Remove guice from ssl services
This change removes guice from the client and server ssl services. Original commit: elastic/x-pack-elasticsearch@d60f8ca474
This commit is contained in:
Ryan Ernst
parent
8e5936e86c
commit
07bb586f1e
|
|
@ -36,6 +36,7 @@ import org.elasticsearch.env.Environment;
|
|||
import org.elasticsearch.index.IndexModule;
|
||||
import org.elasticsearch.plugins.ActionPlugin;
|
||||
import org.elasticsearch.rest.RestHandler;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.elasticsearch.xpack.security.action.SecurityActionModule;
|
||||
import org.elasticsearch.xpack.security.action.filter.SecurityActionFilter;
|
||||
|
|
@ -87,8 +88,9 @@ import org.elasticsearch.xpack.security.rest.action.user.RestChangePasswordActio
|
|||
import org.elasticsearch.xpack.security.rest.action.user.RestDeleteUserAction;
|
||||
import org.elasticsearch.xpack.security.rest.action.user.RestGetUsersAction;
|
||||
import org.elasticsearch.xpack.security.rest.action.user.RestPutUserAction;
|
||||
import org.elasticsearch.xpack.security.ssl.ClientSSLService;
|
||||
import org.elasticsearch.xpack.security.ssl.SSLConfiguration;
|
||||
import org.elasticsearch.xpack.security.ssl.SSLModule;
|
||||
import org.elasticsearch.xpack.security.ssl.ServerSSLService;
|
||||
import org.elasticsearch.xpack.security.support.OptionalSettings;
|
||||
import org.elasticsearch.xpack.security.transport.SecurityClientTransportService;
|
||||
import org.elasticsearch.xpack.security.transport.SecurityServerTransportService;
|
||||
|
|
@ -115,6 +117,7 @@ public class Security implements ActionPlugin {
|
|||
public static final Setting<Optional<String>> USER_SETTING = OptionalSettings.createString(setting("user"), Property.NodeScope);
|
||||
|
||||
private final Settings settings;
|
||||
private final Environment env;
|
||||
private final boolean enabled;
|
||||
private final boolean transportClientMode;
|
||||
private final SecurityLicenseState securityLicenseState;
|
||||
|
|
@ -122,6 +125,7 @@ public class Security implements ActionPlugin {
|
|||
|
||||
public Security(Settings settings, Environment env) throws IOException {
|
||||
this.settings = settings;
|
||||
this.env = env;
|
||||
this.transportClientMode = XPackPlugin.transportClientMode(settings);
|
||||
this.enabled = XPackPlugin.featureEnabled(settings, NAME, true);
|
||||
if (enabled && transportClientMode == false) {
|
||||
|
|
@ -154,7 +158,12 @@ public class Security implements ActionPlugin {
|
|||
}
|
||||
modules.add(new SecurityModule(settings));
|
||||
modules.add(new SecurityTransportModule(settings));
|
||||
modules.add(new SSLModule(settings));
|
||||
modules.add(b -> {
|
||||
// for transport client we still must construct these ssl classes with guice
|
||||
b.bind(ServerSSLService.class).toProvider(Providers.<ServerSSLService>of(null));
|
||||
b.bind(ClientSSLService.class).toInstance(new ClientSSLService(settings, new SSLConfiguration.Global(settings)));
|
||||
});
|
||||
|
||||
return modules;
|
||||
}
|
||||
|
||||
|
|
@ -178,7 +187,6 @@ public class Security implements ActionPlugin {
|
|||
modules.add(new SecurityRestModule(settings));
|
||||
modules.add(new SecurityActionModule(settings));
|
||||
modules.add(new SecurityTransportModule(settings));
|
||||
modules.add(new SSLModule(settings));
|
||||
return modules;
|
||||
}
|
||||
|
||||
|
|
@ -192,6 +200,21 @@ public class Security implements ActionPlugin {
|
|||
return list;
|
||||
}
|
||||
|
||||
public Collection<Object> createComponents(ResourceWatcherService resourceWatcherService) {
|
||||
if (enabled == false) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
final SSLConfiguration.Global globalSslConfig = new SSLConfiguration.Global(settings);
|
||||
// client ssl still has an injected ctor b/c it is used by transport client, and
|
||||
// there environmet and resource watcher do not exist, so we must set them after construction
|
||||
final ClientSSLService clientSSLService = new ClientSSLService(settings, globalSslConfig);
|
||||
clientSSLService.setEnvAndResourceWatcher(env, resourceWatcherService);
|
||||
final ServerSSLService serverSSLService = new ServerSSLService(settings, env, globalSslConfig, resourceWatcherService);
|
||||
|
||||
return Arrays.asList(clientSSLService, serverSSLService);
|
||||
}
|
||||
|
||||
public Settings additionalSettings() {
|
||||
if (enabled == false) {
|
||||
return Settings.EMPTY;
|
||||
|
|
|
|||
|
|
@ -152,7 +152,7 @@ public class ESNativeRealmMigrateTool extends MultiCommand {
|
|||
Settings sslSettings = settings.getByPrefix(setting("http.ssl."));
|
||||
SSLConfiguration.Global globalConfig = new SSLConfiguration.Global(settings);
|
||||
final ClientSSLService sslService = new ClientSSLService(sslSettings, globalConfig);
|
||||
sslService.setEnvironment(env);
|
||||
sslService.setEnvAndResourceWatcher(env, null);
|
||||
final HttpsURLConnection httpsConn = (HttpsURLConnection) url.openConnection();
|
||||
AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -5,26 +5,19 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.security.ssl;
|
||||
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
|
||||
|
||||
public class ClientSSLService extends AbstractSSLService {
|
||||
|
||||
@Inject
|
||||
public ClientSSLService(Settings settings, Global globalSSLConfiguration) {
|
||||
super(settings, null, globalSSLConfiguration, null);
|
||||
}
|
||||
|
||||
@Inject(optional = true)
|
||||
public void setEnvironment(Environment environment) {
|
||||
public void setEnvAndResourceWatcher(Environment environment, ResourceWatcherService resourceWatcherService) {
|
||||
this.env = environment;
|
||||
}
|
||||
|
||||
@Inject(optional = true)
|
||||
public void setResourceWatcherService(ResourceWatcherService resourceWatcherService) {
|
||||
this.resourceWatcherService = resourceWatcherService;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,13 +5,6 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.security.ssl;
|
||||
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Setting.Property;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
|
||||
import javax.net.ssl.KeyManagerFactory;
|
||||
import javax.net.ssl.TrustManagerFactory;
|
||||
import java.util.Arrays;
|
||||
|
|
@ -21,6 +14,11 @@ import java.util.Objects;
|
|||
import java.util.Optional;
|
||||
import java.util.function.Function;
|
||||
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Setting.Property;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
|
||||
import static org.elasticsearch.xpack.security.Security.setting;
|
||||
import static org.elasticsearch.xpack.security.support.OptionalSettings.createInt;
|
||||
import static org.elasticsearch.xpack.security.support.OptionalSettings.createString;
|
||||
|
|
@ -181,7 +179,6 @@ public abstract class SSLConfiguration {
|
|||
*
|
||||
* @param settings the global settings to build the SSL configuration from
|
||||
*/
|
||||
@Inject
|
||||
public Global(Settings settings) {
|
||||
this.keyConfig = createGlobalKeyConfig(settings);
|
||||
this.trustConfig = createGlobalTrustConfig(settings, keyConfig);
|
||||
|
|
|
|||
|
|
@ -1,32 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.xpack.security.ssl;
|
||||
|
||||
import org.elasticsearch.common.inject.util.Providers;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
|
||||
import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public class SSLModule extends AbstractSecurityModule {
|
||||
|
||||
public SSLModule(Settings settings) {
|
||||
super(settings);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(boolean clientMode) {
|
||||
bind(Global.class).asEagerSingleton();
|
||||
bind(ClientSSLService.class).asEagerSingleton();
|
||||
if (clientMode) {
|
||||
bind(ServerSSLService.class).toProvider(Providers.<ServerSSLService>of(null));
|
||||
} else {
|
||||
bind(ServerSSLService.class).asEagerSingleton();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -5,15 +5,13 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.security.ssl;
|
||||
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
|
||||
|
||||
public class ServerSSLService extends AbstractSSLService {
|
||||
|
||||
@Inject
|
||||
public ServerSSLService(Settings settings, Environment environment, Global globalSSLConfiguration,
|
||||
ResourceWatcherService resourceWatcherService) {
|
||||
super(settings, environment, globalSSLConfiguration, resourceWatcherService);
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ public class AbstractActiveDirectoryIntegTests extends ESTestCase {
|
|||
globalSettings = builder.build();
|
||||
Environment environment = new Environment(globalSettings);
|
||||
clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings));
|
||||
clientSSLService.setEnvironment(environment);
|
||||
clientSSLService.setEnvAndResourceWatcher(environment, null);
|
||||
}
|
||||
|
||||
Settings buildAdSettings(String ldapUrl, String adDomainName, String userSearchDN, LdapSearchScope scope,
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ public abstract class GroupsResolverTestCase extends ESTestCase {
|
|||
Settings settings = builder.build();
|
||||
Environment env = new Environment(settings);
|
||||
ClientSSLService clientSSLService = new ClientSSLService(settings, new Global(settings));
|
||||
clientSSLService.setEnvironment(env);
|
||||
clientSSLService.setEnvAndResourceWatcher(env, null);
|
||||
|
||||
LDAPURL ldapurl = new LDAPURL(ldapUrl());
|
||||
LDAPConnectionOptions options = new LDAPConnectionOptions();
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase {
|
|||
.put("xpack.security.ssl.keystore.password", "changeit")
|
||||
.build();
|
||||
clientSSLService = new ClientSSLService(settings, new Global(settings));
|
||||
clientSSLService.setEnvironment(env);
|
||||
clientSSLService.setEnvAndResourceWatcher(env, null);
|
||||
|
||||
globalSettings = Settings.builder().put("path.home", createTempDir()).build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ public class OpenLdapTests extends ESTestCase {
|
|||
globalSettings = builder.build();
|
||||
Environment environment = new Environment(globalSettings);
|
||||
clientSSLService = new ClientSSLService(globalSettings, new Global(globalSettings));
|
||||
clientSSLService.setEnvironment(environment);
|
||||
clientSSLService.setEnvAndResourceWatcher(environment, null);
|
||||
}
|
||||
|
||||
public void testConnect() throws Exception {
|
||||
|
|
|
|||
|
|
@ -285,7 +285,7 @@ public class ClientSSLServiceTests extends ESTestCase {
|
|||
|
||||
private ClientSSLService createClientSSLService(Settings settings) {
|
||||
ClientSSLService clientSSLService = new ClientSSLService(settings, new Global(settings));
|
||||
clientSSLService.setEnvironment(env);
|
||||
clientSSLService.setEnvAndResourceWatcher(env, null);
|
||||
return clientSSLService;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ public class SecurityNetty3TransportTests extends ESTestCase {
|
|||
Global globalSSLConfiguration = new Global(settings);
|
||||
serverSSLService = new ServerSSLService(settings, env, globalSSLConfiguration, null);
|
||||
clientSSLService = new ClientSSLService(settings, globalSSLConfiguration);
|
||||
clientSSLService.setEnvironment(env);
|
||||
clientSSLService.setEnvAndResourceWatcher(env, null);
|
||||
}
|
||||
|
||||
public void testThatSSLCanBeDisabledByProfile() throws Exception {
|
||||
|
|
|
|||
|
|
@ -192,6 +192,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin {
|
|||
components.add(internalClient);
|
||||
|
||||
components.addAll(licensing.createComponents(clusterService, getClock(), security.getSecurityLicenseState()));
|
||||
components.addAll(security.createComponents(resourceWatcherService));
|
||||
|
||||
// watcher http stuff
|
||||
Map<String, HttpAuthFactory> httpAuthFactories = new HashMap<>();
|
||||
|
|
|
|||
Loading…
Reference in New Issue