SQL: Revert some security changes so NOOP merge
SQL used to have some changes to security. We've since reverted them but we have some leftover stuff like import reordering and spacing changes. We may as well remove them so merging SQL to master is smaller. Original commit: elastic/x-pack-elasticsearch@c632256ddd
This commit is contained in:
parent
236f64a70e
commit
15f84840f2
|
@ -6,10 +6,10 @@
|
|||
package org.elasticsearch.xpack.security.audit;
|
||||
|
||||
import org.elasticsearch.rest.RestRequest;
|
||||
import org.elasticsearch.transport.TransportMessage;
|
||||
import org.elasticsearch.xpack.security.user.User;
|
||||
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
|
||||
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
|
||||
import org.elasticsearch.xpack.security.user.User;
|
||||
import org.elasticsearch.transport.TransportMessage;
|
||||
|
||||
import java.net.InetAddress;
|
||||
|
||||
|
|
|
@ -5,6 +5,10 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.security.audit;
|
||||
|
||||
import java.net.InetAddress;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import org.elasticsearch.common.component.AbstractComponent;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.license.XPackLicenseState;
|
||||
|
@ -14,10 +18,6 @@ import org.elasticsearch.xpack.security.authc.AuthenticationToken;
|
|||
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
|
||||
import org.elasticsearch.xpack.security.user.User;
|
||||
|
||||
import java.net.InetAddress;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
public class AuditTrailService extends AbstractComponent implements AuditTrail {
|
||||
|
||||
private final XPackLicenseState licenseState;
|
||||
|
|
|
@ -279,7 +279,6 @@ public class LoggingAuditTrail extends AbstractComponent implements AuditTrail,
|
|||
if (events.contains(ACCESS_DENIED)) {
|
||||
String indices = indicesString(message);
|
||||
final LocalNodeInfo localNodeInfo = this.localNodeInfo;
|
||||
|
||||
if (indices != null) {
|
||||
logger.info("{}[transport] [access_denied]\t{}, {}, roles=[{}], action=[{}], indices=[{}], request=[{}]",
|
||||
localNodeInfo.prefix, originAttributes(threadContext, message, localNodeInfo), principal(user),
|
||||
|
|
|
@ -5,6 +5,18 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.security.authz;
|
||||
|
||||
import java.net.InetSocketAddress;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.SortedMap;
|
||||
import java.util.concurrent.CopyOnWriteArraySet;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.elasticsearch.action.AliasesRequest;
|
||||
import org.elasticsearch.action.IndicesRequest;
|
||||
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
|
||||
|
@ -27,18 +39,6 @@ import org.elasticsearch.transport.RemoteClusterAware;
|
|||
import org.elasticsearch.transport.TransportRequest;
|
||||
import org.elasticsearch.xpack.graph.action.GraphExploreRequest;
|
||||
|
||||
import java.net.InetSocketAddress;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.SortedMap;
|
||||
import java.util.concurrent.CopyOnWriteArraySet;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
public class IndicesAndAliasesResolver {
|
||||
|
||||
//placeholder used in the security plugin to indicate that the request is authorized knowing that it will yield an empty response
|
||||
|
@ -84,6 +84,7 @@ public class IndicesAndAliasesResolver {
|
|||
* <br>
|
||||
* Otherwise, <em>N</em> will be added to the <em>local</em> index list.
|
||||
*/
|
||||
|
||||
public ResolvedIndices resolve(TransportRequest request, MetaData metaData, AuthorizedIndices authorizedIndices) {
|
||||
if (request instanceof IndicesAliasesRequest) {
|
||||
ResolvedIndices indices = ResolvedIndices.empty();
|
||||
|
|
|
@ -6,14 +6,14 @@
|
|||
package org.elasticsearch.xpack.security.audit;
|
||||
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.license.XPackLicenseState;
|
||||
import org.elasticsearch.rest.RestRequest;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.transport.TransportMessage;
|
||||
import org.elasticsearch.license.XPackLicenseState;
|
||||
import org.elasticsearch.xpack.security.user.User;
|
||||
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
|
||||
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
|
||||
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
|
||||
import org.elasticsearch.xpack.security.user.User;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.transport.TransportMessage;
|
||||
import org.junit.Before;
|
||||
|
||||
import java.net.InetAddress;
|
||||
|
|
|
@ -5,6 +5,11 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.security.audit.index;
|
||||
|
||||
import java.net.InetAddress;
|
||||
import java.util.concurrent.BlockingQueue;
|
||||
import java.util.concurrent.LinkedBlockingQueue;
|
||||
import java.util.concurrent.atomic.AtomicBoolean;
|
||||
|
||||
import org.elasticsearch.action.Action;
|
||||
import org.elasticsearch.action.ActionListener;
|
||||
import org.elasticsearch.action.ActionRequest;
|
||||
|
@ -30,11 +35,6 @@ import org.elasticsearch.xpack.security.user.User;
|
|||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
|
||||
import java.net.InetAddress;
|
||||
import java.util.concurrent.BlockingQueue;
|
||||
import java.util.concurrent.LinkedBlockingQueue;
|
||||
import java.util.concurrent.atomic.AtomicBoolean;
|
||||
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verifyZeroInteractions;
|
||||
|
|
|
@ -524,7 +524,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
|
|||
assertThat((Iterable<String>) sourceMap.get(IndexAuditTrail.Field.ROLE_NAMES), containsInAnyOrder(role));
|
||||
if (message instanceof IndicesRequest) {
|
||||
List<Object> indices = (List<Object>) sourceMap.get("indices");
|
||||
assertThat(indices, containsInAnyOrder((Object[]) ((IndicesRequest)message).indices()));
|
||||
assertThat(indices, containsInAnyOrder((Object[]) ((IndicesRequest) message).indices()));
|
||||
}
|
||||
assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
|
||||
}
|
||||
|
@ -571,7 +571,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
|
|||
assertEquals("_action", sourceMap.get("action"));
|
||||
if (message instanceof IndicesRequest) {
|
||||
List<Object> indices = (List<Object>) sourceMap.get("indices");
|
||||
assertThat(indices, containsInAnyOrder((Object[]) ((IndicesRequest)message).indices()));
|
||||
assertThat(indices, containsInAnyOrder((Object[]) ((IndicesRequest) message).indices()));
|
||||
}
|
||||
assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
|
||||
assertThat((Iterable<String>) sourceMap.get(IndexAuditTrail.Field.ROLE_NAMES), containsInAnyOrder(role));
|
||||
|
|
Loading…
Reference in New Issue