Accept BootstrapContext in xpack (elastic/x-pack-elasticsearch#2486)
This is the xpack side of elastic/elasticsearch#26628 Original commit: elastic/x-pack-elasticsearch@f6c0599ee2
This commit is contained in:
Simon Willnauer
GitHub
parent
f30e5c3fee
commit
01a921a8e3
|
|
@ -6,6 +6,7 @@
|
|||
package org.elasticsearch.xpack.security;
|
||||
|
||||
import org.elasticsearch.bootstrap.BootstrapCheck;
|
||||
import org.elasticsearch.bootstrap.BootstrapContext;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.xpack.security.authc.RealmSettings;
|
||||
import org.elasticsearch.xpack.security.authc.pki.PkiRealm;
|
||||
|
|
@ -20,10 +21,8 @@ import static org.elasticsearch.xpack.security.Security.setting;
|
|||
class PkiRealmBootstrapCheck implements BootstrapCheck {
|
||||
|
||||
private final SSLService sslService;
|
||||
private final Settings settings;
|
||||
|
||||
PkiRealmBootstrapCheck(Settings settings, SSLService sslService) {
|
||||
this.settings = settings;
|
||||
PkiRealmBootstrapCheck(SSLService sslService) {
|
||||
this.sslService = sslService;
|
||||
}
|
||||
|
||||
|
|
@ -32,7 +31,8 @@ class PkiRealmBootstrapCheck implements BootstrapCheck {
|
|||
* least one network communication layer.
|
||||
*/
|
||||
@Override
|
||||
public boolean check() {
|
||||
public boolean check(BootstrapContext context) {
|
||||
final Settings settings = context.settings;
|
||||
final boolean pkiRealmEnabled = settings.getGroups(RealmSettings.PREFIX).values().stream()
|
||||
.filter(s -> PkiRealm.TYPE.equals(s.get("type")))
|
||||
.anyMatch(s -> s.getAsBoolean("enabled", true));
|
||||
|
|
|
|||
|
|
@ -242,9 +242,9 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin, Clus
|
|||
// fetched
|
||||
final List<BootstrapCheck> checks = new ArrayList<>();
|
||||
checks.addAll(Arrays.asList(
|
||||
new SSLBootstrapCheck(sslService, settings, env),
|
||||
new TokenSSLBootstrapCheck(settings),
|
||||
new PkiRealmBootstrapCheck(settings, sslService)));
|
||||
new SSLBootstrapCheck(sslService, env),
|
||||
new TokenSSLBootstrapCheck(),
|
||||
new PkiRealmBootstrapCheck(sslService)));
|
||||
checks.addAll(InternalRealms.getBootstrapChecks(settings));
|
||||
this.bootstrapChecks = Collections.unmodifiableList(checks);
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
package org.elasticsearch.xpack.security;
|
||||
|
||||
import org.elasticsearch.bootstrap.BootstrapCheck;
|
||||
import org.elasticsearch.bootstrap.BootstrapContext;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.xpack.XPackSettings;
|
||||
|
|
@ -15,16 +16,11 @@ import org.elasticsearch.xpack.XPackSettings;
|
|||
*/
|
||||
final class TokenSSLBootstrapCheck implements BootstrapCheck {
|
||||
|
||||
private final Settings settings;
|
||||
|
||||
TokenSSLBootstrapCheck(Settings settings) {
|
||||
this.settings = settings;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean check() {
|
||||
if (NetworkModule.HTTP_ENABLED.get(settings)) {
|
||||
return XPackSettings.HTTP_SSL_ENABLED.get(settings) == false && XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.get(settings);
|
||||
public boolean check(BootstrapContext context) {
|
||||
if (NetworkModule.HTTP_ENABLED.get(context.settings)) {
|
||||
return XPackSettings.HTTP_SSL_ENABLED.get(context.settings) == false && XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.get
|
||||
(context.settings);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import java.nio.file.Path;
|
|||
|
||||
import org.apache.lucene.util.SetOnce;
|
||||
import org.elasticsearch.bootstrap.BootstrapCheck;
|
||||
import org.elasticsearch.bootstrap.BootstrapContext;
|
||||
import org.elasticsearch.xpack.security.authc.RealmConfig;
|
||||
|
||||
/**
|
||||
|
|
@ -27,7 +28,7 @@ public class RoleMappingFileBootstrapCheck implements BootstrapCheck {
|
|||
}
|
||||
|
||||
@Override
|
||||
public boolean check() {
|
||||
public boolean check(BootstrapContext context) {
|
||||
try {
|
||||
DnRoleMapper.parseFile(path, realmConfig.logger(getClass()), realmConfig.type(), realmConfig.name(), true);
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ package org.elasticsearch.xpack.ssl;
|
|||
|
||||
import org.elasticsearch.ElasticsearchException;
|
||||
import org.elasticsearch.bootstrap.BootstrapCheck;
|
||||
import org.elasticsearch.bootstrap.BootstrapContext;
|
||||
import org.elasticsearch.common.inject.internal.Nullable;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
|
|
@ -33,18 +34,16 @@ import java.util.stream.Stream;
|
|||
public final class SSLBootstrapCheck implements BootstrapCheck {
|
||||
|
||||
private final SSLService sslService;
|
||||
private final Settings settings;
|
||||
private final Environment environment;
|
||||
|
||||
public SSLBootstrapCheck(SSLService sslService, Settings settings, @Nullable Environment environment) {
|
||||
public SSLBootstrapCheck(SSLService sslService, @Nullable Environment environment) {
|
||||
this.sslService = sslService;
|
||||
this.settings = settings;
|
||||
this.environment = environment;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean check() {
|
||||
final Settings transportSSLSettings = settings.getByPrefix(XPackSettings.TRANSPORT_SSL_PREFIX);
|
||||
public boolean check(BootstrapContext context) {
|
||||
final Settings transportSSLSettings = context.settings.getByPrefix(XPackSettings.TRANSPORT_SSL_PREFIX);
|
||||
return sslService.sslConfiguration(transportSSLSettings).keyConfig() == KeyConfig.NONE
|
||||
|| isDefaultCACertificateTrusted() || isDefaultPrivateKeyUsed();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
package org.elasticsearch.xpack.watcher;
|
||||
|
||||
import org.elasticsearch.bootstrap.BootstrapCheck;
|
||||
import org.elasticsearch.bootstrap.BootstrapContext;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
|
|
@ -15,17 +16,16 @@ import java.nio.file.Path;
|
|||
|
||||
final class EncryptSensitiveDataBootstrapCheck implements BootstrapCheck {
|
||||
|
||||
private final Settings settings;
|
||||
private final Environment environment;
|
||||
|
||||
EncryptSensitiveDataBootstrapCheck(Settings settings, Environment environment) {
|
||||
this.settings = settings;
|
||||
EncryptSensitiveDataBootstrapCheck(Environment environment) {
|
||||
this.environment = environment;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean check() {
|
||||
return Watcher.ENCRYPT_SENSITIVE_DATA_SETTING.get(settings) && Watcher.ENCRYPTION_KEY_SETTING.exists(settings) == false;
|
||||
public boolean check(BootstrapContext context) {
|
||||
return Watcher.ENCRYPT_SENSITIVE_DATA_SETTING.get(context.settings)
|
||||
&& Watcher.ENCRYPTION_KEY_SETTING.exists(context.settings) == false;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -518,6 +518,6 @@ public class Watcher implements ActionPlugin {
|
|||
}
|
||||
|
||||
public List<BootstrapCheck> getBootstrapChecks() {
|
||||
return Collections.singletonList(new EncryptSensitiveDataBootstrapCheck(settings, new Environment(settings)));
|
||||
return Collections.singletonList(new EncryptSensitiveDataBootstrapCheck(new Environment(settings)));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.security;
|
||||
|
||||
import org.elasticsearch.bootstrap.BootstrapContext;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
|
|
@ -14,8 +15,9 @@ import org.elasticsearch.xpack.ssl.SSLService;
|
|||
public class PkiRealmBootstrapCheckTests extends ESTestCase {
|
||||
|
||||
public void testPkiRealmBootstrapDefault() throws Exception {
|
||||
assertFalse(new PkiRealmBootstrapCheck(Settings.EMPTY, new SSLService(Settings.EMPTY,
|
||||
new Environment(Settings.builder().put("path.home", createTempDir()).build()))).check());
|
||||
assertFalse(new PkiRealmBootstrapCheck(new SSLService(Settings.EMPTY,
|
||||
new Environment(Settings.builder().put("path.home", createTempDir()).build()))).check((new BootstrapContext(Settings
|
||||
.EMPTY, null))));
|
||||
}
|
||||
|
||||
public void testBootstrapCheckWithPkiRealm() throws Exception {
|
||||
|
|
@ -24,42 +26,42 @@ public class PkiRealmBootstrapCheckTests extends ESTestCase {
|
|||
.put("path.home", createTempDir())
|
||||
.build();
|
||||
Environment env = new Environment(settings);
|
||||
assertFalse(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check());
|
||||
assertFalse(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null)));
|
||||
|
||||
// disable client auth default
|
||||
settings = Settings.builder().put(settings)
|
||||
.put("xpack.ssl.client_authentication", "none")
|
||||
.build();
|
||||
env = new Environment(settings);
|
||||
assertTrue(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check());
|
||||
assertTrue(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null)));
|
||||
|
||||
// enable ssl for http
|
||||
settings = Settings.builder().put(settings)
|
||||
.put("xpack.security.http.ssl.enabled", true)
|
||||
.build();
|
||||
env = new Environment(settings);
|
||||
assertTrue(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check());
|
||||
assertTrue(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null)));
|
||||
|
||||
// enable client auth for http
|
||||
settings = Settings.builder().put(settings)
|
||||
.put("xpack.security.http.ssl.client_authentication", randomFrom("required", "optional"))
|
||||
.build();
|
||||
env = new Environment(settings);
|
||||
assertFalse(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check());
|
||||
assertFalse(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null)));
|
||||
|
||||
// disable http ssl
|
||||
settings = Settings.builder().put(settings)
|
||||
.put("xpack.security.http.ssl.enabled", false)
|
||||
.build();
|
||||
env = new Environment(settings);
|
||||
assertTrue(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check());
|
||||
assertTrue(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null)));
|
||||
|
||||
// set transport client auth
|
||||
settings = Settings.builder().put(settings)
|
||||
.put("xpack.security.transport.client_authentication", randomFrom("required", "optional"))
|
||||
.build();
|
||||
env = new Environment(settings);
|
||||
assertTrue(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check());
|
||||
assertTrue(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null)));
|
||||
|
||||
// test with transport profile
|
||||
settings = Settings.builder().put(settings)
|
||||
|
|
@ -67,7 +69,7 @@ public class PkiRealmBootstrapCheckTests extends ESTestCase {
|
|||
.put("transport.profiles.foo.xpack.security.ssl.client_authentication", randomFrom("required", "optional"))
|
||||
.build();
|
||||
env = new Environment(settings);
|
||||
assertFalse(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check());
|
||||
assertFalse(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null)));
|
||||
}
|
||||
|
||||
public void testBootstrapCheckWithDisabledRealm() throws Exception {
|
||||
|
|
@ -78,6 +80,6 @@ public class PkiRealmBootstrapCheckTests extends ESTestCase {
|
|||
.put("path.home", createTempDir())
|
||||
.build();
|
||||
Environment env = new Environment(settings);
|
||||
assertFalse(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check());
|
||||
assertFalse(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null)));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,39 +5,40 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.security;
|
||||
|
||||
import org.elasticsearch.bootstrap.BootstrapContext;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.xpack.XPackSettings;
|
||||
import org.elasticsearch.xpack.security.TokenSSLBootstrapCheck;
|
||||
|
||||
public class TokenSSLBootsrapCheckTests extends ESTestCase {
|
||||
|
||||
public void testTokenSSLBootstrapCheck() {
|
||||
Settings settings = Settings.EMPTY;
|
||||
assertFalse(new TokenSSLBootstrapCheck(settings).check());
|
||||
|
||||
assertFalse(new TokenSSLBootstrapCheck().check(new BootstrapContext(settings, null)));
|
||||
|
||||
settings = Settings.builder()
|
||||
.put(NetworkModule.HTTP_ENABLED.getKey(), false)
|
||||
.put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true).build();
|
||||
assertFalse(new TokenSSLBootstrapCheck(settings).check());
|
||||
assertFalse(new TokenSSLBootstrapCheck().check(new BootstrapContext(settings, null)));
|
||||
|
||||
settings = Settings.builder().put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true).build();
|
||||
assertFalse(new TokenSSLBootstrapCheck(settings).check());
|
||||
assertFalse(new TokenSSLBootstrapCheck().check(new BootstrapContext(settings, null)));
|
||||
|
||||
// XPackSettings.HTTP_SSL_ENABLED default false
|
||||
settings = Settings.builder().put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true).build();
|
||||
assertTrue(new TokenSSLBootstrapCheck(settings).check());
|
||||
assertTrue(new TokenSSLBootstrapCheck().check(new BootstrapContext(settings, null)));
|
||||
|
||||
settings = Settings.builder()
|
||||
.put(XPackSettings.HTTP_SSL_ENABLED.getKey(), false)
|
||||
.put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true).build();
|
||||
assertTrue(new TokenSSLBootstrapCheck(settings).check());
|
||||
assertTrue(new TokenSSLBootstrapCheck().check(new BootstrapContext(settings, null)));
|
||||
|
||||
settings = Settings.builder()
|
||||
.put(XPackSettings.HTTP_SSL_ENABLED.getKey(), false)
|
||||
.put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true)
|
||||
.put(NetworkModule.HTTP_ENABLED.getKey(), false).build();
|
||||
assertFalse(new TokenSSLBootstrapCheck(settings).check());
|
||||
assertFalse(new TokenSSLBootstrapCheck().check(new BootstrapContext(settings, null)));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ import java.nio.file.Path;
|
|||
import java.util.Collections;
|
||||
|
||||
import org.elasticsearch.bootstrap.BootstrapCheck;
|
||||
import org.elasticsearch.bootstrap.BootstrapContext;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
|
|
@ -45,7 +46,7 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
|||
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
||||
assertThat(check, notNullValue());
|
||||
assertThat(check.alwaysEnforce(), equalTo(true));
|
||||
assertThat(check.check(), equalTo(false));
|
||||
assertThat(check.check(new BootstrapContext(settings, null)), equalTo(false));
|
||||
}
|
||||
|
||||
public void testBootstrapCheckOfMissingFile() {
|
||||
|
|
@ -58,7 +59,7 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
|||
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
||||
assertThat(check, notNullValue());
|
||||
assertThat(check.alwaysEnforce(), equalTo(true));
|
||||
assertThat(check.check(), equalTo(true));
|
||||
assertThat(check.check(new BootstrapContext(settings, null)), equalTo(true));
|
||||
assertThat(check.errorMessage(), containsString("the-realm-name"));
|
||||
assertThat(check.errorMessage(), containsString(fileName));
|
||||
assertThat(check.errorMessage(), containsString("does not exist"));
|
||||
|
|
@ -76,7 +77,7 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
|||
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
||||
assertThat(check, notNullValue());
|
||||
assertThat(check.alwaysEnforce(), equalTo(true));
|
||||
assertThat(check.check(), equalTo(true));
|
||||
assertThat(check.check(new BootstrapContext(settings, null)), equalTo(true));
|
||||
assertThat(check.errorMessage(), containsString("the-realm-name"));
|
||||
assertThat(check.errorMessage(), containsString(file.toString()));
|
||||
assertThat(check.errorMessage(), containsString("could not read"));
|
||||
|
|
@ -94,7 +95,7 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
|||
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
||||
assertThat(check, notNullValue());
|
||||
assertThat(check.alwaysEnforce(), equalTo(true));
|
||||
assertThat(check.check(), equalTo(true));
|
||||
assertThat(check.check(new BootstrapContext(settings, null)), equalTo(true));
|
||||
assertThat(check.errorMessage(), containsString("the-realm-name"));
|
||||
assertThat(check.errorMessage(), containsString(file.toString()));
|
||||
assertThat(check.errorMessage(), containsString("invalid DN"));
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.ssl;
|
||||
|
||||
import org.elasticsearch.bootstrap.BootstrapContext;
|
||||
import org.elasticsearch.common.settings.MockSecureSettings;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
|
|
@ -14,8 +15,8 @@ public class SSLBootstrapCheckTests extends ESTestCase {
|
|||
|
||||
public void testSSLBootstrapCheckWithNoKey() throws Exception {
|
||||
SSLService sslService = new SSLService(Settings.EMPTY, null);
|
||||
SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(sslService, Settings.EMPTY, null);
|
||||
assertTrue(bootstrapCheck.check());
|
||||
SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(sslService, null);
|
||||
assertTrue(bootstrapCheck.check(new BootstrapContext(Settings.EMPTY, null)));
|
||||
}
|
||||
|
||||
public void testSSLBootstrapCheckWithKey() throws Exception {
|
||||
|
|
@ -31,8 +32,8 @@ public class SSLBootstrapCheckTests extends ESTestCase {
|
|||
.setSecureSettings(secureSettings)
|
||||
.build();
|
||||
final Environment env = randomBoolean() ? new Environment(settings) : null;
|
||||
SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), settings, env);
|
||||
assertFalse(bootstrapCheck.check());
|
||||
SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), env);
|
||||
assertFalse(bootstrapCheck.check(new BootstrapContext(settings, null)));
|
||||
}
|
||||
|
||||
public void testSSLBootstrapCheckWithDefaultCABeingTrusted() throws Exception {
|
||||
|
|
@ -51,15 +52,15 @@ public class SSLBootstrapCheckTests extends ESTestCase {
|
|||
.setSecureSettings(secureSettings)
|
||||
.build();
|
||||
final Environment env = randomBoolean() ? new Environment(settings) : null;
|
||||
SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), settings, env);
|
||||
assertTrue(bootstrapCheck.check());
|
||||
SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), env);
|
||||
assertTrue(bootstrapCheck.check(new BootstrapContext(settings, null)));
|
||||
|
||||
settings = Settings.builder().put(settings.filter((s) -> s.contains(".certificate_authorities")))
|
||||
.put("xpack.security.http.ssl.certificate_authorities",
|
||||
getDataPath("/org/elasticsearch/xpack/ssl/ca.pem").toString())
|
||||
.build();
|
||||
bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), settings, env);
|
||||
assertTrue(bootstrapCheck.check());
|
||||
bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), env);
|
||||
assertTrue(bootstrapCheck.check(new BootstrapContext(settings, null)));
|
||||
}
|
||||
|
||||
public void testSSLBootstrapCheckWithDefaultKeyBeingUsed() throws Exception {
|
||||
|
|
@ -77,8 +78,8 @@ public class SSLBootstrapCheckTests extends ESTestCase {
|
|||
.setSecureSettings(secureSettings)
|
||||
.build();
|
||||
final Environment env = randomBoolean() ? new Environment(settings) : null;
|
||||
SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), settings, env);
|
||||
assertTrue(bootstrapCheck.check());
|
||||
SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), env);
|
||||
assertTrue(bootstrapCheck.check(new BootstrapContext(settings, null)));
|
||||
|
||||
settings = Settings.builder().put(settings.filter((s) -> s.contains(".http.ssl.")))
|
||||
.put("xpack.security.transport.profiles.foo.xpack.security.ssl.key",
|
||||
|
|
@ -86,7 +87,7 @@ public class SSLBootstrapCheckTests extends ESTestCase {
|
|||
.put("xpack.security.transport.profiles.foo.xpack.security.ssl.certificate",
|
||||
getDataPath("/org/elasticsearch/xpack/ssl/ca.pem").toString())
|
||||
.build();
|
||||
bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), settings, env);
|
||||
assertTrue(bootstrapCheck.check());
|
||||
bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), env);
|
||||
assertTrue(bootstrapCheck.check(new BootstrapContext(settings, null)));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.watcher;
|
||||
|
||||
import org.elasticsearch.bootstrap.BootstrapContext;
|
||||
import org.elasticsearch.common.settings.MockSecureSettings;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
|
|
@ -16,8 +17,8 @@ public class EncryptSensitiveDataBootstrapCheckTests extends ESTestCase {
|
|||
public void testDefaultIsFalse() {
|
||||
Settings settings = Settings.builder().put("path.home", createTempDir()).build();
|
||||
Environment env = new Environment(settings);
|
||||
EncryptSensitiveDataBootstrapCheck check = new EncryptSensitiveDataBootstrapCheck(settings, env);
|
||||
assertFalse(check.check());
|
||||
EncryptSensitiveDataBootstrapCheck check = new EncryptSensitiveDataBootstrapCheck(env);
|
||||
assertFalse(check.check(new BootstrapContext(settings, null)));
|
||||
assertTrue(check.alwaysEnforce());
|
||||
}
|
||||
|
||||
|
|
@ -27,8 +28,8 @@ public class EncryptSensitiveDataBootstrapCheckTests extends ESTestCase {
|
|||
.put(Watcher.ENCRYPT_SENSITIVE_DATA_SETTING.getKey(), true)
|
||||
.build();
|
||||
Environment env = new Environment(settings);
|
||||
EncryptSensitiveDataBootstrapCheck check = new EncryptSensitiveDataBootstrapCheck(settings, env);
|
||||
assertTrue(check.check());
|
||||
EncryptSensitiveDataBootstrapCheck check = new EncryptSensitiveDataBootstrapCheck(env);
|
||||
assertTrue(check.check(new BootstrapContext(settings, null)));
|
||||
}
|
||||
|
||||
public void testKeyInKeystore() {
|
||||
|
|
@ -40,7 +41,7 @@ public class EncryptSensitiveDataBootstrapCheckTests extends ESTestCase {
|
|||
.setSecureSettings(secureSettings)
|
||||
.build();
|
||||
Environment env = new Environment(settings);
|
||||
EncryptSensitiveDataBootstrapCheck check = new EncryptSensitiveDataBootstrapCheck(settings, env);
|
||||
assertFalse(check.check());
|
||||
EncryptSensitiveDataBootstrapCheck check = new EncryptSensitiveDataBootstrapCheck(env);
|
||||
assertFalse(check.check(new BootstrapContext(settings, null)));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue