Initial cleanup of shield integration in watcher and marvel

- Removed Marvel/WatcherUserHolder in favour of the new `InternalMarvelUser`/`InternalWatcherUser`

Original commit: elastic/x-pack-elasticsearch@8181630144

elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/MarvelPlugin.java

@@ -22,7 +22,7 @@ import org.elasticsearch.marvel.agent.settings.MarvelModule;
 import org.elasticsearch.marvel.agent.settings.MarvelSettings;
 import org.elasticsearch.marvel.license.LicenseModule;
 import org.elasticsearch.marvel.license.MarvelLicensee;
-import org.elasticsearch.marvel.shield.MarvelInternalUserHolder;
+import org.elasticsearch.marvel.shield.InternalMarvelUser;
 import org.elasticsearch.marvel.shield.MarvelShieldIntegration;
 import org.elasticsearch.marvel.shield.MarvelShieldModule;
 import org.elasticsearch.plugins.Plugin;
@@ -106,7 +106,7 @@ public class MarvelPlugin extends Plugin {
     // is enabled. This is a temporary solution until inter-plugin-communication can be worked out.
     public void onModule(Module module) {
         if (enabled && MarvelShieldIntegration.enabled(settings) && module instanceof AuthorizationModule) {
-            ((AuthorizationModule)module).registerReservedRole(MarvelInternalUserHolder.ROLE);
+            ((AuthorizationModule)module).registerReservedRole(InternalMarvelUser.ROLE);
         }
     }
 

elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/InternalMarvelUser.java

@@ -11,16 +11,17 @@ import org.elasticsearch.marvel.agent.settings.MarvelSettings;
 import org.elasticsearch.shield.User;
 import org.elasticsearch.shield.authz.Permission;
 import org.elasticsearch.shield.authz.Privilege;
-import org.elasticsearch.transport.TransportMessage;
 
 /**
  *
  */
-public class MarvelInternalUserHolder {
+public class InternalMarvelUser extends User.Simple {
 
     static final String NAME = "__marvel_user";
     static final String[] ROLE_NAMES = new String[] { "__marvel_role" };
 
+    public static final InternalMarvelUser INSTANCE = new InternalMarvelUser(NAME, ROLE_NAMES);
+
     public static final Permission.Global.Role ROLE = Permission.Global.Role.builder(ROLE_NAMES[0])
             .cluster(Privilege.Cluster.get(new Privilege.Name(
                     PutIndexTemplateAction.NAME + "*",
@@ -38,9 +39,7 @@ public class MarvelInternalUserHolder {
 
             .build();
 
-    final User user = new User.Simple(NAME, ROLE_NAMES);
-
-    public void bindUser(TransportMessage<?> message) {
-
+    InternalMarvelUser(String username, String[] roles) {
+        super(username, roles);
     }
 }

elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldIntegration.java

@@ -6,12 +6,10 @@
 package org.elasticsearch.marvel.shield;
 
 import org.elasticsearch.ElasticsearchException;
-import org.elasticsearch.common.HasContext;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.inject.Injector;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.shield.ShieldPlugin;
-import org.elasticsearch.xpack.XPackPlugin;
 import org.elasticsearch.shield.ShieldSettingsFilter;
 import org.elasticsearch.shield.authc.AuthenticationService;
 import org.elasticsearch.transport.TransportMessage;
@@ -23,45 +21,35 @@ import java.io.IOException;
  */
 public class MarvelShieldIntegration {
 
-    private final Object authcService;
-    private final Object userHolder;
-    private final Object settingsFilter;
+    private final boolean enabled;
+    private final AuthenticationService authcService;
+    private final ShieldSettingsFilter settingsFilter;
 
     @Inject
     public MarvelShieldIntegration(Settings settings, Injector injector) {
-        boolean enabled = enabled(settings);
+        enabled = enabled(settings);
         authcService = enabled ? injector.getInstance(AuthenticationService.class) : null;
-        userHolder = enabled ? injector.getInstance(MarvelInternalUserHolder.class) : null;
         settingsFilter = enabled ? injector.getInstance(ShieldSettingsFilter.class) : null;
     }
 
     public void bindInternalMarvelUser(TransportMessage message) {
         if (authcService != null) {
             try {
-                ((AuthenticationService) authcService).attachUserHeaderIfMissing(message, ((MarvelInternalUserHolder) userHolder).user);
+                authcService.attachUserHeaderIfMissing(message, InternalMarvelUser.INSTANCE);
             } catch (IOException e) {
-                throw new ElasticsearchException("failed to attach watcher user to request", e);
+                throw new ElasticsearchException("failed to attach marvel user to request", e);
             }
         }
     }
 
     public void filterOutSettings(String... patterns) {
         if (settingsFilter != null) {
-            ((ShieldSettingsFilter) settingsFilter).filterOut(patterns);
-        }
-    }
-
-    static boolean installed() {
-        try {
-            MarvelShieldIntegration.class.getClassLoader().loadClass("org.elasticsearch.shield.ShieldPlugin");
-            return true;
-        } catch (ClassNotFoundException e) {
-            return false;
+            settingsFilter.filterOut(patterns);
         }
     }
 
     public static boolean enabled(Settings settings) {
-        return installed() && ShieldPlugin.shieldEnabled(settings);
+        return ShieldPlugin.shieldEnabled(settings);
     }
 
 }

elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldModule.java

@@ -6,7 +6,6 @@
 package org.elasticsearch.marvel.shield;
 
 import org.elasticsearch.common.inject.AbstractModule;
-import org.elasticsearch.common.inject.util.Providers;
 import org.elasticsearch.common.settings.Settings;
 
 /**
@@ -14,19 +13,16 @@ import org.elasticsearch.common.settings.Settings;
  */
 public class MarvelShieldModule extends AbstractModule {
 
-    private final MarvelInternalUserHolder userHolder;
     private final boolean enabled;
 
     public MarvelShieldModule(Settings settings) {
         this.enabled = MarvelShieldIntegration.enabled(settings);
-        userHolder = enabled ? new MarvelInternalUserHolder() : null;
     }
 
     @Override
     protected void configure() {
         bind(MarvelShieldIntegration.class).asEagerSingleton();
         bind(SecuredClient.class).asEagerSingleton();
-        bind(MarvelInternalUserHolder.class).toProvider(Providers.of(userHolder));
         if (enabled) {
             bind(MarvelSettingsFilter.Shield.class).asEagerSingleton();
             bind(MarvelSettingsFilter.class).to(MarvelSettingsFilter.Shield.class);

elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/WatcherPlugin.java

@@ -36,9 +36,9 @@ import org.elasticsearch.watcher.input.InputModule;
 import org.elasticsearch.watcher.license.LicenseModule;
 import org.elasticsearch.watcher.license.WatcherLicensee;
 import org.elasticsearch.watcher.rest.action.*;
+import org.elasticsearch.watcher.shield.InternalWatcherUser;
 import org.elasticsearch.watcher.shield.ShieldIntegration;
 import org.elasticsearch.watcher.shield.WatcherShieldModule;
-import org.elasticsearch.watcher.shield.WatcherUserHolder;
 import org.elasticsearch.watcher.support.WatcherIndexTemplateRegistry.TemplateConfig;
 import org.elasticsearch.watcher.support.clock.ClockModule;
 import org.elasticsearch.watcher.support.http.HttpClient;
@@ -211,7 +211,7 @@ public class WatcherPlugin extends Plugin {
     // is enabled. This is a temporary solution until inter-plugin-communication can be worked out.
     public void onModule(Module module) {
         if (enabled && ShieldIntegration.enabled(settings) && module instanceof AuthorizationModule) {
-            ((AuthorizationModule)module).registerReservedRole(WatcherUserHolder.ROLE);
+            ((AuthorizationModule)module).registerReservedRole(InternalWatcherUser.ROLE);
         }
     }
 

elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/shield/InternalWatcherUser.java

@@ -12,11 +12,13 @@ import org.elasticsearch.shield.authz.Privilege;
 /**
  *
  */
-public class WatcherUserHolder {
+public class InternalWatcherUser extends User.Simple {
 
     static final String NAME = "__watcher_user";
     static final String[] ROLE_NAMES = new String[] { "__watcher_role" };
 
+    public static final InternalWatcherUser INSTANCE = new InternalWatcherUser(NAME, ROLE_NAMES);
+
     public static final Permission.Global.Role ROLE = Permission.Global.Role.builder(ROLE_NAMES[0])
             .cluster(Privilege.Cluster.action("indices:admin/template/put"))
 
@@ -31,6 +33,7 @@ public class WatcherUserHolder {
 
             .build();
 
-    final User user = new User.Simple(NAME, ROLE_NAMES);
-
+    InternalWatcherUser(String username, String[] roles) {
+        super(username, roles);
+    }
 }

elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/shield/ShieldIntegration.java

@@ -11,7 +11,6 @@ import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.inject.Injector;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.shield.ShieldPlugin;
-import org.elasticsearch.xpack.XPackPlugin;
 import org.elasticsearch.shield.ShieldSettingsFilter;
 import org.elasticsearch.shield.authc.AuthenticationService;
 import org.elasticsearch.transport.TransportMessage;
@@ -23,24 +22,21 @@ import java.io.IOException;
  */
 public class ShieldIntegration {
 
-    private static final int MIN_SHIELD_VERSION = /*00*/2000001; // 2.0.0_beta1
-
-    private final Object authcService;
-    private final Object userHolder;
-    private final Object settingsFilter;
+    private final boolean enabled;
+    private final AuthenticationService authcService;
+    private final ShieldSettingsFilter settingsFilter;
 
     @Inject
     public ShieldIntegration(Settings settings, Injector injector) {
-        boolean enabled = enabled(settings);
+        enabled = enabled(settings);
         authcService = enabled ? injector.getInstance(AuthenticationService.class) : null;
-        userHolder = enabled ? injector.getInstance(WatcherUserHolder.class) : null;
         settingsFilter = enabled ? injector.getInstance(ShieldSettingsFilter.class) : null;
     }
 
     public void bindWatcherUser(TransportMessage message) {
         if (authcService != null) {
             try {
-                ((AuthenticationService) authcService).attachUserHeaderIfMissing(message, ((WatcherUserHolder) userHolder).user);
+                authcService.attachUserHeaderIfMissing(message, InternalWatcherUser.INSTANCE);
             } catch (IOException e) {
                 throw new ElasticsearchException("failed to attach watcher user to request", e);
             }
@@ -49,28 +45,19 @@ public class ShieldIntegration {
 
     public void filterOutSettings(String... patterns) {
         if (settingsFilter != null) {
-            ((ShieldSettingsFilter) settingsFilter).filterOut(patterns);
+            settingsFilter.filterOut(patterns);
         }
     }
 
     // TODO this is a hack that needs to go away with proper fixes in core
     public void putUserInContext(HasContext context) {
-        if (userHolder != null) {
-            context.putInContext("_shield_user", ((WatcherUserHolder) userHolder).user);
-        }
-    }
-
-    static boolean installed() {
-        try {
-            ShieldIntegration.class.getClassLoader().loadClass("org.elasticsearch.shield.ShieldPlugin");
-            return true;
-        } catch (ClassNotFoundException e) {
-            return false;
+        if (enabled) {
+            context.putInContext("_shield_user", InternalWatcherUser.INSTANCE);
         }
     }
 
     public static boolean enabled(Settings settings) {
-        return installed() && ShieldPlugin.shieldEnabled(settings);
+        return ShieldPlugin.shieldEnabled(settings);
     }
 
 }

elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/shield/WatcherShieldModule.java

@@ -6,7 +6,6 @@
 package org.elasticsearch.watcher.shield;
 
 import org.elasticsearch.common.inject.AbstractModule;
-import org.elasticsearch.common.inject.util.Providers;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.logging.Loggers;
 import org.elasticsearch.common.settings.Settings;
@@ -21,17 +20,12 @@ public class WatcherShieldModule extends AbstractModule {
 
     private final boolean enabled;
 
-    private final WatcherUserHolder userHolder;
-
     public WatcherShieldModule(Settings settings) {
         this.logger = Loggers.getLogger(WatcherShieldModule.class, settings);
         this.enabled = ShieldIntegration.enabled(settings);
         if (enabled) {
-            userHolder = new WatcherUserHolder();
             registerClusterPrivilege("manage_watcher", "cluster:admin/watcher/*", "cluster:monitor/watcher/*");
             registerClusterPrivilege("monitor_watcher", "cluster:monitor/watcher/*");
-        } else {
-            userHolder = null;
         }
     }
 
@@ -50,7 +44,6 @@ public class WatcherShieldModule extends AbstractModule {
     @Override
     protected void configure() {
         bind(ShieldIntegration.class).asEagerSingleton();
-        bind(WatcherUserHolder.class).toProvider(Providers.of(userHolder));
         if (enabled) {
             bind(WatcherSettingsFilter.Shield.class).asEagerSingleton();
             bind(WatcherSettingsFilter.class).to(WatcherSettingsFilter.Shield.class);

elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/condition/compare/CompareConditionSearchTests.java

@@ -31,6 +31,12 @@ import static org.mockito.Mockito.when;
 /**
  */
 public class CompareConditionSearchTests extends AbstractWatcherIntegrationTestCase {
+
+    @Override
+    protected boolean enableShield() {
+        return true;
+    }
+
     public void testExecuteWithAggs() throws Exception {
         client().admin().indices().prepareCreate("my-index")
                 .addMapping("my-type", "_timestamp", "enabled=true")