From 01a921a8e3177a8e8aad935b076dd86d4b63ce29 Mon Sep 17 00:00:00 2001 From: Simon Willnauer Date: Wed, 13 Sep 2017 22:14:29 +0200 Subject: [PATCH] Accept BootstrapContext in xpack (elastic/x-pack-elasticsearch#2486) This is the xpack side of elastic/elasticsearch#26628 Original commit: elastic/x-pack-elasticsearch@f6c0599ee28594c732dd287faa7f152d0fff44ac --- .../security/PkiRealmBootstrapCheck.java | 8 +++--- .../xpack/security/Security.java | 6 ++--- .../security/TokenSSLBootstrapCheck.java | 14 ++++------- .../RoleMappingFileBootstrapCheck.java | 3 ++- .../xpack/ssl/SSLBootstrapCheck.java | 9 +++---- .../EncryptSensitiveDataBootstrapCheck.java | 10 ++++---- .../elasticsearch/xpack/watcher/Watcher.java | 2 +- .../security/PkiRealmBootstrapCheckTests.java | 22 ++++++++-------- .../security/TokenSSLBootsrapCheckTests.java | 15 +++++------ .../RoleMappingFileBootstrapCheckTests.java | 9 ++++--- .../xpack/ssl/SSLBootstrapCheckTests.java | 25 ++++++++++--------- ...cryptSensitiveDataBootstrapCheckTests.java | 13 +++++----- 12 files changed, 69 insertions(+), 67 deletions(-) diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheck.java b/plugin/src/main/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheck.java index 3001d82b495..ad31761cd24 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheck.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheck.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.security; import org.elasticsearch.bootstrap.BootstrapCheck; +import org.elasticsearch.bootstrap.BootstrapContext; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.xpack.security.authc.RealmSettings; import org.elasticsearch.xpack.security.authc.pki.PkiRealm; @@ -20,10 +21,8 @@ import static org.elasticsearch.xpack.security.Security.setting; class PkiRealmBootstrapCheck implements BootstrapCheck { private final SSLService sslService; - private final Settings settings; - PkiRealmBootstrapCheck(Settings settings, SSLService sslService) { - this.settings = settings; + PkiRealmBootstrapCheck(SSLService sslService) { this.sslService = sslService; } @@ -32,7 +31,8 @@ class PkiRealmBootstrapCheck implements BootstrapCheck { * least one network communication layer. */ @Override - public boolean check() { + public boolean check(BootstrapContext context) { + final Settings settings = context.settings; final boolean pkiRealmEnabled = settings.getGroups(RealmSettings.PREFIX).values().stream() .filter(s -> PkiRealm.TYPE.equals(s.get("type"))) .anyMatch(s -> s.getAsBoolean("enabled", true)); diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java b/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java index b205683b2bc..dd9de5bc2ae 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java @@ -242,9 +242,9 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin, Clus // fetched final List checks = new ArrayList<>(); checks.addAll(Arrays.asList( - new SSLBootstrapCheck(sslService, settings, env), - new TokenSSLBootstrapCheck(settings), - new PkiRealmBootstrapCheck(settings, sslService))); + new SSLBootstrapCheck(sslService, env), + new TokenSSLBootstrapCheck(), + new PkiRealmBootstrapCheck(sslService))); checks.addAll(InternalRealms.getBootstrapChecks(settings)); this.bootstrapChecks = Collections.unmodifiableList(checks); } else { diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/TokenSSLBootstrapCheck.java b/plugin/src/main/java/org/elasticsearch/xpack/security/TokenSSLBootstrapCheck.java index dfeeb05805c..cf3a1b48ae3 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/TokenSSLBootstrapCheck.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/TokenSSLBootstrapCheck.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.security; import org.elasticsearch.bootstrap.BootstrapCheck; +import org.elasticsearch.bootstrap.BootstrapContext; import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.xpack.XPackSettings; @@ -15,16 +16,11 @@ import org.elasticsearch.xpack.XPackSettings; */ final class TokenSSLBootstrapCheck implements BootstrapCheck { - private final Settings settings; - - TokenSSLBootstrapCheck(Settings settings) { - this.settings = settings; - } - @Override - public boolean check() { - if (NetworkModule.HTTP_ENABLED.get(settings)) { - return XPackSettings.HTTP_SSL_ENABLED.get(settings) == false && XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.get(settings); + public boolean check(BootstrapContext context) { + if (NetworkModule.HTTP_ENABLED.get(context.settings)) { + return XPackSettings.HTTP_SSL_ENABLED.get(context.settings) == false && XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.get + (context.settings); } return false; } diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java index 04de860b1b2..9b6e0880401 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java @@ -9,6 +9,7 @@ import java.nio.file.Path; import org.apache.lucene.util.SetOnce; import org.elasticsearch.bootstrap.BootstrapCheck; +import org.elasticsearch.bootstrap.BootstrapContext; import org.elasticsearch.xpack.security.authc.RealmConfig; /** @@ -27,7 +28,7 @@ public class RoleMappingFileBootstrapCheck implements BootstrapCheck { } @Override - public boolean check() { + public boolean check(BootstrapContext context) { try { DnRoleMapper.parseFile(path, realmConfig.logger(getClass()), realmConfig.type(), realmConfig.name(), true); return false; diff --git a/plugin/src/main/java/org/elasticsearch/xpack/ssl/SSLBootstrapCheck.java b/plugin/src/main/java/org/elasticsearch/xpack/ssl/SSLBootstrapCheck.java index 909dd7228fb..4146215369a 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/ssl/SSLBootstrapCheck.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/ssl/SSLBootstrapCheck.java @@ -7,6 +7,7 @@ package org.elasticsearch.xpack.ssl; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.bootstrap.BootstrapCheck; +import org.elasticsearch.bootstrap.BootstrapContext; import org.elasticsearch.common.inject.internal.Nullable; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; @@ -33,18 +34,16 @@ import java.util.stream.Stream; public final class SSLBootstrapCheck implements BootstrapCheck { private final SSLService sslService; - private final Settings settings; private final Environment environment; - public SSLBootstrapCheck(SSLService sslService, Settings settings, @Nullable Environment environment) { + public SSLBootstrapCheck(SSLService sslService, @Nullable Environment environment) { this.sslService = sslService; - this.settings = settings; this.environment = environment; } @Override - public boolean check() { - final Settings transportSSLSettings = settings.getByPrefix(XPackSettings.TRANSPORT_SSL_PREFIX); + public boolean check(BootstrapContext context) { + final Settings transportSSLSettings = context.settings.getByPrefix(XPackSettings.TRANSPORT_SSL_PREFIX); return sslService.sslConfiguration(transportSSLSettings).keyConfig() == KeyConfig.NONE || isDefaultCACertificateTrusted() || isDefaultPrivateKeyUsed(); } diff --git a/plugin/src/main/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheck.java b/plugin/src/main/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheck.java index 9da35e4e2ec..d9eafe414dc 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheck.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheck.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.watcher; import org.elasticsearch.bootstrap.BootstrapCheck; +import org.elasticsearch.bootstrap.BootstrapContext; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.xpack.XPackPlugin; @@ -15,17 +16,16 @@ import java.nio.file.Path; final class EncryptSensitiveDataBootstrapCheck implements BootstrapCheck { - private final Settings settings; private final Environment environment; - EncryptSensitiveDataBootstrapCheck(Settings settings, Environment environment) { - this.settings = settings; + EncryptSensitiveDataBootstrapCheck(Environment environment) { this.environment = environment; } @Override - public boolean check() { - return Watcher.ENCRYPT_SENSITIVE_DATA_SETTING.get(settings) && Watcher.ENCRYPTION_KEY_SETTING.exists(settings) == false; + public boolean check(BootstrapContext context) { + return Watcher.ENCRYPT_SENSITIVE_DATA_SETTING.get(context.settings) + && Watcher.ENCRYPTION_KEY_SETTING.exists(context.settings) == false; } @Override diff --git a/plugin/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java b/plugin/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java index 579ef9e57d3..8d3f901ad85 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java @@ -518,6 +518,6 @@ public class Watcher implements ActionPlugin { } public List getBootstrapChecks() { - return Collections.singletonList(new EncryptSensitiveDataBootstrapCheck(settings, new Environment(settings))); + return Collections.singletonList(new EncryptSensitiveDataBootstrapCheck(new Environment(settings))); } } diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheckTests.java b/plugin/src/test/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheckTests.java index 5f6e0b4559a..0ce3ebd9b2a 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheckTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/security/PkiRealmBootstrapCheckTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.security; +import org.elasticsearch.bootstrap.BootstrapContext; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.test.ESTestCase; @@ -14,8 +15,9 @@ import org.elasticsearch.xpack.ssl.SSLService; public class PkiRealmBootstrapCheckTests extends ESTestCase { public void testPkiRealmBootstrapDefault() throws Exception { - assertFalse(new PkiRealmBootstrapCheck(Settings.EMPTY, new SSLService(Settings.EMPTY, - new Environment(Settings.builder().put("path.home", createTempDir()).build()))).check()); + assertFalse(new PkiRealmBootstrapCheck(new SSLService(Settings.EMPTY, + new Environment(Settings.builder().put("path.home", createTempDir()).build()))).check((new BootstrapContext(Settings + .EMPTY, null)))); } public void testBootstrapCheckWithPkiRealm() throws Exception { @@ -24,42 +26,42 @@ public class PkiRealmBootstrapCheckTests extends ESTestCase { .put("path.home", createTempDir()) .build(); Environment env = new Environment(settings); - assertFalse(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check()); + assertFalse(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null))); // disable client auth default settings = Settings.builder().put(settings) .put("xpack.ssl.client_authentication", "none") .build(); env = new Environment(settings); - assertTrue(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check()); + assertTrue(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null))); // enable ssl for http settings = Settings.builder().put(settings) .put("xpack.security.http.ssl.enabled", true) .build(); env = new Environment(settings); - assertTrue(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check()); + assertTrue(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null))); // enable client auth for http settings = Settings.builder().put(settings) .put("xpack.security.http.ssl.client_authentication", randomFrom("required", "optional")) .build(); env = new Environment(settings); - assertFalse(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check()); + assertFalse(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null))); // disable http ssl settings = Settings.builder().put(settings) .put("xpack.security.http.ssl.enabled", false) .build(); env = new Environment(settings); - assertTrue(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check()); + assertTrue(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null))); // set transport client auth settings = Settings.builder().put(settings) .put("xpack.security.transport.client_authentication", randomFrom("required", "optional")) .build(); env = new Environment(settings); - assertTrue(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check()); + assertTrue(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null))); // test with transport profile settings = Settings.builder().put(settings) @@ -67,7 +69,7 @@ public class PkiRealmBootstrapCheckTests extends ESTestCase { .put("transport.profiles.foo.xpack.security.ssl.client_authentication", randomFrom("required", "optional")) .build(); env = new Environment(settings); - assertFalse(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check()); + assertFalse(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null))); } public void testBootstrapCheckWithDisabledRealm() throws Exception { @@ -78,6 +80,6 @@ public class PkiRealmBootstrapCheckTests extends ESTestCase { .put("path.home", createTempDir()) .build(); Environment env = new Environment(settings); - assertFalse(new PkiRealmBootstrapCheck(settings, new SSLService(settings, env)).check()); + assertFalse(new PkiRealmBootstrapCheck(new SSLService(settings, env)).check(new BootstrapContext(settings, null))); } } diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/TokenSSLBootsrapCheckTests.java b/plugin/src/test/java/org/elasticsearch/xpack/security/TokenSSLBootsrapCheckTests.java index a795498b2b4..39b33eab0e9 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/security/TokenSSLBootsrapCheckTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/security/TokenSSLBootsrapCheckTests.java @@ -5,39 +5,40 @@ */ package org.elasticsearch.xpack.security; +import org.elasticsearch.bootstrap.BootstrapContext; import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.XPackSettings; -import org.elasticsearch.xpack.security.TokenSSLBootstrapCheck; public class TokenSSLBootsrapCheckTests extends ESTestCase { public void testTokenSSLBootstrapCheck() { Settings settings = Settings.EMPTY; - assertFalse(new TokenSSLBootstrapCheck(settings).check()); + + assertFalse(new TokenSSLBootstrapCheck().check(new BootstrapContext(settings, null))); settings = Settings.builder() .put(NetworkModule.HTTP_ENABLED.getKey(), false) .put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true).build(); - assertFalse(new TokenSSLBootstrapCheck(settings).check()); + assertFalse(new TokenSSLBootstrapCheck().check(new BootstrapContext(settings, null))); settings = Settings.builder().put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true).build(); - assertFalse(new TokenSSLBootstrapCheck(settings).check()); + assertFalse(new TokenSSLBootstrapCheck().check(new BootstrapContext(settings, null))); // XPackSettings.HTTP_SSL_ENABLED default false settings = Settings.builder().put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true).build(); - assertTrue(new TokenSSLBootstrapCheck(settings).check()); + assertTrue(new TokenSSLBootstrapCheck().check(new BootstrapContext(settings, null))); settings = Settings.builder() .put(XPackSettings.HTTP_SSL_ENABLED.getKey(), false) .put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true).build(); - assertTrue(new TokenSSLBootstrapCheck(settings).check()); + assertTrue(new TokenSSLBootstrapCheck().check(new BootstrapContext(settings, null))); settings = Settings.builder() .put(XPackSettings.HTTP_SSL_ENABLED.getKey(), false) .put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true) .put(NetworkModule.HTTP_ENABLED.getKey(), false).build(); - assertFalse(new TokenSSLBootstrapCheck(settings).check()); + assertFalse(new TokenSSLBootstrapCheck().check(new BootstrapContext(settings, null))); } } diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheckTests.java b/plugin/src/test/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheckTests.java index 5894076039b..629df88dc6c 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheckTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheckTests.java @@ -12,6 +12,7 @@ import java.nio.file.Path; import java.util.Collections; import org.elasticsearch.bootstrap.BootstrapCheck; +import org.elasticsearch.bootstrap.BootstrapContext; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.ESTestCase; @@ -45,7 +46,7 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase { final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config); assertThat(check, notNullValue()); assertThat(check.alwaysEnforce(), equalTo(true)); - assertThat(check.check(), equalTo(false)); + assertThat(check.check(new BootstrapContext(settings, null)), equalTo(false)); } public void testBootstrapCheckOfMissingFile() { @@ -58,7 +59,7 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase { final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config); assertThat(check, notNullValue()); assertThat(check.alwaysEnforce(), equalTo(true)); - assertThat(check.check(), equalTo(true)); + assertThat(check.check(new BootstrapContext(settings, null)), equalTo(true)); assertThat(check.errorMessage(), containsString("the-realm-name")); assertThat(check.errorMessage(), containsString(fileName)); assertThat(check.errorMessage(), containsString("does not exist")); @@ -76,7 +77,7 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase { final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config); assertThat(check, notNullValue()); assertThat(check.alwaysEnforce(), equalTo(true)); - assertThat(check.check(), equalTo(true)); + assertThat(check.check(new BootstrapContext(settings, null)), equalTo(true)); assertThat(check.errorMessage(), containsString("the-realm-name")); assertThat(check.errorMessage(), containsString(file.toString())); assertThat(check.errorMessage(), containsString("could not read")); @@ -94,7 +95,7 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase { final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config); assertThat(check, notNullValue()); assertThat(check.alwaysEnforce(), equalTo(true)); - assertThat(check.check(), equalTo(true)); + assertThat(check.check(new BootstrapContext(settings, null)), equalTo(true)); assertThat(check.errorMessage(), containsString("the-realm-name")); assertThat(check.errorMessage(), containsString(file.toString())); assertThat(check.errorMessage(), containsString("invalid DN")); diff --git a/plugin/src/test/java/org/elasticsearch/xpack/ssl/SSLBootstrapCheckTests.java b/plugin/src/test/java/org/elasticsearch/xpack/ssl/SSLBootstrapCheckTests.java index 83a9b542392..734814cc6b6 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/ssl/SSLBootstrapCheckTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/ssl/SSLBootstrapCheckTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.ssl; +import org.elasticsearch.bootstrap.BootstrapContext; import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; @@ -14,8 +15,8 @@ public class SSLBootstrapCheckTests extends ESTestCase { public void testSSLBootstrapCheckWithNoKey() throws Exception { SSLService sslService = new SSLService(Settings.EMPTY, null); - SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(sslService, Settings.EMPTY, null); - assertTrue(bootstrapCheck.check()); + SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(sslService, null); + assertTrue(bootstrapCheck.check(new BootstrapContext(Settings.EMPTY, null))); } public void testSSLBootstrapCheckWithKey() throws Exception { @@ -31,8 +32,8 @@ public class SSLBootstrapCheckTests extends ESTestCase { .setSecureSettings(secureSettings) .build(); final Environment env = randomBoolean() ? new Environment(settings) : null; - SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), settings, env); - assertFalse(bootstrapCheck.check()); + SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), env); + assertFalse(bootstrapCheck.check(new BootstrapContext(settings, null))); } public void testSSLBootstrapCheckWithDefaultCABeingTrusted() throws Exception { @@ -51,15 +52,15 @@ public class SSLBootstrapCheckTests extends ESTestCase { .setSecureSettings(secureSettings) .build(); final Environment env = randomBoolean() ? new Environment(settings) : null; - SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), settings, env); - assertTrue(bootstrapCheck.check()); + SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), env); + assertTrue(bootstrapCheck.check(new BootstrapContext(settings, null))); settings = Settings.builder().put(settings.filter((s) -> s.contains(".certificate_authorities"))) .put("xpack.security.http.ssl.certificate_authorities", getDataPath("/org/elasticsearch/xpack/ssl/ca.pem").toString()) .build(); - bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), settings, env); - assertTrue(bootstrapCheck.check()); + bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), env); + assertTrue(bootstrapCheck.check(new BootstrapContext(settings, null))); } public void testSSLBootstrapCheckWithDefaultKeyBeingUsed() throws Exception { @@ -77,8 +78,8 @@ public class SSLBootstrapCheckTests extends ESTestCase { .setSecureSettings(secureSettings) .build(); final Environment env = randomBoolean() ? new Environment(settings) : null; - SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), settings, env); - assertTrue(bootstrapCheck.check()); + SSLBootstrapCheck bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), env); + assertTrue(bootstrapCheck.check(new BootstrapContext(settings, null))); settings = Settings.builder().put(settings.filter((s) -> s.contains(".http.ssl."))) .put("xpack.security.transport.profiles.foo.xpack.security.ssl.key", @@ -86,7 +87,7 @@ public class SSLBootstrapCheckTests extends ESTestCase { .put("xpack.security.transport.profiles.foo.xpack.security.ssl.certificate", getDataPath("/org/elasticsearch/xpack/ssl/ca.pem").toString()) .build(); - bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), settings, env); - assertTrue(bootstrapCheck.check()); + bootstrapCheck = new SSLBootstrapCheck(new SSLService(settings, env), env); + assertTrue(bootstrapCheck.check(new BootstrapContext(settings, null))); } } diff --git a/plugin/src/test/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheckTests.java b/plugin/src/test/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheckTests.java index a3830238b4a..d2ebab59d7f 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheckTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/watcher/EncryptSensitiveDataBootstrapCheckTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.watcher; +import org.elasticsearch.bootstrap.BootstrapContext; import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; @@ -16,8 +17,8 @@ public class EncryptSensitiveDataBootstrapCheckTests extends ESTestCase { public void testDefaultIsFalse() { Settings settings = Settings.builder().put("path.home", createTempDir()).build(); Environment env = new Environment(settings); - EncryptSensitiveDataBootstrapCheck check = new EncryptSensitiveDataBootstrapCheck(settings, env); - assertFalse(check.check()); + EncryptSensitiveDataBootstrapCheck check = new EncryptSensitiveDataBootstrapCheck(env); + assertFalse(check.check(new BootstrapContext(settings, null))); assertTrue(check.alwaysEnforce()); } @@ -27,8 +28,8 @@ public class EncryptSensitiveDataBootstrapCheckTests extends ESTestCase { .put(Watcher.ENCRYPT_SENSITIVE_DATA_SETTING.getKey(), true) .build(); Environment env = new Environment(settings); - EncryptSensitiveDataBootstrapCheck check = new EncryptSensitiveDataBootstrapCheck(settings, env); - assertTrue(check.check()); + EncryptSensitiveDataBootstrapCheck check = new EncryptSensitiveDataBootstrapCheck(env); + assertTrue(check.check(new BootstrapContext(settings, null))); } public void testKeyInKeystore() { @@ -40,7 +41,7 @@ public class EncryptSensitiveDataBootstrapCheckTests extends ESTestCase { .setSecureSettings(secureSettings) .build(); Environment env = new Environment(settings); - EncryptSensitiveDataBootstrapCheck check = new EncryptSensitiveDataBootstrapCheck(settings, env); - assertFalse(check.check()); + EncryptSensitiveDataBootstrapCheck check = new EncryptSensitiveDataBootstrapCheck(env); + assertFalse(check.check(new BootstrapContext(settings, null))); } }