From 1c5d04c99b8ae6fab4b66701b188ce99ccf6ef90 Mon Sep 17 00:00:00 2001 From: Simon Willnauer Date: Wed, 3 Feb 2016 21:26:08 +0100 Subject: [PATCH] Cleanup settings filtering after elastic/elasticsearchelastic/elasticsearch#16425 This change registers all filtered settings up-front and removes all the unnecessary wrappers around SettingsFilter. This is a pretty big change and needs some review but after all things are generally simplified and settings are always filtered even if shield is not enabled which is the right thing todo. Relates to elastic/elasticsearchelastic/elasticsearch#16425 Original commit: elastic/x-pack-elasticsearch@c7df85492b5a13b426921c375a4fb888c78b214a --- .../elasticsearch/marvel/MarvelPlugin.java | 9 +--- .../indices/IndexRecoveryCollector.java | 4 +- .../indices/IndexStatsCollector.java | 4 +- .../indices/IndicesStatsCollector.java | 4 +- .../marvel/agent/exporter/Exporter.java | 4 -- .../marvel/agent/exporter/Exporters.java | 6 +-- .../agent/exporter/http/HttpExporter.java | 6 --- .../marvel/shield/MarvelSettingsFilter.java | 43 ------------------- .../shield/MarvelShieldIntegration.java | 37 ---------------- .../marvel/shield/MarvelShieldModule.java | 32 -------------- .../marvel/MarvelPluginClientTests.java | 2 +- .../marvel/MarvelPluginTests.java | 3 -- .../marvel/agent/exporter/ExportersTests.java | 11 ++--- .../elasticsearch/shield/ShieldModule.java | 2 - .../elasticsearch/shield/ShieldPlugin.java | 14 ++++++ .../shield/ShieldSettingsFilter.java | 33 -------------- .../org/elasticsearch/shield/authc/Realm.java | 4 -- .../elasticsearch/shield/authc/Realms.java | 7 +-- .../activedirectory/ActiveDirectoryRealm.java | 6 --- .../ActiveDirectorySessionFactory.java | 4 -- .../shield/authc/ldap/LdapRealm.java | 6 --- .../ldap/LdapUserSearchSessionFactory.java | 7 --- .../shield/authc/pki/PkiRealm.java | 12 ------ .../shield/ssl/ServerSSLService.java | 7 +-- .../transport/netty/ShieldNettyTransport.java | 6 +-- .../shield/audit/AuditTrailModuleTests.java | 9 ++-- .../InternalAuthenticationServiceTests.java | 3 +- .../shield/authc/RealmsTests.java | 15 +++---- .../shield/ssl/ServerSSLServiceTests.java | 33 +++++++------- .../netty/HandshakeWaitingHandlerTests.java | 4 +- .../ShieldNettyHttpServerTransportTests.java | 4 +- .../netty/ShieldNettyTransportTests.java | 25 +++++------ .../elasticsearch/watcher/WatcherPlugin.java | 9 ++++ .../email/service/InternalEmailService.java | 4 +- .../service/InternalHipChatService.java | 4 +- .../service/InternalPagerDutyService.java | 8 +--- .../slack/service/InternalSlackService.java | 4 +- .../watcher/shield/ShieldIntegration.java | 37 ---------------- .../watcher/shield/WatcherSettingsFilter.java | 43 ------------------- .../watcher/shield/WatcherShieldModule.java | 13 +----- .../watcher/support/secret/SecretModule.java | 4 +- .../service/InternalEmailServiceTests.java | 3 +- .../ManualPublicSmtpServersTester.java | 3 +- .../service/InternalHipChatServiceTests.java | 26 +++-------- .../WatcherSettingsFilterTests.java | 6 +-- 45 files changed, 94 insertions(+), 436 deletions(-) delete mode 100644 elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelSettingsFilter.java delete mode 100644 elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldIntegration.java delete mode 100644 elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldModule.java delete mode 100644 elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldSettingsFilter.java delete mode 100644 elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/shield/ShieldIntegration.java delete mode 100644 elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/shield/WatcherSettingsFilter.java diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/MarvelPlugin.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/MarvelPlugin.java index a96812cd820..711840e2945 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/MarvelPlugin.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/MarvelPlugin.java @@ -23,7 +23,6 @@ import org.elasticsearch.marvel.agent.settings.MarvelSettings; import org.elasticsearch.marvel.cleaner.CleanerService; import org.elasticsearch.marvel.license.LicenseModule; import org.elasticsearch.marvel.license.MarvelLicensee; -import org.elasticsearch.marvel.shield.MarvelShieldModule; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.xpack.XPackPlugin; @@ -70,13 +69,6 @@ public class MarvelPlugin extends Plugin { public Collection nodeModules() { List modules = new ArrayList<>(); - // Always load the security integration for tribe nodes. - // This is useful if the tribe node is connected to a - // protected monitored cluster: __marvel_user operations must be allowed. - if (enabled || isTribeNode(settings) || isTribeClientNode(settings)) { - modules.add(new MarvelShieldModule(settings)); - } - if (enabled) { modules.add(new MarvelModule()); modules.add(new LicenseModule()); @@ -141,5 +133,6 @@ public class MarvelPlugin extends Plugin { module.registerSetting(Setting.simpleString("marvel.agent.exporter.es.ssl.truststore.password", false, Setting.Scope.CLUSTER)); module.registerSetting(Setting.simpleString("marvel.agent.exporter.es.ssl.truststore.path", false, Setting.Scope.CLUSTER)); module.registerSetting(Setting.boolSetting("marvel.enabled", false, false, Setting.Scope.CLUSTER)); + module.registerSettingsFilter("marvel.agent.exporters.auth.password"); } } diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java index 397a5f74ac1..77ddb6675ab 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java @@ -17,8 +17,8 @@ import org.elasticsearch.marvel.agent.collector.AbstractCollector; import org.elasticsearch.marvel.agent.exporter.MarvelDoc; import org.elasticsearch.marvel.agent.settings.MarvelSettings; import org.elasticsearch.marvel.license.MarvelLicensee; -import org.elasticsearch.marvel.shield.MarvelShieldIntegration; import org.elasticsearch.shield.InternalClient; +import org.elasticsearch.shield.ShieldPlugin; import java.util.ArrayList; import java.util.Arrays; @@ -65,7 +65,7 @@ public class IndexRecoveryCollector extends AbstractCollector results.add(new IndexStatsMarvelDoc(clusterUUID, TYPE, timestamp, indexStats)); } } catch (IndexNotFoundException e) { - if (MarvelShieldIntegration.enabled(settings) && IndexNameExpressionResolver.isAllIndices(Arrays.asList(marvelSettings.indices()))) { + if (ShieldPlugin.shieldEnabled(settings) && IndexNameExpressionResolver.isAllIndices(Arrays.asList(marvelSettings.indices()))) { logger.debug("collector [{}] - unable to collect data for missing index [{}]", name(), e.getIndex()); } else { throw e; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java index 266c2926366..bfd669ec1be 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java @@ -17,8 +17,8 @@ import org.elasticsearch.marvel.agent.collector.AbstractCollector; import org.elasticsearch.marvel.agent.exporter.MarvelDoc; import org.elasticsearch.marvel.agent.settings.MarvelSettings; import org.elasticsearch.marvel.license.MarvelLicensee; -import org.elasticsearch.marvel.shield.MarvelShieldIntegration; import org.elasticsearch.shield.InternalClient; +import org.elasticsearch.shield.ShieldPlugin; import java.util.Arrays; import java.util.Collection; @@ -63,7 +63,7 @@ public class IndicesStatsCollector extends AbstractCollector implements public static final Setting EXPORTERS_SETTING = Setting.groupSetting("marvel.agent.exporters.", true, Setting.Scope.CLUSTER); private final Map factories; - private final MarvelSettingsFilter settingsFilter; private final ClusterService clusterService; private volatile CurrentExporters exporters = CurrentExporters.EMPTY; @@ -43,12 +41,11 @@ public class Exporters extends AbstractLifecycleComponent implements @Inject public Exporters(Settings settings, Map factories, - MarvelSettingsFilter settingsFilter, ClusterService clusterService, + ClusterService clusterService, ClusterSettings clusterSettings) { super(settings); this.factories = factories; - this.settingsFilter = settingsFilter; this.clusterService = clusterService; exporterSettings = EXPORTERS_SETTING.get(settings); clusterSettings.addSettingsUpdateConsumer(EXPORTERS_SETTING, this::setExportersSetting); @@ -148,7 +145,6 @@ public class Exporters extends AbstractLifecycleComponent implements if (factory == null) { throw new SettingsException("unknown exporter type [" + type + "] set for exporter [" + name + "]"); } - factory.filterOutSensitiveSettings(EXPORTERS_SETTING + ".*.", settingsFilter); Exporter.Config config = new Exporter.Config(name, settings, exporterSettings); if (!config.enabled()) { hasDisabled = true; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java index 967a2d75d97..c4ab35d8edb 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/http/HttpExporter.java @@ -28,7 +28,6 @@ import org.elasticsearch.marvel.agent.exporter.MarvelTemplateUtils; import org.elasticsearch.marvel.agent.renderer.Renderer; import org.elasticsearch.marvel.agent.renderer.RendererRegistry; import org.elasticsearch.marvel.agent.settings.MarvelSettings; -import org.elasticsearch.marvel.shield.MarvelSettingsFilter; import org.elasticsearch.marvel.support.VersionUtils; import javax.net.ssl.HostnameVerifier; @@ -729,10 +728,5 @@ public class HttpExporter extends Exporter { public HttpExporter create(Config config) { return new HttpExporter(config, env, rendererRegistry); } - - @Override - public void filterOutSensitiveSettings(String prefix, MarvelSettingsFilter filter) { - filter.filterOut(prefix + AUTH_PASSWORD_SETTING); - } } } diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelSettingsFilter.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelSettingsFilter.java deleted file mode 100644 index a333fa92259..00000000000 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelSettingsFilter.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.marvel.shield; - -import org.elasticsearch.common.inject.Inject; - -/** - * - */ -public interface MarvelSettingsFilter { - - void filterOut(String... patterns); - - class Noop implements MarvelSettingsFilter { - - public static Noop INSTANCE = new Noop(); - - private Noop() { - } - - @Override - public void filterOut(String... patterns) { - } - } - - class Shield implements MarvelSettingsFilter { - - private final MarvelShieldIntegration shieldIntegration; - - @Inject - public Shield(MarvelShieldIntegration shieldIntegration) { - this.shieldIntegration = shieldIntegration; - } - - @Override - public void filterOut(String... patterns) { - shieldIntegration.filterOutSettings(patterns); - } - } -} diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldIntegration.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldIntegration.java deleted file mode 100644 index 26270543e1f..00000000000 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldIntegration.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.marvel.shield; - -import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.inject.Injector; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.shield.ShieldPlugin; -import org.elasticsearch.shield.ShieldSettingsFilter; - -/** - * - */ -public class MarvelShieldIntegration { - - private final ShieldSettingsFilter settingsFilter; - - @Inject - public MarvelShieldIntegration(Settings settings, Injector injector) { - boolean enabled = enabled(settings); - settingsFilter = enabled ? injector.getInstance(ShieldSettingsFilter.class) : null; - } - - public void filterOutSettings(String... patterns) { - if (settingsFilter != null) { - settingsFilter.filterOut(patterns); - } - } - - public static boolean enabled(Settings settings) { - return ShieldPlugin.shieldEnabled(settings); - } - -} diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldModule.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldModule.java deleted file mode 100644 index f267aaaafba..00000000000 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/shield/MarvelShieldModule.java +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.marvel.shield; - -import org.elasticsearch.common.inject.AbstractModule; -import org.elasticsearch.common.settings.Settings; - -/** - * - */ -public class MarvelShieldModule extends AbstractModule { - - private final boolean shieldEnabled; - - public MarvelShieldModule(Settings settings) { - this.shieldEnabled = MarvelShieldIntegration.enabled(settings); - } - - @Override - protected void configure() { - bind(MarvelShieldIntegration.class).asEagerSingleton(); - if (shieldEnabled) { - bind(MarvelSettingsFilter.Shield.class).asEagerSingleton(); - bind(MarvelSettingsFilter.class).to(MarvelSettingsFilter.Shield.class); - } else { - bind(MarvelSettingsFilter.class).toInstance(MarvelSettingsFilter.Noop.INSTANCE); - } - } -} diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginClientTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginClientTests.java index d3d69ff29cd..da9822b9af6 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginClientTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginClientTests.java @@ -35,6 +35,6 @@ public class MarvelPluginClientTests extends ESTestCase { MarvelPlugin plugin = new MarvelPlugin(settings); assertThat(plugin.isEnabled(), is(true)); Collection modules = plugin.nodeModules(); - assertThat(modules.size(), is(6)); + assertThat(modules.size(), is(5)); } } diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginTests.java index d7c4e368070..974d32508cf 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginTests.java @@ -10,7 +10,6 @@ import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.marvel.agent.AgentService; import org.elasticsearch.marvel.agent.settings.MarvelSettings; -import org.elasticsearch.marvel.shield.MarvelShieldIntegration; import org.elasticsearch.marvel.test.MarvelIntegTestCase; import org.elasticsearch.plugins.PluginInfo; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; @@ -45,14 +44,12 @@ public class MarvelPluginTests extends MarvelIntegTestCase { internalCluster().startNode(Settings.builder().put(MarvelPlugin.ENABLED, true).put(MarvelPlugin.TRIBE_NAME_SETTING, "t1").build()); assertPluginIsLoaded(); assertServiceIsBound(AgentService.class); - assertServiceIsBound(MarvelShieldIntegration.class); } public void testMarvelDisabledOnTribeNode() { internalCluster().startNode(Settings.builder().put(MarvelPlugin.TRIBE_NAME_SETTING, "t1").build()); assertPluginIsLoaded(); assertServiceIsNotBound(AgentService.class); - assertServiceIsBound(MarvelShieldIntegration.class); } private void assertPluginIsLoaded() { diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/ExportersTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/ExportersTests.java index fb3d2820d48..200bad67008 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/ExportersTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/ExportersTests.java @@ -15,7 +15,6 @@ import org.elasticsearch.marvel.agent.exporter.local.LocalExporter; import org.elasticsearch.marvel.agent.renderer.RendererRegistry; import org.elasticsearch.marvel.agent.settings.MarvelSettings; import org.elasticsearch.marvel.cleaner.CleanerService; -import org.elasticsearch.marvel.shield.MarvelSettingsFilter; import org.elasticsearch.shield.InternalClient; import org.elasticsearch.test.ESTestCase; import org.junit.Before; @@ -46,7 +45,6 @@ import static org.mockito.Mockito.when; public class ExportersTests extends ESTestCase { private Exporters exporters; private Map factories; - private MarvelSettingsFilter settingsFilter; private ClusterService clusterService; private ClusterSettings clusterSettings; @@ -61,8 +59,7 @@ public class ExportersTests extends ESTestCase { // we always need to have the local exporter as it serves as the default one factories.put(LocalExporter.TYPE, new LocalExporter.Factory(new InternalClient.Insecure(client), clusterService, mock(RendererRegistry.class), mock(CleanerService.class))); clusterSettings = new ClusterSettings(Settings.EMPTY, new HashSet<>(Arrays.asList(MarvelSettings.COLLECTORS_SETTING, MarvelSettings.INTERVAL_SETTING, Exporters.EXPORTERS_SETTING))); - settingsFilter = mock(MarvelSettingsFilter.class); - exporters = new Exporters(Settings.EMPTY, factories, settingsFilter, clusterService, clusterSettings); + exporters = new Exporters(Settings.EMPTY, factories, clusterService, clusterSettings); } public void testInitExportersDefault() throws Exception { @@ -178,7 +175,7 @@ public class ExportersTests extends ESTestCase { exporters = new Exporters(Settings.builder() .put("marvel.agent.exporters._name0.type", "_type") .put("marvel.agent.exporters._name1.type", "_type") - .build(), factories, settingsFilter, clusterService, clusterSettings) { + .build(), factories, clusterService, clusterSettings) { @Override CurrentExporters initExporters(Settings settings) { settingsHolder.set(settings); @@ -215,7 +212,7 @@ public class ExportersTests extends ESTestCase { Exporters exporters = new Exporters(Settings.builder() .put("marvel.agent.exporters._name0.type", "mock") .put("marvel.agent.exporters._name1.type", "mock_master_only") - .build(), factories, settingsFilter, clusterService, clusterSettings); + .build(), factories, clusterService, clusterSettings); exporters.start(); DiscoveryNode localNode = mock(DiscoveryNode.class); @@ -239,7 +236,7 @@ public class ExportersTests extends ESTestCase { Exporters exporters = new Exporters(Settings.builder() .put("marvel.agent.exporters._name0.type", "mock") .put("marvel.agent.exporters._name1.type", "mock_master_only") - .build(), factories, settingsFilter, clusterService, clusterSettings); + .build(), factories, clusterService, clusterSettings); exporters.start(); DiscoveryNode localNode = mock(DiscoveryNode.class); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldModule.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldModule.java index 43a0c7f3e25..f8ba964a3e4 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldModule.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldModule.java @@ -23,9 +23,7 @@ public class ShieldModule extends AbstractShieldModule { bind(SecurityContext.Secure.class).asEagerSingleton(); bind(SecurityContext.class).to(SecurityContext.Secure.class); bind(ShieldLifecycleService.class).asEagerSingleton(); - bind(ShieldSettingsFilter.class).asEagerSingleton(); bind(ShieldTemplateService.class).asEagerSingleton(); - bind(InternalClient.Secure.class).asEagerSingleton(); bind(InternalClient.class).to(InternalClient.Secure.class); } diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldPlugin.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldPlugin.java index 3dbbf192962..54391d455c2 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldPlugin.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldPlugin.java @@ -39,6 +39,7 @@ import org.elasticsearch.shield.audit.AuditTrailModule; import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail; import org.elasticsearch.shield.authc.AuthenticationModule; import org.elasticsearch.shield.authc.Realms; +import org.elasticsearch.shield.authc.ldap.support.SessionFactory; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.authz.AuthorizationModule; @@ -186,6 +187,19 @@ public class ShieldPlugin extends Plugin { settingsModule.registerSetting(Setting.boolSetting("plugins.load_classpath_plugins", true, false, Setting.Scope.CLUSTER)); // TODO add real settings for this wildcard here settingsModule.registerSetting(Setting.groupSetting("shield.", false, Setting.Scope.CLUSTER)); + String[] asArray = settings.getAsArray("shield.hide_settings"); + for (String pattern : asArray) { + settingsModule.registerSettingsFilter(pattern); + } + settingsModule.registerSettingsFilter("shield.hide_settings"); + settingsModule.registerSettingsFilter("shield.ssl.*"); + settingsModule.registerSettingsFilter("shield.authc.realms.*.bind_dn"); + settingsModule.registerSettingsFilter("shield.authc.realms.*.bind_password"); + settingsModule.registerSettingsFilter("shield.authc.realms.*." + SessionFactory.HOSTNAME_VERIFICATION_SETTING); + settingsModule.registerSettingsFilter("shield.authc.realms.*.truststore.password"); + settingsModule.registerSettingsFilter("shield.authc.realms.*.truststore.path"); + settingsModule.registerSettingsFilter("shield.authc.realms.*.truststore.algorithm"); + settingsModule.registerSettingsFilter("transport.profiles.*.shield.*"); } @Override diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldSettingsFilter.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldSettingsFilter.java deleted file mode 100644 index fb96fa11263..00000000000 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldSettingsFilter.java +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.shield; - -import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.settings.SettingsFilter; - -/** - * - */ -public class ShieldSettingsFilter { - - static final String HIDE_SETTINGS_SETTING = "shield.hide_settings"; - - private final SettingsFilter filter; - - @Inject - public ShieldSettingsFilter(Settings settings, SettingsFilter settingsFilter) { - this.filter = settingsFilter; - filter.addFilter(HIDE_SETTINGS_SETTING); - filterOut(settings.getAsArray(HIDE_SETTINGS_SETTING)); - } - - public void filterOut(String... patterns) { - for (String pattern : patterns) { - filter.addFilter(pattern); - } - } -} diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realm.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realm.java index fed1d1b5a94..a22195c2bec 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realm.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realm.java @@ -7,7 +7,6 @@ package org.elasticsearch.shield.authc; import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.util.concurrent.ThreadContext; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.User; /** @@ -122,9 +121,6 @@ public abstract class Realm implements Comparable return internal; } - public void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - } - /** * Creates a new realm based on the given settigns. * diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java index de7242c3113..dd2c663cabc 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java @@ -10,7 +10,6 @@ import org.elasticsearch.common.component.AbstractLifecycleComponent; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.authc.esnative.ESNativeRealm; import org.elasticsearch.shield.authc.esusers.ESUsersRealm; import org.elasticsearch.shield.license.ShieldLicenseState; @@ -30,7 +29,6 @@ public class Realms extends AbstractLifecycleComponent implements Iterab private final Environment env; private final Map factories; - private final ShieldSettingsFilter settingsFilter; private final ShieldLicenseState shieldLicenseState; protected List realms = Collections.emptyList(); @@ -38,12 +36,10 @@ public class Realms extends AbstractLifecycleComponent implements Iterab protected List internalRealmsOnly = Collections.emptyList(); @Inject - public Realms(Settings settings, Environment env, Map factories, - ShieldSettingsFilter settingsFilter, ShieldLicenseState shieldLicenseState) { + public Realms(Settings settings, Environment env, Map factories, ShieldLicenseState shieldLicenseState) { super(settings); this.env = env; this.factories = factories; - this.settingsFilter = settingsFilter; this.shieldLicenseState = shieldLicenseState; } @@ -108,7 +104,6 @@ public class Realms extends AbstractLifecycleComponent implements Iterab if (factory == null) { throw new IllegalArgumentException("unknown realm type [" + type + "] set for realm [" + name + "]"); } - factory.filterOutSensitiveSettings(name, settingsFilter); RealmConfig config = new RealmConfig(name, realmSettings, settings, env); if (!config.enabled()) { if (logger.isDebugEnabled()) { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealm.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealm.java index a18433d6663..bf5791c19e8 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealm.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealm.java @@ -7,7 +7,6 @@ package org.elasticsearch.shield.authc.activedirectory; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.rest.RestController; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.authc.RealmConfig; import org.elasticsearch.shield.authc.ldap.support.AbstractLdapRealm; import org.elasticsearch.shield.authc.support.DnRoleMapper; @@ -40,11 +39,6 @@ public class ActiveDirectoryRealm extends AbstractLdapRealm { this.clientSSLService = clientSSLService; } - @Override - public void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - ActiveDirectorySessionFactory.filterOutSensitiveSettings(realmName, filter); - } - @Override public ActiveDirectoryRealm create(RealmConfig config) { ActiveDirectorySessionFactory connectionFactory = new ActiveDirectorySessionFactory(config, clientSSLService); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java index 78ae821eafb..9bc870c88a2 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java @@ -11,7 +11,6 @@ import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResult; import org.elasticsearch.common.Strings; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.authc.RealmConfig; import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope; import org.elasticsearch.shield.authc.ldap.support.LdapSession; @@ -62,9 +61,6 @@ public class ActiveDirectorySessionFactory extends SessionFactory { groupResolver = new ActiveDirectoryGroupsResolver(settings.getAsSettings("group_search"), domainDN); } - static void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - filter.filterOut("shield.authc.realms." + realmName + "." + HOSTNAME_VERIFICATION_SETTING); - } @Override protected LDAPServers ldapServers(Settings settings) { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java index 3ec880f06c4..78badf4cf8f 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java @@ -9,7 +9,6 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.rest.RestController; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.authc.RealmConfig; import org.elasticsearch.shield.authc.ldap.support.AbstractLdapRealm; import org.elasticsearch.shield.authc.ldap.support.SessionFactory; @@ -42,11 +41,6 @@ public class LdapRealm extends AbstractLdapRealm { this.clientSSLService = clientSSLService; } - @Override - public void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - LdapUserSearchSessionFactory.filterOutSensitiveSettings(realmName, filter); - } - @Override public LdapRealm create(RealmConfig config) { try { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java index 9c250f1276c..07e6bb5497d 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java @@ -17,7 +17,6 @@ import org.elasticsearch.common.Strings; import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.authc.RealmConfig; import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope; import org.elasticsearch.shield.authc.ldap.support.LdapSession; @@ -73,12 +72,6 @@ public class LdapUserSearchSessionFactory extends SessionFactory { return connectionPool; } - static void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - filter.filterOut("shield.authc.realms." + realmName + ".bind_dn"); - filter.filterOut("shield.authc.realms." + realmName + ".bind_password"); - filter.filterOut("shield.authc.realms." + realmName + "." + HOSTNAME_VERIFICATION_SETTING); - } - static LDAPConnectionPool createConnectionPool(RealmConfig config, ServerSet serverSet, TimeValue timeout, ESLogger logger) { Settings settings = config.settings(); SimpleBindRequest bindRequest = bindRequest(settings); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/PkiRealm.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/PkiRealm.java index ecbc0c40e92..4583305c6b4 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/PkiRealm.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/pki/PkiRealm.java @@ -11,7 +11,6 @@ import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.User; import org.elasticsearch.shield.authc.AuthenticationToken; import org.elasticsearch.shield.authc.Realm; @@ -183,12 +182,6 @@ public class PkiRealm extends Realm { return trustManagerList.toArray(new X509TrustManager[trustManagerList.size()]); } - static void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - filter.filterOut("shield.authc.realms." + realmName + "." + "truststore.password"); - filter.filterOut("shield.authc.realms." + realmName + "." + "truststore.path"); - filter.filterOut("shield.authc.realms." + realmName + "." + "truststore.algorithm"); - } - /** * Checks to see if both SSL and Client authentication are enabled on at least one network communication layer. If * not an error message will be logged @@ -234,11 +227,6 @@ public class PkiRealm extends Realm { this.watcherService = watcherService; } - @Override - public void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) { - PkiRealm.filterOutSensitiveSettings(realmName, filter); - } - @Override public PkiRealm create(RealmConfig config) { DnRoleMapper roleMapper = new DnRoleMapper(TYPE, config, watcherService, null); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ServerSSLService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ServerSSLService.java index abc6708d453..7e380dada84 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ServerSSLService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ssl/ServerSSLService.java @@ -8,17 +8,12 @@ package org.elasticsearch.shield.ssl; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; public class ServerSSLService extends AbstractSSLService { @Inject - public ServerSSLService(Settings settings, ShieldSettingsFilter settingsFilter, Environment environment) { + public ServerSSLService(Settings settings, Environment environment) { super(settings, environment); - - // we need to filter out all this sensitive information from all rest - // responses - settingsFilter.filterOut("shield.ssl.*"); } @Override diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java index 572fa164336..801b2103406 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java @@ -13,7 +13,6 @@ import org.elasticsearch.common.io.stream.NamedWriteableRegistry; import org.elasticsearch.common.network.NetworkService; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.BigArrays; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.ssl.ClientSSLService; import org.elasticsearch.shield.ssl.ServerSSLService; import org.elasticsearch.shield.transport.SSLClientAuth; @@ -51,20 +50,18 @@ public class ShieldNettyTransport extends NettyTransport { private final ServerSSLService serverSslService; private final ClientSSLService clientSSLService; - private final ShieldSettingsFilter settingsFilter; private final @Nullable IPFilter authenticator; private final boolean ssl; @Inject public ShieldNettyTransport(Settings settings, ThreadPool threadPool, NetworkService networkService, BigArrays bigArrays, Version version, @Nullable IPFilter authenticator, @Nullable ServerSSLService serverSSLService, ClientSSLService clientSSLService, - ShieldSettingsFilter settingsFilter, NamedWriteableRegistry namedWriteableRegistry) { + NamedWriteableRegistry namedWriteableRegistry) { super(settings, threadPool, networkService, bigArrays, version, namedWriteableRegistry); this.authenticator = authenticator; this.ssl = settings.getAsBoolean(TRANSPORT_SSL_SETTING, TRANSPORT_SSL_DEFAULT); this.serverSslService = serverSSLService; this.clientSSLService = clientSSLService; - this.settingsFilter = settingsFilter; } @Override @@ -120,7 +117,6 @@ public class ShieldNettyTransport extends NettyTransport { public SslServerChannelPipelineFactory(NettyTransport nettyTransport, String name, Settings settings, Settings profileSettings) { super(nettyTransport, name, settings); this.profileSettings = profileSettings; - settingsFilter.filterOut("transport.profiles." + name + ".shield.*"); } @Override diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java index 3877bfe3af8..9a3de732eba 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java @@ -12,7 +12,6 @@ import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.network.NetworkService; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.settings.SettingsFilter; import org.elasticsearch.common.settings.SettingsModule; import org.elasticsearch.indices.breaker.CircuitBreakerModule; import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail; @@ -35,7 +34,7 @@ public class AuditTrailModuleTests extends ESTestCase { .put("client.type", "node") .put("shield.audit.enabled", false) .build(); - SettingsModule settingsModule = new SettingsModule(settings, new SettingsFilter(settings)); + SettingsModule settingsModule = new SettingsModule(settings); settingsModule.registerSetting(Setting.boolSetting("shield.audit.enabled", true, false, Setting.Scope.CLUSTER)); Injector injector = Guice.createInjector(settingsModule, new AuditTrailModule(settings)); AuditTrail auditTrail = injector.getInstance(AuditTrail.class); @@ -45,7 +44,7 @@ public class AuditTrailModuleTests extends ESTestCase { public void testDisabledByDefault() throws Exception { Settings settings = Settings.builder() .put("client.type", "node").build(); - Injector injector = Guice.createInjector(new SettingsModule(settings, new SettingsFilter(settings)), new AuditTrailModule(settings)); + Injector injector = Guice.createInjector(new SettingsModule(settings), new AuditTrailModule(settings)); AuditTrail auditTrail = injector.getInstance(AuditTrail.class); assertThat(auditTrail, is(AuditTrail.NOOP)); } @@ -57,7 +56,7 @@ public class AuditTrailModuleTests extends ESTestCase { .build(); ThreadPool pool = new ThreadPool("testLogFile"); try { - SettingsModule settingsModule = new SettingsModule(settings, new SettingsFilter(settings)); + SettingsModule settingsModule = new SettingsModule(settings); settingsModule.registerSetting(Setting.boolSetting("shield.audit.enabled", true, false, Setting.Scope.CLUSTER)); Injector injector = Guice.createInjector( settingsModule, @@ -89,7 +88,7 @@ public class AuditTrailModuleTests extends ESTestCase { .put("shield.audit.outputs" , "foo") .put("client.type", "node") .build(); - SettingsModule settingsModule = new SettingsModule(settings, new SettingsFilter(settings)); + SettingsModule settingsModule = new SettingsModule(settings); settingsModule.registerSetting(Setting.boolSetting("shield.audit.enabled", true, false, Setting.Scope.CLUSTER)); settingsModule.registerSetting(Setting.simpleString("shield.audit.outputs", false, Setting.Scope.CLUSTER)); try { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java index c851c6dae0a..e566cce7f6b 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java @@ -13,7 +13,6 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.env.Environment; import org.elasticsearch.rest.RestRequest; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.SystemUser; import org.elasticsearch.shield.User; import org.elasticsearch.shield.audit.AuditTrail; @@ -86,7 +85,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase { Settings settings = Settings.builder().put("path.home", createTempDir()).build(); ShieldLicenseState shieldLicenseState = mock(ShieldLicenseState.class); when(shieldLicenseState.customRealmsEnabled()).thenReturn(true); - realms = new Realms(Settings.EMPTY, new Environment(settings), Collections.emptyMap(), mock(ShieldSettingsFilter.class), shieldLicenseState) { + realms = new Realms(Settings.EMPTY, new Environment(settings), Collections.emptyMap(), shieldLicenseState) { @Override protected void doStart() { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java index f9c63dd6715..d336270324e 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java @@ -8,7 +8,6 @@ package org.elasticsearch.shield.authc; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.User; import org.elasticsearch.shield.authc.esusers.ESUsersRealm; import org.elasticsearch.shield.authc.ldap.LdapRealm; @@ -36,7 +35,6 @@ import static org.mockito.Mockito.when; */ public class RealmsTests extends ESTestCase { private Map factories; - private ShieldSettingsFilter settingsFilter; private ShieldLicenseState shieldLicenseState; @Before @@ -47,7 +45,6 @@ public class RealmsTests extends ESTestCase { DummyRealm.Factory factory = new DummyRealm.Factory("type_" + i, rarely()); factories.put("type_" + i, factory); } - settingsFilter = mock(ShieldSettingsFilter.class); shieldLicenseState = mock(ShieldLicenseState.class); when(shieldLicenseState.customRealmsEnabled()).thenReturn(true); } @@ -68,7 +65,7 @@ public class RealmsTests extends ESTestCase { } Settings settings = builder.build(); Environment env = new Environment(settings); - Realms realms = new Realms(settings, env, factories, settingsFilter, shieldLicenseState); + Realms realms = new Realms(settings, env, factories, shieldLicenseState); realms.start(); int i = 0; for (Realm realm : realms) { @@ -90,7 +87,7 @@ public class RealmsTests extends ESTestCase { .build(); Environment env = new Environment(settings); try { - new Realms(settings, env, factories, settingsFilter, shieldLicenseState).start(); + new Realms(settings, env, factories, shieldLicenseState).start(); fail("Expected IllegalArgumentException"); } catch (IllegalArgumentException e) { assertThat(e.getMessage(), containsString("multiple [esusers] realms are configured")); @@ -99,7 +96,7 @@ public class RealmsTests extends ESTestCase { public void testWithEmptySettings() throws Exception { Realms realms = new Realms(Settings.EMPTY, new Environment(Settings.builder().put("path.home", createTempDir()).build()), - factories, settingsFilter, shieldLicenseState); + factories, shieldLicenseState); realms.start(); Iterator iter = realms.iterator(); assertThat(iter.hasNext(), is(true)); @@ -126,7 +123,7 @@ public class RealmsTests extends ESTestCase { } Settings settings = builder.build(); Environment env = new Environment(settings); - Realms realms = new Realms(settings, env, factories, settingsFilter, shieldLicenseState); + Realms realms = new Realms(settings, env, factories, shieldLicenseState); realms.start(); int i = 0; // this is the iterator when licensed @@ -158,7 +155,7 @@ public class RealmsTests extends ESTestCase { .put("shield.authc.realms.custom.order", "1"); Settings settings = builder.build(); Environment env = new Environment(settings); - Realms realms = new Realms(settings, env, factories, settingsFilter, shieldLicenseState); + Realms realms = new Realms(settings, env, factories, shieldLicenseState); realms.start(); int i = 0; // this is the iterator when licensed @@ -199,7 +196,7 @@ public class RealmsTests extends ESTestCase { } Settings settings = builder.build(); Environment env = new Environment(settings); - Realms realms = new Realms(settings, env, factories, mock(ShieldSettingsFilter.class), shieldLicenseState); + Realms realms = new Realms(settings, env, factories, shieldLicenseState); realms.start(); Iterator iterator = realms.iterator(); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ServerSSLServiceTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ServerSSLServiceTests.java index 8274d661c4d..e75c41bf808 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ServerSSLServiceTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/ServerSSLServiceTests.java @@ -9,7 +9,6 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.test.ESTestCase; import org.junit.Before; @@ -37,13 +36,11 @@ import static org.mockito.Mockito.mock; public class ServerSSLServiceTests extends ESTestCase { Path testnodeStore; - ShieldSettingsFilter settingsFilter; Environment env; @Before public void setup() throws Exception { testnodeStore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks"); - settingsFilter = mock(ShieldSettingsFilter.class); env = new Environment(settingsBuilder().put("path.home", createTempDir()).build()); } @@ -56,7 +53,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.truststore.password", "testnode") .build(); try { - new ServerSSLService(settings, settingsFilter, env).createSSLEngine(); + new ServerSSLService(settings, env).createSSLEngine(); fail("expected an exception"); } catch (ElasticsearchException e) { assertThat(e.getMessage(), containsString("failed to initialize the SSLContext")); @@ -70,7 +67,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") .build(); - ServerSSLService sslService = new ServerSSLService(settings, settingsFilter, env); + ServerSSLService sslService = new ServerSSLService(settings, env); Settings.Builder settingsBuilder = settingsBuilder() .put("truststore.path", testClientStore) @@ -87,7 +84,7 @@ public class ServerSSLServiceTests extends ESTestCase { ServerSSLService sslService = new ServerSSLService(settingsBuilder() .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") - .build(), settingsFilter, env); + .build(), env); SSLContext sslContext = sslService.sslContext(); SSLContext cachedSslContext = sslService.sslContext(); @@ -101,7 +98,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.keystore.path", differentPasswordsStore) .put("shield.ssl.keystore.password", "testnode") .put("shield.ssl.keystore.key_password", "testnode1") - .build(), settingsFilter, env).createSSLEngine(); + .build(), env).createSSLEngine(); } public void testIncorrectKeyPasswordThrowsException() throws Exception { @@ -110,7 +107,7 @@ public class ServerSSLServiceTests extends ESTestCase { new ServerSSLService(settingsBuilder() .put("shield.ssl.keystore.path", differentPasswordsStore) .put("shield.ssl.keystore.password", "testnode") - .build(), settingsFilter, env).createSSLEngine(); + .build(), env).createSSLEngine(); fail("expected an exception"); } catch (ElasticsearchException e) { assertThat(e.getMessage(), containsString("failed to initialize a KeyManagerFactory")); @@ -121,7 +118,7 @@ public class ServerSSLServiceTests extends ESTestCase { ServerSSLService sslService = new ServerSSLService(settingsBuilder() .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") - .build(), settingsFilter, env); + .build(), env); SSLEngine engine = sslService.createSSLEngine(); assertThat(Arrays.asList(engine.getEnabledProtocols()), not(hasItem("SSLv3"))); } @@ -130,7 +127,7 @@ public class ServerSSLServiceTests extends ESTestCase { ServerSSLService sslService = new ServerSSLService(settingsBuilder() .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") - .build(), settingsFilter, env); + .build(), env); SSLSessionContext context = sslService.sslContext().getServerSessionContext(); assertThat(context.getSessionCacheSize(), equalTo(1000)); assertThat(context.getSessionTimeout(), equalTo((int) TimeValue.timeValueHours(24).seconds())); @@ -142,14 +139,14 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.keystore.password", "testnode") .put("shield.ssl.session.cache_size", "300") .put("shield.ssl.session.cache_timeout", "600s") - .build(), settingsFilter, env); + .build(), env); SSLSessionContext context = sslService.sslContext().getServerSessionContext(); assertThat(context.getSessionCacheSize(), equalTo(300)); assertThat(context.getSessionTimeout(), equalTo(600)); } public void testThatCreateSSLEngineWithoutAnySettingsDoesNotWork() throws Exception { - ServerSSLService sslService = new ServerSSLService(Settings.EMPTY, settingsFilter, env); + ServerSSLService sslService = new ServerSSLService(Settings.EMPTY, env); try { sslService.createSSLEngine(); fail("Expected IllegalArgumentException"); @@ -162,7 +159,7 @@ public class ServerSSLServiceTests extends ESTestCase { ServerSSLService sslService = new ServerSSLService(settingsBuilder() .put("shield.ssl.truststore.path", testnodeStore) .put("shield.ssl.truststore.password", "testnode") - .build(), settingsFilter, env); + .build(), env); try { sslService.createSSLEngine(); fail("Expected IllegalArgumentException"); @@ -176,7 +173,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") .put("shield.ssl.truststore.path", testnodeStore) - .build(), settingsFilter, env); + .build(), env); try { sslService.sslContext(); fail("Expected IllegalArgumentException"); @@ -188,7 +185,7 @@ public class ServerSSLServiceTests extends ESTestCase { public void testThatKeystorePasswordIsRequired() throws Exception { ServerSSLService sslService = new ServerSSLService(settingsBuilder() .put("shield.ssl.keystore.path", testnodeStore) - .build(), settingsFilter, env); + .build(), env); try { sslService.sslContext(); fail("Expected IllegalArgumentException"); @@ -205,7 +202,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") .putArray("shield.ssl.ciphers", ciphers.toArray(new String[ciphers.size()])) - .build(), settingsFilter, env); + .build(), env); SSLEngine engine = sslService.createSSLEngine(); assertThat(engine, is(notNullValue())); String[] enabledCiphers = engine.getEnabledCipherSuites(); @@ -217,7 +214,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") .putArray("shield.ssl.ciphers", new String[] { "foo", "bar" }) - .build(), settingsFilter, env); + .build(), env); try { sslService.createSSLEngine(); fail("Expected IllegalArgumentException"); @@ -231,7 +228,7 @@ public class ServerSSLServiceTests extends ESTestCase { ServerSSLService sslService = new ServerSSLService(settingsBuilder() .put("shield.ssl.keystore.path", testnodeStore) .put("shield.ssl.keystore.password", "testnode") - .build(), settingsFilter, env); + .build(), env); SSLSocketFactory factory = sslService.sslSocketFactory(); assertThat(factory.getDefaultCipherSuites(), is(sslService.ciphers())); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java index 16956ef3a7f..82859d56032 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java @@ -9,7 +9,6 @@ import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsFilter; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.ssl.ServerSSLService; import org.elasticsearch.test.ESTestCase; import org.jboss.netty.bootstrap.ClientBootstrap; @@ -77,8 +76,7 @@ public class HandshakeWaitingHandlerTests extends ESTestCase { .put("shield.ssl.keystore.password", "testnode") .build(); Environment env = new Environment(settingsBuilder().put("path.home", createTempDir()).build()); - ShieldSettingsFilter settingsFilter = new ShieldSettingsFilter(settings, new SettingsFilter(settings)); - ServerSSLService sslService = new ServerSSLService(settings, settingsFilter, env); + ServerSSLService sslService = new ServerSSLService(settings, env); sslContext = sslService.sslContext(); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java index 98679a994dd..bbc288b1c67 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransportTests.java @@ -11,7 +11,6 @@ import org.elasticsearch.common.settings.SettingsFilter; import org.elasticsearch.common.util.BigArrays; import org.elasticsearch.env.Environment; import org.elasticsearch.http.netty.NettyHttpMockUtil; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.ssl.ServerSSLService; import org.elasticsearch.shield.transport.SSLClientAuth; import org.elasticsearch.shield.transport.filter.IPFilter; @@ -40,8 +39,7 @@ public class ShieldNettyHttpServerTransportTests extends ESTestCase { .put("shield.ssl.keystore.password", "testnode") .build(); Environment env = new Environment(settingsBuilder().put("path.home", createTempDir()).build()); - ShieldSettingsFilter settingsFilter = new ShieldSettingsFilter(settings, new SettingsFilter(settings)); - serverSSLService = new ServerSSLService(settings, settingsFilter, env); + serverSSLService = new ServerSSLService(settings, env); } public void testDefaultClientAuth() throws Exception { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransportTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransportTests.java index 245ed61a71e..126d2aecbd2 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransportTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransportTests.java @@ -12,7 +12,6 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsFilter; import org.elasticsearch.common.util.BigArrays; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.ShieldSettingsFilter; import org.elasticsearch.shield.ssl.ClientSSLService; import org.elasticsearch.shield.ssl.ServerSSLService; import org.elasticsearch.shield.transport.SSLClientAuth; @@ -35,7 +34,6 @@ import static org.mockito.Mockito.mock; public class ShieldNettyTransportTests extends ESTestCase { private ServerSSLService serverSSLService; private ClientSSLService clientSSLService; - private ShieldSettingsFilter settingsFilter; @Before public void createSSLService() throws Exception { @@ -45,15 +43,14 @@ public class ShieldNettyTransportTests extends ESTestCase { .put("shield.ssl.keystore.password", "testnode") .build(); Environment env = new Environment(settingsBuilder().put("path.home", createTempDir()).build()); - settingsFilter = new ShieldSettingsFilter(settings, new SettingsFilter(settings)); - serverSSLService = new ServerSSLService(settings, settingsFilter, env); + serverSSLService = new ServerSSLService(settings, env); clientSSLService = new ClientSSLService(settings); clientSSLService.setEnvironment(env); } public void testThatSSLCanBeDisabledByProfile() throws Exception { Settings settings = settingsBuilder().put("shield.transport.ssl", true).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", settingsBuilder().put("shield.ssl", false).build()); assertThat(factory.getPipeline().get(SslHandler.class), nullValue()); @@ -61,7 +58,7 @@ public class ShieldNettyTransportTests extends ESTestCase { public void testThatSSLCanBeEnabledByProfile() throws Exception { Settings settings = settingsBuilder().put("shield.transport.ssl", false).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", settingsBuilder().put("shield.ssl", true).build()); assertThat(factory.getPipeline().get(SslHandler.class), notNullValue()); @@ -69,7 +66,7 @@ public class ShieldNettyTransportTests extends ESTestCase { public void testThatProfileTakesDefaultSSLSetting() throws Exception { Settings settings = settingsBuilder().put("shield.transport.ssl", true).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY); assertThat(factory.getPipeline().get(SslHandler.class).getEngine(), notNullValue()); @@ -77,7 +74,7 @@ public class ShieldNettyTransportTests extends ESTestCase { public void testDefaultClientAuth() throws Exception { Settings settings = settingsBuilder().put("shield.transport.ssl", true).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true)); @@ -89,7 +86,7 @@ public class ShieldNettyTransportTests extends ESTestCase { Settings settings = settingsBuilder() .put("shield.transport.ssl", true) .put(ShieldNettyTransport.TRANSPORT_CLIENT_AUTH_SETTING, value).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true)); @@ -101,7 +98,7 @@ public class ShieldNettyTransportTests extends ESTestCase { Settings settings = settingsBuilder() .put("shield.transport.ssl", true) .put(ShieldNettyTransport.TRANSPORT_CLIENT_AUTH_SETTING, value).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false)); @@ -113,7 +110,7 @@ public class ShieldNettyTransportTests extends ESTestCase { Settings settings = settingsBuilder() .put("shield.transport.ssl", true) .put(ShieldNettyTransport.TRANSPORT_CLIENT_AUTH_SETTING, value).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false)); @@ -123,7 +120,7 @@ public class ShieldNettyTransportTests extends ESTestCase { public void testProfileRequiredClientAuth() throws Exception { String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true", "TRUE"); Settings settings = settingsBuilder().put("shield.transport.ssl", true).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.builder().put(ShieldNettyTransport.TRANSPORT_PROFILE_CLIENT_AUTH_SETTING, value).build()); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true)); @@ -133,7 +130,7 @@ public class ShieldNettyTransportTests extends ESTestCase { public void testProfileNoClientAuth() throws Exception { String value = randomFrom(SSLClientAuth.NO.name(), "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT)); Settings settings = settingsBuilder().put("shield.transport.ssl", true).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.builder().put(ShieldNettyTransport.TRANSPORT_PROFILE_CLIENT_AUTH_SETTING, value).build()); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false)); @@ -143,7 +140,7 @@ public class ShieldNettyTransportTests extends ESTestCase { public void testProfileOptionalClientAuth() throws Exception { String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT)); Settings settings = settingsBuilder().put("shield.transport.ssl", true).build(); - ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class)); + ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class)); NettyMockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.builder().put(ShieldNettyTransport.TRANSPORT_PROFILE_CLIENT_AUTH_SETTING, value).build()); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false)); diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/WatcherPlugin.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/WatcherPlugin.java index 8b523738515..4dbfb048aa1 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/WatcherPlugin.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/WatcherPlugin.java @@ -28,6 +28,7 @@ import org.elasticsearch.watcher.actions.email.service.InternalEmailService; import org.elasticsearch.watcher.actions.hipchat.service.HipChatService; import org.elasticsearch.watcher.actions.hipchat.service.InternalHipChatService; import org.elasticsearch.watcher.actions.pagerduty.service.InternalPagerDutyService; +import org.elasticsearch.watcher.actions.pagerduty.service.PagerDutyAccount; import org.elasticsearch.watcher.actions.pagerduty.service.PagerDutyService; import org.elasticsearch.watcher.actions.slack.service.InternalSlackService; import org.elasticsearch.watcher.actions.slack.service.SlackService; @@ -217,6 +218,14 @@ public class WatcherPlugin extends Plugin { module.registerSetting(Setting.simpleString("watcher.execution.scroll.timeout", false, Setting.Scope.CLUSTER)); module.registerSetting(Setting.simpleString("watcher.start_immediately", false, Setting.Scope.CLUSTER)); module.registerSetting(Setting.simpleString("watcher.http.default_connection_timeout", false, Setting.Scope.CLUSTER)); + + module.registerSettingsFilter("watcher.actions.email.service.account.*.smtp.password"); + module.registerSettingsFilter("watcher.actions.slack.service.account.*.url"); + module.registerSettingsFilter("watcher.actions.hipchat.service.account.*.url"); + module.registerSettingsFilter("watcher.actions.pagerduty.service.account.*.url"); + module.registerSettingsFilter("watcher.actions.pagerduty.service." + PagerDutyAccount.SERVICE_KEY_SETTING); + module.registerSettingsFilter("watcher.actions.pagerduty.service.account.*." + PagerDutyAccount.SERVICE_KEY_SETTING); + module.registerSettingsFilter("watcher.actions.hipchat.service.account.*.auth_token"); } public void onModule(NetworkModule module) { diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/email/service/InternalEmailService.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/email/service/InternalEmailService.java index 4d4fadb72c3..860595f73d0 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/email/service/InternalEmailService.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/email/service/InternalEmailService.java @@ -12,7 +12,6 @@ import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.watcher.shield.WatcherSettingsFilter; import org.elasticsearch.watcher.support.secret.SecretService; import javax.mail.MessagingException; @@ -30,11 +29,10 @@ public class InternalEmailService extends AbstractLifecycleComponent HIPCHAT_ACCOUNT_SETTING = Setting.groupSetting("watcher.actions.hipchat.service.", true, Setting.Scope.CLUSTER); @Inject - public InternalHipChatService(Settings settings, HttpClient httpClient, ClusterSettings clusterSettings, WatcherSettingsFilter settingsFilter) { + public InternalHipChatService(Settings settings, HttpClient httpClient, ClusterSettings clusterSettings) { super(settings); this.httpClient = httpClient; - settingsFilter.filterOut("watcher.actions.hipchat.service.account.*.auth_token"); clusterSettings.addSettingsUpdateConsumer(HIPCHAT_ACCOUNT_SETTING, this::setHipchatAccountSetting); } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/pagerduty/service/InternalPagerDutyService.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/pagerduty/service/InternalPagerDutyService.java index 5af254548ac..b40551ff8d8 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/pagerduty/service/InternalPagerDutyService.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/actions/pagerduty/service/InternalPagerDutyService.java @@ -10,7 +10,6 @@ import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.watcher.shield.WatcherSettingsFilter; import org.elasticsearch.watcher.support.http.HttpClient; /** @@ -24,14 +23,9 @@ public class InternalPagerDutyService extends AbstractLifecycleComponent settings = (Map) ((Map) node).get("settings"); assertThat(XContentMapValues.extractValue("watcher.actions.email.service.account._email.smtp.user", settings), is((Object) "_user")); - if (shieldEnabled()) { - assertThat(XContentMapValues.extractValue("watcher.actions.email.service.account._email.smtp.password", settings), nullValue()); - } else { - assertThat(XContentMapValues.extractValue("watcher.actions.email.service.account._email.smtp.password", settings), is((Object) "_passwd")); - } + assertThat(XContentMapValues.extractValue("watcher.actions.email.service.account._email.smtp.password", settings), nullValue()); } }