From 3ffe341f48db0aa9b7b70cf80718a20ea6d24ec7 Mon Sep 17 00:00:00 2001 From: Areek Zillur Date: Sun, 15 May 2016 21:00:11 -0400 Subject: [PATCH 01/17] Fix license expiry log message - change license expiration message from error to warn - start logging expiry message from 25 days instead of 30 closes elastic/elasticsearch#2231 Original commit: elastic/x-pack-elasticsearch@6c88066c1fa91755b37aa86343f17dcbc1c12220 --- .../license/plugin/core/LicensesService.java | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesService.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesService.java index fe0be8763b5..7b9440fbea0 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesService.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesService.java @@ -149,7 +149,7 @@ public class LicensesService extends AbstractLifecycleComponent } private void populateExpirationCallbacks() { - expirationCallbacks.add(new ExpirationCallback.Pre(days(7), days(30), days(1)) { + expirationCallbacks.add(new ExpirationCallback.Pre(days(7), days(25), days(1)) { @Override public void on(License license) { String general = LoggerMessageFormat.format(null, "\n" + @@ -174,9 +174,9 @@ public class LicensesService extends AbstractLifecycleComponent } } } - logger.error("{}", builder); + logger.warn("{}", builder); } else { - logger.error("{}", general); + logger.warn("{}", general); } } } @@ -206,9 +206,9 @@ public class LicensesService extends AbstractLifecycleComponent } } } - logger.error("{}", builder.toString()); + logger.warn("{}", builder.toString()); } else { - logger.error("{}", general); + logger.warn("{}", general); } } } @@ -238,9 +238,9 @@ public class LicensesService extends AbstractLifecycleComponent } } } - logger.error("{}", builder.toString()); + logger.warn("{}", builder.toString()); } else { - logger.error("{}", general); + logger.warn("{}", general); } } } From 5d93b51472018bfc804d383ed1c401958b38e9f8 Mon Sep 17 00:00:00 2001 From: Lee Hinman Date: Fri, 20 May 2016 15:23:11 -0600 Subject: [PATCH 02/17] Fix compilation for ScriptMode removal See: https://github.com/elastic/elasticsearch/pull/18502 Original commit: elastic/x-pack-elasticsearch@b0422d13dfe8c929aa2d91b2b54551bd4164e0d5 --- .../org/elasticsearch/script/MockMustacheScriptEngine.java | 4 +--- .../test/java/org/elasticsearch/script/SleepScriptEngine.java | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java index bd9cb51019d..6430fde4a16 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.script; -import org.elasticsearch.script.ScriptMode; import org.elasticsearch.xpack.common.text.DefaultTextTemplateEngine; import java.util.Collections; @@ -29,8 +28,7 @@ public class MockMustacheScriptEngine extends MockScriptEngine { } public void onModule(ScriptModule module) { - module.addScriptEngine(new ScriptEngineRegistry.ScriptEngineRegistration(MockMustacheScriptEngine.class, - NAME, ScriptMode.ON)); + module.addScriptEngine(new ScriptEngineRegistry.ScriptEngineRegistration(MockMustacheScriptEngine.class, NAME, true)); } } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/SleepScriptEngine.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/SleepScriptEngine.java index fe34b142ad3..c0cf787d7e8 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/SleepScriptEngine.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/SleepScriptEngine.java @@ -7,7 +7,6 @@ package org.elasticsearch.script; import org.elasticsearch.common.Nullable; import org.elasticsearch.plugins.Plugin; -import org.elasticsearch.script.ScriptMode; import org.elasticsearch.search.lookup.SearchLookup; import java.io.IOException; @@ -39,7 +38,7 @@ public class SleepScriptEngine implements ScriptEngineService { public void onModule(ScriptModule module) { module.addScriptEngine(new ScriptEngineRegistry.ScriptEngineRegistration(SleepScriptEngine.class, - SleepScriptEngine.NAME, ScriptMode.ON)); + SleepScriptEngine.NAME, true)); } } From f5bbe1858ca956dd072fb013b1c56ef0349c9aaf Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Sat, 21 May 2016 11:54:09 -0700 Subject: [PATCH 03/17] Make java 9 work This is the xplugins side of elastic/elasticsearchelastic/elasticsearch#18496 Most of the changes here are related to javax.activation. Original commit: elastic/x-pack-elasticsearch@2a47f94ab529237df12a758e5e1bfe911995076f --- elasticsearch/license/base/build.gradle | 2 ++ elasticsearch/x-pack/build.gradle | 4 +++ .../AbstractExporterTemplateTestCase.java | 3 ++- .../http/HttpExporterTemplateTests.java | 3 ++- .../authc/file/tool/UsersToolTests.java | 1 + .../org/elasticsearch/xpack/XPackPlugin.java | 5 ++++ .../xpack/notification/email/Account.java | 17 +++++++------ .../email/support/BodyPartSource.java | 17 ++++++++++++- .../plugin-metadata/plugin-security.policy | 1 + .../HistoryTemplateEmailMappingsTests.java | 25 ++++++++++++++----- 10 files changed, 62 insertions(+), 16 deletions(-) diff --git a/elasticsearch/license/base/build.gradle b/elasticsearch/license/base/build.gradle index 6263d20cd4e..c76fb7c7579 100644 --- a/elasticsearch/license/base/build.gradle +++ b/elasticsearch/license/base/build.gradle @@ -5,6 +5,8 @@ dependencies { testCompile "org.elasticsearch.test:framework:${version}" } +compactProfile = 'full' + dependencyLicenses.enabled = false jar { diff --git a/elasticsearch/x-pack/build.gradle b/elasticsearch/x-pack/build.gradle index a9e223f3f74..07ec70d1a1a 100644 --- a/elasticsearch/x-pack/build.gradle +++ b/elasticsearch/x-pack/build.gradle @@ -35,6 +35,10 @@ dependencies { compile 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:r239' compile 'com.google.guava:guava:16.0.1' // needed by watcher for the html sanitizer and shield tests for jimfs compile 'com.sun.mail:javax.mail:1.5.3' + // HACK: java 9 removed javax.activation from the default modules, so instead of trying to add modules, which would have + // to be conditionalized for java 8/9, we pull in the classes directly + compile 'javax.activation:activation:1.1' + testCompile 'org.subethamail:subethasmtp:3.1.7' // needed for subethasmtp, has @GuardedBy annotation testCompile 'com.google.code.findbugs:jsr305:3.0.1' diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/AbstractExporterTemplateTestCase.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/AbstractExporterTemplateTestCase.java index 2986a0f28e3..3cbf9fbbfc9 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/AbstractExporterTemplateTestCase.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/AbstractExporterTemplateTestCase.java @@ -121,7 +121,8 @@ public abstract class AbstractExporterTemplateTestCase extends MarvelIntegTestCa assertNotNull(exporters); // Wait for exporting bulks to be ready to export - assertBusy(() -> assertThat(exporters.openBulk(), notNullValue())); + Runnable busy = () -> assertThat(exporters.openBulk(), notNullValue()); + assertBusy(busy); exporters.export(collector.collect()); } diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporterTemplateTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporterTemplateTests.java index c9dd36c7716..dae09e0131f 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporterTemplateTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporterTemplateTests.java @@ -93,7 +93,8 @@ public class HttpExporterTemplateTests extends AbstractExporterTemplateTestCase @Override protected void awaitIndexExists(String index) throws Exception { - assertBusy(() -> assertThat("could not find index " + index, dispatcher.hasIndex(index), is(true)), 10, TimeUnit.SECONDS); + Runnable busy = () -> assertThat("could not find index " + index, dispatcher.hasIndex(index), is(true)); + assertBusy(busy, 10, TimeUnit.SECONDS); } class MockServerDispatcher extends Dispatcher { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java index afd8bb601ee..f1158f431b6 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/tool/UsersToolTests.java @@ -87,6 +87,7 @@ public class UsersToolTests extends CommandTestCase { public static void closeJimfs() throws IOException { if (jimfs != null) { jimfs.close(); + jimfs = null; } } diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java index 81ad4fc069b..45c9303105d 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java @@ -35,6 +35,8 @@ import org.elasticsearch.xpack.common.secret.SecretModule; import org.elasticsearch.xpack.extensions.XPackExtension; import org.elasticsearch.xpack.extensions.XPackExtensionsService; import org.elasticsearch.xpack.notification.Notification; +import org.elasticsearch.xpack.notification.email.Account; +import org.elasticsearch.xpack.notification.email.support.BodyPartSource; import org.elasticsearch.xpack.rest.action.RestXPackInfoAction; import org.elasticsearch.xpack.common.text.TextTemplateModule; import org.elasticsearch.xpack.watcher.Watcher; @@ -81,6 +83,9 @@ public class XPackPlugin extends Plugin { throw bogus; // some other bug } } + // some classes need to have their own clinit blocks + BodyPartSource.init(); + Account.init(); } protected final Settings settings; diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Account.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Account.java index 28ab5a27e3e..fed92a3408a 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Account.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Account.java @@ -32,13 +32,6 @@ public class Account { static final String SMTP_PROTOCOL = "smtp"; static { - // required as java doesn't always find the correct mailcap to properly handle mime types - final MailcapCommandMap mailcap = (MailcapCommandMap) CommandMap.getDefaultCommandMap(); - mailcap.addMailcap("text/html;; x-java-content-handler=com.sun.mail.handlers.text_html"); - mailcap.addMailcap("text/xml;; x-java-content-handler=com.sun.mail.handlers.text_xml"); - mailcap.addMailcap("text/plain;; x-java-content-handler=com.sun.mail.handlers.text_plain"); - mailcap.addMailcap("multipart/*;; x-java-content-handler=com.sun.mail.handlers.multipart_mixed"); - mailcap.addMailcap("message/rfc822;; x-java-content-handler=com.sun.mail.handlers.message_rfc822"); SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(new SpecialPermission()); @@ -46,12 +39,22 @@ public class Account { AccessController.doPrivileged(new PrivilegedAction() { @Override public Void run() { + // required as java doesn't always find the correct mailcap to properly handle mime types + final MailcapCommandMap mailcap = (MailcapCommandMap) CommandMap.getDefaultCommandMap(); + mailcap.addMailcap("text/html;; x-java-content-handler=com.sun.mail.handlers.text_html"); + mailcap.addMailcap("text/xml;; x-java-content-handler=com.sun.mail.handlers.text_xml"); + mailcap.addMailcap("text/plain;; x-java-content-handler=com.sun.mail.handlers.text_plain"); + mailcap.addMailcap("multipart/*;; x-java-content-handler=com.sun.mail.handlers.multipart_mixed"); + mailcap.addMailcap("message/rfc822;; x-java-content-handler=com.sun.mail.handlers.message_rfc822"); CommandMap.setDefaultCommandMap(mailcap); return null; } }); } + // exists only to allow ensuring class is initialized + public static void init() {} + static final Settings DEFAULT_SMTP_TIMEOUT_SETTINGS = Settings.builder() .put("connection_timeout", TimeValue.timeValueMinutes(2)) .put("write_timeout", TimeValue.timeValueMinutes(2)) diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/support/BodyPartSource.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/support/BodyPartSource.java index 40e4582ae64..f7376888feb 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/support/BodyPartSource.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/support/BodyPartSource.java @@ -5,18 +5,30 @@ */ package org.elasticsearch.xpack.notification.email.support; +import org.elasticsearch.SpecialPermission; import org.elasticsearch.common.xcontent.ToXContent; +import javax.activation.CommandMap; import javax.activation.FileTypeMap; import javax.mail.MessagingException; import javax.mail.internet.MimeBodyPart; +import java.security.AccessController; +import java.security.PrivilegedAction; /** * */ public abstract class BodyPartSource implements ToXContent { - protected static FileTypeMap fileTypeMap = FileTypeMap.getDefaultFileTypeMap(); + protected static FileTypeMap fileTypeMap; + static { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(new SpecialPermission()); + } + fileTypeMap = AccessController.doPrivileged( + (PrivilegedAction)() -> FileTypeMap.getDefaultFileTypeMap()); + } protected final String id; protected final String name; @@ -46,4 +58,7 @@ public abstract class BodyPartSource implements ToXContent { public abstract MimeBodyPart bodyPart() throws MessagingException; + // exists only to allow ensuring class is initialized + public static void init() {} + } diff --git a/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy b/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy index 881e64e9da4..253b8391b3f 100644 --- a/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy +++ b/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy @@ -11,6 +11,7 @@ grant { // to load the class with the application class loader permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "getClassLoader"; + permission java.lang.RuntimePermission "accessClassInPackage.com.sun.activation.registries"; // bouncy castle permission java.security.SecurityPermission "putProviderProperty.BC"; diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java index 1500c2f6dc2..fd358684e60 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java @@ -6,6 +6,9 @@ package org.elasticsearch.xpack.watcher.history; import org.elasticsearch.action.search.SearchResponse; +import org.elasticsearch.common.logging.ESLogger; +import org.elasticsearch.common.logging.ESLoggerFactory; +import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.search.aggregations.Aggregations; import org.elasticsearch.search.aggregations.bucket.terms.Terms; @@ -15,6 +18,9 @@ import org.elasticsearch.xpack.watcher.execution.ExecutionState; import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase; import org.elasticsearch.xpack.watcher.transport.actions.put.PutWatchResponse; import org.junit.After; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; import static org.elasticsearch.search.aggregations.AggregationBuilders.terms; import static org.elasticsearch.search.builder.SearchSourceBuilder.searchSource; @@ -32,14 +38,17 @@ import static org.hamcrest.Matchers.notNullValue; * not analyzed so they can be used in aggregations */ public class HistoryTemplateEmailMappingsTests extends AbstractWatcherIntegrationTestCase { + private static final ESLogger logger = Loggers.getLogger(HistoryTemplateEmailMappingsTests.class); static final String USERNAME = "_user"; static final String PASSWORD = "_passwd"; - private EmailServer server; + private static EmailServer server; - @After - public void cleanup() throws Exception { - server.stop(); + @AfterClass + public static void cleanup() throws Exception { + if (server != null) { + server.stop(); + } } @Override @@ -52,12 +61,16 @@ public class HistoryTemplateEmailMappingsTests extends AbstractWatcherIntegratio return false; // remove shield noise from this test } - @Override - protected Settings nodeSettings(int nodeOrdinal) { + @BeforeClass + public static void setupEmailServer() { if(server == null) { //Need to construct the Email Server here as this happens before init() server = EmailServer.localhost("2500-2600", USERNAME, PASSWORD, logger); } + } + + @Override + protected Settings nodeSettings(int nodeOrdinal) { return Settings.builder() .put(super.nodeSettings(nodeOrdinal)) From 7838304324f0663942d66816f6a7d9a2bcda844b Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Sat, 21 May 2016 15:19:12 -0700 Subject: [PATCH 04/17] Add comment about added security permission Original commit: elastic/x-pack-elasticsearch@0ef9337378998b47ff18a15393786bf6fb255bd4 --- .../x-pack/src/main/plugin-metadata/plugin-security.policy | 1 + 1 file changed, 1 insertion(+) diff --git a/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy b/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy index 253b8391b3f..d3e821f4858 100644 --- a/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy +++ b/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy @@ -11,6 +11,7 @@ grant { // to load the class with the application class loader permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "getClassLoader"; + // TODO: remove use of this jar as soon as possible!!!! permission java.lang.RuntimePermission "accessClassInPackage.com.sun.activation.registries"; // bouncy castle From b5dc201f5a2da73c1a3e5912d307bfcdf6e44b8b Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Sat, 21 May 2016 22:42:15 -0700 Subject: [PATCH 05/17] Add thirdparty excludes for javax.activation classes Original commit: elastic/x-pack-elasticsearch@d60891f56ff673d5210c32df28d72e4ef5e3bf32 --- elasticsearch/x-pack/build.gradle | 36 +++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/elasticsearch/x-pack/build.gradle b/elasticsearch/x-pack/build.gradle index 07ec70d1a1a..5f4431a1399 100644 --- a/elasticsearch/x-pack/build.gradle +++ b/elasticsearch/x-pack/build.gradle @@ -173,6 +173,42 @@ thirdPartyAudit.excludes = [ 'com.google.common.cache.Striped64$Cell', 'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator', 'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1', + + // pulled in as external dependency to work on java 9 + 'com.sun.activation.registries.LineTokenizer', + 'com.sun.activation.registries.LogSupport', + 'com.sun.activation.registries.MailcapFile', + 'com.sun.activation.registries.MailcapParseException', + 'com.sun.activation.registries.MailcapTokenizer', + 'com.sun.activation.registries.MimeTypeEntry', + 'com.sun.activation.registries.MimeTypeFile', + 'javax.activation.ActivationDataFlavor', + 'javax.activation.CommandInfo', + 'javax.activation.CommandMap', + 'javax.activation.CommandObject', + 'javax.activation.DataContentHandler', + 'javax.activation.DataContentHandlerFactory', + 'javax.activation.DataHandler$1', + 'javax.activation.DataHandler', + 'javax.activation.DataHandlerDataSource', + 'javax.activation.DataSource', + 'javax.activation.DataSourceDataContentHandler', + 'javax.activation.FileDataSource', + 'javax.activation.FileTypeMap', + 'javax.activation.MailcapCommandMap', + 'javax.activation.MimeType', + 'javax.activation.MimeTypeParameterList', + 'javax.activation.MimeTypeParseException', + 'javax.activation.MimetypesFileTypeMap', + 'javax.activation.ObjectDataContentHandler', + 'javax.activation.SecuritySupport$1', + 'javax.activation.SecuritySupport$2', + 'javax.activation.SecuritySupport$3', + 'javax.activation.SecuritySupport$4', + 'javax.activation.SecuritySupport$5', + 'javax.activation.SecuritySupport', + 'javax.activation.URLDataSource', + 'javax.activation.UnsupportedDataTypeException' ] // someone figure out what the x-plugins logic should be From 1f6b401b9dc57479d6c704b634febed04e4be577 Mon Sep 17 00:00:00 2001 From: Boaz Leskes Date: Sun, 22 May 2016 15:57:12 +0200 Subject: [PATCH 06/17] awaitFix on OpenLdapTests.testUsageStats Original commit: elastic/x-pack-elasticsearch@e077dc4449ef644f9dc001f1eacd6795c0bd05b9 --- .../java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java | 1 + 1 file changed, 1 insertion(+) diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java index b09a856da10..96dd335a6a5 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java @@ -97,6 +97,7 @@ public class OpenLdapTests extends ESTestCase { } } + @AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2313") public void testUsageStats() throws Exception { String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"; String userTemplate = "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"; From 12102f433d01063ac30bdfe5480b37da52e58a8e Mon Sep 17 00:00:00 2001 From: uboness Date: Mon, 9 May 2016 13:45:27 +0200 Subject: [PATCH 07/17] Separated the `elastic` user from the internal xpack user Also, - changed the anonymous username to `_anonymous` (used to be `__es_anonymous_user` which I found needlessly, overly, redundantly and not to mention unnecessarily complex :shrug:) - changed the system username and role name to `_system` (used to be `__es_system_user` and `__es_system_role`... it introduced gratuitous and totally un-called for naming complexity :facepalm:) Closes elastic/elasticsearch#2079 Original commit: elastic/x-pack-elasticsearch@63b6de2bbac790d3fe5e1b54cbd578354b47f048 --- .../shield/authc/esnative/ReservedRealm.java | 12 +++--- .../shield/user/AnonymousUser.java | 2 +- .../shield/user/ElasticUser.java | 42 +++++++++++++++++++ .../elasticsearch/shield/user/SystemUser.java | 8 +++- .../org/elasticsearch/shield/user/User.java | 9 +++- .../elasticsearch/shield/user/XPackUser.java | 4 +- .../TransportAuthenticateActionTests.java | 4 +- .../TransportChangePasswordActionTests.java | 6 +-- .../authc/esnative/NativeRealmIntegTests.java | 20 ++++----- .../esnative/ReservedRealmIntegTests.java | 6 +-- .../authc/esnative/ReservedRealmTests.java | 21 +++++----- .../authz/store/FileRolesStoreTests.java | 2 +- .../authz/store/ReservedRolesStoreTests.java | 4 +- .../elasticsearch/shield/user/UserTests.java | 17 ++++++-- .../shield/authz/store/reserved_roles.yml | 2 +- 15 files changed, 111 insertions(+), 48 deletions(-) create mode 100644 elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/ElasticUser.java diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/ReservedRealm.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/ReservedRealm.java index c1b70169a06..115ef62a5f1 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/ReservedRealm.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/ReservedRealm.java @@ -18,7 +18,7 @@ import org.elasticsearch.shield.support.Exceptions; import org.elasticsearch.shield.user.AnonymousUser; import org.elasticsearch.shield.user.KibanaUser; import org.elasticsearch.shield.user.User; -import org.elasticsearch.shield.user.XPackUser; +import org.elasticsearch.shield.user.ElasticUser; import java.util.Arrays; import java.util.Collection; @@ -86,7 +86,7 @@ public class ReservedRealm extends CachingUsernamePasswordRealm { public static boolean isReserved(String username) { assert username != null; switch (username) { - case XPackUser.NAME: + case ElasticUser.NAME: case KibanaUser.NAME: return true; default: @@ -97,8 +97,8 @@ public class ReservedRealm extends CachingUsernamePasswordRealm { public static User getUser(String username) { assert username != null; switch (username) { - case XPackUser.NAME: - return XPackUser.INSTANCE; + case ElasticUser.NAME: + return ElasticUser.INSTANCE; case KibanaUser.NAME: return KibanaUser.INSTANCE; default: @@ -111,9 +111,9 @@ public class ReservedRealm extends CachingUsernamePasswordRealm { public static Collection users() { if (AnonymousUser.enabled()) { - return Arrays.asList(XPackUser.INSTANCE, KibanaUser.INSTANCE, AnonymousUser.INSTANCE); + return Arrays.asList(ElasticUser.INSTANCE, KibanaUser.INSTANCE, AnonymousUser.INSTANCE); } - return Arrays.asList(XPackUser.INSTANCE, KibanaUser.INSTANCE); + return Arrays.asList(ElasticUser.INSTANCE, KibanaUser.INSTANCE); } private char[] getPasswordHash(final String username) { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/AnonymousUser.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/AnonymousUser.java index e55ae3f5a95..818be16d489 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/AnonymousUser.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/AnonymousUser.java @@ -25,7 +25,7 @@ import static org.elasticsearch.shield.Security.setting; */ public class AnonymousUser extends ReservedUser { - public static final String DEFAULT_ANONYMOUS_USERNAME = "_es_anonymous_user"; + public static final String DEFAULT_ANONYMOUS_USERNAME = "_anonymous"; public static final Setting USERNAME_SETTING = new Setting<>(setting("authc.anonymous.username"), DEFAULT_ANONYMOUS_USERNAME, s -> s, Property.NodeScope); public static final Setting> ROLES_SETTING = diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/ElasticUser.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/ElasticUser.java new file mode 100644 index 00000000000..9cd0840fb18 --- /dev/null +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/ElasticUser.java @@ -0,0 +1,42 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.shield.user; + +import org.elasticsearch.shield.authz.permission.SuperuserRole; +import org.elasticsearch.shield.user.User.ReservedUser; + +/** + * The reserved {@code elastic} superuser. As full permission/access to the cluster/indices and can + * run as any other user. + */ +public class ElasticUser extends ReservedUser { + + public static final String NAME = "elastic"; + public static final String ROLE_NAME = SuperuserRole.NAME; + public static final ElasticUser INSTANCE = new ElasticUser(); + + private ElasticUser() { + super(NAME, ROLE_NAME); + } + + @Override + public boolean equals(Object o) { + return INSTANCE == o; + } + + @Override + public int hashCode() { + return System.identityHashCode(this); + } + + public static boolean is(User user) { + return INSTANCE.equals(user); + } + + public static boolean is(String principal) { + return NAME.equals(principal); + } +} diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/SystemUser.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/SystemUser.java index 9b88b280ff7..2f2ed7a6c80 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/SystemUser.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/SystemUser.java @@ -16,8 +16,8 @@ import java.util.function.Predicate; */ public class SystemUser extends User { - public static final String NAME = "__es_system_user"; - public static final String ROLE_NAME = "__es_system_role"; + public static final String NAME = "_system"; + public static final String ROLE_NAME = "_system"; public static final User INSTANCE = new SystemUser(); @@ -41,6 +41,10 @@ public class SystemUser extends User { return INSTANCE.equals(user); } + public static boolean is(String principal) { + return NAME.equals(principal); + } + public static boolean isAuthorized(String action) { return PREDICATE.test(action); } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/User.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/User.java index b47aa1067d9..9818e745421 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/User.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/User.java @@ -187,12 +187,14 @@ public class User implements ToXContent { public static User readFrom(StreamInput input) throws IOException { if (input.readBoolean()) { String name = input.readString(); - if (SystemUser.NAME.equals(name)) { + if (SystemUser.is(name)) { return SystemUser.INSTANCE; + } else if (XPackUser.is(name)) { + return XPackUser.INSTANCE; } User user = ReservedRealm.getUser(name); if (user == null) { - throw new IllegalStateException("invalid internal user"); + throw new IllegalStateException("invalid reserved user"); } return user; } @@ -217,6 +219,9 @@ public class User implements ToXContent { if (SystemUser.is(user)) { output.writeBoolean(true); output.writeString(SystemUser.NAME); + } else if (XPackUser.is(user)) { + output.writeBoolean(true); + output.writeString(XPackUser.NAME); } else if (ReservedRealm.isReserved(user.principal())) { output.writeBoolean(true); output.writeString(user.principal()); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/XPackUser.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/XPackUser.java index 84de4f8f0b2..059eb454f30 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/XPackUser.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/XPackUser.java @@ -12,9 +12,9 @@ import org.elasticsearch.shield.user.User.ReservedUser; * XPack internal user that manages xpack. Has all cluster/indices permissions for watcher, * shield and monitoring to operate. */ -public class XPackUser extends ReservedUser { +public class XPackUser extends User { - public static final String NAME = "elastic"; + public static final String NAME = "_xpack"; public static final String ROLE_NAME = SuperuserRole.NAME; public static final XPackUser INSTANCE = new XPackUser(); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportAuthenticateActionTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportAuthenticateActionTests.java index 20e553750bc..4cb4cd9bf24 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportAuthenticateActionTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportAuthenticateActionTests.java @@ -11,10 +11,10 @@ import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.shield.SecurityContext; +import org.elasticsearch.shield.user.ElasticUser; import org.elasticsearch.shield.user.KibanaUser; import org.elasticsearch.shield.user.SystemUser; import org.elasticsearch.shield.user.User; -import org.elasticsearch.shield.user.XPackUser; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportService; @@ -83,7 +83,7 @@ public class TransportAuthenticateActionTests extends ESTestCase { } public void testValidUser() { - final User user = randomFrom(XPackUser.INSTANCE, KibanaUser.INSTANCE, new User("joe")); + final User user = randomFrom(ElasticUser.INSTANCE, KibanaUser.INSTANCE, new User("joe")); SecurityContext securityContext = mock(SecurityContext.class); when(securityContext.getUser()).thenReturn(user); TransportAuthenticateAction action = new TransportAuthenticateAction(Settings.EMPTY, mock(ThreadPool.class), diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportChangePasswordActionTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportChangePasswordActionTests.java index ab51cb976ee..06e113bf695 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportChangePasswordActionTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/action/user/TransportChangePasswordActionTests.java @@ -14,10 +14,10 @@ import org.elasticsearch.shield.authc.esnative.NativeUsersStore; import org.elasticsearch.shield.authc.support.Hasher; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.user.AnonymousUser; +import org.elasticsearch.shield.user.ElasticUser; import org.elasticsearch.shield.user.KibanaUser; import org.elasticsearch.shield.user.SystemUser; import org.elasticsearch.shield.user.User; -import org.elasticsearch.shield.user.XPackUser; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportService; @@ -109,7 +109,7 @@ public class TransportChangePasswordActionTests extends ESTestCase { } public void testValidUser() { - final User user = randomFrom(XPackUser.INSTANCE, KibanaUser.INSTANCE, new User("joe")); + final User user = randomFrom(ElasticUser.INSTANCE, KibanaUser.INSTANCE, new User("joe")); NativeUsersStore usersStore = mock(NativeUsersStore.class); ChangePasswordRequest request = new ChangePasswordRequest(); request.username(user.principal()); @@ -147,7 +147,7 @@ public class TransportChangePasswordActionTests extends ESTestCase { } public void testException() { - final User user = randomFrom(XPackUser.INSTANCE, KibanaUser.INSTANCE, new User("joe")); + final User user = randomFrom(ElasticUser.INSTANCE, KibanaUser.INSTANCE, new User("joe")); NativeUsersStore usersStore = mock(NativeUsersStore.class); ChangePasswordRequest request = new ChangePasswordRequest(); request.username(user.principal()); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java index 432b1726b29..8ef07027eb1 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java @@ -16,25 +16,25 @@ import org.elasticsearch.common.bytes.BytesArray; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.rest.RestStatus; import org.elasticsearch.shield.ShieldTemplateService; +import org.elasticsearch.shield.action.role.DeleteRoleResponse; +import org.elasticsearch.shield.action.role.GetRolesResponse; import org.elasticsearch.shield.action.user.AuthenticateAction; import org.elasticsearch.shield.action.user.AuthenticateRequest; import org.elasticsearch.shield.action.user.AuthenticateResponse; import org.elasticsearch.shield.action.user.ChangePasswordResponse; -import org.elasticsearch.shield.authz.permission.KibanaRole; -import org.elasticsearch.shield.authz.permission.SuperuserRole; -import org.elasticsearch.shield.user.AnonymousUser; -import org.elasticsearch.shield.user.KibanaUser; -import org.elasticsearch.shield.user.SystemUser; -import org.elasticsearch.shield.user.User; -import org.elasticsearch.shield.action.role.DeleteRoleResponse; -import org.elasticsearch.shield.action.role.GetRolesResponse; import org.elasticsearch.shield.action.user.DeleteUserResponse; import org.elasticsearch.shield.action.user.GetUsersResponse; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authz.RoleDescriptor; +import org.elasticsearch.shield.authz.permission.KibanaRole; import org.elasticsearch.shield.authz.permission.Role; +import org.elasticsearch.shield.authz.permission.SuperuserRole; import org.elasticsearch.shield.client.SecurityClient; -import org.elasticsearch.shield.user.XPackUser; +import org.elasticsearch.shield.user.AnonymousUser; +import org.elasticsearch.shield.user.ElasticUser; +import org.elasticsearch.shield.user.KibanaUser; +import org.elasticsearch.shield.user.SystemUser; +import org.elasticsearch.shield.user.User; import org.elasticsearch.test.NativeRealmIntegTestCase; import org.elasticsearch.test.ShieldSettingsSource; import org.junit.BeforeClass; @@ -457,7 +457,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase { } public void testOperationsOnReservedUsers() throws Exception { - final String username = randomFrom(XPackUser.NAME, KibanaUser.NAME); + final String username = randomFrom(ElasticUser.NAME, KibanaUser.NAME); IllegalArgumentException exception = expectThrows(IllegalArgumentException.class, () -> securityClient().preparePutUser(username, randomBoolean() ? "changeme".toCharArray() : null, "admin").get()); assertThat(exception.getMessage(), containsString("user [" + username + "] is reserved")); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmIntegTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmIntegTests.java index 7251bd85fed..c1f549bf058 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmIntegTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmIntegTests.java @@ -7,8 +7,8 @@ package org.elasticsearch.shield.authc.esnative; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse; +import org.elasticsearch.shield.user.ElasticUser; import org.elasticsearch.shield.user.KibanaUser; -import org.elasticsearch.shield.user.XPackUser; import org.elasticsearch.shield.action.user.ChangePasswordResponse; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.test.NativeRealmIntegTestCase; @@ -29,7 +29,7 @@ public class ReservedRealmIntegTests extends NativeRealmIntegTestCase { private static final SecuredString DEFAULT_PASSWORD = new SecuredString("changeme".toCharArray()); public void testAuthenticate() { - for (String username : Arrays.asList(XPackUser.NAME, KibanaUser.NAME)) { + for (String username : Arrays.asList(ElasticUser.NAME, KibanaUser.NAME)) { ClusterHealthResponse response = client() .filterWithHeader(singletonMap("Authorization", basicAuthHeaderValue(username, DEFAULT_PASSWORD))) .admin() @@ -42,7 +42,7 @@ public class ReservedRealmIntegTests extends NativeRealmIntegTestCase { } public void testChangingPassword() { - String username = randomFrom(XPackUser.NAME, KibanaUser.NAME); + String username = randomFrom(ElasticUser.NAME, KibanaUser.NAME); final char[] newPassword = "supersecretvalue".toCharArray(); if (randomBoolean()) { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java index 80fb786688a..f803306aae4 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java @@ -13,9 +13,9 @@ import org.elasticsearch.shield.authc.support.Hasher; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.user.AnonymousUser; +import org.elasticsearch.shield.user.ElasticUser; import org.elasticsearch.shield.user.KibanaUser; import org.elasticsearch.shield.user.User; -import org.elasticsearch.shield.user.XPackUser; import org.elasticsearch.test.ESTestCase; import org.junit.Before; @@ -49,7 +49,7 @@ public class ReservedRealmTests extends ESTestCase { public void testUserStoreNotStarted() { when(usersStore.started()).thenReturn(false); final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore); - final String principal = randomFrom(XPackUser.NAME, KibanaUser.NAME); + final String principal = randomFrom(ElasticUser.NAME, KibanaUser.NAME); ElasticsearchSecurityException expected = expectThrows(ElasticsearchSecurityException.class, () -> reservedRealm.doAuthenticate(new UsernamePasswordToken(principal, DEFAULT_PASSWORD))); @@ -65,7 +65,7 @@ public class ReservedRealmTests extends ESTestCase { when(usersStore.shieldIndexExists()).thenReturn(true); } final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore); - final User expected = randomFrom((User) XPackUser.INSTANCE, (User) KibanaUser.INSTANCE); + final User expected = randomFrom((User) ElasticUser.INSTANCE, KibanaUser.INSTANCE); final String principal = expected.principal(); final User authenticated = reservedRealm.doAuthenticate(new UsernamePasswordToken(principal, DEFAULT_PASSWORD)); @@ -81,7 +81,7 @@ public class ReservedRealmTests extends ESTestCase { public void testAuthenticationWithStoredPassword() throws Throwable { final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore); - final User expectedUser = randomFrom((User) XPackUser.INSTANCE, (User) KibanaUser.INSTANCE); + final User expectedUser = randomFrom((User) ElasticUser.INSTANCE, KibanaUser.INSTANCE); final String principal = expectedUser.principal(); final SecuredString newPassword = new SecuredString("foobar".toCharArray()); when(usersStore.shieldIndexExists()).thenReturn(true); @@ -107,7 +107,7 @@ public class ReservedRealmTests extends ESTestCase { public void testLookup() { final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore); - final User expectedUser = randomFrom((User) XPackUser.INSTANCE, (User) KibanaUser.INSTANCE); + final User expectedUser = randomFrom((User) ElasticUser.INSTANCE, KibanaUser.INSTANCE); final String principal = expectedUser.principal(); final User user = reservedRealm.doLookupUser(principal); @@ -120,7 +120,7 @@ public class ReservedRealmTests extends ESTestCase { } public void testHelperMethods() { - final User expectedUser = randomFrom((User) XPackUser.INSTANCE, KibanaUser.INSTANCE); + final User expectedUser = randomFrom((User) ElasticUser.INSTANCE, KibanaUser.INSTANCE); final String principal = expectedUser.principal(); assertThat(ReservedRealm.isReserved(principal), is(true)); assertThat(ReservedRealm.getUser(principal), sameInstance(expectedUser)); @@ -129,19 +129,20 @@ public class ReservedRealmTests extends ESTestCase { assertThat(ReservedRealm.isReserved(notExpected), is(false)); assertThat(ReservedRealm.getUser(notExpected), nullValue()); - assertThat(ReservedRealm.users(), containsInAnyOrder((User) XPackUser.INSTANCE, KibanaUser.INSTANCE)); + assertThat(ReservedRealm.users(), containsInAnyOrder((User) ElasticUser.INSTANCE, KibanaUser.INSTANCE)); } public void testFailedAuthentication() { final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore); // maybe cache a successful auth if (randomBoolean()) { - User user = reservedRealm.authenticate(new UsernamePasswordToken(XPackUser.NAME, new SecuredString("changeme".toCharArray()))); - assertThat(user, sameInstance(XPackUser.INSTANCE)); + User user = reservedRealm.authenticate( + new UsernamePasswordToken(ElasticUser.NAME, new SecuredString("changeme".toCharArray()))); + assertThat(user, sameInstance(ElasticUser.INSTANCE)); } try { - reservedRealm.authenticate(new UsernamePasswordToken(XPackUser.NAME, new SecuredString("foobar".toCharArray()))); + reservedRealm.authenticate(new UsernamePasswordToken(ElasticUser.NAME, new SecuredString("foobar".toCharArray()))); fail("authentication should throw an exception otherwise we may allow others to impersonate reserved users..."); } catch (ElasticsearchSecurityException e) { assertThat(e.getMessage(), containsString("failed to authenticate")); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java index 6b5a83d147a..6dc6bbabd26 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java @@ -358,7 +358,7 @@ public class FileRolesStoreTests extends ESTestCase { assertThat(messages, notNullValue()); assertThat(messages, hasSize(4)); // the system role will always be checked first - assertThat(messages.get(0).text, containsString("role [__es_system_role] is reserved")); + assertThat(messages.get(0).text, containsString("role [_system] is reserved")); assertThat(messages.get(1).text, containsString("role [superuser] is reserved")); assertThat(messages.get(2).text, containsString("role [kibana] is reserved")); assertThat(messages.get(3).text, containsString("role [transport_client] is reserved")); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/ReservedRolesStoreTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/ReservedRolesStoreTests.java index 72fa777da0d..fd45d9814a8 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/ReservedRolesStoreTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/ReservedRolesStoreTests.java @@ -9,10 +9,10 @@ import org.elasticsearch.shield.SecurityContext; import org.elasticsearch.shield.authz.permission.KibanaRole; import org.elasticsearch.shield.authz.permission.SuperuserRole; import org.elasticsearch.shield.authz.permission.TransportClientRole; +import org.elasticsearch.shield.user.ElasticUser; import org.elasticsearch.shield.user.KibanaUser; import org.elasticsearch.shield.user.SystemUser; import org.elasticsearch.shield.user.User; -import org.elasticsearch.shield.user.XPackUser; import org.elasticsearch.test.ESTestCase; import org.junit.Before; @@ -41,7 +41,7 @@ public class ReservedRolesStoreTests extends ESTestCase { public void testRetrievingReservedRolesNonKibanaUser() { if (randomBoolean()) { - when(securityContext.getUser()).thenReturn(XPackUser.INSTANCE); + when(securityContext.getUser()).thenReturn(ElasticUser.INSTANCE); } assertThat(reservedRolesStore.role(SuperuserRole.NAME), sameInstance(SuperuserRole.INSTANCE)); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/UserTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/UserTests.java index 2f56594153f..24eee718dbe 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/UserTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/user/UserTests.java @@ -10,6 +10,7 @@ import org.elasticsearch.common.Strings; import org.elasticsearch.common.io.stream.ByteBufferStreamInput; import org.elasticsearch.common.io.stream.BytesStreamOutput; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.xpack.XPackClient; import java.util.Arrays; import java.util.Collections; @@ -58,7 +59,7 @@ public class UserTests extends ESTestCase { assertThat(readFromRunAs.runAs(), is(nullValue())); } - public void testSystemReadAndWrite() throws Exception { + public void testSystemUserReadAndWrite() throws Exception { BytesStreamOutput output = new BytesStreamOutput(); User.writeTo(SystemUser.INSTANCE, output); @@ -68,6 +69,16 @@ public class UserTests extends ESTestCase { assertThat(readFrom.runAs(), is(nullValue())); } + public void testXPackUserReadAndWrite() throws Exception { + BytesStreamOutput output = new BytesStreamOutput(); + + User.writeTo(XPackUser.INSTANCE, output); + User readFrom = User.readFrom(ByteBufferStreamInput.wrap(output.bytes())); + + assertThat(readFrom, is(sameInstance(XPackUser.INSTANCE))); + assertThat(readFrom.runAs(), is(nullValue())); + } + public void testFakeInternalUserSerialization() throws Exception { BytesStreamOutput output = new BytesStreamOutput(); output.writeBoolean(true); @@ -102,10 +113,10 @@ public class UserTests extends ESTestCase { public void testReservedUserSerialization() throws Exception { BytesStreamOutput output = new BytesStreamOutput(); - User.writeTo(XPackUser.INSTANCE, output); + User.writeTo(ElasticUser.INSTANCE, output); User readFrom = User.readFrom(ByteBufferStreamInput.wrap(output.bytes())); - assertThat(readFrom, is(sameInstance(XPackUser.INSTANCE))); + assertThat(readFrom, is(sameInstance(ElasticUser.INSTANCE))); output = new BytesStreamOutput(); User.writeTo(KibanaUser.INSTANCE, output); diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/reserved_roles.yml b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/reserved_roles.yml index 754a4c46c3c..30735f7d8ec 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/reserved_roles.yml +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/reserved_roles.yml @@ -5,7 +5,7 @@ admin: - names: '*' privileges: [ all ] -__es_system_role: +_system: cluster: - all indices: From 80db81e320693f4f2a744b36c41435d47e15b23b Mon Sep 17 00:00:00 2001 From: uboness Date: Mon, 23 May 2016 00:35:57 +0200 Subject: [PATCH 08/17] Fix test Closes elastic/elasticsearch#2313 Original commit: elastic/x-pack-elasticsearch@3729849cbed3e3c7768a6d2dc0eacc333e54341b --- .../org/elasticsearch/shield/authc/ldap/OpenLdapTests.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java index 96dd335a6a5..44db35ba2dc 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/OpenLdapTests.java @@ -97,7 +97,6 @@ public class OpenLdapTests extends ESTestCase { } } - @AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2313") public void testUsageStats() throws Exception { String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"; String userTemplate = "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"; @@ -120,7 +119,7 @@ public class OpenLdapTests extends ESTestCase { Map stats = realm.usageStats(); assertThat(stats, is(notNullValue())); - assertThat(stats, hasEntry("size", "small")); + assertThat(stats, hasEntry("size", "tiny")); assertThat(stats, hasEntry("ssl", true)); assertThat(stats, hasEntry("user_search", userSearch)); assertThat(stats, hasEntry("load_balance_type", loadBalanceType)); From a0f826c8ed9bc108cde6ae2c9feb48f458266fde Mon Sep 17 00:00:00 2001 From: Luca Cavanna Date: Mon, 23 May 2016 10:01:03 +0200 Subject: [PATCH 09/17] fix xpack.usage api name and add a basic REST test for it (elastic/elasticsearch#2308) There were two api with same name, depending on the platform one or the other was being loaded first, hence the xpack info tests may fail due to unsupported params being used. Original commit: elastic/x-pack-elasticsearch@bd44eef3cc7cc16b9800e31659de3736e483b76c --- .../resources/rest-api-spec/api/xpack.info.json | 2 +- .../resources/rest-api-spec/api/xpack.usage.json | 2 +- .../rest-api-spec/test/xpack/15_basic.yaml | 15 +++++++++++++-- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.info.json b/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.info.json index 206cbf40a0a..e3d71ab64bc 100644 --- a/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.info.json +++ b/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.info.json @@ -1,6 +1,6 @@ { "xpack.info": { - "documentation": "Retrieve information about xpack, including buid number/timestamp and license status", + "documentation": "Retrieve information about xpack, including build number/timestamp and license status", "methods": [ "GET" ], "url": { "path": "/_xpack", diff --git a/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.usage.json b/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.usage.json index 35e24a0c5f2..f66f3afad99 100644 --- a/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.usage.json +++ b/elasticsearch/x-pack/src/test/resources/rest-api-spec/api/xpack.usage.json @@ -1,5 +1,5 @@ { - "xpack.info": { + "xpack.usage": { "documentation": "Retrieve information about xpack features usage", "methods": [ "GET" ], "url": { diff --git a/elasticsearch/x-pack/src/test/resources/rest-api-spec/test/xpack/15_basic.yaml b/elasticsearch/x-pack/src/test/resources/rest-api-spec/test/xpack/15_basic.yaml index 140de33fb33..515670ce7f2 100644 --- a/elasticsearch/x-pack/src/test/resources/rest-api-spec/test/xpack/15_basic.yaml +++ b/elasticsearch/x-pack/src/test/resources/rest-api-spec/test/xpack/15_basic.yaml @@ -1,6 +1,6 @@ -# Integration tests xpack info API +# Integration tests xpack info and usage API # -"X-Pack Info": +"X-Pack Info and Usage": - do: cluster.health: @@ -83,6 +83,17 @@ - is_true: features.monitoring.description - is_true: tagline + - do: + xpack.usage: {} + - is_true: watcher.enabled + - is_true: watcher.available + - is_true: security.enabled + - is_true: security.available + - is_true: graph.enabled + - is_true: graph.available + - is_true: monitoring.enabled + - is_true: monitoring.available + - do: xpack.info: categories: "_none" From 6860944f07676de958832fd87eb98f564b154436 Mon Sep 17 00:00:00 2001 From: Adrien Grand Date: Wed, 18 May 2016 09:20:25 +0200 Subject: [PATCH 10/17] Use Java's Base64 instead of elasticsearch's. elastic/elasticsearch#2282 Original commit: elastic/x-pack-elasticsearch@c2e748d732ae69201bbd2b95af62739bd17d03d9 --- .../license/core/CryptUtils.java | 5 ++- .../elasticsearch/license/core/License.java | 8 ++--- .../license/core/LicenseVerifier.java | 6 ++-- .../license/licensor/LicenseSigner.java | 6 ++-- .../messy/tests/SearchTransformIT.java | 4 +-- .../license/plugin/core/LicensesMetaData.java | 8 ++--- .../license/plugin/core/TrialLicense.java | 6 ++-- .../license/plugin/TrialLicenseTests.java | 4 +-- .../LicensesMetaDataSerializationTests.java | 10 +++--- .../agent/exporter/http/HttpExporter.java | 4 +-- .../authc/InternalAuthenticationService.java | 6 ++-- .../shield/authc/support/Hasher.java | 15 ++++----- .../authc/support/UsernamePasswordToken.java | 9 +++--- .../shield/crypto/InternalCryptoService.java | 32 ++++++++----------- .../InternalAuthenticationServiceTests.java | 4 +-- .../support/UsernamePasswordTokenTests.java | 6 ++-- .../http/auth/basic/ApplicableBasicAuth.java | 4 +-- 17 files changed, 65 insertions(+), 72 deletions(-) diff --git a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/CryptUtils.java b/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/CryptUtils.java index 2cf0e4330de..6940d121402 100644 --- a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/CryptUtils.java +++ b/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/CryptUtils.java @@ -6,8 +6,6 @@ package org.elasticsearch.license.core; -import org.elasticsearch.common.Base64; - import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; @@ -27,6 +25,7 @@ import java.security.SecureRandom; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; +import java.util.Base64; public class CryptUtils { private static final int minimumPadding = 20; @@ -251,6 +250,6 @@ public class CryptUtils { private static char[] hashPassPhrase(String passPhrase) throws NoSuchAlgorithmException { final byte[] passBytes = passPhrase.getBytes(StandardCharsets.UTF_8); final byte[] digest = MessageDigest.getInstance(passHashAlgorithm).digest(passBytes); - return new String(Base64.encodeBytesToBytes(digest), StandardCharsets.UTF_8).toCharArray(); + return Base64.getEncoder().encodeToString(digest).toCharArray(); } } diff --git a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/License.java b/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/License.java index 6e9e9fd4816..9acb3a6f4ee 100644 --- a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/License.java +++ b/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/License.java @@ -8,7 +8,6 @@ package org.elasticsearch.license.core; import org.apache.lucene.util.CollectionUtil; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchParseException; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; import org.elasticsearch.common.xcontent.ToXContent; @@ -20,6 +19,7 @@ import java.io.IOException; import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; import java.util.ArrayList; +import java.util.Base64; import java.util.Comparator; import java.util.List; import java.util.Locale; @@ -388,7 +388,7 @@ public class License implements ToXContent { } // not a license spec if (builder.signature != null) { - byte[] signatureBytes = Base64.decode(builder.signature); + byte[] signatureBytes = Base64.getDecoder().decode(builder.signature); ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes); int version = byteBuffer.getInt(); // we take the absolute version, because negative versions @@ -415,10 +415,10 @@ public class License implements ToXContent { */ public static boolean isAutoGeneratedLicense(String signature) { try { - byte[] signatureBytes = Base64.decode(signature); + byte[] signatureBytes = Base64.getDecoder().decode(signature); ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes); return byteBuffer.getInt() < 0; - } catch (IOException e) { + } catch (IllegalArgumentException e) { throw new IllegalStateException(e); } } diff --git a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/LicenseVerifier.java b/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/LicenseVerifier.java index 51ace787491..1bef3dc58e7 100644 --- a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/LicenseVerifier.java +++ b/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/LicenseVerifier.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.license.core; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; @@ -18,6 +17,7 @@ import java.security.NoSuchAlgorithmException; import java.security.Signature; import java.security.SignatureException; import java.util.Arrays; +import java.util.Base64; import java.util.Collections; /** @@ -35,7 +35,7 @@ public class LicenseVerifier { byte[] signedContent = null; byte[] signatureHash = null; try { - byte[] signatureBytes = Base64.decode(license.signature()); + byte[] signatureBytes = Base64.getDecoder().decode(license.signature()); ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes); int version = byteBuffer.getInt(); int magicLen = byteBuffer.getInt(); @@ -53,7 +53,7 @@ public class LicenseVerifier { rsa.initVerify(CryptUtils.readEncryptedPublicKey(encryptedPublicKeyData)); rsa.update(contentBuilder.bytes().toBytes()); return rsa.verify(signedContent) - && Arrays.equals(Base64.encodeBytesToBytes(encryptedPublicKeyData), signatureHash); + && Arrays.equals(Base64.getEncoder().encode(encryptedPublicKeyData), signatureHash); } catch (IOException | NoSuchAlgorithmException | SignatureException | InvalidKeyException e) { throw new IllegalStateException(e); } finally { diff --git a/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java b/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java index c9a99623930..915c9ba86dc 100644 --- a/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java +++ b/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.license.licensor; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; @@ -22,6 +21,7 @@ import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.Signature; import java.security.SignatureException; +import java.util.Base64; import java.util.Collections; /** @@ -63,7 +63,7 @@ public class LicenseSigner { final byte[] magic = new byte[MAGIC_LENGTH]; SecureRandom random = new SecureRandom(); random.nextBytes(magic); - final byte[] hash = Base64.encodeBytesToBytes(Files.readAllBytes(publicKeyPath)); + final byte[] hash = Base64.getEncoder().encode(Files.readAllBytes(publicKeyPath)); assert hash != null; byte[] bytes = new byte[4 + 4 + MAGIC_LENGTH + 4 + hash.length + 4 + signedContent.length]; ByteBuffer byteBuffer = ByteBuffer.wrap(bytes); @@ -76,7 +76,7 @@ public class LicenseSigner { .put(signedContent); return License.builder() - .fromLicenseSpec(licenseSpec, Base64.encodeBytes(bytes)) + .fromLicenseSpec(licenseSpec, Base64.getEncoder().encodeToString(bytes)) .build(); } } diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformIT.java b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformIT.java index 335dea193a9..dc13579070b 100644 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformIT.java +++ b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformIT.java @@ -10,7 +10,6 @@ import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.search.SearchType; import org.elasticsearch.client.Requests; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.bytes.BytesArray; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.io.Streams; @@ -60,6 +59,7 @@ import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.util.ArrayList; +import java.util.Base64; import java.util.Collection; import java.util.HashMap; import java.util.Map; @@ -214,7 +214,7 @@ public class SearchTransformIT extends ESIntegTestCase { assertThat(map.get("query"), instanceOf(String.class)); String queryAsBase64 = (String) map.get("query"); - String decodedQuery = new String(Base64.decode(queryAsBase64), StandardCharsets.UTF_8); + String decodedQuery = new String(Base64.getDecoder().decode(queryAsBase64), StandardCharsets.UTF_8); assertThat(decodedQuery, containsString("_unknown_query_")); } diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesMetaData.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesMetaData.java index 6ac3f8d6acd..de8dc139750 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesMetaData.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesMetaData.java @@ -9,7 +9,6 @@ import org.apache.lucene.util.CollectionUtil; import org.elasticsearch.Version; import org.elasticsearch.cluster.AbstractDiffable; import org.elasticsearch.cluster.metadata.MetaData; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; import org.elasticsearch.common.xcontent.ToXContent; @@ -21,6 +20,7 @@ import org.elasticsearch.license.core.License; import java.io.IOException; import java.util.ArrayList; +import java.util.Base64; import java.util.Collections; import java.util.EnumSet; import java.util.List; @@ -114,7 +114,7 @@ public class LicensesMetaData extends AbstractDiffable implemen while (parser.nextToken() != XContentParser.Token.END_ARRAY) { if (parser.currentToken().isValue()) { // trial license - byte[] data = decrypt(Base64.decode(parser.text())); + byte[] data = decrypt(Base64.getDecoder().decode(parser.text())); try (XContentParser trialLicenseParser = XContentFactory.xContent(XContentType.JSON).createParser(data)) { trialLicenseParser.nextToken(); @@ -186,7 +186,7 @@ public class LicensesMetaData extends AbstractDiffable implemen XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON); license.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap(License.LICENSE_SPEC_VIEW_MODE, "true"))); - streamOutput.writeString(Base64.encodeBytes(encrypt(contentBuilder.bytes().toBytes()))); + streamOutput.writeString(Base64.getEncoder().encodeToString(encrypt(contentBuilder.bytes().toBytes()))); } } else { if (license == LICENSE_TOMBSTONE) { @@ -209,7 +209,7 @@ public class LicensesMetaData extends AbstractDiffable implemen } int numTrialLicenses = streamInput.readVInt(); for (int i = 0; i < numTrialLicenses; i++) { - byte[] data = decrypt(Base64.decode(streamInput.readString())); + byte[] data = decrypt(Base64.getDecoder().decode(streamInput.readString())); try (XContentParser trialLicenseParser = XContentFactory.xContent(XContentType.JSON).createParser(data)) { trialLicenseParser.nextToken(); License pre20TrialLicense = License.fromXContent(trialLicenseParser); diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/TrialLicense.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/TrialLicense.java index d63753e7666..814e220cd7b 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/TrialLicense.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/TrialLicense.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.license.plugin.core; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; @@ -15,6 +14,7 @@ import org.elasticsearch.license.core.License; import java.io.IOException; import java.nio.ByteBuffer; +import java.util.Base64; import java.util.Collections; import static org.elasticsearch.license.core.CryptUtils.decrypt; @@ -39,7 +39,7 @@ public class TrialLicense { byteBuffer.putInt(-License.VERSION_CURRENT) .putInt(encrypt.length) .put(encrypt); - signature = Base64.encodeBytes(bytes); + signature = Base64.getEncoder().encodeToString(bytes); } catch (IOException e) { throw new IllegalStateException(e); } @@ -48,7 +48,7 @@ public class TrialLicense { public static boolean verify(final License license) { try { - byte[] signatureBytes = Base64.decode(license.signature()); + byte[] signatureBytes = Base64.getDecoder().decode(license.signature()); ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes); int version = byteBuffer.getInt(); int contentLen = byteBuffer.getInt(); diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/TrialLicenseTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/TrialLicenseTests.java index 716c33b1b59..d520ae0e3d7 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/TrialLicenseTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/TrialLicenseTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.license.plugin; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -17,6 +16,7 @@ import org.elasticsearch.test.ESTestCase; import java.io.IOException; import java.nio.ByteBuffer; +import java.util.Base64; import java.util.Collections; import java.util.UUID; @@ -102,7 +102,7 @@ public class TrialLicenseTests extends ESTestCase { byteBuffer.putInt(-spec.version()) .putInt(encrypt.length) .put(encrypt); - signature = Base64.encodeBytes(bytes); + signature = Base64.getEncoder().encodeToString(bytes); } catch (IOException e) { throw new IllegalStateException(e); } diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesMetaDataSerializationTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesMetaDataSerializationTests.java index cb02eda63c2..5ca36015575 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesMetaDataSerializationTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesMetaDataSerializationTests.java @@ -9,7 +9,6 @@ import org.elasticsearch.Version; import org.elasticsearch.cluster.metadata.MetaData; import org.elasticsearch.cluster.metadata.RepositoriesMetaData; import org.elasticsearch.cluster.metadata.RepositoryMetaData; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.io.stream.ByteBufferStreamInput; import org.elasticsearch.common.io.stream.BytesStreamOutput; import org.elasticsearch.common.settings.Settings; @@ -26,6 +25,7 @@ import org.elasticsearch.license.plugin.TestUtils; import org.elasticsearch.test.ESTestCase; import java.nio.ByteBuffer; +import java.util.Base64; import java.util.Collections; import java.util.UUID; @@ -113,7 +113,7 @@ public class LicensesMetaDataSerializationTests extends ESTestCase { builder.startArray("trial_licenses"); XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON); trialLicense.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap(License.LICENSE_SPEC_VIEW_MODE, "true"))); - builder.value(Base64.encodeBytes(encrypt(contentBuilder.bytes().toBytes()))); + builder.value(Base64.getEncoder().encodeToString(encrypt(contentBuilder.bytes().toBytes()))); builder.endArray(); builder.startArray("signed_licenses"); builder.endArray(); @@ -143,7 +143,7 @@ public class LicensesMetaDataSerializationTests extends ESTestCase { builder.startArray("trial_licenses"); contentBuilder = XContentFactory.contentBuilder(XContentType.JSON); trialLicense.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap(License.LICENSE_SPEC_VIEW_MODE, "true"))); - builder.value(Base64.encodeBytes(encrypt(contentBuilder.bytes().toBytes()))); + builder.value(Base64.getEncoder().encodeToString(encrypt(contentBuilder.bytes().toBytes()))); builder.endArray(); builder.startArray("signed_licenses"); signedLicense.toXContent(builder, ToXContent.EMPTY_PARAMS); @@ -162,7 +162,7 @@ public class LicensesMetaDataSerializationTests extends ESTestCase { builder.startArray("trial_licenses"); contentBuilder = XContentFactory.contentBuilder(XContentType.JSON); trialLicense.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap(License.LICENSE_SPEC_VIEW_MODE, "true"))); - builder.value(Base64.encodeBytes(encrypt(contentBuilder.bytes().toBytes()))); + builder.value(Base64.getEncoder().encodeToString(encrypt(contentBuilder.bytes().toBytes()))); builder.endArray(); builder.startArray("signed_licenses"); signedLicense.toXContent(builder, ToXContent.EMPTY_PARAMS); @@ -190,7 +190,7 @@ public class LicensesMetaDataSerializationTests extends ESTestCase { output.writeVInt(1); XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON); trialLicense.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap(License.LICENSE_SPEC_VIEW_MODE, "true"))); - output.writeString(Base64.encodeBytes(encrypt(contentBuilder.bytes().toBytes()))); + output.writeString(Base64.getEncoder().encodeToString(encrypt(contentBuilder.bytes().toBytes()))); byte[] bytes = output.bytes().toBytes(); ByteBufferStreamInput input = new ByteBufferStreamInput(ByteBuffer.wrap(bytes)); diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java index 5137b1a867f..cbbb1a097d2 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java @@ -9,7 +9,6 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.SpecialPermission; import org.elasticsearch.Version; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; import org.elasticsearch.common.inject.Inject; @@ -53,6 +52,7 @@ import java.security.AccessController; import java.security.KeyStore; import java.security.PrivilegedAction; import java.util.ArrayList; +import java.util.Base64; import java.util.Collection; import java.util.Map; import java.util.stream.Collectors; @@ -683,7 +683,7 @@ public class HttpExporter extends Exporter { void apply(HttpURLConnection connection) throws UnsupportedEncodingException { String userInfo = username + ":" + (password != null ? new String(password) : ""); - String basicAuth = "Basic " + Base64.encodeBytes(userInfo.getBytes("ISO-8859-1")); + String basicAuth = "Basic " + Base64.getEncoder().encodeToString(userInfo.getBytes("ISO-8859-1")); connection.setRequestProperty("Authorization", basicAuth); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java index 5dafd0a585e..343b08d50c4 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java @@ -7,7 +7,6 @@ package org.elasticsearch.shield.authc; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.Version; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.Strings; import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.inject.Inject; @@ -29,6 +28,7 @@ import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportMessage; import java.io.IOException; +import java.util.Base64; import static org.elasticsearch.shield.Security.setting; import static org.elasticsearch.shield.support.Exceptions.authenticationError; @@ -157,7 +157,7 @@ public class InternalAuthenticationService extends AbstractComponent implements static User decodeUser(String text) { try { - byte[] bytes = Base64.decode(text); + byte[] bytes = Base64.getDecoder().decode(text); StreamInput input = StreamInput.wrap(bytes); Version version = Version.readVersion(input); input.setVersion(version); @@ -173,7 +173,7 @@ public class InternalAuthenticationService extends AbstractComponent implements Version.writeVersion(Version.CURRENT, output); User.writeTo(user, output); byte[] bytes = output.bytes().toBytes(); - return Base64.encodeBytes(bytes); + return Base64.getEncoder().encodeToString(bytes); } catch (IOException ioe) { if (logger != null) { logger.error("could not encode authenticated user in message header... falling back to token headers", ioe); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/Hasher.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/Hasher.java index 528e0b2a5e6..73acdaaf8ac 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/Hasher.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/Hasher.java @@ -5,13 +5,12 @@ */ package org.elasticsearch.shield.authc.support; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.Randomness; import org.elasticsearch.common.hash.MessageDigests; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; +import java.util.Base64; import java.util.Locale; import java.util.Random; @@ -145,7 +144,7 @@ public enum Hasher { byte[] textBytes = CharArrays.toUtf8Bytes(text.internalChars()); MessageDigest md = MessageDigests.sha1(); md.update(textBytes); - String hash = Base64.encodeBytes(md.digest()); + String hash = Base64.getEncoder().encodeToString(md.digest()); return (SHA1_PREFIX + hash).toCharArray(); } @@ -158,7 +157,7 @@ public enum Hasher { byte[] textBytes = CharArrays.toUtf8Bytes(text.internalChars()); MessageDigest md = MessageDigests.sha1(); md.update(textBytes); - String passwd64 = Base64.encodeBytes(md.digest()); + String passwd64 = Base64.getEncoder().encodeToString(md.digest()); String hashNoPrefix = hashStr.substring(SHA1_PREFIX.length()); return SecuredString.constantTimeEquals(hashNoPrefix, passwd64); } @@ -169,7 +168,7 @@ public enum Hasher { public char[] hash(SecuredString text) { MessageDigest md = MessageDigests.md5(); md.update(CharArrays.toUtf8Bytes(text.internalChars())); - String hash = Base64.encodeBytes(md.digest()); + String hash = Base64.getEncoder().encodeToString(md.digest()); return (MD5_PREFIX + hash).toCharArray(); } @@ -182,7 +181,7 @@ public enum Hasher { hashStr = hashStr.substring(MD5_PREFIX.length()); MessageDigest md = MessageDigests.md5(); md.update(CharArrays.toUtf8Bytes(text.internalChars())); - String computedHashStr = Base64.encodeBytes(md.digest()); + String computedHashStr = Base64.getEncoder().encodeToString(md.digest()); return SecuredString.constantTimeEquals(hashStr, computedHashStr); } }, @@ -194,7 +193,7 @@ public enum Hasher { md.update(CharArrays.toUtf8Bytes(text.internalChars())); char[] salt = SaltProvider.salt(8); md.update(CharArrays.toUtf8Bytes(salt)); - String hash = Base64.encodeBytes(md.digest()); + String hash = Base64.getEncoder().encodeToString(md.digest()); char[] result = new char[SSHA256_PREFIX.length() + salt.length + hash.length()]; System.arraycopy(SSHA256_PREFIX.toCharArray(), 0, result, 0, SSHA256_PREFIX.length()); System.arraycopy(salt, 0, result, SSHA256_PREFIX.length(), salt.length); @@ -213,7 +212,7 @@ public enum Hasher { MessageDigest md = MessageDigests.sha256(); md.update(CharArrays.toUtf8Bytes(text.internalChars())); md.update(new String(saltAndHash, 0, 8).getBytes(StandardCharsets.UTF_8)); - String computedHash = Base64.encodeBytes(md.digest()); + String computedHash = Base64.getEncoder().encodeToString(md.digest()); return SecuredString.constantTimeEquals(computedHash, new String(saltAndHash, 8, saltAndHash.length - 8)); } }, diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java index 096709d04f3..4dd4f0f08d7 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java @@ -5,13 +5,12 @@ */ package org.elasticsearch.shield.authc.support; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.shield.authc.AuthenticationToken; -import java.io.IOException; import java.nio.CharBuffer; import java.util.Arrays; +import java.util.Base64; import java.util.Objects; import static org.elasticsearch.shield.support.Exceptions.authenticationError; @@ -85,8 +84,8 @@ public class UsernamePasswordToken implements AuthenticationToken { char[] userpasswd; try { - userpasswd = CharArrays.utf8BytesToChars(Base64.decode(headerValue.substring(BASIC_AUTH_PREFIX.length()).trim())); - } catch (IllegalArgumentException | IOException e) { + userpasswd = CharArrays.utf8BytesToChars(Base64.getDecoder().decode(headerValue.substring(BASIC_AUTH_PREFIX.length()).trim())); + } catch (IllegalArgumentException e) { throw authenticationError("invalid basic authentication header encoding", e); } @@ -109,7 +108,7 @@ public class UsernamePasswordToken implements AuthenticationToken { chars.put(username).put(':').put(passwd.internalChars()); //TODO we still have passwords in Strings in headers - String basicToken = Base64.encodeBytes(CharArrays.toUtf8Bytes(chars.array())); + String basicToken = Base64.getEncoder().encodeToString(CharArrays.toUtf8Bytes(chars.array())); return "Basic " + basicToken; } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java index 207c9851a19..30994e722f2 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java @@ -6,7 +6,6 @@ package org.elasticsearch.shield.crypto; import org.elasticsearch.ElasticsearchException; -import org.elasticsearch.common.Base64; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.component.AbstractLifecycleComponent; import org.elasticsearch.common.inject.Inject; @@ -39,6 +38,7 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.Arrays; +import java.util.Base64; import java.util.Collections; import java.util.List; import java.util.Objects; @@ -138,11 +138,7 @@ public class InternalCryptoService extends AbstractLifecycleComponent 0); String username = token.substring(0, i); @@ -46,7 +46,7 @@ public class UsernamePasswordTokenTests extends ESTestCase { public void testExtractToken() throws Exception { ThreadContext threadContext = new ThreadContext(Settings.EMPTY); - String header = "Basic " + Base64.encodeBytes("user1:test123".getBytes(StandardCharsets.UTF_8)); + String header = "Basic " + Base64.getEncoder().encodeToString("user1:test123".getBytes(StandardCharsets.UTF_8)); threadContext.putHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, header); UsernamePasswordToken token = UsernamePasswordToken.extractToken(threadContext); assertThat(token, notNullValue()); diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/auth/basic/ApplicableBasicAuth.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/auth/basic/ApplicableBasicAuth.java index c547ad81159..d52d8d644d0 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/auth/basic/ApplicableBasicAuth.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/auth/basic/ApplicableBasicAuth.java @@ -5,12 +5,12 @@ */ package org.elasticsearch.xpack.common.http.auth.basic; -import org.elasticsearch.common.Base64; import org.elasticsearch.xpack.common.http.auth.ApplicableHttpAuth; import org.elasticsearch.xpack.common.secret.SecretService; import java.net.HttpURLConnection; import java.nio.charset.StandardCharsets; +import java.util.Base64; /** */ @@ -24,7 +24,7 @@ public class ApplicableBasicAuth extends ApplicableHttpAuth { } public static String headerValue(String username, char[] password) { - return "Basic " + Base64.encodeBytes((username + ":" + new String(password)).getBytes(StandardCharsets.UTF_8)); + return "Basic " + Base64.getEncoder().encodeToString((username + ":" + new String(password)).getBytes(StandardCharsets.UTF_8)); } public void apply(HttpURLConnection connection) { From 8e1a9603e3b023299bdfb05a1653ce80a15c16bf Mon Sep 17 00:00:00 2001 From: jaymode Date: Mon, 23 May 2016 18:36:22 -0400 Subject: [PATCH 11/17] security: add .reporting-* and s/.kibana/.kibana* access for the KibanaRole This commit adds access to the reporting indices for the role that the Kibana server role has access to. This needed so that the server can use the async queue. Additionally the kibana server should have access to .kibana* Closes elastic/elasticsearch#2323 Original commit: elastic/x-pack-elasticsearch@e930e9d872fdcb09eee70e66c400329ec99668f3 --- .../shield/authz/permission/KibanaRole.java | 2 +- .../authz/permission/KibanaRoleTests.java | 32 +++++++++++++------ 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaRole.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaRole.java index 83dede30eb6..c2511efbc3a 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaRole.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/permission/KibanaRole.java @@ -17,7 +17,7 @@ public class KibanaRole extends Role { private static final String[] CLUSTER_PRIVILEGES = new String[] { "monitor", MonitoringBulkAction.NAME}; private static final RoleDescriptor.IndicesPrivileges[] INDICES_PRIVILEGES = new RoleDescriptor.IndicesPrivileges[] { - RoleDescriptor.IndicesPrivileges.builder().indices(".kibana").privileges("all").build() }; + RoleDescriptor.IndicesPrivileges.builder().indices(".kibana*", ".reporting-*").privileges("all").build() }; public static final String NAME = "kibana"; public static final RoleDescriptor DESCRIPTOR = new RoleDescriptor(NAME, CLUSTER_PRIVILEGES, INDICES_PRIVILEGES, null); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaRoleTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaRoleTests.java index b4452578074..6aefb0b1f5e 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaRoleTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/KibanaRoleTests.java @@ -22,6 +22,8 @@ import org.elasticsearch.shield.user.User; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.transport.TransportRequest; +import java.util.Arrays; + import static org.hamcrest.Matchers.is; /** @@ -45,17 +47,27 @@ public class KibanaRoleTests extends ESTestCase { assertThat(KibanaRole.INSTANCE.runAs().isEmpty(), is(true)); } - public void testIndices() { - final String kibanaIndex = ".kibana"; - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher("indices:foo").test(kibanaIndex), is(true)); - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher("indices:bar").test(kibanaIndex), is(true)); - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(DeleteIndexAction.NAME).test(kibanaIndex), is(true)); - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(CreateIndexAction.NAME).test(kibanaIndex), is(true)); - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(IndexAction.NAME).test(kibanaIndex), is(true)); - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(DeleteAction.NAME).test(kibanaIndex), is(true)); - assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(UpdateSettingsAction.NAME).test(kibanaIndex), is(true)); - + public void testUnauthorizedIndices() { assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(IndexAction.NAME).test("foo"), is(false)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(IndexAction.NAME).test(".reporting"), is(false)); assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher("indices:foo").test(randomAsciiOfLengthBetween(8, 24)), is(false)); } + + public void testKibanaIndices() { + Arrays.asList(".kibana", ".kibana-devnull").forEach(this::testAllIndexAccess); + } + + public void testReportingIndices() { + testAllIndexAccess(".reporting-" + randomAsciiOfLength(randomIntBetween(0, 13))); + } + + private void testAllIndexAccess(String index) { + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher("indices:foo").test(index), is(true)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher("indices:bar").test(index), is(true)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(DeleteIndexAction.NAME).test(index), is(true)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(CreateIndexAction.NAME).test(index), is(true)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(IndexAction.NAME).test(index), is(true)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(DeleteAction.NAME).test(index), is(true)); + assertThat(KibanaRole.INSTANCE.indices().allowedIndicesMatcher(UpdateSettingsAction.NAME).test(index), is(true)); + } } From 045b255a051dc44a3a4c11f4b3d4858ae44905e5 Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Mon, 23 May 2016 16:16:31 -0700 Subject: [PATCH 12/17] Remove unnecessary use of return value for assertBusy Original commit: elastic/x-pack-elasticsearch@79fd5fc5e6699b81e1c15bf33aa46ebb58630ea9 --- .../marvel/agent/collector/AbstractCollectorTestCase.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/AbstractCollectorTestCase.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/AbstractCollectorTestCase.java index c9d20457c6b..ff72a714fc7 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/AbstractCollectorTestCase.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/AbstractCollectorTestCase.java @@ -161,7 +161,7 @@ public abstract class AbstractCollectorTestCase extends MarvelIntegTestCase { public void run() { for (String nodeId : internalCluster().getNodeNames()) { try { - assertTrue(waitForNoBlocksOnNode(nodeId)); + waitForNoBlocksOnNode(nodeId); } catch (Exception e) { fail("failed to wait for no blocks on node [" + nodeId + "]: " + e.getMessage()); } @@ -170,13 +170,12 @@ public abstract class AbstractCollectorTestCase extends MarvelIntegTestCase { }); } - public boolean waitForNoBlocksOnNode(final String nodeId) throws Exception { - return assertBusy(() -> { + public void waitForNoBlocksOnNode(final String nodeId) throws Exception { + assertBusy(() -> { ClusterBlocks clusterBlocks = client(nodeId).admin().cluster().prepareState().setLocal(true).execute().actionGet().getState().blocks(); assertTrue(clusterBlocks.global().isEmpty()); assertTrue(clusterBlocks.indices().values().isEmpty()); - return true; }, 30L, TimeUnit.SECONDS); } From 9b11ae85d2fe3fdc48fb062e31d8ec08ab167cfa Mon Sep 17 00:00:00 2001 From: uboness Date: Tue, 24 May 2016 01:22:58 +0200 Subject: [PATCH 13/17] Fixed test Original commit: elastic/x-pack-elasticsearch@9fe6158aa4ff5e648f78d6e98543ba5cafae4565 --- .../shield/authc/support/UsernamePasswordRealmTests.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealmTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealmTests.java index 8549a18f220..74e088fa589 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealmTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/UsernamePasswordRealmTests.java @@ -20,7 +20,7 @@ public class UsernamePasswordRealmTests extends ESTestCase { int count = randomIntBetween(0, 1000); UsernamePasswordRealm.UserbaseSize size = UsernamePasswordRealm.UserbaseSize.resolve(count); if (count < 10) { - assertThat(size, is(UsernamePasswordRealm.UserbaseSize.SMALL)); + assertThat(size, is(UsernamePasswordRealm.UserbaseSize.TINY)); } else if (count < 100) { assertThat(size, is(UsernamePasswordRealm.UserbaseSize.SMALL)); } else if (count < 500) { From 0fd936610aaa765274404b8ef2292f094e6c4ae3 Mon Sep 17 00:00:00 2001 From: Martijn van Groningen Date: Tue, 24 May 2016 13:31:05 +0200 Subject: [PATCH 14/17] test: removed percolator api tests This api now just redirects to search api. All the special percolator logic has been replaced by a query that uses the Lucene index. (no caching of queries upon loading shards) So these special tests are no longer needed Original commit: elastic/x-pack-elasticsearch@335d6554fb784a91770f96e4d1227c1210a7b3b9 --- .../DocumentLevelSecurityTests.java | 82 ------------------- .../integration/FieldLevelSecurityTests.java | 45 ---------- 2 files changed, 127 deletions(-) diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java index db7d5d3048e..f99bfef4aff 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java @@ -9,8 +9,6 @@ import org.apache.lucene.search.join.ScoreMode; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.action.get.GetResponse; import org.elasticsearch.action.get.MultiGetResponse; -import org.elasticsearch.action.percolate.PercolateResponse; -import org.elasticsearch.action.percolate.PercolateSourceBuilder; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.termvectors.MultiTermVectorsResponse; import org.elasticsearch.action.termvectors.TermVectorsRequest; @@ -605,86 +603,6 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase { assertThat(searchResponse.getHits().getAt(1).id(), equalTo("c2")); } - public void testPercolateApi() { - assertAcked(client().admin().indices().prepareCreate("test") - .addMapping("query", "query", "type=percolator", "field1", "type=text", "field2", "type=text", "field3", "type=text") - ); - client().prepareIndex("test", "query", "1") - .setSource("{\"query\" : { \"match_all\" : {} }, \"field1\" : \"value1\"}") - .setRefresh(true) - .get(); - - // Percolator without a query just evaluates all percolator queries that are loaded, so we have a match: - PercolateResponse response = client() - .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - - response = client() - .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(0L)); - - response = client() - .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user3", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - - // Percolator with a query on a document that the current user can see. Percolator will have one query to evaluate, so there is a - // match: - response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateQuery(termQuery("field1", "value1")) - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - - // Percolator with a query on a document that the current user can't see. Percolator will not have queries to evaluate, so there - // is no match: - response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateQuery(termQuery("field1", "value1")) - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(0L)); - - response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user3", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateQuery(termQuery("field1", "value1")) - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - - assertAcked(client().admin().indices().prepareClose("test")); - assertAcked(client().admin().indices().prepareOpen("test")); - ensureGreen("test"); - - // Ensure that the query loading that happens at startup has permissions to load the percolator queries: - response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - } - public void testScroll() throws Exception { assertAcked(client().admin().indices().prepareCreate("test") .setSettings(Settings.builder().put(IndicesRequestCache.INDEX_CACHE_REQUEST_ENABLED_SETTING.getKey(), true)) diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java index c8430ea1c8e..a887783b017 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java @@ -10,8 +10,6 @@ import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.action.fieldstats.FieldStatsResponse; import org.elasticsearch.action.get.GetResponse; import org.elasticsearch.action.get.MultiGetResponse; -import org.elasticsearch.action.percolate.PercolateResponse; -import org.elasticsearch.action.percolate.PercolateSourceBuilder; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.termvectors.MultiTermVectorsResponse; import org.elasticsearch.action.termvectors.TermVectorsRequest; @@ -1122,49 +1120,6 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { assertThat(response.getResponses()[0].getResponse().getFields().terms("field2").size(), equalTo(1L)); } - public void testPercolateApi() { - assertAcked(client().admin().indices().prepareCreate("test") - .addMapping("query", "query", "type=percolator", "field1", "type=text", "field2", "type=text") - ); - client().prepareIndex("test", "query", "1") - .setSource("{\"query\" : { \"match_all\" : {} }, \"field1\" : \"value1\"}") - .setRefresh(true) - .get(); - - // Percolator without a query just evaluates all percolator queries that are loaded, so we have a match: - PercolateResponse response = client() - .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - - // Percolator with a query on a field that the current user can't see. Percolator will not have queries to evaluate, so there is - // no match: - response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateQuery(termQuery("field1", "value1")) - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(0L)); - - assertAcked(client().admin().indices().prepareClose("test")); - assertAcked(client().admin().indices().prepareOpen("test")); - ensureGreen("test"); - - // Ensure that the query loading that happens at startup has permissions to load the percolator queries: - response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) - .preparePercolate() - .setDocumentType("query") - .setPercolateDoc(new PercolateSourceBuilder.DocBuilder().setDoc("{}")) - .get(); - assertThat(response.getCount(), equalTo(1L)); - assertThat(response.getMatches()[0].getId().string(), equalTo("1")); - } - public void testParentChild() { assertAcked(prepareCreate("test") .addMapping("parent") From 8e25536a0bd0717bfb0c4f7e4f15ff0954baea3a Mon Sep 17 00:00:00 2001 From: Martijn van Groningen Date: Tue, 24 May 2016 14:30:53 +0200 Subject: [PATCH 15/17] test: removed checking for percolator actions This api now just redirects to search api. All the special percolator logic has been replaced by a query that uses the Lucene index. (no caching of queries upon loading shards) So verifying these deprecated actions is no longer needed Original commit: elastic/x-pack-elasticsearch@da6d66fcb49d35982af84db82346c01f042a1ec1 --- .../src/test/resources/org/elasticsearch/transport/actions | 2 -- 1 file changed, 2 deletions(-) diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions index 8ae28064a75..af461b5f43f 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions @@ -59,10 +59,8 @@ indices:data/read/field_stats indices:data/read/get indices:data/read/xpack/graph/explore indices:data/read/mget -indices:data/read/mpercolate indices:data/read/msearch indices:data/read/mtv -indices:data/read/percolate cluster:admin/script/get indices:data/read/scroll indices:data/read/scroll/clear From 352cd80c2c48677fb5c79fa965b1408f859d17a9 Mon Sep 17 00:00:00 2001 From: Areek Zillur Date: Tue, 24 May 2016 11:15:25 -0400 Subject: [PATCH 16/17] Add _xpack prefix to license endpoints Original commit: elastic/x-pack-elasticsearch@7af3ea2450b5a730bc9bee7f26409ddf5a73c561 --- .../license/plugin/rest/RestDeleteLicenseAction.java | 2 +- .../license/plugin/rest/RestGetLicenseAction.java | 2 +- .../license/plugin/rest/RestPutLicenseAction.java | 4 ++-- .../src/test/resources/rest-api-spec/api/license.delete.json | 4 ++-- .../src/test/resources/rest-api-spec/api/license.get.json | 4 ++-- .../src/test/resources/rest-api-spec/api/license.post.json | 4 ++-- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestDeleteLicenseAction.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestDeleteLicenseAction.java index 5bcede84797..c4a891b0a71 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestDeleteLicenseAction.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestDeleteLicenseAction.java @@ -23,7 +23,7 @@ public class RestDeleteLicenseAction extends BaseRestHandler { @Inject public RestDeleteLicenseAction(Settings settings, RestController controller, Client client) { super(settings, client); - controller.registerHandler(DELETE, "/_license", this); + controller.registerHandler(DELETE, "/_xpack/license", this); } @Override diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestGetLicenseAction.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestGetLicenseAction.java index bf8200f30ad..933dbf73be2 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestGetLicenseAction.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestGetLicenseAction.java @@ -34,7 +34,7 @@ public class RestGetLicenseAction extends BaseRestHandler { @Inject public RestGetLicenseAction(Settings settings, RestController controller, Client client) { super(settings, client); - controller.registerHandler(GET, "/_license", this); + controller.registerHandler(GET, "/_xpack/license", this); } /** diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestPutLicenseAction.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestPutLicenseAction.java index a7953e35b7d..d6374654266 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestPutLicenseAction.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestPutLicenseAction.java @@ -30,8 +30,8 @@ public class RestPutLicenseAction extends BaseRestHandler { @Inject public RestPutLicenseAction(Settings settings, RestController controller, Client client) { super(settings, client); - controller.registerHandler(PUT, "/_license", this); - controller.registerHandler(POST, "/_license", this); + controller.registerHandler(PUT, "/_xpack/license", this); + controller.registerHandler(POST, "/_xpack/license", this); } @Override diff --git a/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.delete.json b/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.delete.json index 903a0ed361d..f30f75fc478 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.delete.json +++ b/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.delete.json @@ -3,8 +3,8 @@ "documentation": "https://www.elastic.co/guide/en/shield/current/license-management.html", "methods": ["DELETE"], "url": { - "path": "/_license", - "paths": ["/_license"], + "path": "/_xpack/license", + "paths": ["/_xpack/license"], "parts" : {} }, "body": null diff --git a/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.get.json b/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.get.json index ad01451d51a..88d6d6b2d77 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.get.json +++ b/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.get.json @@ -3,8 +3,8 @@ "documentation": "https://www.elastic.co/guide/en/shield/current/license-management.html", "methods": ["GET"], "url": { - "path": "/_license", - "paths": ["/_license"], + "path": "/_xpack/license", + "paths": ["/_xpack/license"], "parts" : { }, "params": { diff --git a/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.post.json b/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.post.json index d7aa3dbc56f..3596a0b547b 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.post.json +++ b/elasticsearch/x-pack/license-plugin/src/test/resources/rest-api-spec/api/license.post.json @@ -3,8 +3,8 @@ "documentation": "https://www.elastic.co/guide/en/shield/current/license-management.html", "methods": ["PUT", "POST"], "url": { - "path": "/_license", - "paths": ["/_license"], + "path": "/_xpack/license", + "paths": ["/_xpack/license"], "parts" : { }, "params": { From 3794c3260a0f54b64aa082b0c43b9a4980936bca Mon Sep 17 00:00:00 2001 From: Areek Zillur Date: Tue, 24 May 2016 11:37:11 -0400 Subject: [PATCH 17/17] update smoke test to point to renamed license endpoint Original commit: elastic/x-pack-elasticsearch@4a8fb3c86ef371b9fd7a60a85e6f22004283d8d4 --- elasticsearch/x-dev-tools/smoke_test_xpack_rc.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/elasticsearch/x-dev-tools/smoke_test_xpack_rc.py b/elasticsearch/x-dev-tools/smoke_test_xpack_rc.py index fd4efcd7e2e..003d3a58c09 100644 --- a/elasticsearch/x-dev-tools/smoke_test_xpack_rc.py +++ b/elasticsearch/x-dev-tools/smoke_test_xpack_rc.py @@ -140,12 +140,12 @@ def smoke_test_release(release, files, expected_hash): # put the supplied license to ensure that system was built with license = read_fully(os.path.join(os.path.dirname(__file__), 'license.json')) - conn.request('PUT', '/_license?acknowledge=true', license, headers=headers) + conn.request('PUT', '/_xpack/license?acknowledge=true', license, headers=headers) res = conn.getresponse() # reading the result, so we can execute the next request on the same connection license_resp = json.loads(res.read().decode('utf-8')) if res.status != 200: - raise RuntimeError('Could not PUT _license, got status %s' % res.status) + raise RuntimeError('Could not PUT _xpack/license, got status %s' % res.status) if license_resp['license_status'] != 'valid': raise RuntimeError('Expected license to be valid, but was %s' % license_resp['license_status'])