Merge branch 'master' into enhancement/rollover_api
Original commit: elastic/x-pack-elasticsearch@f7a6e27f12
This commit is contained in:
Areek Zillur
commit
09b8495974
|
|
@ -14,6 +14,7 @@ subprojects {
|
|||
}
|
||||
|
||||
task bundlePack(type: Zip) {
|
||||
onlyIf { project('kibana').bundlePlugin.enabled }
|
||||
dependsOn 'elasticsearch:x-pack:bundlePlugin'
|
||||
dependsOn 'kibana:bundlePlugin'
|
||||
from { zipTree(project('elasticsearch:x-pack').bundlePlugin.outputs.files.singleFile) }
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import org.elasticsearch.plugins.Plugin;
|
|||
import org.elasticsearch.script.groovy.GroovyPlugin;
|
||||
import org.elasticsearch.search.aggregations.AggregationBuilders;
|
||||
import org.elasticsearch.search.aggregations.bucket.histogram.Histogram;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.xpack.watcher.condition.script.ExecutableScriptCondition;
|
||||
import org.elasticsearch.xpack.watcher.condition.script.ScriptCondition;
|
||||
|
|
@ -49,7 +50,7 @@ public class GroovyScriptConditionIT extends AbstractWatcherIntegrationTestCase
|
|||
|
||||
@BeforeClass
|
||||
public static void startThreadPool() {
|
||||
THREAD_POOL = new ThreadPool(GroovyScriptConditionIT.class.getSimpleName());
|
||||
THREAD_POOL = new TestThreadPool(GroovyScriptConditionIT.class.getSimpleName());
|
||||
}
|
||||
|
||||
@Before
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ import org.elasticsearch.common.settings.Settings;
|
|||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.script.ScriptContextRegistry;
|
||||
import org.elasticsearch.script.ScriptEngineRegistry;
|
||||
import org.elasticsearch.script.ScriptEngineService;
|
||||
import org.elasticsearch.script.ScriptService;
|
||||
import org.elasticsearch.script.ScriptSettings;
|
||||
import org.elasticsearch.script.groovy.GroovyScriptEngineService;
|
||||
|
|
@ -25,8 +24,7 @@ import org.junit.Ignore;
|
|||
import org.mockito.Mockito;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.Collections;
|
||||
|
||||
@Ignore // not a test.
|
||||
@SuppressForbidden(reason = "gradle is broken and tries to run me as a test")
|
||||
|
|
@ -38,19 +36,13 @@ public final class MessyTestUtils {
|
|||
.put("path.home", LuceneTestCase.createTempDir())
|
||||
.build();
|
||||
GroovyScriptEngineService groovyScriptEngineService = new GroovyScriptEngineService(settings);
|
||||
Set<ScriptEngineService> engineServiceSet = new HashSet<>();
|
||||
engineServiceSet.add(groovyScriptEngineService);
|
||||
ScriptEngineRegistry scriptEngineRegistry = new ScriptEngineRegistry(
|
||||
Arrays.asList(
|
||||
new ScriptEngineRegistry.ScriptEngineRegistration(GroovyScriptEngineService.class, GroovyScriptEngineService.NAME)
|
||||
)
|
||||
);
|
||||
ScriptEngineRegistry scriptEngineRegistry = new ScriptEngineRegistry(Collections.singleton(groovyScriptEngineService));
|
||||
ScriptContextRegistry scriptContextRegistry = new ScriptContextRegistry(Arrays.asList(ScriptServiceProxy.INSTANCE));
|
||||
|
||||
ClusterService clusterService = Mockito.mock(ClusterService.class);
|
||||
Mockito.when(clusterService.state()).thenReturn(ClusterState.builder(new ClusterName("_name")).build());
|
||||
ScriptSettings scriptSettings = new ScriptSettings(scriptEngineRegistry, scriptContextRegistry);
|
||||
return ScriptServiceProxy.of(new ScriptService(settings, new Environment(settings), engineServiceSet,
|
||||
return ScriptServiceProxy.of(new ScriptService(settings, new Environment(settings),
|
||||
new ResourceWatcherService(settings, tp), scriptEngineRegistry, scriptContextRegistry, scriptSettings),
|
||||
clusterService);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ import org.elasticsearch.search.aggregations.bucket.histogram.Histogram;
|
|||
import org.elasticsearch.search.internal.InternalSearchHit;
|
||||
import org.elasticsearch.search.internal.InternalSearchHits;
|
||||
import org.elasticsearch.search.internal.InternalSearchResponse;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.xpack.watcher.condition.script.ExecutableScriptCondition;
|
||||
import org.elasticsearch.xpack.watcher.condition.script.ScriptCondition;
|
||||
|
|
@ -50,7 +51,7 @@ public class ScriptConditionSearchIT extends AbstractWatcherIntegrationTestCase
|
|||
|
||||
@Before
|
||||
public void init() throws Exception {
|
||||
tp = new ThreadPool(ThreadPool.Names.SAME);
|
||||
tp = new TestThreadPool(ThreadPool.Names.SAME);
|
||||
scriptService = MessyTestUtils.getScriptServiceProxy(tp);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ import org.elasticsearch.script.GeneralScriptException;
|
|||
import org.elasticsearch.script.ScriptService.ScriptType;
|
||||
import org.elasticsearch.search.internal.InternalSearchResponse;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.xpack.watcher.condition.Condition;
|
||||
import org.elasticsearch.xpack.watcher.condition.script.ExecutableScriptCondition;
|
||||
|
|
@ -49,7 +50,7 @@ public class ScriptConditionTests extends ESTestCase {
|
|||
|
||||
@Before
|
||||
public void init() {
|
||||
tp = new ThreadPool(ThreadPool.Names.SAME);
|
||||
tp = new TestThreadPool(ThreadPool.Names.SAME);
|
||||
}
|
||||
|
||||
@After
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ processResources {
|
|||
|
||||
task buildZip(type:Zip, dependsOn: [jar]) {
|
||||
from 'build/resources/main/x-pack-extension-descriptor.properties'
|
||||
from 'build/resources/main/x-pack-extension-security.policy'
|
||||
from project.jar
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,9 @@ import org.elasticsearch.example.realm.CustomRealmFactory;
|
|||
import org.elasticsearch.shield.authc.AuthenticationModule;
|
||||
import org.elasticsearch.xpack.extensions.XPackExtension;
|
||||
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
|
||||
public class ExampleRealmExtension extends XPackExtension {
|
||||
@Override
|
||||
public String name() {
|
||||
|
|
@ -25,5 +28,10 @@ public class ExampleRealmExtension extends XPackExtension {
|
|||
public void onModule(AuthenticationModule authenticationModule) {
|
||||
authenticationModule.addCustomRealm(CustomRealm.TYPE, CustomRealmFactory.class);
|
||||
authenticationModule.setAuthenticationFailureHandler(CustomAuthenticationFailureHandler.class);
|
||||
// check that the extension's policy works.
|
||||
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
|
||||
System.getSecurityManager().checkPrintJobAccess();
|
||||
return null;
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
grant {
|
||||
permission java.lang.RuntimePermission "queuePrintJob";
|
||||
};
|
||||
|
|
@ -49,18 +49,14 @@ public class WatcherTemplateTests extends ESTestCase {
|
|||
public void init() throws Exception {
|
||||
Settings setting = Settings.builder().put(ScriptService.SCRIPT_AUTO_RELOAD_ENABLED_SETTING, true).build();
|
||||
Environment environment = Mockito.mock(Environment.class);
|
||||
Set<ScriptEngineService> engines = Collections.singleton(new MustacheScriptEngineService(setting));
|
||||
ResourceWatcherService resourceWatcherService = Mockito.mock(ResourceWatcherService.class);
|
||||
ScriptContextRegistry registry = new ScriptContextRegistry(Collections.singletonList(ScriptServiceProxy.INSTANCE));
|
||||
|
||||
ScriptEngineRegistry scriptEngineRegistry = new ScriptEngineRegistry(
|
||||
Arrays.asList(
|
||||
new ScriptEngineRegistry.ScriptEngineRegistration(MustacheScriptEngineService.class,
|
||||
MustacheScriptEngineService.NAME)
|
||||
)
|
||||
Collections.singleton(new MustacheScriptEngineService(setting))
|
||||
);
|
||||
ScriptSettings scriptSettings = new ScriptSettings(scriptEngineRegistry, registry);
|
||||
ScriptService scriptService = new ScriptService(setting, environment, engines, resourceWatcherService, scriptEngineRegistry,
|
||||
ScriptService scriptService = new ScriptService(setting, environment, resourceWatcherService, scriptEngineRegistry,
|
||||
registry, scriptSettings);
|
||||
ClusterService clusterService = Mockito.mock(ClusterService.class);
|
||||
Mockito.when(clusterService.state()).thenReturn(ClusterState.builder(new ClusterName("_name")).build());
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph;
|
||||
package org.elasticsearch.xpack.graph;
|
||||
|
||||
import org.elasticsearch.action.ActionModule;
|
||||
import org.elasticsearch.common.component.LifecycleComponent;
|
||||
|
|
@ -12,14 +12,15 @@ import org.elasticsearch.common.network.NetworkModule;
|
|||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
import org.elasticsearch.graph.action.GraphExploreAction;
|
||||
import org.elasticsearch.graph.action.TransportGraphExploreAction;
|
||||
import org.elasticsearch.graph.rest.action.RestGraphAction;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.elasticsearch.xpack.graph.action.GraphExploreAction;
|
||||
import org.elasticsearch.xpack.graph.action.TransportGraphExploreAction;
|
||||
import org.elasticsearch.xpack.graph.rest.action.RestGraphAction;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
public class Graph extends Plugin {
|
||||
|
||||
|
|
@ -69,10 +70,12 @@ public class Graph extends Plugin {
|
|||
if (enabled && transportClientMode == false) {
|
||||
module.registerRestHandler(RestGraphAction.class);
|
||||
}
|
||||
}
|
||||
|
||||
public void onModule(SettingsModule module) {
|
||||
module.registerSetting(Setting.boolSetting(XPackPlugin.featureEnabledSetting(NAME), true, Setting.Property.NodeScope));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public List<Setting<?>> getSettings() {
|
||||
return Collections.singletonList(Setting.boolSetting(XPackPlugin.featureEnabledSetting(NAME), true, Setting.Property.NodeScope));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph;
|
||||
package org.elasticsearch.xpack.graph;
|
||||
|
||||
import org.elasticsearch.common.Nullable;
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph;
|
||||
package org.elasticsearch.xpack.graph;
|
||||
|
||||
import org.elasticsearch.common.Strings;
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph;
|
||||
package org.elasticsearch.xpack.graph;
|
||||
|
||||
import org.elasticsearch.common.inject.AbstractModule;
|
||||
import org.elasticsearch.common.inject.util.Providers;
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph.action;
|
||||
package org.elasticsearch.xpack.graph.action;
|
||||
|
||||
import com.carrotsearch.hppc.ObjectIntHashMap;
|
||||
|
||||
|
|
@ -11,7 +11,7 @@ import org.elasticsearch.common.io.stream.StreamInput;
|
|||
import org.elasticsearch.common.io.stream.StreamOutput;
|
||||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||
import org.elasticsearch.common.xcontent.ToXContent.Params;
|
||||
import org.elasticsearch.graph.action.Vertex.VertexId;
|
||||
import org.elasticsearch.xpack.graph.action.Vertex.VertexId;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Map;
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph.action;
|
||||
package org.elasticsearch.xpack.graph.action;
|
||||
|
||||
import org.elasticsearch.action.Action;
|
||||
import org.elasticsearch.client.ElasticsearchClient;
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph.action;
|
||||
package org.elasticsearch.xpack.graph.action;
|
||||
|
||||
import org.elasticsearch.action.ActionRequest;
|
||||
import org.elasticsearch.action.ActionRequestValidationException;
|
||||
|
|
@ -149,9 +149,7 @@ public class GraphExploreRequest extends ActionRequest<GraphExploreRequest> impl
|
|||
indicesOptions = IndicesOptions.readIndicesOptions(in);
|
||||
types = in.readStringArray();
|
||||
routing = in.readOptionalString();
|
||||
if (in.readBoolean()) {
|
||||
timeout = TimeValue.readTimeValue(in);
|
||||
}
|
||||
timeout = in.readOptionalWriteable(TimeValue::new);
|
||||
sampleSize = in.readInt();
|
||||
sampleDiversityField = in.readOptionalString();
|
||||
maxDocsPerDiversityValue = in.readInt();
|
||||
|
|
@ -177,7 +175,7 @@ public class GraphExploreRequest extends ActionRequest<GraphExploreRequest> impl
|
|||
indicesOptions.writeIndicesOptions(out);
|
||||
out.writeStringArray(types);
|
||||
out.writeOptionalString(routing);
|
||||
out.writeOptionalStreamable(timeout);
|
||||
out.writeOptionalWriteable(timeout);
|
||||
|
||||
out.writeInt(sampleSize);
|
||||
out.writeOptionalString(sampleDiversityField);
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph.action;
|
||||
package org.elasticsearch.xpack.graph.action;
|
||||
|
||||
import org.elasticsearch.action.ActionRequestBuilder;
|
||||
import org.elasticsearch.action.support.IndicesOptions;
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph.action;
|
||||
package org.elasticsearch.xpack.graph.action;
|
||||
|
||||
import com.carrotsearch.hppc.ObjectIntHashMap;
|
||||
|
||||
|
|
@ -15,8 +15,8 @@ import org.elasticsearch.common.io.stream.StreamOutput;
|
|||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.common.xcontent.ToXContent;
|
||||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||
import org.elasticsearch.graph.action.Connection.ConnectionId;
|
||||
import org.elasticsearch.graph.action.Vertex.VertexId;
|
||||
import org.elasticsearch.xpack.graph.action.Connection.ConnectionId;
|
||||
import org.elasticsearch.xpack.graph.action.Vertex.VertexId;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Collection;
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph.action;
|
||||
package org.elasticsearch.xpack.graph.action;
|
||||
|
||||
import org.elasticsearch.action.ActionRequestValidationException;
|
||||
import org.elasticsearch.action.ValidateActions;
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph.action;
|
||||
package org.elasticsearch.xpack.graph.action;
|
||||
|
||||
import org.apache.lucene.search.BooleanQuery;
|
||||
import org.apache.lucene.util.PriorityQueue;
|
||||
|
|
@ -21,10 +21,6 @@ import org.elasticsearch.common.inject.Inject;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.common.util.CollectionUtils;
|
||||
import org.elasticsearch.graph.action.Connection.ConnectionId;
|
||||
import org.elasticsearch.graph.action.GraphExploreRequest.TermBoost;
|
||||
import org.elasticsearch.graph.action.Vertex.VertexId;
|
||||
import org.elasticsearch.graph.GraphLicensee;
|
||||
import org.elasticsearch.index.query.BoolQueryBuilder;
|
||||
import org.elasticsearch.index.query.QueryBuilders;
|
||||
import org.elasticsearch.license.plugin.core.LicenseUtils;
|
||||
|
|
@ -41,6 +37,10 @@ import org.elasticsearch.search.aggregations.bucket.terms.support.IncludeExclude
|
|||
import org.elasticsearch.search.builder.SearchSourceBuilder;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.TransportService;
|
||||
import org.elasticsearch.xpack.graph.GraphLicensee;
|
||||
import org.elasticsearch.xpack.graph.action.Connection.ConnectionId;
|
||||
import org.elasticsearch.xpack.graph.action.GraphExploreRequest.TermBoost;
|
||||
import org.elasticsearch.xpack.graph.action.Vertex.VertexId;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph.action;
|
||||
package org.elasticsearch.xpack.graph.action;
|
||||
|
||||
import org.elasticsearch.common.io.stream.StreamInput;
|
||||
import org.elasticsearch.common.io.stream.StreamOutput;
|
||||
|
|
@ -3,11 +3,11 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph.action;
|
||||
package org.elasticsearch.xpack.graph.action;
|
||||
|
||||
import org.elasticsearch.common.io.stream.StreamInput;
|
||||
import org.elasticsearch.common.io.stream.StreamOutput;
|
||||
import org.elasticsearch.graph.action.GraphExploreRequest.TermBoost;
|
||||
import org.elasticsearch.xpack.graph.action.GraphExploreRequest.TermBoost;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.HashMap;
|
||||
|
|
@ -3,11 +3,11 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph.rest.action;
|
||||
package org.elasticsearch.xpack.graph.rest.action;
|
||||
|
||||
import static org.elasticsearch.graph.action.GraphExploreAction.INSTANCE;
|
||||
import static org.elasticsearch.rest.RestRequest.Method.GET;
|
||||
import static org.elasticsearch.rest.RestRequest.Method.POST;
|
||||
import static org.elasticsearch.xpack.graph.action.GraphExploreAction.INSTANCE;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.HashMap;
|
||||
|
|
@ -25,11 +25,6 @@ import org.elasticsearch.common.settings.Settings;
|
|||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.common.xcontent.XContentFactory;
|
||||
import org.elasticsearch.common.xcontent.XContentParser;
|
||||
import org.elasticsearch.graph.action.GraphExploreRequest;
|
||||
import org.elasticsearch.graph.action.GraphExploreRequest.TermBoost;
|
||||
import org.elasticsearch.graph.action.GraphExploreResponse;
|
||||
import org.elasticsearch.graph.action.Hop;
|
||||
import org.elasticsearch.graph.action.VertexRequest;
|
||||
import org.elasticsearch.index.query.QueryParseContext;
|
||||
import org.elasticsearch.indices.query.IndicesQueriesRegistry;
|
||||
import org.elasticsearch.rest.BaseRestHandler;
|
||||
|
|
@ -38,6 +33,12 @@ import org.elasticsearch.rest.RestController;
|
|||
import org.elasticsearch.rest.RestRequest;
|
||||
import org.elasticsearch.rest.action.support.RestActions;
|
||||
import org.elasticsearch.rest.action.support.RestToXContentListener;
|
||||
import org.elasticsearch.xpack.graph.action.GraphExploreRequest;
|
||||
import org.elasticsearch.xpack.graph.action.GraphExploreResponse;
|
||||
import org.elasticsearch.xpack.graph.action.Hop;
|
||||
import org.elasticsearch.xpack.graph.action.VertexRequest;
|
||||
import org.elasticsearch.xpack.graph.action.GraphExploreRequest.TermBoost;
|
||||
|
||||
|
||||
/**
|
||||
* @see GraphExploreRequest
|
||||
|
|
@ -128,7 +129,7 @@ public class RestGraphAction extends BaseRestHandler {
|
|||
}
|
||||
} else if (token == XContentParser.Token.START_OBJECT) {
|
||||
if (context.getParseFieldMatcher().match(fieldName, QUERY_FIELD)) {
|
||||
currentHop.guidingQuery(context.parseInnerQueryBuilder());
|
||||
context.parseInnerQueryBuilder().ifPresent(currentHop::guidingQuery);
|
||||
} else if (context.getParseFieldMatcher().match(fieldName, CONNECTIONS_FIELD)) {
|
||||
parseHop(parser, context, graphRequest.createNextHop(null), graphRequest);
|
||||
} else if (context.getParseFieldMatcher().match(fieldName, CONTROLS_FIELD)) {
|
||||
|
|
@ -3,11 +3,13 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph;
|
||||
package org.elasticsearch.xpack.graph;
|
||||
|
||||
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.xpack.graph.GraphFeatureSet;
|
||||
import org.elasticsearch.xpack.graph.GraphLicensee;
|
||||
import org.junit.Before;
|
||||
|
||||
import static org.hamcrest.core.Is.is;
|
||||
|
|
@ -3,12 +3,12 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph.license;
|
||||
package org.elasticsearch.xpack.graph.license;
|
||||
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.graph.GraphLicensee;
|
||||
import org.elasticsearch.license.core.License.OperationMode;
|
||||
import org.elasticsearch.license.plugin.core.AbstractLicenseeTestCase;
|
||||
import org.elasticsearch.xpack.graph.GraphLicensee;
|
||||
|
||||
import static org.hamcrest.Matchers.is;
|
||||
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.graph.test;
|
||||
package org.elasticsearch.xpack.graph.test;
|
||||
|
||||
import org.apache.lucene.search.BooleanQuery;
|
||||
import org.elasticsearch.action.ActionRequestValidationException;
|
||||
|
|
@ -11,17 +11,11 @@ import org.elasticsearch.action.search.ShardSearchFailure;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.Settings.Builder;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.graph.action.GraphExploreAction;
|
||||
import org.elasticsearch.graph.action.GraphExploreRequest;
|
||||
import org.elasticsearch.graph.action.GraphExploreRequestBuilder;
|
||||
import org.elasticsearch.graph.action.GraphExploreResponse;
|
||||
import org.elasticsearch.graph.action.Hop;
|
||||
import org.elasticsearch.graph.action.Vertex;
|
||||
import org.elasticsearch.graph.action.VertexRequest;
|
||||
import org.elasticsearch.index.query.QueryBuilders;
|
||||
import org.elasticsearch.index.query.ScriptQueryBuilder;
|
||||
import org.elasticsearch.marvel.Monitoring;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.plugins.ScriptPlugin;
|
||||
import org.elasticsearch.script.AbstractSearchScript;
|
||||
import org.elasticsearch.script.ExecutableScript;
|
||||
import org.elasticsearch.script.NativeScriptFactory;
|
||||
|
|
@ -32,8 +26,17 @@ import org.elasticsearch.shield.Security;
|
|||
import org.elasticsearch.test.ESSingleNodeTestCase;
|
||||
import org.elasticsearch.xpack.watcher.Watcher;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.elasticsearch.xpack.graph.action.GraphExploreAction;
|
||||
import org.elasticsearch.xpack.graph.action.GraphExploreRequest;
|
||||
import org.elasticsearch.xpack.graph.action.GraphExploreRequestBuilder;
|
||||
import org.elasticsearch.xpack.graph.action.GraphExploreResponse;
|
||||
import org.elasticsearch.xpack.graph.action.Hop;
|
||||
import org.elasticsearch.xpack.graph.action.Vertex;
|
||||
import org.elasticsearch.xpack.graph.action.VertexRequest;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.elasticsearch.cluster.metadata.IndexMetaData.SETTING_NUMBER_OF_REPLICAS;
|
||||
|
|
@ -346,7 +349,7 @@ public class GraphTests extends ESSingleNodeTestCase {
|
|||
assertThat(why, strongVertex.getWeight(), greaterThan(weakVertex.getWeight()));
|
||||
}
|
||||
|
||||
public static class ScriptedTimeoutPlugin extends Plugin {
|
||||
public static class ScriptedTimeoutPlugin extends Plugin implements ScriptPlugin {
|
||||
@Override
|
||||
public String name() {
|
||||
return "test-scripted-graph-timeout";
|
||||
|
|
@ -357,8 +360,9 @@ public class GraphTests extends ESSingleNodeTestCase {
|
|||
return "Test for scripted timeouts on graph searches";
|
||||
}
|
||||
|
||||
public void onModule(ScriptModule module) {
|
||||
module.registerScript(NativeTestScriptedTimeout.TEST_NATIVE_SCRIPT_TIMEOUT, NativeTestScriptedTimeout.Factory.class);
|
||||
@Override
|
||||
public List<NativeScriptFactory> getNativeScripts() {
|
||||
return Collections.singletonList(new NativeTestScriptedTimeout.Factory());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -377,6 +381,11 @@ public class GraphTests extends ESSingleNodeTestCase {
|
|||
public boolean needsScores() {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return TEST_NATIVE_SCRIPT_TIMEOUT;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -28,6 +28,7 @@ import org.elasticsearch.license.plugin.rest.RestPutLicenseAction;
|
|||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import static org.elasticsearch.xpack.XPackPlugin.isTribeClientNode;
|
||||
import static org.elasticsearch.xpack.XPackPlugin.isTribeNode;
|
||||
|
|
@ -80,8 +81,8 @@ public class Licensing {
|
|||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
public void onModule(SettingsModule module) {
|
||||
public List<Setting<?>> getSettings() {
|
||||
// TODO convert this wildcard to a real setting
|
||||
module.registerSetting(Setting.groupSetting("license.", Setting.Property.NodeScope));
|
||||
return Collections.singletonList(Setting.groupSetting("license.", Setting.Property.NodeScope));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ import org.elasticsearch.cluster.metadata.MetaData;
|
|||
import org.elasticsearch.common.Nullable;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.graph.Graph;
|
||||
import org.elasticsearch.license.core.License;
|
||||
import org.elasticsearch.license.plugin.action.put.PutLicenseAction;
|
||||
import org.elasticsearch.license.plugin.action.put.PutLicenseRequestBuilder;
|
||||
|
|
@ -31,6 +30,7 @@ import org.elasticsearch.test.ESIntegTestCase;
|
|||
import org.elasticsearch.test.InternalTestCluster;
|
||||
import org.elasticsearch.xpack.watcher.Watcher;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.elasticsearch.xpack.graph.Graph;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
|
|
|
|||
|
|
@ -14,7 +14,9 @@ import org.elasticsearch.common.settings.SettingsModule;
|
|||
import org.elasticsearch.plugins.Plugin;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
public abstract class TestConsumerPluginBase extends Plugin {
|
||||
|
||||
|
|
@ -44,13 +46,11 @@ public abstract class TestConsumerPluginBase extends Plugin {
|
|||
return services;
|
||||
}
|
||||
|
||||
public void onModule(SettingsModule module) {
|
||||
try {
|
||||
module.registerSetting(Setting.simpleString("_trial_license_duration_in_seconds", Setting.Property.NodeScope));
|
||||
module.registerSetting(Setting.simpleString("_grace_duration_in_seconds", Setting.Property.NodeScope));
|
||||
} catch (IllegalArgumentException ex) {
|
||||
// already loaded
|
||||
}
|
||||
@Override
|
||||
public List<Setting<?>> getSettings() {
|
||||
return Arrays.asList(Setting.simpleString("_trial_license_duration_in_seconds", Setting.Property.NodeScope,
|
||||
Setting.Property.Shared), Setting.simpleString("_grace_duration_in_seconds", Setting.Property.NodeScope,
|
||||
Setting.Property.Shared));
|
||||
}
|
||||
|
||||
public abstract Class<? extends TestPluginServiceBase> service();
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ import org.elasticsearch.common.network.NetworkModule;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.transport.TransportAddress;
|
||||
import org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing;
|
||||
import org.elasticsearch.graph.Graph;
|
||||
import org.elasticsearch.marvel.Monitoring;
|
||||
import org.elasticsearch.node.Node;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
|
|
@ -31,6 +30,7 @@ import org.elasticsearch.test.ESIntegTestCase.Scope;
|
|||
import org.elasticsearch.test.InternalTestCluster;
|
||||
import org.elasticsearch.test.NodeConfigurationSource;
|
||||
import org.elasticsearch.test.TestCluster;
|
||||
import org.elasticsearch.xpack.graph.Graph;
|
||||
import org.elasticsearch.xpack.watcher.Watcher;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import org.elasticsearch.action.ActionModule;
|
|||
import org.elasticsearch.common.component.LifecycleComponent;
|
||||
import org.elasticsearch.common.inject.Module;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
import org.elasticsearch.marvel.action.MonitoringBulkAction;
|
||||
|
|
@ -80,7 +81,6 @@ public class Monitoring {
|
|||
}
|
||||
|
||||
public void onModule(SettingsModule module) {
|
||||
MonitoringSettings.register(module);
|
||||
}
|
||||
|
||||
public void onModule(ActionModule module) {
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import org.elasticsearch.common.settings.SettingsModule;
|
|||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.function.Function;
|
||||
|
|
@ -125,22 +126,23 @@ public class MonitoringSettings extends AbstractComponent {
|
|||
public static final Setting<Settings> EXPORTERS_SETTINGS =
|
||||
groupSetting(key("agent.exporters."), Property.Dynamic, Property.NodeScope);
|
||||
|
||||
static void register(SettingsModule module) {
|
||||
module.registerSetting(INDICES);
|
||||
module.registerSetting(INTERVAL);
|
||||
module.registerSetting(INDEX_RECOVERY_TIMEOUT);
|
||||
module.registerSetting(INDEX_STATS_TIMEOUT);
|
||||
module.registerSetting(INDICES_STATS_TIMEOUT);
|
||||
module.registerSetting(INDEX_RECOVERY_ACTIVE_ONLY);
|
||||
module.registerSetting(COLLECTORS);
|
||||
module.registerSetting(CLUSTER_STATE_TIMEOUT);
|
||||
module.registerSetting(CLUSTER_STATS_TIMEOUT);
|
||||
module.registerSetting(HISTORY_DURATION);
|
||||
module.registerSetting(EXPORTERS_SETTINGS);
|
||||
module.registerSetting(ENABLED);
|
||||
public static List<Setting<?>> getSettings() {
|
||||
return Arrays.asList(INDICES,
|
||||
INTERVAL,
|
||||
INDEX_RECOVERY_TIMEOUT,
|
||||
INDEX_STATS_TIMEOUT,
|
||||
INDICES_STATS_TIMEOUT,
|
||||
INDEX_RECOVERY_ACTIVE_ONLY,
|
||||
COLLECTORS,
|
||||
CLUSTER_STATE_TIMEOUT,
|
||||
CLUSTER_STATS_TIMEOUT,
|
||||
HISTORY_DURATION,
|
||||
EXPORTERS_SETTINGS,
|
||||
ENABLED);
|
||||
}
|
||||
|
||||
module.registerSettingsFilter("xpack.monitoring.agent.exporters.*.auth.*");
|
||||
module.registerSettingsFilter("xpack.monitoring.agent.exporters.*.ssl.*");
|
||||
public static List<String> getSettingsFilter() {
|
||||
return Arrays.asList("xpack.monitoring.agent.exporters.*.auth.*", "xpack.monitoring.agent.exporters.*.ssl.*");
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ import org.elasticsearch.marvel.agent.exporter.Exporters;
|
|||
import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.test.transport.CapturingTransport;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.TransportService;
|
||||
import org.junit.After;
|
||||
|
|
@ -74,7 +75,7 @@ public class TransportMonitoringBulkActionTests extends ESTestCase {
|
|||
|
||||
@BeforeClass
|
||||
public static void beforeClass() {
|
||||
threadPool = new ThreadPool(TransportMonitoringBulkActionTests.class.getSimpleName());
|
||||
threadPool = new TestThreadPool(TransportMonitoringBulkActionTests.class.getSimpleName());
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import org.junit.After;
|
|||
import java.util.Map;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
|
|
@ -58,7 +59,7 @@ public class ShardsTests extends MarvelIntegTestCase {
|
|||
public void testShards() throws Exception {
|
||||
logger.debug("--> creating some indices so that shards collector reports data");
|
||||
for (int i = 0; i < randomIntBetween(1, 5); i++) {
|
||||
client().prepareIndex(INDEX_PREFIX + i, "foo").setRefresh(true).setSource("field1", "value1").get();
|
||||
client().prepareIndex(INDEX_PREFIX + i, "foo").setRefreshPolicy(IMMEDIATE).setSource("field1", "value1").get();
|
||||
}
|
||||
|
||||
securedFlush();
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import org.elasticsearch.common.unit.TimeValue;
|
|||
import org.elasticsearch.marvel.MonitoringSettings;
|
||||
import org.elasticsearch.marvel.MonitoringLicensee;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.joda.time.DateTime;
|
||||
import org.joda.time.DateTimeZone;
|
||||
|
|
@ -40,7 +41,7 @@ public class CleanerServiceTests extends ESTestCase {
|
|||
@Before
|
||||
public void start() {
|
||||
clusterSettings = new ClusterSettings(Settings.EMPTY, Collections.singleton(MonitoringSettings.HISTORY_DURATION));
|
||||
threadPool = new ThreadPool("CleanerServiceTests");
|
||||
threadPool = new TestThreadPool("CleanerServiceTests");
|
||||
}
|
||||
|
||||
@After
|
||||
|
|
|
|||
|
|
@ -18,7 +18,6 @@ import org.elasticsearch.common.regex.Regex;
|
|||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Setting.Property;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.index.IndexModule;
|
||||
import org.elasticsearch.shield.action.ShieldActionModule;
|
||||
|
|
@ -188,62 +187,70 @@ public class Security {
|
|||
return settingsBuilder.build();
|
||||
}
|
||||
|
||||
public void onModule(SettingsModule settingsModule) {
|
||||
public List<Setting<?>> getSettings() {
|
||||
List<Setting<?>> settingsList = new ArrayList<>();
|
||||
// always register for both client and node modes
|
||||
XPackPlugin.registerFeatureEnabledSettings(settingsModule, NAME, true);
|
||||
settingsModule.registerSetting(USER_SETTING);
|
||||
XPackPlugin.addFeatureEnabledSettings(settingsList, NAME, true);
|
||||
settingsList.add(USER_SETTING);
|
||||
|
||||
// SSL settings
|
||||
SSLConfiguration.Global.registerSettings(settingsModule);
|
||||
SSLConfiguration.Global.addSettings(settingsList);
|
||||
|
||||
// transport settings
|
||||
ShieldNettyTransport.registerSettings(settingsModule);
|
||||
ShieldNettyTransport.addSettings(settingsList);
|
||||
|
||||
if (transportClientMode) {
|
||||
return;
|
||||
return settingsList;
|
||||
}
|
||||
|
||||
// The following just apply in node mode
|
||||
XPackPlugin.registerFeatureEnabledSettings(settingsModule, DLS_FLS_FEATURE, true);
|
||||
XPackPlugin.addFeatureEnabledSettings(settingsList, DLS_FLS_FEATURE, true);
|
||||
|
||||
// IP Filter settings
|
||||
IPFilter.registerSettings(settingsModule);
|
||||
IPFilter.addSettings(settingsList);
|
||||
|
||||
// audit settings
|
||||
AuditTrailModule.registerSettings(settingsModule);
|
||||
AuditTrailModule.addSettings(settingsList);
|
||||
|
||||
// authentication settings
|
||||
FileRolesStore.registerSettings(settingsModule);
|
||||
AnonymousUser.registerSettings(settingsModule);
|
||||
Realms.registerSettings(settingsModule);
|
||||
NativeUsersStore.registerSettings(settingsModule);
|
||||
NativeRolesStore.registerSettings(settingsModule);
|
||||
InternalAuthenticationService.registerSettings(settingsModule);
|
||||
InternalAuthorizationService.registerSettings(settingsModule);
|
||||
FileRolesStore.addSettings(settingsList);
|
||||
AnonymousUser.addSettings(settingsList);
|
||||
Realms.addSettings(settingsList);
|
||||
NativeUsersStore.addSettings(settingsList);
|
||||
NativeRolesStore.addSettings(settingsList);
|
||||
InternalAuthenticationService.addSettings(settingsList);
|
||||
InternalAuthorizationService.addSettings(settingsList);
|
||||
|
||||
// HTTP settings
|
||||
ShieldNettyHttpServerTransport.registerSettings(settingsModule);
|
||||
ShieldNettyHttpServerTransport.addSettings(settingsList);
|
||||
|
||||
// encryption settings
|
||||
InternalCryptoService.registerSettings(settingsModule);
|
||||
InternalCryptoService.addSettings(settingsList);
|
||||
|
||||
// hide settings
|
||||
settingsModule.registerSetting(Setting.listSetting(setting("hide_settings"), Collections.emptyList(), Function.identity(),
|
||||
settingsList.add(Setting.listSetting(setting("hide_settings"), Collections.emptyList(), Function.identity(),
|
||||
Property.NodeScope, Property.Filtered));
|
||||
return settingsList;
|
||||
}
|
||||
|
||||
|
||||
public List<String> getSettingsFilter() {
|
||||
ArrayList<String> settingsFilter = new ArrayList<>();
|
||||
String[] asArray = settings.getAsArray(setting("hide_settings"));
|
||||
for (String pattern : asArray) {
|
||||
settingsModule.registerSettingsFilter(pattern);
|
||||
settingsFilter.add(pattern);
|
||||
}
|
||||
|
||||
settingsModule.registerSettingsFilter(setting("authc.realms.*.bind_dn"));
|
||||
settingsModule.registerSettingsFilter(setting("authc.realms.*.bind_password"));
|
||||
settingsModule.registerSettingsFilter(setting("authc.realms.*." + SessionFactory.HOSTNAME_VERIFICATION_SETTING));
|
||||
settingsModule.registerSettingsFilter(setting("authc.realms.*.truststore.password"));
|
||||
settingsModule.registerSettingsFilter(setting("authc.realms.*.truststore.path"));
|
||||
settingsModule.registerSettingsFilter(setting("authc.realms.*.truststore.algorithm"));
|
||||
settingsFilter.add(setting("authc.realms.*.bind_dn"));
|
||||
settingsFilter.add(setting("authc.realms.*.bind_password"));
|
||||
settingsFilter.add(setting("authc.realms.*." + SessionFactory.HOSTNAME_VERIFICATION_SETTING));
|
||||
settingsFilter.add(setting("authc.realms.*.truststore.password"));
|
||||
settingsFilter.add(setting("authc.realms.*.truststore.path"));
|
||||
settingsFilter.add(setting("authc.realms.*.truststore.algorithm"));
|
||||
|
||||
// hide settings where we don't define them - they are part of a group...
|
||||
settingsModule.registerSettingsFilter("transport.profiles.*." + setting("*"));
|
||||
settingsFilter.add("transport.profiles.*." + setting("*"));
|
||||
return settingsFilter;
|
||||
}
|
||||
|
||||
public void onIndexModule(IndexModule module) {
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import org.elasticsearch.common.inject.multibindings.Multibinder;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.shield.action.filter.ShieldActionFilter;
|
||||
import org.elasticsearch.shield.action.interceptor.BulkRequestInterceptor;
|
||||
import org.elasticsearch.shield.action.interceptor.FieldStatsRequestInterceptor;
|
||||
import org.elasticsearch.shield.action.interceptor.RealtimeRequestInterceptor;
|
||||
import org.elasticsearch.shield.action.interceptor.RequestInterceptor;
|
||||
import org.elasticsearch.shield.action.interceptor.SearchRequestInterceptor;
|
||||
|
|
@ -34,5 +35,6 @@ public class ShieldActionModule extends AbstractShieldModule.Node {
|
|||
multibinder.addBinding().to(SearchRequestInterceptor.class);
|
||||
multibinder.addBinding().to(UpdateRequestInterceptor.class);
|
||||
multibinder.addBinding().to(BulkRequestInterceptor.class);
|
||||
multibinder.addBinding().to(FieldStatsRequestInterceptor.class);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,12 +47,14 @@ public abstract class FieldAndDocumentLevelSecurityRequestInterceptor<Request> e
|
|||
for (String index : indicesRequest.indices()) {
|
||||
IndicesAccessControl.IndexAccessControl indexAccessControl = indicesAccessControl.getIndexPermissions(index);
|
||||
if (indexAccessControl != null) {
|
||||
boolean fls = indexAccessControl.getFields() != null;
|
||||
boolean dls = indexAccessControl.getQueries() != null;
|
||||
if (fls || dls) {
|
||||
logger.debug("intercepted request for index [{}] with field level or document level security enabled, " +
|
||||
"disabling features", index);
|
||||
disableFeatures(request);
|
||||
boolean fieldLevelSecurityEnabled = indexAccessControl.getFields() != null;
|
||||
boolean documentLevelSecurityEnabled = indexAccessControl.getQueries() != null;
|
||||
if (fieldLevelSecurityEnabled || documentLevelSecurityEnabled) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("intercepted request for index [{}] with field level [{}] or document level [{}] security "
|
||||
+ "enabled, disabling features", index, fieldLevelSecurityEnabled, documentLevelSecurityEnabled);
|
||||
}
|
||||
disableFeatures(request, fieldLevelSecurityEnabled, documentLevelSecurityEnabled);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
|
@ -62,6 +64,6 @@ public abstract class FieldAndDocumentLevelSecurityRequestInterceptor<Request> e
|
|||
}
|
||||
}
|
||||
|
||||
protected abstract void disableFeatures(Request request);
|
||||
protected abstract void disableFeatures(Request request, boolean fieldLevelSecurityEnabled, boolean documentLevelSecurityEnabled);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,34 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield.action.interceptor;
|
||||
|
||||
import org.elasticsearch.action.fieldstats.FieldStatsRequest;
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.TransportRequest;
|
||||
|
||||
/**
|
||||
* Intercepts requests to shards to field level stats and strips fields that the user is not allowed to access from the response.
|
||||
*/
|
||||
public class FieldStatsRequestInterceptor extends FieldAndDocumentLevelSecurityRequestInterceptor<FieldStatsRequest> {
|
||||
@Inject
|
||||
public FieldStatsRequestInterceptor(Settings settings, ThreadPool threadPool) {
|
||||
super(settings, threadPool.getThreadContext());
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supports(TransportRequest request) {
|
||||
return request instanceof FieldStatsRequest;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void disableFeatures(FieldStatsRequest request, boolean fieldLevelSecurityEnabled, boolean documentLevelSecurityEnabled) {
|
||||
if (fieldLevelSecurityEnabled) {
|
||||
request.setUseCache(false);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -23,7 +23,8 @@ public class RealtimeRequestInterceptor extends FieldAndDocumentLevelSecurityReq
|
|||
}
|
||||
|
||||
@Override
|
||||
protected void disableFeatures(RealtimeRequest realtimeRequest) {
|
||||
protected void disableFeatures(RealtimeRequest realtimeRequest, boolean fieldLevelSecurityEnabled,
|
||||
boolean documentLevelSecurityEnabled) {
|
||||
realtimeRequest.realtime(false);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ public class SearchRequestInterceptor extends FieldAndDocumentLevelSecurityReque
|
|||
}
|
||||
|
||||
@Override
|
||||
public void disableFeatures(SearchRequest request) {
|
||||
public void disableFeatures(SearchRequest request, boolean fieldLevelSecurityEnabled, boolean documentLevelSecurityEnabled) {
|
||||
request.requestCache(false);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ public class UpdateRequestInterceptor extends FieldAndDocumentLevelSecurityReque
|
|||
}
|
||||
|
||||
@Override
|
||||
protected void disableFeatures(UpdateRequest updateRequest) {
|
||||
protected void disableFeatures(UpdateRequest updateRequest, boolean fieldLevelSecurityEnabled, boolean documentLevelSecurityEnabled) {
|
||||
throw new ElasticsearchSecurityException("Can't execute an update request if field or document level security is enabled",
|
||||
RestStatus.BAD_REQUEST);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@ package org.elasticsearch.shield.action.role;
|
|||
|
||||
import org.elasticsearch.action.ActionRequest;
|
||||
import org.elasticsearch.action.ActionRequestValidationException;
|
||||
import org.elasticsearch.action.support.WriteRequest;
|
||||
import org.elasticsearch.action.support.WriteRequest.RefreshPolicy;
|
||||
import org.elasticsearch.common.Nullable;
|
||||
import org.elasticsearch.common.Strings;
|
||||
import org.elasticsearch.common.bytes.BytesReference;
|
||||
|
|
@ -24,13 +26,13 @@ import static org.elasticsearch.action.ValidateActions.addValidationError;
|
|||
/**
|
||||
* Request object for adding a role to the shield index
|
||||
*/
|
||||
public class PutRoleRequest extends ActionRequest<PutRoleRequest> {
|
||||
public class PutRoleRequest extends ActionRequest<PutRoleRequest> implements WriteRequest<PutRoleRequest> {
|
||||
|
||||
private String name;
|
||||
private String[] clusterPrivileges = Strings.EMPTY_ARRAY;
|
||||
private List<RoleDescriptor.IndicesPrivileges> indicesPrivileges = new ArrayList<>();
|
||||
private String[] runAs = Strings.EMPTY_ARRAY;
|
||||
private boolean refresh = true;
|
||||
private RefreshPolicy refreshPolicy = RefreshPolicy.IMMEDIATE;
|
||||
|
||||
public PutRoleRequest() {
|
||||
}
|
||||
|
|
@ -69,8 +71,19 @@ public class PutRoleRequest extends ActionRequest<PutRoleRequest> {
|
|||
this.runAs = usernames;
|
||||
}
|
||||
|
||||
public void refresh(boolean refresh) {
|
||||
this.refresh = refresh;
|
||||
@Override
|
||||
public PutRoleRequest setRefreshPolicy(RefreshPolicy refreshPolicy) {
|
||||
this.refreshPolicy = refreshPolicy;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Should this request trigger a refresh ({@linkplain RefreshPolicy#IMMEDIATE}, the default), wait for a refresh (
|
||||
* {@linkplain RefreshPolicy#WAIT_UNTIL}), or proceed ignore refreshes entirely ({@linkplain RefreshPolicy#NONE}).
|
||||
*/
|
||||
@Override
|
||||
public WriteRequest.RefreshPolicy getRefreshPolicy() {
|
||||
return refreshPolicy;
|
||||
}
|
||||
|
||||
public String name() {
|
||||
|
|
@ -89,10 +102,6 @@ public class PutRoleRequest extends ActionRequest<PutRoleRequest> {
|
|||
return runAs;
|
||||
}
|
||||
|
||||
public boolean refresh() {
|
||||
return refresh;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void readFrom(StreamInput in) throws IOException {
|
||||
super.readFrom(in);
|
||||
|
|
@ -104,7 +113,7 @@ public class PutRoleRequest extends ActionRequest<PutRoleRequest> {
|
|||
indicesPrivileges.add(RoleDescriptor.IndicesPrivileges.createFrom(in));
|
||||
}
|
||||
runAs = in.readStringArray();
|
||||
refresh = in.readBoolean();
|
||||
refreshPolicy = RefreshPolicy.readFrom(in);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -117,7 +126,7 @@ public class PutRoleRequest extends ActionRequest<PutRoleRequest> {
|
|||
index.writeTo(out);
|
||||
}
|
||||
out.writeStringArray(runAs);
|
||||
out.writeBoolean(refresh);
|
||||
refreshPolicy.writeTo(out);
|
||||
}
|
||||
|
||||
RoleDescriptor roleDescriptor() {
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
package org.elasticsearch.shield.action.role;
|
||||
|
||||
import org.elasticsearch.action.ActionRequestBuilder;
|
||||
import org.elasticsearch.action.support.WriteRequestBuilder;
|
||||
import org.elasticsearch.client.ElasticsearchClient;
|
||||
import org.elasticsearch.common.Nullable;
|
||||
import org.elasticsearch.common.bytes.BytesReference;
|
||||
|
|
@ -14,7 +15,8 @@ import org.elasticsearch.shield.authz.RoleDescriptor;
|
|||
/**
|
||||
* Builder for requests to add a role to the administrative index
|
||||
*/
|
||||
public class PutRoleRequestBuilder extends ActionRequestBuilder<PutRoleRequest, PutRoleResponse, PutRoleRequestBuilder> {
|
||||
public class PutRoleRequestBuilder extends ActionRequestBuilder<PutRoleRequest, PutRoleResponse, PutRoleRequestBuilder>
|
||||
implements WriteRequestBuilder<PutRoleRequestBuilder> {
|
||||
|
||||
public PutRoleRequestBuilder(ElasticsearchClient client) {
|
||||
this(client, PutRoleAction.INSTANCE);
|
||||
|
|
@ -54,9 +56,4 @@ public class PutRoleRequestBuilder extends ActionRequestBuilder<PutRoleRequest,
|
|||
request.addIndex(indices, privileges, fields, query);
|
||||
return this;
|
||||
}
|
||||
|
||||
public PutRoleRequestBuilder refresh(boolean refresh) {
|
||||
request.refresh(refresh);
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@ package org.elasticsearch.shield.action.user;
|
|||
|
||||
import org.elasticsearch.action.ActionRequest;
|
||||
import org.elasticsearch.action.ActionRequestValidationException;
|
||||
import org.elasticsearch.action.support.WriteRequest;
|
||||
import org.elasticsearch.action.support.WriteRequest.RefreshPolicy;
|
||||
import org.elasticsearch.common.bytes.BytesArray;
|
||||
import org.elasticsearch.common.io.stream.StreamInput;
|
||||
import org.elasticsearch.common.io.stream.StreamOutput;
|
||||
|
|
@ -17,12 +19,14 @@ import java.io.IOException;
|
|||
import static org.elasticsearch.action.ValidateActions.addValidationError;
|
||||
|
||||
/**
|
||||
* Request to change a user's password.
|
||||
*/
|
||||
public class ChangePasswordRequest extends ActionRequest<ChangePasswordRequest> implements UserRequest {
|
||||
public class ChangePasswordRequest extends ActionRequest<ChangePasswordRequest>
|
||||
implements UserRequest, WriteRequest<ChangePasswordRequest> {
|
||||
|
||||
private String username;
|
||||
private char[] passwordHash;
|
||||
private boolean refresh = true;
|
||||
private RefreshPolicy refreshPolicy = RefreshPolicy.IMMEDIATE;
|
||||
|
||||
@Override
|
||||
public ActionRequestValidationException validate() {
|
||||
|
|
@ -52,12 +56,19 @@ public class ChangePasswordRequest extends ActionRequest<ChangePasswordRequest>
|
|||
this.passwordHash = passwordHash;
|
||||
}
|
||||
|
||||
public boolean refresh() {
|
||||
return refresh;
|
||||
/**
|
||||
* Should this request trigger a refresh ({@linkplain RefreshPolicy#IMMEDIATE}, the default), wait for a refresh (
|
||||
* {@linkplain RefreshPolicy#WAIT_UNTIL}), or proceed ignore refreshes entirely ({@linkplain RefreshPolicy#NONE}).
|
||||
*/
|
||||
@Override
|
||||
public RefreshPolicy getRefreshPolicy() {
|
||||
return refreshPolicy;
|
||||
}
|
||||
|
||||
public void refresh(boolean refresh) {
|
||||
this.refresh = refresh;
|
||||
@Override
|
||||
public ChangePasswordRequest setRefreshPolicy(RefreshPolicy refreshPolicy) {
|
||||
this.refreshPolicy = refreshPolicy;
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -70,6 +81,7 @@ public class ChangePasswordRequest extends ActionRequest<ChangePasswordRequest>
|
|||
super.readFrom(in);
|
||||
username = in.readString();
|
||||
passwordHash = CharArrays.utf8BytesToChars(in.readBytesReference().array());
|
||||
refreshPolicy = RefreshPolicy.readFrom(in);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -77,5 +89,6 @@ public class ChangePasswordRequest extends ActionRequest<ChangePasswordRequest>
|
|||
super.writeTo(out);
|
||||
out.writeString(username);
|
||||
out.writeBytesReference(new BytesArray(CharArrays.toUtf8Bytes(passwordHash)));
|
||||
refreshPolicy.writeTo(out);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,25 +7,28 @@ package org.elasticsearch.shield.action.user;
|
|||
|
||||
import org.elasticsearch.ElasticsearchParseException;
|
||||
import org.elasticsearch.action.ActionRequestBuilder;
|
||||
import org.elasticsearch.action.support.WriteRequestBuilder;
|
||||
import org.elasticsearch.client.ElasticsearchClient;
|
||||
import org.elasticsearch.common.ParseFieldMatcher;
|
||||
import org.elasticsearch.common.ValidationException;
|
||||
import org.elasticsearch.common.bytes.BytesReference;
|
||||
import org.elasticsearch.common.xcontent.XContentHelper;
|
||||
import org.elasticsearch.common.xcontent.XContentParser;
|
||||
import org.elasticsearch.shield.user.User;
|
||||
import org.elasticsearch.shield.authc.support.Hasher;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.shield.support.Validation;
|
||||
import org.elasticsearch.shield.user.User;
|
||||
import org.elasticsearch.xpack.common.xcontent.XContentUtils;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* Request to change a user's password.
|
||||
*/
|
||||
public class ChangePasswordRequestBuilder
|
||||
extends ActionRequestBuilder<ChangePasswordRequest, ChangePasswordResponse, ChangePasswordRequestBuilder> {
|
||||
extends ActionRequestBuilder<ChangePasswordRequest, ChangePasswordResponse, ChangePasswordRequestBuilder>
|
||||
implements WriteRequestBuilder<ChangePasswordRequestBuilder> {
|
||||
|
||||
public ChangePasswordRequestBuilder(ElasticsearchClient client) {
|
||||
this(client, ChangePasswordAction.INSTANCE);
|
||||
|
|
@ -81,9 +84,4 @@ public class ChangePasswordRequestBuilder
|
|||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
public ChangePasswordRequestBuilder refresh(boolean refresh) {
|
||||
request.refresh(refresh);
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@ package org.elasticsearch.shield.action.user;
|
|||
|
||||
import org.elasticsearch.action.ActionRequest;
|
||||
import org.elasticsearch.action.ActionRequestValidationException;
|
||||
import org.elasticsearch.action.support.WriteRequest;
|
||||
import org.elasticsearch.action.support.WriteRequest.RefreshPolicy;
|
||||
import org.elasticsearch.common.Nullable;
|
||||
import org.elasticsearch.common.bytes.BytesArray;
|
||||
import org.elasticsearch.common.bytes.BytesReference;
|
||||
|
|
@ -22,7 +24,7 @@ import static org.elasticsearch.action.ValidateActions.addValidationError;
|
|||
/**
|
||||
* Request object to put a native user.
|
||||
*/
|
||||
public class PutUserRequest extends ActionRequest<PutUserRequest> implements UserRequest {
|
||||
public class PutUserRequest extends ActionRequest<PutUserRequest> implements UserRequest, WriteRequest<PutUserRequest> {
|
||||
|
||||
private String username;
|
||||
private String[] roles;
|
||||
|
|
@ -30,7 +32,7 @@ public class PutUserRequest extends ActionRequest<PutUserRequest> implements Use
|
|||
private String email;
|
||||
private Map<String, Object> metadata;
|
||||
private char[] passwordHash;
|
||||
private boolean refresh = true;
|
||||
private RefreshPolicy refreshPolicy = RefreshPolicy.IMMEDIATE;
|
||||
|
||||
public PutUserRequest() {
|
||||
}
|
||||
|
|
@ -72,8 +74,19 @@ public class PutUserRequest extends ActionRequest<PutUserRequest> implements Use
|
|||
this.passwordHash = passwordHash;
|
||||
}
|
||||
|
||||
public void refresh(boolean refresh) {
|
||||
this.refresh = refresh;
|
||||
/**
|
||||
* Should this request trigger a refresh ({@linkplain RefreshPolicy#IMMEDIATE}, the default), wait for a refresh (
|
||||
* {@linkplain RefreshPolicy#WAIT_UNTIL}), or proceed ignore refreshes entirely ({@linkplain RefreshPolicy#NONE}).
|
||||
*/
|
||||
@Override
|
||||
public RefreshPolicy getRefreshPolicy() {
|
||||
return refreshPolicy;
|
||||
}
|
||||
|
||||
@Override
|
||||
public PutUserRequest setRefreshPolicy(RefreshPolicy refreshPolicy) {
|
||||
this.refreshPolicy = refreshPolicy;
|
||||
return this;
|
||||
}
|
||||
|
||||
public String username() {
|
||||
|
|
@ -101,10 +114,6 @@ public class PutUserRequest extends ActionRequest<PutUserRequest> implements Use
|
|||
return passwordHash;
|
||||
}
|
||||
|
||||
public boolean refresh() {
|
||||
return refresh;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String[] usernames() {
|
||||
return new String[] { username };
|
||||
|
|
@ -124,7 +133,7 @@ public class PutUserRequest extends ActionRequest<PutUserRequest> implements Use
|
|||
fullName = in.readOptionalString();
|
||||
email = in.readOptionalString();
|
||||
metadata = in.readBoolean() ? in.readMap() : null;
|
||||
refresh = in.readBoolean();
|
||||
refreshPolicy = RefreshPolicy.readFrom(in);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -147,6 +156,6 @@ public class PutUserRequest extends ActionRequest<PutUserRequest> implements Use
|
|||
out.writeBoolean(true);
|
||||
out.writeMap(metadata);
|
||||
}
|
||||
out.writeBoolean(refresh);
|
||||
refreshPolicy.writeTo(out);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ package org.elasticsearch.shield.action.user;
|
|||
|
||||
import org.elasticsearch.ElasticsearchParseException;
|
||||
import org.elasticsearch.action.ActionRequestBuilder;
|
||||
import org.elasticsearch.action.support.WriteRequestBuilder;
|
||||
import org.elasticsearch.client.ElasticsearchClient;
|
||||
import org.elasticsearch.common.Nullable;
|
||||
import org.elasticsearch.common.ParseFieldMatcher;
|
||||
|
|
@ -15,17 +16,18 @@ import org.elasticsearch.common.ValidationException;
|
|||
import org.elasticsearch.common.bytes.BytesReference;
|
||||
import org.elasticsearch.common.xcontent.XContentHelper;
|
||||
import org.elasticsearch.common.xcontent.XContentParser;
|
||||
import org.elasticsearch.shield.user.User;
|
||||
import org.elasticsearch.shield.authc.support.Hasher;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.shield.support.Validation;
|
||||
import org.elasticsearch.shield.user.User;
|
||||
import org.elasticsearch.xpack.common.xcontent.XContentUtils;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Map;
|
||||
|
||||
public class PutUserRequestBuilder extends ActionRequestBuilder<PutUserRequest, PutUserResponse, PutUserRequestBuilder> {
|
||||
public class PutUserRequestBuilder extends ActionRequestBuilder<PutUserRequest, PutUserResponse, PutUserRequestBuilder>
|
||||
implements WriteRequestBuilder<PutUserRequestBuilder> {
|
||||
|
||||
private final Hasher hasher = Hasher.BCRYPT;
|
||||
|
||||
|
|
@ -77,11 +79,6 @@ public class PutUserRequestBuilder extends ActionRequestBuilder<PutUserRequest,
|
|||
return this;
|
||||
}
|
||||
|
||||
public PutUserRequestBuilder refresh(boolean refresh) {
|
||||
request.refresh(refresh);
|
||||
return this;
|
||||
}
|
||||
|
||||
public PutUserRequestBuilder source(String username, BytesReference source) throws IOException {
|
||||
username(username);
|
||||
try (XContentParser parser = XContentHelper.createParser(source)) {
|
||||
|
|
|
|||
|
|
@ -102,10 +102,10 @@ public class AuditTrailModule extends AbstractShieldModule.Node {
|
|||
return false;
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(ENABLED_SETTING);
|
||||
settingsModule.registerSetting(OUTPUTS_SETTING);
|
||||
LoggingAuditTrail.registerSettings(settingsModule);
|
||||
IndexAuditTrail.registerSettings(settingsModule);
|
||||
public static void addSettings(List<Setting<?>> settings) {
|
||||
settings.add(ENABLED_SETTING);
|
||||
settings.add(OUTPUTS_SETTING);
|
||||
LoggingAuditTrail.registerSettings(settings);
|
||||
IndexAuditTrail.registerSettings(settings);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -877,15 +877,15 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
|
|||
}
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(INDEX_SETTINGS);
|
||||
settingsModule.registerSetting(EXCLUDE_EVENT_SETTINGS);
|
||||
settingsModule.registerSetting(INCLUDE_EVENT_SETTINGS);
|
||||
settingsModule.registerSetting(ROLLOVER_SETTING);
|
||||
settingsModule.registerSetting(BULK_SIZE_SETTING);
|
||||
settingsModule.registerSetting(FLUSH_TIMEOUT_SETTING);
|
||||
settingsModule.registerSetting(QUEUE_SIZE_SETTING);
|
||||
settingsModule.registerSetting(REMOTE_CLIENT_SETTINGS);
|
||||
public static void registerSettings(List<Setting<?>> settings) {
|
||||
settings.add(INDEX_SETTINGS);
|
||||
settings.add(EXCLUDE_EVENT_SETTINGS);
|
||||
settings.add(INCLUDE_EVENT_SETTINGS);
|
||||
settings.add(ROLLOVER_SETTING);
|
||||
settings.add(BULK_SIZE_SETTING);
|
||||
settings.add(FLUSH_TIMEOUT_SETTING);
|
||||
settings.add(QUEUE_SIZE_SETTING);
|
||||
settings.add(REMOTE_CLIENT_SETTINGS);
|
||||
}
|
||||
|
||||
private class QueueConsumer extends Thread {
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ import org.elasticsearch.transport.TransportMessage;
|
|||
import java.net.InetAddress;
|
||||
import java.net.InetSocketAddress;
|
||||
import java.net.SocketAddress;
|
||||
import java.util.List;
|
||||
|
||||
import static org.elasticsearch.common.Strings.arrayToCommaDelimitedString;
|
||||
import static org.elasticsearch.shield.audit.AuditUtil.indices;
|
||||
|
|
@ -463,9 +464,9 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent<LoggingAuditTr
|
|||
return builder.append(user.principal()).append("]").toString();
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(HOST_ADDRESS_SETTING);
|
||||
settingsModule.registerSetting(HOST_NAME_SETTING);
|
||||
settingsModule.registerSetting(NODE_NAME_SETTING);
|
||||
public static void registerSettings(List<Setting<?>> settings) {
|
||||
settings.add(HOST_ADDRESS_SETTING);
|
||||
settings.add(HOST_NAME_SETTING);
|
||||
settings.add(NODE_NAME_SETTING);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ import org.elasticsearch.transport.TransportMessage;
|
|||
|
||||
import java.io.IOException;
|
||||
import java.util.Base64;
|
||||
import java.util.List;
|
||||
|
||||
import static org.elasticsearch.shield.Security.setting;
|
||||
import static org.elasticsearch.shield.support.Exceptions.authenticationError;
|
||||
|
|
@ -316,9 +317,9 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
|||
return null;
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(SIGN_USER_HEADER);
|
||||
settingsModule.registerSetting(RUN_AS_ENABLED);
|
||||
public static void addSettings(List<Setting<?>> settings) {
|
||||
settings.add(SIGN_USER_HEADER);
|
||||
settings.add(RUN_AS_ENABLED);
|
||||
}
|
||||
|
||||
// these methods are package private for testing. They are also needed so that a AuditableRequest can be created in tests
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
package org.elasticsearch.shield.authc;
|
||||
|
||||
import org.elasticsearch.ElasticsearchException;
|
||||
import org.elasticsearch.common.collect.Iterators;
|
||||
import org.elasticsearch.common.component.AbstractLifecycleComponent;
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
|
|
@ -101,6 +102,10 @@ public class Realms extends AbstractLifecycleComponent<Realms> implements Iterab
|
|||
|
||||
@Override
|
||||
public Iterator<Realm> iterator() {
|
||||
if (shieldLicenseState.authenticationAndAuthorizationEnabled() == false) {
|
||||
return Collections.emptyIterator();
|
||||
}
|
||||
|
||||
EnabledRealmType enabledRealmType = shieldLicenseState.enabledRealmType();
|
||||
switch (enabledRealmType) {
|
||||
case ALL:
|
||||
|
|
@ -207,7 +212,7 @@ public class Realms extends AbstractLifecycleComponent<Realms> implements Iterab
|
|||
}
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(REALMS_GROUPS_SETTINGS);
|
||||
public static void addSettings(List<Setting<?>> settingsModule) {
|
||||
settingsModule.add(REALMS_GROUPS_SETTINGS);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import com.carrotsearch.hppc.ObjectHashSet;
|
|||
import com.carrotsearch.hppc.ObjectLongHashMap;
|
||||
import com.carrotsearch.hppc.ObjectLongMap;
|
||||
import com.carrotsearch.hppc.cursors.ObjectCursor;
|
||||
|
||||
import org.elasticsearch.ElasticsearchException;
|
||||
import org.elasticsearch.ExceptionsHelper;
|
||||
import org.elasticsearch.action.ActionListener;
|
||||
|
|
@ -23,6 +24,7 @@ import org.elasticsearch.action.search.ClearScrollResponse;
|
|||
import org.elasticsearch.action.search.SearchRequest;
|
||||
import org.elasticsearch.action.search.SearchResponse;
|
||||
import org.elasticsearch.action.search.SearchScrollRequest;
|
||||
import org.elasticsearch.action.support.WriteRequest.RefreshPolicy;
|
||||
import org.elasticsearch.action.update.UpdateResponse;
|
||||
import org.elasticsearch.client.Client;
|
||||
import org.elasticsearch.cluster.ClusterChangedEvent;
|
||||
|
|
@ -49,9 +51,6 @@ import org.elasticsearch.index.query.QueryBuilders;
|
|||
import org.elasticsearch.search.SearchHit;
|
||||
import org.elasticsearch.shield.InternalClient;
|
||||
import org.elasticsearch.shield.ShieldTemplateService;
|
||||
import org.elasticsearch.shield.user.SystemUser;
|
||||
import org.elasticsearch.shield.user.User;
|
||||
import org.elasticsearch.shield.user.User.Fields;
|
||||
import org.elasticsearch.shield.action.realm.ClearRealmCacheRequest;
|
||||
import org.elasticsearch.shield.action.realm.ClearRealmCacheResponse;
|
||||
import org.elasticsearch.shield.action.user.ChangePasswordRequest;
|
||||
|
|
@ -61,6 +60,9 @@ import org.elasticsearch.shield.authc.support.Hasher;
|
|||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.shield.client.SecurityClient;
|
||||
import org.elasticsearch.shield.support.SelfReschedulingRunnable;
|
||||
import org.elasticsearch.shield.user.SystemUser;
|
||||
import org.elasticsearch.shield.user.User;
|
||||
import org.elasticsearch.shield.user.User.Fields;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool.Names;
|
||||
|
||||
|
|
@ -324,7 +326,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
|
|||
|
||||
client.prepareUpdate(ShieldTemplateService.SECURITY_INDEX_NAME, docType, username)
|
||||
.setDoc(Fields.PASSWORD.getPreferredName(), String.valueOf(request.passwordHash()))
|
||||
.setRefresh(request.refresh())
|
||||
.setRefreshPolicy(request.getRefreshPolicy())
|
||||
.execute(new ActionListener<UpdateResponse>() {
|
||||
@Override
|
||||
public void onResponse(UpdateResponse updateResponse) {
|
||||
|
|
@ -345,7 +347,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
|
|||
}
|
||||
|
||||
if (docType.equals(RESERVED_USER_DOC_TYPE)) {
|
||||
createReservedUser(username, request.passwordHash(), request.refresh(), listener);
|
||||
createReservedUser(username, request.passwordHash(), request.getRefreshPolicy(), listener);
|
||||
} else {
|
||||
logger.debug("failed to change password for user [{}]", cause, request.username());
|
||||
ValidationException validationException = new ValidationException();
|
||||
|
|
@ -356,10 +358,10 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
|
|||
});
|
||||
}
|
||||
|
||||
private void createReservedUser(String username, char[] passwordHash, boolean refresh, ActionListener<Void> listener) {
|
||||
private void createReservedUser(String username, char[] passwordHash, RefreshPolicy refresh, ActionListener<Void> listener) {
|
||||
client.prepareIndex(ShieldTemplateService.SECURITY_INDEX_NAME, RESERVED_USER_DOC_TYPE, username)
|
||||
.setSource(Fields.PASSWORD.getPreferredName(), String.valueOf(passwordHash))
|
||||
.setRefresh(refresh)
|
||||
.setRefreshPolicy(refresh)
|
||||
.execute(new ActionListener<IndexResponse>() {
|
||||
@Override
|
||||
public void onResponse(IndexResponse indexResponse) {
|
||||
|
|
@ -400,7 +402,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
|
|||
User.Fields.FULL_NAME.getPreferredName(), putUserRequest.fullName(),
|
||||
User.Fields.EMAIL.getPreferredName(), putUserRequest.email(),
|
||||
User.Fields.METADATA.getPreferredName(), putUserRequest.metadata())
|
||||
.setRefresh(putUserRequest.refresh())
|
||||
.setRefreshPolicy(putUserRequest.getRefreshPolicy())
|
||||
.execute(new ActionListener<UpdateResponse>() {
|
||||
@Override
|
||||
public void onResponse(UpdateResponse updateResponse) {
|
||||
|
|
@ -440,7 +442,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
|
|||
User.Fields.FULL_NAME.getPreferredName(), putUserRequest.fullName(),
|
||||
User.Fields.EMAIL.getPreferredName(), putUserRequest.email(),
|
||||
User.Fields.METADATA.getPreferredName(), putUserRequest.metadata())
|
||||
.setRefresh(putUserRequest.refresh())
|
||||
.setRefreshPolicy(putUserRequest.getRefreshPolicy())
|
||||
.execute(new ActionListener<IndexResponse>() {
|
||||
@Override
|
||||
public void onResponse(IndexResponse indexResponse) {
|
||||
|
|
@ -470,7 +472,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
|
|||
DeleteRequest request = client.prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME,
|
||||
USER_DOC_TYPE, deleteUserRequest.username()).request();
|
||||
request.indicesOptions().ignoreUnavailable();
|
||||
request.refresh(deleteUserRequest.refresh());
|
||||
request.setRefreshPolicy(deleteUserRequest.refresh() ? RefreshPolicy.IMMEDIATE : RefreshPolicy.WAIT_UNTIL);
|
||||
client.delete(request, new ActionListener<DeleteResponse>() {
|
||||
@Override
|
||||
public void onResponse(DeleteResponse deleteResponse) {
|
||||
|
|
@ -865,9 +867,9 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
|
|||
void onUsersChanged(List<String> username);
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(SCROLL_SIZE_SETTING);
|
||||
settingsModule.registerSetting(SCROLL_KEEP_ALIVE_SETTING);
|
||||
settingsModule.registerSetting(POLL_INTERVAL_SETTING);
|
||||
public static void addSettings(List<Setting<?>> settings) {
|
||||
settings.add(SCROLL_SIZE_SETTING);
|
||||
settings.add(SCROLL_KEEP_ALIVE_SETTING);
|
||||
settings.add(POLL_INTERVAL_SETTING);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -357,7 +357,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A
|
|||
return authorizationError("action [{}] is unauthorized for user [{}]", action, user.principal());
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(ANONYMOUS_AUTHORIZATION_EXCEPTION_SETTING);
|
||||
public static void addSettings(List<Setting<?>> settings) {
|
||||
settings.add(ANONYMOUS_AUTHORIZATION_EXCEPTION_SETTING);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ import org.elasticsearch.index.cache.bitset.BitsetFilterCache;
|
|||
import org.elasticsearch.index.engine.EngineException;
|
||||
import org.elasticsearch.index.mapper.DocumentMapper;
|
||||
import org.elasticsearch.index.mapper.MapperService;
|
||||
import org.elasticsearch.index.mapper.internal.FieldNamesFieldMapper;
|
||||
import org.elasticsearch.index.mapper.internal.ParentFieldMapper;
|
||||
import org.elasticsearch.index.query.ParsedQuery;
|
||||
import org.elasticsearch.index.query.QueryBuilder;
|
||||
|
|
@ -52,6 +53,7 @@ import java.util.Arrays;
|
|||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
|
||||
import static org.apache.lucene.search.BooleanClause.Occur.SHOULD;
|
||||
|
|
@ -89,6 +91,7 @@ public class ShieldIndexSearcherWrapper extends IndexSearcherWrapper {
|
|||
|
||||
Set<String> allowedMetaFields = new HashSet<>();
|
||||
allowedMetaFields.addAll(Arrays.asList(MapperService.getAllMetaFields()));
|
||||
allowedMetaFields.add(FieldNamesFieldMapper.NAME); // TODO: add _field_names to MapperService#META_FIELDS?
|
||||
allowedMetaFields.add("_source"); // TODO: add _source to MapperService#META_FIELDS?
|
||||
allowedMetaFields.add("_version"); // TODO: add _version to MapperService#META_FIELDS?
|
||||
allowedMetaFields.remove("_all"); // The _all field contains actual data and we can't include that by default.
|
||||
|
|
@ -122,9 +125,11 @@ public class ShieldIndexSearcherWrapper extends IndexSearcherWrapper {
|
|||
for (BytesReference bytesReference : permissions.getQueries()) {
|
||||
QueryShardContext queryShardContext = copyQueryShardContext(this.queryShardContext);
|
||||
try (XContentParser parser = XContentFactory.xContent(bytesReference).createParser(bytesReference)) {
|
||||
QueryBuilder queryBuilder = queryShardContext.newParseContext(parser).parseInnerQueryBuilder();
|
||||
ParsedQuery parsedQuery = queryShardContext.toQuery(queryBuilder);
|
||||
filter.add(parsedQuery.query(), SHOULD);
|
||||
Optional<QueryBuilder> queryBuilder = queryShardContext.newParseContext(parser).parseInnerQueryBuilder();
|
||||
if (queryBuilder.isPresent()) {
|
||||
ParsedQuery parsedQuery = queryShardContext.toQuery(queryBuilder.get());
|
||||
filter.add(parsedQuery.query(), SHOULD);
|
||||
}
|
||||
}
|
||||
}
|
||||
// at least one of the queries should match
|
||||
|
|
|
|||
|
|
@ -260,7 +260,7 @@ public class FileRolesStore extends AbstractLifecycleComponent<RolesStore> imple
|
|||
}
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(ROLES_FILE_SETTING);
|
||||
public static void addSettings(List<Setting<?>> settings) {
|
||||
settings.add(ROLES_FILE_SETTING);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ import org.elasticsearch.action.search.ClearScrollResponse;
|
|||
import org.elasticsearch.action.search.SearchRequest;
|
||||
import org.elasticsearch.action.search.SearchResponse;
|
||||
import org.elasticsearch.action.search.SearchScrollRequest;
|
||||
import org.elasticsearch.action.support.WriteRequest.RefreshPolicy;
|
||||
import org.elasticsearch.client.Client;
|
||||
import org.elasticsearch.cluster.ClusterChangedEvent;
|
||||
import org.elasticsearch.cluster.ClusterState;
|
||||
|
|
@ -30,7 +31,6 @@ import org.elasticsearch.common.inject.Provider;
|
|||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Setting.Property;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
|
||||
import org.elasticsearch.common.xcontent.ToXContent;
|
||||
|
|
@ -269,7 +269,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
|
|||
try {
|
||||
DeleteRequest request = client.prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME,
|
||||
ROLE_DOC_TYPE, deleteRoleRequest.name()).request();
|
||||
request.refresh(deleteRoleRequest.refresh());
|
||||
request.setRefreshPolicy(deleteRoleRequest.refresh() ? RefreshPolicy.IMMEDIATE : RefreshPolicy.WAIT_UNTIL);
|
||||
client.delete(request, new ActionListener<DeleteResponse>() {
|
||||
@Override
|
||||
public void onResponse(DeleteResponse deleteResponse) {
|
||||
|
|
@ -299,7 +299,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
|
|||
try {
|
||||
client.prepareIndex(ShieldTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, role.getName())
|
||||
.setSource(role.toXContent(jsonBuilder(), ToXContent.EMPTY_PARAMS))
|
||||
.setRefresh(request.refresh())
|
||||
.setRefreshPolicy(request.getRefreshPolicy())
|
||||
.execute(new ActionListener<IndexResponse>() {
|
||||
@Override
|
||||
public void onResponse(IndexResponse indexResponse) {
|
||||
|
|
@ -603,9 +603,9 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
|
|||
}
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(SCROLL_SIZE_SETTING);
|
||||
settingsModule.registerSetting(SCROLL_KEEP_ALIVE_SETTING);
|
||||
settingsModule.registerSetting(POLL_INTERVAL_SETTING);
|
||||
public static void addSettings(List<Setting<?>> settings) {
|
||||
settings.add(SCROLL_SIZE_SETTING);
|
||||
settings.add(SCROLL_KEEP_ALIVE_SETTING);
|
||||
settings.add(POLL_INTERVAL_SETTING);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -676,10 +676,10 @@ public class InternalCryptoService extends AbstractLifecycleComponent<InternalCr
|
|||
}
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(FILE_SETTING);
|
||||
settingsModule.registerSetting(ENCRYPTION_KEY_LENGTH_SETTING);
|
||||
settingsModule.registerSetting(ENCRYPTION_KEY_ALGO_SETTING);
|
||||
settingsModule.registerSetting(ENCRYPTION_ALGO_SETTING);
|
||||
public static void addSettings(List<Setting<?>> settings) {
|
||||
settings.add(FILE_SETTING);
|
||||
settings.add(ENCRYPTION_KEY_LENGTH_SETTING);
|
||||
settings.add(ENCRYPTION_KEY_ALGO_SETTING);
|
||||
settings.add(ENCRYPTION_ALGO_SETTING);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,9 +36,7 @@ public class RestPutRoleAction extends BaseRestHandler {
|
|||
@Override
|
||||
protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception {
|
||||
PutRoleRequestBuilder requestBuilder = new SecurityClient(client).preparePutRole(request.param("name"), request.content());
|
||||
if (request.hasParam("refresh")) {
|
||||
requestBuilder.refresh(request.paramAsBoolean("refresh", true));
|
||||
}
|
||||
requestBuilder.setRefreshPolicy(request.param("refresh"));
|
||||
requestBuilder.execute(new RestBuilderListener<PutRoleResponse>(channel) {
|
||||
@Override
|
||||
public RestResponse buildResponse(PutRoleResponse putRoleResponse, XContentBuilder builder) throws Exception {
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ public class RestChangePasswordAction extends BaseRestHandler {
|
|||
}
|
||||
|
||||
new SecurityClient(client).prepareChangePassword(username, request.content())
|
||||
.refresh(request.paramAsBoolean("refresh", true))
|
||||
.setRefreshPolicy(request.param("refresh"))
|
||||
.execute(new RestBuilderListener<ChangePasswordResponse>(channel) {
|
||||
@Override
|
||||
public RestResponse buildResponse(ChangePasswordResponse changePasswordResponse, XContentBuilder builder) throws
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ public class RestPutUserAction extends BaseRestHandler {
|
|||
protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception {
|
||||
PutUserRequestBuilder requestBuilder = new SecurityClient(client).preparePutUser(request.param("username"), request.content());
|
||||
if (request.hasParam("refresh")) {
|
||||
requestBuilder.refresh(request.paramAsBoolean("refresh", true));
|
||||
requestBuilder.setRefreshPolicy(request.param("refresh"));
|
||||
}
|
||||
requestBuilder.execute(new RestBuilderListener<PutUserResponse>(channel) {
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -147,25 +147,25 @@ public abstract class SSLConfiguration {
|
|||
static final Setting<Boolean> INCLUDE_JDK_CERTS_SETTING = Setting.boolSetting(globalKey(Custom.INCLUDE_JDK_CERTS_SETTING), true,
|
||||
Property.NodeScope, Property.Filtered);
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(Global.CIPHERS_SETTING);
|
||||
settingsModule.registerSetting(Global.SUPPORTED_PROTOCOLS_SETTING);
|
||||
settingsModule.registerSetting(Global.KEYSTORE_PATH_SETTING);
|
||||
settingsModule.registerSetting(Global.KEYSTORE_PASSWORD_SETTING);
|
||||
settingsModule.registerSetting(Global.KEYSTORE_ALGORITHM_SETTING);
|
||||
settingsModule.registerSetting(Global.KEYSTORE_KEY_PASSWORD_SETTING);
|
||||
settingsModule.registerSetting(Global.KEY_PATH_SETTING);
|
||||
settingsModule.registerSetting(Global.KEY_PASSWORD_SETTING);
|
||||
settingsModule.registerSetting(Global.CERT_SETTING);
|
||||
settingsModule.registerSetting(Global.TRUSTSTORE_PATH_SETTING);
|
||||
settingsModule.registerSetting(Global.TRUSTSTORE_PASSWORD_SETTING);
|
||||
settingsModule.registerSetting(Global.TRUSTSTORE_ALGORITHM_SETTING);
|
||||
settingsModule.registerSetting(Global.PROTOCOL_SETTING);
|
||||
settingsModule.registerSetting(Global.SESSION_CACHE_SIZE_SETTING);
|
||||
settingsModule.registerSetting(Global.SESSION_CACHE_TIMEOUT_SETTING);
|
||||
settingsModule.registerSetting(Global.CA_PATHS_SETTING);
|
||||
settingsModule.registerSetting(Global.INCLUDE_JDK_CERTS_SETTING);
|
||||
settingsModule.registerSetting(Global.RELOAD_ENABLED_SETTING);
|
||||
public static void addSettings(List<Setting<?>> settings) {
|
||||
settings.add(Global.CIPHERS_SETTING);
|
||||
settings.add(Global.SUPPORTED_PROTOCOLS_SETTING);
|
||||
settings.add(Global.KEYSTORE_PATH_SETTING);
|
||||
settings.add(Global.KEYSTORE_PASSWORD_SETTING);
|
||||
settings.add(Global.KEYSTORE_ALGORITHM_SETTING);
|
||||
settings.add(Global.KEYSTORE_KEY_PASSWORD_SETTING);
|
||||
settings.add(Global.KEY_PATH_SETTING);
|
||||
settings.add(Global.KEY_PASSWORD_SETTING);
|
||||
settings.add(Global.CERT_SETTING);
|
||||
settings.add(Global.TRUSTSTORE_PATH_SETTING);
|
||||
settings.add(Global.TRUSTSTORE_PASSWORD_SETTING);
|
||||
settings.add(Global.TRUSTSTORE_ALGORITHM_SETTING);
|
||||
settings.add(Global.PROTOCOL_SETTING);
|
||||
settings.add(Global.SESSION_CACHE_SIZE_SETTING);
|
||||
settings.add(Global.SESSION_CACHE_TIMEOUT_SETTING);
|
||||
settings.add(Global.CA_PATHS_SETTING);
|
||||
settings.add(Global.INCLUDE_JDK_CERTS_SETTING);
|
||||
settings.add(Global.RELOAD_ENABLED_SETTING);
|
||||
}
|
||||
|
||||
private final KeyConfig keyConfig;
|
||||
|
|
|
|||
|
|
@ -260,13 +260,13 @@ public class IPFilter {
|
|||
updateRules();
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(ALLOW_BOUND_ADDRESSES_SETTING);
|
||||
settingsModule.registerSetting(IP_FILTER_ENABLED_SETTING);
|
||||
settingsModule.registerSetting(IP_FILTER_ENABLED_HTTP_SETTING);
|
||||
settingsModule.registerSetting(HTTP_FILTER_ALLOW_SETTING);
|
||||
settingsModule.registerSetting(HTTP_FILTER_DENY_SETTING);
|
||||
settingsModule.registerSetting(TRANSPORT_FILTER_ALLOW_SETTING);
|
||||
settingsModule.registerSetting(TRANSPORT_FILTER_DENY_SETTING);
|
||||
public static void addSettings(List<Setting<?>> settings) {
|
||||
settings.add(ALLOW_BOUND_ADDRESSES_SETTING);
|
||||
settings.add(IP_FILTER_ENABLED_SETTING);
|
||||
settings.add(IP_FILTER_ENABLED_HTTP_SETTING);
|
||||
settings.add(HTTP_FILTER_ALLOW_SETTING);
|
||||
settings.add(HTTP_FILTER_DENY_SETTING);
|
||||
settings.add(TRANSPORT_FILTER_ALLOW_SETTING);
|
||||
settings.add(TRANSPORT_FILTER_DENY_SETTING);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ import org.jboss.netty.handler.ssl.SslHandler;
|
|||
import javax.net.ssl.SSLEngine;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import static org.elasticsearch.http.HttpTransportSettings.SETTING_HTTP_COMPRESSION;
|
||||
import static org.elasticsearch.shield.Security.setting;
|
||||
|
|
@ -128,10 +129,10 @@ public class ShieldNettyHttpServerTransport extends NettyHttpServerTransport {
|
|||
}
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(SSL_SETTING);
|
||||
settingsModule.registerSetting(CLIENT_AUTH_SETTING);
|
||||
settingsModule.registerSetting(DEPRECATED_SSL_SETTING);
|
||||
public static void addSettings(List<Setting<?>> settings) {
|
||||
settings.add(SSL_SETTING);
|
||||
settings.add(CLIENT_AUTH_SETTING);
|
||||
settings.add(DEPRECATED_SSL_SETTING);
|
||||
}
|
||||
|
||||
public static void overrideSettings(Settings.Builder settingsBuilder, Settings settings) {
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ import org.jboss.netty.handler.ssl.SslHandler;
|
|||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLParameters;
|
||||
import java.net.InetSocketAddress;
|
||||
import java.util.List;
|
||||
|
||||
import static org.elasticsearch.shield.Security.featureEnabledSetting;
|
||||
import static org.elasticsearch.shield.Security.setting;
|
||||
|
|
@ -249,17 +250,17 @@ public class ShieldNettyTransport extends NettyTransport {
|
|||
}
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(SSL_SETTING);
|
||||
settingsModule.registerSetting(HOSTNAME_VERIFICATION_SETTING);
|
||||
settingsModule.registerSetting(HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING);
|
||||
settingsModule.registerSetting(CLIENT_AUTH_SETTING);
|
||||
settingsModule.registerSetting(PROFILE_SSL_SETTING);
|
||||
settingsModule.registerSetting(PROFILE_CLIENT_AUTH_SETTING);
|
||||
public static void addSettings(List<Setting<?>> settingsModule) {
|
||||
settingsModule.add(SSL_SETTING);
|
||||
settingsModule.add(HOSTNAME_VERIFICATION_SETTING);
|
||||
settingsModule.add(HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING);
|
||||
settingsModule.add(CLIENT_AUTH_SETTING);
|
||||
settingsModule.add(PROFILE_SSL_SETTING);
|
||||
settingsModule.add(PROFILE_CLIENT_AUTH_SETTING);
|
||||
|
||||
// deprecated transport settings
|
||||
settingsModule.registerSetting(DEPRECATED_SSL_SETTING);
|
||||
settingsModule.registerSetting(DEPRECATED_PROFILE_SSL_SETTING);
|
||||
settingsModule.registerSetting(DEPRECATED_HOSTNAME_VERIFICATION_SETTING);
|
||||
settingsModule.add(DEPRECATED_SSL_SETTING);
|
||||
settingsModule.add(DEPRECATED_PROFILE_SSL_SETTING);
|
||||
settingsModule.add(DEPRECATED_HOSTNAME_VERIFICATION_SETTING);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ import org.elasticsearch.common.settings.Settings;
|
|||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
import org.elasticsearch.shield.user.User.ReservedUser;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
|
|
@ -80,8 +81,12 @@ public class AnonymousUser extends ReservedUser {
|
|||
return roles;
|
||||
}
|
||||
|
||||
public static void registerSettings(SettingsModule settingsModule) {
|
||||
settingsModule.registerSetting(USERNAME_SETTING);
|
||||
settingsModule.registerSetting(ROLES_SETTING);
|
||||
public static List<Setting<?>> getSettings() {
|
||||
return Arrays.asList();
|
||||
}
|
||||
|
||||
public static void addSettings(List<Setting<?>> settingsList) {
|
||||
settingsList.add(USERNAME_SETTING);
|
||||
settingsList.add(ROLES_SETTING);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,10 +13,9 @@ import org.elasticsearch.common.network.NetworkModule;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.rest.RestStatus;
|
||||
import org.elasticsearch.shield.action.role.PutRoleResponse;
|
||||
import org.elasticsearch.shield.action.role.GetRolesResponse;
|
||||
import org.elasticsearch.shield.ShieldTemplateService;
|
||||
import org.elasticsearch.shield.authc.esnative.NativeRealm;
|
||||
import org.elasticsearch.shield.action.role.GetRolesResponse;
|
||||
import org.elasticsearch.shield.action.role.PutRoleResponse;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.shield.authz.RoleDescriptor;
|
||||
|
|
@ -31,10 +30,13 @@ import org.junit.BeforeClass;
|
|||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.NONE;
|
||||
import static org.hamcrest.Matchers.arrayWithSize;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.notNullValue;
|
||||
|
||||
|
||||
/**
|
||||
* Test for the Shield clear roles API that changes the polling aspect of shield to only run once an hour in order to
|
||||
* test the cache clearing APIs.
|
||||
|
|
@ -91,13 +93,12 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
|
|||
int modifiedRolesCount = randomIntBetween(1, roles.length);
|
||||
List<String> toModify = randomSubsetOf(modifiedRolesCount, roles);
|
||||
logger.debug("--> modifying roles {} to have run_as", toModify);
|
||||
final boolean refresh = randomBoolean();
|
||||
for (String role : toModify) {
|
||||
PutRoleResponse response = securityClient.preparePutRole(role)
|
||||
.cluster("none")
|
||||
.addIndices(new String[] { "*" }, new String[] { "ALL" }, null, null)
|
||||
.runAs(role)
|
||||
.refresh(refresh)
|
||||
.setRefreshPolicy(randomBoolean() ? IMMEDIATE : NONE)
|
||||
.get();
|
||||
assertThat(response.isCreated(), is(false));
|
||||
logger.debug("--> updated role [{}] with run_as", role);
|
||||
|
|
@ -115,7 +116,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
|
|||
UpdateResponse response = internalClient().prepareUpdate().setId(role).setIndex(ShieldTemplateService.SECURITY_INDEX_NAME)
|
||||
.setType(NativeRolesStore.ROLE_DOC_TYPE)
|
||||
.setDoc("run_as", new String[] { role })
|
||||
.setRefresh(refresh)
|
||||
.setRefreshPolicy(refresh ? IMMEDIATE : NONE)
|
||||
.get();
|
||||
assertThat(response.isCreated(), is(false));
|
||||
logger.debug("--> updated role [{}] with run_as", role);
|
||||
|
|
@ -158,7 +159,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
|
|||
final boolean refresh = randomBoolean();
|
||||
DeleteResponse response = internalClient()
|
||||
.prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME, NativeRolesStore.ROLE_DOC_TYPE, role)
|
||||
.setRefresh(refresh)
|
||||
.setRefreshPolicy(refresh ? IMMEDIATE : NONE)
|
||||
.get();
|
||||
assertThat(response.isFound(), is(true));
|
||||
|
||||
|
|
|
|||
|
|
@ -23,6 +23,8 @@ import org.elasticsearch.test.ShieldIntegTestCase;
|
|||
|
||||
import java.util.Collections;
|
||||
|
||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.NONE;
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
|
|
@ -64,7 +66,8 @@ public class DateMathExpressionIntegTests extends ShieldIntegTestCase {
|
|||
CreateIndexResponse response = client.admin().indices().prepareCreate(expression).get();
|
||||
assertThat(response.isAcknowledged(), is(true));
|
||||
}
|
||||
IndexResponse response = client.prepareIndex(expression, "type").setSource("foo", "bar").setRefresh(refeshOnOperation).get();
|
||||
IndexResponse response = client.prepareIndex(expression, "type").setSource("foo", "bar")
|
||||
.setRefreshPolicy(refeshOnOperation ? IMMEDIATE : NONE).get();
|
||||
|
||||
assertThat(response.isCreated(), is(true));
|
||||
assertThat(response.getIndex(), containsString(expectedIndexName));
|
||||
|
|
@ -84,7 +87,7 @@ public class DateMathExpressionIntegTests extends ShieldIntegTestCase {
|
|||
|
||||
UpdateResponse updateResponse = client.prepareUpdate(expression, "type", response.getId())
|
||||
.setDoc("new", "field")
|
||||
.setRefresh(refeshOnOperation)
|
||||
.setRefreshPolicy(refeshOnOperation ? IMMEDIATE : NONE)
|
||||
.get();
|
||||
assertThat(updateResponse.isCreated(), is(false));
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ import org.elasticsearch.xpack.XPackPlugin;
|
|||
|
||||
import java.util.Collections;
|
||||
|
||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
|
||||
|
|
@ -94,10 +95,10 @@ public class DocumentAndFieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
.addMapping("type1", "field1", "type=text", "field2", "type=text")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
client().prepareIndex("test", "type1", "2").setSource("field2", "value2")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
SearchResponse response = client().filterWithHeader(
|
||||
|
|
@ -133,10 +134,10 @@ public class DocumentAndFieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
.addMapping("type1", "field1", "type=text", "field2", "type=text")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
client().prepareIndex("test", "type1", "2").setSource("field2", "value2")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
// Both users have the same role query, but user3 has access to field2 and not field1, which should result in zero hits:
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import org.elasticsearch.xpack.XPackPlugin;
|
|||
|
||||
import java.util.Collections;
|
||||
|
||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
||||
import static org.elasticsearch.index.query.QueryBuilders.hasChildQuery;
|
||||
import static org.elasticsearch.index.query.QueryBuilders.hasParentQuery;
|
||||
import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery;
|
||||
|
|
@ -108,13 +109,13 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase {
|
|||
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
client().prepareIndex("test", "type1", "2").setSource("field2", "value2")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
client().prepareIndex("test", "type1", "3").setSource("field3", "value3")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
SearchResponse response = client()
|
||||
|
|
@ -289,13 +290,13 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase {
|
|||
"field3", "type=text,term_vector=with_positions_offsets_payloads")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
client().prepareIndex("test", "type1", "2").setSource("field2", "value2")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
client().prepareIndex("test", "type1", "3").setSource("field3", "value3")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
boolean realtime = randomBoolean();
|
||||
|
|
@ -354,13 +355,13 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase {
|
|||
"field3", "type=text,term_vector=with_positions_offsets_payloads")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
client().prepareIndex("test", "type1", "2").setSource("field2", "value2")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
client().prepareIndex("test", "type1", "3").setSource("field3", "value3")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
boolean realtime = randomBoolean();
|
||||
|
|
@ -419,13 +420,13 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase {
|
|||
.addMapping("type1", "field1", "type=text", "field2", "type=text,fielddata=true", "field3", "type=text")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
client().prepareIndex("test", "type1", "2").setSource("field2", "value2")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
client().prepareIndex("test", "type1", "3").setSource("field3", "value3")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
SearchResponse response = client().prepareSearch("test")
|
||||
|
|
@ -483,11 +484,11 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase {
|
|||
.addMapping("type2", "_parent", "type=type1", "field3", "type=text,fielddata=true")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
client().prepareIndex("test", "type2", "2").setSource("field3", "value3")
|
||||
.setParent("1")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
SearchResponse response = client().prepareSearch("test")
|
||||
|
|
@ -705,7 +706,7 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase {
|
|||
.addMapping("type", "field1", "type=text", "field2", "type=text")
|
||||
);
|
||||
client().prepareIndex("test", "type", "1").setSource("field1", "value1")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
// With document level security enabled the update is not allowed:
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ import java.util.List;
|
|||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
||||
import static org.elasticsearch.index.query.QueryBuilders.matchQuery;
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
|
|
@ -141,7 +142,7 @@ public class FieldLevelSecurityRandomTests extends ShieldIntegTestCase {
|
|||
assertAcked(client().admin().indices().prepareCreate("test")
|
||||
.addMapping("type1", (Object[])fieldMappers)
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource(doc).setRefresh(true).get();
|
||||
client().prepareIndex("test", "type1", "1").setSource(doc).setRefreshPolicy(IMMEDIATE).get();
|
||||
|
||||
for (String allowedField : allowedFields) {
|
||||
logger.info("Checking allowed field [{}]", allowedField);
|
||||
|
|
|
|||
|
|
@ -32,7 +32,9 @@ import org.elasticsearch.xpack.XPackPlugin;
|
|||
|
||||
import java.util.Collections;
|
||||
|
||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
||||
import static org.elasticsearch.index.query.QueryBuilders.constantScoreQuery;
|
||||
import static org.elasticsearch.index.query.QueryBuilders.existsQuery;
|
||||
import static org.elasticsearch.index.query.QueryBuilders.hasChildQuery;
|
||||
import static org.elasticsearch.index.query.QueryBuilders.matchQuery;
|
||||
import static org.elasticsearch.index.query.QueryBuilders.termQuery;
|
||||
|
|
@ -136,7 +138,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
// user1 has access to field1, so the query should match with the document:
|
||||
|
|
@ -481,14 +483,12 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
assertThat(response.getResponses()[0].getResponse().getSource().get("field2").toString(), equalTo("value2"));
|
||||
}
|
||||
|
||||
// norelease - we need to fix the issue so that only fields a user can see are returned
|
||||
@AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2120")
|
||||
public void testFieldStatsApi() throws Exception {
|
||||
assertAcked(client().admin().indices().prepareCreate("test")
|
||||
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
// user1 is granted access to field1 only:
|
||||
|
|
@ -622,7 +622,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
int max = scaledRandomIntBetween(4, 32);
|
||||
|
|
@ -660,7 +660,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
int max = scaledRandomIntBetween(4, 32);
|
||||
|
|
@ -702,7 +702,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
"field3", "type=text,store=true")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
// user1 is granted access to field1 only:
|
||||
|
|
@ -799,7 +799,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
// user1 is granted access to field1 only:
|
||||
|
|
@ -873,7 +873,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
);
|
||||
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", 1d, "field2", 2d)
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
// user1 is granted to use field1, so it is included in the sort_values
|
||||
|
|
@ -882,28 +882,28 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
.prepareSearch("test")
|
||||
.addSort("field1", SortOrder.ASC)
|
||||
.get();
|
||||
assertThat((Long) response.getHits().getAt(0).sortValues()[0], equalTo(1L));
|
||||
assertThat(response.getHits().getAt(0).sortValues()[0], equalTo(1L));
|
||||
|
||||
// user2 is not granted to use field1, so the default missing sort value is included
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD)))
|
||||
.prepareSearch("test")
|
||||
.addSort("field1", SortOrder.ASC)
|
||||
.get();
|
||||
assertThat((Long) response.getHits().getAt(0).sortValues()[0], equalTo(Long.MAX_VALUE));
|
||||
assertThat(response.getHits().getAt(0).sortValues()[0], equalTo(Long.MAX_VALUE));
|
||||
|
||||
// user1 is not granted to use field2, so the default missing sort value is included
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD)))
|
||||
.prepareSearch("test")
|
||||
.addSort("field2", SortOrder.ASC)
|
||||
.get();
|
||||
assertThat((Long) response.getHits().getAt(0).sortValues()[0], equalTo(Long.MAX_VALUE));
|
||||
assertThat(response.getHits().getAt(0).sortValues()[0], equalTo(Long.MAX_VALUE));
|
||||
|
||||
// user2 is granted to use field2, so it is included in the sort_values
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD)))
|
||||
.prepareSearch("test")
|
||||
.addSort("field2", SortOrder.ASC)
|
||||
.get();
|
||||
assertThat((Long) response.getHits().getAt(0).sortValues()[0], equalTo(2L));
|
||||
assertThat(response.getHits().getAt(0).sortValues()[0], equalTo(2L));
|
||||
}
|
||||
|
||||
public void testAggs() throws Exception {
|
||||
|
|
@ -911,7 +911,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
.addMapping("type1", "field1", "type=text,fielddata=true", "field2", "type=text,fielddata=true")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
// user1 is authorized to use field1, so buckets are include for a term agg on field1
|
||||
|
|
@ -951,7 +951,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
"field3", "type=text,term_vector=with_positions_offsets_payloads")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
boolean realtime = randomBoolean();
|
||||
|
|
@ -1035,7 +1035,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
"field3", "type=text,term_vector=with_positions_offsets_payloads")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
boolean realtime = randomBoolean();
|
||||
|
|
@ -1155,7 +1155,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
);
|
||||
client().prepareIndex("test", "type", "1")
|
||||
.setSource("field1", "value1", "field2", "value1")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
// With field level security enabled the update is not allowed:
|
||||
|
|
@ -1200,7 +1200,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
.addMapping("type1", "field1", "type=text", "field2", "type=text")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
// user6 has access to all fields, so the query should match with the document:
|
||||
|
|
@ -1224,4 +1224,64 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
|
|||
assertThat(response.getHits().getAt(0).sourceAsMap().get("field2").toString(), equalTo("value2"));
|
||||
}
|
||||
|
||||
public void testExistQuery() {
|
||||
assertAcked(client().admin().indices().prepareCreate("test")
|
||||
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
// user1 has access to field1, so the query should match with the document:
|
||||
SearchResponse response = client()
|
||||
.filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD)))
|
||||
.prepareSearch("test")
|
||||
.setQuery(existsQuery("field1"))
|
||||
.get();
|
||||
assertHitCount(response, 1);
|
||||
// user1 has no access to field2, so the query should not match with the document:
|
||||
response = client()
|
||||
.filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD)))
|
||||
.prepareSearch("test")
|
||||
.setQuery(existsQuery("field2"))
|
||||
.get();
|
||||
assertHitCount(response, 0);
|
||||
// user2 has no access to field1, so the query should not match with the document:
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD)))
|
||||
.prepareSearch("test")
|
||||
.setQuery(existsQuery("field1"))
|
||||
.get();
|
||||
assertHitCount(response, 0);
|
||||
// user2 has access to field2, so the query should match with the document:
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD)))
|
||||
.prepareSearch("test")
|
||||
.setQuery(existsQuery("field2"))
|
||||
.get();
|
||||
assertHitCount(response, 1);
|
||||
// user3 has access to field1 and field2, so the query should match with the document:
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user3", USERS_PASSWD)))
|
||||
.prepareSearch("test")
|
||||
.setQuery(existsQuery("field1"))
|
||||
.get();
|
||||
assertHitCount(response, 1);
|
||||
// user3 has access to field1 and field2, so the query should match with the document:
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user3", USERS_PASSWD)))
|
||||
.prepareSearch("test")
|
||||
.setQuery(existsQuery("field2"))
|
||||
.get();
|
||||
assertHitCount(response, 1);
|
||||
// user4 has access to no fields, so the query should not match with the document:
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user4", USERS_PASSWD)))
|
||||
.prepareSearch("test")
|
||||
.setQuery(existsQuery("field1"))
|
||||
.get();
|
||||
assertHitCount(response, 0);
|
||||
// user4 has access to no fields, so the query should not match with the document:
|
||||
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user4", USERS_PASSWD)))
|
||||
.prepareSearch("test")
|
||||
.setQuery(existsQuery("field2"))
|
||||
.get();
|
||||
assertHitCount(response, 0);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import org.elasticsearch.xpack.XPackPlugin;
|
|||
|
||||
import java.util.Collections;
|
||||
|
||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
|
||||
|
|
@ -72,7 +73,7 @@ public class IndicesPermissionsWithAliasesWildcardsAndRegexsTests extends Shield
|
|||
.addAlias(new Alias("an_alias"))
|
||||
);
|
||||
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
|
||||
GetResponse getResponse = client()
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import org.elasticsearch.test.ShieldIntegTestCase;
|
|||
import java.util.Locale;
|
||||
|
||||
import static java.util.Collections.singletonMap;
|
||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
||||
import static org.hamcrest.Matchers.arrayContaining;
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
|
|
@ -183,7 +184,7 @@ public class KibanaUserRoleIntegTests extends ShieldIntegTestCase {
|
|||
.setIndex(index)
|
||||
.setType("dashboard")
|
||||
.setSource("foo", "bar")
|
||||
.setRefresh(true)
|
||||
.setRefreshPolicy(IMMEDIATE)
|
||||
.get();
|
||||
assertThat(response.isCreated(), is(true));
|
||||
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ import java.util.HashMap;
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertThrows;
|
||||
|
|
@ -63,7 +64,7 @@ public class ShieldClearScrollTests extends ShieldIntegTestCase {
|
|||
|
||||
@Before
|
||||
public void indexRandomDocuments() {
|
||||
BulkRequestBuilder bulkRequestBuilder = client().prepareBulk().setRefresh(true);
|
||||
BulkRequestBuilder bulkRequestBuilder = client().prepareBulk().setRefreshPolicy(IMMEDIATE);
|
||||
for (int i = 0; i < randomIntBetween(10, 50); i++) {
|
||||
bulkRequestBuilder.add(client().prepareIndex("index", "type", String.valueOf(i)).setSource("{ \"foo\" : \"bar\" }"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import org.elasticsearch.xpack.watcher.support.xcontent.XContentSource;
|
|||
import org.junit.Before;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
|
@ -92,7 +93,7 @@ public class SecurityFeatureSetTests extends ESTestCase {
|
|||
realmUsage.put("key3", i % 2 == 0);
|
||||
when(realm.usageStats()).thenReturn(realmUsage);
|
||||
}
|
||||
when(realms.iterator()).thenReturn(realmsList.iterator());
|
||||
when(realms.iterator()).thenReturn(available ? realmsList.iterator() : Collections.<Realm>emptyIterator());
|
||||
|
||||
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings.build(), licenseState, realms, namedWriteableRegistry);
|
||||
XPackFeatureSet.Usage usage = featureSet.usage();
|
||||
|
|
@ -102,12 +103,14 @@ public class SecurityFeatureSetTests extends ESTestCase {
|
|||
assertThat(usage.available(), is(available));
|
||||
XContentSource source = new XContentSource(usage);
|
||||
|
||||
if (enabled) {
|
||||
if (enabled && available) {
|
||||
for (int i = 0; i < 5; i++) {
|
||||
assertThat(source.getValue("enabled_realms." + i + ".key1"), is("value" + i));
|
||||
assertThat(source.getValue("enabled_realms." + i + ".key2"), is(i));
|
||||
assertThat(source.getValue("enabled_realms." + i + ".key3"), is(i % 2 == 0));
|
||||
}
|
||||
} else if (enabled) {
|
||||
assertThat(source.getValue("enabled_realms"), is(notNullValue()));
|
||||
} else {
|
||||
assertThat(source.getValue("enabled_realms"), is(nullValue()));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,6 +37,6 @@ public class VersionCompatibilityTests extends ESTestCase {
|
|||
*
|
||||
*/
|
||||
assertThat("Remove workaround in LicenseService class when es core supports merging cluster level custom metadata",
|
||||
Version.CURRENT.equals(Version.V_5_0_0), is(true));
|
||||
Version.CURRENT.equals(Version.V_5_0_0_alpha4), is(true));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,14 +11,14 @@ import org.elasticsearch.common.inject.Injector;
|
|||
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.network.NetworkService;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
import org.elasticsearch.indices.breaker.CircuitBreakerModule;
|
||||
import org.elasticsearch.indices.breaker.CircuitBreakerService;
|
||||
import org.elasticsearch.node.Node;
|
||||
import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPoolModule;
|
||||
import org.elasticsearch.transport.Transport;
|
||||
import org.elasticsearch.transport.local.LocalTransport;
|
||||
|
||||
|
|
@ -35,8 +35,7 @@ public class AuditTrailModuleTests extends ESTestCase {
|
|||
.put("client.type", "node")
|
||||
.put(AuditTrailModule.ENABLED_SETTING.getKey(), false)
|
||||
.build();
|
||||
SettingsModule settingsModule = new SettingsModule(settings);
|
||||
settingsModule.registerSetting(AuditTrailModule.ENABLED_SETTING);
|
||||
SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING);
|
||||
Injector injector = Guice.createInjector(settingsModule, new AuditTrailModule(settings));
|
||||
AuditTrail auditTrail = injector.getInstance(AuditTrail.class);
|
||||
assertThat(auditTrail, is(AuditTrail.NOOP));
|
||||
|
|
@ -55,10 +54,9 @@ public class AuditTrailModuleTests extends ESTestCase {
|
|||
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
|
||||
.put("client.type", "node")
|
||||
.build();
|
||||
ThreadPool pool = new ThreadPool("testLogFile");
|
||||
ThreadPool pool = new TestThreadPool("testLogFile");
|
||||
try {
|
||||
SettingsModule settingsModule = new SettingsModule(settings);
|
||||
settingsModule.registerSetting(AuditTrailModule.ENABLED_SETTING);
|
||||
SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING);
|
||||
Injector injector = Guice.createInjector(
|
||||
settingsModule,
|
||||
new NetworkModule(new NetworkService(settings), settings, false, new NamedWriteableRegistry()) {
|
||||
|
|
@ -68,8 +66,11 @@ public class AuditTrailModuleTests extends ESTestCase {
|
|||
}
|
||||
},
|
||||
new AuditTrailModule(settings),
|
||||
new CircuitBreakerModule(settings),
|
||||
new ThreadPoolModule(pool),
|
||||
b -> {
|
||||
b.bind(CircuitBreakerService.class).toInstance(Node.createCircuitBreakerService(settingsModule.getSettings(),
|
||||
settingsModule.getClusterSettings()));
|
||||
b.bind(ThreadPool.class).toInstance(pool);
|
||||
},
|
||||
new Version.Module(Version.CURRENT)
|
||||
);
|
||||
AuditTrail auditTrail = injector.getInstance(AuditTrail.class);
|
||||
|
|
@ -89,9 +90,7 @@ public class AuditTrailModuleTests extends ESTestCase {
|
|||
.put(AuditTrailModule.OUTPUTS_SETTING.getKey() , "foo")
|
||||
.put("client.type", "node")
|
||||
.build();
|
||||
SettingsModule settingsModule = new SettingsModule(settings);
|
||||
settingsModule.registerSetting(AuditTrailModule.ENABLED_SETTING);
|
||||
settingsModule.registerSetting(AuditTrailModule.OUTPUTS_SETTING);
|
||||
SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING, AuditTrailModule.OUTPUTS_SETTING);
|
||||
try {
|
||||
Guice.createInjector(settingsModule, new AuditTrailModule(settings));
|
||||
fail("Expect initialization to fail when an unknown audit trail output is configured");
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
|
|||
import org.elasticsearch.shield.user.SystemUser;
|
||||
import org.elasticsearch.shield.user.User;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.Transport;
|
||||
import org.elasticsearch.transport.TransportMessage;
|
||||
|
|
@ -58,7 +59,7 @@ public class IndexAuditTrailMutedTests extends ESTestCase {
|
|||
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { DummyTransportAddress.INSTANCE },
|
||||
DummyTransportAddress.INSTANCE));
|
||||
|
||||
threadPool = new ThreadPool("index audit trail tests");
|
||||
threadPool = new TestThreadPool("index audit trail tests");
|
||||
transportClient = TransportClient.builder().settings(Settings.EMPTY).build();
|
||||
clientCalled = new AtomicBoolean(false);
|
||||
client = new InternalClient(transportClient) {
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@ import org.elasticsearch.test.ESIntegTestCase;
|
|||
import org.elasticsearch.test.InternalTestCluster;
|
||||
import org.elasticsearch.test.ShieldIntegTestCase;
|
||||
import org.elasticsearch.test.ShieldSettingsSource;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.Transport;
|
||||
import org.elasticsearch.transport.TransportInfo;
|
||||
|
|
@ -260,7 +261,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
|
|||
BoundTransportAddress boundTransportAddress = new BoundTransportAddress(new TransportAddress[]{DummyTransportAddress.INSTANCE},
|
||||
DummyTransportAddress.INSTANCE);
|
||||
when(transport.boundAddress()).thenReturn(boundTransportAddress);
|
||||
threadPool = new ThreadPool("index audit trail tests");
|
||||
threadPool = new TestThreadPool("index audit trail tests");
|
||||
enqueuedMessage = new SetOnce<>();
|
||||
auditor = new IndexAuditTrail(settings, transport, Providers.of(internalClient()), threadPool, mock(ClusterService.class)) {
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ import org.elasticsearch.common.transport.DummyTransportAddress;
|
|||
import org.elasticsearch.common.transport.TransportAddress;
|
||||
import org.elasticsearch.test.ShieldIntegTestCase;
|
||||
import org.elasticsearch.test.rest.FakeRestRequest;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.Transport;
|
||||
import org.junit.After;
|
||||
|
|
@ -39,7 +40,7 @@ public class IndexAuditTrailUpdateMappingTests extends ShieldIntegTestCase {
|
|||
|
||||
@Before
|
||||
public void setup() {
|
||||
threadPool = new ThreadPool("index audit trail update mapping tests");
|
||||
threadPool = new TestThreadPool("index audit trail update mapping tests");
|
||||
}
|
||||
|
||||
public void testMappingIsUpdated() throws Exception {
|
||||
|
|
|
|||
|
|
@ -94,6 +94,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
|
|||
Settings settings = Settings.builder().put("path.home", createTempDir()).build();
|
||||
SecurityLicenseState shieldLicenseState = mock(SecurityLicenseState.class);
|
||||
when(shieldLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.ALL);
|
||||
when(shieldLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(true);
|
||||
realms = new Realms(Settings.EMPTY, new Environment(settings), Collections.<String, Realm.Factory>emptyMap(), shieldLicenseState,
|
||||
mock(ReservedRealm.class)) {
|
||||
|
||||
|
|
|
|||
|
|
@ -52,6 +52,7 @@ public class RealmsTests extends ESTestCase {
|
|||
}
|
||||
shieldLicenseState = mock(SecurityLicenseState.class);
|
||||
reservedRealm = mock(ReservedRealm.class);
|
||||
when(shieldLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(true);
|
||||
when(shieldLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.ALL);
|
||||
}
|
||||
|
||||
|
|
@ -338,6 +339,21 @@ public class RealmsTests extends ESTestCase {
|
|||
assertThat(count, equalTo(orderToIndex.size()));
|
||||
}
|
||||
|
||||
public void testAuthcAuthzDisabled() {
|
||||
Settings settings = Settings.builder()
|
||||
.put("path.home", createTempDir())
|
||||
.put("xpack.security.authc.realms.realm_1.type", FileRealm.TYPE)
|
||||
.put("xpack.security.authc.realms.realm_1.order", 0)
|
||||
.build();
|
||||
Environment env = new Environment(settings);
|
||||
Realms realms = new Realms(settings, env, factories, shieldLicenseState, reservedRealm).start();
|
||||
|
||||
assertThat(realms.iterator().hasNext(), is(true));
|
||||
|
||||
when(shieldLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(false);
|
||||
assertThat(realms.iterator().hasNext(), is(false));
|
||||
}
|
||||
|
||||
static class DummyRealm extends Realm {
|
||||
|
||||
public DummyRealm(String type, RealmConfig config) {
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import org.elasticsearch.shield.authc.support.SecuredString;
|
|||
import org.elasticsearch.shield.authc.support.SecuredStringTests;
|
||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.junit.After;
|
||||
|
|
@ -92,7 +93,7 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
|
|||
directoryServer.startListening();
|
||||
directoryServers[i] = directoryServer;
|
||||
}
|
||||
threadPool = new ThreadPool("active directory realm tests");
|
||||
threadPool = new TestThreadPool("active directory realm tests");
|
||||
resourceWatcherService = new ResourceWatcherService(Settings.EMPTY, threadPool);
|
||||
globalSettings = Settings.builder().put("path.home", createTempDir()).build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ import java.util.Arrays;
|
|||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.hamcrest.Matchers.arrayContaining;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
|
|
@ -205,7 +206,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
|
|||
createIndex("idx");
|
||||
ensureGreen("idx");
|
||||
// Index a document with the default test user
|
||||
client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefresh(true).get();
|
||||
client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefreshPolicy(IMMEDIATE).get();
|
||||
|
||||
String token = basicAuthHeaderValue("joe", new SecuredString("s3krit".toCharArray()));
|
||||
SearchResponse searchResp = client().filterWithHeader(Collections.singletonMap("Authorization", token)).prepareSearch("idx").get();
|
||||
|
|
@ -227,7 +228,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
|
|||
createIndex("idx");
|
||||
ensureGreen("idx");
|
||||
// Index a document with the default test user
|
||||
client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefresh(true).get();
|
||||
client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefreshPolicy(IMMEDIATE).get();
|
||||
String token = basicAuthHeaderValue("joe", new SecuredString("s3krit".toCharArray()));
|
||||
SearchResponse searchResp = client().filterWithHeader(Collections.singletonMap("Authorization", token)).prepareSearch("idx").get();
|
||||
|
||||
|
|
@ -262,7 +263,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
|
|||
createIndex("idx");
|
||||
ensureGreen("idx");
|
||||
// Index a document with the default test user
|
||||
client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefresh(true).get();
|
||||
client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefreshPolicy(IMMEDIATE).get();
|
||||
String token = basicAuthHeaderValue("joe", new SecuredString("s3krit".toCharArray()));
|
||||
SearchResponse searchResp = client().filterWithHeader(Collections.singletonMap("Authorization", token)).prepareSearch("idx").get();
|
||||
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import org.elasticsearch.shield.authc.support.Hasher;
|
|||
import org.elasticsearch.shield.authc.support.RefreshListener;
|
||||
import org.elasticsearch.shield.authc.support.SecuredStringTests;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.junit.After;
|
||||
|
|
@ -62,7 +63,7 @@ public class FileUserPasswdStoreTests extends ESTestCase {
|
|||
.put("path.home", createTempDir())
|
||||
.build();
|
||||
env = new Environment(settings);
|
||||
threadPool = new ThreadPool("test");
|
||||
threadPool = new TestThreadPool("test");
|
||||
}
|
||||
|
||||
@After
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import org.elasticsearch.shield.audit.logfile.CapturingLogger;
|
|||
import org.elasticsearch.shield.authc.RealmConfig;
|
||||
import org.elasticsearch.shield.authc.support.RefreshListener;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
|
|
@ -63,7 +64,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
|
|||
.put("path.home", createTempDir())
|
||||
.build();
|
||||
env = new Environment(settings);
|
||||
threadPool = new ThreadPool("test");
|
||||
threadPool = new TestThreadPool("test");
|
||||
}
|
||||
|
||||
@After
|
||||
|
|
@ -224,7 +225,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
|
|||
public void testParseFileEmptyRolesDoesNotCauseNPE() throws Exception {
|
||||
ThreadPool threadPool = null;
|
||||
try {
|
||||
threadPool = new ThreadPool("test");
|
||||
threadPool = new TestThreadPool("test");
|
||||
Path usersRoles = writeUsersRoles("role1:admin");
|
||||
|
||||
Settings settings = Settings.builder()
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import org.elasticsearch.shield.authc.support.SecuredString;
|
|||
import org.elasticsearch.shield.authc.support.SecuredStringTests;
|
||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.shield.user.User;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.junit.After;
|
||||
|
|
@ -49,7 +50,7 @@ public class LdapRealmTests extends LdapTestCase {
|
|||
|
||||
@Before
|
||||
public void init() throws Exception {
|
||||
threadPool = new ThreadPool("ldap realm tests");
|
||||
threadPool = new TestThreadPool("ldap realm tests");
|
||||
resourceWatcherService = new ResourceWatcherService(Settings.EMPTY, threadPool);
|
||||
globalSettings = Settings.builder().put("path.home", createTempDir()).build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import org.elasticsearch.shield.authc.RealmConfig;
|
|||
import org.elasticsearch.shield.authc.activedirectory.ActiveDirectoryRealm;
|
||||
import org.elasticsearch.shield.authc.ldap.LdapRealm;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.junit.After;
|
||||
|
|
@ -69,7 +70,7 @@ public class DnRoleMapperTests extends ESTestCase {
|
|||
.put("path.home", createTempDir())
|
||||
.build();
|
||||
env = new Environment(settings);
|
||||
threadPool = new ThreadPool("test");
|
||||
threadPool = new TestThreadPool("test");
|
||||
}
|
||||
|
||||
@After
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ import org.elasticsearch.test.ESTestCase;
|
|||
import org.elasticsearch.test.IndexSettingsModule;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.Optional;
|
||||
|
||||
import static java.util.Collections.singleton;
|
||||
import static java.util.Collections.singletonMap;
|
||||
|
|
@ -138,7 +139,8 @@ public class ShieldIndexSearcherWrapperIntegrationTests extends ESTestCase {
|
|||
for (int i = 0; i < numValues; i++) {
|
||||
ParsedQuery parsedQuery = new ParsedQuery(new TermQuery(new Term("field", values[i])));
|
||||
when(queryShardContext.newParseContext(any(XContentParser.class))).thenReturn(queryParseContext);
|
||||
when(queryParseContext.parseInnerQueryBuilder()).thenReturn((QueryBuilder) new TermQueryBuilder("field", values[i]));
|
||||
when(queryParseContext.parseInnerQueryBuilder())
|
||||
.thenReturn(Optional.of((QueryBuilder) new TermQueryBuilder("field", values[i])));
|
||||
when(queryShardContext.toQuery(any(QueryBuilder.class))).thenReturn(parsedQuery);
|
||||
DirectoryReader wrappedDirectoryReader = wrapper.wrap(directoryReader);
|
||||
IndexSearcher indexSearcher = wrapper.wrap(new IndexSearcher(wrappedDirectoryReader));
|
||||
|
|
|
|||
|
|
@ -134,7 +134,7 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
|
|||
|
||||
FieldSubsetReader.FieldSubsetDirectoryReader result =
|
||||
(FieldSubsetReader.FieldSubsetDirectoryReader) shieldIndexSearcherWrapper.wrap(esIn);
|
||||
assertThat(result.getFieldNames().size(), equalTo(11));
|
||||
assertThat(result.getFieldNames().size(), equalTo(12));
|
||||
assertThat(result.getFieldNames().contains("_uid"), is(true));
|
||||
assertThat(result.getFieldNames().contains("_id"), is(true));
|
||||
assertThat(result.getFieldNames().contains("_version"), is(true));
|
||||
|
|
@ -146,6 +146,7 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
|
|||
assertThat(result.getFieldNames().contains("_ttl"), is(true));
|
||||
assertThat(result.getFieldNames().contains("_size"), is(true));
|
||||
assertThat(result.getFieldNames().contains("_index"), is(true));
|
||||
assertThat(result.getFieldNames().contains("_field_names"), is(true));
|
||||
// _all contains actual user data and therefor can't be included by default
|
||||
assertThat(result.getFieldNames().contains("_all"), is(false));
|
||||
}
|
||||
|
|
@ -469,6 +470,16 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
|
|||
public Weight createWeight(IndexSearcher searcher, boolean needsScores) throws IOException {
|
||||
return new CreateScorerOnceWeight(query.createWeight(searcher, needsScores));
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object obj) {
|
||||
return sameClassAs(obj) && query.equals(((CreateScorerOnceQuery) obj).query);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return 31 * classHash() + query.hashCode();
|
||||
}
|
||||
}
|
||||
|
||||
public void doTestIndexSearcherWrapper(boolean sparse, boolean deletions) throws IOException {
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ import org.elasticsearch.shield.authz.permission.RunAsPermission;
|
|||
import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
|
||||
import org.elasticsearch.shield.authz.privilege.IndexPrivilege;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
|
|
@ -257,7 +258,7 @@ public class FileRolesStoreTests extends ESTestCase {
|
|||
.build();
|
||||
|
||||
Environment env = new Environment(settings);
|
||||
threadPool = new ThreadPool("test");
|
||||
threadPool = new TestThreadPool("test");
|
||||
watcherService = new ResourceWatcherService(settings, threadPool);
|
||||
final CountDownLatch latch = new CountDownLatch(1);
|
||||
FileRolesStore store = new FileRolesStore(settings, env, watcherService, new RefreshListener() {
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ import org.elasticsearch.common.io.Streams;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.junit.After;
|
||||
|
|
@ -53,7 +54,7 @@ public class InternalCryptoServiceTests extends ESTestCase {
|
|||
.put("path.home", createTempDir())
|
||||
.build();
|
||||
env = new Environment(settings);
|
||||
threadPool = new ThreadPool("test");
|
||||
threadPool = new TestThreadPool("test");
|
||||
watcherService = new ResourceWatcherService(settings, threadPool);
|
||||
watcherService.start();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import org.elasticsearch.shield.ssl.SSLConfiguration.Custom;
|
|||
import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
|
||||
import org.elasticsearch.shield.ssl.TrustConfig.Reloadable.Listener;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
|
||||
|
|
@ -321,7 +322,7 @@ public class SSLConfigurationTests extends ESTestCase {
|
|||
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
|
||||
Listener listener = createRefreshListener(latch, exceptionRef);
|
||||
|
||||
ThreadPool threadPool = new ThreadPool("reload");
|
||||
ThreadPool threadPool = new TestThreadPool("reload");
|
||||
try {
|
||||
ResourceWatcherService resourceWatcherService =
|
||||
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
|
||||
|
|
@ -384,7 +385,7 @@ public class SSLConfigurationTests extends ESTestCase {
|
|||
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
|
||||
Listener listener = createRefreshListener(latch, exceptionRef);
|
||||
|
||||
ThreadPool threadPool = new ThreadPool("reload pem");
|
||||
ThreadPool threadPool = new TestThreadPool("reload pem");
|
||||
try {
|
||||
ResourceWatcherService resourceWatcherService =
|
||||
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
|
||||
|
|
@ -460,7 +461,7 @@ public class SSLConfigurationTests extends ESTestCase {
|
|||
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
|
||||
Listener listener = createRefreshListener(latch, exceptionRef);
|
||||
|
||||
ThreadPool threadPool = new ThreadPool("reload");
|
||||
ThreadPool threadPool = new TestThreadPool("reload");
|
||||
try {
|
||||
ResourceWatcherService resourceWatcherService =
|
||||
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
|
||||
|
|
@ -506,7 +507,7 @@ public class SSLConfigurationTests extends ESTestCase {
|
|||
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
|
||||
Listener listener = createRefreshListener(latch, exceptionRef);
|
||||
|
||||
ThreadPool threadPool = new ThreadPool("reload");
|
||||
ThreadPool threadPool = new TestThreadPool("reload");
|
||||
try {
|
||||
ResourceWatcherService resourceWatcherService =
|
||||
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
|
||||
|
|
@ -554,7 +555,7 @@ public class SSLConfigurationTests extends ESTestCase {
|
|||
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
|
||||
Listener listener = createRefreshListener(latch, exceptionRef);
|
||||
|
||||
ThreadPool threadPool = new ThreadPool("reload");
|
||||
ThreadPool threadPool = new TestThreadPool("reload");
|
||||
try {
|
||||
ResourceWatcherService resourceWatcherService =
|
||||
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
|
||||
|
|
@ -603,7 +604,7 @@ public class SSLConfigurationTests extends ESTestCase {
|
|||
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
|
||||
Listener listener = createRefreshListener(latch, exceptionRef);
|
||||
|
||||
ThreadPool threadPool = new ThreadPool("reload pem");
|
||||
ThreadPool threadPool = new TestThreadPool("reload pem");
|
||||
try {
|
||||
ResourceWatcherService resourceWatcherService =
|
||||
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
|
||||
|
|
@ -654,7 +655,7 @@ public class SSLConfigurationTests extends ESTestCase {
|
|||
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
|
||||
Listener listener = createRefreshListener(latch, exceptionRef);
|
||||
|
||||
ThreadPool threadPool = new ThreadPool("reload");
|
||||
ThreadPool threadPool = new TestThreadPool("reload");
|
||||
try {
|
||||
ResourceWatcherService resourceWatcherService =
|
||||
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
|
||||
|
|
@ -693,7 +694,7 @@ public class SSLConfigurationTests extends ESTestCase {
|
|||
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
|
||||
Listener listener = createRefreshListener(latch, exceptionRef);
|
||||
|
||||
ThreadPool threadPool = new ThreadPool("reload");
|
||||
ThreadPool threadPool = new TestThreadPool("reload");
|
||||
try {
|
||||
ResourceWatcherService resourceWatcherService =
|
||||
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ import org.elasticsearch.common.logging.ESLogger;
|
|||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.threadpool.TestThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.threadpool.ThreadPool.Names;
|
||||
|
||||
|
|
@ -189,7 +190,7 @@ public class SelfReschedulingRunnableTests extends ESTestCase {
|
|||
}
|
||||
|
||||
public void testStopPreventsRunning() throws Exception {
|
||||
final ThreadPool threadPool = new ThreadPool("test-stop-self-schedule");
|
||||
final ThreadPool threadPool = new TestThreadPool("test-stop-self-schedule");
|
||||
final AtomicInteger failureCounter = new AtomicInteger(0);
|
||||
final AtomicInteger runCounter = new AtomicInteger(0);
|
||||
final AbstractRunnable runnable = new AbstractRunnable() {
|
||||
|
|
@ -232,7 +233,7 @@ public class SelfReschedulingRunnableTests extends ESTestCase {
|
|||
}
|
||||
|
||||
public void testStopPreventsRescheduling() throws Exception {
|
||||
final ThreadPool threadPool = new ThreadPool("test-stop-self-schedule");
|
||||
final ThreadPool threadPool = new TestThreadPool("test-stop-self-schedule");
|
||||
final CountDownLatch threadRunningLatch = new CountDownLatch(randomIntBetween(1, 16));
|
||||
final CountDownLatch stopCalledLatch = new CountDownLatch(1);
|
||||
final AbstractRunnable runnable = new AbstractRunnable() {
|
||||
|
|
|
|||
|
|
@ -15,7 +15,9 @@ import org.elasticsearch.shield.ssl.SSLConfiguration;
|
|||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.hamcrest.Matcher;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.nullValue;
|
||||
|
|
@ -85,13 +87,14 @@ public class SettingsFilterTests extends ESTestCase {
|
|||
.build();
|
||||
|
||||
XPackPlugin xPackPlugin = new XPackPlugin(settings);
|
||||
SettingsModule settingsModule = new SettingsModule(settings);
|
||||
List<Setting<?>> settingList = new ArrayList<>();
|
||||
settingList.add(Setting.simpleString("foo.bar", Setting.Property.NodeScope));
|
||||
settingList.add(Setting.simpleString("foo.baz", Setting.Property.NodeScope));
|
||||
settingList.add(Setting.simpleString("bar.baz", Setting.Property.NodeScope));
|
||||
settingList.add(Setting.simpleString("baz.foo", Setting.Property.NodeScope));
|
||||
settingList.addAll(xPackPlugin.getSettings());
|
||||
// custom settings, potentially added by a plugin
|
||||
settingsModule.registerSetting(Setting.simpleString("foo.bar", Setting.Property.NodeScope));
|
||||
settingsModule.registerSetting(Setting.simpleString("foo.baz", Setting.Property.NodeScope));
|
||||
settingsModule.registerSetting(Setting.simpleString("bar.baz", Setting.Property.NodeScope));
|
||||
settingsModule.registerSetting(Setting.simpleString("baz.foo", Setting.Property.NodeScope));
|
||||
xPackPlugin.onModule(settingsModule);
|
||||
SettingsModule settingsModule = new SettingsModule(settings, settingList, xPackPlugin.getSettingsFilter());
|
||||
|
||||
Injector injector = Guice.createInjector(settingsModule);
|
||||
SettingsFilter settingsFilter = injector.getInstance(SettingsFilter.class);
|
||||
|
|
|
|||
|
|
@ -217,7 +217,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
|
|||
return getSSLSettingsForPEMFiles("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.pem", "testnode",
|
||||
Collections.singletonList("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"),
|
||||
Arrays.asList("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.crt",
|
||||
"/org/elasticsearch/shield/transport/ssl/certs/simple/activedir.crt",
|
||||
"/org/elasticsearch/shield/transport/ssl/certs/simple/active-directory-ca.crt",
|
||||
"/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt",
|
||||
"/org/elasticsearch/shield/transport/ssl/certs/simple/openldap.crt",
|
||||
"/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"),
|
||||
|
|
|
|||
|
|
@ -9,12 +9,12 @@ import org.apache.lucene.util.IOUtils;
|
|||
import org.elasticsearch.action.Action;
|
||||
import org.elasticsearch.common.io.PathUtils;
|
||||
import org.elasticsearch.common.io.Streams;
|
||||
import org.elasticsearch.graph.Graph;
|
||||
import org.elasticsearch.license.plugin.Licensing;
|
||||
import org.elasticsearch.shield.action.ShieldActionModule;
|
||||
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
||||
import org.elasticsearch.test.ShieldIntegTestCase;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.elasticsearch.xpack.graph.Graph;
|
||||
import org.junit.BeforeClass;
|
||||
|
||||
import java.io.IOException;
|
||||
|
|
|
|||
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue