diff --git a/build.gradle b/build.gradle index 78a6222af03..ebffdb9973b 100644 --- a/build.gradle +++ b/build.gradle @@ -14,6 +14,7 @@ subprojects { } task bundlePack(type: Zip) { + onlyIf { project('kibana').bundlePlugin.enabled } dependsOn 'elasticsearch:x-pack:bundlePlugin' dependsOn 'kibana:bundlePlugin' from { zipTree(project('elasticsearch:x-pack').bundlePlugin.outputs.files.singleFile) } diff --git a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyScriptConditionIT.java b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyScriptConditionIT.java index f286832382e..bd751eed42f 100644 --- a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyScriptConditionIT.java +++ b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyScriptConditionIT.java @@ -11,6 +11,7 @@ import org.elasticsearch.plugins.Plugin; import org.elasticsearch.script.groovy.GroovyPlugin; import org.elasticsearch.search.aggregations.AggregationBuilders; import org.elasticsearch.search.aggregations.bucket.histogram.Histogram; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.watcher.condition.script.ExecutableScriptCondition; import org.elasticsearch.xpack.watcher.condition.script.ScriptCondition; @@ -49,7 +50,7 @@ public class GroovyScriptConditionIT extends AbstractWatcherIntegrationTestCase @BeforeClass public static void startThreadPool() { - THREAD_POOL = new ThreadPool(GroovyScriptConditionIT.class.getSimpleName()); + THREAD_POOL = new TestThreadPool(GroovyScriptConditionIT.class.getSimpleName()); } @Before diff --git a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/MessyTestUtils.java b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/MessyTestUtils.java index c4bbc2186b9..dee4d8ae66b 100644 --- a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/MessyTestUtils.java +++ b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/MessyTestUtils.java @@ -14,7 +14,6 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.script.ScriptContextRegistry; import org.elasticsearch.script.ScriptEngineRegistry; -import org.elasticsearch.script.ScriptEngineService; import org.elasticsearch.script.ScriptService; import org.elasticsearch.script.ScriptSettings; import org.elasticsearch.script.groovy.GroovyScriptEngineService; @@ -25,8 +24,7 @@ import org.junit.Ignore; import org.mockito.Mockito; import java.util.Arrays; -import java.util.HashSet; -import java.util.Set; +import java.util.Collections; @Ignore // not a test. @SuppressForbidden(reason = "gradle is broken and tries to run me as a test") @@ -38,19 +36,13 @@ public final class MessyTestUtils { .put("path.home", LuceneTestCase.createTempDir()) .build(); GroovyScriptEngineService groovyScriptEngineService = new GroovyScriptEngineService(settings); - Set engineServiceSet = new HashSet<>(); - engineServiceSet.add(groovyScriptEngineService); - ScriptEngineRegistry scriptEngineRegistry = new ScriptEngineRegistry( - Arrays.asList( - new ScriptEngineRegistry.ScriptEngineRegistration(GroovyScriptEngineService.class, GroovyScriptEngineService.NAME) - ) - ); + ScriptEngineRegistry scriptEngineRegistry = new ScriptEngineRegistry(Collections.singleton(groovyScriptEngineService)); ScriptContextRegistry scriptContextRegistry = new ScriptContextRegistry(Arrays.asList(ScriptServiceProxy.INSTANCE)); ClusterService clusterService = Mockito.mock(ClusterService.class); Mockito.when(clusterService.state()).thenReturn(ClusterState.builder(new ClusterName("_name")).build()); ScriptSettings scriptSettings = new ScriptSettings(scriptEngineRegistry, scriptContextRegistry); - return ScriptServiceProxy.of(new ScriptService(settings, new Environment(settings), engineServiceSet, + return ScriptServiceProxy.of(new ScriptService(settings, new Environment(settings), new ResourceWatcherService(settings, tp), scriptEngineRegistry, scriptContextRegistry, scriptSettings), clusterService); } diff --git a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/ScriptConditionSearchIT.java b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/ScriptConditionSearchIT.java index 042de64dfb3..d467b68a68c 100644 --- a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/ScriptConditionSearchIT.java +++ b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/ScriptConditionSearchIT.java @@ -18,6 +18,7 @@ import org.elasticsearch.search.aggregations.bucket.histogram.Histogram; import org.elasticsearch.search.internal.InternalSearchHit; import org.elasticsearch.search.internal.InternalSearchHits; import org.elasticsearch.search.internal.InternalSearchResponse; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.watcher.condition.script.ExecutableScriptCondition; import org.elasticsearch.xpack.watcher.condition.script.ScriptCondition; @@ -50,7 +51,7 @@ public class ScriptConditionSearchIT extends AbstractWatcherIntegrationTestCase @Before public void init() throws Exception { - tp = new ThreadPool(ThreadPool.Names.SAME); + tp = new TestThreadPool(ThreadPool.Names.SAME); scriptService = MessyTestUtils.getScriptServiceProxy(tp); } diff --git a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/ScriptConditionTests.java b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/ScriptConditionTests.java index 500d35e70da..9c3679edc47 100644 --- a/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/ScriptConditionTests.java +++ b/elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/ScriptConditionTests.java @@ -17,6 +17,7 @@ import org.elasticsearch.script.GeneralScriptException; import org.elasticsearch.script.ScriptService.ScriptType; import org.elasticsearch.search.internal.InternalSearchResponse; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.watcher.condition.Condition; import org.elasticsearch.xpack.watcher.condition.script.ExecutableScriptCondition; @@ -49,7 +50,7 @@ public class ScriptConditionTests extends ESTestCase { @Before public void init() { - tp = new ThreadPool(ThreadPool.Names.SAME); + tp = new TestThreadPool(ThreadPool.Names.SAME); } @After diff --git a/elasticsearch/qa/shield-example-realm/build.gradle b/elasticsearch/qa/shield-example-realm/build.gradle index f3367b8e542..f7081642bee 100644 --- a/elasticsearch/qa/shield-example-realm/build.gradle +++ b/elasticsearch/qa/shield-example-realm/build.gradle @@ -37,6 +37,7 @@ processResources { task buildZip(type:Zip, dependsOn: [jar]) { from 'build/resources/main/x-pack-extension-descriptor.properties' + from 'build/resources/main/x-pack-extension-security.policy' from project.jar } diff --git a/elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java b/elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java index 752e0a74b32..308ca7c382e 100644 --- a/elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java +++ b/elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java @@ -11,6 +11,9 @@ import org.elasticsearch.example.realm.CustomRealmFactory; import org.elasticsearch.shield.authc.AuthenticationModule; import org.elasticsearch.xpack.extensions.XPackExtension; +import java.security.AccessController; +import java.security.PrivilegedAction; + public class ExampleRealmExtension extends XPackExtension { @Override public String name() { @@ -25,5 +28,10 @@ public class ExampleRealmExtension extends XPackExtension { public void onModule(AuthenticationModule authenticationModule) { authenticationModule.addCustomRealm(CustomRealm.TYPE, CustomRealmFactory.class); authenticationModule.setAuthenticationFailureHandler(CustomAuthenticationFailureHandler.class); + // check that the extension's policy works. + AccessController.doPrivileged((PrivilegedAction) () -> { + System.getSecurityManager().checkPrintJobAccess(); + return null; + }); } } diff --git a/elasticsearch/qa/shield-example-realm/src/main/resources/x-pack-extension-security.policy b/elasticsearch/qa/shield-example-realm/src/main/resources/x-pack-extension-security.policy new file mode 100644 index 00000000000..6d05deba55c --- /dev/null +++ b/elasticsearch/qa/shield-example-realm/src/main/resources/x-pack-extension-security.policy @@ -0,0 +1,3 @@ +grant { + permission java.lang.RuntimePermission "queuePrintJob"; +}; \ No newline at end of file diff --git a/elasticsearch/qa/smoke-test-watcher-with-mustache/src/test/java/org/elasticsearch/smoketest/WatcherTemplateTests.java b/elasticsearch/qa/smoke-test-watcher-with-mustache/src/test/java/org/elasticsearch/smoketest/WatcherTemplateTests.java index efe00900d07..5475529e2d8 100644 --- a/elasticsearch/qa/smoke-test-watcher-with-mustache/src/test/java/org/elasticsearch/smoketest/WatcherTemplateTests.java +++ b/elasticsearch/qa/smoke-test-watcher-with-mustache/src/test/java/org/elasticsearch/smoketest/WatcherTemplateTests.java @@ -49,18 +49,14 @@ public class WatcherTemplateTests extends ESTestCase { public void init() throws Exception { Settings setting = Settings.builder().put(ScriptService.SCRIPT_AUTO_RELOAD_ENABLED_SETTING, true).build(); Environment environment = Mockito.mock(Environment.class); - Set engines = Collections.singleton(new MustacheScriptEngineService(setting)); ResourceWatcherService resourceWatcherService = Mockito.mock(ResourceWatcherService.class); ScriptContextRegistry registry = new ScriptContextRegistry(Collections.singletonList(ScriptServiceProxy.INSTANCE)); ScriptEngineRegistry scriptEngineRegistry = new ScriptEngineRegistry( - Arrays.asList( - new ScriptEngineRegistry.ScriptEngineRegistration(MustacheScriptEngineService.class, - MustacheScriptEngineService.NAME) - ) + Collections.singleton(new MustacheScriptEngineService(setting)) ); ScriptSettings scriptSettings = new ScriptSettings(scriptEngineRegistry, registry); - ScriptService scriptService = new ScriptService(setting, environment, engines, resourceWatcherService, scriptEngineRegistry, + ScriptService scriptService = new ScriptService(setting, environment, resourceWatcherService, scriptEngineRegistry, registry, scriptSettings); ClusterService clusterService = Mockito.mock(ClusterService.class); Mockito.when(clusterService.state()).thenReturn(ClusterState.builder(new ClusterName("_name")).build()); diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/Graph.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/Graph.java similarity index 82% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/Graph.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/Graph.java index 4b9a338fe4b..b21f1884bc5 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/Graph.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/Graph.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph; +package org.elasticsearch.xpack.graph; import org.elasticsearch.action.ActionModule; import org.elasticsearch.common.component.LifecycleComponent; @@ -12,14 +12,15 @@ import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsModule; -import org.elasticsearch.graph.action.GraphExploreAction; -import org.elasticsearch.graph.action.TransportGraphExploreAction; -import org.elasticsearch.graph.rest.action.RestGraphAction; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.xpack.XPackPlugin; +import org.elasticsearch.xpack.graph.action.GraphExploreAction; +import org.elasticsearch.xpack.graph.action.TransportGraphExploreAction; +import org.elasticsearch.xpack.graph.rest.action.RestGraphAction; import java.util.Collection; import java.util.Collections; +import java.util.List; public class Graph extends Plugin { @@ -69,10 +70,12 @@ public class Graph extends Plugin { if (enabled && transportClientMode == false) { module.registerRestHandler(RestGraphAction.class); } - } - - public void onModule(SettingsModule module) { - module.registerSetting(Setting.boolSetting(XPackPlugin.featureEnabledSetting(NAME), true, Setting.Property.NodeScope)); - } + } + + + @Override + public List> getSettings() { + return Collections.singletonList(Setting.boolSetting(XPackPlugin.featureEnabledSetting(NAME), true, Setting.Property.NodeScope)); + } } diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/GraphFeatureSet.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/GraphFeatureSet.java similarity index 97% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/GraphFeatureSet.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/GraphFeatureSet.java index 008a6942e11..2cba904304c 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/GraphFeatureSet.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/GraphFeatureSet.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph; +package org.elasticsearch.xpack.graph; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.inject.Inject; diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/GraphLicensee.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/GraphLicensee.java similarity index 98% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/GraphLicensee.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/GraphLicensee.java index 4aaec502c59..01bf5f8e536 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/GraphLicensee.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/GraphLicensee.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph; +package org.elasticsearch.xpack.graph; import org.elasticsearch.common.Strings; import org.elasticsearch.common.inject.Inject; diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/GraphModule.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/GraphModule.java similarity index 96% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/GraphModule.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/GraphModule.java index eaf145e5e9c..f4108bcd90a 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/GraphModule.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/GraphModule.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph; +package org.elasticsearch.xpack.graph; import org.elasticsearch.common.inject.AbstractModule; import org.elasticsearch.common.inject.util.Providers; diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/Connection.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/Connection.java similarity index 97% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/Connection.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/Connection.java index 0b3d44ab287..02d07f882e5 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/Connection.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/Connection.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph.action; +package org.elasticsearch.xpack.graph.action; import com.carrotsearch.hppc.ObjectIntHashMap; @@ -11,7 +11,7 @@ import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.ToXContent.Params; -import org.elasticsearch.graph.action.Vertex.VertexId; +import org.elasticsearch.xpack.graph.action.Vertex.VertexId; import java.io.IOException; import java.util.Map; diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreAction.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreAction.java similarity index 95% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreAction.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreAction.java index 1d3537c80e6..9375a95d92f 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreAction.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreAction.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph.action; +package org.elasticsearch.xpack.graph.action; import org.elasticsearch.action.Action; import org.elasticsearch.client.ElasticsearchClient; diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreRequest.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreRequest.java similarity index 98% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreRequest.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreRequest.java index 69f7f16de7c..28e84646d5d 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreRequest.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreRequest.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph.action; +package org.elasticsearch.xpack.graph.action; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionRequestValidationException; @@ -149,9 +149,7 @@ public class GraphExploreRequest extends ActionRequest impl indicesOptions = IndicesOptions.readIndicesOptions(in); types = in.readStringArray(); routing = in.readOptionalString(); - if (in.readBoolean()) { - timeout = TimeValue.readTimeValue(in); - } + timeout = in.readOptionalWriteable(TimeValue::new); sampleSize = in.readInt(); sampleDiversityField = in.readOptionalString(); maxDocsPerDiversityValue = in.readInt(); @@ -177,7 +175,7 @@ public class GraphExploreRequest extends ActionRequest impl indicesOptions.writeIndicesOptions(out); out.writeStringArray(types); out.writeOptionalString(routing); - out.writeOptionalStreamable(timeout); + out.writeOptionalWriteable(timeout); out.writeInt(sampleSize); out.writeOptionalString(sampleDiversityField); diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreRequestBuilder.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreRequestBuilder.java similarity index 99% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreRequestBuilder.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreRequestBuilder.java index 9177a12b02d..55e4942d1c7 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreRequestBuilder.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreRequestBuilder.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph.action; +package org.elasticsearch.xpack.graph.action; import org.elasticsearch.action.ActionRequestBuilder; import org.elasticsearch.action.support.IndicesOptions; diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreResponse.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreResponse.java similarity index 97% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreResponse.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreResponse.java index 24dfe28a119..2869871a67d 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreResponse.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreResponse.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph.action; +package org.elasticsearch.xpack.graph.action; import com.carrotsearch.hppc.ObjectIntHashMap; @@ -15,8 +15,8 @@ import org.elasticsearch.common.io.stream.StreamOutput; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; -import org.elasticsearch.graph.action.Connection.ConnectionId; -import org.elasticsearch.graph.action.Vertex.VertexId; +import org.elasticsearch.xpack.graph.action.Connection.ConnectionId; +import org.elasticsearch.xpack.graph.action.Vertex.VertexId; import java.io.IOException; import java.util.Collection; diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/Hop.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/Hop.java similarity index 99% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/Hop.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/Hop.java index 3ae01c472c4..83bd6f09f1d 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/Hop.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/Hop.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph.action; +package org.elasticsearch.xpack.graph.action; import org.elasticsearch.action.ActionRequestValidationException; import org.elasticsearch.action.ValidateActions; diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/TransportGraphExploreAction.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/TransportGraphExploreAction.java similarity index 99% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/TransportGraphExploreAction.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/TransportGraphExploreAction.java index 5323002ea62..ec4d045ce10 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/TransportGraphExploreAction.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/TransportGraphExploreAction.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph.action; +package org.elasticsearch.xpack.graph.action; import org.apache.lucene.search.BooleanQuery; import org.apache.lucene.util.PriorityQueue; @@ -21,10 +21,6 @@ import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.util.CollectionUtils; -import org.elasticsearch.graph.action.Connection.ConnectionId; -import org.elasticsearch.graph.action.GraphExploreRequest.TermBoost; -import org.elasticsearch.graph.action.Vertex.VertexId; -import org.elasticsearch.graph.GraphLicensee; import org.elasticsearch.index.query.BoolQueryBuilder; import org.elasticsearch.index.query.QueryBuilders; import org.elasticsearch.license.plugin.core.LicenseUtils; @@ -41,6 +37,10 @@ import org.elasticsearch.search.aggregations.bucket.terms.support.IncludeExclude import org.elasticsearch.search.builder.SearchSourceBuilder; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportService; +import org.elasticsearch.xpack.graph.GraphLicensee; +import org.elasticsearch.xpack.graph.action.Connection.ConnectionId; +import org.elasticsearch.xpack.graph.action.GraphExploreRequest.TermBoost; +import org.elasticsearch.xpack.graph.action.Vertex.VertexId; import java.util.ArrayList; import java.util.HashMap; diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/Vertex.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/Vertex.java similarity index 99% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/Vertex.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/Vertex.java index 002483223a8..24f75bed1c9 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/Vertex.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/Vertex.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph.action; +package org.elasticsearch.xpack.graph.action; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/VertexRequest.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/VertexRequest.java similarity index 97% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/VertexRequest.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/VertexRequest.java index 78e09152eca..140c4071b2a 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/VertexRequest.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/VertexRequest.java @@ -3,11 +3,11 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph.action; +package org.elasticsearch.xpack.graph.action; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; -import org.elasticsearch.graph.action.GraphExploreRequest.TermBoost; +import org.elasticsearch.xpack.graph.action.GraphExploreRequest.TermBoost; import java.io.IOException; import java.util.HashMap; diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/rest/action/RestGraphAction.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/rest/action/RestGraphAction.java similarity index 97% rename from elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/rest/action/RestGraphAction.java rename to elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/rest/action/RestGraphAction.java index b4b5c56afe0..518229fecab 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/rest/action/RestGraphAction.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/rest/action/RestGraphAction.java @@ -3,11 +3,11 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph.rest.action; +package org.elasticsearch.xpack.graph.rest.action; -import static org.elasticsearch.graph.action.GraphExploreAction.INSTANCE; import static org.elasticsearch.rest.RestRequest.Method.GET; import static org.elasticsearch.rest.RestRequest.Method.POST; +import static org.elasticsearch.xpack.graph.action.GraphExploreAction.INSTANCE; import java.io.IOException; import java.util.HashMap; @@ -25,11 +25,6 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentParser; -import org.elasticsearch.graph.action.GraphExploreRequest; -import org.elasticsearch.graph.action.GraphExploreRequest.TermBoost; -import org.elasticsearch.graph.action.GraphExploreResponse; -import org.elasticsearch.graph.action.Hop; -import org.elasticsearch.graph.action.VertexRequest; import org.elasticsearch.index.query.QueryParseContext; import org.elasticsearch.indices.query.IndicesQueriesRegistry; import org.elasticsearch.rest.BaseRestHandler; @@ -38,6 +33,12 @@ import org.elasticsearch.rest.RestController; import org.elasticsearch.rest.RestRequest; import org.elasticsearch.rest.action.support.RestActions; import org.elasticsearch.rest.action.support.RestToXContentListener; +import org.elasticsearch.xpack.graph.action.GraphExploreRequest; +import org.elasticsearch.xpack.graph.action.GraphExploreResponse; +import org.elasticsearch.xpack.graph.action.Hop; +import org.elasticsearch.xpack.graph.action.VertexRequest; +import org.elasticsearch.xpack.graph.action.GraphExploreRequest.TermBoost; + /** * @see GraphExploreRequest @@ -128,7 +129,7 @@ public class RestGraphAction extends BaseRestHandler { } } else if (token == XContentParser.Token.START_OBJECT) { if (context.getParseFieldMatcher().match(fieldName, QUERY_FIELD)) { - currentHop.guidingQuery(context.parseInnerQueryBuilder()); + context.parseInnerQueryBuilder().ifPresent(currentHop::guidingQuery); } else if (context.getParseFieldMatcher().match(fieldName, CONNECTIONS_FIELD)) { parseHop(parser, context, graphRequest.createNextHop(null), graphRequest); } else if (context.getParseFieldMatcher().match(fieldName, CONTROLS_FIELD)) { diff --git a/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/graph/GraphFeatureSetTests.java b/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/GraphFeatureSetTests.java similarity index 93% rename from elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/graph/GraphFeatureSetTests.java rename to elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/GraphFeatureSetTests.java index 6e87584d976..56d3b949bbe 100644 --- a/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/graph/GraphFeatureSetTests.java +++ b/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/GraphFeatureSetTests.java @@ -3,11 +3,13 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph; +package org.elasticsearch.xpack.graph; import org.elasticsearch.common.io.stream.NamedWriteableRegistry; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.xpack.graph.GraphFeatureSet; +import org.elasticsearch.xpack.graph.GraphLicensee; import org.junit.Before; import static org.hamcrest.core.Is.is; diff --git a/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/graph/license/LicenseTests.java b/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/license/LicenseTests.java similarity index 98% rename from elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/graph/license/LicenseTests.java rename to elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/license/LicenseTests.java index c27a43b495c..0ad59d8bc56 100644 --- a/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/graph/license/LicenseTests.java +++ b/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/license/LicenseTests.java @@ -3,12 +3,12 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph.license; +package org.elasticsearch.xpack.graph.license; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.graph.GraphLicensee; import org.elasticsearch.license.core.License.OperationMode; import org.elasticsearch.license.plugin.core.AbstractLicenseeTestCase; +import org.elasticsearch.xpack.graph.GraphLicensee; import static org.hamcrest.Matchers.is; diff --git a/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/graph/test/GraphTests.java b/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/test/GraphTests.java similarity index 95% rename from elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/graph/test/GraphTests.java rename to elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/test/GraphTests.java index c4fd6576c07..9131921669f 100644 --- a/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/graph/test/GraphTests.java +++ b/elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/test/GraphTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.graph.test; +package org.elasticsearch.xpack.graph.test; import org.apache.lucene.search.BooleanQuery; import org.elasticsearch.action.ActionRequestValidationException; @@ -11,17 +11,11 @@ import org.elasticsearch.action.search.ShardSearchFailure; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings.Builder; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.graph.action.GraphExploreAction; -import org.elasticsearch.graph.action.GraphExploreRequest; -import org.elasticsearch.graph.action.GraphExploreRequestBuilder; -import org.elasticsearch.graph.action.GraphExploreResponse; -import org.elasticsearch.graph.action.Hop; -import org.elasticsearch.graph.action.Vertex; -import org.elasticsearch.graph.action.VertexRequest; import org.elasticsearch.index.query.QueryBuilders; import org.elasticsearch.index.query.ScriptQueryBuilder; import org.elasticsearch.marvel.Monitoring; import org.elasticsearch.plugins.Plugin; +import org.elasticsearch.plugins.ScriptPlugin; import org.elasticsearch.script.AbstractSearchScript; import org.elasticsearch.script.ExecutableScript; import org.elasticsearch.script.NativeScriptFactory; @@ -32,8 +26,17 @@ import org.elasticsearch.shield.Security; import org.elasticsearch.test.ESSingleNodeTestCase; import org.elasticsearch.xpack.watcher.Watcher; import org.elasticsearch.xpack.XPackPlugin; +import org.elasticsearch.xpack.graph.action.GraphExploreAction; +import org.elasticsearch.xpack.graph.action.GraphExploreRequest; +import org.elasticsearch.xpack.graph.action.GraphExploreRequestBuilder; +import org.elasticsearch.xpack.graph.action.GraphExploreResponse; +import org.elasticsearch.xpack.graph.action.Hop; +import org.elasticsearch.xpack.graph.action.Vertex; +import org.elasticsearch.xpack.graph.action.VertexRequest; import java.util.Collection; +import java.util.Collections; +import java.util.List; import java.util.Map; import static org.elasticsearch.cluster.metadata.IndexMetaData.SETTING_NUMBER_OF_REPLICAS; @@ -346,7 +349,7 @@ public class GraphTests extends ESSingleNodeTestCase { assertThat(why, strongVertex.getWeight(), greaterThan(weakVertex.getWeight())); } - public static class ScriptedTimeoutPlugin extends Plugin { + public static class ScriptedTimeoutPlugin extends Plugin implements ScriptPlugin { @Override public String name() { return "test-scripted-graph-timeout"; @@ -357,8 +360,9 @@ public class GraphTests extends ESSingleNodeTestCase { return "Test for scripted timeouts on graph searches"; } - public void onModule(ScriptModule module) { - module.registerScript(NativeTestScriptedTimeout.TEST_NATIVE_SCRIPT_TIMEOUT, NativeTestScriptedTimeout.Factory.class); + @Override + public List getNativeScripts() { + return Collections.singletonList(new NativeTestScriptedTimeout.Factory()); } } @@ -377,6 +381,11 @@ public class GraphTests extends ESSingleNodeTestCase { public boolean needsScores() { return false; } + + @Override + public String getName() { + return TEST_NATIVE_SCRIPT_TIMEOUT; + } } @Override diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/Licensing.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/Licensing.java index 22c95840dd9..0f52530f74f 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/Licensing.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/Licensing.java @@ -28,6 +28,7 @@ import org.elasticsearch.license.plugin.rest.RestPutLicenseAction; import java.util.Collection; import java.util.Collections; +import java.util.List; import static org.elasticsearch.xpack.XPackPlugin.isTribeClientNode; import static org.elasticsearch.xpack.XPackPlugin.isTribeNode; @@ -80,8 +81,8 @@ public class Licensing { return Collections.emptyList(); } - public void onModule(SettingsModule module) { + public List> getSettings() { // TODO convert this wildcard to a real setting - module.registerSetting(Setting.groupSetting("license.", Setting.Property.NodeScope)); + return Collections.singletonList(Setting.groupSetting("license.", Setting.Property.NodeScope)); } } diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java index b4c8abb20c2..6b5134d2caa 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java @@ -12,7 +12,6 @@ import org.elasticsearch.cluster.metadata.MetaData; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.graph.Graph; import org.elasticsearch.license.core.License; import org.elasticsearch.license.plugin.action.put.PutLicenseAction; import org.elasticsearch.license.plugin.action.put.PutLicenseRequestBuilder; @@ -31,6 +30,7 @@ import org.elasticsearch.test.ESIntegTestCase; import org.elasticsearch.test.InternalTestCluster; import org.elasticsearch.xpack.watcher.Watcher; import org.elasticsearch.xpack.XPackPlugin; +import org.elasticsearch.xpack.graph.Graph; import java.util.ArrayList; import java.util.Collection; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/consumer/TestConsumerPluginBase.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/consumer/TestConsumerPluginBase.java index 46c50b0375c..4261e375d49 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/consumer/TestConsumerPluginBase.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/consumer/TestConsumerPluginBase.java @@ -14,7 +14,9 @@ import org.elasticsearch.common.settings.SettingsModule; import org.elasticsearch.plugins.Plugin; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collection; +import java.util.List; public abstract class TestConsumerPluginBase extends Plugin { @@ -44,13 +46,11 @@ public abstract class TestConsumerPluginBase extends Plugin { return services; } - public void onModule(SettingsModule module) { - try { - module.registerSetting(Setting.simpleString("_trial_license_duration_in_seconds", Setting.Property.NodeScope)); - module.registerSetting(Setting.simpleString("_grace_duration_in_seconds", Setting.Property.NodeScope)); - } catch (IllegalArgumentException ex) { - // already loaded - } + @Override + public List> getSettings() { + return Arrays.asList(Setting.simpleString("_trial_license_duration_in_seconds", Setting.Property.NodeScope, + Setting.Property.Shared), Setting.simpleString("_grace_duration_in_seconds", Setting.Property.NodeScope, + Setting.Property.Shared)); } public abstract Class service(); diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/xpack/TribeTransportTestCase.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/xpack/TribeTransportTestCase.java index 0ba61a72e1e..6e48dece27e 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/xpack/TribeTransportTestCase.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/xpack/TribeTransportTestCase.java @@ -20,7 +20,6 @@ import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing; -import org.elasticsearch.graph.Graph; import org.elasticsearch.marvel.Monitoring; import org.elasticsearch.node.Node; import org.elasticsearch.plugins.Plugin; @@ -31,6 +30,7 @@ import org.elasticsearch.test.ESIntegTestCase.Scope; import org.elasticsearch.test.InternalTestCluster; import org.elasticsearch.test.NodeConfigurationSource; import org.elasticsearch.test.TestCluster; +import org.elasticsearch.xpack.graph.Graph; import org.elasticsearch.xpack.watcher.Watcher; import java.util.ArrayList; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/Monitoring.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/Monitoring.java index 8b29f92ffa5..4ec351b8ee6 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/Monitoring.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/Monitoring.java @@ -9,6 +9,7 @@ import org.elasticsearch.action.ActionModule; import org.elasticsearch.common.component.LifecycleComponent; import org.elasticsearch.common.inject.Module; import org.elasticsearch.common.network.NetworkModule; +import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsModule; import org.elasticsearch.marvel.action.MonitoringBulkAction; @@ -80,7 +81,6 @@ public class Monitoring { } public void onModule(SettingsModule module) { - MonitoringSettings.register(module); } public void onModule(ActionModule module) { diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/MonitoringSettings.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/MonitoringSettings.java index 3ee8afcce21..714f4c9c9ae 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/MonitoringSettings.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/MonitoringSettings.java @@ -15,6 +15,7 @@ import org.elasticsearch.common.settings.SettingsModule; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.xpack.XPackPlugin; +import java.util.Arrays; import java.util.Collections; import java.util.List; import java.util.function.Function; @@ -125,22 +126,23 @@ public class MonitoringSettings extends AbstractComponent { public static final Setting EXPORTERS_SETTINGS = groupSetting(key("agent.exporters."), Property.Dynamic, Property.NodeScope); - static void register(SettingsModule module) { - module.registerSetting(INDICES); - module.registerSetting(INTERVAL); - module.registerSetting(INDEX_RECOVERY_TIMEOUT); - module.registerSetting(INDEX_STATS_TIMEOUT); - module.registerSetting(INDICES_STATS_TIMEOUT); - module.registerSetting(INDEX_RECOVERY_ACTIVE_ONLY); - module.registerSetting(COLLECTORS); - module.registerSetting(CLUSTER_STATE_TIMEOUT); - module.registerSetting(CLUSTER_STATS_TIMEOUT); - module.registerSetting(HISTORY_DURATION); - module.registerSetting(EXPORTERS_SETTINGS); - module.registerSetting(ENABLED); + public static List> getSettings() { + return Arrays.asList(INDICES, + INTERVAL, + INDEX_RECOVERY_TIMEOUT, + INDEX_STATS_TIMEOUT, + INDICES_STATS_TIMEOUT, + INDEX_RECOVERY_ACTIVE_ONLY, + COLLECTORS, + CLUSTER_STATE_TIMEOUT, + CLUSTER_STATS_TIMEOUT, + HISTORY_DURATION, + EXPORTERS_SETTINGS, + ENABLED); + } - module.registerSettingsFilter("xpack.monitoring.agent.exporters.*.auth.*"); - module.registerSettingsFilter("xpack.monitoring.agent.exporters.*.ssl.*"); + public static List getSettingsFilter() { + return Arrays.asList("xpack.monitoring.agent.exporters.*.auth.*", "xpack.monitoring.agent.exporters.*.ssl.*"); } diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/action/TransportMonitoringBulkActionTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/action/TransportMonitoringBulkActionTests.java index f9876038b73..d37e19023c3 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/action/TransportMonitoringBulkActionTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/action/TransportMonitoringBulkActionTests.java @@ -30,6 +30,7 @@ import org.elasticsearch.marvel.agent.exporter.Exporters; import org.elasticsearch.marvel.agent.exporter.MonitoringDoc; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.transport.CapturingTransport; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportService; import org.junit.After; @@ -74,7 +75,7 @@ public class TransportMonitoringBulkActionTests extends ESTestCase { @BeforeClass public static void beforeClass() { - threadPool = new ThreadPool(TransportMonitoringBulkActionTests.class.getSimpleName()); + threadPool = new TestThreadPool(TransportMonitoringBulkActionTests.class.getSimpleName()); } @AfterClass diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/resolver/shards/ShardsTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/resolver/shards/ShardsTests.java index 970e714fd49..9c5a2ab8447 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/resolver/shards/ShardsTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/resolver/shards/ShardsTests.java @@ -25,6 +25,7 @@ import org.junit.After; import java.util.Map; import java.util.concurrent.TimeUnit; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.greaterThan; @@ -58,7 +59,7 @@ public class ShardsTests extends MarvelIntegTestCase { public void testShards() throws Exception { logger.debug("--> creating some indices so that shards collector reports data"); for (int i = 0; i < randomIntBetween(1, 5); i++) { - client().prepareIndex(INDEX_PREFIX + i, "foo").setRefresh(true).setSource("field1", "value1").get(); + client().prepareIndex(INDEX_PREFIX + i, "foo").setRefreshPolicy(IMMEDIATE).setSource("field1", "value1").get(); } securedFlush(); diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/cleaner/CleanerServiceTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/cleaner/CleanerServiceTests.java index 97b3e7da384..769ee62f4a3 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/cleaner/CleanerServiceTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/cleaner/CleanerServiceTests.java @@ -11,6 +11,7 @@ import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.marvel.MonitoringSettings; import org.elasticsearch.marvel.MonitoringLicensee; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.joda.time.DateTime; import org.joda.time.DateTimeZone; @@ -40,7 +41,7 @@ public class CleanerServiceTests extends ESTestCase { @Before public void start() { clusterSettings = new ClusterSettings(Settings.EMPTY, Collections.singleton(MonitoringSettings.HISTORY_DURATION)); - threadPool = new ThreadPool("CleanerServiceTests"); + threadPool = new TestThreadPool("CleanerServiceTests"); } @After diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Security.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Security.java index 6d63c016a03..aaa68307b1b 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Security.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Security.java @@ -18,7 +18,6 @@ import org.elasticsearch.common.regex.Regex; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Setting.Property; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.settings.SettingsModule; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.index.IndexModule; import org.elasticsearch.shield.action.ShieldActionModule; @@ -188,62 +187,70 @@ public class Security { return settingsBuilder.build(); } - public void onModule(SettingsModule settingsModule) { + public List> getSettings() { + List> settingsList = new ArrayList<>(); // always register for both client and node modes - XPackPlugin.registerFeatureEnabledSettings(settingsModule, NAME, true); - settingsModule.registerSetting(USER_SETTING); + XPackPlugin.addFeatureEnabledSettings(settingsList, NAME, true); + settingsList.add(USER_SETTING); // SSL settings - SSLConfiguration.Global.registerSettings(settingsModule); + SSLConfiguration.Global.addSettings(settingsList); // transport settings - ShieldNettyTransport.registerSettings(settingsModule); + ShieldNettyTransport.addSettings(settingsList); if (transportClientMode) { - return; + return settingsList; } // The following just apply in node mode - XPackPlugin.registerFeatureEnabledSettings(settingsModule, DLS_FLS_FEATURE, true); + XPackPlugin.addFeatureEnabledSettings(settingsList, DLS_FLS_FEATURE, true); // IP Filter settings - IPFilter.registerSettings(settingsModule); + IPFilter.addSettings(settingsList); // audit settings - AuditTrailModule.registerSettings(settingsModule); + AuditTrailModule.addSettings(settingsList); // authentication settings - FileRolesStore.registerSettings(settingsModule); - AnonymousUser.registerSettings(settingsModule); - Realms.registerSettings(settingsModule); - NativeUsersStore.registerSettings(settingsModule); - NativeRolesStore.registerSettings(settingsModule); - InternalAuthenticationService.registerSettings(settingsModule); - InternalAuthorizationService.registerSettings(settingsModule); + FileRolesStore.addSettings(settingsList); + AnonymousUser.addSettings(settingsList); + Realms.addSettings(settingsList); + NativeUsersStore.addSettings(settingsList); + NativeRolesStore.addSettings(settingsList); + InternalAuthenticationService.addSettings(settingsList); + InternalAuthorizationService.addSettings(settingsList); // HTTP settings - ShieldNettyHttpServerTransport.registerSettings(settingsModule); + ShieldNettyHttpServerTransport.addSettings(settingsList); // encryption settings - InternalCryptoService.registerSettings(settingsModule); + InternalCryptoService.addSettings(settingsList); // hide settings - settingsModule.registerSetting(Setting.listSetting(setting("hide_settings"), Collections.emptyList(), Function.identity(), + settingsList.add(Setting.listSetting(setting("hide_settings"), Collections.emptyList(), Function.identity(), Property.NodeScope, Property.Filtered)); + return settingsList; + } + + + public List getSettingsFilter() { + ArrayList settingsFilter = new ArrayList<>(); String[] asArray = settings.getAsArray(setting("hide_settings")); for (String pattern : asArray) { - settingsModule.registerSettingsFilter(pattern); + settingsFilter.add(pattern); } - settingsModule.registerSettingsFilter(setting("authc.realms.*.bind_dn")); - settingsModule.registerSettingsFilter(setting("authc.realms.*.bind_password")); - settingsModule.registerSettingsFilter(setting("authc.realms.*." + SessionFactory.HOSTNAME_VERIFICATION_SETTING)); - settingsModule.registerSettingsFilter(setting("authc.realms.*.truststore.password")); - settingsModule.registerSettingsFilter(setting("authc.realms.*.truststore.path")); - settingsModule.registerSettingsFilter(setting("authc.realms.*.truststore.algorithm")); + settingsFilter.add(setting("authc.realms.*.bind_dn")); + settingsFilter.add(setting("authc.realms.*.bind_password")); + settingsFilter.add(setting("authc.realms.*." + SessionFactory.HOSTNAME_VERIFICATION_SETTING)); + settingsFilter.add(setting("authc.realms.*.truststore.password")); + settingsFilter.add(setting("authc.realms.*.truststore.path")); + settingsFilter.add(setting("authc.realms.*.truststore.algorithm")); // hide settings where we don't define them - they are part of a group... - settingsModule.registerSettingsFilter("transport.profiles.*." + setting("*")); + settingsFilter.add("transport.profiles.*." + setting("*")); + return settingsFilter; } public void onIndexModule(IndexModule module) { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionModule.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionModule.java index 963f35e0ea4..d54ca1b89aa 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionModule.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionModule.java @@ -9,6 +9,7 @@ import org.elasticsearch.common.inject.multibindings.Multibinder; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.shield.action.filter.ShieldActionFilter; import org.elasticsearch.shield.action.interceptor.BulkRequestInterceptor; +import org.elasticsearch.shield.action.interceptor.FieldStatsRequestInterceptor; import org.elasticsearch.shield.action.interceptor.RealtimeRequestInterceptor; import org.elasticsearch.shield.action.interceptor.RequestInterceptor; import org.elasticsearch.shield.action.interceptor.SearchRequestInterceptor; @@ -34,5 +35,6 @@ public class ShieldActionModule extends AbstractShieldModule.Node { multibinder.addBinding().to(SearchRequestInterceptor.class); multibinder.addBinding().to(UpdateRequestInterceptor.class); multibinder.addBinding().to(BulkRequestInterceptor.class); + multibinder.addBinding().to(FieldStatsRequestInterceptor.class); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/FieldAndDocumentLevelSecurityRequestInterceptor.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/FieldAndDocumentLevelSecurityRequestInterceptor.java index d8cdd452c93..b53faa521cf 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/FieldAndDocumentLevelSecurityRequestInterceptor.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/FieldAndDocumentLevelSecurityRequestInterceptor.java @@ -47,12 +47,14 @@ public abstract class FieldAndDocumentLevelSecurityRequestInterceptor e for (String index : indicesRequest.indices()) { IndicesAccessControl.IndexAccessControl indexAccessControl = indicesAccessControl.getIndexPermissions(index); if (indexAccessControl != null) { - boolean fls = indexAccessControl.getFields() != null; - boolean dls = indexAccessControl.getQueries() != null; - if (fls || dls) { - logger.debug("intercepted request for index [{}] with field level or document level security enabled, " + - "disabling features", index); - disableFeatures(request); + boolean fieldLevelSecurityEnabled = indexAccessControl.getFields() != null; + boolean documentLevelSecurityEnabled = indexAccessControl.getQueries() != null; + if (fieldLevelSecurityEnabled || documentLevelSecurityEnabled) { + if (logger.isDebugEnabled()) { + logger.debug("intercepted request for index [{}] with field level [{}] or document level [{}] security " + + "enabled, disabling features", index, fieldLevelSecurityEnabled, documentLevelSecurityEnabled); + } + disableFeatures(request, fieldLevelSecurityEnabled, documentLevelSecurityEnabled); return; } } @@ -62,6 +64,6 @@ public abstract class FieldAndDocumentLevelSecurityRequestInterceptor e } } - protected abstract void disableFeatures(Request request); + protected abstract void disableFeatures(Request request, boolean fieldLevelSecurityEnabled, boolean documentLevelSecurityEnabled); } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/FieldStatsRequestInterceptor.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/FieldStatsRequestInterceptor.java new file mode 100644 index 00000000000..46edc92b18a --- /dev/null +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/FieldStatsRequestInterceptor.java @@ -0,0 +1,34 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.shield.action.interceptor; + +import org.elasticsearch.action.fieldstats.FieldStatsRequest; +import org.elasticsearch.common.inject.Inject; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.transport.TransportRequest; + +/** + * Intercepts requests to shards to field level stats and strips fields that the user is not allowed to access from the response. + */ +public class FieldStatsRequestInterceptor extends FieldAndDocumentLevelSecurityRequestInterceptor { + @Inject + public FieldStatsRequestInterceptor(Settings settings, ThreadPool threadPool) { + super(settings, threadPool.getThreadContext()); + } + + @Override + public boolean supports(TransportRequest request) { + return request instanceof FieldStatsRequest; + } + + @Override + protected void disableFeatures(FieldStatsRequest request, boolean fieldLevelSecurityEnabled, boolean documentLevelSecurityEnabled) { + if (fieldLevelSecurityEnabled) { + request.setUseCache(false); + } + } +} diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/RealtimeRequestInterceptor.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/RealtimeRequestInterceptor.java index df0ac5f1e44..7dca9937319 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/RealtimeRequestInterceptor.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/RealtimeRequestInterceptor.java @@ -23,7 +23,8 @@ public class RealtimeRequestInterceptor extends FieldAndDocumentLevelSecurityReq } @Override - protected void disableFeatures(RealtimeRequest realtimeRequest) { + protected void disableFeatures(RealtimeRequest realtimeRequest, boolean fieldLevelSecurityEnabled, + boolean documentLevelSecurityEnabled) { realtimeRequest.realtime(false); } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/SearchRequestInterceptor.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/SearchRequestInterceptor.java index 51afa39f1c0..168ce041885 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/SearchRequestInterceptor.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/SearchRequestInterceptor.java @@ -22,7 +22,7 @@ public class SearchRequestInterceptor extends FieldAndDocumentLevelSecurityReque } @Override - public void disableFeatures(SearchRequest request) { + public void disableFeatures(SearchRequest request, boolean fieldLevelSecurityEnabled, boolean documentLevelSecurityEnabled) { request.requestCache(false); } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/UpdateRequestInterceptor.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/UpdateRequestInterceptor.java index 88a7cf424ba..1800265b666 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/UpdateRequestInterceptor.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/interceptor/UpdateRequestInterceptor.java @@ -28,7 +28,7 @@ public class UpdateRequestInterceptor extends FieldAndDocumentLevelSecurityReque } @Override - protected void disableFeatures(UpdateRequest updateRequest) { + protected void disableFeatures(UpdateRequest updateRequest, boolean fieldLevelSecurityEnabled, boolean documentLevelSecurityEnabled) { throw new ElasticsearchSecurityException("Can't execute an update request if field or document level security is enabled", RestStatus.BAD_REQUEST); } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequest.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequest.java index b7a59d83d3d..05f45513aee 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequest.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequest.java @@ -7,6 +7,8 @@ package org.elasticsearch.shield.action.role; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionRequestValidationException; +import org.elasticsearch.action.support.WriteRequest; +import org.elasticsearch.action.support.WriteRequest.RefreshPolicy; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; import org.elasticsearch.common.bytes.BytesReference; @@ -24,13 +26,13 @@ import static org.elasticsearch.action.ValidateActions.addValidationError; /** * Request object for adding a role to the shield index */ -public class PutRoleRequest extends ActionRequest { +public class PutRoleRequest extends ActionRequest implements WriteRequest { private String name; private String[] clusterPrivileges = Strings.EMPTY_ARRAY; private List indicesPrivileges = new ArrayList<>(); private String[] runAs = Strings.EMPTY_ARRAY; - private boolean refresh = true; + private RefreshPolicy refreshPolicy = RefreshPolicy.IMMEDIATE; public PutRoleRequest() { } @@ -69,8 +71,19 @@ public class PutRoleRequest extends ActionRequest { this.runAs = usernames; } - public void refresh(boolean refresh) { - this.refresh = refresh; + @Override + public PutRoleRequest setRefreshPolicy(RefreshPolicy refreshPolicy) { + this.refreshPolicy = refreshPolicy; + return this; + } + + /** + * Should this request trigger a refresh ({@linkplain RefreshPolicy#IMMEDIATE}, the default), wait for a refresh ( + * {@linkplain RefreshPolicy#WAIT_UNTIL}), or proceed ignore refreshes entirely ({@linkplain RefreshPolicy#NONE}). + */ + @Override + public WriteRequest.RefreshPolicy getRefreshPolicy() { + return refreshPolicy; } public String name() { @@ -89,10 +102,6 @@ public class PutRoleRequest extends ActionRequest { return runAs; } - public boolean refresh() { - return refresh; - } - @Override public void readFrom(StreamInput in) throws IOException { super.readFrom(in); @@ -104,7 +113,7 @@ public class PutRoleRequest extends ActionRequest { indicesPrivileges.add(RoleDescriptor.IndicesPrivileges.createFrom(in)); } runAs = in.readStringArray(); - refresh = in.readBoolean(); + refreshPolicy = RefreshPolicy.readFrom(in); } @Override @@ -117,7 +126,7 @@ public class PutRoleRequest extends ActionRequest { index.writeTo(out); } out.writeStringArray(runAs); - out.writeBoolean(refresh); + refreshPolicy.writeTo(out); } RoleDescriptor roleDescriptor() { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequestBuilder.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequestBuilder.java index 8674f5ed205..8b63fc32de4 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequestBuilder.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequestBuilder.java @@ -6,6 +6,7 @@ package org.elasticsearch.shield.action.role; import org.elasticsearch.action.ActionRequestBuilder; +import org.elasticsearch.action.support.WriteRequestBuilder; import org.elasticsearch.client.ElasticsearchClient; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.bytes.BytesReference; @@ -14,7 +15,8 @@ import org.elasticsearch.shield.authz.RoleDescriptor; /** * Builder for requests to add a role to the administrative index */ -public class PutRoleRequestBuilder extends ActionRequestBuilder { +public class PutRoleRequestBuilder extends ActionRequestBuilder + implements WriteRequestBuilder { public PutRoleRequestBuilder(ElasticsearchClient client) { this(client, PutRoleAction.INSTANCE); @@ -54,9 +56,4 @@ public class PutRoleRequestBuilder extends ActionRequestBuilder implements UserRequest { +public class ChangePasswordRequest extends ActionRequest + implements UserRequest, WriteRequest { private String username; private char[] passwordHash; - private boolean refresh = true; + private RefreshPolicy refreshPolicy = RefreshPolicy.IMMEDIATE; @Override public ActionRequestValidationException validate() { @@ -52,12 +56,19 @@ public class ChangePasswordRequest extends ActionRequest this.passwordHash = passwordHash; } - public boolean refresh() { - return refresh; + /** + * Should this request trigger a refresh ({@linkplain RefreshPolicy#IMMEDIATE}, the default), wait for a refresh ( + * {@linkplain RefreshPolicy#WAIT_UNTIL}), or proceed ignore refreshes entirely ({@linkplain RefreshPolicy#NONE}). + */ + @Override + public RefreshPolicy getRefreshPolicy() { + return refreshPolicy; } - public void refresh(boolean refresh) { - this.refresh = refresh; + @Override + public ChangePasswordRequest setRefreshPolicy(RefreshPolicy refreshPolicy) { + this.refreshPolicy = refreshPolicy; + return this; } @Override @@ -70,6 +81,7 @@ public class ChangePasswordRequest extends ActionRequest super.readFrom(in); username = in.readString(); passwordHash = CharArrays.utf8BytesToChars(in.readBytesReference().array()); + refreshPolicy = RefreshPolicy.readFrom(in); } @Override @@ -77,5 +89,6 @@ public class ChangePasswordRequest extends ActionRequest super.writeTo(out); out.writeString(username); out.writeBytesReference(new BytesArray(CharArrays.toUtf8Bytes(passwordHash))); + refreshPolicy.writeTo(out); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordRequestBuilder.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordRequestBuilder.java index 994f2901eea..7177f1b56eb 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordRequestBuilder.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordRequestBuilder.java @@ -7,25 +7,28 @@ package org.elasticsearch.shield.action.user; import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.action.ActionRequestBuilder; +import org.elasticsearch.action.support.WriteRequestBuilder; import org.elasticsearch.client.ElasticsearchClient; import org.elasticsearch.common.ParseFieldMatcher; import org.elasticsearch.common.ValidationException; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.xcontent.XContentHelper; import org.elasticsearch.common.xcontent.XContentParser; -import org.elasticsearch.shield.user.User; import org.elasticsearch.shield.authc.support.Hasher; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.support.Validation; +import org.elasticsearch.shield.user.User; import org.elasticsearch.xpack.common.xcontent.XContentUtils; import java.io.IOException; import java.util.Arrays; /** + * Request to change a user's password. */ public class ChangePasswordRequestBuilder - extends ActionRequestBuilder { + extends ActionRequestBuilder + implements WriteRequestBuilder { public ChangePasswordRequestBuilder(ElasticsearchClient client) { this(client, ChangePasswordAction.INSTANCE); @@ -81,9 +84,4 @@ public class ChangePasswordRequestBuilder } return this; } - - public ChangePasswordRequestBuilder refresh(boolean refresh) { - request.refresh(refresh); - return this; - } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequest.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequest.java index ce9fa89a747..bcf4891f882 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequest.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequest.java @@ -7,6 +7,8 @@ package org.elasticsearch.shield.action.user; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionRequestValidationException; +import org.elasticsearch.action.support.WriteRequest; +import org.elasticsearch.action.support.WriteRequest.RefreshPolicy; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.bytes.BytesArray; import org.elasticsearch.common.bytes.BytesReference; @@ -22,7 +24,7 @@ import static org.elasticsearch.action.ValidateActions.addValidationError; /** * Request object to put a native user. */ -public class PutUserRequest extends ActionRequest implements UserRequest { +public class PutUserRequest extends ActionRequest implements UserRequest, WriteRequest { private String username; private String[] roles; @@ -30,7 +32,7 @@ public class PutUserRequest extends ActionRequest implements Use private String email; private Map metadata; private char[] passwordHash; - private boolean refresh = true; + private RefreshPolicy refreshPolicy = RefreshPolicy.IMMEDIATE; public PutUserRequest() { } @@ -72,8 +74,19 @@ public class PutUserRequest extends ActionRequest implements Use this.passwordHash = passwordHash; } - public void refresh(boolean refresh) { - this.refresh = refresh; + /** + * Should this request trigger a refresh ({@linkplain RefreshPolicy#IMMEDIATE}, the default), wait for a refresh ( + * {@linkplain RefreshPolicy#WAIT_UNTIL}), or proceed ignore refreshes entirely ({@linkplain RefreshPolicy#NONE}). + */ + @Override + public RefreshPolicy getRefreshPolicy() { + return refreshPolicy; + } + + @Override + public PutUserRequest setRefreshPolicy(RefreshPolicy refreshPolicy) { + this.refreshPolicy = refreshPolicy; + return this; } public String username() { @@ -101,10 +114,6 @@ public class PutUserRequest extends ActionRequest implements Use return passwordHash; } - public boolean refresh() { - return refresh; - } - @Override public String[] usernames() { return new String[] { username }; @@ -124,7 +133,7 @@ public class PutUserRequest extends ActionRequest implements Use fullName = in.readOptionalString(); email = in.readOptionalString(); metadata = in.readBoolean() ? in.readMap() : null; - refresh = in.readBoolean(); + refreshPolicy = RefreshPolicy.readFrom(in); } @Override @@ -147,6 +156,6 @@ public class PutUserRequest extends ActionRequest implements Use out.writeBoolean(true); out.writeMap(metadata); } - out.writeBoolean(refresh); + refreshPolicy.writeTo(out); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequestBuilder.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequestBuilder.java index 11f061c2d9b..3a5bf7b54d4 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequestBuilder.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequestBuilder.java @@ -7,6 +7,7 @@ package org.elasticsearch.shield.action.user; import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.action.ActionRequestBuilder; +import org.elasticsearch.action.support.WriteRequestBuilder; import org.elasticsearch.client.ElasticsearchClient; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.ParseFieldMatcher; @@ -15,17 +16,18 @@ import org.elasticsearch.common.ValidationException; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.xcontent.XContentHelper; import org.elasticsearch.common.xcontent.XContentParser; -import org.elasticsearch.shield.user.User; import org.elasticsearch.shield.authc.support.Hasher; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.support.Validation; +import org.elasticsearch.shield.user.User; import org.elasticsearch.xpack.common.xcontent.XContentUtils; import java.io.IOException; import java.util.Arrays; import java.util.Map; -public class PutUserRequestBuilder extends ActionRequestBuilder { +public class PutUserRequestBuilder extends ActionRequestBuilder + implements WriteRequestBuilder { private final Hasher hasher = Hasher.BCRYPT; @@ -77,11 +79,6 @@ public class PutUserRequestBuilder extends ActionRequestBuilder> settings) { + settings.add(ENABLED_SETTING); + settings.add(OUTPUTS_SETTING); + LoggingAuditTrail.registerSettings(settings); + IndexAuditTrail.registerSettings(settings); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java index 1e2b4665d66..da8163139b1 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java @@ -877,15 +877,15 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl } } - public static void registerSettings(SettingsModule settingsModule) { - settingsModule.registerSetting(INDEX_SETTINGS); - settingsModule.registerSetting(EXCLUDE_EVENT_SETTINGS); - settingsModule.registerSetting(INCLUDE_EVENT_SETTINGS); - settingsModule.registerSetting(ROLLOVER_SETTING); - settingsModule.registerSetting(BULK_SIZE_SETTING); - settingsModule.registerSetting(FLUSH_TIMEOUT_SETTING); - settingsModule.registerSetting(QUEUE_SIZE_SETTING); - settingsModule.registerSetting(REMOTE_CLIENT_SETTINGS); + public static void registerSettings(List> settings) { + settings.add(INDEX_SETTINGS); + settings.add(EXCLUDE_EVENT_SETTINGS); + settings.add(INCLUDE_EVENT_SETTINGS); + settings.add(ROLLOVER_SETTING); + settings.add(BULK_SIZE_SETTING); + settings.add(FLUSH_TIMEOUT_SETTING); + settings.add(QUEUE_SIZE_SETTING); + settings.add(REMOTE_CLIENT_SETTINGS); } private class QueueConsumer extends Thread { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java index 92396f02c94..4f4f6942883 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java @@ -35,6 +35,7 @@ import org.elasticsearch.transport.TransportMessage; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.SocketAddress; +import java.util.List; import static org.elasticsearch.common.Strings.arrayToCommaDelimitedString; import static org.elasticsearch.shield.audit.AuditUtil.indices; @@ -463,9 +464,9 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent> settings) { + settings.add(HOST_ADDRESS_SETTING); + settings.add(HOST_NAME_SETTING); + settings.add(NODE_NAME_SETTING); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java index 343b08d50c4..4805354c83e 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java @@ -29,6 +29,7 @@ import org.elasticsearch.transport.TransportMessage; import java.io.IOException; import java.util.Base64; +import java.util.List; import static org.elasticsearch.shield.Security.setting; import static org.elasticsearch.shield.support.Exceptions.authenticationError; @@ -316,9 +317,9 @@ public class InternalAuthenticationService extends AbstractComponent implements return null; } - public static void registerSettings(SettingsModule settingsModule) { - settingsModule.registerSetting(SIGN_USER_HEADER); - settingsModule.registerSetting(RUN_AS_ENABLED); + public static void addSettings(List> settings) { + settings.add(SIGN_USER_HEADER); + settings.add(RUN_AS_ENABLED); } // these methods are package private for testing. They are also needed so that a AuditableRequest can be created in tests diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java index 0dcc995db5a..b2981ec9d1f 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java @@ -6,6 +6,7 @@ package org.elasticsearch.shield.authc; import org.elasticsearch.ElasticsearchException; +import org.elasticsearch.common.collect.Iterators; import org.elasticsearch.common.component.AbstractLifecycleComponent; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Setting; @@ -101,6 +102,10 @@ public class Realms extends AbstractLifecycleComponent implements Iterab @Override public Iterator iterator() { + if (shieldLicenseState.authenticationAndAuthorizationEnabled() == false) { + return Collections.emptyIterator(); + } + EnabledRealmType enabledRealmType = shieldLicenseState.enabledRealmType(); switch (enabledRealmType) { case ALL: @@ -207,7 +212,7 @@ public class Realms extends AbstractLifecycleComponent implements Iterab } } - public static void registerSettings(SettingsModule settingsModule) { - settingsModule.registerSetting(REALMS_GROUPS_SETTINGS); + public static void addSettings(List> settingsModule) { + settingsModule.add(REALMS_GROUPS_SETTINGS); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/NativeUsersStore.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/NativeUsersStore.java index 9b40c45a5a6..052813d801f 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/NativeUsersStore.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/NativeUsersStore.java @@ -9,6 +9,7 @@ import com.carrotsearch.hppc.ObjectHashSet; import com.carrotsearch.hppc.ObjectLongHashMap; import com.carrotsearch.hppc.ObjectLongMap; import com.carrotsearch.hppc.cursors.ObjectCursor; + import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.action.ActionListener; @@ -23,6 +24,7 @@ import org.elasticsearch.action.search.ClearScrollResponse; import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.search.SearchScrollRequest; +import org.elasticsearch.action.support.WriteRequest.RefreshPolicy; import org.elasticsearch.action.update.UpdateResponse; import org.elasticsearch.client.Client; import org.elasticsearch.cluster.ClusterChangedEvent; @@ -49,9 +51,6 @@ import org.elasticsearch.index.query.QueryBuilders; import org.elasticsearch.search.SearchHit; import org.elasticsearch.shield.InternalClient; import org.elasticsearch.shield.ShieldTemplateService; -import org.elasticsearch.shield.user.SystemUser; -import org.elasticsearch.shield.user.User; -import org.elasticsearch.shield.user.User.Fields; import org.elasticsearch.shield.action.realm.ClearRealmCacheRequest; import org.elasticsearch.shield.action.realm.ClearRealmCacheResponse; import org.elasticsearch.shield.action.user.ChangePasswordRequest; @@ -61,6 +60,9 @@ import org.elasticsearch.shield.authc.support.Hasher; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.client.SecurityClient; import org.elasticsearch.shield.support.SelfReschedulingRunnable; +import org.elasticsearch.shield.user.SystemUser; +import org.elasticsearch.shield.user.User; +import org.elasticsearch.shield.user.User.Fields; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.threadpool.ThreadPool.Names; @@ -324,7 +326,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL client.prepareUpdate(ShieldTemplateService.SECURITY_INDEX_NAME, docType, username) .setDoc(Fields.PASSWORD.getPreferredName(), String.valueOf(request.passwordHash())) - .setRefresh(request.refresh()) + .setRefreshPolicy(request.getRefreshPolicy()) .execute(new ActionListener() { @Override public void onResponse(UpdateResponse updateResponse) { @@ -345,7 +347,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL } if (docType.equals(RESERVED_USER_DOC_TYPE)) { - createReservedUser(username, request.passwordHash(), request.refresh(), listener); + createReservedUser(username, request.passwordHash(), request.getRefreshPolicy(), listener); } else { logger.debug("failed to change password for user [{}]", cause, request.username()); ValidationException validationException = new ValidationException(); @@ -356,10 +358,10 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL }); } - private void createReservedUser(String username, char[] passwordHash, boolean refresh, ActionListener listener) { + private void createReservedUser(String username, char[] passwordHash, RefreshPolicy refresh, ActionListener listener) { client.prepareIndex(ShieldTemplateService.SECURITY_INDEX_NAME, RESERVED_USER_DOC_TYPE, username) .setSource(Fields.PASSWORD.getPreferredName(), String.valueOf(passwordHash)) - .setRefresh(refresh) + .setRefreshPolicy(refresh) .execute(new ActionListener() { @Override public void onResponse(IndexResponse indexResponse) { @@ -400,7 +402,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL User.Fields.FULL_NAME.getPreferredName(), putUserRequest.fullName(), User.Fields.EMAIL.getPreferredName(), putUserRequest.email(), User.Fields.METADATA.getPreferredName(), putUserRequest.metadata()) - .setRefresh(putUserRequest.refresh()) + .setRefreshPolicy(putUserRequest.getRefreshPolicy()) .execute(new ActionListener() { @Override public void onResponse(UpdateResponse updateResponse) { @@ -440,7 +442,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL User.Fields.FULL_NAME.getPreferredName(), putUserRequest.fullName(), User.Fields.EMAIL.getPreferredName(), putUserRequest.email(), User.Fields.METADATA.getPreferredName(), putUserRequest.metadata()) - .setRefresh(putUserRequest.refresh()) + .setRefreshPolicy(putUserRequest.getRefreshPolicy()) .execute(new ActionListener() { @Override public void onResponse(IndexResponse indexResponse) { @@ -470,7 +472,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL DeleteRequest request = client.prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME, USER_DOC_TYPE, deleteUserRequest.username()).request(); request.indicesOptions().ignoreUnavailable(); - request.refresh(deleteUserRequest.refresh()); + request.setRefreshPolicy(deleteUserRequest.refresh() ? RefreshPolicy.IMMEDIATE : RefreshPolicy.WAIT_UNTIL); client.delete(request, new ActionListener() { @Override public void onResponse(DeleteResponse deleteResponse) { @@ -865,9 +867,9 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL void onUsersChanged(List username); } - public static void registerSettings(SettingsModule settingsModule) { - settingsModule.registerSetting(SCROLL_SIZE_SETTING); - settingsModule.registerSetting(SCROLL_KEEP_ALIVE_SETTING); - settingsModule.registerSetting(POLL_INTERVAL_SETTING); + public static void addSettings(List> settings) { + settings.add(SCROLL_SIZE_SETTING); + settings.add(SCROLL_KEEP_ALIVE_SETTING); + settings.add(POLL_INTERVAL_SETTING); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java index a640b080cf6..ed8e4835333 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java @@ -357,7 +357,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A return authorizationError("action [{}] is unauthorized for user [{}]", action, user.principal()); } - public static void registerSettings(SettingsModule settingsModule) { - settingsModule.registerSetting(ANONYMOUS_AUTHORIZATION_EXCEPTION_SETTING); + public static void addSettings(List> settings) { + settings.add(ANONYMOUS_AUTHORIZATION_EXCEPTION_SETTING); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapper.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapper.java index 1bd5519b0a4..fe55e5993c0 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapper.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapper.java @@ -35,6 +35,7 @@ import org.elasticsearch.index.cache.bitset.BitsetFilterCache; import org.elasticsearch.index.engine.EngineException; import org.elasticsearch.index.mapper.DocumentMapper; import org.elasticsearch.index.mapper.MapperService; +import org.elasticsearch.index.mapper.internal.FieldNamesFieldMapper; import org.elasticsearch.index.mapper.internal.ParentFieldMapper; import org.elasticsearch.index.query.ParsedQuery; import org.elasticsearch.index.query.QueryBuilder; @@ -52,6 +53,7 @@ import java.util.Arrays; import java.util.Collections; import java.util.HashSet; import java.util.List; +import java.util.Optional; import java.util.Set; import static org.apache.lucene.search.BooleanClause.Occur.SHOULD; @@ -89,6 +91,7 @@ public class ShieldIndexSearcherWrapper extends IndexSearcherWrapper { Set allowedMetaFields = new HashSet<>(); allowedMetaFields.addAll(Arrays.asList(MapperService.getAllMetaFields())); + allowedMetaFields.add(FieldNamesFieldMapper.NAME); // TODO: add _field_names to MapperService#META_FIELDS? allowedMetaFields.add("_source"); // TODO: add _source to MapperService#META_FIELDS? allowedMetaFields.add("_version"); // TODO: add _version to MapperService#META_FIELDS? allowedMetaFields.remove("_all"); // The _all field contains actual data and we can't include that by default. @@ -122,9 +125,11 @@ public class ShieldIndexSearcherWrapper extends IndexSearcherWrapper { for (BytesReference bytesReference : permissions.getQueries()) { QueryShardContext queryShardContext = copyQueryShardContext(this.queryShardContext); try (XContentParser parser = XContentFactory.xContent(bytesReference).createParser(bytesReference)) { - QueryBuilder queryBuilder = queryShardContext.newParseContext(parser).parseInnerQueryBuilder(); - ParsedQuery parsedQuery = queryShardContext.toQuery(queryBuilder); - filter.add(parsedQuery.query(), SHOULD); + Optional queryBuilder = queryShardContext.newParseContext(parser).parseInnerQueryBuilder(); + if (queryBuilder.isPresent()) { + ParsedQuery parsedQuery = queryShardContext.toQuery(queryBuilder.get()); + filter.add(parsedQuery.query(), SHOULD); + } } } // at least one of the queries should match diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java index 389c70254e0..19edfa313cb 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java @@ -260,7 +260,7 @@ public class FileRolesStore extends AbstractLifecycleComponent imple } } - public static void registerSettings(SettingsModule settingsModule) { - settingsModule.registerSetting(ROLES_FILE_SETTING); + public static void addSettings(List> settings) { + settings.add(ROLES_FILE_SETTING); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/NativeRolesStore.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/NativeRolesStore.java index afb7d220080..e977dc77b45 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/NativeRolesStore.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/NativeRolesStore.java @@ -18,6 +18,7 @@ import org.elasticsearch.action.search.ClearScrollResponse; import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.search.SearchScrollRequest; +import org.elasticsearch.action.support.WriteRequest.RefreshPolicy; import org.elasticsearch.client.Client; import org.elasticsearch.cluster.ClusterChangedEvent; import org.elasticsearch.cluster.ClusterState; @@ -30,7 +31,6 @@ import org.elasticsearch.common.inject.Provider; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Setting.Property; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.settings.SettingsModule; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.util.concurrent.AbstractRunnable; import org.elasticsearch.common.xcontent.ToXContent; @@ -269,7 +269,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C try { DeleteRequest request = client.prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, deleteRoleRequest.name()).request(); - request.refresh(deleteRoleRequest.refresh()); + request.setRefreshPolicy(deleteRoleRequest.refresh() ? RefreshPolicy.IMMEDIATE : RefreshPolicy.WAIT_UNTIL); client.delete(request, new ActionListener() { @Override public void onResponse(DeleteResponse deleteResponse) { @@ -299,7 +299,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C try { client.prepareIndex(ShieldTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, role.getName()) .setSource(role.toXContent(jsonBuilder(), ToXContent.EMPTY_PARAMS)) - .setRefresh(request.refresh()) + .setRefreshPolicy(request.getRefreshPolicy()) .execute(new ActionListener() { @Override public void onResponse(IndexResponse indexResponse) { @@ -603,9 +603,9 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C } } - public static void registerSettings(SettingsModule settingsModule) { - settingsModule.registerSetting(SCROLL_SIZE_SETTING); - settingsModule.registerSetting(SCROLL_KEEP_ALIVE_SETTING); - settingsModule.registerSetting(POLL_INTERVAL_SETTING); + public static void addSettings(List> settings) { + settings.add(SCROLL_SIZE_SETTING); + settings.add(SCROLL_KEEP_ALIVE_SETTING); + settings.add(POLL_INTERVAL_SETTING); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java index 30994e722f2..ef96be6b210 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java @@ -676,10 +676,10 @@ public class InternalCryptoService extends AbstractLifecycleComponent> settings) { + settings.add(FILE_SETTING); + settings.add(ENCRYPTION_KEY_LENGTH_SETTING); + settings.add(ENCRYPTION_KEY_ALGO_SETTING); + settings.add(ENCRYPTION_ALGO_SETTING); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestPutRoleAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestPutRoleAction.java index 20334f56efc..d1a1a6c227d 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestPutRoleAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestPutRoleAction.java @@ -36,9 +36,7 @@ public class RestPutRoleAction extends BaseRestHandler { @Override protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception { PutRoleRequestBuilder requestBuilder = new SecurityClient(client).preparePutRole(request.param("name"), request.content()); - if (request.hasParam("refresh")) { - requestBuilder.refresh(request.paramAsBoolean("refresh", true)); - } + requestBuilder.setRefreshPolicy(request.param("refresh")); requestBuilder.execute(new RestBuilderListener(channel) { @Override public RestResponse buildResponse(PutRoleResponse putRoleResponse, XContentBuilder builder) throws Exception { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestChangePasswordAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestChangePasswordAction.java index 9be684b4598..ce31c587e24 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestChangePasswordAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestChangePasswordAction.java @@ -47,7 +47,7 @@ public class RestChangePasswordAction extends BaseRestHandler { } new SecurityClient(client).prepareChangePassword(username, request.content()) - .refresh(request.paramAsBoolean("refresh", true)) + .setRefreshPolicy(request.param("refresh")) .execute(new RestBuilderListener(channel) { @Override public RestResponse buildResponse(ChangePasswordResponse changePasswordResponse, XContentBuilder builder) throws diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestPutUserAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestPutUserAction.java index 863a960d47e..261495f4ac1 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestPutUserAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestPutUserAction.java @@ -37,7 +37,7 @@ public class RestPutUserAction extends BaseRestHandler { protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception { PutUserRequestBuilder requestBuilder = new SecurityClient(client).preparePutUser(request.param("username"), request.content()); if (request.hasParam("refresh")) { - requestBuilder.refresh(request.paramAsBoolean("refresh", true)); + requestBuilder.setRefreshPolicy(request.param("refresh")); } requestBuilder.execute(new RestBuilderListener(channel) { @Override diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/SSLConfiguration.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/SSLConfiguration.java index 2286bff2cbb..cabac13e0f7 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/SSLConfiguration.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/SSLConfiguration.java @@ -147,25 +147,25 @@ public abstract class SSLConfiguration { static final Setting INCLUDE_JDK_CERTS_SETTING = Setting.boolSetting(globalKey(Custom.INCLUDE_JDK_CERTS_SETTING), true, Property.NodeScope, Property.Filtered); - public static void registerSettings(SettingsModule settingsModule) { - settingsModule.registerSetting(Global.CIPHERS_SETTING); - settingsModule.registerSetting(Global.SUPPORTED_PROTOCOLS_SETTING); - settingsModule.registerSetting(Global.KEYSTORE_PATH_SETTING); - settingsModule.registerSetting(Global.KEYSTORE_PASSWORD_SETTING); - settingsModule.registerSetting(Global.KEYSTORE_ALGORITHM_SETTING); - settingsModule.registerSetting(Global.KEYSTORE_KEY_PASSWORD_SETTING); - settingsModule.registerSetting(Global.KEY_PATH_SETTING); - settingsModule.registerSetting(Global.KEY_PASSWORD_SETTING); - settingsModule.registerSetting(Global.CERT_SETTING); - settingsModule.registerSetting(Global.TRUSTSTORE_PATH_SETTING); - settingsModule.registerSetting(Global.TRUSTSTORE_PASSWORD_SETTING); - settingsModule.registerSetting(Global.TRUSTSTORE_ALGORITHM_SETTING); - settingsModule.registerSetting(Global.PROTOCOL_SETTING); - settingsModule.registerSetting(Global.SESSION_CACHE_SIZE_SETTING); - settingsModule.registerSetting(Global.SESSION_CACHE_TIMEOUT_SETTING); - settingsModule.registerSetting(Global.CA_PATHS_SETTING); - settingsModule.registerSetting(Global.INCLUDE_JDK_CERTS_SETTING); - settingsModule.registerSetting(Global.RELOAD_ENABLED_SETTING); + public static void addSettings(List> settings) { + settings.add(Global.CIPHERS_SETTING); + settings.add(Global.SUPPORTED_PROTOCOLS_SETTING); + settings.add(Global.KEYSTORE_PATH_SETTING); + settings.add(Global.KEYSTORE_PASSWORD_SETTING); + settings.add(Global.KEYSTORE_ALGORITHM_SETTING); + settings.add(Global.KEYSTORE_KEY_PASSWORD_SETTING); + settings.add(Global.KEY_PATH_SETTING); + settings.add(Global.KEY_PASSWORD_SETTING); + settings.add(Global.CERT_SETTING); + settings.add(Global.TRUSTSTORE_PATH_SETTING); + settings.add(Global.TRUSTSTORE_PASSWORD_SETTING); + settings.add(Global.TRUSTSTORE_ALGORITHM_SETTING); + settings.add(Global.PROTOCOL_SETTING); + settings.add(Global.SESSION_CACHE_SIZE_SETTING); + settings.add(Global.SESSION_CACHE_TIMEOUT_SETTING); + settings.add(Global.CA_PATHS_SETTING); + settings.add(Global.INCLUDE_JDK_CERTS_SETTING); + settings.add(Global.RELOAD_ENABLED_SETTING); } private final KeyConfig keyConfig; diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java index b7df9e2234c..ee1724b0f63 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java @@ -260,13 +260,13 @@ public class IPFilter { updateRules(); } - public static void registerSettings(SettingsModule settingsModule) { - settingsModule.registerSetting(ALLOW_BOUND_ADDRESSES_SETTING); - settingsModule.registerSetting(IP_FILTER_ENABLED_SETTING); - settingsModule.registerSetting(IP_FILTER_ENABLED_HTTP_SETTING); - settingsModule.registerSetting(HTTP_FILTER_ALLOW_SETTING); - settingsModule.registerSetting(HTTP_FILTER_DENY_SETTING); - settingsModule.registerSetting(TRANSPORT_FILTER_ALLOW_SETTING); - settingsModule.registerSetting(TRANSPORT_FILTER_DENY_SETTING); + public static void addSettings(List> settings) { + settings.add(ALLOW_BOUND_ADDRESSES_SETTING); + settings.add(IP_FILTER_ENABLED_SETTING); + settings.add(IP_FILTER_ENABLED_HTTP_SETTING); + settings.add(HTTP_FILTER_ALLOW_SETTING); + settings.add(HTTP_FILTER_DENY_SETTING); + settings.add(TRANSPORT_FILTER_ALLOW_SETTING); + settings.add(TRANSPORT_FILTER_DENY_SETTING); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java index c477f94312c..51545e62a75 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java @@ -27,6 +27,7 @@ import org.jboss.netty.handler.ssl.SslHandler; import javax.net.ssl.SSLEngine; import java.util.Collections; +import java.util.List; import static org.elasticsearch.http.HttpTransportSettings.SETTING_HTTP_COMPRESSION; import static org.elasticsearch.shield.Security.setting; @@ -128,10 +129,10 @@ public class ShieldNettyHttpServerTransport extends NettyHttpServerTransport { } } - public static void registerSettings(SettingsModule settingsModule) { - settingsModule.registerSetting(SSL_SETTING); - settingsModule.registerSetting(CLIENT_AUTH_SETTING); - settingsModule.registerSetting(DEPRECATED_SSL_SETTING); + public static void addSettings(List> settings) { + settings.add(SSL_SETTING); + settings.add(CLIENT_AUTH_SETTING); + settings.add(DEPRECATED_SSL_SETTING); } public static void overrideSettings(Settings.Builder settingsBuilder, Settings settings) { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java index d226a5ba4b9..89cf5b1287b 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java @@ -34,6 +34,7 @@ import org.jboss.netty.handler.ssl.SslHandler; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import java.net.InetSocketAddress; +import java.util.List; import static org.elasticsearch.shield.Security.featureEnabledSetting; import static org.elasticsearch.shield.Security.setting; @@ -249,17 +250,17 @@ public class ShieldNettyTransport extends NettyTransport { } } - public static void registerSettings(SettingsModule settingsModule) { - settingsModule.registerSetting(SSL_SETTING); - settingsModule.registerSetting(HOSTNAME_VERIFICATION_SETTING); - settingsModule.registerSetting(HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING); - settingsModule.registerSetting(CLIENT_AUTH_SETTING); - settingsModule.registerSetting(PROFILE_SSL_SETTING); - settingsModule.registerSetting(PROFILE_CLIENT_AUTH_SETTING); + public static void addSettings(List> settingsModule) { + settingsModule.add(SSL_SETTING); + settingsModule.add(HOSTNAME_VERIFICATION_SETTING); + settingsModule.add(HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING); + settingsModule.add(CLIENT_AUTH_SETTING); + settingsModule.add(PROFILE_SSL_SETTING); + settingsModule.add(PROFILE_CLIENT_AUTH_SETTING); // deprecated transport settings - settingsModule.registerSetting(DEPRECATED_SSL_SETTING); - settingsModule.registerSetting(DEPRECATED_PROFILE_SSL_SETTING); - settingsModule.registerSetting(DEPRECATED_HOSTNAME_VERIFICATION_SETTING); + settingsModule.add(DEPRECATED_SSL_SETTING); + settingsModule.add(DEPRECATED_PROFILE_SSL_SETTING); + settingsModule.add(DEPRECATED_HOSTNAME_VERIFICATION_SETTING); } } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/AnonymousUser.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/AnonymousUser.java index 818be16d489..55742e31f2b 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/AnonymousUser.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/user/AnonymousUser.java @@ -12,6 +12,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsModule; import org.elasticsearch.shield.user.User.ReservedUser; +import java.util.Arrays; import java.util.Collections; import java.util.List; @@ -80,8 +81,12 @@ public class AnonymousUser extends ReservedUser { return roles; } - public static void registerSettings(SettingsModule settingsModule) { - settingsModule.registerSetting(USERNAME_SETTING); - settingsModule.registerSetting(ROLES_SETTING); + public static List> getSettings() { + return Arrays.asList(); + } + + public static void addSettings(List> settingsList) { + settingsList.add(USERNAME_SETTING); + settingsList.add(ROLES_SETTING); } } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java index a2cda298e38..c2790d94f18 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java @@ -13,10 +13,9 @@ import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.rest.RestStatus; -import org.elasticsearch.shield.action.role.PutRoleResponse; -import org.elasticsearch.shield.action.role.GetRolesResponse; import org.elasticsearch.shield.ShieldTemplateService; -import org.elasticsearch.shield.authc.esnative.NativeRealm; +import org.elasticsearch.shield.action.role.GetRolesResponse; +import org.elasticsearch.shield.action.role.PutRoleResponse; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.authz.RoleDescriptor; @@ -31,10 +30,13 @@ import org.junit.BeforeClass; import java.util.Arrays; import java.util.List; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.NONE; import static org.hamcrest.Matchers.arrayWithSize; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; + /** * Test for the Shield clear roles API that changes the polling aspect of shield to only run once an hour in order to * test the cache clearing APIs. @@ -91,13 +93,12 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase { int modifiedRolesCount = randomIntBetween(1, roles.length); List toModify = randomSubsetOf(modifiedRolesCount, roles); logger.debug("--> modifying roles {} to have run_as", toModify); - final boolean refresh = randomBoolean(); for (String role : toModify) { PutRoleResponse response = securityClient.preparePutRole(role) .cluster("none") .addIndices(new String[] { "*" }, new String[] { "ALL" }, null, null) .runAs(role) - .refresh(refresh) + .setRefreshPolicy(randomBoolean() ? IMMEDIATE : NONE) .get(); assertThat(response.isCreated(), is(false)); logger.debug("--> updated role [{}] with run_as", role); @@ -115,7 +116,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase { UpdateResponse response = internalClient().prepareUpdate().setId(role).setIndex(ShieldTemplateService.SECURITY_INDEX_NAME) .setType(NativeRolesStore.ROLE_DOC_TYPE) .setDoc("run_as", new String[] { role }) - .setRefresh(refresh) + .setRefreshPolicy(refresh ? IMMEDIATE : NONE) .get(); assertThat(response.isCreated(), is(false)); logger.debug("--> updated role [{}] with run_as", role); @@ -158,7 +159,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase { final boolean refresh = randomBoolean(); DeleteResponse response = internalClient() .prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME, NativeRolesStore.ROLE_DOC_TYPE, role) - .setRefresh(refresh) + .setRefreshPolicy(refresh ? IMMEDIATE : NONE) .get(); assertThat(response.isFound(), is(true)); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java index 5b626b3c2f8..36f8ff1083a 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java @@ -23,6 +23,8 @@ import org.elasticsearch.test.ShieldIntegTestCase; import java.util.Collections; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.NONE; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.is; @@ -64,7 +66,8 @@ public class DateMathExpressionIntegTests extends ShieldIntegTestCase { CreateIndexResponse response = client.admin().indices().prepareCreate(expression).get(); assertThat(response.isAcknowledged(), is(true)); } - IndexResponse response = client.prepareIndex(expression, "type").setSource("foo", "bar").setRefresh(refeshOnOperation).get(); + IndexResponse response = client.prepareIndex(expression, "type").setSource("foo", "bar") + .setRefreshPolicy(refeshOnOperation ? IMMEDIATE : NONE).get(); assertThat(response.isCreated(), is(true)); assertThat(response.getIndex(), containsString(expectedIndexName)); @@ -84,7 +87,7 @@ public class DateMathExpressionIntegTests extends ShieldIntegTestCase { UpdateResponse updateResponse = client.prepareUpdate(expression, "type", response.getId()) .setDoc("new", "field") - .setRefresh(refeshOnOperation) + .setRefreshPolicy(refeshOnOperation ? IMMEDIATE : NONE) .get(); assertThat(updateResponse.isCreated(), is(false)); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java index 716b58652e8..8869367b79f 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java @@ -17,6 +17,7 @@ import org.elasticsearch.xpack.XPackPlugin; import java.util.Collections; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked; @@ -94,10 +95,10 @@ public class DocumentAndFieldLevelSecurityTests extends ShieldIntegTestCase { .addMapping("type1", "field1", "type=text", "field2", "type=text") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); client().prepareIndex("test", "type1", "2").setSource("field2", "value2") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); SearchResponse response = client().filterWithHeader( @@ -133,10 +134,10 @@ public class DocumentAndFieldLevelSecurityTests extends ShieldIntegTestCase { .addMapping("type1", "field1", "type=text", "field2", "type=text") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); client().prepareIndex("test", "type1", "2").setSource("field2", "value2") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); // Both users have the same role query, but user3 has access to field2 and not field1, which should result in zero hits: diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java index f99bfef4aff..f2fd3632f5a 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java @@ -33,6 +33,7 @@ import org.elasticsearch.xpack.XPackPlugin; import java.util.Collections; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.elasticsearch.index.query.QueryBuilders.hasChildQuery; import static org.elasticsearch.index.query.QueryBuilders.hasParentQuery; import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery; @@ -108,13 +109,13 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase { .addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); client().prepareIndex("test", "type1", "2").setSource("field2", "value2") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); client().prepareIndex("test", "type1", "3").setSource("field3", "value3") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); SearchResponse response = client() @@ -289,13 +290,13 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase { "field3", "type=text,term_vector=with_positions_offsets_payloads") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); client().prepareIndex("test", "type1", "2").setSource("field2", "value2") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); client().prepareIndex("test", "type1", "3").setSource("field3", "value3") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); boolean realtime = randomBoolean(); @@ -354,13 +355,13 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase { "field3", "type=text,term_vector=with_positions_offsets_payloads") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); client().prepareIndex("test", "type1", "2").setSource("field2", "value2") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); client().prepareIndex("test", "type1", "3").setSource("field3", "value3") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); boolean realtime = randomBoolean(); @@ -419,13 +420,13 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase { .addMapping("type1", "field1", "type=text", "field2", "type=text,fielddata=true", "field3", "type=text") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); client().prepareIndex("test", "type1", "2").setSource("field2", "value2") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); client().prepareIndex("test", "type1", "3").setSource("field3", "value3") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); SearchResponse response = client().prepareSearch("test") @@ -483,11 +484,11 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase { .addMapping("type2", "_parent", "type=type1", "field3", "type=text,fielddata=true") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); client().prepareIndex("test", "type2", "2").setSource("field3", "value3") .setParent("1") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); SearchResponse response = client().prepareSearch("test") @@ -705,7 +706,7 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase { .addMapping("type", "field1", "type=text", "field2", "type=text") ); client().prepareIndex("test", "type", "1").setSource("field1", "value1") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); // With document level security enabled the update is not allowed: diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java index fc14ae859a9..541bb73623f 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java @@ -24,6 +24,7 @@ import java.util.List; import java.util.Map; import java.util.Set; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.elasticsearch.index.query.QueryBuilders.matchQuery; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; @@ -141,7 +142,7 @@ public class FieldLevelSecurityRandomTests extends ShieldIntegTestCase { assertAcked(client().admin().indices().prepareCreate("test") .addMapping("type1", (Object[])fieldMappers) ); - client().prepareIndex("test", "type1", "1").setSource(doc).setRefresh(true).get(); + client().prepareIndex("test", "type1", "1").setSource(doc).setRefreshPolicy(IMMEDIATE).get(); for (String allowedField : allowedFields) { logger.info("Checking allowed field [{}]", allowedField); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java index a887783b017..64c9a08bdbe 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java @@ -32,7 +32,9 @@ import org.elasticsearch.xpack.XPackPlugin; import java.util.Collections; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.elasticsearch.index.query.QueryBuilders.constantScoreQuery; +import static org.elasticsearch.index.query.QueryBuilders.existsQuery; import static org.elasticsearch.index.query.QueryBuilders.hasChildQuery; import static org.elasticsearch.index.query.QueryBuilders.matchQuery; import static org.elasticsearch.index.query.QueryBuilders.termQuery; @@ -136,7 +138,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { .addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); // user1 has access to field1, so the query should match with the document: @@ -481,14 +483,12 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { assertThat(response.getResponses()[0].getResponse().getSource().get("field2").toString(), equalTo("value2")); } - // norelease - we need to fix the issue so that only fields a user can see are returned - @AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2120") public void testFieldStatsApi() throws Exception { assertAcked(client().admin().indices().prepareCreate("test") .addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); // user1 is granted access to field1 only: @@ -622,7 +622,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { .addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); int max = scaledRandomIntBetween(4, 32); @@ -660,7 +660,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { .addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); int max = scaledRandomIntBetween(4, 32); @@ -702,7 +702,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { "field3", "type=text,store=true") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); // user1 is granted access to field1 only: @@ -799,7 +799,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { .addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); // user1 is granted access to field1 only: @@ -873,7 +873,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { ); client().prepareIndex("test", "type1", "1").setSource("field1", 1d, "field2", 2d) - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); // user1 is granted to use field1, so it is included in the sort_values @@ -882,28 +882,28 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { .prepareSearch("test") .addSort("field1", SortOrder.ASC) .get(); - assertThat((Long) response.getHits().getAt(0).sortValues()[0], equalTo(1L)); + assertThat(response.getHits().getAt(0).sortValues()[0], equalTo(1L)); // user2 is not granted to use field1, so the default missing sort value is included response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) .prepareSearch("test") .addSort("field1", SortOrder.ASC) .get(); - assertThat((Long) response.getHits().getAt(0).sortValues()[0], equalTo(Long.MAX_VALUE)); + assertThat(response.getHits().getAt(0).sortValues()[0], equalTo(Long.MAX_VALUE)); // user1 is not granted to use field2, so the default missing sort value is included response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD))) .prepareSearch("test") .addSort("field2", SortOrder.ASC) .get(); - assertThat((Long) response.getHits().getAt(0).sortValues()[0], equalTo(Long.MAX_VALUE)); + assertThat(response.getHits().getAt(0).sortValues()[0], equalTo(Long.MAX_VALUE)); // user2 is granted to use field2, so it is included in the sort_values response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) .prepareSearch("test") .addSort("field2", SortOrder.ASC) .get(); - assertThat((Long) response.getHits().getAt(0).sortValues()[0], equalTo(2L)); + assertThat(response.getHits().getAt(0).sortValues()[0], equalTo(2L)); } public void testAggs() throws Exception { @@ -911,7 +911,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { .addMapping("type1", "field1", "type=text,fielddata=true", "field2", "type=text,fielddata=true") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); // user1 is authorized to use field1, so buckets are include for a term agg on field1 @@ -951,7 +951,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { "field3", "type=text,term_vector=with_positions_offsets_payloads") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); boolean realtime = randomBoolean(); @@ -1035,7 +1035,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { "field3", "type=text,term_vector=with_positions_offsets_payloads") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); boolean realtime = randomBoolean(); @@ -1155,7 +1155,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { ); client().prepareIndex("test", "type", "1") .setSource("field1", "value1", "field2", "value1") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); // With field level security enabled the update is not allowed: @@ -1200,7 +1200,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { .addMapping("type1", "field1", "type=text", "field2", "type=text") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); // user6 has access to all fields, so the query should match with the document: @@ -1224,4 +1224,64 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { assertThat(response.getHits().getAt(0).sourceAsMap().get("field2").toString(), equalTo("value2")); } + public void testExistQuery() { + assertAcked(client().admin().indices().prepareCreate("test") + .addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text") + ); + client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3") + .setRefreshPolicy(IMMEDIATE) + .get(); + + // user1 has access to field1, so the query should match with the document: + SearchResponse response = client() + .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD))) + .prepareSearch("test") + .setQuery(existsQuery("field1")) + .get(); + assertHitCount(response, 1); + // user1 has no access to field2, so the query should not match with the document: + response = client() + .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD))) + .prepareSearch("test") + .setQuery(existsQuery("field2")) + .get(); + assertHitCount(response, 0); + // user2 has no access to field1, so the query should not match with the document: + response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) + .prepareSearch("test") + .setQuery(existsQuery("field1")) + .get(); + assertHitCount(response, 0); + // user2 has access to field2, so the query should match with the document: + response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD))) + .prepareSearch("test") + .setQuery(existsQuery("field2")) + .get(); + assertHitCount(response, 1); + // user3 has access to field1 and field2, so the query should match with the document: + response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user3", USERS_PASSWD))) + .prepareSearch("test") + .setQuery(existsQuery("field1")) + .get(); + assertHitCount(response, 1); + // user3 has access to field1 and field2, so the query should match with the document: + response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user3", USERS_PASSWD))) + .prepareSearch("test") + .setQuery(existsQuery("field2")) + .get(); + assertHitCount(response, 1); + // user4 has access to no fields, so the query should not match with the document: + response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user4", USERS_PASSWD))) + .prepareSearch("test") + .setQuery(existsQuery("field1")) + .get(); + assertHitCount(response, 0); + // user4 has access to no fields, so the query should not match with the document: + response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user4", USERS_PASSWD))) + .prepareSearch("test") + .setQuery(existsQuery("field2")) + .get(); + assertHitCount(response, 0); + } + } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/IndicesPermissionsWithAliasesWildcardsAndRegexsTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/IndicesPermissionsWithAliasesWildcardsAndRegexsTests.java index 916321f80ba..068b3f97ef4 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/IndicesPermissionsWithAliasesWildcardsAndRegexsTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/IndicesPermissionsWithAliasesWildcardsAndRegexsTests.java @@ -16,6 +16,7 @@ import org.elasticsearch.xpack.XPackPlugin; import java.util.Collections; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked; @@ -72,7 +73,7 @@ public class IndicesPermissionsWithAliasesWildcardsAndRegexsTests extends Shield .addAlias(new Alias("an_alias")) ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); GetResponse getResponse = client() diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java index bc76aadcc1e..372426e4751 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java @@ -25,6 +25,7 @@ import org.elasticsearch.test.ShieldIntegTestCase; import java.util.Locale; import static java.util.Collections.singletonMap; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.hamcrest.Matchers.arrayContaining; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.greaterThan; @@ -183,7 +184,7 @@ public class KibanaUserRoleIntegTests extends ShieldIntegTestCase { .setIndex(index) .setType("dashboard") .setSource("foo", "bar") - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); assertThat(response.isCreated(), is(true)); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java index 7c745794f1d..4d050ad6704 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java @@ -24,6 +24,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertThrows; @@ -63,7 +64,7 @@ public class ShieldClearScrollTests extends ShieldIntegTestCase { @Before public void indexRandomDocuments() { - BulkRequestBuilder bulkRequestBuilder = client().prepareBulk().setRefresh(true); + BulkRequestBuilder bulkRequestBuilder = client().prepareBulk().setRefreshPolicy(IMMEDIATE); for (int i = 0; i < randomIntBetween(10, 50); i++) { bulkRequestBuilder.add(client().prepareIndex("index", "type", String.valueOf(i)).setSource("{ \"foo\" : \"bar\" }")); } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/SecurityFeatureSetTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/SecurityFeatureSetTests.java index be1a6412f2e..0aaee2b15b3 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/SecurityFeatureSetTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/SecurityFeatureSetTests.java @@ -15,6 +15,7 @@ import org.elasticsearch.xpack.watcher.support.xcontent.XContentSource; import org.junit.Before; import java.util.ArrayList; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -92,7 +93,7 @@ public class SecurityFeatureSetTests extends ESTestCase { realmUsage.put("key3", i % 2 == 0); when(realm.usageStats()).thenReturn(realmUsage); } - when(realms.iterator()).thenReturn(realmsList.iterator()); + when(realms.iterator()).thenReturn(available ? realmsList.iterator() : Collections.emptyIterator()); SecurityFeatureSet featureSet = new SecurityFeatureSet(settings.build(), licenseState, realms, namedWriteableRegistry); XPackFeatureSet.Usage usage = featureSet.usage(); @@ -102,12 +103,14 @@ public class SecurityFeatureSetTests extends ESTestCase { assertThat(usage.available(), is(available)); XContentSource source = new XContentSource(usage); - if (enabled) { + if (enabled && available) { for (int i = 0; i < 5; i++) { assertThat(source.getValue("enabled_realms." + i + ".key1"), is("value" + i)); assertThat(source.getValue("enabled_realms." + i + ".key2"), is(i)); assertThat(source.getValue("enabled_realms." + i + ".key3"), is(i % 2 == 0)); } + } else if (enabled) { + assertThat(source.getValue("enabled_realms"), is(notNullValue())); } else { assertThat(source.getValue("enabled_realms"), is(nullValue())); } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java index b7ddf644024..b9bffa980c5 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java @@ -37,6 +37,6 @@ public class VersionCompatibilityTests extends ESTestCase { * */ assertThat("Remove workaround in LicenseService class when es core supports merging cluster level custom metadata", - Version.CURRENT.equals(Version.V_5_0_0), is(true)); + Version.CURRENT.equals(Version.V_5_0_0_alpha4), is(true)); } } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java index 13581354c22..b7ae372caf7 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java @@ -11,14 +11,14 @@ import org.elasticsearch.common.inject.Injector; import org.elasticsearch.common.io.stream.NamedWriteableRegistry; import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.network.NetworkService; -import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsModule; -import org.elasticsearch.indices.breaker.CircuitBreakerModule; +import org.elasticsearch.indices.breaker.CircuitBreakerService; +import org.elasticsearch.node.Node; import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.threadpool.ThreadPoolModule; import org.elasticsearch.transport.Transport; import org.elasticsearch.transport.local.LocalTransport; @@ -35,8 +35,7 @@ public class AuditTrailModuleTests extends ESTestCase { .put("client.type", "node") .put(AuditTrailModule.ENABLED_SETTING.getKey(), false) .build(); - SettingsModule settingsModule = new SettingsModule(settings); - settingsModule.registerSetting(AuditTrailModule.ENABLED_SETTING); + SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING); Injector injector = Guice.createInjector(settingsModule, new AuditTrailModule(settings)); AuditTrail auditTrail = injector.getInstance(AuditTrail.class); assertThat(auditTrail, is(AuditTrail.NOOP)); @@ -55,10 +54,9 @@ public class AuditTrailModuleTests extends ESTestCase { .put(AuditTrailModule.ENABLED_SETTING.getKey(), true) .put("client.type", "node") .build(); - ThreadPool pool = new ThreadPool("testLogFile"); + ThreadPool pool = new TestThreadPool("testLogFile"); try { - SettingsModule settingsModule = new SettingsModule(settings); - settingsModule.registerSetting(AuditTrailModule.ENABLED_SETTING); + SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING); Injector injector = Guice.createInjector( settingsModule, new NetworkModule(new NetworkService(settings), settings, false, new NamedWriteableRegistry()) { @@ -68,8 +66,11 @@ public class AuditTrailModuleTests extends ESTestCase { } }, new AuditTrailModule(settings), - new CircuitBreakerModule(settings), - new ThreadPoolModule(pool), + b -> { + b.bind(CircuitBreakerService.class).toInstance(Node.createCircuitBreakerService(settingsModule.getSettings(), + settingsModule.getClusterSettings())); + b.bind(ThreadPool.class).toInstance(pool); + }, new Version.Module(Version.CURRENT) ); AuditTrail auditTrail = injector.getInstance(AuditTrail.class); @@ -89,9 +90,7 @@ public class AuditTrailModuleTests extends ESTestCase { .put(AuditTrailModule.OUTPUTS_SETTING.getKey() , "foo") .put("client.type", "node") .build(); - SettingsModule settingsModule = new SettingsModule(settings); - settingsModule.registerSetting(AuditTrailModule.ENABLED_SETTING); - settingsModule.registerSetting(AuditTrailModule.OUTPUTS_SETTING); + SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING, AuditTrailModule.OUTPUTS_SETTING); try { Guice.createInjector(settingsModule, new AuditTrailModule(settings)); fail("Expect initialization to fail when an unknown audit trail output is configured"); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailMutedTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailMutedTests.java index a91bc3729b5..5e76ebd3921 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailMutedTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailMutedTests.java @@ -25,6 +25,7 @@ import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule; import org.elasticsearch.shield.user.SystemUser; import org.elasticsearch.shield.user.User; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.Transport; import org.elasticsearch.transport.TransportMessage; @@ -58,7 +59,7 @@ public class IndexAuditTrailMutedTests extends ESTestCase { when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { DummyTransportAddress.INSTANCE }, DummyTransportAddress.INSTANCE)); - threadPool = new ThreadPool("index audit trail tests"); + threadPool = new TestThreadPool("index audit trail tests"); transportClient = TransportClient.builder().settings(Settings.EMPTY).build(); clientCalled = new AtomicBoolean(false); client = new InternalClient(transportClient) { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java index be3a74d833f..066ee7b773e 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java @@ -43,6 +43,7 @@ import org.elasticsearch.test.ESIntegTestCase; import org.elasticsearch.test.InternalTestCluster; import org.elasticsearch.test.ShieldIntegTestCase; import org.elasticsearch.test.ShieldSettingsSource; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.Transport; import org.elasticsearch.transport.TransportInfo; @@ -260,7 +261,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { BoundTransportAddress boundTransportAddress = new BoundTransportAddress(new TransportAddress[]{DummyTransportAddress.INSTANCE}, DummyTransportAddress.INSTANCE); when(transport.boundAddress()).thenReturn(boundTransportAddress); - threadPool = new ThreadPool("index audit trail tests"); + threadPool = new TestThreadPool("index audit trail tests"); enqueuedMessage = new SetOnce<>(); auditor = new IndexAuditTrail(settings, transport, Providers.of(internalClient()), threadPool, mock(ClusterService.class)) { @Override diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailUpdateMappingTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailUpdateMappingTests.java index e87b7026fba..11b567456f0 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailUpdateMappingTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailUpdateMappingTests.java @@ -14,6 +14,7 @@ import org.elasticsearch.common.transport.DummyTransportAddress; import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.test.ShieldIntegTestCase; import org.elasticsearch.test.rest.FakeRestRequest; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.Transport; import org.junit.After; @@ -39,7 +40,7 @@ public class IndexAuditTrailUpdateMappingTests extends ShieldIntegTestCase { @Before public void setup() { - threadPool = new ThreadPool("index audit trail update mapping tests"); + threadPool = new TestThreadPool("index audit trail update mapping tests"); } public void testMappingIsUpdated() throws Exception { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java index f0dcbaf5148..c21233e739e 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java @@ -94,6 +94,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase { Settings settings = Settings.builder().put("path.home", createTempDir()).build(); SecurityLicenseState shieldLicenseState = mock(SecurityLicenseState.class); when(shieldLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.ALL); + when(shieldLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(true); realms = new Realms(Settings.EMPTY, new Environment(settings), Collections.emptyMap(), shieldLicenseState, mock(ReservedRealm.class)) { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java index ee14210ff7d..426c9a13c23 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java @@ -52,6 +52,7 @@ public class RealmsTests extends ESTestCase { } shieldLicenseState = mock(SecurityLicenseState.class); reservedRealm = mock(ReservedRealm.class); + when(shieldLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(true); when(shieldLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.ALL); } @@ -338,6 +339,21 @@ public class RealmsTests extends ESTestCase { assertThat(count, equalTo(orderToIndex.size())); } + public void testAuthcAuthzDisabled() { + Settings settings = Settings.builder() + .put("path.home", createTempDir()) + .put("xpack.security.authc.realms.realm_1.type", FileRealm.TYPE) + .put("xpack.security.authc.realms.realm_1.order", 0) + .build(); + Environment env = new Environment(settings); + Realms realms = new Realms(settings, env, factories, shieldLicenseState, reservedRealm).start(); + + assertThat(realms.iterator().hasNext(), is(true)); + + when(shieldLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(false); + assertThat(realms.iterator().hasNext(), is(false)); + } + static class DummyRealm extends Realm { public DummyRealm(String type, RealmConfig config) { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealmTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealmTests.java index 547807fc2cd..68b4186dd46 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealmTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealmTests.java @@ -22,6 +22,7 @@ import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authc.support.SecuredStringTests; import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.watcher.ResourceWatcherService; import org.junit.After; @@ -92,7 +93,7 @@ public class ActiveDirectoryRealmTests extends ESTestCase { directoryServer.startListening(); directoryServers[i] = directoryServer; } - threadPool = new ThreadPool("active directory realm tests"); + threadPool = new TestThreadPool("active directory realm tests"); resourceWatcherService = new ResourceWatcherService(Settings.EMPTY, threadPool); globalSettings = Settings.builder().put("path.home", createTempDir()).build(); } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java index 8ef07027eb1..f30b5b18f11 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java @@ -44,6 +44,7 @@ import java.util.Arrays; import java.util.Collections; import java.util.List; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.arrayContaining; import static org.hamcrest.Matchers.containsString; @@ -205,7 +206,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase { createIndex("idx"); ensureGreen("idx"); // Index a document with the default test user - client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefresh(true).get(); + client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefreshPolicy(IMMEDIATE).get(); String token = basicAuthHeaderValue("joe", new SecuredString("s3krit".toCharArray())); SearchResponse searchResp = client().filterWithHeader(Collections.singletonMap("Authorization", token)).prepareSearch("idx").get(); @@ -227,7 +228,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase { createIndex("idx"); ensureGreen("idx"); // Index a document with the default test user - client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefresh(true).get(); + client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefreshPolicy(IMMEDIATE).get(); String token = basicAuthHeaderValue("joe", new SecuredString("s3krit".toCharArray())); SearchResponse searchResp = client().filterWithHeader(Collections.singletonMap("Authorization", token)).prepareSearch("idx").get(); @@ -262,7 +263,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase { createIndex("idx"); ensureGreen("idx"); // Index a document with the default test user - client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefresh(true).get(); + client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefreshPolicy(IMMEDIATE).get(); String token = basicAuthHeaderValue("joe", new SecuredString("s3krit".toCharArray())); SearchResponse searchResp = client().filterWithHeader(Collections.singletonMap("Authorization", token)).prepareSearch("idx").get(); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserPasswdStoreTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserPasswdStoreTests.java index 72c261e0c08..cb4735eec51 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserPasswdStoreTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserPasswdStoreTests.java @@ -16,6 +16,7 @@ import org.elasticsearch.shield.authc.support.Hasher; import org.elasticsearch.shield.authc.support.RefreshListener; import org.elasticsearch.shield.authc.support.SecuredStringTests; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.watcher.ResourceWatcherService; import org.junit.After; @@ -62,7 +63,7 @@ public class FileUserPasswdStoreTests extends ESTestCase { .put("path.home", createTempDir()) .build(); env = new Environment(settings); - threadPool = new ThreadPool("test"); + threadPool = new TestThreadPool("test"); } @After diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserRolesStoreTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserRolesStoreTests.java index e74569c7eb0..09dfd3133e7 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserRolesStoreTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserRolesStoreTests.java @@ -15,6 +15,7 @@ import org.elasticsearch.shield.audit.logfile.CapturingLogger; import org.elasticsearch.shield.authc.RealmConfig; import org.elasticsearch.shield.authc.support.RefreshListener; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.XPackPlugin; @@ -63,7 +64,7 @@ public class FileUserRolesStoreTests extends ESTestCase { .put("path.home", createTempDir()) .build(); env = new Environment(settings); - threadPool = new ThreadPool("test"); + threadPool = new TestThreadPool("test"); } @After @@ -224,7 +225,7 @@ public class FileUserRolesStoreTests extends ESTestCase { public void testParseFileEmptyRolesDoesNotCauseNPE() throws Exception { ThreadPool threadPool = null; try { - threadPool = new ThreadPool("test"); + threadPool = new TestThreadPool("test"); Path usersRoles = writeUsersRoles("role1:admin"); Settings settings = Settings.builder() diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTests.java index 7ab06210a42..4be76a5c787 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTests.java @@ -15,6 +15,7 @@ import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authc.support.SecuredStringTests; import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.user.User; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.watcher.ResourceWatcherService; import org.junit.After; @@ -49,7 +50,7 @@ public class LdapRealmTests extends LdapTestCase { @Before public void init() throws Exception { - threadPool = new ThreadPool("ldap realm tests"); + threadPool = new TestThreadPool("ldap realm tests"); resourceWatcherService = new ResourceWatcherService(Settings.EMPTY, threadPool); globalSettings = Settings.builder().put("path.home", createTempDir()).build(); } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/DnRoleMapperTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/DnRoleMapperTests.java index 3dd07e2e15c..2ae0276059b 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/DnRoleMapperTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/DnRoleMapperTests.java @@ -13,6 +13,7 @@ import org.elasticsearch.shield.authc.RealmConfig; import org.elasticsearch.shield.authc.activedirectory.ActiveDirectoryRealm; import org.elasticsearch.shield.authc.ldap.LdapRealm; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.watcher.ResourceWatcherService; import org.junit.After; @@ -69,7 +70,7 @@ public class DnRoleMapperTests extends ESTestCase { .put("path.home", createTempDir()) .build(); env = new Environment(settings); - threadPool = new ThreadPool("test"); + threadPool = new TestThreadPool("test"); } @After diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperIntegrationTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperIntegrationTests.java index 2c6fb58c4bc..c65b4a2c0a6 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperIntegrationTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperIntegrationTests.java @@ -39,6 +39,7 @@ import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.IndexSettingsModule; import java.util.Collections; +import java.util.Optional; import static java.util.Collections.singleton; import static java.util.Collections.singletonMap; @@ -138,7 +139,8 @@ public class ShieldIndexSearcherWrapperIntegrationTests extends ESTestCase { for (int i = 0; i < numValues; i++) { ParsedQuery parsedQuery = new ParsedQuery(new TermQuery(new Term("field", values[i]))); when(queryShardContext.newParseContext(any(XContentParser.class))).thenReturn(queryParseContext); - when(queryParseContext.parseInnerQueryBuilder()).thenReturn((QueryBuilder) new TermQueryBuilder("field", values[i])); + when(queryParseContext.parseInnerQueryBuilder()) + .thenReturn(Optional.of((QueryBuilder) new TermQueryBuilder("field", values[i]))); when(queryShardContext.toQuery(any(QueryBuilder.class))).thenReturn(parsedQuery); DirectoryReader wrappedDirectoryReader = wrapper.wrap(directoryReader); IndexSearcher indexSearcher = wrapper.wrap(new IndexSearcher(wrappedDirectoryReader)); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperUnitTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperUnitTests.java index b32682c9423..50954e7b324 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperUnitTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperUnitTests.java @@ -134,7 +134,7 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase { FieldSubsetReader.FieldSubsetDirectoryReader result = (FieldSubsetReader.FieldSubsetDirectoryReader) shieldIndexSearcherWrapper.wrap(esIn); - assertThat(result.getFieldNames().size(), equalTo(11)); + assertThat(result.getFieldNames().size(), equalTo(12)); assertThat(result.getFieldNames().contains("_uid"), is(true)); assertThat(result.getFieldNames().contains("_id"), is(true)); assertThat(result.getFieldNames().contains("_version"), is(true)); @@ -146,6 +146,7 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase { assertThat(result.getFieldNames().contains("_ttl"), is(true)); assertThat(result.getFieldNames().contains("_size"), is(true)); assertThat(result.getFieldNames().contains("_index"), is(true)); + assertThat(result.getFieldNames().contains("_field_names"), is(true)); // _all contains actual user data and therefor can't be included by default assertThat(result.getFieldNames().contains("_all"), is(false)); } @@ -469,6 +470,16 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase { public Weight createWeight(IndexSearcher searcher, boolean needsScores) throws IOException { return new CreateScorerOnceWeight(query.createWeight(searcher, needsScores)); } + + @Override + public boolean equals(Object obj) { + return sameClassAs(obj) && query.equals(((CreateScorerOnceQuery) obj).query); + } + + @Override + public int hashCode() { + return 31 * classHash() + query.hashCode(); + } } public void doTestIndexSearcherWrapper(boolean sparse, boolean deletions) throws IOException { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java index 6dc6bbabd26..0a0ccfd206c 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java @@ -17,6 +17,7 @@ import org.elasticsearch.shield.authz.permission.RunAsPermission; import org.elasticsearch.shield.authz.privilege.ClusterPrivilege; import org.elasticsearch.shield.authz.privilege.IndexPrivilege; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.XPackPlugin; @@ -257,7 +258,7 @@ public class FileRolesStoreTests extends ESTestCase { .build(); Environment env = new Environment(settings); - threadPool = new ThreadPool("test"); + threadPool = new TestThreadPool("test"); watcherService = new ResourceWatcherService(settings, threadPool); final CountDownLatch latch = new CountDownLatch(1); FileRolesStore store = new FileRolesStore(settings, env, watcherService, new RefreshListener() { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/crypto/InternalCryptoServiceTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/crypto/InternalCryptoServiceTests.java index d97d5fcf095..ef6d5cc9404 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/crypto/InternalCryptoServiceTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/crypto/InternalCryptoServiceTests.java @@ -10,6 +10,7 @@ import org.elasticsearch.common.io.Streams; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.watcher.ResourceWatcherService; import org.junit.After; @@ -53,7 +54,7 @@ public class InternalCryptoServiceTests extends ESTestCase { .put("path.home", createTempDir()) .build(); env = new Environment(settings); - threadPool = new ThreadPool("test"); + threadPool = new TestThreadPool("test"); watcherService = new ResourceWatcherService(settings, threadPool); watcherService.start(); } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/SSLConfigurationTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/SSLConfigurationTests.java index f356e916728..9d0f4a76807 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/SSLConfigurationTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/SSLConfigurationTests.java @@ -15,6 +15,7 @@ import org.elasticsearch.shield.ssl.SSLConfiguration.Custom; import org.elasticsearch.shield.ssl.SSLConfiguration.Global; import org.elasticsearch.shield.ssl.TrustConfig.Reloadable.Listener; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.watcher.ResourceWatcherService; @@ -321,7 +322,7 @@ public class SSLConfigurationTests extends ESTestCase { AtomicReference exceptionRef = new AtomicReference<>(); Listener listener = createRefreshListener(latch, exceptionRef); - ThreadPool threadPool = new ThreadPool("reload"); + ThreadPool threadPool = new TestThreadPool("reload"); try { ResourceWatcherService resourceWatcherService = new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start(); @@ -384,7 +385,7 @@ public class SSLConfigurationTests extends ESTestCase { AtomicReference exceptionRef = new AtomicReference<>(); Listener listener = createRefreshListener(latch, exceptionRef); - ThreadPool threadPool = new ThreadPool("reload pem"); + ThreadPool threadPool = new TestThreadPool("reload pem"); try { ResourceWatcherService resourceWatcherService = new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start(); @@ -460,7 +461,7 @@ public class SSLConfigurationTests extends ESTestCase { AtomicReference exceptionRef = new AtomicReference<>(); Listener listener = createRefreshListener(latch, exceptionRef); - ThreadPool threadPool = new ThreadPool("reload"); + ThreadPool threadPool = new TestThreadPool("reload"); try { ResourceWatcherService resourceWatcherService = new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start(); @@ -506,7 +507,7 @@ public class SSLConfigurationTests extends ESTestCase { AtomicReference exceptionRef = new AtomicReference<>(); Listener listener = createRefreshListener(latch, exceptionRef); - ThreadPool threadPool = new ThreadPool("reload"); + ThreadPool threadPool = new TestThreadPool("reload"); try { ResourceWatcherService resourceWatcherService = new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start(); @@ -554,7 +555,7 @@ public class SSLConfigurationTests extends ESTestCase { AtomicReference exceptionRef = new AtomicReference<>(); Listener listener = createRefreshListener(latch, exceptionRef); - ThreadPool threadPool = new ThreadPool("reload"); + ThreadPool threadPool = new TestThreadPool("reload"); try { ResourceWatcherService resourceWatcherService = new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start(); @@ -603,7 +604,7 @@ public class SSLConfigurationTests extends ESTestCase { AtomicReference exceptionRef = new AtomicReference<>(); Listener listener = createRefreshListener(latch, exceptionRef); - ThreadPool threadPool = new ThreadPool("reload pem"); + ThreadPool threadPool = new TestThreadPool("reload pem"); try { ResourceWatcherService resourceWatcherService = new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start(); @@ -654,7 +655,7 @@ public class SSLConfigurationTests extends ESTestCase { AtomicReference exceptionRef = new AtomicReference<>(); Listener listener = createRefreshListener(latch, exceptionRef); - ThreadPool threadPool = new ThreadPool("reload"); + ThreadPool threadPool = new TestThreadPool("reload"); try { ResourceWatcherService resourceWatcherService = new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start(); @@ -693,7 +694,7 @@ public class SSLConfigurationTests extends ESTestCase { AtomicReference exceptionRef = new AtomicReference<>(); Listener listener = createRefreshListener(latch, exceptionRef); - ThreadPool threadPool = new ThreadPool("reload"); + ThreadPool threadPool = new TestThreadPool("reload"); try { ResourceWatcherService resourceWatcherService = new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start(); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/SelfReschedulingRunnableTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/SelfReschedulingRunnableTests.java index 04bb5e1f73e..d3d7cd21553 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/SelfReschedulingRunnableTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/SelfReschedulingRunnableTests.java @@ -10,6 +10,7 @@ import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.util.concurrent.AbstractRunnable; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.threadpool.ThreadPool.Names; @@ -189,7 +190,7 @@ public class SelfReschedulingRunnableTests extends ESTestCase { } public void testStopPreventsRunning() throws Exception { - final ThreadPool threadPool = new ThreadPool("test-stop-self-schedule"); + final ThreadPool threadPool = new TestThreadPool("test-stop-self-schedule"); final AtomicInteger failureCounter = new AtomicInteger(0); final AtomicInteger runCounter = new AtomicInteger(0); final AbstractRunnable runnable = new AbstractRunnable() { @@ -232,7 +233,7 @@ public class SelfReschedulingRunnableTests extends ESTestCase { } public void testStopPreventsRescheduling() throws Exception { - final ThreadPool threadPool = new ThreadPool("test-stop-self-schedule"); + final ThreadPool threadPool = new TestThreadPool("test-stop-self-schedule"); final CountDownLatch threadRunningLatch = new CountDownLatch(randomIntBetween(1, 16)); final CountDownLatch stopCalledLatch = new CountDownLatch(1); final AbstractRunnable runnable = new AbstractRunnable() { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/SettingsFilterTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/SettingsFilterTests.java index 945472b94c3..767b656b666 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/SettingsFilterTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/SettingsFilterTests.java @@ -15,7 +15,9 @@ import org.elasticsearch.shield.ssl.SSLConfiguration; import org.elasticsearch.xpack.XPackPlugin; import org.hamcrest.Matcher; +import java.util.ArrayList; import java.util.HashMap; +import java.util.List; import java.util.Map; import static org.hamcrest.CoreMatchers.nullValue; @@ -85,13 +87,14 @@ public class SettingsFilterTests extends ESTestCase { .build(); XPackPlugin xPackPlugin = new XPackPlugin(settings); - SettingsModule settingsModule = new SettingsModule(settings); + List> settingList = new ArrayList<>(); + settingList.add(Setting.simpleString("foo.bar", Setting.Property.NodeScope)); + settingList.add(Setting.simpleString("foo.baz", Setting.Property.NodeScope)); + settingList.add(Setting.simpleString("bar.baz", Setting.Property.NodeScope)); + settingList.add(Setting.simpleString("baz.foo", Setting.Property.NodeScope)); + settingList.addAll(xPackPlugin.getSettings()); // custom settings, potentially added by a plugin - settingsModule.registerSetting(Setting.simpleString("foo.bar", Setting.Property.NodeScope)); - settingsModule.registerSetting(Setting.simpleString("foo.baz", Setting.Property.NodeScope)); - settingsModule.registerSetting(Setting.simpleString("bar.baz", Setting.Property.NodeScope)); - settingsModule.registerSetting(Setting.simpleString("baz.foo", Setting.Property.NodeScope)); - xPackPlugin.onModule(settingsModule); + SettingsModule settingsModule = new SettingsModule(settings, settingList, xPackPlugin.getSettingsFilter()); Injector injector = Guice.createInjector(settingsModule); SettingsFilter settingsFilter = injector.getInstance(SettingsFilter.class); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java index 6e148315bda..f438116cd7c 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java @@ -217,7 +217,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ return getSSLSettingsForPEMFiles("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.pem", "testnode", Collections.singletonList("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"), Arrays.asList("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.crt", - "/org/elasticsearch/shield/transport/ssl/certs/simple/activedir.crt", + "/org/elasticsearch/shield/transport/ssl/certs/simple/active-directory-ca.crt", "/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt", "/org/elasticsearch/shield/transport/ssl/certs/simple/openldap.crt", "/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"), diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java index 4f994db7f90..5153754b62b 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java @@ -9,12 +9,12 @@ import org.apache.lucene.util.IOUtils; import org.elasticsearch.action.Action; import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.io.Streams; -import org.elasticsearch.graph.Graph; import org.elasticsearch.license.plugin.Licensing; import org.elasticsearch.shield.action.ShieldActionModule; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.ShieldIntegTestCase; import org.elasticsearch.xpack.XPackPlugin; +import org.elasticsearch.xpack.graph.Graph; import org.junit.BeforeClass; import java.io.IOException; diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/ldaptrust.jks b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/ldaptrust.jks index 37f8edfe844..2b8287d88f0 100644 Binary files a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/ldaptrust.jks and b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/ldaptrust.jks differ diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/active-directory-ca.crt b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/active-directory-ca.crt new file mode 100644 index 00000000000..453d1361ce4 --- /dev/null +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/active-directory-ca.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID1zCCAr+gAwIBAgIQWA24rVK7FopAgOHfEio/VjANBgkqhkiG9w0BAQsFADB+ +MRMwEQYKCZImiZPyLGQBGRYDY29tMR0wGwYKCZImiZPyLGQBGRYNZWxhc3RpY3Nl +YXJjaDEUMBIGCgmSJomT8ixkARkWBHRlc3QxEjAQBgoJkiaJk/IsZAEZFgJhZDEe +MBwGA1UEAxMVYWQtRUxBU1RJQ1NFQVJDSEFELUNBMB4XDTE0MDgyNzE2MjI0MloX +DTI5MDgyNzE2MzI0MlowfjETMBEGCgmSJomT8ixkARkWA2NvbTEdMBsGCgmSJomT +8ixkARkWDWVsYXN0aWNzZWFyY2gxFDASBgoJkiaJk/IsZAEZFgR0ZXN0MRIwEAYK +CZImiZPyLGQBGRYCYWQxHjAcBgNVBAMTFWFkLUVMQVNUSUNTRUFSQ0hBRC1DQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNNZsDJ+lhsE/pCIkNlq6/F +xwv3PU2M+E1/SbWrLEtfbb1ATnn98DwxjpCj00wS0bt26/7zrhHKyX5LaxyS27ER +8bKpLSO4qcVWzDIQnVNk2XfBrYS/Og+6Pi/Lw/ylt/vE++kHWIJBc4O6i+pPByOM +oypM6bh71kTkpK8OTPqf+HiPp0qKhRah6XVtqTc+kOCOku2+wkELbCz8RNzF9ca6 +Uu3YxLi73pNdk0wDTmg6JVaUyVRpSkjJH4BAp9SVma6Rxy6tbh4e5P+8K8lY9ptM +TBzTsDS1EhNK/92xULfQbGT814Z294pF3ARMEJ89N+aegS++kz7CqjciZ1+bA6EC +AwEAAaNRME8wCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FIEKG0KdSVNknKcMZkbTlKo7N8MjMBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3 +DQEBCwUAA4IBAQBgbWBXPbEMTEsiVWzoxmTw1wJASBdPahx6CggutjGq3ASjby4p +nVCTwE4xdDEVyFGmeslSp9+23XjBuaiqVPtYw8P8hnG269J0q4cOF/VXOccRLeOw +HVDBv2a7xzgBSwc1KB50TLv07stcBmBYNu8anN6EwGksdgjb8IjRV6U3U+IvFNrI +rGifuIc/iRZD4Clhnpxw8tCsgcrcmz9CU7CN5RxKVEpZ6ou6ZjHO8l8H0t9zWrSI +PL+33iBGHNWlyU63N93XgJtxV1em1hHryLtTTtaVZJJ3R0OrLrUpG8SQ7zCUy62f +YtImFPClUMXY03yH+4DAhflueRvY/D1AKL12 +-----END CERTIFICATE----- diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/activedir.crt b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/activedir.crt deleted file mode 100644 index 49a4416a2cf..00000000000 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/activedir.crt +++ /dev/null @@ -1,38 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGkjCCBXqgAwIBAgITSwAAAAP/F57VuIEUDQAAAAAAAzANBgkqhkiG9w0BAQsF -ADB+MRMwEQYKCZImiZPyLGQBGRYDY29tMR0wGwYKCZImiZPyLGQBGRYNZWxhc3Rp -Y3NlYXJjaDEUMBIGCgmSJomT8ixkARkWBHRlc3QxEjAQBgoJkiaJk/IsZAEZFgJh -ZDEeMBwGA1UEAxMVYWQtRUxBU1RJQ1NFQVJDSEFELUNBMB4XDTE1MDcxNjE4MzI1 -MFoXDTE2MDcxNTE4MzI1MFowODE2MDQGA1UEAxMtRWxhc3RpY1NlYXJjaEFkVGVz -dC5hZC50ZXN0LmVsYXN0aWNzZWFyY2guY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAqO9hYAASE1ZFdTnm784j58JvpQySpx81LvecQl4gE4d2yJk6 -9ibn8cgfGF+P+n/WRXwhb9C2oZeHnou2WokhDbw1Q+iOtRjIYP+P6s9KXBRaA71D -+yvFfgFSHl3k1gd+BP2KGdfrs4ElFX4uZCNFtYDH7LFDWT1Ens3cHcyxB+zGewmY -1xox2LrQcUPNu2XRoSFZUNulj1UOQgJXAuslyzUOt4Djmz1195hbYB6kaR9noZJn -mMyzWAMjAzEdF4/ivHWZR9BNFwwJXgwOKldbGiDuYi/x9XLrNoY5A2UZ1tlVB/Yv -k1o0e8gL+C2U0ZK1yp/qbxCYpB4fx4Tui8gyQwIDAQABo4IDTTCCA0kwLwYJKwYB -BAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQByMB0GA1Ud -JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAweAYJKoZI -hvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAsGCWCG -SAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFlAwQBBTAH -BgUrDgMCBzAKBggqhkiG9w0DBzBZBgNVHREEUjBQoB8GCSsGAQQBgjcZAaASBBA6 -UzhVceE7RKuubA/hfhl9gi1FbGFzdGljU2VhcmNoQWRUZXN0LmFkLnRlc3QuZWxh -c3RpY3NlYXJjaC5jb20wHQYDVR0OBBYEFIHEUmmmaXZ3cmIuSAgVikHSiKcqMB8G -A1UdIwQYMBaAFIEKG0KdSVNknKcMZkbTlKo7N8MjMIHzBgNVHR8EgeswgegwgeWg -geKggd+GgdxsZGFwOi8vL0NOPWFkLUVMQVNUSUNTRUFSQ0hBRC1DQSxDTj1FbGFz -dGljU2VhcmNoQWRUZXN0LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNl -cyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWFkLERDPXRlc3QsREM9 -ZWxhc3RpY3NlYXJjaCxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9i -YXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIHbBggrBgEFBQcB -AQSBzjCByzCByAYIKwYBBQUHMAKGgbtsZGFwOi8vL0NOPWFkLUVMQVNUSUNTRUFS -Q0hBRC1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2Vy -dmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1hZCxEQz10ZXN0LERDPWVsYXN0aWNz -ZWFyY2gsREM9Y29tP2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0 -aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBCwUAA4IBAQCP0mbcAsnw7qxt -jCSR38k0BteM0iEkR43ZrrBPLC/TlhULzC25EdFnZrb0cjd8UxTFEQo2UfTmw0Aj -IGe/N2CNvnwwq2hevK9IYAwQNj+0CB9LKdHztIBumxWj7a02rZpLSxuTMbljVEHT -yWGGDbndFUlAM6yOUAgHDiBLL9q2Ar6mqzd1XIs2MdqKbHgE8mhsmwm4vpKGg2hx -VfBYv/6RUw3M9+ep6PEGo6bYbcDbBMfLz4GR/hTm00MyhunYDYeuBUEn1SA/JOBK -c+Mcv8SNpQeAHIhdLYyzgIIqeBOFvz25kkPZvdHZzT4lNkSc7+v3pycrT7Pgk7s3 -aGRGqK0c ------END CERTIFICATE----- diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-no-subjaltname.jks b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-no-subjaltname.jks index 81f947afcc1..ec482775bd0 100644 Binary files a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-no-subjaltname.jks and b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-no-subjaltname.jks differ diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks index 39955d91a2e..f034f5b005a 100644 Binary files a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks and b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks differ diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions index ebf3293e8cc..1952eec4478 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions @@ -20,6 +20,7 @@ cluster:monitor/nodes/stats cluster:monitor/state cluster:monitor/stats cluster:monitor/task +cluster:monitor/task/get cluster:monitor/tasks/lists cluster:monitor/xpack/watcher/stats indices:admin/aliases diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java index b519da5d489..66d5a20b1f4 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java @@ -18,24 +18,29 @@ import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsModule; import org.elasticsearch.env.Environment; -import org.elasticsearch.graph.Graph; import org.elasticsearch.index.IndexModule; import org.elasticsearch.license.plugin.Licensing; import org.elasticsearch.marvel.Monitoring; +import org.elasticsearch.marvel.MonitoringSettings; import org.elasticsearch.plugins.Plugin; +import org.elasticsearch.plugins.ScriptPlugin; +import org.elasticsearch.script.ScriptContext; import org.elasticsearch.script.ScriptModule; import org.elasticsearch.shield.Security; import org.elasticsearch.shield.authc.AuthenticationModule; +import org.elasticsearch.threadpool.ExecutorBuilder; import org.elasticsearch.xpack.action.TransportXPackInfoAction; import org.elasticsearch.xpack.action.TransportXPackUsageAction; import org.elasticsearch.xpack.action.XPackInfoAction; import org.elasticsearch.xpack.action.XPackUsageAction; +import org.elasticsearch.xpack.common.ScriptServiceProxy; import org.elasticsearch.xpack.common.http.HttpClientModule; import org.elasticsearch.xpack.common.init.LazyInitializationModule; import org.elasticsearch.xpack.common.init.LazyInitializationService; import org.elasticsearch.xpack.common.secret.SecretModule; import org.elasticsearch.xpack.extensions.XPackExtension; import org.elasticsearch.xpack.extensions.XPackExtensionsService; +import org.elasticsearch.xpack.graph.Graph; import org.elasticsearch.xpack.notification.Notification; import org.elasticsearch.xpack.notification.email.Account; import org.elasticsearch.xpack.notification.email.support.BodyPartSource; @@ -51,8 +56,9 @@ import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; +import java.util.List; -public class XPackPlugin extends Plugin { +public class XPackPlugin extends Plugin implements ScriptPlugin { public static final String NAME = "x-pack"; @@ -179,26 +185,44 @@ public class XPackPlugin extends Plugin { return builder.build(); } - public void onModule(ScriptModule module) { - watcher.onModule(module); + @Override + public ScriptContext.Plugin getCustomScriptContexts() { + return ScriptServiceProxy.INSTANCE; } - public void onModule(SettingsModule module) { + @Override + public List> getSettings() { + ArrayList> settings = new ArrayList<>(); + settings.addAll(notification.getSettings()); + settings.addAll(security.getSettings()); + settings.addAll(MonitoringSettings.getSettings()); + settings.addAll(watcher.getSettings()); + settings.addAll(graph.getSettings()); + settings.addAll(licensing.getSettings()); // we add the `xpack.version` setting to all internal indices - module.registerSetting(Setting.simpleString("index.xpack.version", Setting.Property.IndexScope)); + settings.add(Setting.simpleString("index.xpack.version", Setting.Property.IndexScope)); // http settings - module.registerSetting(Setting.simpleString("xpack.http.default_read_timeout", Setting.Property.NodeScope)); - module.registerSetting(Setting.simpleString("xpack.http.default_connection_timeout", Setting.Property.NodeScope)); - module.registerSetting(Setting.groupSetting("xpack.http.ssl.", Setting.Property.NodeScope)); - module.registerSetting(Setting.groupSetting("xpack.http.proxy.", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.http.default_read_timeout", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.http.default_connection_timeout", Setting.Property.NodeScope)); + settings.add(Setting.groupSetting("xpack.http.ssl.", Setting.Property.NodeScope)); + settings.add(Setting.groupSetting("xpack.http.proxy.", Setting.Property.NodeScope)); + return settings; + } - notification.onModule(module); - security.onModule(module); - monitoring.onModule(module); - watcher.onModule(module); - graph.onModule(module); - licensing.onModule(module); + @Override + public List getSettingsFilter() { + List filters = new ArrayList<>(); + filters.addAll(notification.getSettingsFilter()); + filters.addAll(security.getSettingsFilter()); + filters.addAll(MonitoringSettings.getSettingsFilter()); + filters.addAll(graph.getSettingsFilter()); + return filters; + } + + @Override + public List> getExecutorBuilders(final Settings settings) { + return watcher.getExecutorBuilders(settings); } public void onModule(NetworkModule module) { @@ -297,9 +321,9 @@ public class XPackPlugin extends Plugin { * * {@code ".enabled": true | false} */ - public static void registerFeatureEnabledSettings(SettingsModule settingsModule, String featureName, boolean defaultValue) { - settingsModule.registerSetting(Setting.boolSetting(featureEnabledSetting(featureName), defaultValue, Setting.Property.NodeScope)); - settingsModule.registerSetting(Setting.boolSetting(legacyFeatureEnabledSetting(featureName), + public static void addFeatureEnabledSettings(List> settingsList, String featureName, boolean defaultValue) { + settingsList.add(Setting.boolSetting(featureEnabledSetting(featureName), defaultValue, Setting.Property.NodeScope)); + settingsList.add(Setting.boolSetting(legacyFeatureEnabledSetting(featureName), defaultValue, Setting.Property.NodeScope)); } diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/action/TransportXPackUsageAction.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/action/TransportXPackUsageAction.java index 0aab9211c00..86dca578ad6 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/action/TransportXPackUsageAction.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/action/TransportXPackUsageAction.java @@ -29,7 +29,7 @@ public class TransportXPackUsageAction extends HandledTransportAction featureSets) { - super(settings, XPackInfoAction.NAME, threadPool, transportService, actionFilters, indexNameExpressionResolver, + super(settings, XPackUsageAction.NAME, threadPool, transportService, actionFilters, indexNameExpressionResolver, XPackUsageRequest::new); this.featureSets = featureSets; } diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommand.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommand.java index cf161e65012..df5b59167ea 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommand.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommand.java @@ -8,6 +8,7 @@ package org.elasticsearch.xpack.extensions; import joptsimple.OptionSet; import joptsimple.OptionSpec; import org.apache.lucene.util.IOUtils; +import org.elasticsearch.SpecialPermission; import org.elasticsearch.bootstrap.JarHell; import org.elasticsearch.cli.ExitCodes; import org.elasticsearch.cli.SettingCommand; @@ -26,13 +27,26 @@ import java.net.URLDecoder; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.StandardCopyOption; -import java.util.ArrayList; + import java.util.Arrays; -import java.util.List; import java.util.Map; +import java.util.List; +import java.util.ArrayList; +import java.util.Comparator; +import java.util.Collections; import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; +import java.security.Policy; +import java.security.PermissionCollection; +import java.security.Permission; +import java.security.NoSuchAlgorithmException; +import java.security.Permissions; +import java.security.PrivilegedAction; +import java.security.AccessController; +import java.security.UnresolvedPermission; +import java.security.URIParameter; + import static org.elasticsearch.cli.Terminal.Verbosity.VERBOSE; import static org.elasticsearch.xpack.XPackPlugin.resolveXPackExtensionsFile; @@ -49,18 +63,19 @@ import static org.elasticsearch.xpack.XPackPlugin.resolveXPackExtensionsFile; *
    *
  • The property file exists and contains valid metadata. See {@link XPackExtensionInfo#readFromProperties(Path)}
    • *
  • Jar hell does not exist, either between the extension's own jars or with the parent classloader (elasticsearch + x-pack)
    • + *
  • If the extension contains extra security permissions, the policy file is validated
    • *
*/ -class InstallXPackExtensionCommand extends SettingCommand { +final class InstallXPackExtensionCommand extends SettingCommand { private final OptionSpec batchOption; private final OptionSpec arguments; InstallXPackExtensionCommand() { - super("Install a plugin"); + super("Install an extension"); this.batchOption = parser.acceptsAll(Arrays.asList("b", "batch"), "Enable batch mode explicitly, automatic confirmation of security permission"); - this.arguments = parser.nonOptions("plugin id"); + this.arguments = parser.nonOptions("extension id"); } @Override @@ -86,7 +101,7 @@ class InstallXPackExtensionCommand extends SettingCommand { Path extensionZip = download(terminal, extensionId, env.tmpFile()); Path extractedZip = unzip(extensionZip, resolveXPackExtensionsFile(env)); - install(terminal, extractedZip, env); + install(terminal, extractedZip, env, isBatch); } /** Downloads the extension and returns the file it was downloaded to. */ @@ -133,13 +148,21 @@ class InstallXPackExtensionCommand extends SettingCommand { } /** Load information about the extension, and verify it can be installed with no errors. */ - private XPackExtensionInfo verify(Terminal terminal, Path extensionRoot, Environment env) throws Exception { + private XPackExtensionInfo verify(Terminal terminal, Path extensionRoot, Environment env, boolean isBatch) throws Exception { // read and validate the extension descriptor XPackExtensionInfo info = XPackExtensionInfo.readFromProperties(extensionRoot); terminal.println(VERBOSE, info.toString()); // check for jar hell before any copying jarHellCheck(extensionRoot); + + // read optional security policy (extra permissions) + // if it exists, confirm or warn the user + Path policy = extensionRoot.resolve(XPackExtensionInfo.XPACK_EXTENSION_POLICY); + if (Files.exists(policy)) { + readPolicy(policy, terminal, env, isBatch); + } + return info; } @@ -165,11 +188,11 @@ class InstallXPackExtensionCommand extends SettingCommand { /** * Installs the extension from {@code tmpRoot} into the extensions dir. */ - private void install(Terminal terminal, Path tmpRoot, Environment env) throws Exception { + private void install(Terminal terminal, Path tmpRoot, Environment env, boolean isBatch) throws Exception { List deleteOnFailure = new ArrayList<>(); deleteOnFailure.add(tmpRoot); try { - XPackExtensionInfo info = verify(terminal, tmpRoot, env); + XPackExtensionInfo info = verify(terminal, tmpRoot, env, isBatch); final Path destination = resolveXPackExtensionsFile(env).resolve(info.getName()); if (Files.exists(destination)) { throw new UserError(ExitCodes.USAGE, @@ -188,4 +211,150 @@ class InstallXPackExtensionCommand extends SettingCommand { throw installProblem; } } + + /** Format permission type, name, and actions into a string */ + static String formatPermission(Permission permission) { + StringBuilder sb = new StringBuilder(); + + String clazz = null; + if (permission instanceof UnresolvedPermission) { + clazz = ((UnresolvedPermission) permission).getUnresolvedType(); + } else { + clazz = permission.getClass().getName(); + } + sb.append(clazz); + + String name = null; + if (permission instanceof UnresolvedPermission) { + name = ((UnresolvedPermission) permission).getUnresolvedName(); + } else { + name = permission.getName(); + } + if (name != null && name.length() > 0) { + sb.append(' '); + sb.append(name); + } + + String actions = null; + if (permission instanceof UnresolvedPermission) { + actions = ((UnresolvedPermission) permission).getUnresolvedActions(); + } else { + actions = permission.getActions(); + } + if (actions != null && actions.length() > 0) { + sb.append(' '); + sb.append(actions); + } + return sb.toString(); + } + + /** + * Parses extension policy into a set of permissions + */ + static PermissionCollection parsePermissions(Path file, Path tmpDir) throws IOException { + // create a zero byte file for "comparison" + // this is necessary because the default policy impl automatically grants two permissions: + // 1. permission to exitVM (which we ignore) + // 2. read permission to the code itself (e.g. jar file of the code) + + Path emptyPolicyFile = Files.createTempFile(tmpDir, "empty", "tmp"); + final Policy emptyPolicy; + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(new SpecialPermission()); + } + emptyPolicy = + AccessController.doPrivileged((PrivilegedAction) () -> { + try { + return Policy.getInstance("JavaPolicy", new URIParameter(emptyPolicyFile.toUri())); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + }); + IOUtils.rm(emptyPolicyFile); + + // parse the extension's policy file into a set of permissions + final Policy policy = + AccessController.doPrivileged((PrivilegedAction) () -> { + try { + return Policy.getInstance("JavaPolicy", new URIParameter(file.toUri())); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + }); + PermissionCollection permissions = policy.getPermissions(XPackExtensionSecurity.class.getProtectionDomain()); + // this method is supported with the specific implementation we use, but just check for safety. + if (permissions == Policy.UNSUPPORTED_EMPTY_COLLECTION) { + throw new UnsupportedOperationException("JavaPolicy implementation does not support retrieving permissions"); + } + PermissionCollection actualPermissions = new Permissions(); + for (Permission permission : Collections.list(permissions.elements())) { + if (!emptyPolicy.implies(XPackExtensionSecurity.class.getProtectionDomain(), permission)) { + actualPermissions.add(permission); + } + } + actualPermissions.setReadOnly(); + return actualPermissions; + } + + + /** + * Reads extension policy, prints/confirms exceptions + */ + static void readPolicy(Path file, Terminal terminal, Environment environment, boolean batch) throws IOException { + PermissionCollection permissions = parsePermissions(file, environment.tmpFile()); + List requested = Collections.list(permissions.elements()); + if (requested.isEmpty()) { + terminal.println(Terminal.Verbosity.VERBOSE, "extension has a policy file with no additional permissions"); + return; + } + + // sort permissions in a reasonable order + Collections.sort(requested, new Comparator() { + @Override + public int compare(Permission o1, Permission o2) { + int cmp = o1.getClass().getName().compareTo(o2.getClass().getName()); + if (cmp == 0) { + String name1 = o1.getName(); + String name2 = o2.getName(); + if (name1 == null) { + name1 = ""; + } + if (name2 == null) { + name2 = ""; + } + cmp = name1.compareTo(name2); + if (cmp == 0) { + String actions1 = o1.getActions(); + String actions2 = o2.getActions(); + if (actions1 == null) { + actions1 = ""; + } + if (actions2 == null) { + actions2 = ""; + } + cmp = actions1.compareTo(actions2); + } + } + return cmp; + } + }); + + terminal.println(Terminal.Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + terminal.println(Terminal.Verbosity.NORMAL, "@ WARNING: x-pack extension requires additional permissions @"); + terminal.println(Terminal.Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + // print all permissions: + for (Permission permission : requested) { + terminal.println(Terminal.Verbosity.NORMAL, "* " + formatPermission(permission)); + } + terminal.println(Terminal.Verbosity.NORMAL, "See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html"); + terminal.println(Terminal.Verbosity.NORMAL, "for descriptions of what these permissions allow and the associated risks."); + if (!batch) { + terminal.println(Terminal.Verbosity.NORMAL, ""); + String text = terminal.readText("Continue with installation? [y/N]"); + if (!text.equalsIgnoreCase("y")) { + throw new RuntimeException("installation aborted by user"); + } + } + } } diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionInfo.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionInfo.java index d705f8457ae..c2ea2a95316 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionInfo.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionInfo.java @@ -16,6 +16,7 @@ import java.util.Properties; public class XPackExtensionInfo { public static final String XPACK_EXTENSION_PROPERTIES = "x-pack-extension-descriptor.properties"; + public static final String XPACK_EXTENSION_POLICY = "x-pack-extension-security.policy"; private String name; private String description; diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionPolicy.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionPolicy.java new file mode 100644 index 00000000000..5ac71107340 --- /dev/null +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionPolicy.java @@ -0,0 +1,67 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.extensions; + +import org.elasticsearch.common.SuppressForbidden; + +import java.net.URL; +import java.security.Policy; +import java.security.ProtectionDomain; +import java.security.CodeSource; +import java.security.Permission; +import java.security.SecurityPermission; +import java.util.Map; + +final class XPackExtensionPolicy extends Policy { + static final Permission SET_POLICY_PERMISSION = new SecurityPermission("setPolicy"); + static final Permission GET_POLICY_PERMISSION = new SecurityPermission("getPolicy"); + static final Permission CREATE_POLICY_PERMISSION = new SecurityPermission("createPolicy.JavaPolicy"); + + // the base policy (es + plugins) + final Policy basePolicy; + // policy extensions + final Map extensions; + // xpack code source location + final URL xpackURL; + + /** + * + * @param basePolicy The base policy + * @param extensions Extra code source extension's policy + */ + public XPackExtensionPolicy(Policy basePolicy, Map extensions) { + this.basePolicy = basePolicy; + this.extensions = extensions; + xpackURL = XPackExtensionPolicy.class.getProtectionDomain().getCodeSource().getLocation(); + } + + private boolean isPolicyPermission(Permission permission) { + return GET_POLICY_PERMISSION.equals(permission) || + CREATE_POLICY_PERMISSION.equals(permission) || + SET_POLICY_PERMISSION.equals(permission); + } + + @Override @SuppressForbidden(reason = "fast equals check is desired") + public boolean implies(ProtectionDomain domain, Permission permission) { + CodeSource codeSource = domain.getCodeSource(); + if (codeSource != null && codeSource.getLocation() != null) { + if (codeSource.getLocation().equals(xpackURL) && + isPolicyPermission(permission)) { + // forbid to get, create and set java policy in xpack codesource + // it is only granted at startup in order to let xpack add the extensions policy + // and make this policy the default. + return false; + } + // check for an additional extension permission: extension policy is + // only consulted for its codesources. + Policy extension = extensions.get(codeSource.getLocation().getFile()); + if (extension != null && extension.implies(domain, permission)) { + return true; + } + } + return basePolicy.implies(domain, permission); + } +} \ No newline at end of file diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionSecurity.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionSecurity.java new file mode 100644 index 00000000000..54f744b8551 --- /dev/null +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionSecurity.java @@ -0,0 +1,144 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.extensions; + +import org.elasticsearch.SpecialPermission; +import org.elasticsearch.common.SuppressForbidden; +import org.elasticsearch.common.io.PathUtils; + +import java.io.IOException; +import java.net.URISyntaxException; +import java.net.URL; +import java.nio.file.DirectoryStream; +import java.nio.file.Files; +import java.nio.file.Path; +import java.util.Map; +import java.util.HashMap; +import java.util.List; +import java.util.ArrayList; +import java.util.Collections; +import java.security.Policy; +import java.security.PrivilegedAction; +import java.security.AccessController; +import java.security.URIParameter; +import java.security.NoSuchAlgorithmException; + +final class XPackExtensionSecurity { + private XPackExtensionSecurity() {} + + /** + * Initializes the XPackExtensionPolicy + * Can only happen once! + * + * @param extsDirectory the directory where the extensions are installed + */ + static void configure(Path extsDirectory) throws IOException { + Map map = getExtensionsPermissions(extsDirectory); + if (map.size() > 0) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(new SpecialPermission()); + } + AccessController.doPrivileged((PrivilegedAction) () -> { + Policy newPolicy = new XPackExtensionPolicy(Policy.getPolicy(), map); + Policy.setPolicy(newPolicy); + return null; + }); + } + } + + /** + * Sets properties (codebase URLs) for policy files. + * we look for matching extensions and set URLs to fit + */ + @SuppressForbidden(reason = "proper use of URL") + static Map getExtensionsPermissions(Path extsDirectory) throws IOException { + Map map = new HashMap<>(); + // collect up lists of extensions + List extensionPaths = new ArrayList<>(); + if (Files.exists(extsDirectory)) { + try (DirectoryStream stream = Files.newDirectoryStream(extsDirectory)) { + for (Path extension : stream) { + extensionPaths.add(extension); + } + } + } + // now process each one + for (Path extension : extensionPaths) { + Path policyFile = extension.resolve(XPackExtensionInfo.XPACK_EXTENSION_POLICY); + if (Files.exists(policyFile)) { + // first get a list of URLs for the extension's jars: + // we resolve symlinks so map is keyed on the normalize codebase name + List codebases = new ArrayList<>(); + try (DirectoryStream jarStream = Files.newDirectoryStream(extension, "*.jar")) { + for (Path jar : jarStream) { + codebases.add(jar.toRealPath().toUri().toURL()); + } + } + + // parse the extension's policy file into a set of permissions + Policy policy = readPolicy(policyFile.toUri().toURL(), codebases.toArray(new URL[codebases.size()])); + + // consult this policy for each of the extension's jars: + for (URL url : codebases) { + if (map.put(url.getFile(), policy) != null) { + // just be paranoid ok? + throw new IllegalStateException("per-extension permissions already granted for jar file: " + url); + } + } + } + } + + return Collections.unmodifiableMap(map); + } + + /** + * Reads and returns the specified {@code policyFile}. + *

+ * Resources (e.g. jar files and directories) listed in {@code codebases} location + * will be provided to the policy file via a system property of the short name: + * e.g. ${codebase.joda-convert-1.2.jar} would map to full URL. + */ + @SuppressForbidden(reason = "accesses fully qualified URLs to configure security") + static Policy readPolicy(URL policyFile, URL codebases[]) throws IOException { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(new SpecialPermission()); + } + try { + try { + // set codebase properties + for (URL url : codebases) { + String shortName = PathUtils.get(url.toURI()).getFileName().toString(); + + AccessController.doPrivileged((PrivilegedAction) () -> { + System.setProperty("codebase." + shortName, url.toString()); + return null; + }); + } + URIParameter uri = new URIParameter(policyFile.toURI()); + return AccessController.doPrivileged((PrivilegedAction) () -> { + try { + return Policy.getInstance("JavaPolicy", uri); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + }); + } finally { + // clear codebase properties + for (URL url : codebases) { + String shortName = PathUtils.get(url.toURI()).getFileName().toString(); + AccessController.doPrivileged((PrivilegedAction) () -> { + System.clearProperty("codebase." + shortName); + return null; + }); + } + } + } catch (URISyntaxException e) { + throw new IllegalArgumentException("unable to parse policy file `" + policyFile + "`", e); + } + } +} \ No newline at end of file diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java index 42ff95f39f3..e682343838c 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java @@ -20,10 +20,10 @@ import java.net.URLClassLoader; import java.nio.file.DirectoryStream; import java.nio.file.Files; import java.nio.file.Path; -import java.util.List; -import java.util.ArrayList; import java.util.Collection; import java.util.Collections; +import java.util.List; +import java.util.ArrayList; import java.util.Arrays; import static org.elasticsearch.common.io.FileSystemUtils.isAccessibleDirectory; @@ -37,18 +37,25 @@ public class XPackExtensionsService { /** * We keep around a list of extensions */ - private final List > extensions; + private final List> extensions; /** * Constructs a new XPackExtensionsService - * @param settings The settings of the system - * @param extsDirectory The directory extensions exist in, or null if extensions should not be loaded from the filesystem + * + * @param settings The settings of the system + * @param extsDirectory The directory extensions exist in, or null if extensions should not be loaded from the filesystem * @param classpathExtensions Extensions that exist in the classpath which should be loaded */ - public XPackExtensionsService(Settings settings, Path extsDirectory, Collection> classpathExtensions) { + public XPackExtensionsService(Settings settings, Path extsDirectory, + Collection> classpathExtensions) { + try { + XPackExtensionSecurity.configure(extsDirectory); + } catch (Exception e) { + throw new IllegalStateException("Unable to configure extension policy", e); + } + this.settings = settings; List> extensionsLoaded = new ArrayList<>(); - // first we load extensions that are on the classpath. this is for tests for (Class extClass : classpathExtensions) { XPackExtension ext = loadExtension(extClass, settings); @@ -123,7 +130,7 @@ public class XPackExtensionsService { return bundles; } - private List > loadBundles(List bundles) { + private List> loadBundles(List bundles) { List> exts = new ArrayList<>(); for (Bundle bundle : bundles) { @@ -183,4 +190,4 @@ public class XPackExtensionsService { throw new ElasticsearchException("Failed to load extension class [" + extClass.getName() + "]", e); } } -} +} \ No newline at end of file diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/Notification.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/Notification.java index a1d2e67b6fc..755b18098ae 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/Notification.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/Notification.java @@ -36,18 +36,22 @@ public class Notification { this.transportClient = "transport".equals(settings.get(Client.CLIENT_TYPE_SETTING_S.getKey())); } - public void onModule(SettingsModule module) { - module.registerSetting(InternalSlackService.SLACK_ACCOUNT_SETTING); - module.registerSetting(InternalEmailService.EMAIL_ACCOUNT_SETTING); - module.registerSetting(InternalHipChatService.HIPCHAT_ACCOUNT_SETTING); - module.registerSetting(InternalPagerDutyService.PAGERDUTY_ACCOUNT_SETTING); + public List> getSettings() { + return Arrays.asList(InternalSlackService.SLACK_ACCOUNT_SETTING, + InternalEmailService.EMAIL_ACCOUNT_SETTING, + InternalHipChatService.HIPCHAT_ACCOUNT_SETTING, + InternalPagerDutyService.PAGERDUTY_ACCOUNT_SETTING); + } - module.registerSettingsFilter("xpack.notification.email.account.*.smtp.password"); - module.registerSettingsFilter("xpack.notification.slack.account.*.url"); - module.registerSettingsFilter("xpack.notification.pagerduty.account.*.url"); - module.registerSettingsFilter("xpack.notification.pagerduty." + PagerDutyAccount.SERVICE_KEY_SETTING); - module.registerSettingsFilter("xpack.notification.pagerduty.account.*." + PagerDutyAccount.SERVICE_KEY_SETTING); - module.registerSettingsFilter("xpack.notification.hipchat.account.*.auth_token"); + public List getSettingsFilter() { + ArrayList settingsFilter = new ArrayList<>(); + settingsFilter.add("xpack.notification.email.account.*.smtp.password"); + settingsFilter.add("xpack.notification.slack.account.*.url"); + settingsFilter.add("xpack.notification.pagerduty.account.*.url"); + settingsFilter.add("xpack.notification.pagerduty." + PagerDutyAccount.SERVICE_KEY_SETTING); + settingsFilter.add("xpack.notification.pagerduty.account.*." + PagerDutyAccount.SERVICE_KEY_SETTING); + settingsFilter.add("xpack.notification.hipchat.account.*.auth_token"); + return settingsFilter; } public Collection> nodeServices() { diff --git a/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy b/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy index d3e821f4858..8ea29c8627b 100644 --- a/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy +++ b/elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy @@ -16,4 +16,9 @@ grant { // bouncy castle permission java.security.SecurityPermission "putProviderProperty.BC"; + + // needed for x-pack security extension + permission java.security.SecurityPermission "createPolicy.JavaPolicy"; + permission java.security.SecurityPermission "getPolicy"; + permission java.security.SecurityPermission "setPolicy"; }; diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommandTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommandTests.java index fe04b60844f..04dd9951239 100644 --- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommandTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommandTests.java @@ -95,7 +95,7 @@ public class InstallXPackExtensionCommandTests extends ESTestCase { return terminal; } - void assertExtension(String name, Path original, Environment env) throws IOException { + void assertExtension(String name, Environment env) throws IOException { Path got = env.pluginsFile().resolve("x-pack").resolve("extensions").resolve(name); assertTrue("dir " + name + " exists", Files.exists(got)); assertTrue("jar was copied", Files.exists(got.resolve("extension.jar"))); @@ -116,7 +116,7 @@ public class InstallXPackExtensionCommandTests extends ESTestCase { Path extDir = createTempDir(); String extZip = createExtension("fake", extDir); installExtension(extZip, home); - assertExtension("fake", extDir, env); + assertExtension("fake", env); } public void testSpaceInUrl() throws Exception { @@ -127,7 +127,7 @@ public class InstallXPackExtensionCommandTests extends ESTestCase { Files.copy(in, extZipWithSpaces, StandardCopyOption.REPLACE_EXISTING); } installExtension(extZipWithSpaces.toUri().toURL().toString(), home); - assertExtension("fake", extDir, env); + assertExtension("fake", env); } public void testMalformedUrlNotMaven() throws Exception { @@ -155,8 +155,8 @@ public class InstallXPackExtensionCommandTests extends ESTestCase { Path extDir2 = createTempDir(); String extZip2 = createExtension("fake2", extDir2); installExtension(extZip2, home); - assertExtension("fake1", extDir1, env); - assertExtension("fake2", extDir2, env); + assertExtension("fake1", env); + assertExtension("fake2", env); } public void testExistingExtension() throws Exception { @@ -175,4 +175,4 @@ public class InstallXPackExtensionCommandTests extends ESTestCase { assertTrue(e.getMessage(), e.getMessage().contains("x-pack-extension-descriptor.properties")); assertInstallCleaned(env); } -} +} \ No newline at end of file diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/extensions/XPackExtensionSecurityTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/extensions/XPackExtensionSecurityTests.java new file mode 100644 index 00000000000..d912376aae5 --- /dev/null +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/extensions/XPackExtensionSecurityTests.java @@ -0,0 +1,59 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.extensions; + +import org.elasticsearch.test.ESTestCase; + +import java.nio.file.Path; +import java.security.Permission; +import java.security.PermissionCollection; +import java.security.Permissions; +import java.util.Collections; +import java.util.List; + +public class XPackExtensionSecurityTests extends ESTestCase { + /** Test that we can parse the set of permissions correctly for a simple policy */ + public void testParsePermissions() throws Exception { + Path scratch = createTempDir(); + Path testFile = this.getDataPath("security/simple-x-pack-extension-security.policy"); + Permissions expected = new Permissions(); + expected.add(new RuntimePermission("queuePrintJob")); + PermissionCollection actual = InstallXPackExtensionCommand.parsePermissions(testFile, scratch); + assertEquals(expected, actual); + } + + /** Test that we can parse the set of permissions correctly for a complex policy */ + public void testParseTwoPermissions() throws Exception { + Path scratch = createTempDir(); + Path testFile = this.getDataPath("security/complex-x-pack-extension-security.policy"); + Permissions expected = new Permissions(); + expected.add(new RuntimePermission("getClassLoader")); + expected.add(new RuntimePermission("closeClassLoader")); + PermissionCollection actual = InstallXPackExtensionCommand.parsePermissions(testFile, scratch); + assertEquals(expected, actual); + } + + /** Test that we can format some simple permissions properly */ + public void testFormatSimplePermission() throws Exception { + assertEquals("java.lang.RuntimePermission queuePrintJob", + InstallXPackExtensionCommand.formatPermission(new RuntimePermission("queuePrintJob"))); + } + + /** Test that we can format an unresolved permission properly */ + public void testFormatUnresolvedPermission() throws Exception { + Path scratch = createTempDir(); + Path testFile = this.getDataPath("security/unresolved-x-pack-extension-security.policy"); + PermissionCollection actual = InstallXPackExtensionCommand.parsePermissions(testFile, scratch); + List permissions = Collections.list(actual.elements()); + assertEquals(1, permissions.size()); + assertEquals("org.fake.FakePermission fakeName", InstallXPackExtensionCommand.formatPermission(permissions.get(0))); + } + + /** no guaranteed equals on these classes, we assert they contain the same set */ + private void assertEquals(PermissionCollection expected, PermissionCollection actual) { + assertEquals(asSet(Collections.list(expected.elements())), asSet(Collections.list(actual.elements()))); + } +} \ No newline at end of file diff --git a/elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/extensions/security/complex-x-pack-extension-security.policy b/elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/extensions/security/complex-x-pack-extension-security.policy new file mode 100644 index 00000000000..ab52084ffa1 --- /dev/null +++ b/elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/extensions/security/complex-x-pack-extension-security.policy @@ -0,0 +1,5 @@ +grant { + // needed to cause problems + permission java.lang.RuntimePermission "getClassLoader"; + permission java.lang.RuntimePermission "closeClassLoader"; +}; diff --git a/elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/extensions/security/simple-x-pack-extension-security.policy b/elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/extensions/security/simple-x-pack-extension-security.policy new file mode 100644 index 00000000000..3da788e1196 --- /dev/null +++ b/elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/extensions/security/simple-x-pack-extension-security.policy @@ -0,0 +1,4 @@ +grant { + // needed to waste paper + permission java.lang.RuntimePermission "queuePrintJob"; +}; diff --git a/elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/extensions/security/unresolved-x-pack-extension-security.policy b/elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/extensions/security/unresolved-x-pack-extension-security.policy new file mode 100644 index 00000000000..ea785b0d5f6 --- /dev/null +++ b/elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/extensions/security/unresolved-x-pack-extension-security.policy @@ -0,0 +1,4 @@ +grant { + // an unresolved permission + permission org.fake.FakePermission "fakeName"; +}; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java index 3852826defd..aaaa604764f 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java @@ -19,14 +19,17 @@ import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.regex.Regex; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.settings.SettingsModule; +import org.elasticsearch.common.util.concurrent.EsExecutors; import org.elasticsearch.script.ScriptModule; +import org.elasticsearch.threadpool.ExecutorBuilder; +import org.elasticsearch.threadpool.FixedExecutorBuilder; import org.elasticsearch.xpack.XPackPlugin; import org.elasticsearch.xpack.common.init.LazyInitializationModule; import org.elasticsearch.xpack.watcher.actions.WatcherActionModule; import org.elasticsearch.xpack.watcher.client.WatcherClientModule; import org.elasticsearch.xpack.watcher.condition.ConditionModule; import org.elasticsearch.xpack.watcher.execution.ExecutionModule; +import org.elasticsearch.xpack.watcher.execution.InternalWatchExecutor; import org.elasticsearch.xpack.watcher.history.HistoryModule; import org.elasticsearch.xpack.watcher.history.HistoryStore; import org.elasticsearch.xpack.watcher.input.InputModule; @@ -132,43 +135,49 @@ public class Watcher { } public Settings additionalSettings() { - if (enabled == false || transportClient) { - return Settings.EMPTY; - } - Settings additionalSettings = Settings.builder() - .put(HistoryModule.additionalSettings(settings)) - .build(); - - return additionalSettings; + return Settings.EMPTY; } - public void onModule(ScriptModule module) { - module.registerScriptContext(ScriptServiceProxy.INSTANCE); - } - public void onModule(SettingsModule module) { + public List> getSettings() { + List> settings = new ArrayList<>(); for (TemplateConfig templateConfig : WatcherIndexTemplateRegistry.TEMPLATE_CONFIGS) { - module.registerSetting(templateConfig.getSetting()); + settings.add(templateConfig.getSetting()); } - module.registerSetting(INDEX_WATCHER_VERSION_SETTING); - module.registerSetting(INDEX_WATCHER_TEMPLATE_VERSION_SETTING); - module.registerSetting(Setting.intSetting("xpack.watcher.execution.scroll.size", 0, Setting.Property.NodeScope)); - module.registerSetting(Setting.intSetting("xpack.watcher.watch.scroll.size", 0, Setting.Property.NodeScope)); - module.registerSetting(Setting.boolSetting(XPackPlugin.featureEnabledSetting(Watcher.NAME), true, Setting.Property.NodeScope)); - module.registerSetting(ENCRYPT_SENSITIVE_DATA_SETTING); + settings.add(INDEX_WATCHER_VERSION_SETTING); + settings.add(INDEX_WATCHER_TEMPLATE_VERSION_SETTING); + settings.add(Setting.intSetting("xpack.watcher.execution.scroll.size", 0, Setting.Property.NodeScope)); + settings.add(Setting.intSetting("xpack.watcher.watch.scroll.size", 0, Setting.Property.NodeScope)); + settings.add(Setting.boolSetting(XPackPlugin.featureEnabledSetting(Watcher.NAME), true, Setting.Property.NodeScope)); + settings.add(ENCRYPT_SENSITIVE_DATA_SETTING); - module.registerSetting(Setting.simpleString("xpack.watcher.internal.ops.search.default_timeout", Setting.Property.NodeScope)); - module.registerSetting(Setting.simpleString("xpack.watcher.internal.ops.bulk.default_timeout", Setting.Property.NodeScope)); - module.registerSetting(Setting.simpleString("xpack.watcher.internal.ops.index.default_timeout", Setting.Property.NodeScope)); - module.registerSetting(Setting.simpleString("xpack.watcher.execution.default_throttle_period", Setting.Property.NodeScope)); - module.registerSetting(Setting.simpleString("xpack.watcher.actions.index.default_timeout", Setting.Property.NodeScope)); - module.registerSetting(Setting.simpleString("xpack.watcher.index.rest.direct_access", Setting.Property.NodeScope)); - module.registerSetting(Setting.simpleString("xpack.watcher.trigger.schedule.engine", Setting.Property.NodeScope)); - module.registerSetting(Setting.simpleString("xpack.watcher.input.search.default_timeout", Setting.Property.NodeScope)); - module.registerSetting(Setting.simpleString("xpack.watcher.transform.search.default_timeout", Setting.Property.NodeScope)); - module.registerSetting(Setting.simpleString("xpack.watcher.trigger.schedule.ticker.tick_interval", Setting.Property.NodeScope)); - module.registerSetting(Setting.simpleString("xpack.watcher.execution.scroll.timeout", Setting.Property.NodeScope)); - module.registerSetting(Setting.simpleString("xpack.watcher.start_immediately", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.watcher.internal.ops.search.default_timeout", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.watcher.internal.ops.bulk.default_timeout", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.watcher.internal.ops.index.default_timeout", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.watcher.execution.default_throttle_period", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.watcher.actions.index.default_timeout", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.watcher.index.rest.direct_access", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.watcher.trigger.schedule.engine", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.watcher.input.search.default_timeout", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.watcher.transform.search.default_timeout", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.watcher.trigger.schedule.ticker.tick_interval", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.watcher.execution.scroll.timeout", Setting.Property.NodeScope)); + settings.add(Setting.simpleString("xpack.watcher.start_immediately", Setting.Property.NodeScope)); + return settings; + } + + public List> getExecutorBuilders(final Settings settings) { + if (XPackPlugin.featureEnabled(settings, Watcher.NAME, true)) { + final FixedExecutorBuilder builder = + new FixedExecutorBuilder( + settings, + InternalWatchExecutor.THREAD_POOL_NAME, + 5 * EsExecutors.boundedNumberOfProcessors(settings), + 1000, + "xpack.watcher.thread_pool"); + return Collections.singletonList(builder); + } + return Collections.emptyList(); } public void onModule(NetworkModule module) { @@ -270,4 +279,5 @@ public class Watcher { "[.watcher-history-YYYY.MM.dd] are allowed to be created", value); } + } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/InternalWatchExecutor.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/InternalWatchExecutor.java index 4d270496c08..668bdc53d6b 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/InternalWatchExecutor.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/InternalWatchExecutor.java @@ -6,37 +6,17 @@ package org.elasticsearch.xpack.watcher.execution; import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.util.concurrent.EsExecutors; import org.elasticsearch.common.util.concurrent.EsThreadPoolExecutor; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.watcher.Watcher; -import org.elasticsearch.xpack.watcher.support.ThreadPoolSettingsBuilder; import java.util.concurrent.BlockingQueue; import java.util.stream.Stream; -/** - * - */ public class InternalWatchExecutor implements WatchExecutor { public static final String THREAD_POOL_NAME = Watcher.NAME; - public static Settings additionalSettings(Settings nodeSettings) { - Settings settings = nodeSettings.getAsSettings("threadpool." + THREAD_POOL_NAME); - if (!settings.names().isEmpty()) { - // the TP is already configured in the node settings - // no need for additional settings - return Settings.EMPTY; - } - int availableProcessors = EsExecutors.boundedNumberOfProcessors(nodeSettings); - return new ThreadPoolSettingsBuilder.Fixed(THREAD_POOL_NAME) - .size(5 * availableProcessors) - .queueSize(1000) - .build(); - } - private final ThreadPool threadPool; @Inject @@ -67,4 +47,5 @@ public class InternalWatchExecutor implements WatchExecutor { private EsThreadPoolExecutor executor() { return (EsThreadPoolExecutor) threadPool.executor(THREAD_POOL_NAME); } + } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/history/HistoryModule.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/history/HistoryModule.java index e9e65252e7d..3c325c0f0e0 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/history/HistoryModule.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/history/HistoryModule.java @@ -21,7 +21,4 @@ public class HistoryModule extends AbstractModule { bind(HistoryStore.class).asEagerSingleton(); } - public static Settings additionalSettings(Settings nodeSettings) { - return InternalWatchExecutor.additionalSettings(nodeSettings); - } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/support/ThreadPoolSettingsBuilder.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/support/ThreadPoolSettingsBuilder.java deleted file mode 100644 index b477be19c25..00000000000 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/support/ThreadPoolSettingsBuilder.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.xpack.watcher.support; - -import org.elasticsearch.common.settings.Settings; - -/** - * - */ -public abstract class ThreadPoolSettingsBuilder { - - public static Same same(String name) { - return new Same(name); - } - - protected final String name; - private final Settings.Builder builder = Settings.builder(); - - protected ThreadPoolSettingsBuilder(String name, String type) { - this.name = name; - put("type", type); - } - - public Settings build() { - return builder.build(); - } - - protected B put(String setting, Object value) { - builder.put("threadpool." + name + "." + setting, value); - return (B) this; - } - - protected B put(String setting, int value) { - builder.put("threadpool." + name + "." + setting, value); - return (B) this; - } - - public static class Same extends ThreadPoolSettingsBuilder { - public Same(String name) { - super(name, "same"); - } - } - - public static class Fixed extends ThreadPoolSettingsBuilder { - - public Fixed(String name) { - super(name, "fixed"); - } - - public Fixed size(int size) { - return put("size", size); - } - - public Fixed queueSize(int queueSize) { - return put("queue_size", queueSize); - } - } - -} diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/put/PutWatchRequest.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/put/PutWatchRequest.java index e1766038d82..38318c36715 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/put/PutWatchRequest.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/put/PutWatchRequest.java @@ -114,6 +114,7 @@ public class PutWatchRequest extends MasterNodeRequest { super.readFrom(in); id = in.readString(); source = in.readBytesReference(); + active = in.readBoolean(); } @Override @@ -121,6 +122,7 @@ public class PutWatchRequest extends MasterNodeRequest { super.writeTo(out); out.writeString(id); out.writeBytesReference(source); + out.writeBoolean(active); } } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java index 6430fde4a16..31b4f8fb44f 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java @@ -5,10 +5,9 @@ */ package org.elasticsearch.script; +import org.elasticsearch.common.settings.Settings; import org.elasticsearch.xpack.common.text.DefaultTextTemplateEngine; -import java.util.Collections; -import java.util.List; import java.util.Map; /** @@ -27,10 +26,10 @@ public class MockMustacheScriptEngine extends MockScriptEngine { return NAME; } - public void onModule(ScriptModule module) { - module.addScriptEngine(new ScriptEngineRegistry.ScriptEngineRegistration(MockMustacheScriptEngine.class, NAME, true)); + @Override + public ScriptEngineService getScriptEngineService(Settings settings) { + return new MockMustacheScriptEngine(); } - } @Override @@ -51,4 +50,9 @@ public class MockMustacheScriptEngine extends MockScriptEngine { return super.compile(name, script, params); } + + @Override + public boolean isInlineScriptEnabled() { + return true; + } } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/SleepScriptEngine.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/SleepScriptEngine.java index c0cf787d7e8..ad593bfe8ac 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/SleepScriptEngine.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/SleepScriptEngine.java @@ -6,12 +6,13 @@ package org.elasticsearch.script; import org.elasticsearch.common.Nullable; +import org.elasticsearch.common.settings.Settings; import org.elasticsearch.plugins.Plugin; +import org.elasticsearch.plugins.ScriptPlugin; import org.elasticsearch.search.lookup.SearchLookup; import java.io.IOException; import java.util.Collections; -import java.util.List; import java.util.Map; /** @@ -21,7 +22,7 @@ public class SleepScriptEngine implements ScriptEngineService { public static final String NAME = "sleep"; - public static class TestPlugin extends Plugin { + public static class TestPlugin extends Plugin implements ScriptPlugin { public TestPlugin() { } @@ -36,11 +37,10 @@ public class SleepScriptEngine implements ScriptEngineService { return "Mock script engine for integration tests"; } - public void onModule(ScriptModule module) { - module.addScriptEngine(new ScriptEngineRegistry.ScriptEngineRegistration(SleepScriptEngine.class, - SleepScriptEngine.NAME, true)); + @Override + public ScriptEngineService getScriptEngineService(Settings settings) { + return new SleepScriptEngine(); } - } @Override @@ -92,4 +92,8 @@ public class SleepScriptEngine implements ScriptEngineService { .params(Collections.singletonMap("millis", millis)).build(); } + @Override + public boolean isInlineScriptEnabled() { + return true; + } } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/script/ScriptConditionSearchTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/script/ScriptConditionSearchTests.java index a8fc5743f6c..f814c67f1f9 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/script/ScriptConditionSearchTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/script/ScriptConditionSearchTests.java @@ -17,6 +17,7 @@ import org.elasticsearch.search.aggregations.bucket.histogram.Histogram; import org.elasticsearch.search.internal.InternalSearchHit; import org.elasticsearch.search.internal.InternalSearchHits; import org.elasticsearch.search.internal.InternalSearchResponse; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.watcher.support.Script; @@ -40,7 +41,7 @@ public class ScriptConditionSearchTests extends AbstractWatcherIntegrationTestCa @Before public void init() throws Exception { - tp = new ThreadPool(ThreadPool.Names.SAME); + tp = new TestThreadPool(ThreadPool.Names.SAME); scriptService = WatcherTestUtils.getScriptServiceProxy(tp); } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/script/ScriptConditionTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/script/ScriptConditionTests.java index c24b79efd5e..b495fe3f3cc 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/script/ScriptConditionTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/script/ScriptConditionTests.java @@ -18,6 +18,7 @@ import org.elasticsearch.script.GeneralScriptException; import org.elasticsearch.script.ScriptService.ScriptType; import org.elasticsearch.search.internal.InternalSearchResponse; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.watcher.condition.Condition; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; @@ -48,7 +49,7 @@ public class ScriptConditionTests extends ESTestCase { @Before public void init() { - tp = new ThreadPool(ThreadPool.Names.SAME); + tp = new TestThreadPool(ThreadPool.Names.SAME); } @After diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainIntegrationTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainIntegrationTests.java index 77b2029dc44..a760116dd11 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainIntegrationTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainIntegrationTests.java @@ -17,6 +17,7 @@ import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase; import java.net.InetSocketAddress; import java.util.concurrent.TimeUnit; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount; import static org.elasticsearch.xpack.watcher.actions.ActionBuilders.indexAction; @@ -42,7 +43,7 @@ public class ChainIntegrationTests extends AbstractWatcherIntegrationTestCase { public void testChainedInputsAreWorking() throws Exception { String index = "the-most-awesome-index-ever"; createIndex(index); - client().prepareIndex(index, "type", "id").setSource("{}").setRefresh(true).get(); + client().prepareIndex(index, "type", "id").setSource("{}").setRefreshPolicy(IMMEDIATE).get(); InetSocketAddress address = internalCluster().httpAddresses()[0]; HttpInput.Builder httpInputBuilder = httpInput(HttpRequestTemplate.builder(address.getHostString(), address.getPort()) diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/http/HttpInputIntegrationTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/http/HttpInputIntegrationTests.java index 2ff6a291474..a22d6262be7 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/http/HttpInputIntegrationTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/http/HttpInputIntegrationTests.java @@ -24,6 +24,7 @@ import org.elasticsearch.xpack.watcher.trigger.schedule.IntervalSchedule; import java.net.InetSocketAddress; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.index.query.QueryBuilders.matchQuery; import static org.elasticsearch.index.query.QueryBuilders.termQuery; @@ -49,7 +50,7 @@ public class HttpInputIntegrationTests extends AbstractWatcherIntegrationTestCas @TestLogging("watcher.support.http:TRACE") public void testHttpInput() throws Exception { createIndex("index"); - client().prepareIndex("index", "type", "id").setSource("{}").setRefresh(true).get(); + client().prepareIndex("index", "type", "id").setSource("{}").setRefreshPolicy(IMMEDIATE).get(); InetSocketAddress address = internalCluster().httpAddresses()[0]; watcherClient().preparePutWatch("_name") diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/support/WatcherIndexTemplateRegistryTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/support/WatcherIndexTemplateRegistryTests.java index 41d7cbc29ff..1db1130953f 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/support/WatcherIndexTemplateRegistryTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/support/WatcherIndexTemplateRegistryTests.java @@ -15,6 +15,8 @@ import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase; import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; +import java.util.List; import java.util.function.Function; import static org.elasticsearch.test.ESIntegTestCase.Scope.TEST; @@ -85,8 +87,9 @@ public class WatcherIndexTemplateRegistryTests extends AbstractWatcherIntegratio public static final Setting KEY_1 = new Setting<>("index.key1", "", Function.identity(), Setting.Property.IndexScope); - public void onModule(SettingsModule module) { - module.registerSetting(KEY_1); + @Override + public List> getSettings() { + return Collections.singletonList(KEY_1); } } } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/WatcherTestUtils.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/WatcherTestUtils.java index e576cfd50ab..f11d07a3f4a 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/WatcherTestUtils.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/WatcherTestUtils.java @@ -254,7 +254,7 @@ public final class WatcherTestUtils { ScriptSettings scriptSettings = new ScriptSettings(scriptEngineRegistry, scriptContextRegistry); ClusterService clusterService = Mockito.mock(ClusterService.class); Mockito.when(clusterService.state()).thenReturn(ClusterState.builder(new ClusterName("_name")).build()); - return ScriptServiceProxy.of(new ScriptService(settings, new Environment(settings), Collections.emptySet(), + return ScriptServiceProxy.of(new ScriptService(settings, new Environment(settings), new ResourceWatcherService(settings, tp), scriptEngineRegistry, scriptContextRegistry, scriptSettings), clusterService); } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/BootStrapTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/BootStrapTests.java index 210e295db79..dcda61a5813 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/BootStrapTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/BootStrapTests.java @@ -32,6 +32,7 @@ import org.joda.time.DateTimeZone; import java.util.concurrent.TimeUnit; +import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.index.query.QueryBuilders.termQuery; import static org.elasticsearch.search.builder.SearchSourceBuilder.searchSource; @@ -140,7 +141,7 @@ public class BootStrapTests extends AbstractWatcherIntegrationTestCase { .endObject() .endObject()) .setConsistencyLevel(WriteConsistencyLevel.ALL) - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); // unknown condition: @@ -158,7 +159,7 @@ public class BootStrapTests extends AbstractWatcherIntegrationTestCase { .endObject() .endObject()) .setConsistencyLevel(WriteConsistencyLevel.ALL) - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); // unknown trigger: @@ -176,7 +177,7 @@ public class BootStrapTests extends AbstractWatcherIntegrationTestCase { .endObject() .endObject()) .setConsistencyLevel(WriteConsistencyLevel.ALL) - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); stopWatcher(); @@ -200,7 +201,7 @@ public class BootStrapTests extends AbstractWatcherIntegrationTestCase { .endObject() .endObject()) .setConsistencyLevel(WriteConsistencyLevel.ALL) - .setRefresh(true) + .setRefreshPolicy(IMMEDIATE) .get(); stopWatcher(); diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transform/script/ScriptTransformTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transform/script/ScriptTransformTests.java index 910ee7a8341..6e971535e16 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transform/script/ScriptTransformTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transform/script/ScriptTransformTests.java @@ -15,6 +15,7 @@ import org.elasticsearch.script.ExecutableScript; import org.elasticsearch.script.GeneralScriptException; import org.elasticsearch.script.ScriptService.ScriptType; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.watcher.support.Script; @@ -53,7 +54,7 @@ public class ScriptTransformTests extends ESTestCase { @Before public void init() { - tp = new ThreadPool(ThreadPool.Names.SAME); + tp = new TestThreadPool(ThreadPool.Names.SAME); } @After diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transport/action/put/PutWatchSerializationTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transport/action/put/PutWatchSerializationTests.java new file mode 100644 index 00000000000..8747949947c --- /dev/null +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transport/action/put/PutWatchSerializationTests.java @@ -0,0 +1,34 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.watcher.transport.action.put; + +import org.elasticsearch.common.bytes.BytesArray; +import org.elasticsearch.common.io.stream.BytesStreamOutput; +import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.xpack.watcher.transport.actions.put.PutWatchRequest; + +import static org.hamcrest.Matchers.is; + +public class PutWatchSerializationTests extends ESTestCase { + + // https://github.com/elastic/x-plugins/issues/2490 + public void testPutWatchSerialization() throws Exception { + PutWatchRequest request = new PutWatchRequest(); + request.setId(randomAsciiOfLength(10)); + request.setActive(randomBoolean()); + request.setSource(new BytesArray(randomAsciiOfLength(20))); + + BytesStreamOutput streamOutput = new BytesStreamOutput(); + request.writeTo(streamOutput); + + PutWatchRequest readRequest = new PutWatchRequest(); + readRequest.readFrom(streamOutput.bytes().streamInput()); + assertThat(readRequest.isActive(), is(request.isActive())); + assertThat(readRequest.getId(), is(request.getId())); + assertThat(readRequest.getSource(), is(request.getSource())); + } + +}