SQL: Revert some security changes so NOOP merge
SQL used to have some changes to security. We've since reverted them but we have some leftover stuff like import reordering and spacing changes. We may as well remove them so merging SQL to master is smaller. Original commit: elastic/x-pack-elasticsearch@c632256ddd
This commit is contained in:
Nik Everett
parent
236f64a70e
commit
15f84840f2
|
|
@ -6,10 +6,10 @@
|
||||||
package org.elasticsearch.xpack.security.audit;
|
package org.elasticsearch.xpack.security.audit;
|
||||||
|
|
||||||
import org.elasticsearch.rest.RestRequest;
|
import org.elasticsearch.rest.RestRequest;
|
||||||
import org.elasticsearch.transport.TransportMessage;
|
import org.elasticsearch.xpack.security.user.User;
|
||||||
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
|
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
|
||||||
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
|
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
|
||||||
import org.elasticsearch.xpack.security.user.User;
|
import org.elasticsearch.transport.TransportMessage;
|
||||||
|
|
||||||
import java.net.InetAddress;
|
import java.net.InetAddress;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,10 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.xpack.security.audit;
|
package org.elasticsearch.xpack.security.audit;
|
||||||
|
|
||||||
|
import java.net.InetAddress;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
import org.elasticsearch.common.component.AbstractComponent;
|
import org.elasticsearch.common.component.AbstractComponent;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.license.XPackLicenseState;
|
import org.elasticsearch.license.XPackLicenseState;
|
||||||
|
|
@ -14,10 +18,6 @@ import org.elasticsearch.xpack.security.authc.AuthenticationToken;
|
||||||
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
|
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
|
||||||
import org.elasticsearch.xpack.security.user.User;
|
import org.elasticsearch.xpack.security.user.User;
|
||||||
|
|
||||||
import java.net.InetAddress;
|
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
public class AuditTrailService extends AbstractComponent implements AuditTrail {
|
public class AuditTrailService extends AbstractComponent implements AuditTrail {
|
||||||
|
|
||||||
private final XPackLicenseState licenseState;
|
private final XPackLicenseState licenseState;
|
||||||
|
|
|
||||||
|
|
@ -279,7 +279,6 @@ public class LoggingAuditTrail extends AbstractComponent implements AuditTrail,
|
||||||
if (events.contains(ACCESS_DENIED)) {
|
if (events.contains(ACCESS_DENIED)) {
|
||||||
String indices = indicesString(message);
|
String indices = indicesString(message);
|
||||||
final LocalNodeInfo localNodeInfo = this.localNodeInfo;
|
final LocalNodeInfo localNodeInfo = this.localNodeInfo;
|
||||||
|
|
||||||
if (indices != null) {
|
if (indices != null) {
|
||||||
logger.info("{}[transport] [access_denied]\t{}, {}, roles=[{}], action=[{}], indices=[{}], request=[{}]",
|
logger.info("{}[transport] [access_denied]\t{}, {}, roles=[{}], action=[{}], indices=[{}], request=[{}]",
|
||||||
localNodeInfo.prefix, originAttributes(threadContext, message, localNodeInfo), principal(user),
|
localNodeInfo.prefix, originAttributes(threadContext, message, localNodeInfo), principal(user),
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,18 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.xpack.security.authz;
|
package org.elasticsearch.xpack.security.authz;
|
||||||
|
|
||||||
|
import java.net.InetSocketAddress;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
|
import java.util.SortedMap;
|
||||||
|
import java.util.concurrent.CopyOnWriteArraySet;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import org.elasticsearch.action.AliasesRequest;
|
import org.elasticsearch.action.AliasesRequest;
|
||||||
import org.elasticsearch.action.IndicesRequest;
|
import org.elasticsearch.action.IndicesRequest;
|
||||||
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
|
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
|
||||||
|
|
@ -27,18 +39,6 @@ import org.elasticsearch.transport.RemoteClusterAware;
|
||||||
import org.elasticsearch.transport.TransportRequest;
|
import org.elasticsearch.transport.TransportRequest;
|
||||||
import org.elasticsearch.xpack.graph.action.GraphExploreRequest;
|
import org.elasticsearch.xpack.graph.action.GraphExploreRequest;
|
||||||
|
|
||||||
import java.net.InetSocketAddress;
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.HashSet;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Set;
|
|
||||||
import java.util.SortedMap;
|
|
||||||
import java.util.concurrent.CopyOnWriteArraySet;
|
|
||||||
import java.util.stream.Collectors;
|
|
||||||
|
|
||||||
public class IndicesAndAliasesResolver {
|
public class IndicesAndAliasesResolver {
|
||||||
|
|
||||||
//placeholder used in the security plugin to indicate that the request is authorized knowing that it will yield an empty response
|
//placeholder used in the security plugin to indicate that the request is authorized knowing that it will yield an empty response
|
||||||
|
|
@ -84,6 +84,7 @@ public class IndicesAndAliasesResolver {
|
||||||
* <br>
|
* <br>
|
||||||
* Otherwise, <em>N</em> will be added to the <em>local</em> index list.
|
* Otherwise, <em>N</em> will be added to the <em>local</em> index list.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public ResolvedIndices resolve(TransportRequest request, MetaData metaData, AuthorizedIndices authorizedIndices) {
|
public ResolvedIndices resolve(TransportRequest request, MetaData metaData, AuthorizedIndices authorizedIndices) {
|
||||||
if (request instanceof IndicesAliasesRequest) {
|
if (request instanceof IndicesAliasesRequest) {
|
||||||
ResolvedIndices indices = ResolvedIndices.empty();
|
ResolvedIndices indices = ResolvedIndices.empty();
|
||||||
|
|
|
||||||
|
|
@ -6,14 +6,14 @@
|
||||||
package org.elasticsearch.xpack.security.audit;
|
package org.elasticsearch.xpack.security.audit;
|
||||||
|
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.license.XPackLicenseState;
|
|
||||||
import org.elasticsearch.rest.RestRequest;
|
import org.elasticsearch.rest.RestRequest;
|
||||||
import org.elasticsearch.test.ESTestCase;
|
import org.elasticsearch.license.XPackLicenseState;
|
||||||
import org.elasticsearch.transport.TransportMessage;
|
import org.elasticsearch.xpack.security.user.User;
|
||||||
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
|
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
|
||||||
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
|
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
|
||||||
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
|
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
|
||||||
import org.elasticsearch.xpack.security.user.User;
|
import org.elasticsearch.test.ESTestCase;
|
||||||
|
import org.elasticsearch.transport.TransportMessage;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
|
||||||
import java.net.InetAddress;
|
import java.net.InetAddress;
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,11 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.xpack.security.audit.index;
|
package org.elasticsearch.xpack.security.audit.index;
|
||||||
|
|
||||||
|
import java.net.InetAddress;
|
||||||
|
import java.util.concurrent.BlockingQueue;
|
||||||
|
import java.util.concurrent.LinkedBlockingQueue;
|
||||||
|
import java.util.concurrent.atomic.AtomicBoolean;
|
||||||
|
|
||||||
import org.elasticsearch.action.Action;
|
import org.elasticsearch.action.Action;
|
||||||
import org.elasticsearch.action.ActionListener;
|
import org.elasticsearch.action.ActionListener;
|
||||||
import org.elasticsearch.action.ActionRequest;
|
import org.elasticsearch.action.ActionRequest;
|
||||||
|
|
@ -30,11 +35,6 @@ import org.elasticsearch.xpack.security.user.User;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
|
||||||
import java.net.InetAddress;
|
|
||||||
import java.util.concurrent.BlockingQueue;
|
|
||||||
import java.util.concurrent.LinkedBlockingQueue;
|
|
||||||
import java.util.concurrent.atomic.AtomicBoolean;
|
|
||||||
|
|
||||||
import static org.hamcrest.Matchers.is;
|
import static org.hamcrest.Matchers.is;
|
||||||
import static org.mockito.Mockito.mock;
|
import static org.mockito.Mockito.mock;
|
||||||
import static org.mockito.Mockito.verifyZeroInteractions;
|
import static org.mockito.Mockito.verifyZeroInteractions;
|
||||||
|
|
|
||||||
|
|
@ -524,7 +524,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
|
||||||
assertThat((Iterable<String>) sourceMap.get(IndexAuditTrail.Field.ROLE_NAMES), containsInAnyOrder(role));
|
assertThat((Iterable<String>) sourceMap.get(IndexAuditTrail.Field.ROLE_NAMES), containsInAnyOrder(role));
|
||||||
if (message instanceof IndicesRequest) {
|
if (message instanceof IndicesRequest) {
|
||||||
List<Object> indices = (List<Object>) sourceMap.get("indices");
|
List<Object> indices = (List<Object>) sourceMap.get("indices");
|
||||||
assertThat(indices, containsInAnyOrder((Object[]) ((IndicesRequest)message).indices()));
|
assertThat(indices, containsInAnyOrder((Object[]) ((IndicesRequest) message).indices()));
|
||||||
}
|
}
|
||||||
assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
|
assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
|
||||||
}
|
}
|
||||||
|
|
@ -571,7 +571,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
|
||||||
assertEquals("_action", sourceMap.get("action"));
|
assertEquals("_action", sourceMap.get("action"));
|
||||||
if (message instanceof IndicesRequest) {
|
if (message instanceof IndicesRequest) {
|
||||||
List<Object> indices = (List<Object>) sourceMap.get("indices");
|
List<Object> indices = (List<Object>) sourceMap.get("indices");
|
||||||
assertThat(indices, containsInAnyOrder((Object[]) ((IndicesRequest)message).indices()));
|
assertThat(indices, containsInAnyOrder((Object[]) ((IndicesRequest) message).indices()));
|
||||||
}
|
}
|
||||||
assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
|
assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
|
||||||
assertThat((Iterable<String>) sourceMap.get(IndexAuditTrail.Field.ROLE_NAMES), containsInAnyOrder(role));
|
assertThat((Iterable<String>) sourceMap.get(IndexAuditTrail.Field.ROLE_NAMES), containsInAnyOrder(role));
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue