Cleanup settings filtering after elastic/elasticsearchelastic/elasticsearch#16425

This change registers all filtered settings up-front and removes all
the unnecessary wrappers around SettingsFilter. This is a pretty big
change and needs some review but after all things are generally simplified and
settings are always filtered even if shield is not enabled which is the right thing
todo.

Relates to elastic/elasticsearchelastic/elasticsearch#16425

Original commit: elastic/x-pack-elasticsearch@c7df85492b
This commit is contained in:
Simon Willnauer 2016-02-03 21:26:08 +01:00
parent 5abc2f836e
commit 1c5d04c99b
45 changed files with 94 additions and 436 deletions

View File

@ -23,7 +23,6 @@ import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.cleaner.CleanerService;
import org.elasticsearch.marvel.license.LicenseModule;
import org.elasticsearch.marvel.license.MarvelLicensee;
import org.elasticsearch.marvel.shield.MarvelShieldModule;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.xpack.XPackPlugin;
@ -70,13 +69,6 @@ public class MarvelPlugin extends Plugin {
public Collection<Module> nodeModules() {
List<Module> modules = new ArrayList<>();
// Always load the security integration for tribe nodes.
// This is useful if the tribe node is connected to a
// protected monitored cluster: __marvel_user operations must be allowed.
if (enabled || isTribeNode(settings) || isTribeClientNode(settings)) {
modules.add(new MarvelShieldModule(settings));
}
if (enabled) {
modules.add(new MarvelModule());
modules.add(new LicenseModule());
@ -141,5 +133,6 @@ public class MarvelPlugin extends Plugin {
module.registerSetting(Setting.simpleString("marvel.agent.exporter.es.ssl.truststore.password", false, Setting.Scope.CLUSTER));
module.registerSetting(Setting.simpleString("marvel.agent.exporter.es.ssl.truststore.path", false, Setting.Scope.CLUSTER));
module.registerSetting(Setting.boolSetting("marvel.enabled", false, false, Setting.Scope.CLUSTER));
module.registerSettingsFilter("marvel.agent.exporters.auth.password");
}
}

View File

@ -17,8 +17,8 @@ import org.elasticsearch.marvel.agent.collector.AbstractCollector;
import org.elasticsearch.marvel.agent.exporter.MarvelDoc;
import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.license.MarvelLicensee;
import org.elasticsearch.marvel.shield.MarvelShieldIntegration;
import org.elasticsearch.shield.InternalClient;
import org.elasticsearch.shield.ShieldPlugin;
import java.util.ArrayList;
import java.util.Arrays;
@ -65,7 +65,7 @@ public class IndexRecoveryCollector extends AbstractCollector<IndexRecoveryColle
results.add(new IndexRecoveryMarvelDoc(clusterUUID(), TYPE, System.currentTimeMillis(), recoveryResponse));
}
} catch (IndexNotFoundException e) {
if (MarvelShieldIntegration.enabled(settings) && IndexNameExpressionResolver.isAllIndices(Arrays.asList(marvelSettings.indices()))) {
if (ShieldPlugin.shieldEnabled(settings) && IndexNameExpressionResolver.isAllIndices(Arrays.asList(marvelSettings.indices()))) {
logger.debug("collector [{}] - unable to collect data for missing index [{}]", name(), e.getIndex());
} else {
throw e;

View File

@ -18,8 +18,8 @@ import org.elasticsearch.marvel.agent.collector.AbstractCollector;
import org.elasticsearch.marvel.agent.exporter.MarvelDoc;
import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.license.MarvelLicensee;
import org.elasticsearch.marvel.shield.MarvelShieldIntegration;
import org.elasticsearch.shield.InternalClient;
import org.elasticsearch.shield.ShieldPlugin;
import java.util.ArrayList;
import java.util.Arrays;
@ -76,7 +76,7 @@ public class IndexStatsCollector extends AbstractCollector<IndexStatsCollector>
results.add(new IndexStatsMarvelDoc(clusterUUID, TYPE, timestamp, indexStats));
}
} catch (IndexNotFoundException e) {
if (MarvelShieldIntegration.enabled(settings) && IndexNameExpressionResolver.isAllIndices(Arrays.asList(marvelSettings.indices()))) {
if (ShieldPlugin.shieldEnabled(settings) && IndexNameExpressionResolver.isAllIndices(Arrays.asList(marvelSettings.indices()))) {
logger.debug("collector [{}] - unable to collect data for missing index [{}]", name(), e.getIndex());
} else {
throw e;

View File

@ -17,8 +17,8 @@ import org.elasticsearch.marvel.agent.collector.AbstractCollector;
import org.elasticsearch.marvel.agent.exporter.MarvelDoc;
import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.license.MarvelLicensee;
import org.elasticsearch.marvel.shield.MarvelShieldIntegration;
import org.elasticsearch.shield.InternalClient;
import org.elasticsearch.shield.ShieldPlugin;
import java.util.Arrays;
import java.util.Collection;
@ -63,7 +63,7 @@ public class IndicesStatsCollector extends AbstractCollector<IndicesStatsCollect
return Collections.singletonList(new IndicesStatsMarvelDoc(clusterUUID(), TYPE, System.currentTimeMillis(), indicesStats));
} catch (IndexNotFoundException e) {
if (MarvelShieldIntegration.enabled(settings) && IndexNameExpressionResolver.isAllIndices(Arrays.asList(marvelSettings.indices()))) {
if (ShieldPlugin.shieldEnabled(settings) && IndexNameExpressionResolver.isAllIndices(Arrays.asList(marvelSettings.indices()))) {
logger.debug("collector [{}] - unable to collect data for missing index [{}]", name(), e.getIndex());
return Collections.emptyList();
}

View File

@ -12,7 +12,6 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsException;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.shield.MarvelSettingsFilter;
import org.joda.time.format.DateTimeFormat;
import org.joda.time.format.DateTimeFormatter;
@ -123,9 +122,6 @@ public abstract class Exporter {
return singleton;
}
public void filterOutSensitiveSettings(String prefix, MarvelSettingsFilter filter) {
}
public abstract E create(Config config);
}

View File

@ -16,7 +16,6 @@ import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsException;
import org.elasticsearch.marvel.agent.exporter.local.LocalExporter;
import org.elasticsearch.marvel.shield.MarvelSettingsFilter;
import java.util.ArrayList;
import java.util.Collections;
@ -35,7 +34,6 @@ public class Exporters extends AbstractLifecycleComponent<Exporters> implements
public static final Setting<Settings> EXPORTERS_SETTING = Setting.groupSetting("marvel.agent.exporters.", true, Setting.Scope.CLUSTER);
private final Map<String, Exporter.Factory> factories;
private final MarvelSettingsFilter settingsFilter;
private final ClusterService clusterService;
private volatile CurrentExporters exporters = CurrentExporters.EMPTY;
@ -43,12 +41,11 @@ public class Exporters extends AbstractLifecycleComponent<Exporters> implements
@Inject
public Exporters(Settings settings, Map<String, Exporter.Factory> factories,
MarvelSettingsFilter settingsFilter, ClusterService clusterService,
ClusterService clusterService,
ClusterSettings clusterSettings) {
super(settings);
this.factories = factories;
this.settingsFilter = settingsFilter;
this.clusterService = clusterService;
exporterSettings = EXPORTERS_SETTING.get(settings);
clusterSettings.addSettingsUpdateConsumer(EXPORTERS_SETTING, this::setExportersSetting);
@ -148,7 +145,6 @@ public class Exporters extends AbstractLifecycleComponent<Exporters> implements
if (factory == null) {
throw new SettingsException("unknown exporter type [" + type + "] set for exporter [" + name + "]");
}
factory.filterOutSensitiveSettings(EXPORTERS_SETTING + ".*.", settingsFilter);
Exporter.Config config = new Exporter.Config(name, settings, exporterSettings);
if (!config.enabled()) {
hasDisabled = true;

View File

@ -28,7 +28,6 @@ import org.elasticsearch.marvel.agent.exporter.MarvelTemplateUtils;
import org.elasticsearch.marvel.agent.renderer.Renderer;
import org.elasticsearch.marvel.agent.renderer.RendererRegistry;
import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.shield.MarvelSettingsFilter;
import org.elasticsearch.marvel.support.VersionUtils;
import javax.net.ssl.HostnameVerifier;
@ -729,10 +728,5 @@ public class HttpExporter extends Exporter {
public HttpExporter create(Config config) {
return new HttpExporter(config, env, rendererRegistry);
}
@Override
public void filterOutSensitiveSettings(String prefix, MarvelSettingsFilter filter) {
filter.filterOut(prefix + AUTH_PASSWORD_SETTING);
}
}
}

View File

@ -1,43 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.marvel.shield;
import org.elasticsearch.common.inject.Inject;
/**
*
*/
public interface MarvelSettingsFilter {
void filterOut(String... patterns);
class Noop implements MarvelSettingsFilter {
public static Noop INSTANCE = new Noop();
private Noop() {
}
@Override
public void filterOut(String... patterns) {
}
}
class Shield implements MarvelSettingsFilter {
private final MarvelShieldIntegration shieldIntegration;
@Inject
public Shield(MarvelShieldIntegration shieldIntegration) {
this.shieldIntegration = shieldIntegration;
}
@Override
public void filterOut(String... patterns) {
shieldIntegration.filterOutSettings(patterns);
}
}
}

View File

@ -1,37 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.marvel.shield;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.Injector;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.ShieldSettingsFilter;
/**
*
*/
public class MarvelShieldIntegration {
private final ShieldSettingsFilter settingsFilter;
@Inject
public MarvelShieldIntegration(Settings settings, Injector injector) {
boolean enabled = enabled(settings);
settingsFilter = enabled ? injector.getInstance(ShieldSettingsFilter.class) : null;
}
public void filterOutSettings(String... patterns) {
if (settingsFilter != null) {
settingsFilter.filterOut(patterns);
}
}
public static boolean enabled(Settings settings) {
return ShieldPlugin.shieldEnabled(settings);
}
}

View File

@ -1,32 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.marvel.shield;
import org.elasticsearch.common.inject.AbstractModule;
import org.elasticsearch.common.settings.Settings;
/**
*
*/
public class MarvelShieldModule extends AbstractModule {
private final boolean shieldEnabled;
public MarvelShieldModule(Settings settings) {
this.shieldEnabled = MarvelShieldIntegration.enabled(settings);
}
@Override
protected void configure() {
bind(MarvelShieldIntegration.class).asEagerSingleton();
if (shieldEnabled) {
bind(MarvelSettingsFilter.Shield.class).asEagerSingleton();
bind(MarvelSettingsFilter.class).to(MarvelSettingsFilter.Shield.class);
} else {
bind(MarvelSettingsFilter.class).toInstance(MarvelSettingsFilter.Noop.INSTANCE);
}
}
}

View File

@ -35,6 +35,6 @@ public class MarvelPluginClientTests extends ESTestCase {
MarvelPlugin plugin = new MarvelPlugin(settings);
assertThat(plugin.isEnabled(), is(true));
Collection<Module> modules = plugin.nodeModules();
assertThat(modules.size(), is(6));
assertThat(modules.size(), is(5));
}
}

View File

@ -10,7 +10,6 @@ import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.marvel.agent.AgentService;
import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.shield.MarvelShieldIntegration;
import org.elasticsearch.marvel.test.MarvelIntegTestCase;
import org.elasticsearch.plugins.PluginInfo;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
@ -45,14 +44,12 @@ public class MarvelPluginTests extends MarvelIntegTestCase {
internalCluster().startNode(Settings.builder().put(MarvelPlugin.ENABLED, true).put(MarvelPlugin.TRIBE_NAME_SETTING, "t1").build());
assertPluginIsLoaded();
assertServiceIsBound(AgentService.class);
assertServiceIsBound(MarvelShieldIntegration.class);
}
public void testMarvelDisabledOnTribeNode() {
internalCluster().startNode(Settings.builder().put(MarvelPlugin.TRIBE_NAME_SETTING, "t1").build());
assertPluginIsLoaded();
assertServiceIsNotBound(AgentService.class);
assertServiceIsBound(MarvelShieldIntegration.class);
}
private void assertPluginIsLoaded() {

View File

@ -15,7 +15,6 @@ import org.elasticsearch.marvel.agent.exporter.local.LocalExporter;
import org.elasticsearch.marvel.agent.renderer.RendererRegistry;
import org.elasticsearch.marvel.agent.settings.MarvelSettings;
import org.elasticsearch.marvel.cleaner.CleanerService;
import org.elasticsearch.marvel.shield.MarvelSettingsFilter;
import org.elasticsearch.shield.InternalClient;
import org.elasticsearch.test.ESTestCase;
import org.junit.Before;
@ -46,7 +45,6 @@ import static org.mockito.Mockito.when;
public class ExportersTests extends ESTestCase {
private Exporters exporters;
private Map<String, Exporter.Factory> factories;
private MarvelSettingsFilter settingsFilter;
private ClusterService clusterService;
private ClusterSettings clusterSettings;
@ -61,8 +59,7 @@ public class ExportersTests extends ESTestCase {
// we always need to have the local exporter as it serves as the default one
factories.put(LocalExporter.TYPE, new LocalExporter.Factory(new InternalClient.Insecure(client), clusterService, mock(RendererRegistry.class), mock(CleanerService.class)));
clusterSettings = new ClusterSettings(Settings.EMPTY, new HashSet<>(Arrays.asList(MarvelSettings.COLLECTORS_SETTING, MarvelSettings.INTERVAL_SETTING, Exporters.EXPORTERS_SETTING)));
settingsFilter = mock(MarvelSettingsFilter.class);
exporters = new Exporters(Settings.EMPTY, factories, settingsFilter, clusterService, clusterSettings);
exporters = new Exporters(Settings.EMPTY, factories, clusterService, clusterSettings);
}
public void testInitExportersDefault() throws Exception {
@ -178,7 +175,7 @@ public class ExportersTests extends ESTestCase {
exporters = new Exporters(Settings.builder()
.put("marvel.agent.exporters._name0.type", "_type")
.put("marvel.agent.exporters._name1.type", "_type")
.build(), factories, settingsFilter, clusterService, clusterSettings) {
.build(), factories, clusterService, clusterSettings) {
@Override
CurrentExporters initExporters(Settings settings) {
settingsHolder.set(settings);
@ -215,7 +212,7 @@ public class ExportersTests extends ESTestCase {
Exporters exporters = new Exporters(Settings.builder()
.put("marvel.agent.exporters._name0.type", "mock")
.put("marvel.agent.exporters._name1.type", "mock_master_only")
.build(), factories, settingsFilter, clusterService, clusterSettings);
.build(), factories, clusterService, clusterSettings);
exporters.start();
DiscoveryNode localNode = mock(DiscoveryNode.class);
@ -239,7 +236,7 @@ public class ExportersTests extends ESTestCase {
Exporters exporters = new Exporters(Settings.builder()
.put("marvel.agent.exporters._name0.type", "mock")
.put("marvel.agent.exporters._name1.type", "mock_master_only")
.build(), factories, settingsFilter, clusterService, clusterSettings);
.build(), factories, clusterService, clusterSettings);
exporters.start();
DiscoveryNode localNode = mock(DiscoveryNode.class);

View File

@ -23,9 +23,7 @@ public class ShieldModule extends AbstractShieldModule {
bind(SecurityContext.Secure.class).asEagerSingleton();
bind(SecurityContext.class).to(SecurityContext.Secure.class);
bind(ShieldLifecycleService.class).asEagerSingleton();
bind(ShieldSettingsFilter.class).asEagerSingleton();
bind(ShieldTemplateService.class).asEagerSingleton();
bind(InternalClient.Secure.class).asEagerSingleton();
bind(InternalClient.class).to(InternalClient.Secure.class);
}

View File

@ -39,6 +39,7 @@ import org.elasticsearch.shield.audit.AuditTrailModule;
import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail;
import org.elasticsearch.shield.authc.AuthenticationModule;
import org.elasticsearch.shield.authc.Realms;
import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.shield.authz.AuthorizationModule;
@ -186,6 +187,19 @@ public class ShieldPlugin extends Plugin {
settingsModule.registerSetting(Setting.boolSetting("plugins.load_classpath_plugins", true, false, Setting.Scope.CLUSTER));
// TODO add real settings for this wildcard here
settingsModule.registerSetting(Setting.groupSetting("shield.", false, Setting.Scope.CLUSTER));
String[] asArray = settings.getAsArray("shield.hide_settings");
for (String pattern : asArray) {
settingsModule.registerSettingsFilter(pattern);
}
settingsModule.registerSettingsFilter("shield.hide_settings");
settingsModule.registerSettingsFilter("shield.ssl.*");
settingsModule.registerSettingsFilter("shield.authc.realms.*.bind_dn");
settingsModule.registerSettingsFilter("shield.authc.realms.*.bind_password");
settingsModule.registerSettingsFilter("shield.authc.realms.*." + SessionFactory.HOSTNAME_VERIFICATION_SETTING);
settingsModule.registerSettingsFilter("shield.authc.realms.*.truststore.password");
settingsModule.registerSettingsFilter("shield.authc.realms.*.truststore.path");
settingsModule.registerSettingsFilter("shield.authc.realms.*.truststore.algorithm");
settingsModule.registerSettingsFilter("transport.profiles.*.shield.*");
}
@Override

View File

@ -1,33 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.shield;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsFilter;
/**
*
*/
public class ShieldSettingsFilter {
static final String HIDE_SETTINGS_SETTING = "shield.hide_settings";
private final SettingsFilter filter;
@Inject
public ShieldSettingsFilter(Settings settings, SettingsFilter settingsFilter) {
this.filter = settingsFilter;
filter.addFilter(HIDE_SETTINGS_SETTING);
filterOut(settings.getAsArray(HIDE_SETTINGS_SETTING));
}
public void filterOut(String... patterns) {
for (String pattern : patterns) {
filter.addFilter(pattern);
}
}
}

View File

@ -7,7 +7,6 @@ package org.elasticsearch.shield.authc;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.User;
/**
@ -122,9 +121,6 @@ public abstract class Realm<T extends AuthenticationToken> implements Comparable
return internal;
}
public void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) {
}
/**
* Creates a new realm based on the given settigns.
*

View File

@ -10,7 +10,6 @@ import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.authc.esnative.ESNativeRealm;
import org.elasticsearch.shield.authc.esusers.ESUsersRealm;
import org.elasticsearch.shield.license.ShieldLicenseState;
@ -30,7 +29,6 @@ public class Realms extends AbstractLifecycleComponent<Realms> implements Iterab
private final Environment env;
private final Map<String, Realm.Factory> factories;
private final ShieldSettingsFilter settingsFilter;
private final ShieldLicenseState shieldLicenseState;
protected List<Realm> realms = Collections.emptyList();
@ -38,12 +36,10 @@ public class Realms extends AbstractLifecycleComponent<Realms> implements Iterab
protected List<Realm> internalRealmsOnly = Collections.emptyList();
@Inject
public Realms(Settings settings, Environment env, Map<String, Realm.Factory> factories,
ShieldSettingsFilter settingsFilter, ShieldLicenseState shieldLicenseState) {
public Realms(Settings settings, Environment env, Map<String, Realm.Factory> factories, ShieldLicenseState shieldLicenseState) {
super(settings);
this.env = env;
this.factories = factories;
this.settingsFilter = settingsFilter;
this.shieldLicenseState = shieldLicenseState;
}
@ -108,7 +104,6 @@ public class Realms extends AbstractLifecycleComponent<Realms> implements Iterab
if (factory == null) {
throw new IllegalArgumentException("unknown realm type [" + type + "] set for realm [" + name + "]");
}
factory.filterOutSensitiveSettings(name, settingsFilter);
RealmConfig config = new RealmConfig(name, realmSettings, settings, env);
if (!config.enabled()) {
if (logger.isDebugEnabled()) {

View File

@ -7,7 +7,6 @@ package org.elasticsearch.shield.authc.activedirectory;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.shield.authc.ldap.support.AbstractLdapRealm;
import org.elasticsearch.shield.authc.support.DnRoleMapper;
@ -40,11 +39,6 @@ public class ActiveDirectoryRealm extends AbstractLdapRealm {
this.clientSSLService = clientSSLService;
}
@Override
public void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) {
ActiveDirectorySessionFactory.filterOutSensitiveSettings(realmName, filter);
}
@Override
public ActiveDirectoryRealm create(RealmConfig config) {
ActiveDirectorySessionFactory connectionFactory = new ActiveDirectorySessionFactory(config, clientSSLService);

View File

@ -11,7 +11,6 @@ import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResult;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
import org.elasticsearch.shield.authc.ldap.support.LdapSession;
@ -62,9 +61,6 @@ public class ActiveDirectorySessionFactory extends SessionFactory {
groupResolver = new ActiveDirectoryGroupsResolver(settings.getAsSettings("group_search"), domainDN);
}
static void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) {
filter.filterOut("shield.authc.realms." + realmName + "." + HOSTNAME_VERIFICATION_SETTING);
}
@Override
protected LDAPServers ldapServers(Settings settings) {

View File

@ -9,7 +9,6 @@ import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.shield.authc.ldap.support.AbstractLdapRealm;
import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
@ -42,11 +41,6 @@ public class LdapRealm extends AbstractLdapRealm {
this.clientSSLService = clientSSLService;
}
@Override
public void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) {
LdapUserSearchSessionFactory.filterOutSensitiveSettings(realmName, filter);
}
@Override
public LdapRealm create(RealmConfig config) {
try {

View File

@ -17,7 +17,6 @@ import org.elasticsearch.common.Strings;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.shield.authc.ldap.support.LdapSearchScope;
import org.elasticsearch.shield.authc.ldap.support.LdapSession;
@ -73,12 +72,6 @@ public class LdapUserSearchSessionFactory extends SessionFactory {
return connectionPool;
}
static void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) {
filter.filterOut("shield.authc.realms." + realmName + ".bind_dn");
filter.filterOut("shield.authc.realms." + realmName + ".bind_password");
filter.filterOut("shield.authc.realms." + realmName + "." + HOSTNAME_VERIFICATION_SETTING);
}
static LDAPConnectionPool createConnectionPool(RealmConfig config, ServerSet serverSet, TimeValue timeout, ESLogger logger) {
Settings settings = config.settings();
SimpleBindRequest bindRequest = bindRequest(settings);

View File

@ -11,7 +11,6 @@ import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.shield.authc.Realm;
@ -183,12 +182,6 @@ public class PkiRealm extends Realm<X509AuthenticationToken> {
return trustManagerList.toArray(new X509TrustManager[trustManagerList.size()]);
}
static void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) {
filter.filterOut("shield.authc.realms." + realmName + "." + "truststore.password");
filter.filterOut("shield.authc.realms." + realmName + "." + "truststore.path");
filter.filterOut("shield.authc.realms." + realmName + "." + "truststore.algorithm");
}
/**
* Checks to see if both SSL and Client authentication are enabled on at least one network communication layer. If
* not an error message will be logged
@ -234,11 +227,6 @@ public class PkiRealm extends Realm<X509AuthenticationToken> {
this.watcherService = watcherService;
}
@Override
public void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) {
PkiRealm.filterOutSensitiveSettings(realmName, filter);
}
@Override
public PkiRealm create(RealmConfig config) {
DnRoleMapper roleMapper = new DnRoleMapper(TYPE, config, watcherService, null);

View File

@ -8,17 +8,12 @@ package org.elasticsearch.shield.ssl;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldSettingsFilter;
public class ServerSSLService extends AbstractSSLService {
@Inject
public ServerSSLService(Settings settings, ShieldSettingsFilter settingsFilter, Environment environment) {
public ServerSSLService(Settings settings, Environment environment) {
super(settings, environment);
// we need to filter out all this sensitive information from all rest
// responses
settingsFilter.filterOut("shield.ssl.*");
}
@Override

View File

@ -13,7 +13,6 @@ import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.BigArrays;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.ssl.ClientSSLService;
import org.elasticsearch.shield.ssl.ServerSSLService;
import org.elasticsearch.shield.transport.SSLClientAuth;
@ -51,20 +50,18 @@ public class ShieldNettyTransport extends NettyTransport {
private final ServerSSLService serverSslService;
private final ClientSSLService clientSSLService;
private final ShieldSettingsFilter settingsFilter;
private final @Nullable IPFilter authenticator;
private final boolean ssl;
@Inject
public ShieldNettyTransport(Settings settings, ThreadPool threadPool, NetworkService networkService, BigArrays bigArrays, Version version,
@Nullable IPFilter authenticator, @Nullable ServerSSLService serverSSLService, ClientSSLService clientSSLService,
ShieldSettingsFilter settingsFilter, NamedWriteableRegistry namedWriteableRegistry) {
NamedWriteableRegistry namedWriteableRegistry) {
super(settings, threadPool, networkService, bigArrays, version, namedWriteableRegistry);
this.authenticator = authenticator;
this.ssl = settings.getAsBoolean(TRANSPORT_SSL_SETTING, TRANSPORT_SSL_DEFAULT);
this.serverSslService = serverSSLService;
this.clientSSLService = clientSSLService;
this.settingsFilter = settingsFilter;
}
@Override
@ -120,7 +117,6 @@ public class ShieldNettyTransport extends NettyTransport {
public SslServerChannelPipelineFactory(NettyTransport nettyTransport, String name, Settings settings, Settings profileSettings) {
super(nettyTransport, name, settings);
this.profileSettings = profileSettings;
settingsFilter.filterOut("transport.profiles." + name + ".shield.*");
}
@Override

View File

@ -12,7 +12,6 @@ import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsFilter;
import org.elasticsearch.common.settings.SettingsModule;
import org.elasticsearch.indices.breaker.CircuitBreakerModule;
import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail;
@ -35,7 +34,7 @@ public class AuditTrailModuleTests extends ESTestCase {
.put("client.type", "node")
.put("shield.audit.enabled", false)
.build();
SettingsModule settingsModule = new SettingsModule(settings, new SettingsFilter(settings));
SettingsModule settingsModule = new SettingsModule(settings);
settingsModule.registerSetting(Setting.boolSetting("shield.audit.enabled", true, false, Setting.Scope.CLUSTER));
Injector injector = Guice.createInjector(settingsModule, new AuditTrailModule(settings));
AuditTrail auditTrail = injector.getInstance(AuditTrail.class);
@ -45,7 +44,7 @@ public class AuditTrailModuleTests extends ESTestCase {
public void testDisabledByDefault() throws Exception {
Settings settings = Settings.builder()
.put("client.type", "node").build();
Injector injector = Guice.createInjector(new SettingsModule(settings, new SettingsFilter(settings)), new AuditTrailModule(settings));
Injector injector = Guice.createInjector(new SettingsModule(settings), new AuditTrailModule(settings));
AuditTrail auditTrail = injector.getInstance(AuditTrail.class);
assertThat(auditTrail, is(AuditTrail.NOOP));
}
@ -57,7 +56,7 @@ public class AuditTrailModuleTests extends ESTestCase {
.build();
ThreadPool pool = new ThreadPool("testLogFile");
try {
SettingsModule settingsModule = new SettingsModule(settings, new SettingsFilter(settings));
SettingsModule settingsModule = new SettingsModule(settings);
settingsModule.registerSetting(Setting.boolSetting("shield.audit.enabled", true, false, Setting.Scope.CLUSTER));
Injector injector = Guice.createInjector(
settingsModule,
@ -89,7 +88,7 @@ public class AuditTrailModuleTests extends ESTestCase {
.put("shield.audit.outputs" , "foo")
.put("client.type", "node")
.build();
SettingsModule settingsModule = new SettingsModule(settings, new SettingsFilter(settings));
SettingsModule settingsModule = new SettingsModule(settings);
settingsModule.registerSetting(Setting.boolSetting("shield.audit.enabled", true, false, Setting.Scope.CLUSTER));
settingsModule.registerSetting(Setting.simpleString("shield.audit.outputs", false, Setting.Scope.CLUSTER));
try {

View File

@ -13,7 +13,6 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.SystemUser;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.audit.AuditTrail;
@ -86,7 +85,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
Settings settings = Settings.builder().put("path.home", createTempDir()).build();
ShieldLicenseState shieldLicenseState = mock(ShieldLicenseState.class);
when(shieldLicenseState.customRealmsEnabled()).thenReturn(true);
realms = new Realms(Settings.EMPTY, new Environment(settings), Collections.<String, Realm.Factory>emptyMap(), mock(ShieldSettingsFilter.class), shieldLicenseState) {
realms = new Realms(Settings.EMPTY, new Environment(settings), Collections.<String, Realm.Factory>emptyMap(), shieldLicenseState) {
@Override
protected void doStart() {

View File

@ -8,7 +8,6 @@ package org.elasticsearch.shield.authc;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.esusers.ESUsersRealm;
import org.elasticsearch.shield.authc.ldap.LdapRealm;
@ -36,7 +35,6 @@ import static org.mockito.Mockito.when;
*/
public class RealmsTests extends ESTestCase {
private Map<String, Realm.Factory> factories;
private ShieldSettingsFilter settingsFilter;
private ShieldLicenseState shieldLicenseState;
@Before
@ -47,7 +45,6 @@ public class RealmsTests extends ESTestCase {
DummyRealm.Factory factory = new DummyRealm.Factory("type_" + i, rarely());
factories.put("type_" + i, factory);
}
settingsFilter = mock(ShieldSettingsFilter.class);
shieldLicenseState = mock(ShieldLicenseState.class);
when(shieldLicenseState.customRealmsEnabled()).thenReturn(true);
}
@ -68,7 +65,7 @@ public class RealmsTests extends ESTestCase {
}
Settings settings = builder.build();
Environment env = new Environment(settings);
Realms realms = new Realms(settings, env, factories, settingsFilter, shieldLicenseState);
Realms realms = new Realms(settings, env, factories, shieldLicenseState);
realms.start();
int i = 0;
for (Realm realm : realms) {
@ -90,7 +87,7 @@ public class RealmsTests extends ESTestCase {
.build();
Environment env = new Environment(settings);
try {
new Realms(settings, env, factories, settingsFilter, shieldLicenseState).start();
new Realms(settings, env, factories, shieldLicenseState).start();
fail("Expected IllegalArgumentException");
} catch (IllegalArgumentException e) {
assertThat(e.getMessage(), containsString("multiple [esusers] realms are configured"));
@ -99,7 +96,7 @@ public class RealmsTests extends ESTestCase {
public void testWithEmptySettings() throws Exception {
Realms realms = new Realms(Settings.EMPTY, new Environment(Settings.builder().put("path.home", createTempDir()).build()),
factories, settingsFilter, shieldLicenseState);
factories, shieldLicenseState);
realms.start();
Iterator<Realm> iter = realms.iterator();
assertThat(iter.hasNext(), is(true));
@ -126,7 +123,7 @@ public class RealmsTests extends ESTestCase {
}
Settings settings = builder.build();
Environment env = new Environment(settings);
Realms realms = new Realms(settings, env, factories, settingsFilter, shieldLicenseState);
Realms realms = new Realms(settings, env, factories, shieldLicenseState);
realms.start();
int i = 0;
// this is the iterator when licensed
@ -158,7 +155,7 @@ public class RealmsTests extends ESTestCase {
.put("shield.authc.realms.custom.order", "1");
Settings settings = builder.build();
Environment env = new Environment(settings);
Realms realms = new Realms(settings, env, factories, settingsFilter, shieldLicenseState);
Realms realms = new Realms(settings, env, factories, shieldLicenseState);
realms.start();
int i = 0;
// this is the iterator when licensed
@ -199,7 +196,7 @@ public class RealmsTests extends ESTestCase {
}
Settings settings = builder.build();
Environment env = new Environment(settings);
Realms realms = new Realms(settings, env, factories, mock(ShieldSettingsFilter.class), shieldLicenseState);
Realms realms = new Realms(settings, env, factories, shieldLicenseState);
realms.start();
Iterator<Realm> iterator = realms.iterator();

View File

@ -9,7 +9,6 @@ import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.test.ESTestCase;
import org.junit.Before;
@ -37,13 +36,11 @@ import static org.mockito.Mockito.mock;
public class ServerSSLServiceTests extends ESTestCase {
Path testnodeStore;
ShieldSettingsFilter settingsFilter;
Environment env;
@Before
public void setup() throws Exception {
testnodeStore = getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks");
settingsFilter = mock(ShieldSettingsFilter.class);
env = new Environment(settingsBuilder().put("path.home", createTempDir()).build());
}
@ -56,7 +53,7 @@ public class ServerSSLServiceTests extends ESTestCase {
.put("shield.ssl.truststore.password", "testnode")
.build();
try {
new ServerSSLService(settings, settingsFilter, env).createSSLEngine();
new ServerSSLService(settings, env).createSSLEngine();
fail("expected an exception");
} catch (ElasticsearchException e) {
assertThat(e.getMessage(), containsString("failed to initialize the SSLContext"));
@ -70,7 +67,7 @@ public class ServerSSLServiceTests extends ESTestCase {
.put("shield.ssl.keystore.path", testnodeStore)
.put("shield.ssl.keystore.password", "testnode")
.build();
ServerSSLService sslService = new ServerSSLService(settings, settingsFilter, env);
ServerSSLService sslService = new ServerSSLService(settings, env);
Settings.Builder settingsBuilder = settingsBuilder()
.put("truststore.path", testClientStore)
@ -87,7 +84,7 @@ public class ServerSSLServiceTests extends ESTestCase {
ServerSSLService sslService = new ServerSSLService(settingsBuilder()
.put("shield.ssl.keystore.path", testnodeStore)
.put("shield.ssl.keystore.password", "testnode")
.build(), settingsFilter, env);
.build(), env);
SSLContext sslContext = sslService.sslContext();
SSLContext cachedSslContext = sslService.sslContext();
@ -101,7 +98,7 @@ public class ServerSSLServiceTests extends ESTestCase {
.put("shield.ssl.keystore.path", differentPasswordsStore)
.put("shield.ssl.keystore.password", "testnode")
.put("shield.ssl.keystore.key_password", "testnode1")
.build(), settingsFilter, env).createSSLEngine();
.build(), env).createSSLEngine();
}
public void testIncorrectKeyPasswordThrowsException() throws Exception {
@ -110,7 +107,7 @@ public class ServerSSLServiceTests extends ESTestCase {
new ServerSSLService(settingsBuilder()
.put("shield.ssl.keystore.path", differentPasswordsStore)
.put("shield.ssl.keystore.password", "testnode")
.build(), settingsFilter, env).createSSLEngine();
.build(), env).createSSLEngine();
fail("expected an exception");
} catch (ElasticsearchException e) {
assertThat(e.getMessage(), containsString("failed to initialize a KeyManagerFactory"));
@ -121,7 +118,7 @@ public class ServerSSLServiceTests extends ESTestCase {
ServerSSLService sslService = new ServerSSLService(settingsBuilder()
.put("shield.ssl.keystore.path", testnodeStore)
.put("shield.ssl.keystore.password", "testnode")
.build(), settingsFilter, env);
.build(), env);
SSLEngine engine = sslService.createSSLEngine();
assertThat(Arrays.asList(engine.getEnabledProtocols()), not(hasItem("SSLv3")));
}
@ -130,7 +127,7 @@ public class ServerSSLServiceTests extends ESTestCase {
ServerSSLService sslService = new ServerSSLService(settingsBuilder()
.put("shield.ssl.keystore.path", testnodeStore)
.put("shield.ssl.keystore.password", "testnode")
.build(), settingsFilter, env);
.build(), env);
SSLSessionContext context = sslService.sslContext().getServerSessionContext();
assertThat(context.getSessionCacheSize(), equalTo(1000));
assertThat(context.getSessionTimeout(), equalTo((int) TimeValue.timeValueHours(24).seconds()));
@ -142,14 +139,14 @@ public class ServerSSLServiceTests extends ESTestCase {
.put("shield.ssl.keystore.password", "testnode")
.put("shield.ssl.session.cache_size", "300")
.put("shield.ssl.session.cache_timeout", "600s")
.build(), settingsFilter, env);
.build(), env);
SSLSessionContext context = sslService.sslContext().getServerSessionContext();
assertThat(context.getSessionCacheSize(), equalTo(300));
assertThat(context.getSessionTimeout(), equalTo(600));
}
public void testThatCreateSSLEngineWithoutAnySettingsDoesNotWork() throws Exception {
ServerSSLService sslService = new ServerSSLService(Settings.EMPTY, settingsFilter, env);
ServerSSLService sslService = new ServerSSLService(Settings.EMPTY, env);
try {
sslService.createSSLEngine();
fail("Expected IllegalArgumentException");
@ -162,7 +159,7 @@ public class ServerSSLServiceTests extends ESTestCase {
ServerSSLService sslService = new ServerSSLService(settingsBuilder()
.put("shield.ssl.truststore.path", testnodeStore)
.put("shield.ssl.truststore.password", "testnode")
.build(), settingsFilter, env);
.build(), env);
try {
sslService.createSSLEngine();
fail("Expected IllegalArgumentException");
@ -176,7 +173,7 @@ public class ServerSSLServiceTests extends ESTestCase {
.put("shield.ssl.keystore.path", testnodeStore)
.put("shield.ssl.keystore.password", "testnode")
.put("shield.ssl.truststore.path", testnodeStore)
.build(), settingsFilter, env);
.build(), env);
try {
sslService.sslContext();
fail("Expected IllegalArgumentException");
@ -188,7 +185,7 @@ public class ServerSSLServiceTests extends ESTestCase {
public void testThatKeystorePasswordIsRequired() throws Exception {
ServerSSLService sslService = new ServerSSLService(settingsBuilder()
.put("shield.ssl.keystore.path", testnodeStore)
.build(), settingsFilter, env);
.build(), env);
try {
sslService.sslContext();
fail("Expected IllegalArgumentException");
@ -205,7 +202,7 @@ public class ServerSSLServiceTests extends ESTestCase {
.put("shield.ssl.keystore.path", testnodeStore)
.put("shield.ssl.keystore.password", "testnode")
.putArray("shield.ssl.ciphers", ciphers.toArray(new String[ciphers.size()]))
.build(), settingsFilter, env);
.build(), env);
SSLEngine engine = sslService.createSSLEngine();
assertThat(engine, is(notNullValue()));
String[] enabledCiphers = engine.getEnabledCipherSuites();
@ -217,7 +214,7 @@ public class ServerSSLServiceTests extends ESTestCase {
.put("shield.ssl.keystore.path", testnodeStore)
.put("shield.ssl.keystore.password", "testnode")
.putArray("shield.ssl.ciphers", new String[] { "foo", "bar" })
.build(), settingsFilter, env);
.build(), env);
try {
sslService.createSSLEngine();
fail("Expected IllegalArgumentException");
@ -231,7 +228,7 @@ public class ServerSSLServiceTests extends ESTestCase {
ServerSSLService sslService = new ServerSSLService(settingsBuilder()
.put("shield.ssl.keystore.path", testnodeStore)
.put("shield.ssl.keystore.password", "testnode")
.build(), settingsFilter, env);
.build(), env);
SSLSocketFactory factory = sslService.sslSocketFactory();
assertThat(factory.getDefaultCipherSuites(), is(sslService.ciphers()));

View File

@ -9,7 +9,6 @@ import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsFilter;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.ssl.ServerSSLService;
import org.elasticsearch.test.ESTestCase;
import org.jboss.netty.bootstrap.ClientBootstrap;
@ -77,8 +76,7 @@ public class HandshakeWaitingHandlerTests extends ESTestCase {
.put("shield.ssl.keystore.password", "testnode")
.build();
Environment env = new Environment(settingsBuilder().put("path.home", createTempDir()).build());
ShieldSettingsFilter settingsFilter = new ShieldSettingsFilter(settings, new SettingsFilter(settings));
ServerSSLService sslService = new ServerSSLService(settings, settingsFilter, env);
ServerSSLService sslService = new ServerSSLService(settings, env);
sslContext = sslService.sslContext();

View File

@ -11,7 +11,6 @@ import org.elasticsearch.common.settings.SettingsFilter;
import org.elasticsearch.common.util.BigArrays;
import org.elasticsearch.env.Environment;
import org.elasticsearch.http.netty.NettyHttpMockUtil;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.ssl.ServerSSLService;
import org.elasticsearch.shield.transport.SSLClientAuth;
import org.elasticsearch.shield.transport.filter.IPFilter;
@ -40,8 +39,7 @@ public class ShieldNettyHttpServerTransportTests extends ESTestCase {
.put("shield.ssl.keystore.password", "testnode")
.build();
Environment env = new Environment(settingsBuilder().put("path.home", createTempDir()).build());
ShieldSettingsFilter settingsFilter = new ShieldSettingsFilter(settings, new SettingsFilter(settings));
serverSSLService = new ServerSSLService(settings, settingsFilter, env);
serverSSLService = new ServerSSLService(settings, env);
}
public void testDefaultClientAuth() throws Exception {

View File

@ -12,7 +12,6 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsFilter;
import org.elasticsearch.common.util.BigArrays;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldSettingsFilter;
import org.elasticsearch.shield.ssl.ClientSSLService;
import org.elasticsearch.shield.ssl.ServerSSLService;
import org.elasticsearch.shield.transport.SSLClientAuth;
@ -35,7 +34,6 @@ import static org.mockito.Mockito.mock;
public class ShieldNettyTransportTests extends ESTestCase {
private ServerSSLService serverSSLService;
private ClientSSLService clientSSLService;
private ShieldSettingsFilter settingsFilter;
@Before
public void createSSLService() throws Exception {
@ -45,15 +43,14 @@ public class ShieldNettyTransportTests extends ESTestCase {
.put("shield.ssl.keystore.password", "testnode")
.build();
Environment env = new Environment(settingsBuilder().put("path.home", createTempDir()).build());
settingsFilter = new ShieldSettingsFilter(settings, new SettingsFilter(settings));
serverSSLService = new ServerSSLService(settings, settingsFilter, env);
serverSSLService = new ServerSSLService(settings, env);
clientSSLService = new ClientSSLService(settings);
clientSSLService.setEnvironment(env);
}
public void testThatSSLCanBeDisabledByProfile() throws Exception {
Settings settings = settingsBuilder().put("shield.transport.ssl", true).build();
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class));
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", settingsBuilder().put("shield.ssl", false).build());
assertThat(factory.getPipeline().get(SslHandler.class), nullValue());
@ -61,7 +58,7 @@ public class ShieldNettyTransportTests extends ESTestCase {
public void testThatSSLCanBeEnabledByProfile() throws Exception {
Settings settings = settingsBuilder().put("shield.transport.ssl", false).build();
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class));
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", settingsBuilder().put("shield.ssl", true).build());
assertThat(factory.getPipeline().get(SslHandler.class), notNullValue());
@ -69,7 +66,7 @@ public class ShieldNettyTransportTests extends ESTestCase {
public void testThatProfileTakesDefaultSSLSetting() throws Exception {
Settings settings = settingsBuilder().put("shield.transport.ssl", true).build();
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class));
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY);
assertThat(factory.getPipeline().get(SslHandler.class).getEngine(), notNullValue());
@ -77,7 +74,7 @@ public class ShieldNettyTransportTests extends ESTestCase {
public void testDefaultClientAuth() throws Exception {
Settings settings = settingsBuilder().put("shield.transport.ssl", true).build();
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class));
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY);
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true));
@ -89,7 +86,7 @@ public class ShieldNettyTransportTests extends ESTestCase {
Settings settings = settingsBuilder()
.put("shield.transport.ssl", true)
.put(ShieldNettyTransport.TRANSPORT_CLIENT_AUTH_SETTING, value).build();
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class));
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY);
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true));
@ -101,7 +98,7 @@ public class ShieldNettyTransportTests extends ESTestCase {
Settings settings = settingsBuilder()
.put("shield.transport.ssl", true)
.put(ShieldNettyTransport.TRANSPORT_CLIENT_AUTH_SETTING, value).build();
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class));
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY);
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));
@ -113,7 +110,7 @@ public class ShieldNettyTransportTests extends ESTestCase {
Settings settings = settingsBuilder()
.put("shield.transport.ssl", true)
.put(ShieldNettyTransport.TRANSPORT_CLIENT_AUTH_SETTING, value).build();
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class));
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY);
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));
@ -123,7 +120,7 @@ public class ShieldNettyTransportTests extends ESTestCase {
public void testProfileRequiredClientAuth() throws Exception {
String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true", "TRUE");
Settings settings = settingsBuilder().put("shield.transport.ssl", true).build();
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class));
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.builder().put(ShieldNettyTransport.TRANSPORT_PROFILE_CLIENT_AUTH_SETTING, value).build());
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true));
@ -133,7 +130,7 @@ public class ShieldNettyTransportTests extends ESTestCase {
public void testProfileNoClientAuth() throws Exception {
String value = randomFrom(SSLClientAuth.NO.name(), "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT));
Settings settings = settingsBuilder().put("shield.transport.ssl", true).build();
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class));
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.builder().put(ShieldNettyTransport.TRANSPORT_PROFILE_CLIENT_AUTH_SETTING, value).build());
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));
@ -143,7 +140,7 @@ public class ShieldNettyTransportTests extends ESTestCase {
public void testProfileOptionalClientAuth() throws Exception {
String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT));
Settings settings = settingsBuilder().put("shield.transport.ssl", true).build();
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, settingsFilter, mock(NamedWriteableRegistry.class));
ShieldNettyTransport transport = new ShieldNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), Version.CURRENT, null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.builder().put(ShieldNettyTransport.TRANSPORT_PROFILE_CLIENT_AUTH_SETTING, value).build());
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));

View File

@ -28,6 +28,7 @@ import org.elasticsearch.watcher.actions.email.service.InternalEmailService;
import org.elasticsearch.watcher.actions.hipchat.service.HipChatService;
import org.elasticsearch.watcher.actions.hipchat.service.InternalHipChatService;
import org.elasticsearch.watcher.actions.pagerduty.service.InternalPagerDutyService;
import org.elasticsearch.watcher.actions.pagerduty.service.PagerDutyAccount;
import org.elasticsearch.watcher.actions.pagerduty.service.PagerDutyService;
import org.elasticsearch.watcher.actions.slack.service.InternalSlackService;
import org.elasticsearch.watcher.actions.slack.service.SlackService;
@ -217,6 +218,14 @@ public class WatcherPlugin extends Plugin {
module.registerSetting(Setting.simpleString("watcher.execution.scroll.timeout", false, Setting.Scope.CLUSTER));
module.registerSetting(Setting.simpleString("watcher.start_immediately", false, Setting.Scope.CLUSTER));
module.registerSetting(Setting.simpleString("watcher.http.default_connection_timeout", false, Setting.Scope.CLUSTER));
module.registerSettingsFilter("watcher.actions.email.service.account.*.smtp.password");
module.registerSettingsFilter("watcher.actions.slack.service.account.*.url");
module.registerSettingsFilter("watcher.actions.hipchat.service.account.*.url");
module.registerSettingsFilter("watcher.actions.pagerduty.service.account.*.url");
module.registerSettingsFilter("watcher.actions.pagerduty.service." + PagerDutyAccount.SERVICE_KEY_SETTING);
module.registerSettingsFilter("watcher.actions.pagerduty.service.account.*." + PagerDutyAccount.SERVICE_KEY_SETTING);
module.registerSettingsFilter("watcher.actions.hipchat.service.account.*.auth_token");
}
public void onModule(NetworkModule module) {

View File

@ -12,7 +12,6 @@ import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.watcher.shield.WatcherSettingsFilter;
import org.elasticsearch.watcher.support.secret.SecretService;
import javax.mail.MessagingException;
@ -30,11 +29,10 @@ public class InternalEmailService extends AbstractLifecycleComponent<EmailServic
@Inject
public InternalEmailService(Settings settings, SecretService secretService, ClusterSettings clusterSettings, WatcherSettingsFilter settingsFilter) {
public InternalEmailService(Settings settings, SecretService secretService, ClusterSettings clusterSettings) {
super(settings);
this.secretService = secretService;
clusterSettings.addSettingsUpdateConsumer(EMAIL_ACCOUNT_SETTING, this::setEmailAccountSettings);
settingsFilter.filterOut("watcher.actions.email.service.account.*.smtp.password");
setEmailAccountSettings(EMAIL_ACCOUNT_SETTING.get(settings));
}

View File

@ -10,7 +10,6 @@ import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.watcher.shield.WatcherSettingsFilter;
import org.elasticsearch.watcher.support.http.HttpClient;
/**
@ -23,10 +22,9 @@ public class InternalHipChatService extends AbstractLifecycleComponent<HipChatSe
public static final Setting<Settings> HIPCHAT_ACCOUNT_SETTING = Setting.groupSetting("watcher.actions.hipchat.service.", true, Setting.Scope.CLUSTER);
@Inject
public InternalHipChatService(Settings settings, HttpClient httpClient, ClusterSettings clusterSettings, WatcherSettingsFilter settingsFilter) {
public InternalHipChatService(Settings settings, HttpClient httpClient, ClusterSettings clusterSettings) {
super(settings);
this.httpClient = httpClient;
settingsFilter.filterOut("watcher.actions.hipchat.service.account.*.auth_token");
clusterSettings.addSettingsUpdateConsumer(HIPCHAT_ACCOUNT_SETTING, this::setHipchatAccountSetting);
}

View File

@ -10,7 +10,6 @@ import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.watcher.shield.WatcherSettingsFilter;
import org.elasticsearch.watcher.support.http.HttpClient;
/**
@ -24,14 +23,9 @@ public class InternalPagerDutyService extends AbstractLifecycleComponent<PagerDu
private volatile PagerDutyAccounts accounts;
@Inject
public InternalPagerDutyService(Settings settings, HttpClient httpClient, ClusterSettings clusterSettings,
WatcherSettingsFilter settingsFilter) {
public InternalPagerDutyService(Settings settings, HttpClient httpClient, ClusterSettings clusterSettings) {
super(settings);
this.httpClient = httpClient;
settingsFilter.filterOut(
"watcher.actions.pagerduty.service." + PagerDutyAccount.SERVICE_KEY_SETTING,
"watcher.actions.pagerduty.service.account.*." + PagerDutyAccount.SERVICE_KEY_SETTING
);
clusterSettings.addSettingsUpdateConsumer(PAGERDUTY_ACCOUNT_SETTING, this::setPagerDutyAccountSetting);
}

View File

@ -10,7 +10,6 @@ import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.watcher.shield.WatcherSettingsFilter;
import org.elasticsearch.watcher.support.http.HttpClient;
/**
@ -23,10 +22,9 @@ public class InternalSlackService extends AbstractLifecycleComponent<SlackServic
private volatile SlackAccounts accounts;
@Inject
public InternalSlackService(Settings settings, HttpClient httpClient, ClusterSettings clusterSettings, WatcherSettingsFilter settingsFilter) {
public InternalSlackService(Settings settings, HttpClient httpClient, ClusterSettings clusterSettings) {
super(settings);
this.httpClient = httpClient;
settingsFilter.filterOut("watcher.actions.slack.service.account.*.url");
clusterSettings.addSettingsUpdateConsumer(SLACK_ACCOUNT_SETTING, this::setSlackAccountSetting);
}

View File

@ -1,37 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.watcher.shield;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.Injector;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.ShieldSettingsFilter;
/**
*
*/
public class ShieldIntegration {
private final ShieldSettingsFilter settingsFilter;
@Inject
public ShieldIntegration(Settings settings, Injector injector) {
boolean enabled = enabled(settings);
settingsFilter = enabled ? injector.getInstance(ShieldSettingsFilter.class) : null;
}
public void filterOutSettings(String... patterns) {
if (settingsFilter != null) {
settingsFilter.filterOut(patterns);
}
}
public static boolean enabled(Settings settings) {
return ShieldPlugin.shieldEnabled(settings);
}
}

View File

@ -1,43 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.watcher.shield;
import org.elasticsearch.common.inject.Inject;
/**
*
*/
public interface WatcherSettingsFilter {
void filterOut(String... patterns);
class Noop implements WatcherSettingsFilter {
public static Noop INSTANCE = new Noop();
private Noop() {
}
@Override
public void filterOut(String... patterns) {
}
}
class Shield implements WatcherSettingsFilter {
private final ShieldIntegration shieldIntegration;
@Inject
public Shield(ShieldIntegration shieldIntegration) {
this.shieldIntegration = shieldIntegration;
}
@Override
public void filterOut(String... patterns) {
shieldIntegration.filterOutSettings(patterns);
}
}
}

View File

@ -9,6 +9,7 @@ import org.elasticsearch.common.inject.AbstractModule;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
/**
@ -18,12 +19,9 @@ public class WatcherShieldModule extends AbstractModule {
private final ESLogger logger;
private final boolean enabled;
public WatcherShieldModule(Settings settings) {
this.logger = Loggers.getLogger(WatcherShieldModule.class, settings);
this.enabled = ShieldIntegration.enabled(settings);
if (enabled) {
if (ShieldPlugin.shieldEnabled(settings)) {
registerClusterPrivilege("manage_watcher", "cluster:admin/watcher/*", "cluster:monitor/watcher/*");
registerClusterPrivilege("monitor_watcher", "cluster:monitor/watcher/*");
}
@ -43,12 +41,5 @@ public class WatcherShieldModule extends AbstractModule {
@Override
protected void configure() {
bind(ShieldIntegration.class).asEagerSingleton();
if (enabled) {
bind(WatcherSettingsFilter.Shield.class).asEagerSingleton();
bind(WatcherSettingsFilter.class).to(WatcherSettingsFilter.Shield.class);
} else {
bind(WatcherSettingsFilter.class).toInstance(WatcherSettingsFilter.Noop.INSTANCE);
}
}
}

View File

@ -7,7 +7,7 @@ package org.elasticsearch.watcher.support.secret;
import org.elasticsearch.common.inject.AbstractModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.watcher.shield.ShieldIntegration;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.watcher.shield.ShieldSecretService;
/**
@ -18,7 +18,7 @@ public class SecretModule extends AbstractModule {
private final boolean shieldEnabled;
public SecretModule(Settings settings) {
shieldEnabled = ShieldIntegration.enabled(settings);
shieldEnabled = ShieldPlugin.shieldEnabled(settings);
}
@Override

View File

@ -9,7 +9,6 @@ import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.watcher.shield.WatcherSettingsFilter;
import org.elasticsearch.watcher.support.secret.Secret;
import org.elasticsearch.watcher.support.secret.SecretService;
import org.junit.After;
@ -34,7 +33,7 @@ public class InternalEmailServiceTests extends ESTestCase {
@Before
public void init() throws Exception {
accounts = mock(Accounts.class);
service = new InternalEmailService(Settings.EMPTY, new SecretService.PlainText(), new ClusterSettings(Settings.EMPTY, Collections.singleton(InternalEmailService.EMAIL_ACCOUNT_SETTING)), WatcherSettingsFilter.Noop.INSTANCE) {
service = new InternalEmailService(Settings.EMPTY, new SecretService.PlainText(), new ClusterSettings(Settings.EMPTY, Collections.singleton(InternalEmailService.EMAIL_ACCOUNT_SETTING))) {
@Override
protected Accounts createAccounts(Settings settings, ESLogger logger) {
return accounts;

View File

@ -12,7 +12,6 @@ import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.watcher.shield.WatcherSettingsFilter;
import org.elasticsearch.watcher.support.secret.SecretService;
import java.io.IOException;
@ -130,7 +129,7 @@ public class ManualPublicSmtpServersTester {
static InternalEmailService startEmailService(Settings.Builder builder) {
Settings settings = builder.build();
InternalEmailService service = new InternalEmailService(settings, new SecretService.PlainText(), new ClusterSettings(settings, Collections.singleton(InternalEmailService.EMAIL_ACCOUNT_SETTING)), WatcherSettingsFilter.Noop.INSTANCE);
InternalEmailService service = new InternalEmailService(settings, new SecretService.PlainText(), new ClusterSettings(settings, Collections.singleton(InternalEmailService.EMAIL_ACCOUNT_SETTING)));
service.start();
return service;
}

View File

@ -9,7 +9,6 @@ import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsException;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.watcher.shield.WatcherSettingsFilter;
import org.elasticsearch.watcher.support.http.HttpClient;
import org.junit.Before;
@ -31,12 +30,10 @@ import static org.mockito.Mockito.verify;
*/
public class InternalHipChatServiceTests extends ESTestCase {
private HttpClient httpClient;
private WatcherSettingsFilter settingsFilter;
@Before
public void init() throws Exception {
httpClient = mock(HttpClient.class);
settingsFilter = mock(WatcherSettingsFilter.class);
}
public void testSingleAccountV1() throws Exception {
@ -58,7 +55,7 @@ public class InternalHipChatServiceTests extends ESTestCase {
settingsBuilder.put("watcher.actions.hipchat.service.account." + accountName + ".port", port);
}
buildMessageDefaults(accountName, settingsBuilder, defaultRoom, null, defaultFrom, defaultColor, defaultFormat, defaultNotify);
InternalHipChatService service = new InternalHipChatService(settingsBuilder.build(), httpClient, new ClusterSettings(settingsBuilder.build(), Collections.singleton(InternalHipChatService.HIPCHAT_ACCOUNT_SETTING)), settingsFilter);
InternalHipChatService service = new InternalHipChatService(settingsBuilder.build(), httpClient, new ClusterSettings(settingsBuilder.build(), Collections.singleton(InternalHipChatService.HIPCHAT_ACCOUNT_SETTING)));
service.start();
HipChatAccount account = service.getAccount(accountName);
@ -83,8 +80,6 @@ public class InternalHipChatServiceTests extends ESTestCase {
// with a single account defined, making sure that that account is set to the default one.
assertThat(service.getDefaultAccount(), sameInstance(account));
assertThatSettingsFilterWasAdded();
}
public void testSingleAccountIntegration() throws Exception {
@ -107,7 +102,7 @@ public class InternalHipChatServiceTests extends ESTestCase {
settingsBuilder.put("watcher.actions.hipchat.service.account." + accountName + ".port", port);
}
buildMessageDefaults(accountName, settingsBuilder, null, null, defaultFrom, defaultColor, defaultFormat, defaultNotify);
InternalHipChatService service = new InternalHipChatService(settingsBuilder.build(), httpClient, new ClusterSettings(settingsBuilder.build(), Collections.singleton(InternalHipChatService.HIPCHAT_ACCOUNT_SETTING)), settingsFilter);
InternalHipChatService service = new InternalHipChatService(settingsBuilder.build(), httpClient, new ClusterSettings(settingsBuilder.build(), Collections.singleton(InternalHipChatService.HIPCHAT_ACCOUNT_SETTING)));
service.start();
HipChatAccount account = service.getAccount(accountName);
@ -127,8 +122,6 @@ public class InternalHipChatServiceTests extends ESTestCase {
// with a single account defined, making sure that that account is set to the default one.
assertThat(service.getDefaultAccount(), sameInstance(account));
assertThatSettingsFilterWasAdded();
}
public void testSingleAccountIntegrationNoRoomSetting() throws Exception {
@ -136,8 +129,7 @@ public class InternalHipChatServiceTests extends ESTestCase {
Settings.Builder settingsBuilder = Settings.builder()
.put("watcher.actions.hipchat.service.account." + accountName + ".profile", HipChatAccount.Profile.INTEGRATION.value())
.put("watcher.actions.hipchat.service.account." + accountName + ".auth_token", "_token");
try (InternalHipChatService service = new InternalHipChatService(settingsBuilder.build(), httpClient, new ClusterSettings(settingsBuilder.build(), Collections.singleton(InternalHipChatService.HIPCHAT_ACCOUNT_SETTING)),
settingsFilter)) {
try (InternalHipChatService service = new InternalHipChatService(settingsBuilder.build(), httpClient, new ClusterSettings(settingsBuilder.build(), Collections.singleton(InternalHipChatService.HIPCHAT_ACCOUNT_SETTING)))) {
service.start();
fail("Expected SettingsException");
} catch (SettingsException e) {
@ -164,7 +156,7 @@ public class InternalHipChatServiceTests extends ESTestCase {
settingsBuilder.put("watcher.actions.hipchat.service.account." + accountName + ".port", port);
}
buildMessageDefaults(accountName, settingsBuilder, defaultRoom, defaultUser, null, defaultColor, defaultFormat, defaultNotify);
InternalHipChatService service = new InternalHipChatService(settingsBuilder.build(), httpClient, new ClusterSettings(settingsBuilder.build(), Collections.singleton(InternalHipChatService.HIPCHAT_ACCOUNT_SETTING)), settingsFilter);
InternalHipChatService service = new InternalHipChatService(settingsBuilder.build(), httpClient, new ClusterSettings(settingsBuilder.build(), Collections.singleton(InternalHipChatService.HIPCHAT_ACCOUNT_SETTING)));
service.start();
HipChatAccount account = service.getAccount(accountName);
@ -193,8 +185,6 @@ public class InternalHipChatServiceTests extends ESTestCase {
// with a single account defined, making sure that that account is set to the default one.
assertThat(service.getDefaultAccount(), sameInstance(account));
assertThatSettingsFilterWasAdded();
}
public void testMultipleAccounts() throws Exception {
@ -227,7 +217,7 @@ public class InternalHipChatServiceTests extends ESTestCase {
buildMessageDefaults(name, settingsBuilder, null, null, null, defaultColor, defaultFormat, defaultNotify);
}
InternalHipChatService service = new InternalHipChatService(settingsBuilder.build(), httpClient, new ClusterSettings(settingsBuilder.build(), Collections.singleton(InternalHipChatService.HIPCHAT_ACCOUNT_SETTING)), settingsFilter);
InternalHipChatService service = new InternalHipChatService(settingsBuilder.build(), httpClient, new ClusterSettings(settingsBuilder.build(), Collections.singleton(InternalHipChatService.HIPCHAT_ACCOUNT_SETTING)));
service.start();
for (int i = 0; i < 5; i++) {
@ -256,12 +246,6 @@ public class InternalHipChatServiceTests extends ESTestCase {
}
assertThat(service.getDefaultAccount(), sameInstance(service.getAccount(defaultAccount)));
assertThatSettingsFilterWasAdded();
}
private void assertThatSettingsFilterWasAdded() {
verify(settingsFilter, times(1)).filterOut("watcher.actions.hipchat.service.account.*.auth_token");
}
private void buildMessageDefaults(String account, Settings.Builder settingsBuilder, String room, String user, String from, HipChatMessage.Color color, HipChatMessage.Format format, Boolean notify) {

View File

@ -59,11 +59,7 @@ public class WatcherSettingsFilterTests extends AbstractWatcherIntegrationTestCa
for (Object node : nodes.values()) {
Map<String, Object> settings = (Map<String, Object>) ((Map<String, Object>) node).get("settings");
assertThat(XContentMapValues.extractValue("watcher.actions.email.service.account._email.smtp.user", settings), is((Object) "_user"));
if (shieldEnabled()) {
assertThat(XContentMapValues.extractValue("watcher.actions.email.service.account._email.smtp.password", settings), nullValue());
} else {
assertThat(XContentMapValues.extractValue("watcher.actions.email.service.account._email.smtp.password", settings), is((Object) "_passwd"));
}
}
}