reserved")); assertThat(messages.get(1).text, containsString("role [superuser] is reserved")); assertThat(messages.get(2).text, containsString("role [kibana] is reserved")); assertThat(messages.get(3).text, containsString("role [transport_client] is reserved")); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/ReservedRolesStoreTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/ReservedRolesStoreTests.java index 72fa777da0d..fd45d9814a8 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/ReservedRolesStoreTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/ReservedRolesStoreTests.java @@ -9,10 +9,10 @@ import org.elasticsearch.shield.SecurityContext; import org.elasticsearch.shield.authz.permission.KibanaRole; import org.elasticsearch.shield.authz.permission.SuperuserRole; import org.elasticsearch.shield.authz.permission.TransportClientRole; +import org.elasticsearch.shield.user.ElasticUser; import org.elasticsearch.shield.user.KibanaUser; import org.elasticsearch.shield.user.SystemUser; import org.elasticsearch.shield.user.User; -import org.elasticsearch.shield.user.XPackUser; import org.elasticsearch.test.ESTestCase; import org.junit.Before; @@ -41,7 +41,7 @@ public class ReservedRolesStoreTests extends ESTestCase { public void testRetrievingReservedRolesNonKibanaUser() { if (randomBoolean()) { - when(securityContext.getUser()).thenReturn(XPackUser.INSTANCE); + when(securityContext.getUser()).thenReturn(ElasticUser.INSTANCE); } assertThat(reservedRolesStore.role(SuperuserRole.NAME), sameInstance(SuperuserRole.INSTANCE)); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/UserTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/UserTests.java index 2f56594153f..24eee718dbe 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/UserTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/UserTests.java @@ -10,6 +10,7 @@ import org.elasticsearch.common.Strings; import org.elasticsearch.common.io.stream.ByteBufferStreamInput; import org.elasticsearch.common.io.stream.BytesStreamOutput; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.xpack.XPackClient; import java.util.Arrays; import java.util.Collections; @@ -58,7 +59,7 @@ public class UserTests extends ESTestCase { assertThat(readFromRunAs.runAs(), is(nullValue())); } - public void testSystemReadAndWrite() throws Exception { + public void testSystemUserReadAndWrite() throws Exception { BytesStreamOutput output = new BytesStreamOutput(); User.writeTo(SystemUser.INSTANCE, output); @@ -68,6 +69,16 @@ public class UserTests extends ESTestCase { assertThat(readFrom.runAs(), is(nullValue())); } + public void testXPackUserReadAndWrite() throws Exception { + BytesStreamOutput output = new BytesStreamOutput(); + + User.writeTo(XPackUser.INSTANCE, output); + User readFrom = User.readFrom(ByteBufferStreamInput.wrap(output.bytes())); + + assertThat(readFrom, is(sameInstance(XPackUser.INSTANCE))); + assertThat(readFrom.runAs(), is(nullValue())); + } + public void testFakeInternalUserSerialization() throws Exception { BytesStreamOutput output = new BytesStreamOutput(); output.writeBoolean(true); @@ -102,10 +113,10 @@ public class UserTests extends ESTestCase { public void testReservedUserSerialization() throws Exception { BytesStreamOutput output = new BytesStreamOutput(); - User.writeTo(XPackUser.INSTANCE, output); + User.writeTo(ElasticUser.INSTANCE, output); User readFrom = User.readFrom(ByteBufferStreamInput.wrap(output.bytes())); - assertThat(readFrom, is(sameInstance(XPackUser.INSTANCE))); + assertThat(readFrom, is(sameInstance(ElasticUser.INSTANCE))); output = new BytesStreamOutput(); User.writeTo(KibanaUser.INSTANCE, output); diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/reserved_roles.yml b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/reserved_roles.yml index 754a4c46c3c..30735f7d8ec 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/reserved_roles.yml +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/reserved_roles.yml @@ -5,7 +5,7 @@ admin: - names: '*' privileges: [ all ] -__es_system_role: +_system: cluster: - all indices: diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions index 8ae28064a75..af461b5f43f 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions @@ -59,10 +59,8 @@ indices:data/read/field_stats indices:data/read/get indices:data/read/xpack/graph/explore indices:data/read/mget -indices:data/read/mpercolate indices:data/read/msearch indices:data/read/mtv -indices:data/read/percolate cluster:admin/script/get indices:data/read/scroll indices:data/read/scroll/clear diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java index 19b705fa770..2dbaebfbff1 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java @@ -37,6 +37,8 @@ import org.elasticsearch.xpack.common.secret.SecretModule; import org.elasticsearch.xpack.extensions.XPackExtension; import org.elasticsearch.xpack.extensions.XPackExtensionsService; import org.elasticsearch.xpack.notification.Notification; +import org.elasticsearch.xpack.notification.email.Account; +import org.elasticsearch.xpack.notification.email.support.BodyPartSource; import org.elasticsearch.xpack.rest.action.RestXPackInfoAction; import org.elasticsearch.xpack.common.text.TextTemplateModule; import org.elasticsearch.xpack.rest.action.RestXPackUsageAction; @@ -84,6 +86,9 @@ public class XPackPlugin extends Plugin { throw bogus; // some other bug } } + // some classes need to have their own clinit blocks + BodyPartSource.init(); + Account.init(); } protected final Settings settings; diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/auth/basic/ApplicableBasicAuth.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/auth/basic/ApplicableBasicAuth.java index c547ad81159..d52d8d644d0 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/auth/basic/ApplicableBasicAuth.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/auth/basic/ApplicableBasicAuth.java @@ -5,12 +5,12 @@ */ package org.elasticsearch.xpack.common.http.auth.basic; -import org.elasticsearch.common.Base64; import org.elasticsearch.xpack.common.http.auth.ApplicableHttpAuth; import org.elasticsearch.xpack.common.secret.SecretService; import java.net.HttpURLConnection; import java.nio.charset.StandardCharsets; +import java.util.Base64; /** */ @@ -24,7 +24,7 @@ public class ApplicableBasicAuth extends ApplicableHttpAuth { } public static String headerValue(String username, char[] password) { - return "Basic " + Base64.encodeBytes((username + ":" + new String(password)).getBytes(StandardCharsets.UTF_8)); + return "Basic " + Base64.getEncoder().encodeToString((username + ":" + new String(password)).getBytes(StandardCharsets.UTF_8)); } public void apply(HttpURLConnection connection) { diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Account.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Account.java index 28ab5a27e3e..fed92a3408a 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Account.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Account.java @@ -32,13 +32,6 @@ public class Account { static final String SMTP_PROTOCOL = "smtp"; static { - // required as java doesn't always find the correct mailcap to properly handle mime types - final MailcapCommandMap mailcap = (MailcapCommandMap) CommandMap.getDefaultCommandMap(); - mailcap.addMailcap("text/html;; x-java-content-handler=com.sun.mail.handlers.text_html"); - mailcap.addMailcap("text/xml;; x-java-content-handler=com.sun.mail.handlers.text_xml"); - mailcap.addMailcap("text/plain;; x-java-content-handler=com.sun.mail.handlers.text_plain"); - mailcap.addMailcap("multipart/*;; x-java-content-handler=com.sun.mail.handlers.multipart_mixed"); - mailcap.addMailcap("message/rfc822;; x-java-content-handler=com.sun.mail.handlers.message_rfc822"); SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(new SpecialPermission()); @@ -46,12 +39,22 @@ public class Account { AccessController.doPrivileged(new PrivilegedAction() { @Override public Void run() { + // required as java doesn't always find the correct mailcap to properly handle mime types + final MailcapCommandMap mailcap = (MailcapCommandMap) CommandMap.getDefaultCommandMap(); + mailcap.addMailcap("text/html;; x-java-content-handler=com.sun.mail.handlers.text_html"); + mailcap.addMailcap("text/xml;; x-java-content-handler=com.sun.mail.handlers.text_xml"); + mailcap.addMailcap("text/plain;; x-java-content-handler=com.sun.mail.handlers.text_plain"); + mailcap.addMailcap("multipart/*;; x-java-content-handler=com.sun.mail.handlers.multipart_mixed"); + mailcap.addMailcap("message/rfc822;; x-java-content-handler=com.sun.mail.handlers.message_rfc822"); CommandMap.setDefaultCommandMap(mailcap); return null; } }); } + // exists only to allow ensuring class is initialized + public static void init() {} + static final Settings DEFAULT_SMTP_TIMEOUT_SETTINGS = Settings.builder() .put("connection_timeout", TimeValue.timeValueMinutes(2)) .put("write_timeout", TimeValue.timeValueMinutes(2)) diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/support/BodyPartSource.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/support/BodyPartSource.java index 40e4582ae64..f7376888feb 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/support/BodyPartSource.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/support/BodyPartSource.java @@ -5,18 +5,30 @@ */ package org.elasticsearch.xpack.notification.email.support; +import org.elasticsearch.SpecialPermission; import org.elasticsearch.common.xcontent.ToXContent; +import javax.activation.CommandMap; import javax.activation.FileTypeMap; import javax.mail.MessagingException; import javax.mail.internet.MimeBodyPart; +import java.security.AccessController; +import java.security.PrivilegedAction; /** * */ public abstract class BodyPartSource implements ToXContent { - protected static FileTypeMap fileTypeMap = FileTypeMap.getDefaultFileTypeMap(); + protected static FileTypeMap fileTypeMap; + static { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(new SpecialPermission()); + } + fileTypeMap = AccessController.doPrivileged( + (PrivilegedAction)() -> FileTypeMap.getDefaultFileTypeMap()); + } protected final String id; protected final String name; @@ -46,4 +58,7 @@ public abstract class BodyPartSource implements ToXContent { public abstract MimeBodyPart bodyPart() throws MessagingException; + // exists only to allow ensuring class is initialized + public static void init() {} + } diff --git a/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy b/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy index 881e64e9da4..d3e821f4858 100644 --- a/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy +++ b/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy @@ -11,6 +11,8 @@ grant { // to load the class with the application class loader permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "getClassLoader"; + // TODO: remove use of this jar as soon as possible!!!! + permission java.lang.RuntimePermission "accessClassInPackage.com.sun.activation.registries"; // bouncy castle permission java.security.SecurityPermission "putProviderProperty.BC"; diff --git a/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.info.json b/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.info.json index 206cbf40a0a..e3d71ab64bc 100644 --- a/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.info.json +++ b/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.info.json @@ -1,6 +1,6 @@ { "xpack.info": { - "documentation": "Retrieve information about xpack, including buid number/timestamp and license status", + "documentation": "Retrieve information about xpack, including build number/timestamp and license status", "methods": [ "GET" ], "url": { "path": "/_xpack", diff --git a/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.usage.json b/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.usage.json index 35e24a0c5f2..f66f3afad99 100644 --- a/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.usage.json +++ b/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.usage.json @@ -1,5 +1,5 @@ { - "xpack.info": { + "xpack.usage": { "documentation": "Retrieve information about xpack features usage", "methods": [ "GET" ], "url": { diff --git a/elasticsearch/x-pack/src/test/resources/rest-api-spec/test/xpack/15_basic.yaml b/elasticsearch/x-pack/src/test/resources/rest-api-spec/test/xpack/15_basic.yaml index 140de33fb33..515670ce7f2 100644 --- a/elasticsearch/x-pack/src/test/resources/rest-api-spec/test/xpack/15_basic.yaml +++ b/elasticsearch/x-pack/src/test/resources/rest-api-spec/test/xpack/15_basic.yaml @@ -1,6 +1,6 @@ -# Integration tests xpack info API +# Integration tests xpack info and usage API # -"X-Pack Info": +"X-Pack Info and Usage": - do: cluster.health: @@ -83,6 +83,17 @@ - is_true: features.monitoring.description - is_true: tagline + - do: + xpack.usage: {} + - is_true: watcher.enabled + - is_true: watcher.available + - is_true: security.enabled + - is_true: security.available + - is_true: graph.enabled + - is_true: graph.available + - is_true: monitoring.enabled + - is_true: monitoring.available + - do: xpack.info: categories: "_none" diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java index bd9cb51019d..6430fde4a16 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.script; -import org.elasticsearch.script.ScriptMode; import org.elasticsearch.xpack.common.text.DefaultTextTemplateEngine; import java.util.Collections; @@ -29,8 +28,7 @@ public class MockMustacheScriptEngine extends MockScriptEngine { } public void onModule(ScriptModule module) { - module.addScriptEngine(new ScriptEngineRegistry.ScriptEngineRegistration(MockMustacheScriptEngine.class, - NAME, ScriptMode.ON)); + module.addScriptEngine(new ScriptEngineRegistry.ScriptEngineRegistration(MockMustacheScriptEngine.class, NAME, true)); } } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/SleepScriptEngine.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/SleepScriptEngine.java index fe34b142ad3..c0cf787d7e8 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/SleepScriptEngine.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/SleepScriptEngine.java @@ -7,7 +7,6 @@ package org.elasticsearch.script; import org.elasticsearch.common.Nullable; import org.elasticsearch.plugins.Plugin; -import org.elasticsearch.script.ScriptMode; import org.elasticsearch.search.lookup.SearchLookup; import java.io.IOException; @@ -39,7 +38,7 @@ public class SleepScriptEngine implements ScriptEngineService { public void onModule(ScriptModule module) { module.addScriptEngine(new ScriptEngineRegistry.ScriptEngineRegistration(SleepScriptEngine.class, - SleepScriptEngine.NAME, ScriptMode.ON)); + SleepScriptEngine.NAME, true)); } } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java index 1500c2f6dc2..fd358684e60 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java @@ -6,6 +6,9 @@ package org.elasticsearch.xpack.watcher.history; import org.elasticsearch.action.search.SearchResponse; +import org.elasticsearch.common.logging.ESLogger; +import org.elasticsearch.common.logging.ESLoggerFactory; +import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.search.aggregations.Aggregations; import org.elasticsearch.search.aggregations.bucket.terms.Terms; @@ -15,6 +18,9 @@ import org.elasticsearch.xpack.watcher.execution.ExecutionState; import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase; import org.elasticsearch.xpack.watcher.transport.actions.put.PutWatchResponse; import org.junit.After; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; import static org.elasticsearch.search.aggregations.AggregationBuilders.terms; import static org.elasticsearch.search.builder.SearchSourceBuilder.searchSource; @@ -32,14 +38,17 @@ import static org.hamcrest.Matchers.notNullValue; * not analyzed so they can be used in aggregations */ public class HistoryTemplateEmailMappingsTests extends AbstractWatcherIntegrationTestCase { + private static final ESLogger logger = Loggers.getLogger(HistoryTemplateEmailMappingsTests.class); static final String USERNAME = "_user"; static final String PASSWORD = "_passwd"; - private EmailServer server; + private static EmailServer server; - @After - public void cleanup() throws Exception { - server.stop(); + @AfterClass + public static void cleanup() throws Exception { + if (server != null) { + server.stop(); + } } @Override @@ -52,12 +61,16 @@ public class HistoryTemplateEmailMappingsTests extends AbstractWatcherIntegratio return false; // remove shield noise from this test } - @Override - protected Settings nodeSettings(int nodeOrdinal) { + @BeforeClass + public static void setupEmailServer() { if(server == null) { //Need to construct the Email Server here as this happens before init() server = EmailServer.localhost("2500-2600", USERNAME, PASSWORD, logger); } + } + + @Override + protected Settings nodeSettings(int nodeOrdinal) { return Settings.builder() .put(super.nodeSettings(nodeOrdinal))