diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/MarvelPlugin.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/MarvelPlugin.java index a96812cd820..711840e2945 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/MarvelPlugin.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/MarvelPlugin.java @@ -23,7 +23,6 @@ import org.elasticsearch.marvel.agent.settings.MarvelSettings; import org.elasticsearch.marvel.cleaner.CleanerService; import org.elasticsearch.marvel.license.LicenseModule; import org.elasticsearch.marvel.license.MarvelLicensee; -import org.elasticsearch.marvel.shield.MarvelShieldModule; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.xpack.XPackPlugin; @@ -70,13 +69,6 @@ public class MarvelPlugin extends Plugin { public Collection nodeModules() { List modules = new ArrayList<>(); - // Always load the security integration for tribe nodes. - // This is useful if the tribe node is connected to a - // protected monitored cluster: __marvel_user operations must be allowed. - if (enabled || isTribeNode(settings) || isTribeClientNode(settings)) { - modules.add(new MarvelShieldModule(settings)); - } - if (enabled) { modules.add(new MarvelModule()); modules.add(new LicenseModule()); @@ -141,5 +133,6 @@ public class MarvelPlugin extends Plugin { module.registerSetting(Setting.simpleString("marvel.agent.exporter.es.ssl.truststore.password", false, Setting.Scope.CLUSTER)); module.registerSetting(Setting.simpleString("marvel.agent.exporter.es.ssl.truststore.path", false, Setting.Scope.CLUSTER)); module.registerSetting(Setting.boolSetting("marvel.enabled", false, false, Setting.Scope.CLUSTER)); + module.registerSettingsFilter("marvel.agent.exporters.auth.password"); } } diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java index 397a5f74ac1..77ddb6675ab 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java @@ -17,8 +17,8 @@ import org.elasticsearch.marvel.agent.collector.AbstractCollector; import org.elasticsearch.marvel.agent.exporter.MarvelDoc; import org.elasticsearch.marvel.agent.settings.MarvelSettings; import org.elasticsearch.marvel.license.MarvelLicensee; -import org.elasticsearch.marvel.shield.MarvelShieldIntegration; import org.elasticsearch.shield.InternalClient; +import org.elasticsearch.shield.ShieldPlugin; import java.util.ArrayList; import java.util.Arrays; @@ -65,7 +65,7 @@ public class IndexRecoveryCollector extends AbstractCollector results.add(new IndexStatsMarvelDoc(clusterUUID, TYPE, timestamp, indexStats)); } } catch (IndexNotFoundException e) { - if (MarvelShieldIntegration.enabled(settings) && IndexNameExpressionResolver.isAllIndices(Arrays.asList(marvelSettings.indices()))) { + if (ShieldPlugin.shieldEnabled(settings) && IndexNameExpressionResolver.isAllIndices(Arrays.asList(marvelSettings.indices()))) { logger.debug("collector [{}] - unable to collect data for missing index [{}]", name(), e.getIndex()); } else { throw e; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java index 266c2926366..bfd669ec1be 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java @@ -17,8 +17,8 @@ import org.elasticsearch.marvel.agent.collector.AbstractCollector; import org.elasticsearch.marvel.agent.exporter.MarvelDoc; import org.elasticsearch.marvel.agent.settings.MarvelSettings; import org.elasticsearch.marvel.license.MarvelLicensee; -import org.elasticsearch.marvel.shield.MarvelShieldIntegration; import org.elasticsearch.shield.InternalClient; +import org.elasticsearch.shield.ShieldPlugin; import java.util.Arrays; import java.util.Collection; @@ -63,7 +63,7 @@ public class IndicesStatsCollector extends AbstractCollector implements public static final Setting EXPORTERS_SETTING = Setting.groupSetting("marvel.agent.exporters.", true, Setting.Scope.CLUSTER); private final Map factories; - private final MarvelSettingsFilter settingsFilter; private final ClusterService clusterService; private volatile CurrentExporters exporters = CurrentExporters.EMPTY; @@ -43,12 +41,11 @@ public class Exporters extends AbstractLifecycleComponent implements @Inject public Exporters(Settings settings, Map factories, - MarvelSettingsFilter settingsFilter, ClusterService clusterService, + ClusterService clusterService, ClusterSettings clusterSettings) { super(settings); this.factories = factories; - this.settingsFilter = settingsFilter; this.clusterService = clusterService; exporterSettings = EXPORTERS_SETTING.get(settings); clusterSettings.addSettingsUpdateConsumer(EXPORTERS_SETTING, this::setExportersSetting); @@ -148,7 +145,6 @@ public class Exporters extends AbstractLifecycleComponent implements if (factory == null) { throw new SettingsException("unknown exporter type [" + type + "] set for exporter [" + name + "]"); } - factory.filterOutSensitiveSettings(EXPORTERS_SETTING + ".*.", settingsFilter); Exporter.Config config = new Exporter.Config(name, settings, exporterSettings); if (!config.enabled()) { hasDisabled = true; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java index 967a2d75d97..c4ab35d8edb 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java @@ -28,7 +28,6 @@ import org.elasticsearch.marvel.agent.exporter.MarvelTemplateUtils; import org.elasticsearch.marvel.agent.renderer.Renderer; import org.elasticsearch.marvel.agent.renderer.RendererRegistry; import org.elasticsearch.marvel.agent.settings.MarvelSettings; -import org.elasticsearch.marvel.shield.MarvelSettingsFilter; import org.elasticsearch.marvel.support.VersionUtils; import javax.net.ssl.HostnameVerifier; @@ -729,10 +728,5 @@ public class HttpExporter extends Exporter { public HttpExporter create(Config config) { return new HttpExporter(config, env, rendererRegistry); } - - @Override - public void filterOutSensitiveSettings(String prefix, MarvelSettingsFilter filter) { - filter.filterOut(prefix + AUTH_PASSWORD_SETTING); - } } } diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelSettingsFilter.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelSettingsFilter.java deleted file mode 100644 index a333fa92259..00000000000 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelSettingsFilter.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.marvel.shield; - -import org.elasticsearch.common.inject.Inject; - -/** - * - */ -public interface MarvelSettingsFilter { - - void filterOut(String... patterns); - - class Noop implements MarvelSettingsFilter { - - public static Noop INSTANCE = new Noop(); - - private Noop() { - } - - @Override - public void filterOut(String... patterns) { - } - } - - class Shield implements MarvelSettingsFilter { - - private final MarvelShieldIntegration shieldIntegration; - - @Inject - public Shield(MarvelShieldIntegration shieldIntegration) { - this.shieldIntegration = shieldIntegration; - } - - @Override - public void filterOut(String... patterns) { - shieldIntegration.filterOutSettings(patterns); - } - } -} diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldIntegration.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldIntegration.java deleted file mode 100644 index 26270543e1f..00000000000 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldIntegration.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.marvel.shield; - -import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.inject.Injector; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.shield.ShieldPlugin; -import org.elasticsearch.shield.ShieldSettingsFilter; - -/** - * - */ -public class MarvelShieldIntegration { - - private final ShieldSettingsFilter settingsFilter; - - @Inject - public MarvelShieldIntegration(Settings settings, Injector injector) { - boolean enabled = enabled(settings); - settingsFilter = enabled ? injector.getInstance(ShieldSettingsFilter.class) : null; - } - - public void filterOutSettings(String... patterns) { - if (settingsFilter != null) { - settingsFilter.filterOut(patterns); - } - } - - public static boolean enabled(Settings settings) { - return ShieldPlugin.shieldEnabled(settings); - } - -} diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldModule.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldModule.java deleted file mode 100644 index f267aaaafba..00000000000 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldModule.java +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.marvel.shield; - -import org.elasticsearch.common.inject.AbstractModule; -import org.elasticsearch.common.settings.Settings; - -/** - * - */ -public class MarvelShieldModule extends AbstractModule { - - private final boolean shieldEnabled; - - public MarvelShieldModule(Settings settings) { - this.shieldEnabled = MarvelShieldIntegration.enabled(settings); - } - - @Override - protected void configure() { - bind(MarvelShieldIntegration.class).asEagerSingleton(); - if (shieldEnabled) { - bind(MarvelSettingsFilter.Shield.class).asEagerSingleton(); - bind(MarvelSettingsFilter.class).to(MarvelSettingsFilter.Shield.class); - } else { - bind(MarvelSettingsFilter.class).toInstance(MarvelSettingsFilter.Noop.INSTANCE); - } - } -} diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginClientTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginClientTests.java index d3d69ff29cd..da9822b9af6 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginClientTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginClientTests.java @@ -35,6 +35,6 @@ public class MarvelPluginClientTests extends ESTestCase { MarvelPlugin plugin = new MarvelPlugin(settings); assertThat(plugin.isEnabled(), is(true)); Collection modules = plugin.nodeModules(); - assertThat(modules.size(), is(6)); + assertThat(modules.size(), is(5)); } } diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginTests.java index d7c4e368070..974d32508cf 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginTests.java @@ -10,7 +10,6 @@ import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.marvel.agent.AgentService; import org.elasticsearch.marvel.agent.settings.MarvelSettings; -import org.elasticsearch.marvel.shield.MarvelShieldIntegration; import org.elasticsearch.marvel.test.MarvelIntegTestCase; import org.elasticsearch.plugins.PluginInfo; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; @@ -45,14 +44,12 @@ public class MarvelPluginTests extends MarvelIntegTestCase { internalCluster().startNode(Settings.builder().put(MarvelPlugin.ENABLED, true).put(MarvelPlugin.TRIBE_NAME_SETTING, "t1").build()); assertPluginIsLoaded(); assertServiceIsBound(AgentService.class); - assertServiceIsBound(MarvelShieldIntegration.class); } public void testMarvelDisabledOnTribeNode() { internalCluster().startNode(Settings.builder().put(MarvelPlugin.TRIBE_NAME_SETTING, "t1").build()); assertPluginIsLoaded(); assertServiceIsNotBound(AgentService.class); - assertServiceIsBound(MarvelShieldIntegration.class); } private void assertPluginIsLoaded() { diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/ExportersTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/ExportersTests.java index fb3d2820d48..200bad67008 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/ExportersTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/ExportersTests.java @@ -15,7 +15,6 @@ import org.elasticsearch.marvel.agent.exporter.local.LocalExporter; import org.elasticsearch.marvel.agent.renderer.RendererRegistry; import org.elasticsearch.marvel.agent.settings.MarvelSettings; import org.elasticsearch.marvel.cleaner.CleanerService; -import org.elasticsearch.marvel.shield.MarvelSettingsFilter; import org.elasticsearch.shield.InternalClient; import org.elasticsearch.test.ESTestCase; import org.junit.Before; @@ -46,7 +45,6 @@ import static org.mockito.Mockito.when; public class ExportersTests extends ESTestCase { private Exporters exporters; private Map factories; - private MarvelSettingsFilter settingsFilter; private ClusterService clusterService; private ClusterSettings clusterSettings; @@ -61,8 +59,7 @@ public class ExportersTests extends ESTestCase { // we always need to have the local exporter as it serves as the default one factories.put(LocalExporter.TYPE, new LocalExporter.Factory(new InternalClient.Insecure(client), clusterService, mock(RendererRegistry.class), mock(CleanerService.class))); clusterSettings = new ClusterSettings(Settings.EMPTY, new HashSet<>(Arrays.asList(MarvelSettings.COLLECTORS_SETTING, MarvelSettings.INTERVAL_SETTING, Exporters.EXPORTERS_SETTING))); - settingsFilter = mock(MarvelSettingsFilter.class); - exporters = new Exporters(Settings.EMPTY, factories, settingsFilter, clusterService, clusterSettings); + exporters = new Exporters(Settings.EMPTY, factories, clusterService, clusterSettings); } public void testInitExportersDefault() throws Exception { @@ -178,7 +175,7 @@ public class ExportersTests extends ESTestCase { exporters = new Exporters(Settings.builder() .put("marvel.agent.exporters._name0.type", "_type") .put("marvel.agent.exporters._name1.type", "_type") - .build(), factories, settingsFilter, clusterService, clusterSettings) { + .build(), factories, clusterService, clusterSettings) { @Override CurrentExporters initExporters(Settings settings) { settingsHolder.set(settings); @@ -215,7 +212,7 @@ public class ExportersTests extends ESTestCase { Exporters exporters = new Exporters(Settings.builder() .put("marvel.agent.exporters._name0.type", "mock") .put("marvel.agent.exporters._name1.type", "mock_master_only") - .build(), factories, settingsFilter, clusterService, clusterSettings); + .build(), factories, clusterService, clusterSettings); exporters.start(); DiscoveryNode localNode = mock(DiscoveryNode.class); @@ -239,7 +236,7 @@ public class ExportersTests extends ESTestCase { Exporters exporters = new Exporters(Settings.builder() .put("marvel.agent.exporters._name0.type", "mock") .put("marvel.agent.exporters._name1.type", "mock_master_only") - .build(), factories, settingsFilter, clusterService, clusterSettings); + .build(), factories, clusterService, clusterSettings); exporters.start(); DiscoveryNode localNode = mock(DiscoveryNode.class); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldModule.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldModule.java index 43a0c7f3e25..f8ba964a3e4 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldModule.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldModule.java @@ -23,9 +23,7 @@ public class ShieldModule extends AbstractShieldModule { bind(SecurityContext.Secure.class).asEagerSingleton(); bind(SecurityContext.class).to(SecurityContext.Secure.class); bind(ShieldLifecycleService.class).asEagerSingleton(); - bind(ShieldSettingsFilter.class).asEagerSingleton(); bind(ShieldTemplateService.class).asEagerSingleton(); - bind(InternalClient.Secure.class).asEagerSingleton(); bind(InternalClient.class).to(InternalClient.Secure.class); } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldPlugin.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldPlugin.java index 3dbbf192962..54391d455c2 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldPlugin.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldPlugin.java @@ -39,6 +39,7 @@ import org.elasticsearch.shield.audit.AuditTrailModule; import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail; import org.elasticsearch.shield.authc.AuthenticationModule; import org.elasticsearch.shield.authc.Realms; +import org.elasticsearch.shield.authc.ldap.support.SessionFactory; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.authz.AuthorizationModule; @@ -186,6 +187,19 @@ public class ShieldPlugin extends Plugin { settingsModule.registerSetting(Setting.boolSetting("plugins.load_classpath_plugins", true, false, Setting.Scope.CLUSTER)); // TODO add real settings for this wildcard here settingsModule.registerSetting(Setting.groupSetting("shield.", false, Setting.Scope.CLUSTER)); + String[] asArray = settings.getAsArray("shield.hide_settings"); + for (String pattern : asArray) { + settingsModule.registerSettingsFilter(pattern); + } + settingsModule.registerSettingsFilter("shield.hide_settings"); + settingsModule.registerSettingsFilter("shield.ssl.*"); + settingsModule.registerSettingsFilter("shield.authc.realms.*.bind_dn"); + settingsModule.registerSettingsFilter("shield.authc.realms.*.bind_password"); + settingsModule.registerSettingsFilter("shield.authc.realms.*." + SessionFactory.HOSTNAME_VERIFICATION_SETTING); + settingsModule.registerSettingsFilter("shield.authc.realms.*.truststore.password"); + settingsModule.registerSettingsFilter("shield.authc.realms.*.truststore.path"); + settingsModule.registerSettingsFilter("shield.authc.realms.*.truststore.algorithm"); + settingsModule.registerSettingsFilter("transport.profiles.*.shield.*"); } @Override diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldSettingsFilter.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldSettingsFilter.java deleted file mode 100644 index fb96fa11263..00000000000 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldSettingsFilter.java +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.shield; - -import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.settings.SettingsFilter; - -/** - * - */ -public class ShieldSettingsFilter { - - static final String HIDE_SETTINGS_SETTING = "shield.hide_settings"; - - private final SettingsFilter filter; - - @Inject - public ShieldSettingsFilter(Settings settings, SettingsFilter settingsFilter) { - this.filter = settingsFilter; - filter.addFilter(HIDE_SETTINGS_SETTING); - filterOut(settings.getAsArray(HIDE_SETTINGS_SETTING)); - } - - public void filterOut(String... patterns) { - for (String pattern : patterns) { - filter.addFilter(pattern); - } - } -} diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realm.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realm.java index fed1d1b5a94..a22195c2bec 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realm.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realm.java @@ -7,7 +7,6 @@ package org.elasticsearch.shield.authc; import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.util.concurrent.ThreadContext; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.User; /** @@ -122,9 +121,6 @@ public abstract class Realm implements Comparable return internal; } - public void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - } - /** * Creates a new realm based on the given settigns. * diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java index de7242c3113..dd2c663cabc 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java @@ -10,7 +10,6 @@ import org.elasticsearch.common.component.AbstractLifecycleComponent; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.authc.esnative.ESNativeRealm; import org.elasticsearch.shield.authc.esusers.ESUsersRealm; import org.elasticsearch.shield.license.ShieldLicenseState; @@ -30,7 +29,6 @@ public class Realms extends AbstractLifecycleComponent implements Iterab private final Environment env; private final Map factories; - private final ShieldSettingsFilter settingsFilter; private final ShieldLicenseState shieldLicenseState; protected List realms = Collections.emptyList(); @@ -38,12 +36,10 @@ public class Realms extends AbstractLifecycleComponent implements Iterab protected List internalRealmsOnly = Collections.emptyList(); @Inject - public Realms(Settings settings, Environment env, Map factories, - ShieldSettingsFilter settingsFilter, ShieldLicenseState shieldLicenseState) { + public Realms(Settings settings, Environment env, Map factories, ShieldLicenseState shieldLicenseState) { super(settings); this.env = env; this.factories = factories; - this.settingsFilter = settingsFilter; this.shieldLicenseState = shieldLicenseState; } @@ -108,7 +104,6 @@ public class Realms extends AbstractLifecycleComponent implements Iterab if (factory == null) { throw new IllegalArgumentException("unknown realm type [" + type + "] set for realm [" + name + "]"); } - factory.filterOutSensitiveSettings(name, settingsFilter); RealmConfig config = new RealmConfig(name, realmSettings, settings, env); if (!config.enabled()) { if (logger.isDebugEnabled()) { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealm.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealm.java index a18433d6663..bf5791c19e8 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealm.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealm.java @@ -7,7 +7,6 @@ package org.elasticsearch.shield.authc.activedirectory; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.rest.RestController; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.authc.RealmConfig; import org.elasticsearch.shield.authc.ldap.support.AbstractLdapRealm; import org.elasticsearch.shield.authc.support.DnRoleMapper; @@ -40,11 +39,6 @@ public class ActiveDirectoryRealm extends AbstractLdapRealm { this.clientSSLService = clientSSLService; } - @Override - public void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - ActiveDirectorySessionFactory.filterOutSensitiveSettings(realmName, filter); - } - @Override public ActiveDirectoryRealm create(RealmConfig config) { ActiveDirectorySessionFactory connectionFactory = new ActiveDirectorySessionFactory(config, clientSSLService); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java index 78ae821eafb..9bc870c88a2 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java @@ -11,7 +11,6 @@ import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResult; import org.elasticsearch.common.Strings; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.authc.RealmConfig; import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope; import org.elasticsearch.shield.authc.ldap.support.LdapSession; @@ -62,9 +61,6 @@ public class ActiveDirectorySessionFactory extends SessionFactory { groupResolver = new ActiveDirectoryGroupsResolver(settings.getAsSettings("group_search"), domainDN); } - static void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - filter.filterOut("shield.authc.realms." + realmName + "." + HOSTNAME_VERIFICATION_SETTING); - } @Override protected LDAPServers ldapServers(Settings settings) { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java index 3ec880f06c4..78badf4cf8f 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java @@ -9,7 +9,6 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.rest.RestController; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.authc.RealmConfig; import org.elasticsearch.shield.authc.ldap.support.AbstractLdapRealm; import org.elasticsearch.shield.authc.ldap.support.SessionFactory; @@ -42,11 +41,6 @@ public class LdapRealm extends AbstractLdapRealm { this.clientSSLService = clientSSLService; } - @Override - public void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - LdapUserSearchSessionFactory.filterOutSensitiveSettings(realmName, filter); - } - @Override public LdapRealm create(RealmConfig config) { try { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java index 9c250f1276c..07e6bb5497d 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java @@ -17,7 +17,6 @@ import org.elasticsearch.common.Strings; import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.authc.RealmConfig; import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope; import org.elasticsearch.shield.authc.ldap.support.LdapSession; @@ -73,12 +72,6 @@ public class LdapUserSearchSessionFactory extends SessionFactory { return connectionPool; } - static void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - filter.filterOut("shield.authc.realms." + realmName + ".bind_dn"); - filter.filterOut("shield.authc.realms." + realmName + ".bind_password"); - filter.filterOut("shield.authc.realms." + realmName + "." + HOSTNAME_VERIFICATION_SETTING); - } - static LDAPConnectionPool createConnectionPool(RealmConfig config, ServerSet serverSet, TimeValue timeout, ESLogger logger) { Settings settings = config.settings(); SimpleBindRequest bindRequest = bindRequest(settings); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/PkiRealm.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/PkiRealm.java index ecbc0c40e92..4583305c6b4 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/PkiRealm.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/PkiRealm.java @@ -11,7 +11,6 @@ import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.User; import org.elasticsearch.shield.authc.AuthenticationToken; import org.elasticsearch.shield.authc.Realm; @@ -183,12 +182,6 @@ public class PkiRealm extends Realm { return trustManagerList.toArray(new X509TrustManager[trustManagerList.size()]); } - static void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - filter.filterOut("shield.authc.realms." + realmName + "." + "truststore.password"); - filter.filterOut("shield.authc.realms." + realmName + "." + "truststore.path"); - filter.filterOut("shield.authc.realms." + realmName + "." + "truststore.algorithm"); - } - /** * Checks to see if both SSL and Client authentication are enabled on at least one network communication layer. If * not an error message will be logged @@ -234,11 +227,6 @@ public class PkiRealm extends Realm { this.watcherService = watcherService; } - @Override - public void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - PkiRealm.filterOutSensitiveSettings(realmName, filter); - } - @Override public PkiRealm create(RealmConfig config) { DnRoleMapper roleMapper = new DnRoleMapper(TYPE, config, watcherService, null); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ServerSSLService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ServerSSLService.java index abc6708d453..7e380dada84 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ServerSSLService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ServerSSLService.java @@ -8,17 +8,12 @@ package org.elasticsearch.shield.ssl; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; public class ServerSSLService extends AbstractSSLService { @Inject - public ServerSSLService(Settings settings, ShieldSettingsFilter settingsFilter, Environment environment) { + public ServerSSLService(Settings settings, Environment environment) { super(settings, environment); - - // we need to filter out all this sensitive information from all rest - // responses - settingsFilter.filterOut("shield.ssl.*"); } @Override diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java index 572fa164336..801b2103406 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java @@ -13,7 +13,6 @@ import org.elasticsearch.common.io.stream.NamedWriteableRegistry; import org.elasticsearch.common.network.NetworkService; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.BigArrays; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.ssl.ClientSSLService; import org.elasticsearch.shield.ssl.ServerSSLService; import org.elasticsearch.shield.transport.SSLClientAuth; @@ -51,20 +50,18 @@ public class ShieldNettyTransport extends NettyTransport { private final ServerSSLService serverSslService; private final ClientSSLService clientSSLService; - private final ShieldSettingsFilter settingsFilter; private final @Nullable IPFilter authenticator; private final boolean ssl; @Inject public ShieldNettyTransport(Settings settings, ThreadPool threadPool, NetworkService networkService, BigArrays bigArrays, Version version, @Nullable IPFilter authenticator, @Nullable ServerSSLService serverSSLService, ClientSSLService clientSSLService, - ShieldSettingsFilter settingsFilter, NamedWriteableRegistry namedWriteableRegistry) { + NamedWriteableRegistry namedWriteableRegistry) { super(settings, threadPool, networkService, bigArrays, version, namedWriteableRegistry); this.authenticator = authenticator; this.ssl = settings.getAsBoolean(TRANSPORT_SSL_SETTING, TRANSPORT_SSL_DEFAULT); this.serverSslService = serverSSLService; this.clientSSLService = clientSSLService; - this.settingsFilter = settingsFilter; } @Override @@ -120,7 +117,6 @@ public class ShieldNettyTransport extends NettyTransport { public SslServerChannelPipelineFactory(NettyTransport nettyTransport, String name, Settings settings, Settings profileSettings) { super(nettyTransport, name, settings); this.profileSettings = profileSettings; - settingsFilter.filterOut("transport.profiles." + name + ".shield.*"); } @Override diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java index 3877bfe3af8..9a3de732eba 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java @@ -12,7 +12,6 @@ import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.network.NetworkService; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.settings.SettingsFilter; import org.elasticsearch.common.settings.SettingsModule; import org.elasticsearch.indices.breaker.CircuitBreakerModule; import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail; @@ -35,7 +34,7 @@ public class AuditTrailModuleTests extends ESTestCase { .put("client.type", "node") .put("shield.audit.enabled", false) .build(); - SettingsModule settingsModule = new SettingsModule(settings, new SettingsFilter(settings)); + SettingsModule settingsModule = new SettingsModule(settings); settingsModule.registerSetting(Setting.boolSetting("shield.audit.enabled", true, false, Setting.Scope.CLUSTER)); Injector injector = Guice.createInjector(settingsModule, new AuditTrailModule(settings)); AuditTrail auditTrail = injector.getInstance(AuditTrail.class); @@ -45,7 +44,7 @@ public class AuditTrailModuleTests extends ESTestCase { public void testDisabledByDefault() throws Exception { Settings settings = Settings.builder() .put("client.type", "node").build(); - Injector injector = Guice.createInjector(new SettingsModule(settings, new SettingsFilter(settings)), new AuditTrailModule(settings)); + Injector injector = Guice.createInjector(new SettingsModule(settings), new AuditTrailModule(settings)); AuditTrail auditTrail = injector.getInstance(AuditTrail.class); assertThat(auditTrail, is(AuditTrail.NOOP)); } @@ -57,7 +56,7 @@ public class AuditTrailModuleTests extends ESTestCase { .build(); ThreadPool pool = new ThreadPool("testLogFile"); try { - SettingsModule settingsModule = new SettingsModule(settings, new SettingsFilter(settings)); + SettingsModule settingsModule = new SettingsModule(settings); settingsModule.registerSetting(Setting.boolSetting("shield.audit.enabled", true, false, Setting.Scope.CLUSTER)); Injector injector = Guice.createInjector( settingsModule, @@ -89,7 +88,7 @@ public class AuditTrailModuleTests extends ESTestCase { .put("shield.audit.outputs" , "foo") .put("client.type", "node") .build(); - SettingsModule settingsModule = new SettingsModule(settings, new SettingsFilter(settings)); + SettingsModule settingsModule = new SettingsModule(settings); settingsModule.registerSetting(Setting.boolSetting("shield.audit.enabled", true, false, Setting.Scope.CLUSTER)); settingsModule.registerSetting(Setting.simpleString("shield.audit.outputs", false, Setting.Scope.CLUSTER)); try { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java index c851c6dae0a..e566cce7f6b 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java @@ -13,7 +13,6 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.env.Environment; import org.elasticsearch.rest.RestRequest; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.SystemUser; import org.elasticsearch.shield.User; import org.elasticsearch.shield.audit.AuditTrail; @@ -86,7 +85,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase { Settings settings = Settings.builder().put("path.home", createTempDir()).build(); ShieldLicenseState shieldLicenseState = mock(ShieldLicenseState.class); when(shieldLicenseState.customRealmsEnabled()).thenReturn(true); - realms = new Realms(Settings.EMPTY, new Environment(settings), Collections.emptyMap(), mock(ShieldSettingsFilter.class), shieldLicenseState) { + realms = new Realms(Settings.EMPTY, new Environment(settings), Collections.emptyMap(), shieldLicenseState) { @Override protected void doStart() { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java index f9c63dd6715..d336270324e 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java @@ -8,7 +8,6 @@ package org.elasticsearch.shield.authc; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.User; import org.elasticsearch.shield.authc.esusers.ESUsersRealm; import org.elasticsearch.shield.authc.ldap.LdapRealm; @@ -36,7 +35,6 @@ import static org.mockito.Mockito.when; */ public class RealmsTests extends ESTestCase { private Map factories; - private ShieldSettingsFilter settingsFilter; private ShieldLicenseState shieldLicenseState; @Before @@ -47,7 +45,6 @@ public class RealmsTests extends ESTestCase { DummyRealm.Factory factory = new DummyRealm.Factory("type_" + i, rarely()); factories.put("type_" + i, factory); } - settingsFilter = mock(ShieldSettingsFilter.class); shieldLicenseState = mock(ShieldLicenseState.class); when(shieldLicenseState.customRealmsEnabled()).thenReturn(true); } @@ -68,7 +65,7 @@ public class RealmsTests extends ESTestCase { } Settings settings = builder.build(); Environment env = new Environment(settings); - Realms realms = new Realms(settings, env, factories, settingsFilter, shieldLicenseState); + Realms realms = new Realms(settings, env, factories, shieldLicenseState); realms.start(); int i = 0; for (Realm realm : realms) { @@ -90,7 +87,7 @@ public class RealmsTests extends ESTestCase { .build(); Environment env = new Environment(settings); try { - new Realms(settings, env, factories, settingsFilter, shieldLicenseState).start(); + new Realms(settings, env, factories, shieldLicenseState).start(); fail("Expected IllegalArgumentException"); } catch (IllegalArgumentException e) { assertThat(e.getMessage(), containsString("multiple [esusers] realms are configured")); @@ -99,7 +96,7 @@ public class RealmsTests extends ESTestCase { public void testWithEmptySettings() throws Exception { Realms realms = new Realms(Settings.EMPTY, new Environment(Settings.builder().put("path.home", createTempDir()).build()), - factories, settingsFilter, shieldLicenseState); + factories, shieldLicenseState); realms.start(); Iterator iter = realms.iterator(); assertThat(iter.hasNext(), is(true)); @@ -126,7 +123,7 @@ public class RealmsTests extends ESTestCase { } Settings settings = builder.build(); Environment env = new Environment(settings); - Realms realms = new Realms(settings, env, factories, settingsFilter, shieldLicenseState); + Realms realms = new Realms(settings, env, factories, shieldLicenseState); realms.start(); int i = 0; // this is the iterator when licensed @@ -158,7 +155,7 @@ public class RealmsTests extends ESTestCase { .put("shield.authc.realms.custom.order", "1"); Settings settings = builder.build(); Environment env = new Environment(settings); - Realms realms = new Realms(settings, env, factories, settingsFilter, shieldLicenseState); + Realms realms = new Realms(settings, env, factories, shieldLicenseState); realms.start(); int i = 0; // this is the iterator when licensed @@ -199,7 +196,7 @@ public class RealmsTests extends ESTestCase { } Settings settings = builder.build(); Environment env = new Environment(settings); - Realms realms = new Realms(settings, env, factories, mock(ShieldSettingsFilter.class), shieldLicenseState); + Realms realms = new Realms(settings, env, factories, shieldLicenseState); realms.start(); Iterator iterator = realms.iterator(); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ServerSSLServiceTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ServerSSLServiceTests.java index 8274d661c4d..e75c41bf808 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ServerSSLServiceTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ServerSSLServiceTests.java @@ -9,7 +9,6 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.test.ESTestCase; import org.junit.Before; @@ -37,13 +36,11 @@ import static org.mockito.Mockito.mock; public class ServerSSLServiceTests extends ESTestCase { Path testnodeStore; - ShieldSettingsFilter settingsFilter; Environment env; @Before public void setup() throws Exception { testnodeStore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks"); - settingsFilter = mock(ShieldSettingsFilter.class); env = new Environment(settingsBuilder().put("path.home", createTempDir()).build()); } @@ -56,7 +53,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.truststore.password", "testnode") .build(); try { - new ServerSSLService(settings, settingsFilter, env).createSSLEngine(); + new ServerSSLService(settings, env).createSSLEngine(); fail("expected an exception"); } catch (ElasticsearchException e) { assertThat(e.getMessage(), containsString("failed to initialize the SSLContext")); @@ -70,7 +67,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") .build(); - ServerSSLService sslService = new ServerSSLService(settings, settingsFilter, env); + ServerSSLService sslService = new ServerSSLService(settings, env); Settings.Builder settingsBuilder = settingsBuilder() .put("truststore.path", testClientStore) @@ -87,7 +84,7 @@ public class ServerSSLServiceTests extends ESTestCase { ServerSSLService sslService = new ServerSSLService(settingsBuilder() .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") - .build(), settingsFilter, env); + .build(), env); SSLContext sslContext = sslService.sslContext(); SSLContext cachedSslContext = sslService.sslContext(); @@ -101,7 +98,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.keystore.path", differentPasswordsStore) .put("shield.ssl.keystore.password", "testnode") .put("shield.ssl.keystore.key_password", "testnode1") - .build(), settingsFilter, env).createSSLEngine(); + .build(), env).createSSLEngine(); } public void testIncorrectKeyPasswordThrowsException() throws Exception { @@ -110,7 +107,7 @@ public class ServerSSLServiceTests extends ESTestCase { new ServerSSLService(settingsBuilder() .put("shield.ssl.keystore.path", differentPasswordsStore) .put("shield.ssl.keystore.password", "testnode") - .build(), settingsFilter, env).createSSLEngine(); + .build(), env).createSSLEngine(); fail("expected an exception"); } catch (ElasticsearchException e) { assertThat(e.getMessage(), containsString("failed to initialize a KeyManagerFactory")); @@ -121,7 +118,7 @@ public class ServerSSLServiceTests extends ESTestCase { ServerSSLService sslService = new ServerSSLService(settingsBuilder() .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") - .build(), settingsFilter, env); + .build(), env); SSLEngine engine = sslService.createSSLEngine(); assertThat(Arrays.asList(engine.getEnabledProtocols()), not(hasItem("SSLv3"))); } @@ -130,7 +127,7 @@ public class ServerSSLServiceTests extends ESTestCase { ServerSSLService sslService = new ServerSSLService(settingsBuilder() .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") - .build(), settingsFilter, env); + .build(), env); SSLSessionContext context = sslService.sslContext().getServerSessionContext(); assertThat(context.getSessionCacheSize(), equalTo(1000)); assertThat(context.getSessionTimeout(), equalTo((int) TimeValue.timeValueHours(24).seconds())); @@ -142,14 +139,14 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.keystore.password", "testnode") .put("shield.ssl.session.cache_size", "300") .put("shield.ssl.session.cache_timeout", "600s") - .build(), settingsFilter, env); + .build(), env); SSLSessionContext context = sslService.sslContext().getServerSessionContext(); assertThat(context.getSessionCacheSize(), equalTo(300)); assertThat(context.getSessionTimeout(), equalTo(600)); } public void testThatCreateSSLEngineWithoutAnySettingsDoesNotWork() throws Exception { - ServerSSLService sslService = new ServerSSLService(Settings.EMPTY, settingsFilter, env); + ServerSSLService sslService = new ServerSSLService(Settings.EMPTY, env); try { sslService.createSSLEngine(); fail("Expected IllegalArgumentException"); @@ -162,7 +159,7 @@ public class ServerSSLServiceTests extends ESTestCase { ServerSSLService sslService = new ServerSSLService(settingsBuilder() .put("shield.ssl.truststore.path", testnodeStore) .put("shield.ssl.truststore.password", "testnode") - .build(), settingsFilter, env); + .build(), env); try { sslService.createSSLEngine(); fail("Expected IllegalArgumentException"); @@ -176,7 +173,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") .put("shield.ssl.truststore.path", testnodeStore) - .build(), settingsFilter, env); + .build(), env); try { sslService.sslContext(); fail("Expected IllegalArgumentException"); @@ -188,7 +185,7 @@ public class ServerSSLServiceTests extends ESTestCase { public void testThatKeystorePasswordIsRequired() throws Exception { ServerSSLService sslService = new ServerSSLService(settingsBuilder() .put("shield.ssl.keystore.path", testnodeStore) - .build(), settingsFilter, env); + .build(), env); try { sslService.sslContext(); fail("Expected IllegalArgumentException"); @@ -205,7 +202,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") .putArray("shield.ssl.ciphers", ciphers.toArray(new String[ciphers.size()])) - .build(), settingsFilter, env); + .build(), env); SSLEngine engine = sslService.createSSLEngine(); assertThat(engine, is(notNullValue())); String[] enabledCiphers = engine.getEnabledCipherSuites(); @@ -217,7 +214,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") .putArray("shield.ssl.ciphers", new String[] { "foo", "bar" }) - .build(), settingsFilter, env); + .build(), env); try { sslService.createSSLEngine(); fail("Expected IllegalArgumentException"); @@ -231,7 +228,7 @@ public class ServerSSLServiceTests extends ESTestCase { ServerSSLService sslService = new ServerSSLService(settingsBuilder() .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") - .build(), settingsFilter, env); + .build(), env); SSLSocketFactory factory = sslService.sslSocketFactory(); assertThat(factory.getDefaultCipherSuites(), is(sslService.ciphers())); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java index 16956ef3a7f..82859d56032 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java @@ -9,7 +9,6 @@ import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsFilter; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.ssl.ServerSSLService; import org.elasticsearch.test.ESTestCase; import org.jboss.netty.bootstrap.ClientBootstrap; @@ -77,8 +76,7 @@ public class HandshakeWaitingHandlerTests extends ESTestCase { .put("shield.ssl.keystore.password", "testnode") .build(); Environment env = new Environment(settingsBuilder().put("path.home", createTempDir()).build()); - ShieldSettingsFilter settingsFilter = new ShieldSettingsFilter(settings, new SettingsFilter(settings)); - ServerSSLService sslService = new ServerSSLService(settings, settingsFilter, env); + ServerSSLService sslService = new ServerSSLService(settings, env); sslContext = sslService.sslContext(); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java index 98679a994dd..bbc288b1c67 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java @@ -11,7 +11,6 @@ import org.elasticsearch.common.settings.SettingsFilter; import org.elasticsearch.common.util.BigArrays; import org.elasticsearch.env.Environment; import org.elasticsearch.http.netty.NettyHttpMockUtil; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.ssl.ServerSSLService; import org.elasticsearch.shield.transport.SSLClientAuth; import org.elasticsearch.shield.transport.filter.IPFilter; @@ -40,8 +39,7 @@ public class ShieldNettyHttpServerTransportTests extends ESTestCase { .put("shield.ssl.keystore.password", "testnode") .build(); Environment env = new Environment(settingsBuilder().put("path.home", createTempDir()).build()); - ShieldSettingsFilter settingsFilter = new ShieldSettingsFilter(settings, new SettingsFilter(settings)); - serverSSLService = new ServerSSLService(settings, settingsFilter, env); + serverSSLService = new ServerSSLService(settings, env); } public void testDefaultClientAuth() throws Exception { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransportTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransportTests.java index 245ed61a71e..126d2aecbd2 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransportTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransportTests.java @@ -12,7 +12,6 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsFilter; import org.elasticsearch.common.util.BigArrays; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.ssl.ClientSSLService; import org.elasticsearch.shield.ssl.ServerSSLService; import org.elasticsearch.shield.transport.SSLClientAuth; @@ -35,7 +34,6 @@ import static org.mockito.Mockito.mock; public class ShieldNettyTransportTests extends ESTestCase { private ServerSSLService serverSSLService; private ClientSSLService clientSSLService; - private ShieldSettingsFilter settingsFilter; @Before public void createSSLService() throws Exception { @@ -45,15 +43,14 @@ public class ShieldNettyTransportTests extends ESTestCase { .put("shield.ssl.keystore.password", "testnode") .build(); Environment env = new Environment(settingsBuilder().put("path.home", createTempDir()).build()); - settingsFilter = new ShieldSettingsFilter(settings, new SettingsFilter(settings)); - serverSSLService = new ServerSSLService(settings, settingsFilter, env); + serverSSLService = new ServerSSLService(settings, env); clientSSLService = new ClientSSLService(settings); clientSSLService.setEnvironment(env); } public void testThatSSLCanBeDisabledByProfile() throws Exception { Settings settings = settingsBuilder().put("shield.transport.ssl", true).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", settingsBuilder().put("shield.ssl", false).build()); assertThat(factory.getPipeline().get(SslHandler.class), nullValue()); @@ -61,7 +58,7 @@ public class ShieldNettyTransportTests extends ESTestCase { public void testThatSSLCanBeEnabledByProfile() throws Exception { Settings settings = settingsBuilder().put("shield.transport.ssl", false).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", settingsBuilder().put("shield.ssl", true).build()); assertThat(factory.getPipeline().get(SslHandler.class), notNullValue()); @@ -69,7 +66,7 @@ public class ShieldNettyTransportTests extends ESTestCase { public void testThatProfileTakesDefaultSSLSetting() throws Exception { Settings settings = settingsBuilder().put("shield.transport.ssl", true).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY); assertThat(factory.getPipeline().get(SslHandler.class).getEngine(), notNullValue()); @@ -77,7 +74,7 @@ public class ShieldNettyTransportTests extends ESTestCase { public void testDefaultClientAuth() throws Exception { Settings settings = settingsBuilder().put("shield.transport.ssl", true).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true)); @@ -89,7 +86,7 @@ public class ShieldNettyTransportTests extends ESTestCase { Settings settings = settingsBuilder() .put("shield.transport.ssl", true) .put(ShieldNettyTransport.TRANSPORT_CLIENT_AUTH_SETTING, value).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true)); @@ -101,7 +98,7 @@ public class ShieldNettyTransportTests extends ESTestCase { Settings settings = settingsBuilder() .put("shield.transport.ssl", true) .put(ShieldNettyTransport.TRANSPORT_CLIENT_AUTH_SETTING, value).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false)); @@ -113,7 +110,7 @@ public class ShieldNettyTransportTests extends ESTestCase { Settings settings = settingsBuilder() .put("shield.transport.ssl", true) .put(ShieldNettyTransport.TRANSPORT_CLIENT_AUTH_SETTING, value).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false)); @@ -123,7 +120,7 @@ public class ShieldNettyTransportTests extends ESTestCase { public void testProfileRequiredClientAuth() throws Exception { String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true", "TRUE"); Settings settings = settingsBuilder().put("shield.transport.ssl", true).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.builder().put(ShieldNettyTransport.TRANSPORT_PROFILE_CLIENT_AUTH_SETTING, value).build()); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true)); @@ -133,7 +130,7 @@ public class ShieldNettyTransportTests extends ESTestCase { public void testProfileNoClientAuth() throws Exception { String value = randomFrom(SSLClientAuth.NO.name(), "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT)); Settings settings = settingsBuilder().put("shield.transport.ssl", true).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.builder().put(ShieldNettyTransport.TRANSPORT_PROFILE_CLIENT_AUTH_SETTING, value).build()); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false)); @@ -143,7 +140,7 @@ public class ShieldNettyTransportTests extends ESTestCase { public void testProfileOptionalClientAuth() throws Exception { String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT)); Settings settings = settingsBuilder().put("shield.transport.ssl", true).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.builder().put(ShieldNettyTransport.TRANSPORT_PROFILE_CLIENT_AUTH_SETTING, value).build()); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false)); diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/WatcherPlugin.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/WatcherPlugin.java index 8b523738515..4dbfb048aa1 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/WatcherPlugin.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/WatcherPlugin.java @@ -28,6 +28,7 @@ import org.elasticsearch.watcher.actions.email.service.InternalEmailService; import org.elasticsearch.watcher.actions.hipchat.service.HipChatService; import org.elasticsearch.watcher.actions.hipchat.service.InternalHipChatService; import org.elasticsearch.watcher.actions.pagerduty.service.InternalPagerDutyService; +import org.elasticsearch.watcher.actions.pagerduty.service.PagerDutyAccount; import org.elasticsearch.watcher.actions.pagerduty.service.PagerDutyService; import org.elasticsearch.watcher.actions.slack.service.InternalSlackService; import org.elasticsearch.watcher.actions.slack.service.SlackService; @@ -217,6 +218,14 @@ public class WatcherPlugin extends Plugin { module.registerSetting(Setting.simpleString("watcher.execution.scroll.timeout", false, Setting.Scope.CLUSTER)); module.registerSetting(Setting.simpleString("watcher.start_immediately", false, Setting.Scope.CLUSTER)); module.registerSetting(Setting.simpleString("watcher.http.default_connection_timeout", false, Setting.Scope.CLUSTER)); + + module.registerSettingsFilter("watcher.actions.email.service.account.*.smtp.password"); + module.registerSettingsFilter("watcher.actions.slack.service.account.*.url"); + module.registerSettingsFilter("watcher.actions.hipchat.service.account.*.url"); + module.registerSettingsFilter("watcher.actions.pagerduty.service.account.*.url"); + module.registerSettingsFilter("watcher.actions.pagerduty.service." + PagerDutyAccount.SERVICE_KEY_SETTING); + module.registerSettingsFilter("watcher.actions.pagerduty.service.account.*." + PagerDutyAccount.SERVICE_KEY_SETTING); + module.registerSettingsFilter("watcher.actions.hipchat.service.account.*.auth_token"); } public void onModule(NetworkModule module) { diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/email/service/InternalEmailService.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/email/service/InternalEmailService.java index 4d4fadb72c3..860595f73d0 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/email/service/InternalEmailService.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/email/service/InternalEmailService.java @@ -12,7 +12,6 @@ import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.watcher.shield.WatcherSettingsFilter; import org.elasticsearch.watcher.support.secret.SecretService; import javax.mail.MessagingException; @@ -30,11 +29,10 @@ public class InternalEmailService extends AbstractLifecycleComponent HIPCHAT_ACCOUNT_SETTING = Setting.groupSetting("watcher.actions.hipchat.service.", true, Setting.Scope.CLUSTER); @Inject - public InternalHipChatService(Settings settings, HttpClient httpClient, ClusterSettings clusterSettings, WatcherSettingsFilter settingsFilter) { + public InternalHipChatService(Settings settings, HttpClient httpClient, ClusterSettings clusterSettings) { super(settings); this.httpClient = httpClient; - settingsFilter.filterOut("watcher.actions.hipchat.service.account.*.auth_token"); clusterSettings.addSettingsUpdateConsumer(HIPCHAT_ACCOUNT_SETTING, this::setHipchatAccountSetting); } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/pagerduty/service/InternalPagerDutyService.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/pagerduty/service/InternalPagerDutyService.java index 5af254548ac..b40551ff8d8 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/pagerduty/service/InternalPagerDutyService.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/pagerduty/service/InternalPagerDutyService.java @@ -10,7 +10,6 @@ import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.watcher.shield.WatcherSettingsFilter; import org.elasticsearch.watcher.support.http.HttpClient; /** @@ -24,14 +23,9 @@ public class InternalPagerDutyService extends AbstractLifecycleComponent settings = (Map) ((Map) node).get("settings"); assertThat(XContentMapValues.extractValue("watcher.actions.email.service.account._email.smtp.user", settings), is((Object) "_user")); - if (shieldEnabled()) { - assertThat(XContentMapValues.extractValue("watcher.actions.email.service.account._email.smtp.password", settings), nullValue()); - } else { - assertThat(XContentMapValues.extractValue("watcher.actions.email.service.account._email.smtp.password", settings), is((Object) "_passwd")); - } + assertThat(XContentMapValues.extractValue("watcher.actions.email.service.account._email.smtp.password", settings), nullValue()); } }