diff --git a/elasticsearch/qa/security-migrate-tests/src/test/java/org/elasticsearch/xpack/security/MigrateToolTestCase.java b/elasticsearch/qa/security-migrate-tests/src/test/java/org/elasticsearch/xpack/security/MigrateToolTestCase.java index a25c950221c..1110e1bde32 100644 --- a/elasticsearch/qa/security-migrate-tests/src/test/java/org/elasticsearch/xpack/security/MigrateToolTestCase.java +++ b/elasticsearch/qa/security-migrate-tests/src/test/java/org/elasticsearch/xpack/security/MigrateToolTestCase.java @@ -5,11 +5,11 @@ */ package org.elasticsearch.xpack.security; +import org.apache.logging.log4j.Logger; import org.apache.lucene.util.LuceneTestCase; import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse; import org.elasticsearch.client.Client; import org.elasticsearch.client.transport.TransportClient; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.ESLoggerFactory; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.InetSocketTransportAddress; @@ -60,7 +60,7 @@ public abstract class MigrateToolTestCase extends LuceneTestCase { */ public static final String TESTS_CLUSTER_DEFAULT = "localhost:9300"; - protected static final ESLogger logger = ESLoggerFactory.getLogger(MigrateToolTestCase.class.getName()); + protected static final Logger logger = ESLoggerFactory.getLogger(MigrateToolTestCase.class.getName()); private static final AtomicInteger counter = new AtomicInteger(); private static Client client; diff --git a/elasticsearch/qa/smoke-test-plugins-ssl/build.gradle b/elasticsearch/qa/smoke-test-plugins-ssl/build.gradle index 533465d98ba..b6f0c38e5dd 100644 --- a/elasticsearch/qa/smoke-test-plugins-ssl/build.gradle +++ b/elasticsearch/qa/smoke-test-plugins-ssl/build.gradle @@ -172,8 +172,8 @@ integTest { setting 'xpack.security.transport.ssl.enabled', 'true' setting 'xpack.security.http.ssl.enabled', 'true' - setting 'xpack.security.ssl.keystore.path', nodeKeystore.name - setting 'xpack.security.ssl.keystore.password', 'keypass' + setting 'xpack.ssl.keystore.path', nodeKeystore.name + setting 'xpack.ssl.keystore.password', 'keypass' plugin ':x-plugins:elasticsearch:x-pack' diff --git a/elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithSecurityIT.java b/elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithSecurityIT.java index 0a4d5d89962..a2dc5591856 100644 --- a/elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithSecurityIT.java +++ b/elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithSecurityIT.java @@ -14,7 +14,6 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.xpack.security.Security; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; import org.elasticsearch.test.ESIntegTestCase; import org.elasticsearch.xpack.XPackPlugin; import org.junit.After; @@ -71,9 +70,9 @@ public class SmokeTestMonitoringWithSecurityIT extends ESIntegTestCase { final Settings.Builder builder = Settings.builder() .put(Security.USER_SETTING.getKey(), USER + ":" + PASS) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) - .put("xpack.security.ssl.keystore.path", clientKeyStore) - .put("xpack.security.ssl.keystore.password", KEYSTORE_PASS); + .put("xpack.security.transport.ssl.enabled", true) + .put("xpack.ssl.keystore.path", clientKeyStore) + .put("xpack.ssl.keystore.password", KEYSTORE_PASS); if (useSecurity3) { builder.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME3); } else { diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicenseService.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicenseService.java index 022db2cc466..4a9dee62c5f 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicenseService.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicenseService.java @@ -5,16 +5,18 @@ */ package org.elasticsearch.license; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.cluster.AckedClusterStateUpdateTask; import org.elasticsearch.cluster.ClusterChangedEvent; -import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.ClusterStateListener; import org.elasticsearch.cluster.ClusterStateUpdateTask; import org.elasticsearch.cluster.ack.ClusterStateUpdateResponse; import org.elasticsearch.cluster.metadata.MetaData; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.component.AbstractLifecycleComponent; import org.elasticsearch.common.component.Lifecycle; @@ -300,7 +302,7 @@ public class LicenseService extends AbstractLifecycleComponent implements Cluste @Override public void onFailure(String source, @Nullable Exception e) { - logger.error("unexpected failure during [{}]", e, source); + logger.error((Supplier) () -> new ParameterizedMessage("unexpected failure during [{}]", source), e); } }); diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/OperationModeFileWatcher.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/OperationModeFileWatcher.java index 28c81530381..939806709d7 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/OperationModeFileWatcher.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/OperationModeFileWatcher.java @@ -6,7 +6,9 @@ package org.elasticsearch.license; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.license.License.OperationMode; import org.elasticsearch.watcher.FileChangesListener; import org.elasticsearch.watcher.FileWatcher; @@ -32,11 +34,11 @@ public final class OperationModeFileWatcher implements FileChangesListener { private final AtomicBoolean initialized = new AtomicBoolean(); private final OperationMode defaultOperationMode = OperationMode.PLATINUM; private volatile OperationMode currentOperationMode = defaultOperationMode; - private final ESLogger logger; + private final Logger logger; private final Runnable onChange; public OperationModeFileWatcher(ResourceWatcherService resourceWatcherService, Path licenseModePath, - ESLogger logger, Runnable onChange) { + Logger logger, Runnable onChange) { this.resourceWatcherService = resourceWatcherService; this.licenseModePath = licenseModePath; this.logger = logger; @@ -95,14 +97,18 @@ public final class OperationModeFileWatcher implements FileChangesListener { try { content = Files.readAllBytes(licenseModePath); } catch (IOException e) { - logger.error("couldn't read operation mode from [{}]", e, licenseModePath.toAbsolutePath().toString()); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "couldn't read operation mode from [{}]", licenseModePath.toAbsolutePath()), e); return; } String operationMode = new String(content, StandardCharsets.UTF_8); try { currentOperationMode = OperationMode.resolve(operationMode); } catch (IllegalArgumentException e) { - logger.error("invalid operation mode in [{}]", e, licenseModePath.toAbsolutePath().toString()); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "invalid operation mode in [{}]", licenseModePath.toAbsolutePath()), e); return; } } diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/AgentService.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/AgentService.java similarity index 92% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/AgentService.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/AgentService.java index 4ce85eeb09c..5f474b7b3ba 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/AgentService.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/AgentService.java @@ -3,11 +3,12 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent; +package org.elasticsearch.xpack.monitoring; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.common.Strings; import org.elasticsearch.common.component.AbstractLifecycleComponent; -import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.lease.Releasable; import org.elasticsearch.common.regex.Regex; import org.elasticsearch.common.settings.ClusterSettings; @@ -16,13 +17,12 @@ import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.util.CollectionUtils; import org.elasticsearch.common.util.concurrent.EsExecutors; import org.elasticsearch.common.util.concurrent.ReleasableLock; -import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.Collector; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStatsCollector; -import org.elasticsearch.xpack.monitoring.agent.exporter.ExportException; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporter; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporters; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.Collector; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStatsCollector; +import org.elasticsearch.xpack.monitoring.exporter.ExportException; +import org.elasticsearch.xpack.monitoring.exporter.Exporter; +import org.elasticsearch.xpack.monitoring.exporter.Exporters; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import java.util.ArrayList; import java.util.Collection; @@ -157,7 +157,7 @@ public class AgentService extends AbstractLifecycleComponent { try { exporter.close(); } catch (Exception e) { - logger.error("failed to close exporter [{}]", e, exporter.name()); + logger.error((Supplier) () -> new ParameterizedMessage("failed to close exporter [{}]", exporter.name()), e); } } } diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/Monitoring.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/Monitoring.java index 82112058531..b5d9f755606 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/Monitoring.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/Monitoring.java @@ -20,24 +20,24 @@ import org.elasticsearch.xpack.XPackPlugin; import org.elasticsearch.xpack.XPackSettings; import org.elasticsearch.xpack.monitoring.action.MonitoringBulkAction; import org.elasticsearch.xpack.monitoring.action.TransportMonitoringBulkAction; -import org.elasticsearch.xpack.monitoring.agent.AgentService; -import org.elasticsearch.xpack.monitoring.agent.collector.Collector; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateCollector; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStatsCollector; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndexRecoveryCollector; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndexStatsCollector; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndicesStatsCollector; -import org.elasticsearch.xpack.monitoring.agent.collector.node.NodeStatsCollector; -import org.elasticsearch.xpack.monitoring.agent.collector.shards.ShardsCollector; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporter; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporters; -import org.elasticsearch.xpack.monitoring.agent.exporter.http.HttpExporter; -import org.elasticsearch.xpack.monitoring.agent.exporter.local.LocalExporter; +import org.elasticsearch.xpack.monitoring.collector.Collector; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStateCollector; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStatsCollector; +import org.elasticsearch.xpack.monitoring.collector.indices.IndexRecoveryCollector; +import org.elasticsearch.xpack.monitoring.collector.indices.IndexStatsCollector; +import org.elasticsearch.xpack.monitoring.collector.indices.IndicesStatsCollector; +import org.elasticsearch.xpack.monitoring.collector.node.NodeStatsCollector; +import org.elasticsearch.xpack.monitoring.collector.shards.ShardsCollector; +import org.elasticsearch.xpack.monitoring.exporter.Exporter; +import org.elasticsearch.xpack.monitoring.exporter.Exporters; +import org.elasticsearch.xpack.monitoring.exporter.http.HttpExporter; +import org.elasticsearch.xpack.monitoring.exporter.local.LocalExporter; import org.elasticsearch.xpack.monitoring.cleaner.CleanerService; import org.elasticsearch.xpack.monitoring.rest.action.RestMonitoringBulkAction; import org.elasticsearch.plugins.ActionPlugin; import org.elasticsearch.rest.RestHandler; import org.elasticsearch.xpack.security.InternalClient; +import org.elasticsearch.xpack.ssl.SSLService; import java.util.ArrayList; import java.util.Arrays; @@ -98,7 +98,7 @@ public class Monitoring implements ActionPlugin { } public Collection createComponents(InternalClient client, ThreadPool threadPool, ClusterService clusterService, - LicenseService licenseService) { + LicenseService licenseService, SSLService sslService) { if (enabled == false || tribeNode) { return Collections.emptyList(); } @@ -107,8 +107,10 @@ public class Monitoring implements ActionPlugin { final MonitoringSettings monitoringSettings = new MonitoringSettings(settings, clusterSettings); final CleanerService cleanerService = new CleanerService(settings, clusterSettings, threadPool, licenseState); + // TODO do exporters and their ssl config really need to be dynamic? https://github.com/elastic/x-plugins/issues/3117 + final SSLService dynamicSSLService = sslService.createDynamicSSLService(); Map exporterFactories = new HashMap<>(); - exporterFactories.put(HttpExporter.TYPE, config -> new HttpExporter(config, env)); + exporterFactories.put(HttpExporter.TYPE, config -> new HttpExporter(config, env, dynamicSSLService)); exporterFactories.put(LocalExporter.TYPE, config -> new LocalExporter(config, client, clusterService, cleanerService)); final Exporters exporters = new Exporters(settings, exporterFactories, clusterService); diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/MonitoringFeatureSet.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/MonitoringFeatureSet.java index fbeb859f858..45b36240539 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/MonitoringFeatureSet.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/MonitoringFeatureSet.java @@ -18,8 +18,8 @@ import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.xpack.XPackFeatureSet; import org.elasticsearch.xpack.XPackSettings; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporter; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporters; +import org.elasticsearch.xpack.monitoring.exporter.Exporter; +import org.elasticsearch.xpack.monitoring.exporter.Exporters; /** * diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkDoc.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkDoc.java index 73cdc2ad795..a1550182da4 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkDoc.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkDoc.java @@ -8,7 +8,7 @@ package org.elasticsearch.xpack.monitoring.action; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import java.io.IOException; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/action/TransportMonitoringBulkAction.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/action/TransportMonitoringBulkAction.java index 66acc6d28f6..60a5c122a7f 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/action/TransportMonitoringBulkAction.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/action/TransportMonitoringBulkAction.java @@ -17,8 +17,8 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.AbstractRunnable; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportService; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporters; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.Exporters; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import java.util.Collection; import java.util.concurrent.TimeUnit; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/AbstractCollector.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/AbstractCollector.java similarity index 91% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/AbstractCollector.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/AbstractCollector.java index 5042718dce0..fa84737f724 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/AbstractCollector.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/AbstractCollector.java @@ -3,19 +3,20 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector; +package org.elasticsearch.xpack.monitoring.collector; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchTimeoutException; import org.elasticsearch.Version; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.component.AbstractLifecycleComponent; -import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import java.util.Collection; @@ -81,7 +82,7 @@ public abstract class AbstractCollector extends AbstractLifecycleComponent imple } catch (ElasticsearchTimeoutException e) { logger.error("collector [{}] timed out when collecting data", name()); } catch (Exception e) { - logger.error("collector [{}] - failed collecting data", e, name()); + logger.error((Supplier) () -> new ParameterizedMessage("collector [{}] - failed collecting data", name()), e); } return null; } diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/Collector.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/Collector.java similarity index 77% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/Collector.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/Collector.java index 9233ecb638a..92ac962b5ba 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/Collector.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/Collector.java @@ -3,10 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector; +package org.elasticsearch.xpack.monitoring.collector; import org.elasticsearch.common.component.LifecycleComponent; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import java.util.Collection; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterInfoMonitoringDoc.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterInfoMonitoringDoc.java similarity index 90% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterInfoMonitoringDoc.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterInfoMonitoringDoc.java index b111a9d96e1..ed331f59950 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterInfoMonitoringDoc.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterInfoMonitoringDoc.java @@ -3,11 +3,11 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.cluster; +package org.elasticsearch.xpack.monitoring.collector.cluster; import org.elasticsearch.action.admin.cluster.stats.ClusterStatsResponse; import org.elasticsearch.license.License; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; public class ClusterInfoMonitoringDoc extends MonitoringDoc { diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStateCollector.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStateCollector.java similarity index 94% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStateCollector.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStateCollector.java index fe6f92cd1d7..d1220361581 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStateCollector.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStateCollector.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.cluster; +package org.elasticsearch.xpack.monitoring.collector.cluster; import java.util.ArrayList; import java.util.Collection; @@ -19,8 +19,8 @@ import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollector; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollector; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import org.elasticsearch.xpack.security.InternalClient; /** diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStateMonitoringDoc.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStateMonitoringDoc.java similarity index 87% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStateMonitoringDoc.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStateMonitoringDoc.java index cfd215c104e..f1d310613e9 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStateMonitoringDoc.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStateMonitoringDoc.java @@ -3,11 +3,11 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.cluster; +package org.elasticsearch.xpack.monitoring.collector.cluster; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.health.ClusterHealthStatus; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; public class ClusterStateMonitoringDoc extends MonitoringDoc { diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStateNodeMonitoringDoc.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStateNodeMonitoringDoc.java similarity index 85% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStateNodeMonitoringDoc.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStateNodeMonitoringDoc.java index 75ea158192b..19f4b71137b 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStateNodeMonitoringDoc.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStateNodeMonitoringDoc.java @@ -3,9 +3,9 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.cluster; +package org.elasticsearch.xpack.monitoring.collector.cluster; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; public class ClusterStateNodeMonitoringDoc extends MonitoringDoc { diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStatsCollector.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStatsCollector.java similarity index 88% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStatsCollector.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStatsCollector.java index f57c6544e0b..7101113d60e 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStatsCollector.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStatsCollector.java @@ -3,13 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.cluster; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.List; +package org.elasticsearch.xpack.monitoring.collector.cluster; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.Version; import org.elasticsearch.action.admin.cluster.stats.ClusterStatsResponse; @@ -21,10 +18,15 @@ import org.elasticsearch.license.LicenseService; import org.elasticsearch.license.LicenseUtils; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollector; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollector; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import org.elasticsearch.xpack.security.InternalClient; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.List; + /** * Collector for cluster stats. *

@@ -66,7 +68,9 @@ public class ClusterStatsCollector extends AbstractCollector { clusterStats = client.admin().cluster().prepareClusterStats().get(monitoringSettings.clusterStatsTimeout()); } catch (ElasticsearchSecurityException e) { if (LicenseUtils.isLicenseExpiredException(e)) { - logger.trace("collector [{}] - unable to collect data because of expired license", e, name()); + logger.trace( + (Supplier) () -> new ParameterizedMessage( + "collector [{}] - unable to collect data because of expired license", name()), e); } else { throw e; } diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStatsMonitoringDoc.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStatsMonitoringDoc.java similarity index 84% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStatsMonitoringDoc.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStatsMonitoringDoc.java index 1b7b7973989..16625d7de66 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStatsMonitoringDoc.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStatsMonitoringDoc.java @@ -3,10 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.cluster; +package org.elasticsearch.xpack.monitoring.collector.cluster; import org.elasticsearch.action.admin.cluster.stats.ClusterStatsResponse; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; public class ClusterStatsMonitoringDoc extends MonitoringDoc { diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/DiscoveryNodeMonitoringDoc.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/DiscoveryNodeMonitoringDoc.java similarity index 82% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/DiscoveryNodeMonitoringDoc.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/DiscoveryNodeMonitoringDoc.java index a0d43f2f73f..dcc5534187f 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/DiscoveryNodeMonitoringDoc.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/cluster/DiscoveryNodeMonitoringDoc.java @@ -3,10 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.cluster; +package org.elasticsearch.xpack.monitoring.collector.cluster; import org.elasticsearch.cluster.node.DiscoveryNode; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; public class DiscoveryNodeMonitoringDoc extends MonitoringDoc { diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexRecoveryCollector.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexRecoveryCollector.java similarity index 93% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexRecoveryCollector.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexRecoveryCollector.java index b64c965e023..be02b817380 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexRecoveryCollector.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexRecoveryCollector.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.indices; +package org.elasticsearch.xpack.monitoring.collector.indices; import java.util.ArrayList; import java.util.Arrays; @@ -21,8 +21,8 @@ import org.elasticsearch.index.IndexNotFoundException; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.xpack.XPackSettings; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollector; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollector; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import org.elasticsearch.xpack.security.InternalClient; /** diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexRecoveryMonitoringDoc.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexRecoveryMonitoringDoc.java similarity index 85% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexRecoveryMonitoringDoc.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexRecoveryMonitoringDoc.java index c5392b258c5..5c23f955ceb 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexRecoveryMonitoringDoc.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexRecoveryMonitoringDoc.java @@ -3,10 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.indices; +package org.elasticsearch.xpack.monitoring.collector.indices; import org.elasticsearch.action.admin.indices.recovery.RecoveryResponse; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; public class IndexRecoveryMonitoringDoc extends MonitoringDoc { diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexStatsCollector.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexStatsCollector.java similarity index 94% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexStatsCollector.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexStatsCollector.java index bb11127005d..21db3503613 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexStatsCollector.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexStatsCollector.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.indices; +package org.elasticsearch.xpack.monitoring.collector.indices; import java.util.ArrayList; import java.util.Arrays; @@ -23,8 +23,8 @@ import org.elasticsearch.index.IndexNotFoundException; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.xpack.XPackSettings; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollector; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollector; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import org.elasticsearch.xpack.security.InternalClient; /** diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexStatsMonitoringDoc.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexStatsMonitoringDoc.java similarity index 83% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexStatsMonitoringDoc.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexStatsMonitoringDoc.java index 0c9e6071225..80f38c14bf4 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexStatsMonitoringDoc.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexStatsMonitoringDoc.java @@ -3,10 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.indices; +package org.elasticsearch.xpack.monitoring.collector.indices; import org.elasticsearch.action.admin.indices.stats.IndexStats; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; public class IndexStatsMonitoringDoc extends MonitoringDoc { diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndicesStatsCollector.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndicesStatsCollector.java similarity index 93% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndicesStatsCollector.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndicesStatsCollector.java index 97819c5b3c5..7a9cbeeafcc 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndicesStatsCollector.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndicesStatsCollector.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.indices; +package org.elasticsearch.xpack.monitoring.collector.indices; import java.util.Arrays; import java.util.Collection; @@ -19,8 +19,8 @@ import org.elasticsearch.index.IndexNotFoundException; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.xpack.XPackSettings; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollector; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollector; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import org.elasticsearch.xpack.security.InternalClient; /** diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndicesStatsMonitoringDoc.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndicesStatsMonitoringDoc.java similarity index 84% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndicesStatsMonitoringDoc.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndicesStatsMonitoringDoc.java index 90b5d82a254..2cf2f95f487 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndicesStatsMonitoringDoc.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/indices/IndicesStatsMonitoringDoc.java @@ -3,10 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.indices; +package org.elasticsearch.xpack.monitoring.collector.indices; import org.elasticsearch.action.admin.indices.stats.IndicesStatsResponse; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; public class IndicesStatsMonitoringDoc extends MonitoringDoc { diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/node/NodeStatsCollector.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/node/NodeStatsCollector.java similarity index 92% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/node/NodeStatsCollector.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/node/NodeStatsCollector.java index ce4506c1569..97662779e75 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/node/NodeStatsCollector.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/node/NodeStatsCollector.java @@ -3,11 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.node; +package org.elasticsearch.xpack.monitoring.collector.node; import java.util.Collection; import java.util.Collections; -import java.util.function.Consumer; import org.elasticsearch.action.admin.cluster.node.stats.NodeStats; import org.elasticsearch.action.admin.cluster.node.stats.NodesStatsRequest; @@ -20,8 +19,8 @@ import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollector; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollector; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import org.elasticsearch.xpack.security.InternalClient; /** diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/node/NodeStatsMonitoringDoc.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/node/NodeStatsMonitoringDoc.java similarity index 90% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/node/NodeStatsMonitoringDoc.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/node/NodeStatsMonitoringDoc.java index 65520cbcdc2..7c4c03dac84 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/node/NodeStatsMonitoringDoc.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/node/NodeStatsMonitoringDoc.java @@ -3,10 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.node; +package org.elasticsearch.xpack.monitoring.collector.node; import org.elasticsearch.action.admin.cluster.node.stats.NodeStats; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; public class NodeStatsMonitoringDoc extends MonitoringDoc { diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/shards/ShardMonitoringDoc.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/shards/ShardMonitoringDoc.java similarity index 87% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/shards/ShardMonitoringDoc.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/shards/ShardMonitoringDoc.java index b6205c1eb35..535c90abd29 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/shards/ShardMonitoringDoc.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/shards/ShardMonitoringDoc.java @@ -3,10 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.shards; +package org.elasticsearch.xpack.monitoring.collector.shards; import org.elasticsearch.cluster.routing.ShardRouting; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; public class ShardMonitoringDoc extends MonitoringDoc { diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/shards/ShardsCollector.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/shards/ShardsCollector.java similarity index 94% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/shards/ShardsCollector.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/shards/ShardsCollector.java index d630b8235d9..e6965bedf5a 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/shards/ShardsCollector.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/shards/ShardsCollector.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.shards; +package org.elasticsearch.xpack.monitoring.collector.shards; import java.util.ArrayList; import java.util.Arrays; @@ -20,8 +20,8 @@ import org.elasticsearch.common.regex.Regex; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollector; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollector; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; /** * Collector for shards. diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/ExportBulk.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/ExportBulk.java similarity index 98% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/ExportBulk.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/ExportBulk.java index cce402363d0..7ee8ed43388 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/ExportBulk.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/ExportBulk.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter; +package org.elasticsearch.xpack.monitoring.exporter; import java.util.Collection; import java.util.concurrent.atomic.AtomicReference; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/ExportException.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/ExportException.java similarity index 97% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/ExportException.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/ExportException.java index d708dc06746..2f062bf4c85 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/ExportException.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/ExportException.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter; +package org.elasticsearch.xpack.monitoring.exporter; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.io.stream.StreamInput; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/Exporter.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/Exporter.java similarity index 96% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/Exporter.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/Exporter.java index 9e7dfd31c92..6a58e1ce344 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/Exporter.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/Exporter.java @@ -3,10 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter; +package org.elasticsearch.xpack.monitoring.exporter; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.Nullable; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; @@ -34,7 +34,7 @@ public abstract class Exporter implements AutoCloseable { public static final String USE_INGEST_PIPELINE_SETTING = "use_ingest"; protected final Config config; - protected final ESLogger logger; + protected final Logger logger; @Nullable protected final TimeValue bulkTimeout; @@ -146,7 +146,7 @@ public abstract class Exporter implements AutoCloseable { return settings; } - public ESLogger logger(Class clazz) { + public Logger logger(Class clazz) { return Loggers.getLogger(clazz, globalSettings, name); } } diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/Exporters.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/Exporters.java similarity index 91% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/Exporters.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/Exporters.java index e75b916458f..1fea90d6a04 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/Exporters.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/Exporters.java @@ -3,17 +3,19 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter; +package org.elasticsearch.xpack.monitoring.exporter; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.component.AbstractLifecycleComponent; import org.elasticsearch.common.component.Lifecycle; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.node.Node; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.exporter.local.LocalExporter; +import org.elasticsearch.xpack.monitoring.exporter.local.LocalExporter; import java.util.ArrayList; import java.util.Collection; @@ -81,12 +83,12 @@ public class Exporters extends AbstractLifecycleComponent implements Iterable exporters) { + static void closeExporters(Logger logger, Map exporters) { for (Exporter exporter : exporters.values()) { try { exporter.close(); } catch (Exception e) { - logger.error("failed to close exporter [{}]", e, exporter.name()); + logger.error((Supplier) () -> new ParameterizedMessage("failed to close exporter [{}]", exporter.name()), e); } } } @@ -107,7 +109,8 @@ public class Exporters extends AbstractLifecycleComponent implements Iterable) () -> new ParameterizedMessage("exporter [{}] failed to open exporting bulk", exporter.name()), e); } } return bulks.isEmpty() ? null : new ExportBulk.Compound(bulks); diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/MonitoringDoc.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/MonitoringDoc.java similarity index 99% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/MonitoringDoc.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/MonitoringDoc.java index c95aa5b5768..5e8d070b6ed 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/MonitoringDoc.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/MonitoringDoc.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter; +package org.elasticsearch.xpack.monitoring.exporter; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.common.io.stream.StreamInput; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/MonitoringTemplateUtils.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/MonitoringTemplateUtils.java similarity index 94% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/MonitoringTemplateUtils.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/MonitoringTemplateUtils.java index 5d69b2715c0..2fd29c5b8fc 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/MonitoringTemplateUtils.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/MonitoringTemplateUtils.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter; +package org.elasticsearch.xpack.monitoring.exporter; import org.elasticsearch.xpack.template.TemplateUtils; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporter.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporter.java similarity index 88% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporter.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporter.java index 407f56e9d2c..590aba4eeca 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporter.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporter.java @@ -3,8 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter.http; +package org.elasticsearch.xpack.monitoring.exporter.http; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.apache.lucene.util.BytesRef; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ExceptionsHelper; @@ -23,21 +25,19 @@ import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.env.Environment; -import org.elasticsearch.xpack.monitoring.agent.exporter.ExportBulk; -import org.elasticsearch.xpack.monitoring.agent.exporter.ExportException; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporter; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.ResolversRegistry; +import org.elasticsearch.xpack.monitoring.exporter.ExportBulk; +import org.elasticsearch.xpack.monitoring.exporter.ExportException; +import org.elasticsearch.xpack.monitoring.exporter.Exporter; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.resolver.ResolversRegistry; import org.elasticsearch.xpack.monitoring.support.VersionUtils; +import org.elasticsearch.xpack.ssl.SSLService; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; @@ -48,10 +48,7 @@ import java.net.MalformedURLException; import java.net.URISyntaxException; import java.net.URL; import java.nio.charset.StandardCharsets; -import java.nio.file.Files; -import java.nio.file.Path; import java.security.AccessController; -import java.security.KeyStore; import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Base64; @@ -104,13 +101,6 @@ public class HttpExporter extends Exporter { */ public static final String PIPELINE_CHECK_TIMEOUT_SETTING = "index.pipeline.master_timeout"; - public static final String SSL_SETTING = "ssl"; - public static final String SSL_PROTOCOL_SETTING = "protocol"; - public static final String SSL_TRUSTSTORE_SETTING = "truststore.path"; - public static final String SSL_TRUSTSTORE_PASSWORD_SETTING = "truststore.password"; - public static final String SSL_TRUSTSTORE_ALGORITHM_SETTING = "truststore.algorithm"; - public static final String SSL_HOSTNAME_VERIFICATION_SETTING = SSL_SETTING + ".hostname_verification"; - /** * Minimum supported version of the remote monitoring cluster. *

@@ -154,7 +144,7 @@ public class HttpExporter extends Exporter { final ConnectionKeepAliveWorker keepAliveWorker; Thread keepAliveThread; - public HttpExporter(Config config, Environment env) { + public HttpExporter(Config config, Environment env, SSLService sslService) { super(config); this.env = env; @@ -172,8 +162,9 @@ public class HttpExporter extends Exporter { keepAlive = config.settings().getAsBoolean(CONNECTION_KEEP_ALIVE_SETTING, true); keepAliveWorker = new ConnectionKeepAliveWorker(); - sslSocketFactory = createSSLSocketFactory(config.settings().getAsSettings(SSL_SETTING)); - hostnameVerification = config.settings().getAsBoolean(SSL_HOSTNAME_VERIFICATION_SETTING, true); + final Settings sslSettings = config.settings().getByPrefix("ssl."); + sslSocketFactory = sslService.sslSocketFactory(sslSettings); + hostnameVerification = sslService.getVerificationMode(sslSettings, Settings.EMPTY).isHostnameVerificationEnabled(); resolvers = new ResolversRegistry(config.settings()); // Checks that required templates are loaded @@ -336,7 +327,7 @@ public class HttpExporter extends Exporter { doc.getClass().getName(), doc.getMonitoringId(), doc.getMonitoringVersion()); } } catch (Exception e) { - logger.warn("failed to render document [{}], skipping it", e, doc); + logger.warn((Supplier) () -> new ParameterizedMessage("failed to render document [{}], skipping it", doc), e); } } @@ -399,7 +390,9 @@ public class HttpExporter extends Exporter { continue; } } catch (ElasticsearchException e) { - logger.error("exception when checking remote cluster version on host [{}]", e, host); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "exception when checking remote cluster version on host [{}]", host), e); continue; } } @@ -497,9 +490,9 @@ public class HttpExporter extends Exporter { return conn; } catch (URISyntaxException e) { - logger.error("error parsing host [{}]", e, host); + logger.error((Supplier) () -> new ParameterizedMessage("error parsing host [{}]", host), e); } catch (IOException e) { - logger.error("error connecting to [{}]", e, host); + logger.error((Supplier) () -> new ParameterizedMessage("error connecting to [{}]", host), e); } return null; } @@ -568,7 +561,9 @@ public class HttpExporter extends Exporter { return true; } } catch (Exception e) { - logger.error("failed to verify the monitoring pipeline [{}] on [{}]", e, EXPORT_PIPELINE_NAME, host); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "failed to verify the monitoring pipeline [{}] on [{}]", EXPORT_PIPELINE_NAME, host), e); return false; } finally { if (connection != null) { @@ -604,7 +599,9 @@ public class HttpExporter extends Exporter { logger.info("monitoring pipeline [{}] set", EXPORT_PIPELINE_NAME); return true; } catch (IOException e) { - logger.error("failed to update monitoring pipeline [{}] on host [{}]", e, EXPORT_PIPELINE_NAME, host); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "failed to update monitoring pipeline [{}] on host [{}]", EXPORT_PIPELINE_NAME, host), e); return false; } finally { if (connection != null) { @@ -658,7 +655,9 @@ public class HttpExporter extends Exporter { return true; } } catch (Exception e) { - logger.error("failed to verify the monitoring template [{}] on [{}]", e, templateName, host); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "failed to verify the monitoring template [{}] on [{}]", templateName, host), e); return false; } finally { if (connection != null) { @@ -692,7 +691,9 @@ public class HttpExporter extends Exporter { logger.info("monitoring template [{}] updated ", template); return true; } catch (IOException e) { - logger.error("failed to update monitoring template [{}] on host [{}]", e, template, host); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "failed to update monitoring template [{}] on host [{}]", template, host), e); return false; } finally { if (connection != null) { @@ -748,64 +749,6 @@ public class HttpExporter extends Exporter { } } - /** - * SSL Initialization * - */ - public SSLSocketFactory createSSLSocketFactory(Settings settings) { - if (settings.names().isEmpty()) { - logger.trace("no ssl context configured"); - return null; - } - SSLContext sslContext; - // Initialize sslContext - try { - String protocol = settings.get(SSL_PROTOCOL_SETTING, "TLS"); - String trustStore = settings.get(SSL_TRUSTSTORE_SETTING, System.getProperty("javax.net.ssl.trustStore")); - String trustStorePassword = settings.get(SSL_TRUSTSTORE_PASSWORD_SETTING, - System.getProperty("javax.net.ssl.trustStorePassword")); - String trustStoreAlgorithm = settings.get(SSL_TRUSTSTORE_ALGORITHM_SETTING, - System.getProperty("ssl.TrustManagerFactory.algorithm")); - - if (trustStore == null) { - throw new SettingsException("missing required setting [" + SSL_TRUSTSTORE_SETTING + "]"); - } - - if (trustStoreAlgorithm == null) { - trustStoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); - } - - logger.debug("using ssl trust store [{}] with algorithm [{}]", trustStore, trustStoreAlgorithm); - - Path trustStorePath = env.configFile().resolve(trustStore); - if (!Files.exists(trustStorePath)) { - throw new SettingsException("could not find trust store file [" + trustStorePath + "]"); - } - - TrustManager[] trustManagers; - try (InputStream trustStoreStream = Files.newInputStream(trustStorePath)) { - // Load TrustStore - KeyStore ks = KeyStore.getInstance("jks"); - ks.load(trustStoreStream, trustStorePassword == null ? null : trustStorePassword.toCharArray()); - - // Initialize a trust manager factory with the trusted store - TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(trustStoreAlgorithm); - trustFactory.init(ks); - - // Retrieve the trust managers from the factory - trustManagers = trustFactory.getTrustManagers(); - } catch (Exception e) { - throw new RuntimeException("Failed to initialize a TrustManagerFactory", e); - } - - sslContext = SSLContext.getInstance(protocol); - sslContext.init(null, trustManagers, null); - - } catch (Exception e) { - throw new ElasticsearchException("failed to initialize ssl", e); - } - return sslContext.getSocketFactory(); - } - BasicAuth resolveAuth(Settings setting) { String username = setting.get(AUTH_USERNAME_SETTING, null); String password = setting.get(AUTH_PASSWORD_SETTING, null); diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterUtils.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterUtils.java similarity index 95% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterUtils.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterUtils.java index 0763cc5acc5..73054b3bfb7 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterUtils.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterUtils.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter.http; +package org.elasticsearch.xpack.monitoring.exporter.http; import java.net.MalformedURLException; import java.net.URISyntaxException; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalBulk.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalBulk.java similarity index 84% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalBulk.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalBulk.java index 9f3abf05970..f6a8aa252c3 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalBulk.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalBulk.java @@ -3,25 +3,25 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter.local; +package org.elasticsearch.xpack.monitoring.exporter.local; +import org.apache.logging.log4j.Logger; import org.elasticsearch.action.bulk.BulkItemResponse; import org.elasticsearch.action.bulk.BulkRequestBuilder; import org.elasticsearch.action.bulk.BulkResponse; import org.elasticsearch.action.index.IndexRequest; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.xpack.monitoring.agent.exporter.ExportBulk; -import org.elasticsearch.xpack.monitoring.agent.exporter.ExportException; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.ResolversRegistry; +import org.elasticsearch.xpack.monitoring.exporter.ExportBulk; +import org.elasticsearch.xpack.monitoring.exporter.ExportException; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.resolver.ResolversRegistry; import org.elasticsearch.xpack.security.InternalClient; import java.util.Arrays; import java.util.Collection; -import static org.elasticsearch.xpack.monitoring.agent.exporter.Exporter.EXPORT_PIPELINE_NAME; +import static org.elasticsearch.xpack.monitoring.exporter.Exporter.EXPORT_PIPELINE_NAME; /** * LocalBulk exports monitoring data in the local cluster using bulk requests. Its usage is not thread safe since the @@ -29,7 +29,7 @@ import static org.elasticsearch.xpack.monitoring.agent.exporter.Exporter.EXPORT_ */ public class LocalBulk extends ExportBulk { - private final ESLogger logger; + private final Logger logger; private final InternalClient client; private final ResolversRegistry resolvers; private final boolean usePipeline; @@ -37,7 +37,7 @@ public class LocalBulk extends ExportBulk { private BulkRequestBuilder requestBuilder; - public LocalBulk(String name, ESLogger logger, InternalClient client, ResolversRegistry resolvers, boolean usePipeline) { + public LocalBulk(String name, Logger logger, InternalClient client, ResolversRegistry resolvers, boolean usePipeline) { super(name); this.logger = logger; this.client = client; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalExporter.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalExporter.java similarity index 96% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalExporter.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalExporter.java index db91b532543..aa5300d65ff 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalExporter.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalExporter.java @@ -3,10 +3,12 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter.local; +package org.elasticsearch.xpack.monitoring.exporter.local; import com.carrotsearch.hppc.cursors.ObjectCursor; import com.carrotsearch.hppc.cursors.ObjectObjectCursor; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.admin.indices.delete.DeleteIndexRequest; import org.elasticsearch.action.admin.indices.delete.DeleteIndexResponse; @@ -21,19 +23,17 @@ import org.elasticsearch.cluster.metadata.IndexMetaData; import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.collect.ImmutableOpenMap; -import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.regex.Regex; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.gateway.GatewayService; import org.elasticsearch.ingest.IngestMetadata; -import org.elasticsearch.xpack.common.init.proxy.ClientProxy; -import org.elasticsearch.xpack.monitoring.agent.exporter.ExportBulk; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporter; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.ResolversRegistry; +import org.elasticsearch.xpack.monitoring.exporter.ExportBulk; +import org.elasticsearch.xpack.monitoring.exporter.Exporter; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.resolver.ResolversRegistry; import org.elasticsearch.xpack.monitoring.cleaner.CleanerService; import org.elasticsearch.xpack.security.InternalClient; import org.joda.time.DateTime; @@ -387,7 +387,7 @@ public class LocalExporter extends Exporter implements ClusterStateListener, Cle @Override public void onFailure(Exception e) { - logger.error("failed to set monitoring index {} [{}]", e, type, name); + logger.error((Supplier) () -> new ParameterizedMessage("failed to set monitoring index {} [{}]", type, name), e); } } } diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/MonitoringIndexNameResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/MonitoringIndexNameResolver.java similarity index 97% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/MonitoringIndexNameResolver.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/MonitoringIndexNameResolver.java index 805531549b2..f899bcf978d 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/MonitoringIndexNameResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/MonitoringIndexNameResolver.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver; +package org.elasticsearch.xpack.monitoring.resolver; import org.elasticsearch.common.bytes.BytesReference; @@ -15,8 +15,8 @@ import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.xpack.monitoring.MonitoredSystem; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; import org.joda.time.DateTime; import org.joda.time.DateTimeZone; import org.joda.time.format.DateTimeFormat; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/ResolversRegistry.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/ResolversRegistry.java similarity index 71% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/ResolversRegistry.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/ResolversRegistry.java index 5a00f956ca3..faedc8985ee 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/ResolversRegistry.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/ResolversRegistry.java @@ -3,36 +3,36 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver; +package org.elasticsearch.xpack.monitoring.resolver; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.action.MonitoringBulkDoc; import org.elasticsearch.xpack.monitoring.action.MonitoringIndex; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterInfoMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateNodeMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStatsMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.DiscoveryNodeMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndexRecoveryMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndexStatsMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndicesStatsMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.collector.node.NodeStatsMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.collector.shards.ShardMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.bulk.MonitoringBulkDataResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.bulk.MonitoringBulkTimestampedResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.cluster.ClusterInfoResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.cluster.ClusterStateNodeResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.cluster.ClusterStateResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.cluster.ClusterStatsResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.cluster.DiscoveryNodeResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.indices.IndexRecoveryResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.indices.IndexStatsResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.indices.IndicesStatsResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.node.NodeStatsResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.shards.ShardsResolver; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterInfoMonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStateMonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStateNodeMonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStatsMonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.cluster.DiscoveryNodeMonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.indices.IndexRecoveryMonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.indices.IndexStatsMonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.indices.IndicesStatsMonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.node.NodeStatsMonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.shards.ShardMonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.bulk.MonitoringBulkDataResolver; +import org.elasticsearch.xpack.monitoring.resolver.bulk.MonitoringBulkTimestampedResolver; +import org.elasticsearch.xpack.monitoring.resolver.cluster.ClusterInfoResolver; +import org.elasticsearch.xpack.monitoring.resolver.cluster.ClusterStateNodeResolver; +import org.elasticsearch.xpack.monitoring.resolver.cluster.ClusterStateResolver; +import org.elasticsearch.xpack.monitoring.resolver.cluster.ClusterStatsResolver; +import org.elasticsearch.xpack.monitoring.resolver.cluster.DiscoveryNodeResolver; +import org.elasticsearch.xpack.monitoring.resolver.indices.IndexRecoveryResolver; +import org.elasticsearch.xpack.monitoring.resolver.indices.IndexStatsResolver; +import org.elasticsearch.xpack.monitoring.resolver.indices.IndicesStatsResolver; +import org.elasticsearch.xpack.monitoring.resolver.node.NodeStatsResolver; +import org.elasticsearch.xpack.monitoring.resolver.shards.ShardsResolver; import java.util.ArrayList; import java.util.Iterator; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkDataResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/bulk/MonitoringBulkDataResolver.java similarity index 88% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkDataResolver.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/bulk/MonitoringBulkDataResolver.java index df0ca40334f..4c41d8763ac 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkDataResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/bulk/MonitoringBulkDataResolver.java @@ -3,13 +3,13 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.bulk; +package org.elasticsearch.xpack.monitoring.resolver.bulk; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.monitoring.action.MonitoringBulkDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import java.io.IOException; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkTimestampedResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/bulk/MonitoringBulkTimestampedResolver.java similarity index 89% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkTimestampedResolver.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/bulk/MonitoringBulkTimestampedResolver.java index 25e0f3e77f5..50d45afb1e7 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkTimestampedResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/bulk/MonitoringBulkTimestampedResolver.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.bulk; +package org.elasticsearch.xpack.monitoring.resolver.bulk; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.settings.Settings; @@ -11,7 +11,7 @@ import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.action.MonitoringBulkDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import java.io.IOException; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterInfoResolver.java similarity index 92% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolver.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterInfoResolver.java index 17ae28f1324..20e10c8940b 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterInfoResolver.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.cluster; +package org.elasticsearch.xpack.monitoring.resolver.cluster; import org.elasticsearch.action.admin.cluster.stats.ClusterStatsResponse; import org.elasticsearch.common.collect.MapBuilder; @@ -11,8 +11,8 @@ import org.elasticsearch.common.hash.MessageDigests; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.License; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterInfoMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterInfoMonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import java.io.IOException; import java.nio.charset.StandardCharsets; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateNodeResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateNodeResolver.java similarity index 85% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateNodeResolver.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateNodeResolver.java index d04a7971526..29d30948302 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateNodeResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateNodeResolver.java @@ -3,14 +3,14 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.cluster; +package org.elasticsearch.xpack.monitoring.resolver.cluster; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.monitoring.MonitoredSystem; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateNodeMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStateNodeMonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import java.io.IOException; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateResolver.java similarity index 90% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateResolver.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateResolver.java index 192882b89d5..3819d5d6ed4 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateResolver.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.cluster; +package org.elasticsearch.xpack.monitoring.resolver.cluster; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.common.settings.Settings; @@ -11,8 +11,8 @@ import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.monitoring.MonitoredSystem; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStateMonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import java.io.IOException; import java.util.Collections; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStatsResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStatsResolver.java similarity index 91% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStatsResolver.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStatsResolver.java index 1e66e631512..4295c59a791 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStatsResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStatsResolver.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.cluster; +package org.elasticsearch.xpack.monitoring.resolver.cluster; import org.elasticsearch.action.admin.cluster.stats.ClusterStatsResponse; import org.elasticsearch.common.settings.Settings; @@ -11,8 +11,8 @@ import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.monitoring.MonitoredSystem; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStatsMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStatsMonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import java.io.IOException; import java.util.Collections; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/DiscoveryNodeResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/DiscoveryNodeResolver.java similarity index 88% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/DiscoveryNodeResolver.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/DiscoveryNodeResolver.java index 84c070d5e2b..83ee7ba8201 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/DiscoveryNodeResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/cluster/DiscoveryNodeResolver.java @@ -3,13 +3,13 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.cluster; +package org.elasticsearch.xpack.monitoring.resolver.cluster; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.DiscoveryNodeMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.collector.cluster.DiscoveryNodeMonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import java.io.IOException; import java.util.Map; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexRecoveryResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexRecoveryResolver.java similarity index 90% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexRecoveryResolver.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexRecoveryResolver.java index 9cc4a08697b..dfd84d18a28 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexRecoveryResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexRecoveryResolver.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.indices; +package org.elasticsearch.xpack.monitoring.resolver.indices; import org.elasticsearch.action.admin.indices.recovery.RecoveryResponse; import org.elasticsearch.common.settings.Settings; @@ -11,8 +11,8 @@ import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.indices.recovery.RecoveryState; import org.elasticsearch.xpack.monitoring.MonitoredSystem; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndexRecoveryMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.collector.indices.IndexRecoveryMonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import java.io.IOException; import java.util.List; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexStatsResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexStatsResolver.java similarity index 96% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexStatsResolver.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexStatsResolver.java index 8f0f25f5512..e2ad8043d3a 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexStatsResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexStatsResolver.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.indices; +package org.elasticsearch.xpack.monitoring.resolver.indices; import org.elasticsearch.action.admin.indices.stats.IndexStats; import org.elasticsearch.common.settings.Settings; @@ -11,8 +11,8 @@ import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.monitoring.MonitoredSystem; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndexStatsMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.collector.indices.IndexStatsMonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import java.io.IOException; import java.util.Collections; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndicesStatsResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndicesStatsResolver.java similarity index 89% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndicesStatsResolver.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndicesStatsResolver.java index 77fedeef2b9..23a928bf716 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndicesStatsResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndicesStatsResolver.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.indices; +package org.elasticsearch.xpack.monitoring.resolver.indices; import org.elasticsearch.action.admin.indices.stats.IndicesStatsResponse; import org.elasticsearch.common.settings.Settings; @@ -11,13 +11,11 @@ import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.monitoring.MonitoredSystem; -import org.elasticsearch.xpack.monitoring.agent.collector.Collector; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndicesStatsMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.collector.indices.IndicesStatsMonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import java.io.IOException; import java.util.Collections; -import java.util.HashSet; import java.util.Set; public class IndicesStatsResolver extends MonitoringIndexNameResolver.Timestamped { diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/NodeStatsResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/node/NodeStatsResolver.java similarity index 96% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/NodeStatsResolver.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/node/NodeStatsResolver.java index 553bfba6ed5..495fe40c0f7 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/NodeStatsResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/node/NodeStatsResolver.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.node; +package org.elasticsearch.xpack.monitoring.resolver.node; import org.elasticsearch.action.admin.cluster.node.stats.NodeStats; import org.elasticsearch.common.settings.Settings; @@ -11,8 +11,8 @@ import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.monitoring.MonitoredSystem; -import org.elasticsearch.xpack.monitoring.agent.collector.node.NodeStatsMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.collector.node.NodeStatsMonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import java.io.IOException; import java.util.Collections; diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/shards/ShardsResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/shards/ShardsResolver.java similarity index 93% rename from elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/shards/ShardsResolver.java rename to elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/shards/ShardsResolver.java index 3e21dec1d7a..9c540f04ed8 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/shards/ShardsResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/resolver/shards/ShardsResolver.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.shards; +package org.elasticsearch.xpack.monitoring.resolver.shards; import org.elasticsearch.cluster.routing.ShardRouting; import org.elasticsearch.common.settings.Settings; @@ -11,8 +11,8 @@ import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.monitoring.MonitoredSystem; -import org.elasticsearch.xpack.monitoring.agent.collector.shards.ShardMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.collector.shards.ShardMonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import java.io.IOException; import java.util.Collections; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringFeatureSetTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringFeatureSetTests.java index 48796b8a068..3adb276dd74 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringFeatureSetTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringFeatureSetTests.java @@ -14,10 +14,10 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.XPackFeatureSet; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporter; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporters; -import org.elasticsearch.xpack.monitoring.agent.exporter.http.HttpExporter; -import org.elasticsearch.xpack.monitoring.agent.exporter.local.LocalExporter; +import org.elasticsearch.xpack.monitoring.exporter.Exporter; +import org.elasticsearch.xpack.monitoring.exporter.Exporters; +import org.elasticsearch.xpack.monitoring.exporter.http.HttpExporter; +import org.elasticsearch.xpack.monitoring.exporter.local.LocalExporter; import org.elasticsearch.xpack.watcher.support.xcontent.XContentSource; import org.junit.Before; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringPluginTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringPluginTests.java index d366d3a3dae..cc00210f73f 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringPluginTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringPluginTests.java @@ -12,7 +12,6 @@ import org.elasticsearch.plugins.PluginInfo; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.xpack.XPackPlugin; import org.elasticsearch.xpack.XPackSettings; -import org.elasticsearch.xpack.monitoring.agent.AgentService; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import static org.elasticsearch.test.ESIntegTestCase.Scope.TEST; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/settings/MonitoringSettingsTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringSettingsIntegTests.java similarity index 96% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/settings/MonitoringSettingsTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringSettingsIntegTests.java index f2cbfe448be..8b061f04e67 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/settings/MonitoringSettingsTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringSettingsIntegTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.settings; +package org.elasticsearch.xpack.monitoring; import org.elasticsearch.action.admin.cluster.settings.ClusterUpdateSettingsRequestBuilder; import org.elasticsearch.common.network.NetworkModule; @@ -14,8 +14,6 @@ import org.elasticsearch.plugins.Plugin; import org.elasticsearch.test.ESIntegTestCase; import org.elasticsearch.transport.Netty3Plugin; import org.elasticsearch.transport.Netty4Plugin; -import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.AgentService; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import java.util.ArrayList; @@ -26,10 +24,8 @@ import java.util.List; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked; import static org.hamcrest.Matchers.equalTo; -//test is just too slow, please fix it to not be sleep-based -//@BadApple(bugUrl = "https://github.com/elastic/x-plugins/issues/1007") @ESIntegTestCase.ClusterScope(scope = ESIntegTestCase.Scope.TEST, supportsDedicatedMasters = false, numDataNodes = 1, numClientNodes = 0) -public class MonitoringSettingsTests extends MonitoringIntegTestCase { +public class MonitoringSettingsIntegTests extends MonitoringIntegTestCase { private final TimeValue interval = newRandomTimeValue(); private final TimeValue indexStatsTimeout = newRandomTimeValue(); private final TimeValue indicesStatsTimeout = newRandomTimeValue(); diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkDocTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkDocTests.java index 136194d2d1f..9c4cec6cc13 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkDocTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkDocTests.java @@ -10,7 +10,7 @@ import org.elasticsearch.common.bytes.BytesArray; import org.elasticsearch.common.io.stream.BytesStreamOutput; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import java.io.IOException; import java.util.HashMap; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkResponseTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkResponseTests.java index 6920ad22a89..91bbd431c21 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkResponseTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkResponseTests.java @@ -10,7 +10,7 @@ import org.elasticsearch.common.io.stream.BytesStreamOutput; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.rest.RestStatus; import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.xpack.monitoring.agent.exporter.ExportException; +import org.elasticsearch.xpack.monitoring.exporter.ExportException; import java.io.IOException; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkTests.java index 2f44b7ab130..9689a902ee6 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkTests.java @@ -10,8 +10,8 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.AbstractRunnable; import org.elasticsearch.search.SearchHit; import org.elasticsearch.xpack.monitoring.MonitoredSystem; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.bulk.MonitoringBulkTimestampedResolver; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.bulk.MonitoringBulkTimestampedResolver; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import java.util.List; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/TransportMonitoringBulkActionTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/TransportMonitoringBulkActionTests.java index 598b6edd827..de488396cad 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/TransportMonitoringBulkActionTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/TransportMonitoringBulkActionTests.java @@ -30,9 +30,9 @@ import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportService; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.exporter.ExportException; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporters; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.ExportException; +import org.elasticsearch.xpack.monitoring.exporter.Exporters; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import org.junit.After; import org.junit.AfterClass; import org.junit.Before; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/cleaner/AbstractIndicesCleanerTestCase.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/cleaner/AbstractIndicesCleanerTestCase.java index bcb2bd95a2f..ce739c19874 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/cleaner/AbstractIndicesCleanerTestCase.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/cleaner/AbstractIndicesCleanerTestCase.java @@ -11,11 +11,11 @@ import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.VersionUtils; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporter; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporters; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.exporter.Exporter; +import org.elasticsearch.xpack.monitoring.exporter.Exporters; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import org.joda.time.DateTime; import org.joda.time.DateTimeZone; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/cleaner/local/LocalIndicesCleanerTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/cleaner/local/LocalIndicesCleanerTests.java index d09605812be..a7503bee166 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/cleaner/local/LocalIndicesCleanerTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/cleaner/local/LocalIndicesCleanerTests.java @@ -10,7 +10,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.index.IndexNotFoundException; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.test.InternalSettingsPlugin; -import org.elasticsearch.xpack.monitoring.agent.exporter.local.LocalExporter; +import org.elasticsearch.xpack.monitoring.exporter.local.LocalExporter; import org.elasticsearch.xpack.monitoring.cleaner.AbstractIndicesCleanerTestCase; import org.joda.time.DateTime; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/AbstractCollectorTestCase.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/AbstractCollectorTestCase.java similarity index 97% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/AbstractCollectorTestCase.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/AbstractCollectorTestCase.java index aa4cdddba20..feb62c5dd86 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/AbstractCollectorTestCase.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/AbstractCollectorTestCase.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector; +package org.elasticsearch.xpack.monitoring.collector; import java.util.Collection; import java.util.concurrent.TimeUnit; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStateCollectorTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStateCollectorTests.java similarity index 97% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStateCollectorTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStateCollectorTests.java index 8eead22ed08..4f8f3922547 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStateCollectorTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStateCollectorTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.cluster; +package org.elasticsearch.xpack.monitoring.collector.cluster; import org.elasticsearch.Version; import org.elasticsearch.cluster.ClusterState; @@ -13,8 +13,8 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollectorTestCase; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollectorTestCase; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import java.util.ArrayList; import java.util.Collection; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStatsCollectorTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStatsCollectorTests.java similarity index 94% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStatsCollectorTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStatsCollectorTests.java index e026d90b7ba..7e676408682 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterStatsCollectorTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStatsCollectorTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.cluster; +package org.elasticsearch.xpack.monitoring.collector.cluster; import java.util.Collection; @@ -15,9 +15,9 @@ import org.elasticsearch.license.LicenseService; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollector; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollectorTestCase; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollector; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollectorTestCase; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.greaterThan; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexRecoveryCollectorTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexRecoveryCollectorTests.java similarity index 97% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexRecoveryCollectorTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexRecoveryCollectorTests.java index 3c08b7a8b72..ad4da1eb91c 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexRecoveryCollectorTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexRecoveryCollectorTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.indices; +package org.elasticsearch.xpack.monitoring.collector.indices; import org.elasticsearch.Version; import org.elasticsearch.action.admin.indices.recovery.RecoveryResponse; @@ -18,8 +18,8 @@ import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.hamcrest.ElasticsearchAssertions; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollectorTestCase; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollectorTestCase; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import java.util.Collection; import java.util.List; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexStatsCollectorTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexStatsCollectorTests.java similarity index 97% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexStatsCollectorTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexStatsCollectorTests.java index 816f4ff8148..238ed7f2f2c 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexStatsCollectorTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexStatsCollectorTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.indices; +package org.elasticsearch.xpack.monitoring.collector.indices; import org.elasticsearch.Version; import org.elasticsearch.action.admin.indices.stats.IndexStats; @@ -15,8 +15,8 @@ import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollectorTestCase; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollectorTestCase; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import java.util.Collection; import java.util.Iterator; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndicesStatsCollectorTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/indices/IndicesStatsCollectorTests.java similarity index 97% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndicesStatsCollectorTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/indices/IndicesStatsCollectorTests.java index 6f2e42ebb7d..cef0813ecd4 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndicesStatsCollectorTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/indices/IndicesStatsCollectorTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.indices; +package org.elasticsearch.xpack.monitoring.collector.indices; import org.elasticsearch.Version; import org.elasticsearch.action.admin.indices.stats.IndexStats; @@ -17,8 +17,8 @@ import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollectorTestCase; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollectorTestCase; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import org.hamcrest.Matchers; import java.util.Collection; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/node/NodeStatsCollectorTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/node/NodeStatsCollectorTests.java similarity index 90% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/node/NodeStatsCollectorTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/node/NodeStatsCollectorTests.java index 5f81101e224..6e526eb7a78 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/node/NodeStatsCollectorTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/node/NodeStatsCollectorTests.java @@ -3,20 +3,18 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.node; +package org.elasticsearch.xpack.monitoring.collector.node; import org.elasticsearch.Version; import org.elasticsearch.bootstrap.BootstrapInfo; -import org.elasticsearch.cluster.routing.allocation.decider.DiskThresholdDecider; import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.env.NodeEnvironment; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollectorTestCase; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollectorTestCase; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import org.elasticsearch.xpack.security.InternalClient; import java.util.Collection; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/shards/ShardsCollectorTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/shards/ShardsCollectorTests.java similarity index 97% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/shards/ShardsCollectorTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/shards/ShardsCollectorTests.java index 513b0639d17..0895a64a584 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/collector/shards/ShardsCollectorTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/shards/ShardsCollectorTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.collector.shards; +package org.elasticsearch.xpack.monitoring.collector.shards; import org.elasticsearch.Version; import org.elasticsearch.cluster.ClusterState; @@ -13,8 +13,8 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.AbstractCollectorTestCase; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.AbstractCollectorTestCase; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import java.util.Collection; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/AbstractExporterTemplateTestCase.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/AbstractExporterTemplateTestCase.java similarity index 97% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/AbstractExporterTemplateTestCase.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/AbstractExporterTemplateTestCase.java index 9ae33596fc1..a09515f6070 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/AbstractExporterTemplateTestCase.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/AbstractExporterTemplateTestCase.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter; +package org.elasticsearch.xpack.monitoring.exporter; import org.elasticsearch.Version; import org.elasticsearch.cluster.service.ClusterService; @@ -14,8 +14,8 @@ import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.Collector; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStatsCollector; +import org.elasticsearch.xpack.monitoring.collector.Collector; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStatsCollector; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import org.elasticsearch.xpack.security.InternalClient; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/ExportersTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/ExportersTests.java similarity index 99% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/ExportersTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/ExportersTests.java index 55c9aef3b45..c1b234abb2f 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/ExportersTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/ExportersTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter; +package org.elasticsearch.xpack.monitoring.exporter; import org.elasticsearch.Version; import org.elasticsearch.cluster.ClusterName; @@ -18,7 +18,7 @@ import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.exporter.local.LocalExporter; +import org.elasticsearch.xpack.monitoring.exporter.local.LocalExporter; import org.elasticsearch.xpack.monitoring.cleaner.CleanerService; import org.elasticsearch.xpack.security.InternalClient; import org.junit.Before; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/MonitoringDocTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/MonitoringDocTests.java similarity index 99% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/MonitoringDocTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/MonitoringDocTests.java index e7328fc2bed..6fa1661f74e 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/MonitoringDocTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/MonitoringDocTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter; +package org.elasticsearch.xpack.monitoring.exporter; import org.elasticsearch.Version; import org.elasticsearch.cluster.node.DiscoveryNode; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/MonitoringTemplateUtilsTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/MonitoringTemplateUtilsTests.java similarity index 95% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/MonitoringTemplateUtilsTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/MonitoringTemplateUtilsTests.java index c7e02b39e2f..ad42e8da013 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/MonitoringTemplateUtilsTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/MonitoringTemplateUtilsTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter; +package org.elasticsearch.xpack.monitoring.exporter; import org.elasticsearch.test.ESTestCase; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterSimpleTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterSimpleTests.java similarity index 89% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterSimpleTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterSimpleTests.java index b4d29f024e1..65fb608d321 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterSimpleTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterSimpleTests.java @@ -3,13 +3,14 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter.http; +package org.elasticsearch.xpack.monitoring.exporter.http; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.env.Environment; import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporter; +import org.elasticsearch.xpack.monitoring.exporter.Exporter; +import org.elasticsearch.xpack.ssl.SSLService; import static org.hamcrest.Matchers.equalTo; import static org.mockito.Mockito.mock; @@ -37,7 +38,7 @@ public class HttpExporterSimpleTests extends ESTestCase { final Exporter.Config config = createConfig("_http", builder.build()); final SettingsException exception = expectThrows(SettingsException.class, () -> { - new HttpExporter(config, environment); + new HttpExporter(config, environment, new SSLService(builder.build(), environment)); }); assertThat(exception.getMessage(), equalTo(expected)); @@ -58,7 +59,7 @@ public class HttpExporterSimpleTests extends ESTestCase { final Exporter.Config config = createConfig("_http", builder.build()); final SettingsException exception = expectThrows(SettingsException.class, () -> { - new HttpExporter(config, environment); + new HttpExporter(config, environment, new SSLService(builder.build(), environment)); }); assertThat(exception.getMessage(), equalTo(expected)); @@ -80,7 +81,7 @@ public class HttpExporterSimpleTests extends ESTestCase { final Exporter.Config config = createConfig("_http", builder.build()); final SettingsException exception = expectThrows(SettingsException.class, () -> { - new HttpExporter(config, environment); + new HttpExporter(config, environment, new SSLService(builder.build(), environment)); }); assertThat(exception.getMessage(), equalTo("missing required setting [xpack.monitoring.exporters._http.host]")); @@ -106,7 +107,7 @@ public class HttpExporterSimpleTests extends ESTestCase { final Exporter.Config config = createConfig("_http", builder.build()); final SettingsException exception = expectThrows(SettingsException.class, () -> { - new HttpExporter(config, environment); + new HttpExporter(config, environment, new SSLService(builder.build(), environment)); }); assertThat(exception.getMessage(), equalTo("[xpack.monitoring.exporters._http.host] invalid host: [" + invalidHost + "]")); @@ -119,7 +120,7 @@ public class HttpExporterSimpleTests extends ESTestCase { final Exporter.Config config = createConfig("_http", builder.build()); - new HttpExporter(config, environment); + new HttpExporter(config, environment, new SSLService(builder.build(), environment)); } /** diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterTemplateTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterTemplateTests.java similarity index 97% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterTemplateTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterTemplateTests.java index 98cf6e2d3f0..5862163a331 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterTemplateTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterTemplateTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter.http; +package org.elasticsearch.xpack.monitoring.exporter.http; import com.squareup.okhttp.mockwebserver.Dispatcher; import com.squareup.okhttp.mockwebserver.MockResponse; @@ -19,8 +19,8 @@ import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ConcurrentCollections; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.xpack.monitoring.agent.exporter.AbstractExporterTemplateTestCase; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporter; +import org.elasticsearch.xpack.monitoring.exporter.AbstractExporterTemplateTestCase; +import org.elasticsearch.xpack.monitoring.exporter.Exporter; import org.junit.After; import org.junit.Before; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterTests.java similarity index 97% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterTests.java index e82fafff731..f1a01e2bab8 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter.http; +package org.elasticsearch.xpack.monitoring.exporter.http; import com.squareup.okhttp.mockwebserver.MockResponse; import com.squareup.okhttp.mockwebserver.MockWebServer; @@ -30,13 +30,13 @@ import org.elasticsearch.test.ESIntegTestCase; import org.elasticsearch.test.ESIntegTestCase.Scope; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndexRecoveryMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporter; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporters; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.bulk.MonitoringBulkTimestampedResolver; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStateMonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.indices.IndexRecoveryMonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.Exporter; +import org.elasticsearch.xpack.monitoring.exporter.Exporters; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.bulk.MonitoringBulkTimestampedResolver; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import org.joda.time.format.DateTimeFormat; import org.junit.After; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterUtilsTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterUtilsTests.java similarity index 98% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterUtilsTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterUtilsTests.java index be9584626cf..ec02cd5d939 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterUtilsTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterUtilsTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter.http; +package org.elasticsearch.xpack.monitoring.exporter.http; import org.elasticsearch.test.ESTestCase; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalExporterTemplateTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalExporterTemplateTests.java similarity index 93% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalExporterTemplateTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalExporterTemplateTests.java index 6b727cfc5bc..27147d62cb9 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalExporterTemplateTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalExporterTemplateTests.java @@ -3,15 +3,15 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter.local; +package org.elasticsearch.xpack.monitoring.exporter.local; import org.elasticsearch.action.ingest.DeletePipelineRequest; import org.elasticsearch.common.regex.Regex; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.ingest.PipelineConfiguration; -import org.elasticsearch.xpack.monitoring.agent.exporter.AbstractExporterTemplateTestCase; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporter; +import org.elasticsearch.xpack.monitoring.exporter.AbstractExporterTemplateTestCase; +import org.elasticsearch.xpack.monitoring.exporter.Exporter; import java.util.Collections; import java.util.concurrent.TimeUnit; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalExporterTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalExporterTests.java similarity index 93% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalExporterTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalExporterTests.java index a18eb23fc30..fe089d90833 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalExporterTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalExporterTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.exporter.local; +package org.elasticsearch.xpack.monitoring.exporter.local; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.Version; @@ -19,13 +19,13 @@ import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.ESIntegTestCase.Scope; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndexRecoveryMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.ExportException; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporter; -import org.elasticsearch.xpack.monitoring.agent.exporter.Exporters; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStateMonitoringDoc; +import org.elasticsearch.xpack.monitoring.collector.indices.IndexRecoveryMonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.ExportException; +import org.elasticsearch.xpack.monitoring.exporter.Exporter; +import org.elasticsearch.xpack.monitoring.exporter.Exporters; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import org.joda.time.format.DateTimeFormat; import org.junit.After; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/DataResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/DataResolverTests.java similarity index 91% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/DataResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/DataResolverTests.java index 8a7dac4a5dd..868d8cd0ce2 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/DataResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/DataResolverTests.java @@ -3,15 +3,15 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver; +package org.elasticsearch.xpack.monitoring.resolver; import org.elasticsearch.Version; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.common.transport.LocalTransportAddress; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; import java.io.IOException; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/MonitoringIndexNameResolverTestCase.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/MonitoringIndexNameResolverTestCase.java similarity index 90% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/MonitoringIndexNameResolverTestCase.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/MonitoringIndexNameResolverTestCase.java index d6826919367..2ce84f23372 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/MonitoringIndexNameResolverTestCase.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/MonitoringIndexNameResolverTestCase.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver; +package org.elasticsearch.xpack.monitoring.resolver; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.settings.Settings; @@ -12,19 +12,19 @@ import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.common.xcontent.support.XContentMapValues; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.monitoring.MonitoredSystem; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; import java.io.IOException; import java.util.HashSet; import java.util.Map; import java.util.Set; -import static org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils.TEMPLATE_VERSION; -import static org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver.DELIMITER; -import static org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver.Fields.CLUSTER_UUID; -import static org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver.Fields.SOURCE_NODE; -import static org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver.Fields.TIMESTAMP; -import static org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver.PREFIX; +import static org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils.TEMPLATE_VERSION; +import static org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver.DELIMITER; +import static org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver.Fields.CLUSTER_UUID; +import static org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver.Fields.SOURCE_NODE; +import static org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver.Fields.TIMESTAMP; +import static org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver.PREFIX; import static org.hamcrest.Matchers.allOf; import static org.hamcrest.Matchers.anyOf; import static org.hamcrest.Matchers.equalTo; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/TimestampedResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/TimestampedResolverTests.java similarity index 89% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/TimestampedResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/TimestampedResolverTests.java index ced3cc247cb..1c529006482 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/TimestampedResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/TimestampedResolverTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver; +package org.elasticsearch.xpack.monitoring.resolver; import org.elasticsearch.Version; import org.elasticsearch.cluster.node.DiscoveryNode; @@ -12,8 +12,8 @@ import org.elasticsearch.common.transport.LocalTransportAddress; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.monitoring.MonitoredSystem; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; import org.joda.time.format.DateTimeFormat; import java.io.IOException; @@ -21,8 +21,8 @@ import java.util.Arrays; import static java.util.Collections.emptyMap; import static java.util.Collections.emptySet; -import static org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver.DELIMITER; -import static org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver.PREFIX; +import static org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver.DELIMITER; +import static org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver.PREFIX; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.notNullValue; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkDataResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/bulk/MonitoringBulkDataResolverTests.java similarity index 92% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkDataResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/bulk/MonitoringBulkDataResolverTests.java index 42dbd1ae308..dc25700206f 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkDataResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/bulk/MonitoringBulkDataResolverTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.bulk; +package org.elasticsearch.xpack.monitoring.resolver.bulk; import org.elasticsearch.Version; import org.elasticsearch.cluster.node.DiscoveryNode; @@ -14,8 +14,8 @@ import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.action.MonitoringBulkDoc; import org.elasticsearch.xpack.monitoring.action.MonitoringIndex; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolverTestCase; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolverTestCase; import static java.util.Collections.emptyMap; import static java.util.Collections.emptySet; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkTimestampedResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/bulk/MonitoringBulkTimestampedResolverTests.java similarity index 92% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkTimestampedResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/bulk/MonitoringBulkTimestampedResolverTests.java index ad88094e3d2..862eaf8f062 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkTimestampedResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/bulk/MonitoringBulkTimestampedResolverTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.bulk; +package org.elasticsearch.xpack.monitoring.resolver.bulk; import org.elasticsearch.Version; import org.elasticsearch.cluster.node.DiscoveryNode; @@ -14,8 +14,8 @@ import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.action.MonitoringBulkDoc; import org.elasticsearch.xpack.monitoring.action.MonitoringIndex; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolverTestCase; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolverTestCase; import static java.util.Collections.emptyMap; import static java.util.Collections.emptySet; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterInfoResolverTests.java similarity index 91% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterInfoResolverTests.java index 09b02cebb8a..52a7117d1a7 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterInfoResolverTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.cluster; +package org.elasticsearch.xpack.monitoring.resolver.cluster; import org.elasticsearch.Version; import org.elasticsearch.action.admin.cluster.stats.ClusterStatsResponse; @@ -15,9 +15,9 @@ import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.license.License; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterInfoMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolverTestCase; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterInfoMonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolverTestCase; import java.util.Collections; import java.util.UUID; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterInfoTests.java similarity index 95% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterInfoTests.java index d5caa3c8ea6..689f4e58297 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterInfoTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.cluster; +package org.elasticsearch.xpack.monitoring.resolver.cluster; import org.elasticsearch.Version; import org.elasticsearch.action.get.GetResponse; @@ -13,9 +13,9 @@ import org.elasticsearch.index.query.QueryBuilders; import org.elasticsearch.license.License; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStatsCollector; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStatsCollector; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import org.junit.After; import org.junit.Before; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateNodeResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateNodeResolverTests.java similarity index 88% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateNodeResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateNodeResolverTests.java index 2a98a6e942f..06653d4eb48 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateNodeResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateNodeResolverTests.java @@ -3,16 +3,16 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.cluster; +package org.elasticsearch.xpack.monitoring.resolver.cluster; import org.elasticsearch.Version; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.common.transport.LocalTransportAddress; import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateNodeMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolverTestCase; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStateNodeMonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolverTestCase; import java.util.UUID; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateResolverTests.java similarity index 89% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateResolverTests.java index b8e008dad71..c16e78f1e38 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateResolverTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.cluster; +package org.elasticsearch.xpack.monitoring.resolver.cluster; import org.elasticsearch.Version; import org.elasticsearch.cluster.ClusterName; @@ -14,9 +14,9 @@ import org.elasticsearch.cluster.node.DiscoveryNodes; import org.elasticsearch.common.transport.LocalTransportAddress; import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolverTestCase; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStateMonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolverTestCase; import java.io.IOException; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateTests.java similarity index 96% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateTests.java index 05ce29bdb0a..d423dab6177 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStateTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.cluster; +package org.elasticsearch.xpack.monitoring.resolver.cluster; import org.apache.lucene.util.LuceneTestCase; import org.elasticsearch.action.search.SearchResponse; @@ -15,9 +15,9 @@ import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.ESIntegTestCase.Scope; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateCollector; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStateCollector; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import org.junit.After; import org.junit.Before; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStatsResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStatsResolverTests.java similarity index 95% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStatsResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStatsResolverTests.java index 34181125aac..c84e8af6361 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStatsResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStatsResolverTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.cluster; +package org.elasticsearch.xpack.monitoring.resolver.cluster; import org.elasticsearch.Version; import org.elasticsearch.action.admin.cluster.node.info.NodeInfo; @@ -42,9 +42,9 @@ import org.elasticsearch.monitor.process.ProcessInfo; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.threadpool.ThreadPoolInfo; import org.elasticsearch.transport.TransportInfo; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStatsMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolverTestCase; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStatsMonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolverTestCase; import java.nio.file.Path; import java.util.Collections; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStatsTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStatsTests.java similarity index 95% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStatsTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStatsTests.java index f76015e2c48..4596c51628e 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStatsTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/cluster/ClusterStatsTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.cluster; +package org.elasticsearch.xpack.monitoring.resolver.cluster; import org.elasticsearch.action.admin.cluster.stats.ClusterStatsNodes; import org.elasticsearch.action.search.SearchResponse; @@ -12,7 +12,7 @@ import org.elasticsearch.search.SearchHit; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.ESIntegTestCase.Scope; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStatsCollector; +import org.elasticsearch.xpack.monitoring.collector.cluster.ClusterStatsCollector; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import org.junit.After; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexRecoveryResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexRecoveryResolverTests.java similarity index 90% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexRecoveryResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexRecoveryResolverTests.java index 1489a6298c4..1b12b8b9dfb 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexRecoveryResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexRecoveryResolverTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.indices; +package org.elasticsearch.xpack.monitoring.resolver.indices; import org.elasticsearch.Version; import org.elasticsearch.action.admin.indices.recovery.RecoveryResponse; @@ -17,9 +17,9 @@ import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.index.shard.ShardId; import org.elasticsearch.indices.recovery.RecoveryState; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndexRecoveryMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolverTestCase; +import org.elasticsearch.xpack.monitoring.collector.indices.IndexRecoveryMonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolverTestCase; import java.util.Collections; import java.util.HashMap; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexRecoveryTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexRecoveryTests.java similarity index 95% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexRecoveryTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexRecoveryTests.java index 8035dfa6215..134ecacd7b3 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexRecoveryTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexRecoveryTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.indices; +package org.elasticsearch.xpack.monitoring.resolver.indices; import org.elasticsearch.action.admin.indices.recovery.RecoveryResponse; import org.elasticsearch.action.search.SearchResponse; @@ -12,8 +12,8 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.search.SearchHit; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndexRecoveryCollector; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.collector.indices.IndexRecoveryCollector; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import org.junit.After; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexStatsResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexStatsResolverTests.java similarity index 93% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexStatsResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexStatsResolverTests.java index 9dc2d68d771..6dfbb0098f3 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexStatsResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexStatsResolverTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.indices; +package org.elasticsearch.xpack.monitoring.resolver.indices; import org.elasticsearch.Version; import org.elasticsearch.action.admin.indices.stats.CommonStats; @@ -29,9 +29,9 @@ import org.elasticsearch.index.shard.IndexingStats; import org.elasticsearch.index.shard.ShardId; import org.elasticsearch.index.shard.ShardPath; import org.elasticsearch.index.store.StoreStats; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndexStatsMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolverTestCase; +import org.elasticsearch.xpack.monitoring.collector.indices.IndexStatsMonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolverTestCase; import java.nio.file.Path; import java.util.UUID; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexStatsTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexStatsTests.java similarity index 96% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexStatsTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexStatsTests.java index ce99a140ac5..f25cd2c1f6c 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexStatsTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndexStatsTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.indices; +package org.elasticsearch.xpack.monitoring.resolver.indices; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.common.settings.Settings; @@ -12,7 +12,7 @@ import org.elasticsearch.search.SearchHit; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.ESIntegTestCase.Scope; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndexStatsCollector; +import org.elasticsearch.xpack.monitoring.collector.indices.IndexStatsCollector; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import org.junit.After; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndicesStatsResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndicesStatsResolverTests.java similarity index 93% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndicesStatsResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndicesStatsResolverTests.java index 7bbd7d9706b..2b17a40f000 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndicesStatsResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndicesStatsResolverTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.indices; +package org.elasticsearch.xpack.monitoring.resolver.indices; import org.elasticsearch.Version; import org.elasticsearch.action.admin.indices.stats.CommonStats; @@ -29,9 +29,9 @@ import org.elasticsearch.index.shard.IndexingStats; import org.elasticsearch.index.shard.ShardId; import org.elasticsearch.index.shard.ShardPath; import org.elasticsearch.index.store.StoreStats; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndicesStatsMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolverTestCase; +import org.elasticsearch.xpack.monitoring.collector.indices.IndicesStatsMonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolverTestCase; import java.nio.file.Path; import java.util.ArrayList; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndicesStatsTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndicesStatsTests.java similarity index 95% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndicesStatsTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndicesStatsTests.java index 9d35d558175..154534d349a 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndicesStatsTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/indices/IndicesStatsTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.indices; +package org.elasticsearch.xpack.monitoring.resolver.indices; import org.elasticsearch.action.admin.indices.stats.IndicesStatsResponse; import org.elasticsearch.action.search.SearchResponse; @@ -12,7 +12,7 @@ import org.elasticsearch.search.SearchHit; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.ESIntegTestCase.Scope; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.indices.IndicesStatsCollector; +import org.elasticsearch.xpack.monitoring.collector.indices.IndicesStatsCollector; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import org.junit.After; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/DiscoveryNodeResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/node/DiscoveryNodeResolverTests.java similarity index 85% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/DiscoveryNodeResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/node/DiscoveryNodeResolverTests.java index dce83c298c7..196ab26f147 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/DiscoveryNodeResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/node/DiscoveryNodeResolverTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.node; +package org.elasticsearch.xpack.monitoring.resolver.node; import org.elasticsearch.Version; import org.elasticsearch.cluster.node.DiscoveryNode; @@ -11,10 +11,10 @@ import org.elasticsearch.common.transport.LocalTransportAddress; import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.test.VersionUtils; -import org.elasticsearch.xpack.monitoring.agent.collector.cluster.DiscoveryNodeMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolverTestCase; -import org.elasticsearch.xpack.monitoring.agent.resolver.cluster.DiscoveryNodeResolver; +import org.elasticsearch.xpack.monitoring.collector.cluster.DiscoveryNodeMonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolverTestCase; +import org.elasticsearch.xpack.monitoring.resolver.cluster.DiscoveryNodeResolver; import java.util.UUID; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/MultiNodesStatsTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/node/MultiNodesStatsTests.java similarity index 98% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/MultiNodesStatsTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/node/MultiNodesStatsTests.java index 5697af10b51..5e54724e87d 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/MultiNodesStatsTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/node/MultiNodesStatsTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.node; +package org.elasticsearch.xpack.monitoring.resolver.node; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/NodeStatsResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/node/NodeStatsResolverTests.java similarity index 95% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/NodeStatsResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/node/NodeStatsResolverTests.java index aca31a21970..260c98b152c 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/NodeStatsResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/node/NodeStatsResolverTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.node; +package org.elasticsearch.xpack.monitoring.resolver.node; import org.apache.lucene.util.Constants; import org.elasticsearch.Version; @@ -36,9 +36,9 @@ import org.elasticsearch.monitor.os.OsProbe; import org.elasticsearch.monitor.process.ProcessProbe; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.threadpool.ThreadPoolStats; -import org.elasticsearch.xpack.monitoring.agent.collector.node.NodeStatsMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolverTestCase; +import org.elasticsearch.xpack.monitoring.collector.node.NodeStatsMonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolverTestCase; import org.elasticsearch.xpack.watcher.execution.InternalWatchExecutor; import java.io.IOException; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/NodeStatsTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/node/NodeStatsTests.java similarity index 94% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/NodeStatsTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/node/NodeStatsTests.java index 08c72096e1e..7fc85c5c521 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/NodeStatsTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/node/NodeStatsTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.node; +package org.elasticsearch.xpack.monitoring.resolver.node; import org.apache.lucene.util.Constants; import org.elasticsearch.action.search.SearchResponse; @@ -12,8 +12,8 @@ import org.elasticsearch.search.SearchHit; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.ESIntegTestCase.Scope; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.node.NodeStatsCollector; -import org.elasticsearch.xpack.monitoring.agent.exporter.local.LocalExporter; +import org.elasticsearch.xpack.monitoring.collector.node.NodeStatsCollector; +import org.elasticsearch.xpack.monitoring.exporter.local.LocalExporter; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import org.junit.After; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/shards/ShardsResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/shards/ShardsResolverTests.java similarity index 94% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/shards/ShardsResolverTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/shards/ShardsResolverTests.java index b85a5d45f5d..3e8da67ef18 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/shards/ShardsResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/shards/ShardsResolverTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.shards; +package org.elasticsearch.xpack.monitoring.resolver.shards; import org.elasticsearch.Version; import org.elasticsearch.cluster.node.DiscoveryNode; @@ -17,9 +17,9 @@ import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.index.Index; import org.elasticsearch.index.shard.ShardId; -import org.elasticsearch.xpack.monitoring.agent.collector.shards.ShardMonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolverTestCase; +import org.elasticsearch.xpack.monitoring.collector.shards.ShardMonitoringDoc; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringTemplateUtils; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolverTestCase; import java.util.UUID; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/shards/ShardsTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/shards/ShardsTests.java similarity index 97% rename from elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/shards/ShardsTests.java rename to elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/shards/ShardsTests.java index fba5c0040b9..1bbc813c870 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/shards/ShardsTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/resolver/shards/ShardsTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.monitoring.agent.resolver.shards; +package org.elasticsearch.xpack.monitoring.resolver.shards; import org.apache.lucene.util.LuceneTestCase.BadApple; import org.elasticsearch.action.search.SearchRequestBuilder; @@ -18,7 +18,7 @@ import org.elasticsearch.search.aggregations.bucket.terms.StringTerms; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.ESIntegTestCase.Scope; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.collector.shards.ShardsCollector; +import org.elasticsearch.xpack.monitoring.collector.shards.ShardsCollector; import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase; import org.junit.After; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/security/MonitoringSettingsFilterTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/security/MonitoringSettingsFilterTests.java index fdf55898081..5a65710d22d 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/security/MonitoringSettingsFilterTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/security/MonitoringSettingsFilterTests.java @@ -28,6 +28,7 @@ import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordTok import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.nullValue; +// TODO: we do not need individual tests for monitoring and security... maybe watcher even has one too? public class MonitoringSettingsFilterTests extends MonitoringIntegTestCase { @Override @@ -40,9 +41,10 @@ public class MonitoringSettingsFilterTests extends MonitoringIntegTestCase { .put("xpack.monitoring.exporters._http.enabled", false) .put("xpack.monitoring.exporters._http.auth.username", "_user") .put("xpack.monitoring.exporters._http.auth.password", "_passwd") - .put("xpack.monitoring.exporters._http.ssl.truststore.path", "/path/to/truststore") - .put("xpack.monitoring.exporters._http.ssl.truststore.password", "_passwd") - .put("xpack.monitoring.exporters._http.ssl.hostname_verification", true) + .put("xpack.monitoring.exporters._http.ssl.truststore.path", + getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks")) + .put("xpack.monitoring.exporters._http.ssl.truststore.password", "truststore-testnode-only") + .put("xpack.monitoring.exporters._http.ssl.verification_mode", "full") .build(); } @@ -77,7 +79,7 @@ public class MonitoringSettingsFilterTests extends MonitoringIntegTestCase { assertNullSetting(settings, "xpack.monitoring.exporters._http.auth.password"); assertNullSetting(settings, "xpack.monitoring.exporters._http.ssl.truststore.path"); assertNullSetting(settings, "xpack.monitoring.exporters._http.ssl.truststore.password"); - assertNullSetting(settings, "xpack.monitoring.exporters._http.ssl.hostname_verification"); + assertNullSetting(settings, "xpack.monitoring.exporters._http.ssl.verification_mode"); } } diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/test/MonitoringIntegTestCase.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/test/MonitoringIntegTestCase.java index c56f4af6299..a5b64b2a072 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/test/MonitoringIntegTestCase.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/test/MonitoringIntegTestCase.java @@ -30,10 +30,10 @@ import org.elasticsearch.xpack.XPackPlugin; import org.elasticsearch.xpack.XPackSettings; import org.elasticsearch.xpack.monitoring.MonitoredSystem; import org.elasticsearch.xpack.monitoring.MonitoringSettings; -import org.elasticsearch.xpack.monitoring.agent.AgentService; -import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; -import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; -import org.elasticsearch.xpack.monitoring.agent.resolver.ResolversRegistry; +import org.elasticsearch.xpack.monitoring.AgentService; +import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc; +import org.elasticsearch.xpack.monitoring.resolver.MonitoringIndexNameResolver; +import org.elasticsearch.xpack.monitoring.resolver.ResolversRegistry; import org.elasticsearch.xpack.monitoring.client.MonitoringClient; import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.authc.file.FileRealm; diff --git a/elasticsearch/x-pack/security/bin/x-pack/certgen b/elasticsearch/x-pack/security/bin/x-pack/certgen index 3a148e94351..c0567fd368f 100644 --- a/elasticsearch/x-pack/security/bin/x-pack/certgen +++ b/elasticsearch/x-pack/security/bin/x-pack/certgen @@ -98,7 +98,7 @@ if [ -e "$CONF_DIR" ]; then fi cd "$ES_HOME" > /dev/null -"$JAVA" $ES_JAVA_OPTS -cp "$ES_CLASSPATH" -Des.path.home="$ES_HOME" org.elasticsearch.xpack.security.ssl.CertificateTool "${args[@]}" +"$JAVA" $ES_JAVA_OPTS -cp "$ES_CLASSPATH" -Des.path.home="$ES_HOME" org.elasticsearch.xpack.ssl.CertificateTool "${args[@]}" status=$? cd - > /dev/null exit $status diff --git a/elasticsearch/x-pack/security/bin/x-pack/certgen.bat b/elasticsearch/x-pack/security/bin/x-pack/certgen.bat index 7c17d77c330..c0406b091c9 100644 --- a/elasticsearch/x-pack/security/bin/x-pack/certgen.bat +++ b/elasticsearch/x-pack/security/bin/x-pack/certgen.bat @@ -5,5 +5,5 @@ rem or more contributor license agreements. Licensed under the Elastic License; rem you may not use this file except in compliance with the Elastic License. PUSHD "%~dp0" -CALL "%~dp0.in.bat" org.elasticsearch.xpack.security.ssl.CertificateTool %* +CALL "%~dp0.in.bat" org.elasticsearch.xpack.ssl.CertificateTool %* POPD diff --git a/elasticsearch/x-pack/security/config/x-pack/log4j2.properties b/elasticsearch/x-pack/security/config/x-pack/log4j2.properties new file mode 100644 index 00000000000..3b96b005c89 --- /dev/null +++ b/elasticsearch/x-pack/security/config/x-pack/log4j2.properties @@ -0,0 +1,15 @@ +appender.audit_rolling.type = RollingFile +appender.audit_rolling.name = audit_rolling +appender.audit_rolling.fileName = ${sys:es.logs}_access.log +appender.audit_rolling.layout.type = PatternLayout +appender.audit_rolling.layout.pattern = [%d{ISO8601}] %m%n +appender.audit_rolling.filePattern = ${sys:es.logs}-%d{yyyy-MM-dd}.log +appender.audit_rolling.policies.type = Policies +appender.audit_rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.audit_rolling.policies.time.interval = 1 +appender.audit_rolling.policies.time.modulate = true + +logger.xpack_security_audit_logfile.name = xpack.security.audit.logfile +logger.xpack_security_audit_logfile.level = info +logger.xpack_security_audit_logfile.appenderRef.audit_rolling.ref = audit_rolling +logger.xpack_security_audit_logfile.additivity = false diff --git a/elasticsearch/x-pack/security/config/x-pack/logging.yml b/elasticsearch/x-pack/security/config/x-pack/logging.yml deleted file mode 100644 index c6008b8e163..00000000000 --- a/elasticsearch/x-pack/security/config/x-pack/logging.yml +++ /dev/null @@ -1,15 +0,0 @@ -logger: - xpack.security.audit.logfile: INFO, access_log - -additivity: - xpack.security.audit.logfile: false - -appender: - - access_log: - type: dailyRollingFile - file: ${path.logs}/${cluster.name}-access.log - datePattern: "'.'yyyy-MM-dd" - layout: - type: pattern - conversionPattern: "[%d{ISO8601}] %m%n" diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java index fa4ab61f0ad..88a7e17df60 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java @@ -5,20 +5,7 @@ */ package org.elasticsearch.xpack.security; -import java.io.IOException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Map; -import java.util.Optional; -import java.util.Set; -import java.util.function.Function; -import java.util.stream.Collectors; - +import org.apache.logging.log4j.Logger; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionResponse; import org.elasticsearch.action.support.ActionFilter; @@ -27,7 +14,6 @@ import org.elasticsearch.common.Booleans; import org.elasticsearch.common.Strings; import org.elasticsearch.common.inject.Module; import org.elasticsearch.common.inject.util.Providers; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.LoggerMessageFormat; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.network.NetworkModule; @@ -76,8 +62,8 @@ import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail; import org.elasticsearch.xpack.security.audit.index.IndexNameResolver; import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail; import org.elasticsearch.xpack.security.authc.AuthenticationFailureHandler; -import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler; import org.elasticsearch.xpack.security.authc.AuthenticationService; +import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler; import org.elasticsearch.xpack.security.authc.Realm; import org.elasticsearch.xpack.security.authc.Realms; import org.elasticsearch.xpack.security.authc.activedirectory.ActiveDirectoryRealm; @@ -90,10 +76,10 @@ import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory; import org.elasticsearch.xpack.security.authc.pki.PkiRealm; import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; +import org.elasticsearch.xpack.security.authz.AuthorizationService; import org.elasticsearch.xpack.security.authz.accesscontrol.OptOutQueryCache; import org.elasticsearch.xpack.security.authz.accesscontrol.SecurityIndexSearcherWrapper; import org.elasticsearch.xpack.security.authz.accesscontrol.SetSecurityUserProcessor; -import org.elasticsearch.xpack.security.authz.AuthorizationService; import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore; import org.elasticsearch.xpack.security.authz.store.FileRolesStore; import org.elasticsearch.xpack.security.authz.store.NativeRolesStore; @@ -110,9 +96,6 @@ import org.elasticsearch.xpack.security.rest.action.user.RestChangePasswordActio import org.elasticsearch.xpack.security.rest.action.user.RestDeleteUserAction; import org.elasticsearch.xpack.security.rest.action.user.RestGetUsersAction; import org.elasticsearch.xpack.security.rest.action.user.RestPutUserAction; -import org.elasticsearch.xpack.security.ssl.SSLConfigurationReloader; -import org.elasticsearch.xpack.security.ssl.SSLService; -import org.elasticsearch.xpack.security.support.OptionalSettings; import org.elasticsearch.xpack.security.transport.SecurityServerTransportService; import org.elasticsearch.xpack.security.transport.filter.IPFilter; import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; @@ -120,9 +103,24 @@ import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport import org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport; import org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4Transport; import org.elasticsearch.xpack.security.user.AnonymousUser; +import org.elasticsearch.xpack.ssl.SSLService; import org.joda.time.DateTime; import org.joda.time.DateTimeZone; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.Set; +import java.util.function.Function; +import java.util.stream.Collectors; + import static java.util.Collections.emptyList; import static java.util.Collections.singletonList; @@ -131,11 +129,12 @@ import static java.util.Collections.singletonList; */ public class Security implements ActionPlugin, IngestPlugin { - private static final ESLogger logger = Loggers.getLogger(XPackPlugin.class); + private static final Logger logger = Loggers.getLogger(XPackPlugin.class); public static final String NAME3 = XPackPlugin.SECURITY + "3"; public static final String NAME4 = XPackPlugin.SECURITY + "4"; - public static final Setting> USER_SETTING = OptionalSettings.createString(setting("user"), Property.NodeScope); + public static final Setting> USER_SETTING = + new Setting<>(setting("user"), (String) null, Optional::ofNullable, Property.NodeScope); public static final Setting> AUDIT_OUTPUTS_SETTING = Setting.listSetting(setting("audit.outputs"), @@ -149,8 +148,9 @@ public class Security implements ActionPlugin, IngestPlugin { private final boolean transportClientMode; private final XPackLicenseState licenseState; private final CryptoService cryptoService; + private final SSLService sslService; - public Security(Settings settings, Environment env, XPackLicenseState licenseState) throws IOException { + public Security(Settings settings, Environment env, XPackLicenseState licenseState, SSLService sslService) throws IOException { this.settings = settings; this.env = env; this.transportClientMode = XPackPlugin.transportClientMode(settings); @@ -162,6 +162,7 @@ public class Security implements ActionPlugin, IngestPlugin { cryptoService = null; } this.licenseState = licenseState; + this.sslService = sslService; } public CryptoService getCryptoService() { @@ -180,7 +181,7 @@ public class Security implements ActionPlugin, IngestPlugin { } modules.add(b -> { // for transport client we still must inject these ssl classes with guice - b.bind(SSLService.class).toInstance(new SSLService(settings, null)); + b.bind(SSLService.class).toInstance(sslService); }); return modules; @@ -224,11 +225,6 @@ public class Security implements ActionPlugin, IngestPlugin { final SecurityContext securityContext = new SecurityContext(settings, threadPool, cryptoService); components.add(securityContext); - final SSLService sslService = new SSLService(settings, env); - // just create the reloader as it will pull all of the loaded ssl configurations and start watching them - new SSLConfigurationReloader(settings, env, sslService, resourceWatcherService); - components.add(sslService); - // realms construction final NativeUsersStore nativeUsersStore = new NativeUsersStore(settings, client, threadPool); final ReservedRealm reservedRealm = new ReservedRealm(env, settings, nativeUsersStore); @@ -238,7 +234,7 @@ public class Security implements ActionPlugin, IngestPlugin { realmFactories.put(ActiveDirectoryRealm.TYPE, config -> new ActiveDirectoryRealm(config, resourceWatcherService, sslService)); realmFactories.put(LdapRealm.TYPE, config -> new LdapRealm(config, resourceWatcherService, sslService)); - realmFactories.put(PkiRealm.TYPE, config -> new PkiRealm(config, resourceWatcherService)); + realmFactories.put(PkiRealm.TYPE, config -> new PkiRealm(config, resourceWatcherService, sslService)); for (XPackExtension extension : extensions) { Map newRealms = extension.getRealms(); for (Map.Entry entry : newRealms.entrySet()) { @@ -375,12 +371,6 @@ public class Security implements ActionPlugin, IngestPlugin { // always register for both client and node modes settingsList.add(USER_SETTING); - // SSL settings - SSLService.addSettings(settingsList); - - // transport settings - SecurityNetty3Transport.addSettings(settingsList); - if (transportClientMode) { return settingsList; } @@ -403,9 +393,6 @@ public class Security implements ActionPlugin, IngestPlugin { AuthenticationService.addSettings(settingsList); AuthorizationService.addSettings(settingsList); - // HTTP settings - SecurityNetty3HttpServerTransport.addSettings(settingsList); - // encryption settings CryptoService.addSettings(settingsList); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityContext.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityContext.java index 2942d135272..a4d9e177bdd 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityContext.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityContext.java @@ -5,9 +5,7 @@ */ package org.elasticsearch.xpack.security; -import java.io.IOException; - -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; @@ -17,12 +15,14 @@ import org.elasticsearch.xpack.security.authc.AuthenticationService; import org.elasticsearch.xpack.security.crypto.CryptoService; import org.elasticsearch.xpack.security.user.User; +import java.io.IOException; + /** * A lightweight utility that can find the current user and authentication information for the local thread. */ public class SecurityContext { - private final ESLogger logger; + private final Logger logger; private final ThreadContext threadContext; private final CryptoService cryptoService; private final boolean signUserHeader; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java index 38681ace843..8c636cc8e00 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java @@ -26,12 +26,13 @@ import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore; import org.elasticsearch.xpack.security.authz.store.RolesStore; import org.elasticsearch.xpack.security.crypto.CryptoService; import org.elasticsearch.xpack.security.transport.filter.IPFilter; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; import org.elasticsearch.xpack.security.user.AnonymousUser; +import static org.elasticsearch.xpack.XPackSettings.HTTP_SSL_ENABLED; +import static org.elasticsearch.xpack.XPackSettings.TRANSPORT_SSL_ENABLED; + /** - * + * Indicates whether the features of Security are currently in use */ public class SecurityFeatureSet implements XPackFeatureSet { @@ -114,8 +115,8 @@ public class SecurityFeatureSet implements XPackFeatureSet { static Map sslUsage(Settings settings) { Map map = new HashMap<>(2); - map.put("http", Collections.singletonMap("enabled", SecurityNetty3HttpServerTransport.SSL_SETTING.get(settings))); - map.put("transport", Collections.singletonMap("enabled", SecurityNetty3Transport.SSL_SETTING.get(settings))); + map.put("http", Collections.singletonMap("enabled", HTTP_SSL_ENABLED.get(settings))); + map.put("transport", Collections.singletonMap("enabled", TRANSPORT_SSL_ENABLED.get(settings))); return map; } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityTemplateService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityTemplateService.java index a04cd277012..ec5948a4c94 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityTemplateService.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityTemplateService.java @@ -5,6 +5,9 @@ */ package org.elasticsearch.xpack.security; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.Version; import org.elasticsearch.action.ActionListener; @@ -22,7 +25,6 @@ import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.collect.ImmutableOpenMap; import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.compress.CompressedXContent; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ConcurrentCollections; import org.elasticsearch.common.xcontent.XContentFactory; @@ -146,7 +148,7 @@ public class SecurityTemplateService extends AbstractComponent implements Cluste @Override public void onFailure(Exception e) { updateMappingPending.set(false); - logger.warn("failed to update mapping for [{}] on security index", e, type); + logger.warn((Supplier) () -> new ParameterizedMessage("failed to update mapping for [{}] on security index", type), e); } }); } @@ -175,7 +177,7 @@ public class SecurityTemplateService extends AbstractComponent implements Cluste }); } - static boolean securityIndexMappingUpToDate(ClusterState clusterState, ESLogger logger) { + static boolean securityIndexMappingUpToDate(ClusterState clusterState, Logger logger) { IndexMetaData indexMetaData = clusterState.metaData().getIndices().get(SECURITY_INDEX_NAME); if (indexMetaData != null) { for (Object object : indexMetaData.getMappings().values().toArray()) { @@ -199,7 +201,7 @@ public class SecurityTemplateService extends AbstractComponent implements Cluste } } - static boolean securityTemplateExistsAndIsUpToDate(ClusterState state, ESLogger logger) { + static boolean securityTemplateExistsAndIsUpToDate(ClusterState state, Logger logger) { IndexTemplateMetaData templateMeta = state.metaData().templates().get(SECURITY_TEMPLATE_NAME); if (templateMeta == null) { return false; @@ -243,7 +245,7 @@ public class SecurityTemplateService extends AbstractComponent implements Cluste return true; } - public static boolean securityIndexMappingAndTemplateUpToDate(ClusterState clusterState, ESLogger logger) { + public static boolean securityIndexMappingAndTemplateUpToDate(ClusterState clusterState, Logger logger) { if (SecurityTemplateService.securityTemplateExistsAndIsUpToDate(clusterState, logger) == false) { logger.debug("security template [{}] does not exist or is not up to date, so service cannot start", SecurityTemplateService.SECURITY_TEMPLATE_NAME); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportDeleteRoleAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportDeleteRoleAction.java index 7b5f50c7aed..b866e00d37d 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportDeleteRoleAction.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportDeleteRoleAction.java @@ -5,16 +5,18 @@ */ package org.elasticsearch.xpack.security.action.role; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.action.support.HandledTransportAction; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.xpack.security.authz.store.NativeRolesStore; -import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportService; +import org.elasticsearch.xpack.security.authz.store.NativeRolesStore; +import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore; public class TransportDeleteRoleAction extends HandledTransportAction { @@ -49,7 +51,7 @@ public class TransportDeleteRoleAction extends HandledTransportAction) () -> new ParameterizedMessage("failed to delete role [{}]", request.name()), e); listener.onFailure(e); } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportGetRolesAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportGetRolesAction.java index a58c6301141..95183c5502d 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportGetRolesAction.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportGetRolesAction.java @@ -5,23 +5,26 @@ */ package org.elasticsearch.xpack.security.action.role; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.action.support.HandledTransportAction; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; -import org.elasticsearch.common.Strings; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.xpack.security.authz.RoleDescriptor; -import org.elasticsearch.xpack.security.authz.permission.KibanaRole; -import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore; -import org.elasticsearch.xpack.security.authz.store.NativeRolesStore; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportService; +import org.elasticsearch.xpack.security.authz.RoleDescriptor; +import org.elasticsearch.xpack.security.authz.permission.KibanaRole; +import org.elasticsearch.xpack.security.authz.store.NativeRolesStore; +import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore; import java.util.ArrayList; import java.util.List; +import static org.elasticsearch.common.Strings.arrayToDelimitedString; + public class TransportGetRolesAction extends HandledTransportAction { private final NativeRolesStore nativeRolesStore; @@ -78,7 +81,7 @@ public class TransportGetRolesAction extends HandledTransportAction) () -> new ParameterizedMessage("failed to retrieve role [{}]", rolename), t); listener.onFailure(t); } }); @@ -96,8 +99,9 @@ public class TransportGetRolesAction extends HandledTransportAction) () -> new ParameterizedMessage( + "failed to retrieve role [{}]", arrayToDelimitedString(request.names(), ",")), t); listener.onFailure(t); } }); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportGetUsersAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportGetUsersAction.java index 7a7a5fc962a..192828be9b4 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportGetUsersAction.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportGetUsersAction.java @@ -5,24 +5,27 @@ */ package org.elasticsearch.xpack.security.action.user; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.action.support.HandledTransportAction; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; -import org.elasticsearch.common.Strings; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.transport.TransportService; +import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore; +import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm; import org.elasticsearch.xpack.security.user.AnonymousUser; import org.elasticsearch.xpack.security.user.SystemUser; import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore; -import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm; -import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.transport.TransportService; import java.util.ArrayList; import java.util.List; +import static org.elasticsearch.common.Strings.arrayToDelimitedString; + public class TransportGetUsersAction extends HandledTransportAction { private final NativeUsersStore usersStore; @@ -79,7 +82,7 @@ public class TransportGetUsersAction extends HandledTransportAction) () -> new ParameterizedMessage("failed to retrieve user [{}]", username), e); listener.onFailure(e); } }); @@ -95,8 +98,9 @@ public class TransportGetUsersAction extends HandledTransportAction) () -> new ParameterizedMessage( + "failed to retrieve user [{}]", arrayToDelimitedString(request.usernames(), ",")), e); listener.onFailure(e); } }); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportPutUserAction.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportPutUserAction.java index a8de5a48113..668be36620c 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportPutUserAction.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportPutUserAction.java @@ -5,18 +5,20 @@ */ package org.elasticsearch.xpack.security.action.user; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.action.support.HandledTransportAction; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.transport.TransportService; import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore; import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm; import org.elasticsearch.xpack.security.user.AnonymousUser; import org.elasticsearch.xpack.security.user.SystemUser; -import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.transport.TransportService; public class TransportPutUserAction extends HandledTransportAction { @@ -60,7 +62,7 @@ public class TransportPutUserAction extends HandledTransportAction) () -> new ParameterizedMessage("failed to put user [{}]", request.username()), e); listener.onFailure(e); } }); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java index 9cdfd4381d8..95e93adfbf5 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java @@ -5,6 +5,9 @@ */ package org.elasticsearch.xpack.security.audit.index; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.admin.cluster.state.ClusterStateResponse; import org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsRequest; @@ -19,17 +22,16 @@ import org.elasticsearch.action.index.IndexRequest; import org.elasticsearch.client.Client; import org.elasticsearch.client.transport.TransportClient; import org.elasticsearch.cluster.ClusterChangedEvent; -import org.elasticsearch.cluster.node.DiscoveryNode; -import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.ClusterStateListener; import org.elasticsearch.cluster.metadata.IndexMetaData; +import org.elasticsearch.cluster.node.DiscoveryNode; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; import org.elasticsearch.common.collect.Tuple; import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.io.Streams; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Setting.Property; @@ -45,18 +47,18 @@ import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.gateway.GatewayService; import org.elasticsearch.node.Node; import org.elasticsearch.rest.RestRequest; +import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.transport.TransportMessage; +import org.elasticsearch.xpack.XPackTransportClient; import org.elasticsearch.xpack.security.InternalClient; -import org.elasticsearch.xpack.security.user.SystemUser; -import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.user.XPackUser; import org.elasticsearch.xpack.security.audit.AuditTrail; import org.elasticsearch.xpack.security.authc.AuthenticationToken; import org.elasticsearch.xpack.security.authz.privilege.SystemPrivilege; import org.elasticsearch.xpack.security.rest.RemoteHostHeader; import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule; -import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.transport.TransportMessage; -import org.elasticsearch.xpack.XPackTransportClient; +import org.elasticsearch.xpack.security.user.SystemUser; +import org.elasticsearch.xpack.security.user.User; +import org.elasticsearch.xpack.security.user.XPackUser; import org.joda.time.DateTime; import org.joda.time.DateTimeZone; @@ -82,6 +84,7 @@ import java.util.concurrent.locks.Lock; import java.util.concurrent.locks.ReentrantLock; import java.util.function.Function; +import static org.elasticsearch.xpack.security.Security.setting; import static org.elasticsearch.xpack.security.audit.AuditUtil.indices; import static org.elasticsearch.xpack.security.audit.AuditUtil.restRequestContent; import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.ACCESS_DENIED; @@ -96,7 +99,6 @@ import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.SYSTE import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.TAMPERED_REQUEST; import static org.elasticsearch.xpack.security.audit.index.IndexAuditLevel.parse; import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.resolve; -import static org.elasticsearch.xpack.security.Security.setting; /** * Audit trail implementation that writes events into an index. @@ -188,8 +190,12 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl try { events = parse(includedEvents, excludedEvents); } catch (IllegalArgumentException e) { - logger.warn("invalid event type specified, using default for audit index output. include events [{}], exclude events [{}]", - e, includedEvents, excludedEvents); + logger.warn( + (Supplier) () -> new ParameterizedMessage( + "invalid event type specified, using default for audit index output. include events [{}], exclude events [{}]", + includedEvents, + excludedEvents), + e); events = parse(DEFAULT_EVENT_INCLUDES, Collections.emptyList()); } this.indexToRemoteCluster = REMOTE_CLIENT_SETTINGS.get(settings).names().size() > 0; @@ -706,7 +712,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl return eventQueue.peek(); } - private static Client initializeRemoteClient(Settings settings, ESLogger logger) { + private static Client initializeRemoteClient(Settings settings, Logger logger) { Settings clientSettings = REMOTE_CLIENT_SETTINGS.get(settings); String[] hosts = clientSettings.getAsArray("hosts"); if (hosts.length == 0) { @@ -842,7 +848,9 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl @Override public void afterBulk(long executionId, BulkRequest request, Throwable failure) { - logger.error("failed to bulk index audit events: [{}]", failure, failure.getMessage()); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "failed to bulk index audit events: [{}]", failure.getMessage()), failure); } }).setBulkActions(bulkSize) .setFlushInterval(interval) @@ -866,8 +874,9 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl INDEX_TEMPLATE_NAME); threadPool.generic().execute(new AbstractRunnable() { @Override - public void onFailure(Exception throwable) { - logger.error("failed to update security audit index template [{}]", throwable, INDEX_TEMPLATE_NAME); + public void onFailure(Exception e) { + logger.error((Supplier) () -> new ParameterizedMessage( + "failed to update security audit index template [{}]", INDEX_TEMPLATE_NAME), e); } @Override diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java index 3f688680b9e..bd6b2a20b55 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java @@ -5,10 +5,10 @@ */ package org.elasticsearch.xpack.security.audit.logfile; +import org.apache.logging.log4j.Logger; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.component.AbstractComponent; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.settings.Setting; @@ -18,16 +18,16 @@ import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.rest.RestRequest; -import org.elasticsearch.xpack.security.user.SystemUser; -import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.user.XPackUser; +import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.transport.TransportMessage; import org.elasticsearch.xpack.security.audit.AuditTrail; import org.elasticsearch.xpack.security.authc.AuthenticationToken; import org.elasticsearch.xpack.security.authz.privilege.SystemPrivilege; import org.elasticsearch.xpack.security.rest.RemoteHostHeader; import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule; -import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.transport.TransportMessage; +import org.elasticsearch.xpack.security.user.SystemUser; +import org.elasticsearch.xpack.security.user.User; +import org.elasticsearch.xpack.security.user.XPackUser; import java.net.InetAddress; import java.net.InetSocketAddress; @@ -36,9 +36,9 @@ import java.util.List; import java.util.Set; import static org.elasticsearch.common.Strings.collectionToCommaDelimitedString; +import static org.elasticsearch.xpack.security.Security.setting; import static org.elasticsearch.xpack.security.audit.AuditUtil.indices; import static org.elasticsearch.xpack.security.audit.AuditUtil.restRequestContent; -import static org.elasticsearch.xpack.security.Security.setting; /** * @@ -53,7 +53,7 @@ public class LoggingAuditTrail extends AbstractComponent implements AuditTrail { public static final Setting NODE_NAME_SETTING = Setting.boolSetting(setting("audit.logfile.prefix.emit_node_name"), true, Property.NodeScope); - private final ESLogger logger; + private final Logger logger; private final ClusterService clusterService; private final ThreadContext threadContext; @@ -68,7 +68,7 @@ public class LoggingAuditTrail extends AbstractComponent implements AuditTrail { this(settings, clusterService, Loggers.getLogger(LoggingAuditTrail.class), threadPool.getThreadContext()); } - LoggingAuditTrail(Settings settings, ClusterService clusterService, ESLogger logger, ThreadContext threadContext) { + LoggingAuditTrail(Settings settings, ClusterService clusterService, Logger logger, ThreadContext threadContext) { super(settings); this.logger = logger; this.clusterService = clusterService; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java index 9cc8a86cedb..08f86226729 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/AuthenticationService.java @@ -5,9 +5,8 @@ */ package org.elasticsearch.xpack.security.authc; -import java.io.IOException; -import java.util.List; - +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; @@ -18,14 +17,17 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.node.Node; import org.elasticsearch.rest.RestRequest; -import org.elasticsearch.xpack.security.audit.AuditTrailService; -import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; -import org.elasticsearch.xpack.security.user.AnonymousUser; -import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.audit.AuditTrail; -import org.elasticsearch.xpack.security.crypto.CryptoService; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportMessage; +import org.elasticsearch.xpack.security.audit.AuditTrail; +import org.elasticsearch.xpack.security.audit.AuditTrailService; +import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; +import org.elasticsearch.xpack.security.crypto.CryptoService; +import org.elasticsearch.xpack.security.user.AnonymousUser; +import org.elasticsearch.xpack.security.user.User; + +import java.io.IOException; +import java.util.List; import static org.elasticsearch.xpack.security.Security.setting; @@ -188,7 +190,7 @@ public class AuthenticationService extends AbstractComponent { } } catch (Exception e) { if (logger.isDebugEnabled()) { - logger.debug("failed to extract token from request: [{}]", e, request); + logger.debug((Supplier) () -> new ParameterizedMessage("failed to extract token from request: [{}]", request), e); } else { logger.warn("failed to extract token from request: [{}]: {}", request, e.getMessage()); } @@ -228,7 +230,9 @@ public class AuthenticationService extends AbstractComponent { } } } catch (Exception e) { - logger.debug("authentication failed for principal [{}], [{}] ", e, token.principal(), request); + logger.debug( + (Supplier) () -> new ParameterizedMessage( + "authentication failed for principal [{}], [{}] ", token.principal(), request), e); throw request.exceptionProcessingRequest(e, token); } finally { token.clearCredentials(); @@ -282,7 +286,12 @@ public class AuthenticationService extends AbstractComponent { // authorization error user = new User(user.principal(), user.roles(), new User(runAsUsername, Strings.EMPTY_ARRAY)); } catch (Exception e) { - logger.debug("run as failed for principal [{}], [{}], run as username [{}]", e, token.principal(), request, runAsUsername); + logger.debug( + (Supplier) () -> new ParameterizedMessage("run as failed for principal [{}], [{}], run as username [{}]", + token.principal(), + request, + runAsUsername), + e); throw request.exceptionProcessingRequest(e, token); } return user; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java index c6596033be5..a01e1c719b9 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.security.authc; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.xpack.security.user.User; @@ -19,7 +19,7 @@ import java.util.Map; */ public abstract class Realm implements Comparable { - protected final ESLogger logger; + protected final Logger logger; protected final String type; protected RealmConfig config; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/RealmConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/RealmConfig.java index a6e4d42dba7..da8afcc3edc 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/RealmConfig.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/RealmConfig.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.security.authc; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; @@ -56,7 +56,7 @@ public class RealmConfig { return globalSettings; } - public ESLogger logger(Class clazz) { + public Logger logger(Class clazz) { return Loggers.getLogger(clazz, globalSettings); } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolver.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolver.java index 8fff603b1b8..f606469e53d 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolver.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolver.java @@ -13,7 +13,9 @@ import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchResultEntry; import com.unboundid.ldap.sdk.SearchScope; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope; @@ -42,7 +44,7 @@ public class ActiveDirectoryGroupsResolver implements GroupsResolver { } @Override - public List resolve(LDAPInterface connection, String userDn, TimeValue timeout, ESLogger logger, + public List resolve(LDAPInterface connection, String userDn, TimeValue timeout, Logger logger, Collection attributes) { Filter groupSearchFilter = buildGroupQuery(connection, userDn, timeout, logger); logger.debug("group SID to DN search filter: [{}]", groupSearchFilter); @@ -56,7 +58,7 @@ public class ActiveDirectoryGroupsResolver implements GroupsResolver { try { results = search(connection, searchRequest, logger); } catch (LDAPException e) { - logger.error("failed to fetch AD groups for DN [{}]", e, userDn); + logger.error((Supplier) () -> new ParameterizedMessage("failed to fetch AD groups for DN [{}]", userDn), e); return Collections.emptyList(); } @@ -76,7 +78,7 @@ public class ActiveDirectoryGroupsResolver implements GroupsResolver { return null; } - static Filter buildGroupQuery(LDAPInterface connection, String userDn, TimeValue timeout, ESLogger logger) { + static Filter buildGroupQuery(LDAPInterface connection, String userDn, TimeValue timeout, Logger logger) { try { SearchRequest request = new SearchRequest(userDn, SearchScope.BASE, OBJECT_CLASS_PRESENCE_FILTER, "tokenGroups"); request.setTimeLimitSeconds(Math.toIntExact(timeout.seconds())); @@ -92,7 +94,7 @@ public class ActiveDirectoryGroupsResolver implements GroupsResolver { } return Filter.createORFilter(orFilters); } catch (LDAPException e) { - logger.error("failed to fetch AD groups for DN [{}]", e, userDn); + logger.error((Supplier) () -> new ParameterizedMessage("failed to fetch AD groups for DN [{}]", userDn), e); return null; } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealm.java index 06d6415a660..97cfad7c6af 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealm.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealm.java @@ -10,7 +10,7 @@ import org.elasticsearch.xpack.security.authc.RealmConfig; import org.elasticsearch.xpack.security.authc.ldap.support.AbstractLdapRealm; import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory; import org.elasticsearch.xpack.security.authc.support.DnRoleMapper; -import org.elasticsearch.xpack.security.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLService; /** * diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectorySessionFactory.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectorySessionFactory.java index c769463107d..c06743f7ff4 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectorySessionFactory.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectorySessionFactory.java @@ -11,10 +11,10 @@ import com.unboundid.ldap.sdk.LDAPConnectionOptions; import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResult; +import org.apache.logging.log4j.Logger; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.cache.Cache; import org.elasticsearch.common.cache.CacheBuilder; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.xpack.security.authc.RealmConfig; @@ -23,7 +23,7 @@ import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession; import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver; import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory; import org.elasticsearch.xpack.security.authc.support.SecuredString; -import org.elasticsearch.xpack.security.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLService; import java.util.concurrent.ExecutionException; @@ -106,12 +106,12 @@ public class ActiveDirectorySessionFactory extends SessionFactory { abstract static class ADAuthenticator { final TimeValue timeout; - final ESLogger logger; + final Logger logger; final GroupsResolver groupsResolver; final String userSearchDN; final LdapSearchScope userSearchScope; - ADAuthenticator(Settings settings, TimeValue timeout, ESLogger logger, GroupsResolver groupsResolver, String domainDN) { + ADAuthenticator(Settings settings, TimeValue timeout, Logger logger, GroupsResolver groupsResolver, String domainDN) { this.timeout = timeout; this.logger = logger; this.groupsResolver = groupsResolver; @@ -161,7 +161,7 @@ public class ActiveDirectorySessionFactory extends SessionFactory { final String userSearchFilter; final String domainName; - DefaultADAuthenticator(Settings settings, TimeValue timeout, ESLogger logger, GroupsResolver groupsResolver, String domainDN) { + DefaultADAuthenticator(Settings settings, TimeValue timeout, Logger logger, GroupsResolver groupsResolver, String domainDN) { super(settings, timeout, logger, groupsResolver, domainDN); domainName = settings.get(AD_DOMAIN_NAME_SETTING); userSearchFilter = settings.get(AD_USER_SEARCH_FILTER_SETTING, "(&(objectClass=user)(|(sAMAccountName={0})" + @@ -190,7 +190,7 @@ public class ActiveDirectorySessionFactory extends SessionFactory { final String domainDN; final Settings settings; - DownLevelADAuthenticator(Settings settings, TimeValue timeout, ESLogger logger, GroupsResolver groupsResolver, String domainDN) { + DownLevelADAuthenticator(Settings settings, TimeValue timeout, Logger logger, GroupsResolver groupsResolver, String domainDN) { super(settings, timeout, logger, groupsResolver, domainDN); this.domainDN = domainDN; this.settings = settings; @@ -271,7 +271,7 @@ public class ActiveDirectorySessionFactory extends SessionFactory { private static final String UPN_USER_FILTER = "(&(objectClass=user)(|(sAMAccountName={0})(userPrincipalName={1})))"; - UpnADAuthenticator(Settings settings, TimeValue timeout, ESLogger logger, GroupsResolver groupsResolver, String domainDN) { + UpnADAuthenticator(Settings settings, TimeValue timeout, Logger logger, GroupsResolver groupsResolver, String domainDN) { super(settings, timeout, logger, groupsResolver, domainDN); } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java index d34366d8623..0d896971b23 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java @@ -28,7 +28,7 @@ import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; import org.elasticsearch.xpack.security.authz.RoleDescriptor; import org.elasticsearch.xpack.security.authz.store.FileRolesStore; -import org.elasticsearch.xpack.security.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLService; import java.io.BufferedReader; import java.io.IOException; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java index 4a43543272f..1eabb7937fa 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java @@ -9,7 +9,8 @@ import com.carrotsearch.hppc.ObjectHashSet; import com.carrotsearch.hppc.ObjectLongHashMap; import com.carrotsearch.hppc.ObjectLongMap; import com.carrotsearch.hppc.cursors.ObjectCursor; - +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.action.ActionListener; @@ -47,6 +48,9 @@ import org.elasticsearch.index.engine.DocumentMissingException; import org.elasticsearch.index.query.QueryBuilder; import org.elasticsearch.index.query.QueryBuilders; import org.elasticsearch.search.SearchHit; +import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.threadpool.ThreadPool.Cancellable; +import org.elasticsearch.threadpool.ThreadPool.Names; import org.elasticsearch.xpack.security.InternalClient; import org.elasticsearch.xpack.security.SecurityTemplateService; import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheRequest; @@ -60,9 +64,6 @@ import org.elasticsearch.xpack.security.client.SecurityClient; import org.elasticsearch.xpack.security.user.SystemUser; import org.elasticsearch.xpack.security.user.User; import org.elasticsearch.xpack.security.user.User.Fields; -import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.threadpool.ThreadPool.Cancellable; -import org.elasticsearch.threadpool.ThreadPool.Names; import java.util.ArrayList; import java.util.Arrays; @@ -164,7 +165,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL // we call the response with a null user listener.onResponse(null); } else { - logger.debug("failed to retrieve user [{}]", t, username); + logger.debug((Supplier) () -> new ParameterizedMessage("failed to retrieve user [{}]", username), t); listener.onFailure(t); } } @@ -243,7 +244,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL } }); } catch (Exception e) { - logger.error("unable to retrieve users {}", e, Arrays.toString(usernames)); + logger.error((Supplier) () -> new ParameterizedMessage("unable to retrieve users {}", Arrays.toString(usernames)), e); listener.onFailure(e); } } @@ -260,9 +261,11 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL @Override public void onFailure(Exception t) { if (t instanceof IndexNotFoundException) { - logger.trace("failed to retrieve user [{}] since security index does not exist", t, username); + logger.trace( + (Supplier) () -> new ParameterizedMessage( + "failed to retrieve user [{}] since security index does not exist", username), t); } else { - logger.error("failed to retrieve user [{}]", t, username); + logger.error((Supplier) () -> new ParameterizedMessage("failed to retrieve user [{}]", username), t); } } }, latch)); @@ -287,9 +290,11 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL @Override public void onFailure(Exception t) { if (t instanceof IndexNotFoundException) { - logger.trace("could not retrieve user [{}] because security index does not exist", t, user); + logger.trace( + (Supplier) () -> new ParameterizedMessage( + "could not retrieve user [{}] because security index does not exist", user), t); } else { - logger.error("failed to retrieve user [{}]", t, user); + logger.error((Supplier) () -> new ParameterizedMessage("failed to retrieve user [{}]", user), t); } // We don't invoke the onFailure listener here, instead // we call the response with a null user @@ -300,7 +305,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL logger.trace("could not retrieve user [{}] because security index does not exist", user); listener.onResponse(null); } catch (Exception e) { - logger.error("unable to retrieve user [{}]", e, user); + logger.error((Supplier) () -> new ParameterizedMessage("unable to retrieve user [{}]", user), e); listener.onFailure(e); } } @@ -346,7 +351,9 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL if (docType.equals(RESERVED_USER_DOC_TYPE)) { createReservedUser(username, request.passwordHash(), request.getRefreshPolicy(), listener); } else { - logger.debug("failed to change password for user [{}]", cause, request.username()); + logger.debug( + (Supplier) () -> new ParameterizedMessage( + "failed to change password for user [{}]", request.username()), cause); ValidationException validationException = new ValidationException(); validationException.addValidationError("user must exist in order to change password"); listener.onFailure(validationException); @@ -385,7 +392,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL indexUser(request, listener); } } catch (Exception e) { - logger.error("unable to put user [{}]", e, request.username()); + logger.error((Supplier) () -> new ParameterizedMessage("unable to put user [{}]", request.username()), e); listener.onFailure(e); } } @@ -421,7 +428,11 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL // if the index doesn't exist we can never update a user // if the document doesn't exist, then this update is not valid - logger.debug("failed to update user document with username [{}]", cause, putUserRequest.username()); + logger.debug( + (Supplier) () -> new ParameterizedMessage( + "failed to update user document with username [{}]", + putUserRequest.username()), + cause); ValidationException validationException = new ValidationException(); validationException.addValidationError("password must be specified unless you are updating an existing user"); listener.onFailure(validationException); @@ -614,9 +625,15 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL @Override public void onFailure(Exception e) { if (e instanceof IndexNotFoundException) { - logger.trace("could not retrieve built in user [{}] password since security index does not exist", e, username); + logger.trace( + (Supplier) () -> new ParameterizedMessage( + "could not retrieve built in user [{}] password since security index does not exist", + username), + e); } else { - logger.error("failed to retrieve built in user [{}] password", e, username); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "failed to retrieve built in user [{}] password", username), e); failure.set(e); } } @@ -650,7 +667,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL @Override public void onFailure(Exception t) { // Not really much to do here except for warn about it... - logger.warn("failed to clear scroll [{}]", t, scrollId); + logger.warn((Supplier) () -> new ParameterizedMessage("failed to clear scroll [{}]", scrollId), t); } }); } @@ -667,7 +684,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL @Override public void onFailure(Exception e) { - logger.error("unable to clear realm cache for user [{}]", e, username); + logger.error((Supplier) () -> new ParameterizedMessage("unable to clear realm cache for user [{}]", username), e); ElasticsearchException exception = new ElasticsearchException("clearing the cache for [" + username + "] failed. please clear the realm cache manually", e); listener.onFailure(exception); @@ -717,7 +734,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL Map metadata = (Map) sourceMap.get(User.Fields.METADATA.getPreferredName()); return new UserAndPassword(new User(username, roles, fullName, email, metadata), password.toCharArray()); } catch (Exception e) { - logger.error("error in the format of data for user [{}]", e, username); + logger.error((Supplier) () -> new ParameterizedMessage("error in the format of data for user [{}]", username), e); return null; } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java index 4dbafd1b39d..1fbe87bdf8a 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java @@ -5,7 +5,8 @@ */ package org.elasticsearch.xpack.security.authc.esnative; -import org.elasticsearch.common.inject.Inject; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.xpack.security.authc.RealmConfig; @@ -16,9 +17,9 @@ import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; import org.elasticsearch.xpack.security.support.Exceptions; import org.elasticsearch.xpack.security.user.AnonymousUser; +import org.elasticsearch.xpack.security.user.ElasticUser; import org.elasticsearch.xpack.security.user.KibanaUser; import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.user.ElasticUser; import java.util.Arrays; import java.util.Collection; @@ -131,7 +132,8 @@ public class ReservedRealm extends CachingUsernamePasswordRealm { } return passwordHash; } catch (Exception e) { - logger.error("failed to retrieve password hash for reserved user [{}]", e, username); + logger.error( + (Supplier) () -> new ParameterizedMessage("failed to retrieve password hash for reserved user [{}]", username), e); return null; } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java index d93fd3cc25c..d64111657d5 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java @@ -5,10 +5,16 @@ */ package org.elasticsearch.xpack.security.authc.file; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.inject.internal.Nullable; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.env.Environment; +import org.elasticsearch.watcher.FileChangesListener; +import org.elasticsearch.watcher.FileWatcher; +import org.elasticsearch.watcher.ResourceWatcherService; +import org.elasticsearch.xpack.XPackPlugin; import org.elasticsearch.xpack.security.authc.RealmConfig; import org.elasticsearch.xpack.security.authc.support.Hasher; import org.elasticsearch.xpack.security.authc.support.RefreshListener; @@ -16,10 +22,6 @@ import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.elasticsearch.xpack.security.support.NoOpLogger; import org.elasticsearch.xpack.security.support.Validation; import org.elasticsearch.xpack.security.support.Validation.Users; -import org.elasticsearch.watcher.FileChangesListener; -import org.elasticsearch.watcher.FileWatcher; -import org.elasticsearch.watcher.ResourceWatcherService; -import org.elasticsearch.xpack.XPackPlugin; import java.io.IOException; import java.io.PrintWriter; @@ -38,7 +40,7 @@ import static org.elasticsearch.xpack.security.support.SecurityFiles.openAtomicM public class FileUserPasswdStore { - private final ESLogger logger; + private final Logger logger; private final Path file; final Hasher hasher = Hasher.BCRYPT; @@ -97,11 +99,13 @@ public class FileUserPasswdStore { * Internally in this class, we try to load the file, but if for some reason we can't, we're being more lenient by * logging the error and skipping all users. This is aligned with how we handle other auto-loaded files in security. */ - static Map parseFileLenient(Path path, ESLogger logger) { + static Map parseFileLenient(Path path, Logger logger) { try { return parseFile(path, logger); } catch (Exception e) { - logger.error("failed to parse users file [{}]. skipping/removing all users...", e, path.toAbsolutePath()); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "failed to parse users file [{}]. skipping/removing all users...", path.toAbsolutePath()), e); return emptyMap(); } } @@ -110,7 +114,7 @@ public class FileUserPasswdStore { * parses the users file. Should never return {@code null}, if the file doesn't exist an * empty map is returned */ - public static Map parseFile(Path path, @Nullable ESLogger logger) { + public static Map parseFile(Path path, @Nullable Logger logger) { if (logger == null) { logger = NoOpLogger.INSTANCE; } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java index f667414a1b0..636dd93eb68 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java @@ -5,19 +5,21 @@ */ package org.elasticsearch.xpack.security.authc.file; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Strings; import org.elasticsearch.common.inject.internal.Nullable; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.env.Environment; -import org.elasticsearch.xpack.security.authc.RealmConfig; -import org.elasticsearch.xpack.security.authc.support.RefreshListener; -import org.elasticsearch.xpack.security.support.NoOpLogger; -import org.elasticsearch.xpack.security.support.Validation; import org.elasticsearch.watcher.FileChangesListener; import org.elasticsearch.watcher.FileWatcher; import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.XPackPlugin; +import org.elasticsearch.xpack.security.authc.RealmConfig; +import org.elasticsearch.xpack.security.authc.support.RefreshListener; +import org.elasticsearch.xpack.security.support.NoOpLogger; +import org.elasticsearch.xpack.security.support.Validation; import java.io.IOException; import java.io.PrintWriter; @@ -40,7 +42,7 @@ public class FileUserRolesStore { private static final Pattern USERS_DELIM = Pattern.compile("\\s*,\\s*"); - private final ESLogger logger; + private final Logger logger; private final Path file; private CopyOnWriteArrayList listeners; @@ -92,11 +94,14 @@ public class FileUserRolesStore { * Internally in this class, we try to load the file, but if for some reason we can't, we're being more lenient by * logging the error and skipping all enries. This is aligned with how we handle other auto-loaded files in security. */ - static Map parseFileLenient(Path path, ESLogger logger) { + static Map parseFileLenient(Path path, Logger logger) { try { return parseFile(path, logger); } catch (Exception e) { - logger.error("failed to parse users_roles file [{}]. skipping/removing all entries...", e, path.toAbsolutePath()); + logger.error( + (Supplier) () -> new ParameterizedMessage("failed to parse users_roles file [{}]. skipping/removing all entries...", + path.toAbsolutePath()), + e); return emptyMap(); } } @@ -106,7 +111,7 @@ public class FileUserRolesStore { * an empty map is returned. The read file holds a mapping per line of the form "role -> users" while the returned * map holds entries of the form "user -> roles". */ - public static Map parseFile(Path path, @Nullable ESLogger logger) { + public static Map parseFile(Path path, @Nullable Logger logger) { if (logger == null) { logger = NoOpLogger.INSTANCE; } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealm.java index 9b2b4b71753..a9fa797a67f 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealm.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealm.java @@ -15,7 +15,7 @@ import org.elasticsearch.xpack.security.authc.RealmConfig; import org.elasticsearch.xpack.security.authc.ldap.support.AbstractLdapRealm; import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory; import org.elasticsearch.xpack.security.authc.support.DnRoleMapper; -import org.elasticsearch.xpack.security.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLService; /** diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactory.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactory.java index 4181b339232..9be620c6667 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactory.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactory.java @@ -7,13 +7,15 @@ package org.elasticsearch.xpack.security.authc.ldap; import com.unboundid.ldap.sdk.LDAPConnection; import com.unboundid.ldap.sdk.LDAPException; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.xpack.security.authc.RealmConfig; import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession; import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver; import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory; import org.elasticsearch.xpack.security.authc.support.SecuredString; -import org.elasticsearch.xpack.security.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLService; import java.text.MessageFormat; import java.util.Locale; @@ -64,7 +66,8 @@ public class LdapSessionFactory extends SessionFactory { } catch (LDAPException e) { // we catch the ldapException here since we expect it can happen and we shouldn't be logging this all the time otherwise // it is just noise - logger.debug("failed LDAP authentication with user template [{}] and DN [{}]", e, template, dn); + logger.debug((Supplier) () -> new ParameterizedMessage( + "failed LDAP authentication with user template [{}] and DN [{}]", template, dn), e); if (lastException == null) { lastException = e; } else { diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactory.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactory.java index 4ca53662002..2afc15f923e 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactory.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactory.java @@ -15,7 +15,7 @@ import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResultEntry; import com.unboundid.ldap.sdk.ServerSet; import com.unboundid.ldap.sdk.SimpleBindRequest; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.xpack.security.authc.RealmConfig; @@ -24,7 +24,7 @@ import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession; import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver; import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory; import org.elasticsearch.xpack.security.authc.support.SecuredString; -import org.elasticsearch.xpack.security.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLService; import org.elasticsearch.xpack.security.support.Exceptions; import java.util.Locale; @@ -67,7 +67,7 @@ class LdapUserSearchSessionFactory extends SessionFactory { } } - static LDAPConnectionPool createConnectionPool(RealmConfig config, ServerSet serverSet, TimeValue timeout, ESLogger logger) + static LDAPConnectionPool createConnectionPool(RealmConfig config, ServerSet serverSet, TimeValue timeout, Logger logger) throws LDAPException { Settings settings = config.settings(); SimpleBindRequest bindRequest = bindRequest(settings); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolver.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolver.java index 52d668ec086..8298ac6853e 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolver.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/SearchGroupsResolver.java @@ -12,7 +12,7 @@ import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchResultEntry; import com.unboundid.ldap.sdk.SearchScope; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope; @@ -54,7 +54,7 @@ class SearchGroupsResolver implements GroupsResolver { } @Override - public List resolve(LDAPInterface connection, String userDn, TimeValue timeout, ESLogger logger, + public List resolve(LDAPInterface connection, String userDn, TimeValue timeout, Logger logger, Collection attributes) throws LDAPException { String userId = getUserId(userDn, attributes, connection, timeout, logger); if (userId == null) { @@ -81,7 +81,7 @@ class SearchGroupsResolver implements GroupsResolver { } private String getUserId(String dn, Collection attributes, LDAPInterface connection, TimeValue - timeout, ESLogger logger) throws LDAPException { + timeout, Logger logger) throws LDAPException { if (userAttribute == null) { return dn; } @@ -97,7 +97,7 @@ class SearchGroupsResolver implements GroupsResolver { return readUserAttribute(connection, dn, timeout, logger); } - String readUserAttribute(LDAPInterface connection, String userDn, TimeValue timeout, ESLogger logger) throws LDAPException { + String readUserAttribute(LDAPInterface connection, String userDn, TimeValue timeout, Logger logger) throws LDAPException { SearchRequest request = new SearchRequest(userDn, SearchScope.BASE, OBJECT_CLASS_PRESENCE_FILTER, userAttribute); request.setTimeLimitSeconds(Math.toIntExact(timeout.seconds())); SearchResultEntry results = searchForEntry(connection, request, logger); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/UserAttributeGroupsResolver.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/UserAttributeGroupsResolver.java index e04d9924063..313a0ebfe68 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/UserAttributeGroupsResolver.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/UserAttributeGroupsResolver.java @@ -11,7 +11,7 @@ import com.unboundid.ldap.sdk.LDAPInterface; import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResultEntry; import com.unboundid.ldap.sdk.SearchScope; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession.GroupsResolver; @@ -41,7 +41,7 @@ class UserAttributeGroupsResolver implements GroupsResolver { } @Override - public List resolve(LDAPInterface connection, String userDn, TimeValue timeout, ESLogger logger, + public List resolve(LDAPInterface connection, String userDn, TimeValue timeout, Logger logger, Collection attributes) throws LDAPException { if (attributes != null) { for (Attribute attribute : attributes) { diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/AbstractLdapRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/AbstractLdapRealm.java index 8165c8dce03..c9b9042aae4 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/AbstractLdapRealm.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/AbstractLdapRealm.java @@ -5,17 +5,19 @@ */ package org.elasticsearch.xpack.security.authc.ldap.support; -import java.util.List; -import java.util.Map; -import java.util.Set; - import com.unboundid.ldap.sdk.LDAPException; -import org.elasticsearch.xpack.security.user.User; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.xpack.security.authc.RealmConfig; import org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm; import org.elasticsearch.xpack.security.authc.support.DnRoleMapper; import org.elasticsearch.xpack.security.authc.support.RefreshListener; import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; +import org.elasticsearch.xpack.security.user.User; + +import java.util.List; +import java.util.Map; +import java.util.Set; /** * Supporting class for LDAP realms @@ -75,7 +77,7 @@ public abstract class AbstractLdapRealm extends CachingUsernamePasswordRealm { private void logException(String action, Exception e, String principal) { if (logger.isDebugEnabled()) { - logger.debug("{} failed for user [{}]", e, action, principal); + logger.debug((Supplier) () -> new ParameterizedMessage("{} failed for user [{}]", action, principal), e); } else { String causeMessage = (e.getCause() == null) ? null : e.getCause().getMessage(); if (causeMessage == null) { diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapSession.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapSession.java index a41e28e7e86..91e30243aee 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapSession.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapSession.java @@ -9,7 +9,7 @@ import com.unboundid.ldap.sdk.Attribute; import com.unboundid.ldap.sdk.LDAPConnection; import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.LDAPInterface; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.unit.TimeValue; import java.io.Closeable; @@ -21,7 +21,7 @@ import java.util.List; */ public class LdapSession implements Closeable { - protected final ESLogger logger; + protected final Logger logger; protected final LDAPInterface ldap; protected final String userDn; protected final GroupsResolver groupsResolver; @@ -36,7 +36,7 @@ public class LdapSession implements Closeable { * outside of and be reused across all connections. We can't keep a static logger in this class * since we want the logger to be contextual (i.e. aware of the settings and its environment). */ - public LdapSession(ESLogger logger, LDAPInterface connection, String userDn, GroupsResolver groupsResolver, TimeValue timeout, + public LdapSession(Logger logger, LDAPInterface connection, String userDn, GroupsResolver groupsResolver, TimeValue timeout, Collection attributes) { this.logger = logger; this.ldap = connection; @@ -73,7 +73,7 @@ public class LdapSession implements Closeable { public interface GroupsResolver { - List resolve(LDAPInterface ldapConnection, String userDn, TimeValue timeout, ESLogger logger, + List resolve(LDAPInterface ldapConnection, String userDn, TimeValue timeout, Logger logger, Collection attributes) throws LDAPException; String[] attributes(); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapUtils.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapUtils.java index f2ccb1b4fbb..241d17d4e3b 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapUtils.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapUtils.java @@ -14,7 +14,9 @@ import com.unboundid.ldap.sdk.ResultCode; import com.unboundid.ldap.sdk.SearchRequest; import com.unboundid.ldap.sdk.SearchResult; import com.unboundid.ldap.sdk.SearchResultEntry; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import javax.naming.ldap.Rdn; import java.text.MessageFormat; @@ -48,15 +50,18 @@ public final class LdapUtils { * This method performs a LDAPConnection.search(...) operation while handling referral exceptions. This is necessary * to maintain backwards compatibility with the original JNDI implementation */ - public static SearchResult search(LDAPInterface ldap, SearchRequest searchRequest, ESLogger logger) throws LDAPException { + public static SearchResult search(LDAPInterface ldap, SearchRequest searchRequest, Logger logger) throws LDAPException { SearchResult results; try { results = ldap.search(searchRequest); } catch (LDAPSearchException e) { if (e.getResultCode().equals(ResultCode.REFERRAL) && e.getSearchResult() != null) { if (logger.isDebugEnabled()) { - logger.debug("a referral could not be followed for request [{}] so some results may not have been retrieved", e, - searchRequest); + logger.debug( + (Supplier) () -> new ParameterizedMessage( + "a referral could not be followed for request [{}] so some results may not have been retrieved", + searchRequest), + e); } results = e.getSearchResult(); } else { @@ -70,15 +75,18 @@ public final class LdapUtils { * This method performs a LDAPConnection.searchForEntry(...) operation while handling referral exceptions. This is necessary * to maintain backwards compatibility with the original JNDI implementation */ - public static SearchResultEntry searchForEntry(LDAPInterface ldap, SearchRequest searchRequest, ESLogger logger) throws LDAPException { + public static SearchResultEntry searchForEntry(LDAPInterface ldap, SearchRequest searchRequest, Logger logger) throws LDAPException { SearchResultEntry entry; try { entry = ldap.searchForEntry(searchRequest); } catch (LDAPSearchException e) { if (e.getResultCode().equals(ResultCode.REFERRAL) && e.getSearchResult() != null && e.getSearchResult().getEntryCount() > 0) { if (logger.isDebugEnabled()) { - logger.debug("a referral could not be followed for request [{}] so some results may not have been retrieved", e, - searchRequest); + logger.debug( + (Supplier) () -> new ParameterizedMessage( + "a referral could not be followed for request [{}] so some results may not have been retrieved", + searchRequest), + e); } entry = e.getSearchResult().getSearchEntries().get(0); } else { diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactory.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactory.java index fede5cd7d02..e3b58d1cebf 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactory.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactory.java @@ -10,13 +10,13 @@ import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.LDAPURL; import com.unboundid.ldap.sdk.ServerSet; import com.unboundid.util.ssl.HostNameSSLSocketVerifier; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.Strings; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.xpack.security.authc.RealmConfig; import org.elasticsearch.xpack.security.authc.support.SecuredString; -import org.elasticsearch.xpack.security.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLService; import javax.net.SocketFactory; import java.util.regex.Pattern; @@ -47,7 +47,7 @@ public abstract class SessionFactory { private static final Pattern STARTS_WITH_LDAPS = Pattern.compile("^ldaps:.*", Pattern.CASE_INSENSITIVE); private static final Pattern STARTS_WITH_LDAP = Pattern.compile("^ldap:.*", Pattern.CASE_INSENSITIVE); - protected final ESLogger logger; + protected final Logger logger; protected final RealmConfig config; protected final TimeValue timeout; protected final SSLService sslService; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/pki/PkiRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/pki/PkiRealm.java index d3ed3f64c30..2b0e4edb58e 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/pki/PkiRealm.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/pki/PkiRealm.java @@ -5,40 +5,42 @@ */ package org.elasticsearch.xpack.security.authc.pki; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; +import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Strings; -import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.env.Environment; +import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.security.Security; +import org.elasticsearch.xpack.security.authc.Realms; +import org.elasticsearch.xpack.ssl.CertUtils; +import org.elasticsearch.xpack.ssl.SSLService; import org.elasticsearch.xpack.security.user.User; import org.elasticsearch.xpack.security.authc.AuthenticationToken; import org.elasticsearch.xpack.security.authc.Realm; import org.elasticsearch.xpack.security.authc.RealmConfig; import org.elasticsearch.xpack.security.authc.support.DnRoleMapper; -import org.elasticsearch.xpack.security.transport.SSLClientAuth; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; -import org.elasticsearch.watcher.ResourceWatcherService; -import org.elasticsearch.xpack.XPackPlugin; -import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; -import java.io.InputStream; -import java.nio.file.Files; -import java.security.KeyStore; +import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; -import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; -import java.util.List; import java.util.Map; import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; +import static org.elasticsearch.xpack.security.Security.setting; +import static org.elasticsearch.xpack.XPackSettings.HTTP_SSL_ENABLED; +import static org.elasticsearch.xpack.XPackSettings.TRANSPORT_SSL_ENABLED; + public class PkiRealm extends Realm { public static final String PKI_CERT_HEADER_NAME = "__SECURITY_CLIENT_CERTIFICATE"; @@ -48,23 +50,23 @@ public class PkiRealm extends Realm { // For client based cert validation, the auth type must be specified but UNKNOWN is an acceptable value public static final String AUTH_TYPE = "UNKNOWN"; - private final X509TrustManager[] trustManagers; + private final X509TrustManager trustManager; private final Pattern principalPattern; private final DnRoleMapper roleMapper; - public PkiRealm(RealmConfig config, ResourceWatcherService watcherService) { - this(config, new DnRoleMapper(TYPE, config, watcherService, null)); + public PkiRealm(RealmConfig config, ResourceWatcherService watcherService, SSLService sslService) { + this(config, new DnRoleMapper(TYPE, config, watcherService, null), sslService); } // pkg private for testing - PkiRealm(RealmConfig config, DnRoleMapper roleMapper) { + PkiRealm(RealmConfig config, DnRoleMapper roleMapper, SSLService sslService) { super(TYPE, config); - this.trustManagers = trustManagers(config.settings(), config.env()); + this.trustManager = trustManagers(config); this.principalPattern = Pattern.compile(config.settings().get("username_pattern", DEFAULT_USERNAME_PATTERN), Pattern.CASE_INSENSITIVE); this.roleMapper = roleMapper; - checkSSLEnabled(config, logger); + checkSSLEnabled(config, sslService); } @Override @@ -80,7 +82,7 @@ public class PkiRealm extends Realm { @Override public User authenticate(AuthenticationToken authToken) { X509AuthenticationToken token = (X509AuthenticationToken)authToken; - if (!isCertificateChainTrusted(trustManagers, token, logger)) { + if (isCertificateChainTrusted(trustManager, token, logger) == false) { return null; } @@ -98,7 +100,7 @@ public class PkiRealm extends Realm { return false; } - static X509AuthenticationToken token(Object pkiHeaderValue, Pattern principalPattern, ESLogger logger) { + static X509AuthenticationToken token(Object pkiHeaderValue, Pattern principalPattern, Logger logger) { if (pkiHeaderValue == null) { return null; } @@ -128,92 +130,95 @@ public class PkiRealm extends Realm { return new X509AuthenticationToken(certificates, principal, dn); } - static boolean isCertificateChainTrusted(X509TrustManager[] trustManagers, X509AuthenticationToken token, ESLogger logger) { - if (trustManagers.length > 0) { - boolean trusted = false; - for (X509TrustManager trustManager : trustManagers) { - try { - trustManager.checkClientTrusted(token.credentials(), AUTH_TYPE); - trusted = true; - break; - } catch (CertificateException e) { - if (logger.isTraceEnabled()) { - logger.trace("failed certificate validation for principal [{}]", e, token.principal()); - } else if (logger.isDebugEnabled()) { - logger.debug("failed certificate validation for principal [{}]", token.principal()); - } + static boolean isCertificateChainTrusted(X509TrustManager trustManager, X509AuthenticationToken token, Logger logger) { + if (trustManager != null) { + try { + trustManager.checkClientTrusted(token.credentials(), AUTH_TYPE); + return true; + } catch (CertificateException e) { + if (logger.isTraceEnabled()) { + logger.trace((Supplier) + () -> new ParameterizedMessage("failed certificate validation for principal [{}]", token.principal()), e); + } else if (logger.isDebugEnabled()) { + logger.debug("failed certificate validation for principal [{}]", token.principal()); } } - - return trusted; + return false; } // No extra trust managers specified, so at this point we can be considered authenticated. return true; } - static X509TrustManager[] trustManagers(Settings settings, Environment env) { + static X509TrustManager trustManagers(RealmConfig realmConfig) { + final Settings settings = realmConfig.settings(); + final Environment env = realmConfig.env(); + String[] certificateAuthorities = settings.getAsArray("certificate_authorities", null); String truststorePath = settings.get("truststore.path"); - if (truststorePath == null) { - return new X509TrustManager[0]; + if (truststorePath == null && certificateAuthorities == null) { + return null; + } else if (truststorePath != null && certificateAuthorities != null) { + final String settingPrefix = Realms.REALMS_GROUPS_SETTINGS.getKey() + realmConfig.name() + "."; + throw new IllegalArgumentException("[" + settingPrefix + "truststore.path] and [" + settingPrefix + "certificate_authorities]" + + " cannot be used at the same time"); + } else if (truststorePath != null) { + return trustManagersFromTruststore(realmConfig); } + return trustManagersFromCAs(settings, env); + } + private static X509TrustManager trustManagersFromTruststore(RealmConfig realmConfig) { + final Settings settings = realmConfig.settings(); + String truststorePath = settings.get("truststore.path"); String password = settings.get("truststore.password"); if (password == null) { - throw new IllegalArgumentException("no truststore password configured"); + final String settingPrefix = Realms.REALMS_GROUPS_SETTINGS.getKey() + realmConfig.name() + "."; + throw new IllegalArgumentException("[" + settingPrefix + "truststore.password] is not configured"); } String trustStoreAlgorithm = settings.get("truststore.algorithm", System.getProperty("ssl.TrustManagerFactory.algorithm", TrustManagerFactory.getDefaultAlgorithm())); - TrustManager[] trustManagers; - try (InputStream in = Files.newInputStream(XPackPlugin.resolveConfigFile(env, truststorePath))) { - // Load TrustStore - KeyStore ks = KeyStore.getInstance("jks"); - ks.load(in, password.toCharArray()); - - // Initialize a trust manager factory with the trusted store - TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(trustStoreAlgorithm); - trustFactory.init(ks); - trustManagers = trustFactory.getTrustManagers(); + try { + return CertUtils.trustManager(truststorePath, password, trustStoreAlgorithm, realmConfig.env()); } catch (Exception e) { throw new IllegalArgumentException("failed to load specified truststore", e); } + } - List trustManagerList = new ArrayList<>(); - for (TrustManager trustManager : trustManagers) { - if (trustManager instanceof X509TrustManager) { - trustManagerList.add((X509TrustManager) trustManager); - } + private static X509TrustManager trustManagersFromCAs(Settings settings, Environment env) { + String[] certificateAuthorities = settings.getAsArray("certificate_authorities", null); + assert certificateAuthorities != null; + try { + Certificate[] certificates = CertUtils.readCertificates(Arrays.asList(certificateAuthorities), env); + return CertUtils.trustManager(certificates); + } catch (Exception e) { + throw new ElasticsearchException("failed to load certificate authorities for PKI realm", e); } - - if (trustManagerList.isEmpty()) { - throw new IllegalArgumentException("no valid certificates found in truststore"); - } - - return trustManagerList.toArray(new X509TrustManager[trustManagerList.size()]); } /** * Checks to see if both SSL and Client authentication are enabled on at least one network communication layer. If - * not an error message will be logged + * not an exception will be thrown * * @param config this realm's configuration - * @param logger the logger to use if there is a configuration issue + * @param sslService the SSLService to use for ssl configurations */ - static void checkSSLEnabled(RealmConfig config, ESLogger logger) { + static void checkSSLEnabled(RealmConfig config, SSLService sslService) { Settings settings = config.globalSettings(); - final boolean httpSsl = SecurityNetty3HttpServerTransport.SSL_SETTING.get(settings); - final boolean httpClientAuth = SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.get(settings).enabled(); // HTTP + final boolean httpSsl = HTTP_SSL_ENABLED.get(settings); + Settings httpSSLSettings = SSLService.getHttpTransportSSLSettings(settings); + final boolean httpClientAuth = sslService.isSSLClientAuthEnabled(httpSSLSettings); if (httpSsl && httpClientAuth) { return; } // Default Transport - final boolean ssl = SecurityNetty3Transport.SSL_SETTING.get(settings); - final SSLClientAuth clientAuth = SecurityNetty3Transport.CLIENT_AUTH_SETTING.get(settings); - if (ssl && clientAuth.enabled()) { + final boolean ssl = TRANSPORT_SSL_ENABLED.get(settings); + final Settings transportSSLSettings = settings.getByPrefix(setting("transport.ssl.")); + final boolean clientAuthEnabled = sslService.isSSLClientAuthEnabled(transportSSLSettings); + if (ssl && clientAuthEnabled) { return; } @@ -221,13 +226,14 @@ public class PkiRealm extends Realm { Map groupedSettings = settings.getGroups("transport.profiles."); for (Map.Entry entry : groupedSettings.entrySet()) { Settings profileSettings = entry.getValue().getByPrefix(Security.settingPrefix()); - if (SecurityNetty3Transport.profileSsl(profileSettings, settings) - && SecurityNetty3Transport.CLIENT_AUTH_SETTING.get(profileSettings, settings).enabled()) { + if (SecurityNetty3Transport.PROFILE_SSL_SETTING.get(profileSettings) + && sslService.isSSLClientAuthEnabled( + SecurityNetty3Transport.profileSslSettings(profileSettings), transportSSLSettings)) { return; } } - logger.error("PKI realm [{}] is enabled but cannot be used as neither HTTP or Transport have both SSL and client authentication " + - "enabled", config.name()); + throw new IllegalStateException("PKI realm [" + config.name() + "] is enabled but cannot be used as neither HTTP or Transport " + + "has SSL with client authentication enabled"); } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java index b127e0725af..6926f7c2bbd 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java @@ -5,12 +5,13 @@ */ package org.elasticsearch.xpack.security.authc.support; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.common.cache.Cache; import org.elasticsearch.common.cache.CacheBuilder; import org.elasticsearch.common.cache.CacheLoader; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.xpack.security.authc.Authentication; import org.elasticsearch.xpack.security.authc.AuthenticationToken; import org.elasticsearch.xpack.security.authc.RealmConfig; import org.elasticsearch.xpack.security.support.Exceptions; @@ -130,7 +131,9 @@ public abstract class CachingUsernamePasswordRealm extends UsernamePasswordRealm } if (logger.isTraceEnabled()) { - logger.trace("realm [{}] could not authenticate [{}]", ee, type(), token.principal()); + logger.trace( + (Supplier) () -> new ParameterizedMessage( + "realm [{}] could not authenticate [{}]", type(), token.principal()), ee); } else if (logger.isDebugEnabled()) { logger.debug("realm [{}] could not authenticate [{}]", type(), token.principal()); } @@ -160,7 +163,7 @@ public abstract class CachingUsernamePasswordRealm extends UsernamePasswordRealm return userWithHash.user; } catch (ExecutionException ee) { if (logger.isTraceEnabled()) { - logger.trace("realm [{}] could not lookup [{}]", ee, name(), username); + logger.trace((Supplier) () -> new ParameterizedMessage("realm [{}] could not lookup [{}]", name(), username), ee); } else if (logger.isDebugEnabled()) { logger.debug("realm [{}] could not authenticate [{}]", name(), username); } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapper.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapper.java index 0debbe2749c..2acd70a124b 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapper.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapper.java @@ -7,16 +7,18 @@ package org.elasticsearch.xpack.security.authc.support; import com.unboundid.ldap.sdk.DN; import com.unboundid.ldap.sdk.LDAPException; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Nullable; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; -import org.elasticsearch.xpack.security.authc.RealmConfig; import org.elasticsearch.watcher.FileChangesListener; import org.elasticsearch.watcher.FileWatcher; import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.XPackPlugin; +import org.elasticsearch.xpack.security.authc.RealmConfig; import java.io.IOException; import java.io.InputStream; @@ -44,7 +46,7 @@ public class DnRoleMapper { public static final String ROLE_MAPPING_FILE_SETTING = "files.role_mapping"; public static final String USE_UNMAPPED_GROUPS_AS_ROLES_SETTING = "unmapped_groups_as_roles"; - protected final ESLogger logger; + protected final Logger logger; protected final RealmConfig config; private final String realmType; @@ -89,16 +91,18 @@ public class DnRoleMapper { * logging the error and skipping/removing all mappings. This is aligned with how we handle other auto-loaded files * in security. */ - public static Map> parseFileLenient(Path path, ESLogger logger, String realmType, String realmName) { + public static Map> parseFileLenient(Path path, Logger logger, String realmType, String realmName) { try { return parseFile(path, logger, realmType, realmName); } catch (Exception e) { - logger.error("failed to parse role mappings file [{}]. skipping/removing all mappings...", e, path.toAbsolutePath()); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "failed to parse role mappings file [{}]. skipping/removing all mappings...", path.toAbsolutePath()), e); return emptyMap(); } } - public static Map> parseFile(Path path, ESLogger logger, String realmType, String realmName) { + public static Map> parseFile(Path path, Logger logger, String realmType, String realmName) { logger.trace("reading realm [{}/{}] role mappings file [{}]...", realmType, realmName, path.toAbsolutePath()); @@ -124,8 +128,15 @@ public class DnRoleMapper { } dnRoles.add(role); } catch (LDAPException e) { - logger.error("invalid DN [{}] found in [{}] role mappings [{}] for realm [{}/{}]. skipping... ", e, providedDn, - realmType, path.toAbsolutePath(), realmType, realmName); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "invalid DN [{}] found in [{}] role mappings [{}] for realm [{}/{}]. skipping... ", + providedDn, + realmType, + path.toAbsolutePath(), + realmType, + realmName), + e); } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/SecurityIndexSearcherWrapper.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/SecurityIndexSearcherWrapper.java index 698e97c3055..40418716552 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/SecurityIndexSearcherWrapper.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/accesscontrol/SecurityIndexSearcherWrapper.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.security.authz.accesscontrol; +import org.apache.logging.log4j.Logger; import org.apache.lucene.index.DirectoryReader; import org.apache.lucene.index.LeafReaderContext; import org.apache.lucene.search.BooleanQuery; @@ -33,7 +34,6 @@ import org.elasticsearch.client.Client; import org.elasticsearch.client.FilterClient; import org.elasticsearch.common.ParseFieldMatcher; import org.elasticsearch.common.bytes.BytesReference; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.LoggerMessageFormat; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.util.concurrent.ThreadContext; @@ -104,7 +104,7 @@ public class SecurityIndexSearcherWrapper extends IndexSearcherWrapper { private final BitsetFilterCache bitsetFilterCache; private final XPackLicenseState licenseState; private final ThreadContext threadContext; - private final ESLogger logger; + private final Logger logger; private final ScriptService scriptService; public SecurityIndexSearcherWrapper(IndexSettings indexSettings, QueryShardContext queryShardContext, diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/IngestAdminRole.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/IngestAdminRole.java new file mode 100644 index 00000000000..12581d36e98 --- /dev/null +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/IngestAdminRole.java @@ -0,0 +1,30 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.security.authz.permission; + +import org.elasticsearch.xpack.security.authz.RoleDescriptor; +import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege; +import org.elasticsearch.xpack.security.authz.privilege.Privilege.Name; + +/** + * Role for users that should be allowed to use the Add Data/Ingest features in the UI + */ +public class IngestAdminRole extends Role { + + private static final String[] CLUSTER_PRIVILEGES = new String[] { "manage_index_templates", "manage_pipeline" }; + private static final RoleDescriptor.IndicesPrivileges[] INDICES_PRIVILEGES = new RoleDescriptor.IndicesPrivileges[0]; + + public static final String NAME = "ingest_admin"; + public static final RoleDescriptor DESCRIPTOR = new RoleDescriptor(NAME, CLUSTER_PRIVILEGES, INDICES_PRIVILEGES, null); + public static final IngestAdminRole INSTANCE = new IngestAdminRole(); + + private IngestAdminRole() { + super(DESCRIPTOR.getName(), + new ClusterPermission.Core(ClusterPrivilege.get(new Name(DESCRIPTOR.getClusterPrivileges()))), + new IndicesPermission.Core(Role.Builder.convertFromIndicesPrivileges(DESCRIPTOR.getIndicesPrivileges())), + RunAsPermission.Core.NONE); + } +} diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/ClusterPrivilege.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/ClusterPrivilege.java index 98959c9bc9e..d733b0cd8a0 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/ClusterPrivilege.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/privilege/ClusterPrivilege.java @@ -42,6 +42,7 @@ public class ClusterPrivilege extends AbstractAutomatonPrivilege ACTION_MATCHER = ClusterPrivilege.ALL.predicate(); @@ -56,6 +57,7 @@ public class ClusterPrivilege extends AbstractAutomatonPrivilege values() { diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/FileRolesStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/FileRolesStore.java index 442413eb631..daeb217b30b 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/FileRolesStore.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/FileRolesStore.java @@ -5,22 +5,13 @@ */ package org.elasticsearch.xpack.security.authz.store; -import java.io.IOException; -import java.nio.charset.StandardCharsets; -import java.nio.file.Files; -import java.nio.file.Path; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.regex.Pattern; - +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.component.AbstractLifecycleComponent; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.yaml.YamlXContent; @@ -37,6 +28,17 @@ import org.elasticsearch.xpack.security.authz.permission.Role; import org.elasticsearch.xpack.security.support.NoOpLogger; import org.elasticsearch.xpack.security.support.Validation; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Path; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.regex.Pattern; + import static java.util.Collections.emptyMap; import static java.util.Collections.emptySet; import static java.util.Collections.unmodifiableMap; @@ -115,7 +117,7 @@ public class FileRolesStore extends AbstractLifecycleComponent implements RolesS return XPackPlugin.resolveConfigFile(env, "roles.yml"); } - public static Set parseFileForRoleNames(Path path, ESLogger logger) { + public static Set parseFileForRoleNames(Path path, Logger logger) { Map roleMap = parseFile(path, logger, false, Settings.EMPTY); if (roleMap == null) { return emptySet(); @@ -123,11 +125,11 @@ public class FileRolesStore extends AbstractLifecycleComponent implements RolesS return roleMap.keySet(); } - public static Map parseFile(Path path, ESLogger logger, Settings settings) { + public static Map parseFile(Path path, Logger logger, Settings settings) { return parseFile(path, logger, true, settings); } - public static Map parseFile(Path path, ESLogger logger, boolean resolvePermission, Settings settings) { + public static Map parseFile(Path path, Logger logger, boolean resolvePermission, Settings settings) { if (logger == null) { logger = NoOpLogger.INSTANCE; } @@ -150,7 +152,11 @@ public class FileRolesStore extends AbstractLifecycleComponent implements RolesS } } catch (IOException ioe) { - logger.error("failed to read roles file [{}]. skipping all roles...", ioe, path.toAbsolutePath()); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "failed to read roles file [{}]. skipping all roles...", + path.toAbsolutePath()), + ioe); return emptyMap(); } } else { @@ -162,7 +168,7 @@ public class FileRolesStore extends AbstractLifecycleComponent implements RolesS return unmodifiableMap(roles); } - public static Map parseRoleDescriptors(Path path, ESLogger logger, + public static Map parseRoleDescriptors(Path path, Logger logger, boolean resolvePermission, Settings settings) { if (logger == null) { logger = NoOpLogger.INSTANCE; @@ -180,7 +186,11 @@ public class FileRolesStore extends AbstractLifecycleComponent implements RolesS } } } catch (IOException ioe) { - logger.error("failed to read roles file [{}]. skipping all roles...", ioe, path.toAbsolutePath()); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "failed to read roles file [{}]. skipping all roles...", + path.toAbsolutePath()), + ioe); return emptyMap(); } } @@ -188,7 +198,7 @@ public class FileRolesStore extends AbstractLifecycleComponent implements RolesS } @Nullable - private static Role parseRole(String segment, Path path, ESLogger logger, boolean resolvePermissions, Settings settings) { + private static Role parseRole(String segment, Path path, Logger logger, boolean resolvePermissions, Settings settings) { RoleDescriptor descriptor = parseRoleDescriptor(segment, path, logger, resolvePermissions, settings); if (descriptor != null) { @@ -210,7 +220,7 @@ public class FileRolesStore extends AbstractLifecycleComponent implements RolesS } @Nullable - private static RoleDescriptor parseRoleDescriptor(String segment, Path path, ESLogger logger, + private static RoleDescriptor parseRoleDescriptor(String segment, Path path, Logger logger, boolean resolvePermissions, Settings settings) { String roleName = null; try { @@ -245,15 +255,26 @@ public class FileRolesStore extends AbstractLifecycleComponent implements RolesS } catch (ElasticsearchParseException e) { assert roleName != null; if (logger.isDebugEnabled()) { - logger.debug("parsing exception for role [{}]", e, roleName); + final String finalRoleName = roleName; + logger.debug((Supplier) () -> new ParameterizedMessage("parsing exception for role [{}]", finalRoleName), e); } else { logger.error(e.getMessage() + ". skipping role..."); } } catch (IOException e) { if (roleName != null) { - logger.error("invalid role definition [{}] in roles file [{}]. skipping role...", e, roleName, path); + final String finalRoleName = roleName; + logger.error( + (Supplier) () -> new ParameterizedMessage( + "invalid role definition [{}] in roles file [{}]. skipping role...", + finalRoleName, + path), + e); } else { - logger.error("invalid role definition in roles file [{}]. skipping role...", e, path); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "invalid role definition in roles file [{}]. skipping role...", + path), + e); } } return null; @@ -301,7 +322,9 @@ public class FileRolesStore extends AbstractLifecycleComponent implements RolesS permissions = parseFile(file, logger, settings); logger.info("updated roles (roles file [{}] changed)", file.toAbsolutePath()); } catch (Exception e) { - logger.error("could not reload roles file [{}]. Current roles remain unmodified", e, file.toAbsolutePath()); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "could not reload roles file [{}]. Current roles remain unmodified", file.toAbsolutePath()), e); return; } listener.onRefresh(); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java index b0f6e99aabf..3e11e946663 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java @@ -5,19 +5,8 @@ */ package org.elasticsearch.xpack.security.authz.store; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.concurrent.CountDownLatch; -import java.util.concurrent.ExecutionException; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.atomic.AtomicReference; -import java.util.concurrent.locks.ReadWriteLock; -import java.util.concurrent.locks.ReentrantReadWriteLock; - +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.DocWriteResponse; @@ -67,6 +56,19 @@ import org.elasticsearch.xpack.security.authz.permission.IndicesPermission.Group import org.elasticsearch.xpack.security.authz.permission.Role; import org.elasticsearch.xpack.security.client.SecurityClient; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicReference; +import java.util.concurrent.locks.ReadWriteLock; +import java.util.concurrent.locks.ReentrantReadWriteLock; + import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.xpack.security.Security.setting; import static org.elasticsearch.xpack.security.SecurityTemplateService.securityIndexMappingAndTemplateUpToDate; @@ -240,7 +242,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C } }); } catch (Exception e) { - logger.error("unable to retrieve roles {}", e, Arrays.toString(names)); + logger.error((Supplier) () -> new ParameterizedMessage("unable to retrieve roles {}", Arrays.toString(names)), e); listener.onFailure(e); } } @@ -306,12 +308,12 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C @Override public void onFailure(Exception e) { - logger.error("failed to put role [{}]", e, request.name()); + logger.error((Supplier) () -> new ParameterizedMessage("failed to put role [{}]", request.name()), e); listener.onFailure(e); } }); } catch (Exception e) { - logger.error("unable to put role [{}]", e, request.name()); + logger.error((Supplier) () -> new ParameterizedMessage("unable to put role [{}]", request.name()), e); listener.onFailure(e); } @@ -419,9 +421,11 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C @Override public void onFailure(Exception t) { if (t instanceof IndexNotFoundException) { - logger.trace("failed to retrieve role [{}] since security index does not exist", t, roleId); + logger.trace( + (Supplier) () -> new ParameterizedMessage( + "failed to retrieve role [{}] since security index does not exist", roleId), t); } else { - logger.error("failed to retrieve role [{}]", t, roleId); + logger.error((Supplier) () -> new ParameterizedMessage("failed to retrieve role [{}]", roleId), t); } } }, latch)); @@ -448,9 +452,9 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C }); } catch (ExecutionException e) { if (e.getCause() instanceof NullPointerException) { - logger.trace("role [{}] was not found", e, roleId); + logger.trace((Supplier) () -> new ParameterizedMessage("role [{}] was not found", roleId), e); } else { - logger.error("failed to load role [{}]", e, roleId); + logger.error((Supplier) () -> new ParameterizedMessage("failed to load role [{}]", roleId), e); } } @@ -462,7 +466,9 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C GetRequest request = client.prepareGet(SecurityTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, role).request(); client.get(request, listener); } catch (IndexNotFoundException e) { - logger.trace("unable to retrieve role [{}] since security index does not exist", e, role); + logger.trace( + (Supplier) () -> new ParameterizedMessage( + "unable to retrieve role [{}] since security index does not exist", role), e); listener.onResponse(new GetResponse( new GetResult(SecurityTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, role, -1, false, null, null))); } catch (Exception e) { @@ -482,7 +488,8 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C @Override public void onFailure(Exception t) { // Not really much to do here except for warn about it... - logger.warn("failed to clear scroll [{}] after retrieving roles", t, scrollId); + logger.warn( + (Supplier) () -> new ParameterizedMessage("failed to clear scroll [{}] after retrieving roles", scrollId), t); } }); } @@ -522,7 +529,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C @Override public void onFailure(Exception e) { - logger.error("unable to clear cache for role [{}]", e, role); + logger.error((Supplier) () -> new ParameterizedMessage("unable to clear cache for role [{}]", role), e); ElasticsearchException exception = new ElasticsearchException("clearing the cache for [" + role + "] failed. please clear the role cache manually", e); listener.onFailure(exception); @@ -536,8 +543,8 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C final boolean exists = event.state().metaData().indices().get(SecurityTemplateService.SECURITY_INDEX_NAME) != null; // make sure all the primaries are active if (exists && event.state().routingTable().index(SecurityTemplateService.SECURITY_INDEX_NAME).allPrimaryShardsActive()) { - logger.debug("security index [{}] all primary shards started, so polling can start", - SecurityTemplateService.SECURITY_INDEX_NAME); + logger.debug( + "security index [{}] all primary shards started, so polling can start", SecurityTemplateService.SECURITY_INDEX_NAME); securityIndexExists = true; } else { // always set the value - it may have changed... @@ -562,7 +569,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C try { return RoleDescriptor.parse(name, sourceBytes); } catch (Exception e) { - logger.error("error in the format of data for role [{}]", e, name); + logger.error((Supplier) () -> new ParameterizedMessage("error in the format of data for role [{}]", name), e); return null; } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStore.java index 3a2bcd5ee5b..d6ed72968a7 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStore.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStore.java @@ -14,6 +14,7 @@ import java.util.Set; import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.xpack.security.SecurityContext; import org.elasticsearch.xpack.security.authz.RoleDescriptor; +import org.elasticsearch.xpack.security.authz.permission.IngestAdminRole; import org.elasticsearch.xpack.security.authz.permission.KibanaRole; import org.elasticsearch.xpack.security.authz.permission.KibanaUserRole; import org.elasticsearch.xpack.security.authz.permission.MonitoringUserRole; @@ -48,6 +49,8 @@ public class ReservedRolesStore implements RolesStore { return MonitoringUserRole.INSTANCE; case RemoteMonitoringAgentRole.NAME: return RemoteMonitoringAgentRole.INSTANCE; + case IngestAdminRole.NAME: + return IngestAdminRole.INSTANCE; case KibanaRole.NAME: // The only user that should know about this role is the kibana user itself (who has this role). The reason we want to hide // this role is that it was created specifically for kibana, with all the permissions that the kibana user needs. @@ -78,6 +81,8 @@ public class ReservedRolesStore implements RolesStore { return MonitoringUserRole.DESCRIPTOR; case RemoteMonitoringAgentRole.NAME: return RemoteMonitoringAgentRole.DESCRIPTOR; + case IngestAdminRole.NAME: + return IngestAdminRole.DESCRIPTOR; case KibanaRole.NAME: // The only user that should know about this role is the kibana user itself (who has this role). The reason we want to hide // this role is that it was created specifically for kibana, with all the permissions that the kibana user needs. @@ -94,15 +99,16 @@ public class ReservedRolesStore implements RolesStore { public Collection roleDescriptors() { if (KibanaUser.is(securityContext.getUser())) { return Arrays.asList(SuperuserRole.DESCRIPTOR, TransportClientRole.DESCRIPTOR, KibanaUserRole.DESCRIPTOR, - KibanaRole.DESCRIPTOR, MonitoringUserRole.DESCRIPTOR, RemoteMonitoringAgentRole.DESCRIPTOR); + KibanaRole.DESCRIPTOR, MonitoringUserRole.DESCRIPTOR, RemoteMonitoringAgentRole.DESCRIPTOR, + IngestAdminRole.DESCRIPTOR); } return Arrays.asList(SuperuserRole.DESCRIPTOR, TransportClientRole.DESCRIPTOR, KibanaUserRole.DESCRIPTOR, - MonitoringUserRole.DESCRIPTOR, RemoteMonitoringAgentRole.DESCRIPTOR); + MonitoringUserRole.DESCRIPTOR, RemoteMonitoringAgentRole.DESCRIPTOR, IngestAdminRole.DESCRIPTOR); } public static Set names() { return Sets.newHashSet(SuperuserRole.NAME, KibanaRole.NAME, TransportClientRole.NAME, KibanaUserRole.NAME, - MonitoringUserRole.NAME, RemoteMonitoringAgentRole.NAME); + MonitoringUserRole.NAME, RemoteMonitoringAgentRole.NAME, IngestAdminRole.NAME); } public static boolean isReserved(String role) { @@ -114,6 +120,7 @@ public class ReservedRolesStore implements RolesStore { case MonitoringUserRole.NAME: case RemoteMonitoringAgentRole.NAME: case SystemUser.ROLE_NAME: + case IngestAdminRole.NAME: return true; default: return false; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java index e192218e7be..fcc239a070b 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java @@ -5,24 +5,26 @@ */ package org.elasticsearch.xpack.security.rest; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.http.netty3.Netty3HttpRequest; import org.elasticsearch.http.netty4.Netty4HttpRequest; +import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.rest.RestChannel; import org.elasticsearch.rest.RestController; import org.elasticsearch.rest.RestFilter; import org.elasticsearch.rest.RestFilterChain; import org.elasticsearch.rest.RestRequest; +import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.security.authc.AuthenticationService; import org.elasticsearch.xpack.security.authc.pki.PkiRealm; -import org.elasticsearch.license.XPackLicenseState; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; -import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.xpack.ssl.SSLService; import org.jboss.netty.handler.ssl.SslHandler; import javax.net.ssl.SSLEngine; @@ -30,27 +32,30 @@ import javax.net.ssl.SSLPeerUnverifiedException; import java.security.cert.Certificate; import java.security.cert.X509Certificate; +import static org.elasticsearch.xpack.XPackSettings.HTTP_SSL_ENABLED; + /** * */ public class SecurityRestFilter extends RestFilter { private final AuthenticationService service; - private final ESLogger logger; + private final Logger logger; private final XPackLicenseState licenseState; private final ThreadContext threadContext; private final boolean extractClientCertificate; @Inject public SecurityRestFilter(AuthenticationService service, RestController controller, Settings settings, - ThreadPool threadPool, XPackLicenseState licenseState) { + ThreadPool threadPool, XPackLicenseState licenseState, SSLService sslService) { this.service = service; this.licenseState = licenseState; this.threadContext = threadPool.getThreadContext(); + this.logger = Loggers.getLogger(getClass(), settings); + final boolean ssl = HTTP_SSL_ENABLED.get(settings); + Settings httpSSLSettings = SSLService.getHttpTransportSSLSettings(settings); + this.extractClientCertificate = ssl && sslService.isSSLClientAuthEnabled(httpSSLSettings); controller.registerFilter(this); - boolean ssl = SecurityNetty3HttpServerTransport.SSL_SETTING.get(settings); - extractClientCertificate = ssl && SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.get(settings).enabled(); - logger = Loggers.getLogger(getClass(), settings); } @Override @@ -76,7 +81,7 @@ public class SecurityRestFilter extends RestFilter { filterChain.continueProcessing(request, channel, client); } - static void putClientCertificateInContext(RestRequest request, ThreadContext threadContext, ESLogger logger) throws Exception { + static void putClientCertificateInContext(RestRequest request, ThreadContext threadContext, Logger logger) throws Exception { assert request instanceof Netty3HttpRequest || request instanceof Netty4HttpRequest; if (request instanceof Netty3HttpRequest) { Netty3HttpRequest nettyHttpRequest = (Netty3HttpRequest) request; @@ -94,7 +99,7 @@ public class SecurityRestFilter extends RestFilter { } - private static void extractClientCerts(SSLEngine sslEngine, Object channel, ThreadContext threadContext, ESLogger logger) { + private static void extractClientCerts(SSLEngine sslEngine, Object channel, ThreadContext threadContext, Logger logger) { try { Certificate[] certs = sslEngine.getSession().getPeerCertificates(); if (certs instanceof X509Certificate[]) { @@ -106,7 +111,8 @@ public class SecurityRestFilter extends RestFilter { assert sslEngine.getNeedClientAuth() == false; assert sslEngine.getWantClientAuth(); if (logger.isTraceEnabled()) { - logger.trace("SSL Peer did not present a certificate on channel [{}]", e, channel); + logger.trace( + (Supplier) () -> new ParameterizedMessage("SSL Peer did not present a certificate on channel [{}]", channel), e); } else if (logger.isDebugEnabled()) { logger.debug("SSL Peer did not present a certificate on channel [{}]", channel); } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java deleted file mode 100644 index 71ae083862b..00000000000 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java +++ /dev/null @@ -1,447 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.xpack.security.ssl; - -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.TrustManagerFactory; -import java.nio.file.Path; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import java.util.Objects; -import java.util.Optional; -import java.util.function.Function; - -import org.elasticsearch.common.Nullable; -import org.elasticsearch.common.settings.Setting; -import org.elasticsearch.common.settings.Setting.Property; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.env.Environment; - -import static org.elasticsearch.xpack.security.Security.setting; -import static org.elasticsearch.xpack.security.support.OptionalSettings.createInt; -import static org.elasticsearch.xpack.security.support.OptionalSettings.createString; -import static org.elasticsearch.xpack.security.support.OptionalSettings.createTimeValue; - -/** - * Class that contains all configuration related to SSL use within x-pack - */ -abstract class SSLConfiguration { - - abstract KeyConfig keyConfig(); - - abstract TrustConfig trustConfig(); - - abstract String protocol(); - - abstract int sessionCacheSize(); - - abstract TimeValue sessionCacheTimeout(); - - abstract List ciphers(); - - abstract List supportedProtocols(); - - /** - * Provides the list of paths to files that back this configuration - */ - List filesToMonitor(@Nullable Environment environment) { - if (keyConfig() == trustConfig()) { - return keyConfig().filesToMonitor(environment); - } - List paths = new ArrayList<>(keyConfig().filesToMonitor(environment)); - paths.addAll(trustConfig().filesToMonitor(environment)); - return paths; - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (!(o instanceof SSLConfiguration)) return false; - - SSLConfiguration that = (SSLConfiguration) o; - - if (this.sessionCacheSize() != that.sessionCacheSize()) { - return false; - } - if (this.keyConfig() != null ? !this.keyConfig().equals(that.keyConfig()) : that.keyConfig() != null) { - return false; - } - if (this.trustConfig() != null ? !this.trustConfig().equals(that.trustConfig()) : that.trustConfig() != null) { - return false; - } - if (this.protocol() != null ? !this.protocol().equals(that.protocol()) : that.protocol() != null) { - return false; - } - if (this.sessionCacheTimeout() != null ? - !this.sessionCacheTimeout().equals(that.sessionCacheTimeout()) : that.sessionCacheTimeout() != null) { - return false; - } - if (this.ciphers() != null ? !this.ciphers().equals(that.ciphers()) : that.ciphers() != null) { - return false; - } - return this.supportedProtocols() != null ? - this.supportedProtocols().equals(that.supportedProtocols()) : that.supportedProtocols() == null; - } - - @Override - public int hashCode() { - int result = this.keyConfig() != null ? this.keyConfig().hashCode() : 0; - result = 31 * result + (this.trustConfig() != null ? this.trustConfig().hashCode() : 0); - result = 31 * result + (this.protocol() != null ? this.protocol().hashCode() : 0); - result = 31 * result + this.sessionCacheSize(); - result = 31 * result + (this.sessionCacheTimeout() != null ? this.sessionCacheTimeout().hashCode() : 0); - result = 31 * result + (this.ciphers() != null ? this.ciphers().hashCode() : 0); - result = 31 * result + (this.supportedProtocols() != null ? this.supportedProtocols().hashCode() : 0); - return result; - } - - static class Global extends SSLConfiguration { - - static final List DEFAULT_SUPPORTED_PROTOCOLS = Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2"); - static final List DEFAULT_CIPHERS = - Arrays.asList("TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); - static final TimeValue DEFAULT_SESSION_CACHE_TIMEOUT = TimeValue.timeValueHours(24); - static final int DEFAULT_SESSION_CACHE_SIZE = 1000; - static final String DEFAULT_PROTOCOL = "TLSv1.2"; - - // common settings - static final Setting> CIPHERS_SETTING = Setting.listSetting(globalKey(Custom.CIPHERS_SETTING), DEFAULT_CIPHERS, - Function.identity(), Property.NodeScope, Property.Filtered); - static final Setting> SUPPORTED_PROTOCOLS_SETTING = Setting.listSetting(globalKey(Custom.SUPPORTED_PROTOCOLS_SETTING), - DEFAULT_SUPPORTED_PROTOCOLS, Function.identity(), Property.NodeScope, Property.Filtered); - static final Setting PROTOCOL_SETTING = new Setting<>(globalKey(Custom.PROTOCOL_SETTING), DEFAULT_PROTOCOL, - Function.identity(), Property.NodeScope, Property.Filtered); - static final Setting SESSION_CACHE_SIZE_SETTING = Setting.intSetting(globalKey(Custom.CACHE_SIZE_SETTING), - DEFAULT_SESSION_CACHE_SIZE, Property.NodeScope, Property.Filtered); - static final Setting SESSION_CACHE_TIMEOUT_SETTING = Setting.timeSetting(globalKey(Custom.CACHE_TIMEOUT_SETTING), - DEFAULT_SESSION_CACHE_TIMEOUT, Property.NodeScope, Property.Filtered); - - // keystore settings - static final Setting> KEYSTORE_PATH_SETTING = createString(globalKey(Custom.KEYSTORE_PATH_SETTING), - s -> System.getProperty("javax.net.ssl.keyStore"), Property.NodeScope, Property.Filtered); - static final Setting> KEYSTORE_PASSWORD_SETTING = createString(globalKey(Custom.KEYSTORE_PASSWORD_SETTING), - s -> System.getProperty("javax.net.ssl.keyStorePassword"), Property.NodeScope, Property.Filtered); - static final Setting KEYSTORE_ALGORITHM_SETTING = new Setting<>(globalKey(Custom.KEYSTORE_ALGORITHM_SETTING), - s -> System.getProperty("ssl.KeyManagerFactory.algorithm", KeyManagerFactory.getDefaultAlgorithm()), - Function.identity(), Property.NodeScope, Property.Filtered); - static final Setting> KEYSTORE_KEY_PASSWORD_SETTING = - createString(globalKey(Custom.KEYSTORE_KEY_PASSWORD_SETTING), KEYSTORE_PASSWORD_SETTING, - Property.NodeScope, Property.Filtered); - - // truststore settings - static final Setting> TRUSTSTORE_PATH_SETTING = createString(globalKey(Custom.TRUSTSTORE_PATH_SETTING), - s -> System.getProperty("javax.net.ssl.trustStore"), Property.NodeScope, Property.Filtered); - static final Setting> TRUSTSTORE_PASSWORD_SETTING = createString(globalKey(Custom.TRUSTSTORE_PASSWORD_SETTING), - s -> System.getProperty("javax.net.ssl.trustStorePassword"), Property.NodeScope, Property.Filtered); - static final Setting TRUSTSTORE_ALGORITHM_SETTING = new Setting<>(globalKey(Custom.TRUSTSTORE_ALGORITHM_SETTING), - s -> System.getProperty("ssl.TrustManagerFactory.algorithm", TrustManagerFactory.getDefaultAlgorithm()), - Function.identity(), Property.NodeScope, Property.Filtered); - - // PEM key and cert settings - static final Setting> KEY_PATH_SETTING = createString(globalKey(Custom.KEY_PATH_SETTING), - Property.NodeScope, Property.Filtered); - static final Setting> KEY_PASSWORD_SETTING = createString(globalKey(Custom.KEY_PASSWORD_SETTING), - Property.NodeScope, Property.Filtered); - static final Setting> CERT_SETTING = Setting.listSetting(globalKey(Custom.CERT_SETTING), Collections.emptyList(), - s -> s, Property.NodeScope, Property.Filtered); - - // PEM trusted certs - static final Setting> CA_PATHS_SETTING = Setting.listSetting(globalKey(Custom.CA_PATHS_SETTING), - Collections.emptyList(), s -> s, Property.NodeScope, Property.Filtered); - - // Default system trusted certs - static final Setting INCLUDE_JDK_CERTS_SETTING = Setting.boolSetting(globalKey(Custom.INCLUDE_JDK_CERTS_SETTING), true, - Property.NodeScope, Property.Filtered); - - private final KeyConfig keyConfig; - private final TrustConfig trustConfig; - private final String sslProtocol; - private final int sessionCacheSize; - private final TimeValue sessionCacheTimeout; - private final List ciphers; - private final List supportedProtocols; - - /** - * This constructor should be used with the global settings of the service - * - * @param settings the global settings to build the SSL configuration from - */ - Global(Settings settings) { - this.keyConfig = createGlobalKeyConfig(settings); - this.trustConfig = createGlobalTrustConfig(settings, keyConfig); - this.sslProtocol = PROTOCOL_SETTING.get(settings); - this.sessionCacheSize = SESSION_CACHE_SIZE_SETTING.get(settings); - this.sessionCacheTimeout = SESSION_CACHE_TIMEOUT_SETTING.get(settings); - this.ciphers = CIPHERS_SETTING.get(settings); - this.supportedProtocols = SUPPORTED_PROTOCOLS_SETTING.get(settings); - } - - @Override - KeyConfig keyConfig() { - return keyConfig; - } - - @Override - TrustConfig trustConfig() { - return trustConfig; - } - - @Override - String protocol() { - return sslProtocol; - } - - @Override - int sessionCacheSize() { - return sessionCacheSize; - } - - @Override - TimeValue sessionCacheTimeout() { - return sessionCacheTimeout; - } - - @Override - List ciphers() { - return ciphers; - } - - @Override - List supportedProtocols() { - return supportedProtocols; - } - - @Override - public String toString() { - return "SSLConfiguration{" + - "keyConfig=[" + keyConfig + - "], trustConfig=" + trustConfig + - "], sslProtocol=['" + sslProtocol + '\'' + - "], sessionCacheSize=[" + sessionCacheSize + - "], sessionCacheTimeout=[" + sessionCacheTimeout + - "], ciphers=[" + ciphers + - "], supportedProtocols=[" + supportedProtocols + - "]}"; - } - - private static String globalKey(Setting setting) { - return setting("ssl." + setting.getKey()); - } - - static KeyConfig createGlobalKeyConfig(Settings settings) { - String keyStorePath = KEYSTORE_PATH_SETTING.get(settings).orElse(null); - String keyPath = KEY_PATH_SETTING.get(settings).orElse(null); - if (keyPath != null && keyStorePath != null) { - throw new IllegalArgumentException("you cannot specify a keystore and key file"); - } else if (keyStorePath == null && keyPath == null) { - return KeyConfig.NONE; - } - - boolean includeSystem = INCLUDE_JDK_CERTS_SETTING.get(settings); - if (keyPath != null) { - String keyPassword = KEY_PASSWORD_SETTING.get(settings).orElse(null); - List certPaths = getListOrNull(CERT_SETTING, settings); - if (certPaths == null) { - throw new IllegalArgumentException("you must specify the certificates to use with the key"); - } - return new PEMKeyConfig(includeSystem, keyPath, keyPassword, certPaths); - } else { - assert keyStorePath != null; - String keyStorePassword = KEYSTORE_PASSWORD_SETTING.get(settings).orElse(null); - String keyStoreAlgorithm = KEYSTORE_ALGORITHM_SETTING.get(settings); - String keyStoreKeyPassword = KEYSTORE_KEY_PASSWORD_SETTING.get(settings).orElse(keyStorePassword); - String trustStoreAlgorithm = TRUSTSTORE_ALGORITHM_SETTING.get(settings); - return new StoreKeyConfig(includeSystem, keyStorePath, keyStorePassword, keyStoreKeyPassword, - keyStoreAlgorithm, trustStoreAlgorithm); - } - } - - static TrustConfig createGlobalTrustConfig(Settings settings, KeyConfig keyInfo) { - String trustStorePath = TRUSTSTORE_PATH_SETTING.get(settings).orElse(null); - List caPaths = getListOrNull(CA_PATHS_SETTING, settings); - boolean includeSystem = INCLUDE_JDK_CERTS_SETTING.get(settings); - if (trustStorePath != null && caPaths != null) { - throw new IllegalArgumentException("you cannot specify a truststore and ca files"); - } else if (caPaths != null) { - return new PEMTrustConfig(includeSystem, caPaths); - } else if (trustStorePath != null) { - String trustStorePassword = TRUSTSTORE_PASSWORD_SETTING.get(settings).orElse(null); - String trustStoreAlgorithm = TRUSTSTORE_ALGORITHM_SETTING.get(settings); - return new StoreTrustConfig(includeSystem, trustStorePath, trustStorePassword, trustStoreAlgorithm); - } else if (keyInfo != KeyConfig.NONE) { - return keyInfo; - } else { - return new StoreTrustConfig(includeSystem, null, null, null); - } - } - } - - static class Custom extends SSLConfiguration { - - static final Setting> PROTOCOL_SETTING = createString("protocol"); - static final Setting> CACHE_SIZE_SETTING = createInt("session.cache_size"); - static final Setting> CACHE_TIMEOUT_SETTING = createTimeValue("session.cache_timeout"); - static final Setting> CIPHERS_SETTING = Setting.listSetting("ciphers", Collections.emptyList(), s -> s); - static final Setting> SUPPORTED_PROTOCOLS_SETTING = - Setting.listSetting("supported_protocols", Collections.emptyList(), s -> s); - - static final Setting> KEYSTORE_PATH_SETTING = createString("keystore.path"); - static final Setting> KEYSTORE_PASSWORD_SETTING = createString("keystore.password"); - static final Setting KEYSTORE_ALGORITHM_SETTING = new Setting<>("keystore.algorithm", - s -> System.getProperty("ssl.KeyManagerFactory.algorithm", KeyManagerFactory.getDefaultAlgorithm()), Function.identity()); - static final Setting> KEYSTORE_KEY_PASSWORD_FALLBACK = createString("keystore.password"); - static final Setting> KEYSTORE_KEY_PASSWORD_SETTING = - createString("keystore.key_password", KEYSTORE_KEY_PASSWORD_FALLBACK); - - - static final Setting> TRUSTSTORE_PATH_SETTING = createString("truststore.path"); - static final Setting> TRUSTSTORE_PASSWORD_SETTING = createString("truststore.password"); - static final Setting TRUSTSTORE_ALGORITHM_SETTING = new Setting<>("truststore.algorithm", - s -> System.getProperty("ssl.TrustManagerFactory.algorithm", - TrustManagerFactory.getDefaultAlgorithm()), Function.identity()); - - static final Setting> KEY_PATH_SETTING = createString("key.path"); - static final Setting> KEY_PASSWORD_SETTING = createString("key.password"); - static final Setting> CERT_SETTING = Setting.listSetting("cert", Collections.emptyList(), s -> s); - - static final Setting> CA_PATHS_SETTING = Setting.listSetting("ca", Collections.emptyList(), s -> s); - static final Setting INCLUDE_JDK_CERTS_SETTING = Setting.boolSetting("trust_cacerts", true); - - private final KeyConfig keyConfig; - private final TrustConfig trustConfig; - private final String sslProtocol; - private final int sessionCacheSize; - private final TimeValue sessionCacheTimeout; - private final List ciphers; - private final List supportedProtocols; - - /** - * The settings passed in should be the group settings under ssl, like xpack.security.ssl - * - * @param settings the profile settings to get the SSL configuration for - * @param defaultConfig the default SSL configuration - */ - Custom(Settings settings, SSLConfiguration defaultConfig) { - Objects.requireNonNull(settings); - this.keyConfig = createKeyConfig(settings, defaultConfig); - this.trustConfig = createTrustConfig(settings, keyConfig, defaultConfig); - this.sslProtocol = PROTOCOL_SETTING.get(settings).orElse(defaultConfig.protocol()); - this.sessionCacheSize = CACHE_SIZE_SETTING.get(settings).orElse(defaultConfig.sessionCacheSize()); - this.sessionCacheTimeout = CACHE_TIMEOUT_SETTING.get(settings).orElse(defaultConfig.sessionCacheTimeout()); - this.ciphers = getListOrDefault(CIPHERS_SETTING, settings, defaultConfig.ciphers()); - this.supportedProtocols = getListOrDefault(SUPPORTED_PROTOCOLS_SETTING, settings, defaultConfig.supportedProtocols()); - } - - @Override - KeyConfig keyConfig() { - return keyConfig; - } - - @Override - TrustConfig trustConfig() { - return trustConfig; - } - - @Override - String protocol() { - return sslProtocol; - } - - @Override - int sessionCacheSize() { - return sessionCacheSize; - } - - @Override - TimeValue sessionCacheTimeout() { - return sessionCacheTimeout; - } - - @Override - List ciphers() { - return ciphers; - } - - @Override - List supportedProtocols() { - return supportedProtocols; - } - - @Override - public String toString() { - return "SSLConfiguration{" + - "keyConfig=[" + keyConfig + - "], trustConfig=" + trustConfig + - "], sslProtocol=['" + sslProtocol + '\'' + - "], sessionCacheSize=[" + sessionCacheSize + - "], sessionCacheTimeout=[" + sessionCacheTimeout + - "], ciphers=[" + ciphers + - "], supportedProtocols=[" + supportedProtocols + - '}'; - } - - static KeyConfig createKeyConfig(Settings settings, SSLConfiguration global) { - String keyStorePath = KEYSTORE_PATH_SETTING.get(settings).orElse(null); - String keyPath = KEY_PATH_SETTING.get(settings).orElse(null); - if (keyPath != null && keyStorePath != null) { - throw new IllegalArgumentException("you cannot specify a keystore and key file"); - } else if (keyStorePath == null && keyPath == null) { - return global.keyConfig(); - } - - boolean includeSystem = INCLUDE_JDK_CERTS_SETTING.get(settings); - if (keyPath != null) { - String keyPassword = KEY_PASSWORD_SETTING.get(settings).orElse(null); - List certPaths = getListOrNull(CERT_SETTING, settings); - if (certPaths == null) { - throw new IllegalArgumentException("you must specify the certificates to use with the key"); - } - return new PEMKeyConfig(includeSystem, keyPath, keyPassword, certPaths); - } else { - assert keyStorePath != null; - String keyStorePassword = KEYSTORE_PASSWORD_SETTING.get(settings).orElse(null); - String keyStoreAlgorithm = KEYSTORE_ALGORITHM_SETTING.get(settings); - String keyStoreKeyPassword = KEYSTORE_KEY_PASSWORD_SETTING.get(settings).orElse(keyStorePassword); - String trustStoreAlgorithm = TRUSTSTORE_ALGORITHM_SETTING.get(settings); - return new StoreKeyConfig(includeSystem, keyStorePath, keyStorePassword, keyStoreKeyPassword, - keyStoreAlgorithm, trustStoreAlgorithm); - } - } - - static TrustConfig createTrustConfig(Settings settings, KeyConfig keyConfig, SSLConfiguration global) { - String trustStorePath = TRUSTSTORE_PATH_SETTING.get(settings).orElse(null); - List caPaths = getListOrNull(CA_PATHS_SETTING, settings); - if (trustStorePath != null && caPaths != null) { - throw new IllegalArgumentException("you cannot specify a truststore and ca files"); - } else if (caPaths != null) { - return new PEMTrustConfig(INCLUDE_JDK_CERTS_SETTING.get(settings), caPaths); - } else if (trustStorePath != null) { - String trustStorePassword = TRUSTSTORE_PASSWORD_SETTING.get(settings).orElse(null); - String trustStoreAlgorithm = TRUSTSTORE_ALGORITHM_SETTING.get(settings); - return new StoreTrustConfig(INCLUDE_JDK_CERTS_SETTING.get(settings), - trustStorePath, trustStorePassword, trustStoreAlgorithm); - } else if (keyConfig == global.keyConfig()) { - return global.trustConfig(); - } else { - return keyConfig; - } - } - } - - static List getListOrNull(Setting> listSetting, Settings settings) { - return getListOrDefault(listSetting, settings, null); - } - - static List getListOrDefault(Setting> listSetting, Settings settings, List defaultValue) { - if (listSetting.exists(settings)) { - return listSetting.get(settings); - } - return defaultValue; - } -} diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/TrustConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/TrustConfig.java deleted file mode 100644 index b6196073ed5..00000000000 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/TrustConfig.java +++ /dev/null @@ -1,156 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.xpack.security.ssl; - -import org.elasticsearch.ElasticsearchException; -import org.elasticsearch.common.Nullable; -import org.elasticsearch.env.Environment; - -import javax.net.ssl.SSLEngine; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509ExtendedTrustManager; -import java.net.Socket; -import java.nio.file.Path; -import java.security.KeyStore; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.List; - -abstract class TrustConfig { - - protected final boolean includeSystem; - - TrustConfig(boolean includeSystem) { - this.includeSystem = includeSystem; - } - - final X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) { - X509ExtendedTrustManager trustManager = nonSystemTrustManager(environment); - if (includeSystem) { - trustManager = mergeWithSystem(trustManager); - } else if (trustManager == null) { - return null; - } - return trustManager; - } - - abstract X509ExtendedTrustManager nonSystemTrustManager(@Nullable Environment environment); - - abstract void validate(); - - abstract List filesToMonitor(@Nullable Environment environment); - - public abstract String toString(); - - private X509ExtendedTrustManager mergeWithSystem(X509ExtendedTrustManager nonSystemTrustManager) { - try { - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init((KeyStore) null); - TrustManager[] systemTrustManagers = tmf.getTrustManagers(); - X509ExtendedTrustManager system = findFirstX509ExtendedTrustManager(systemTrustManagers); - if (nonSystemTrustManager == null) { - return system; - } - - return new CombiningX509TrustManager(nonSystemTrustManager, system); - } catch (Exception e) { - throw new ElasticsearchException("failed to initialize a trust managers", e); - } - } - - private static X509ExtendedTrustManager findFirstX509ExtendedTrustManager(TrustManager[] trustManagers) { - X509ExtendedTrustManager x509TrustManager = null; - for (TrustManager trustManager : trustManagers) { - if (trustManager instanceof X509ExtendedTrustManager) { - // first one wins like in the JDK - x509TrustManager = (X509ExtendedTrustManager) trustManager; - break; - } - } - if (x509TrustManager == null) { - throw new IllegalArgumentException("did not find a X509ExtendedTrustManager"); - } - return x509TrustManager; - } - - private static class CombiningX509TrustManager extends X509ExtendedTrustManager { - - private final X509ExtendedTrustManager first; - private final X509ExtendedTrustManager second; - - private final X509Certificate[] acceptedIssuers; - - CombiningX509TrustManager(X509ExtendedTrustManager first, X509ExtendedTrustManager second) { - this.first = first; - this.second = second; - X509Certificate[] firstIssuers = first.getAcceptedIssuers(); - X509Certificate[] secondIssuers = second.getAcceptedIssuers(); - this.acceptedIssuers = new X509Certificate[firstIssuers.length + secondIssuers.length]; - System.arraycopy(firstIssuers, 0, acceptedIssuers, 0, firstIssuers.length); - System.arraycopy(secondIssuers, 0, acceptedIssuers, firstIssuers.length, secondIssuers.length); - } - - @Override - public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException { - try { - first.checkClientTrusted(x509Certificates, s, socket); - } catch (CertificateException e) { - second.checkClientTrusted(x509Certificates, s, socket); - } - } - - @Override - public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException { - try { - first.checkServerTrusted(x509Certificates, s, socket); - } catch (CertificateException e) { - second.checkServerTrusted(x509Certificates, s, socket); - } - } - - @Override - public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException { - try { - first.checkClientTrusted(x509Certificates, s, sslEngine); - } catch (CertificateException e) { - second.checkClientTrusted(x509Certificates, s, sslEngine); - } - } - - @Override - public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException { - try { - first.checkServerTrusted(x509Certificates, s, sslEngine); - } catch (CertificateException e) { - second.checkServerTrusted(x509Certificates, s, sslEngine); - } - } - - @Override - public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { - try { - first.checkClientTrusted(x509Certificates, s); - } catch (CertificateException e) { - second.checkClientTrusted(x509Certificates, s); - } - } - - @Override - public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { - try { - first.checkServerTrusted(x509Certificates, s); - } catch (CertificateException e) { - second.checkServerTrusted(x509Certificates, s); - } - } - - @Override - public X509Certificate[] getAcceptedIssuers() { - return acceptedIssuers; - } - } -} diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/NoOpLogger.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/NoOpLogger.java index 073b430cb76..f8943528ec3 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/NoOpLogger.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/NoOpLogger.java @@ -5,41 +5,1205 @@ */ package org.elasticsearch.xpack.security.support; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Level; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.Marker; +import org.apache.logging.log4j.message.EntryMessage; +import org.apache.logging.log4j.message.Message; +import org.apache.logging.log4j.message.MessageFactory; +import org.apache.logging.log4j.util.MessageSupplier; +import org.apache.logging.log4j.util.Supplier; /** * A logger that doesn't log anything. */ -public class NoOpLogger extends ESLogger { +public class NoOpLogger implements Logger { - public static final ESLogger INSTANCE = new NoOpLogger(); + public static NoOpLogger INSTANCE = new NoOpLogger(); private NoOpLogger() { - super(null, null); + } @Override - public String getPrefix() { - return ""; + public void catching(Level level, Throwable t) { + + } + + @Override + public void catching(Throwable t) { + + } + + @Override + public void debug(Marker marker, Message msg) { + + } + + @Override + public void debug(Marker marker, Message msg, Throwable t) { + + } + + @Override + public void debug(Marker marker, MessageSupplier msgSupplier) { + + } + + @Override + public void debug(Marker marker, MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void debug(Marker marker, CharSequence message) { + + } + + @Override + public void debug(Marker marker, CharSequence message, Throwable t) { + + } + + @Override + public void debug(Marker marker, Object message) { + + } + + @Override + public void debug(Marker marker, Object message, Throwable t) { + + } + + @Override + public void debug(Marker marker, String message) { + + } + + @Override + public void debug(Marker marker, String message, Object... params) { + + } + + @Override + public void debug(Marker marker, String message, Supplier... paramSuppliers) { + + } + + @Override + public void debug(Marker marker, String message, Throwable t) { + + } + + @Override + public void debug(Marker marker, Supplier msgSupplier) { + + } + + @Override + public void debug(Marker marker, Supplier msgSupplier, Throwable t) { + + } + + @Override + public void debug(Message msg) { + + } + + @Override + public void debug(Message msg, Throwable t) { + + } + + @Override + public void debug(MessageSupplier msgSupplier) { + + } + + @Override + public void debug(MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void debug(CharSequence message) { + + } + + @Override + public void debug(CharSequence message, Throwable t) { + + } + + @Override + public void debug(Object message) { + + } + + @Override + public void debug(Object message, Throwable t) { + + } + + @Override + public void debug(String message) { + + } + + @Override + public void debug(String message, Object... params) { + + } + + @Override + public void debug(String message, Supplier... paramSuppliers) { + + } + + @Override + public void debug(String message, Throwable t) { + + } + + @Override + public void debug(Supplier msgSupplier) { + + } + + @Override + public void debug(Supplier msgSupplier, Throwable t) { + + } + + @Override + public void debug(Marker marker, String message, Object p0) { + + } + + @Override + public void debug(Marker marker, String message, Object p0, Object p1) { + + } + + @Override + public void debug(Marker marker, String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void debug(Marker marker, String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void debug(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void debug(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void debug(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { + + } + + @Override + public void debug( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7) { + + } + + @Override + public void debug( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8) { + + } + + @Override + public void debug( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + + } + + @Override + public void debug(String message, Object p0) { + + } + + @Override + public void debug(String message, Object p0, Object p1) { + + } + + @Override + public void debug(String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void debug(String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void debug(String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void debug(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void debug(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { + + } + + @Override + public void debug(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) { + + } + + @Override + public void debug(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) { + + } + + @Override + public void debug( + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + + } + + @Override + public void entry() { + + } + + @Override + public void entry(Object... params) { + + } + + @Override + public void error(Marker marker, Message msg) { + + } + + @Override + public void error(Marker marker, Message msg, Throwable t) { + + } + + @Override + public void error(Marker marker, MessageSupplier msgSupplier) { + + } + + @Override + public void error(Marker marker, MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void error(Marker marker, CharSequence message) { + + } + + @Override + public void error(Marker marker, CharSequence message, Throwable t) { + + } + + @Override + public void error(Marker marker, Object message) { + + } + + @Override + public void error(Marker marker, Object message, Throwable t) { + + } + + @Override + public void error(Marker marker, String message) { + + } + + @Override + public void error(Marker marker, String message, Object... params) { + + } + + @Override + public void error(Marker marker, String message, Supplier... paramSuppliers) { + + } + + @Override + public void error(Marker marker, String message, Throwable t) { + + } + + @Override + public void error(Marker marker, Supplier msgSupplier) { + + } + + @Override + public void error(Marker marker, Supplier msgSupplier, Throwable t) { + + } + + @Override + public void error(Message msg) { + + } + + @Override + public void error(Message msg, Throwable t) { + + } + + @Override + public void error(MessageSupplier msgSupplier) { + + } + + @Override + public void error(MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void error(CharSequence message) { + + } + + @Override + public void error(CharSequence message, Throwable t) { + + } + + @Override + public void error(Object message) { + + } + + @Override + public void error(Object message, Throwable t) { + + } + + @Override + public void error(String message) { + + } + + @Override + public void error(String message, Object... params) { + + } + + @Override + public void error(String message, Supplier... paramSuppliers) { + + } + + @Override + public void error(String message, Throwable t) { + + } + + @Override + public void error(Supplier msgSupplier) { + + } + + @Override + public void error(Supplier msgSupplier, Throwable t) { + + } + + @Override + public void error(Marker marker, String message, Object p0) { + + } + + @Override + public void error(Marker marker, String message, Object p0, Object p1) { + + } + + @Override + public void error(Marker marker, String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void error(Marker marker, String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void error(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void error(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void error(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { + + } + + @Override + public void error( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7) { + + } + + @Override + public void error( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8) { + + } + + @Override + public void error( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + + } + + @Override + public void error(String message, Object p0) { + + } + + @Override + public void error(String message, Object p0, Object p1) { + + } + + @Override + public void error(String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void error(String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void error(String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void error(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void error(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { + + } + + @Override + public void error(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) { + + } + + @Override + public void error(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) { + + } + + @Override + public void error( + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + + } + + @Override + public void exit() { + + } + + @Override + public R exit(R result) { + return null; + } + + @Override + public void fatal(Marker marker, Message msg) { + + } + + @Override + public void fatal(Marker marker, Message msg, Throwable t) { + + } + + @Override + public void fatal(Marker marker, MessageSupplier msgSupplier) { + + } + + @Override + public void fatal(Marker marker, MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void fatal(Marker marker, CharSequence message) { + + } + + @Override + public void fatal(Marker marker, CharSequence message, Throwable t) { + + } + + @Override + public void fatal(Marker marker, Object message) { + + } + + @Override + public void fatal(Marker marker, Object message, Throwable t) { + + } + + @Override + public void fatal(Marker marker, String message) { + + } + + @Override + public void fatal(Marker marker, String message, Object... params) { + + } + + @Override + public void fatal(Marker marker, String message, Supplier... paramSuppliers) { + + } + + @Override + public void fatal(Marker marker, String message, Throwable t) { + + } + + @Override + public void fatal(Marker marker, Supplier msgSupplier) { + + } + + @Override + public void fatal(Marker marker, Supplier msgSupplier, Throwable t) { + + } + + @Override + public void fatal(Message msg) { + + } + + @Override + public void fatal(Message msg, Throwable t) { + + } + + @Override + public void fatal(MessageSupplier msgSupplier) { + + } + + @Override + public void fatal(MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void fatal(CharSequence message) { + + } + + @Override + public void fatal(CharSequence message, Throwable t) { + + } + + @Override + public void fatal(Object message) { + + } + + @Override + public void fatal(Object message, Throwable t) { + + } + + @Override + public void fatal(String message) { + + } + + @Override + public void fatal(String message, Object... params) { + + } + + @Override + public void fatal(String message, Supplier... paramSuppliers) { + + } + + @Override + public void fatal(String message, Throwable t) { + + } + + @Override + public void fatal(Supplier msgSupplier) { + + } + + @Override + public void fatal(Supplier msgSupplier, Throwable t) { + + } + + @Override + public void fatal(Marker marker, String message, Object p0) { + + } + + @Override + public void fatal(Marker marker, String message, Object p0, Object p1) { + + } + + @Override + public void fatal(Marker marker, String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void fatal(Marker marker, String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void fatal(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void fatal(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void fatal(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { + + } + + @Override + public void fatal( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7) { + + } + + @Override + public void fatal( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8) { + + } + + @Override + public void fatal( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + + } + + @Override + public void fatal(String message, Object p0) { + + } + + @Override + public void fatal(String message, Object p0, Object p1) { + + } + + @Override + public void fatal(String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void fatal(String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void fatal(String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void fatal(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void fatal(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { + + } + + @Override + public void fatal(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) { + + } + + @Override + public void fatal(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) { + + } + + @Override + public void fatal( + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + + } + + @Override + public Level getLevel() { + return null; + } + + @Override + public MF getMessageFactory() { + return null; } @Override public String getName() { - return "_no_op"; + return null; } @Override - public void setLevel(String level) { + public void info(Marker marker, Message msg) { + } @Override - public String getLevel() { - return "NONE"; + public void info(Marker marker, Message msg, Throwable t) { + } @Override - public boolean isTraceEnabled() { - return false; + public void info(Marker marker, MessageSupplier msgSupplier) { + + } + + @Override + public void info(Marker marker, MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void info(Marker marker, CharSequence message) { + + } + + @Override + public void info(Marker marker, CharSequence message, Throwable t) { + + } + + @Override + public void info(Marker marker, Object message) { + + } + + @Override + public void info(Marker marker, Object message, Throwable t) { + + } + + @Override + public void info(Marker marker, String message) { + + } + + @Override + public void info(Marker marker, String message, Object... params) { + + } + + @Override + public void info(Marker marker, String message, Supplier... paramSuppliers) { + + } + + @Override + public void info(Marker marker, String message, Throwable t) { + + } + + @Override + public void info(Marker marker, Supplier msgSupplier) { + + } + + @Override + public void info(Marker marker, Supplier msgSupplier, Throwable t) { + + } + + @Override + public void info(Message msg) { + + } + + @Override + public void info(Message msg, Throwable t) { + + } + + @Override + public void info(MessageSupplier msgSupplier) { + + } + + @Override + public void info(MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void info(CharSequence message) { + + } + + @Override + public void info(CharSequence message, Throwable t) { + + } + + @Override + public void info(Object message) { + + } + + @Override + public void info(Object message, Throwable t) { + + } + + @Override + public void info(String message) { + + } + + @Override + public void info(String message, Object... params) { + + } + + @Override + public void info(String message, Supplier... paramSuppliers) { + + } + + @Override + public void info(String message, Throwable t) { + + } + + @Override + public void info(Supplier msgSupplier) { + + } + + @Override + public void info(Supplier msgSupplier, Throwable t) { + + } + + @Override + public void info(Marker marker, String message, Object p0) { + + } + + @Override + public void info(Marker marker, String message, Object p0, Object p1) { + + } + + @Override + public void info(Marker marker, String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void info(Marker marker, String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void info(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void info(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void info(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { + + } + + @Override + public void info( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7) { + + } + + @Override + public void info( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8) { + + } + + @Override + public void info( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + + } + + @Override + public void info(String message, Object p0) { + + } + + @Override + public void info(String message, Object p0, Object p1) { + + } + + @Override + public void info(String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void info(String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void info(String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void info(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void info(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { + + } + + @Override + public void info(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) { + + } + + @Override + public void info(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) { + + } + + @Override + public void info( + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + } @Override @@ -48,12 +1212,17 @@ public class NoOpLogger extends ESLogger { } @Override - public boolean isInfoEnabled() { + public boolean isDebugEnabled(Marker marker) { return false; } @Override - public boolean isWarnEnabled() { + public boolean isEnabled(Level level) { + return false; + } + + @Override + public boolean isEnabled(Level level, Marker marker) { return false; } @@ -63,42 +1232,1000 @@ public class NoOpLogger extends ESLogger { } @Override - public void trace(String msg, Object... params) { + public boolean isErrorEnabled(Marker marker) { + return false; } @Override - public void trace(String msg, Throwable cause, Object... params) { + public boolean isFatalEnabled() { + return false; } @Override - public void debug(String msg, Object... params) { + public boolean isFatalEnabled(Marker marker) { + return false; } @Override - public void debug(String msg, Throwable cause, Object... params) { + public boolean isInfoEnabled() { + return false; } @Override - public void info(String msg, Object... params) { + public boolean isInfoEnabled(Marker marker) { + return false; } @Override - public void info(String msg, Throwable cause, Object... params) { + public boolean isTraceEnabled() { + return false; } @Override - public void warn(String msg, Object... params) { + public boolean isTraceEnabled(Marker marker) { + return false; } @Override - public void warn(String msg, Throwable cause, Object... params) { + public boolean isWarnEnabled() { + return false; } @Override - public void error(String msg, Object... params) { + public boolean isWarnEnabled(Marker marker) { + return false; } @Override - public void error(String msg, Throwable cause, Object... params) { + public void log(Level level, Marker marker, Message msg) { + } + + @Override + public void log(Level level, Marker marker, Message msg, Throwable t) { + + } + + @Override + public void log(Level level, Marker marker, MessageSupplier msgSupplier) { + + } + + @Override + public void log(Level level, Marker marker, MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void log(Level level, Marker marker, CharSequence message) { + + } + + @Override + public void log(Level level, Marker marker, CharSequence message, Throwable t) { + + } + + @Override + public void log(Level level, Marker marker, Object message) { + + } + + @Override + public void log(Level level, Marker marker, Object message, Throwable t) { + + } + + @Override + public void log(Level level, Marker marker, String message) { + + } + + @Override + public void log(Level level, Marker marker, String message, Object... params) { + + } + + @Override + public void log(Level level, Marker marker, String message, Supplier... paramSuppliers) { + + } + + @Override + public void log(Level level, Marker marker, String message, Throwable t) { + + } + + @Override + public void log(Level level, Marker marker, Supplier msgSupplier) { + + } + + @Override + public void log(Level level, Marker marker, Supplier msgSupplier, Throwable t) { + + } + + @Override + public void log(Level level, Message msg) { + + } + + @Override + public void log(Level level, Message msg, Throwable t) { + + } + + @Override + public void log(Level level, MessageSupplier msgSupplier) { + + } + + @Override + public void log(Level level, MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void log(Level level, CharSequence message) { + + } + + @Override + public void log(Level level, CharSequence message, Throwable t) { + + } + + @Override + public void log(Level level, Object message) { + + } + + @Override + public void log(Level level, Object message, Throwable t) { + + } + + @Override + public void log(Level level, String message) { + + } + + @Override + public void log(Level level, String message, Object... params) { + + } + + @Override + public void log(Level level, String message, Supplier... paramSuppliers) { + + } + + @Override + public void log(Level level, String message, Throwable t) { + + } + + @Override + public void log(Level level, Supplier msgSupplier) { + + } + + @Override + public void log(Level level, Supplier msgSupplier, Throwable t) { + + } + + @Override + public void log(Level level, Marker marker, String message, Object p0) { + + } + + @Override + public void log(Level level, Marker marker, String message, Object p0, Object p1) { + + } + + @Override + public void log(Level level, Marker marker, String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void log(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void log(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void log(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void log( + Level level, + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6) { + + } + + @Override + public void log( + Level level, + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7) { + + } + + @Override + public void log( + Level level, + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8) { + + } + + @Override + public void log( + Level level, + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + + } + + @Override + public void log(Level level, String message, Object p0) { + + } + + @Override + public void log(Level level, String message, Object p0, Object p1) { + + } + + @Override + public void log(Level level, String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void log(Level level, String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void log(Level level, String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void log(Level level, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void log(Level level, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { + + } + + @Override + public void log(Level level, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) { + + } + + @Override + public void log( + Level level, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8) { + + } + + @Override + public void log( + Level level, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + + } + + @Override + public void printf(Level level, Marker marker, String format, Object... params) { + + } + + @Override + public void printf(Level level, String format, Object... params) { + + } + + @Override + public T throwing(Level level, T t) { + return null; + } + + @Override + public T throwing(T t) { + return null; + } + + @Override + public void trace(Marker marker, Message msg) { + + } + + @Override + public void trace(Marker marker, Message msg, Throwable t) { + + } + + @Override + public void trace(Marker marker, MessageSupplier msgSupplier) { + + } + + @Override + public void trace(Marker marker, MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void trace(Marker marker, CharSequence message) { + + } + + @Override + public void trace(Marker marker, CharSequence message, Throwable t) { + + } + + @Override + public void trace(Marker marker, Object message) { + + } + + @Override + public void trace(Marker marker, Object message, Throwable t) { + + } + + @Override + public void trace(Marker marker, String message) { + + } + + @Override + public void trace(Marker marker, String message, Object... params) { + + } + + @Override + public void trace(Marker marker, String message, Supplier... paramSuppliers) { + + } + + @Override + public void trace(Marker marker, String message, Throwable t) { + + } + + @Override + public void trace(Marker marker, Supplier msgSupplier) { + + } + + @Override + public void trace(Marker marker, Supplier msgSupplier, Throwable t) { + + } + + @Override + public void trace(Message msg) { + + } + + @Override + public void trace(Message msg, Throwable t) { + + } + + @Override + public void trace(MessageSupplier msgSupplier) { + + } + + @Override + public void trace(MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void trace(CharSequence message) { + + } + + @Override + public void trace(CharSequence message, Throwable t) { + + } + + @Override + public void trace(Object message) { + + } + + @Override + public void trace(Object message, Throwable t) { + + } + + @Override + public void trace(String message) { + + } + + @Override + public void trace(String message, Object... params) { + + } + + @Override + public void trace(String message, Supplier... paramSuppliers) { + + } + + @Override + public void trace(String message, Throwable t) { + + } + + @Override + public void trace(Supplier msgSupplier) { + + } + + @Override + public void trace(Supplier msgSupplier, Throwable t) { + + } + + @Override + public void trace(Marker marker, String message, Object p0) { + + } + + @Override + public void trace(Marker marker, String message, Object p0, Object p1) { + + } + + @Override + public void trace(Marker marker, String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void trace(Marker marker, String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void trace(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void trace(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void trace(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { + + } + + @Override + public void trace( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7) { + + } + + @Override + public void trace( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8) { + + } + + @Override + public void trace( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + + } + + @Override + public void trace(String message, Object p0) { + + } + + @Override + public void trace(String message, Object p0, Object p1) { + + } + + @Override + public void trace(String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void trace(String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void trace(String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void trace(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void trace(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { + + } + + @Override + public void trace(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) { + + } + + @Override + public void trace(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) { + + } + + @Override + public void trace( + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + + } + + @Override + public EntryMessage traceEntry() { + return null; + } + + @Override + public EntryMessage traceEntry(String format, Object... params) { + return null; + } + + @Override + public EntryMessage traceEntry(Supplier... paramSuppliers) { + return null; + } + + @Override + public EntryMessage traceEntry(String format, Supplier... paramSuppliers) { + return null; + } + + @Override + public EntryMessage traceEntry(Message message) { + return null; + } + + @Override + public void traceExit() { + + } + + @Override + public R traceExit(R result) { + return null; + } + + @Override + public R traceExit(String format, R result) { + return null; + } + + @Override + public void traceExit(EntryMessage message) { + + } + + @Override + public R traceExit(EntryMessage message, R result) { + return null; + } + + @Override + public R traceExit(Message message, R result) { + return null; + } + + @Override + public void warn(Marker marker, Message msg) { + + } + + @Override + public void warn(Marker marker, Message msg, Throwable t) { + + } + + @Override + public void warn(Marker marker, MessageSupplier msgSupplier) { + + } + + @Override + public void warn(Marker marker, MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void warn(Marker marker, CharSequence message) { + + } + + @Override + public void warn(Marker marker, CharSequence message, Throwable t) { + + } + + @Override + public void warn(Marker marker, Object message) { + + } + + @Override + public void warn(Marker marker, Object message, Throwable t) { + + } + + @Override + public void warn(Marker marker, String message) { + + } + + @Override + public void warn(Marker marker, String message, Object... params) { + + } + + @Override + public void warn(Marker marker, String message, Supplier... paramSuppliers) { + + } + + @Override + public void warn(Marker marker, String message, Throwable t) { + + } + + @Override + public void warn(Marker marker, Supplier msgSupplier) { + + } + + @Override + public void warn(Marker marker, Supplier msgSupplier, Throwable t) { + + } + + @Override + public void warn(Message msg) { + + } + + @Override + public void warn(Message msg, Throwable t) { + + } + + @Override + public void warn(MessageSupplier msgSupplier) { + + } + + @Override + public void warn(MessageSupplier msgSupplier, Throwable t) { + + } + + @Override + public void warn(CharSequence message) { + + } + + @Override + public void warn(CharSequence message, Throwable t) { + + } + + @Override + public void warn(Object message) { + + } + + @Override + public void warn(Object message, Throwable t) { + + } + + @Override + public void warn(String message) { + + } + + @Override + public void warn(String message, Object... params) { + + } + + @Override + public void warn(String message, Supplier... paramSuppliers) { + + } + + @Override + public void warn(String message, Throwable t) { + + } + + @Override + public void warn(Supplier msgSupplier) { + + } + + @Override + public void warn(Supplier msgSupplier, Throwable t) { + + } + + @Override + public void warn(Marker marker, String message, Object p0) { + + } + + @Override + public void warn(Marker marker, String message, Object p0, Object p1) { + + } + + @Override + public void warn(Marker marker, String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void warn(Marker marker, String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void warn(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void warn(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void warn(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { + + } + + @Override + public void warn( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7) { + + } + + @Override + public void warn( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8) { + + } + + @Override + public void warn( + Marker marker, + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + + } + + @Override + public void warn(String message, Object p0) { + + } + + @Override + public void warn(String message, Object p0, Object p1) { + + } + + @Override + public void warn(String message, Object p0, Object p1, Object p2) { + + } + + @Override + public void warn(String message, Object p0, Object p1, Object p2, Object p3) { + + } + + @Override + public void warn(String message, Object p0, Object p1, Object p2, Object p3, Object p4) { + + } + + @Override + public void warn(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { + + } + + @Override + public void warn(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { + + } + + @Override + public void warn(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) { + + } + + @Override + public void warn(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) { + + } + + @Override + public void warn( + String message, + Object p0, + Object p1, + Object p2, + Object p3, + Object p4, + Object p5, + Object p6, + Object p7, + Object p8, + Object p9) { + + } + } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/OptionalSettings.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/OptionalSettings.java deleted file mode 100644 index 58c0fcf50aa..00000000000 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/OptionalSettings.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.xpack.security.support; - -import org.elasticsearch.common.settings.Setting; -import org.elasticsearch.common.settings.Setting.Property; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.unit.TimeValue; - -import java.util.Optional; -import java.util.function.Function; - -public class OptionalSettings { - - private OptionalSettings() {} - - public static Setting> createInt(String key, Property... properties) { - return new Setting<>(key, s -> null, s -> { - if (s != null) { - return Optional.of(Integer.parseInt(s)); - } else { - return Optional.ofNullable(null); - } - }, properties); - } - - public static Setting> createString(String key, Property... properties) { - return createString(key, s -> null, properties); - } - - public static Setting> createString(String key, Function defaultValue, Property... properties) { - return new Setting<>(key, defaultValue, Optional::ofNullable, properties); - } - - public static Setting> createString(String key, Setting> fallback, Property... properties) { - return new Setting<>(key, fallback, Optional::ofNullable, properties); - } - - public static Setting> createTimeValue(String key, Property... properties) { - return new Setting<>(key, s-> null, s -> { - if (s != null) { - return Optional.of(TimeValue.parseTimeValue(s, key)); - } else { - return Optional.ofNullable(null); - } - }, properties); - } -} diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportService.java index 2090ae6b246..defb17dc598 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportService.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportService.java @@ -15,6 +15,7 @@ import org.elasticsearch.xpack.security.authz.AuthorizationService; import org.elasticsearch.xpack.security.authz.AuthorizationUtils; import org.elasticsearch.xpack.security.authz.accesscontrol.RequestContext; import org.elasticsearch.license.XPackLicenseState; +import org.elasticsearch.xpack.ssl.SSLService; import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; import org.elasticsearch.tasks.Task; import org.elasticsearch.threadpool.ThreadPool; @@ -36,32 +37,33 @@ import java.util.HashMap; import java.util.Map; import java.util.function.Supplier; -import static org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport.CLIENT_AUTH_SETTING; -import static org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport.PROFILE_CLIENT_AUTH_SETTING; -import static org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport.SSL_SETTING; +import static org.elasticsearch.xpack.XPackSettings.TRANSPORT_SSL_ENABLED; +import static org.elasticsearch.xpack.security.Security.setting; public class SecurityServerTransportService extends TransportService { - public static final String SETTING_NAME = "xpack.security.type"; + private static final String SETTING_NAME = "xpack.security.type"; - protected final AuthenticationService authcService; - protected final AuthorizationService authzService; - protected final SecurityActionMapper actionMapper; - protected final XPackLicenseState licenseState; - - protected final Map profileFilters; + private final AuthenticationService authcService; + private final AuthorizationService authzService; + private final SecurityActionMapper actionMapper; + private final SSLService sslService; + private final Map profileFilters; + final XPackLicenseState licenseState; @Inject public SecurityServerTransportService(Settings settings, Transport transport, ThreadPool threadPool, AuthenticationService authcService, AuthorizationService authzService, SecurityActionMapper actionMapper, - XPackLicenseState licenseState) { + XPackLicenseState licenseState, + SSLService sslService) { super(settings, transport, threadPool); this.authcService = authcService; this.authzService = authzService; this.actionMapper = actionMapper; this.licenseState = licenseState; + this.sslService = sslService; this.profileFilters = initializeProfileFilters(); } @@ -119,10 +121,12 @@ public class SecurityServerTransportService extends TransportService { Map profileSettingsMap = settings.getGroups("transport.profiles.", true); Map profileFilters = new HashMap<>(profileSettingsMap.size() + 1); + final Settings transportSSLSettings = settings.getByPrefix(setting("transport.ssl.")); for (Map.Entry entry : profileSettingsMap.entrySet()) { Settings profileSettings = entry.getValue(); - final boolean profileSsl = SecurityNetty3Transport.profileSsl(profileSettings, settings); - final boolean clientAuth = PROFILE_CLIENT_AUTH_SETTING.get(profileSettings, settings).enabled(); + final boolean profileSsl = SecurityNetty3Transport.PROFILE_SSL_SETTING.get(profileSettings); + final Settings profileSslSettings = SecurityNetty3Transport.profileSslSettings(profileSettings); + final boolean clientAuth = sslService.isSSLClientAuthEnabled(profileSslSettings, transportSSLSettings); final boolean extractClientCert = profileSsl && clientAuth; String type = entry.getValue().get(SETTING_NAME, "node"); switch (type) { @@ -137,8 +141,8 @@ public class SecurityServerTransportService extends TransportService { } if (!profileFilters.containsKey(TransportSettings.DEFAULT_PROFILE)) { - final boolean profileSsl = SSL_SETTING.get(settings); - final boolean clientAuth = CLIENT_AUTH_SETTING.get(settings).enabled(); + final boolean profileSsl = TRANSPORT_SSL_ENABLED.get(settings); + final boolean clientAuth = sslService.isSSLClientAuthEnabled(transportSSLSettings); final boolean extractClientCert = profileSsl && clientAuth; profileFilters.put(TransportSettings.DEFAULT_PROFILE, new ServerTransportFilter.NodeProfile(authcService, authzService, actionMapper, threadPool.getThreadContext(), extractClientCert)); @@ -159,9 +163,9 @@ public class SecurityServerTransportService extends TransportService { private final XPackLicenseState licenseState; private final ThreadContext threadContext; - public ProfileSecuredRequestHandler(String action, TransportRequestHandler handler, - Map profileFilters, XPackLicenseState licenseState, - ThreadContext threadContext) { + private ProfileSecuredRequestHandler(String action, TransportRequestHandler handler, + Map profileFilters, XPackLicenseState licenseState, + ThreadContext threadContext) { this.action = action; this.handler = handler; this.profileFilters = profileFilters; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/ServerTransportFilter.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/ServerTransportFilter.java index 6b0c4a98342..6f39c2e9463 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/ServerTransportFilter.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/ServerTransportFilter.java @@ -5,13 +5,9 @@ */ package org.elasticsearch.xpack.security.transport; -import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLPeerUnverifiedException; -import java.io.IOException; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; - -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.transport.DelegatingTransportChannel; @@ -26,6 +22,12 @@ import org.elasticsearch.xpack.security.authz.AuthorizationService; import org.jboss.netty.channel.Channel; import org.jboss.netty.handler.ssl.SslHandler; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLPeerUnverifiedException; +import java.io.IOException; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; + import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError; /** @@ -48,7 +50,7 @@ public interface ServerTransportFilter { * request is properly authenticated and authorized */ class NodeProfile implements ServerTransportFilter { - private static final ESLogger logger = Loggers.getLogger(NodeProfile.class); + private static final Logger logger = Loggers.getLogger(NodeProfile.class); private final AuthenticationService authcService; private final AuthorizationService authzService; @@ -113,7 +115,9 @@ public interface ServerTransportFilter { assert sslEngine.getNeedClientAuth() == false; assert sslEngine.getWantClientAuth(); if (logger.isTraceEnabled()) { - logger.trace("SSL Peer did not present a certificate on channel [{}]", e, channel); + logger.trace( + (Supplier) () -> new ParameterizedMessage( + "SSL Peer did not present a certificate on channel [{}]", channel), e); } else if (logger.isDebugEnabled()) { logger.debug("SSL Peer did not present a certificate on channel [{}]", channel); } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java index 6587e907030..0a7f65bcf39 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java @@ -6,10 +6,10 @@ package org.elasticsearch.xpack.security.transport.filter; +import org.apache.logging.log4j.Logger; import org.apache.lucene.util.SetOnce; import org.elasticsearch.common.collect.MapBuilder; import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.Setting; @@ -96,7 +96,7 @@ public class IPFilter { private final XPackLicenseState licenseState; private final boolean alwaysAllowBoundAddresses; - private final ESLogger logger; + private final Logger logger; private volatile Map rules = Collections.emptyMap(); private volatile boolean isIpFilterEnabled; private volatile boolean isHttpFilterEnabled; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/Netty3HandshakeWaitingHandler.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/Netty3HandshakeWaitingHandler.java index bd4bd2cb356..84875d49b68 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/Netty3HandshakeWaitingHandler.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/Netty3HandshakeWaitingHandler.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.security.transport.netty3; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.jboss.netty.channel.ChannelFuture; import org.jboss.netty.channel.ChannelFutureListener; import org.jboss.netty.channel.ChannelHandlerContext; @@ -31,7 +33,7 @@ import java.util.Queue; */ public class Netty3HandshakeWaitingHandler extends SimpleChannelHandler { - private final ESLogger logger; + private final Logger logger; private boolean handshaken = false; private Queue pendingWrites = new LinkedList<>(); @@ -39,7 +41,7 @@ public class Netty3HandshakeWaitingHandler extends SimpleChannelHandler { /** * @param logger We pass a context aware logger here (logger that is aware of the node name & env) */ - public Netty3HandshakeWaitingHandler(ESLogger logger) { + public Netty3HandshakeWaitingHandler(Logger logger) { this.logger = logger; } @@ -69,7 +71,9 @@ public class Netty3HandshakeWaitingHandler extends SimpleChannelHandler { } else { Throwable cause = handshakeFuture.getCause(); if (logger.isDebugEnabled()) { - logger.debug("SSL/TLS handshake failed, closing channel: {}", cause, cause.getMessage()); + logger.debug( + (Supplier) () -> new ParameterizedMessage( + "SSL/TLS handshake failed, closing channel: {}", cause.getMessage()), cause); } else { logger.error("SSL/TLS handshake failed, closing channel: {}", cause.getMessage()); } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransport.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransport.java index 0e2843afb08..c59f6a35b73 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransport.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransport.java @@ -5,17 +5,16 @@ */ package org.elasticsearch.xpack.security.transport.netty3; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.network.NetworkService; -import org.elasticsearch.common.settings.Setting; -import org.elasticsearch.common.settings.Setting.Property; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.BigArrays; import org.elasticsearch.http.netty3.Netty3HttpServerTransport; -import org.elasticsearch.xpack.security.ssl.SSLService; -import org.elasticsearch.xpack.security.transport.SSLClientAuth; -import org.elasticsearch.xpack.security.transport.filter.IPFilter; +import org.elasticsearch.xpack.ssl.SSLService; import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.xpack.security.transport.filter.IPFilter; import org.jboss.netty.channel.ChannelHandlerContext; import org.jboss.netty.channel.ChannelPipeline; import org.jboss.netty.channel.ChannelPipelineFactory; @@ -24,45 +23,27 @@ import org.jboss.netty.handler.ssl.SslHandler; import javax.net.ssl.SSLEngine; -import java.util.List; - import static org.elasticsearch.http.HttpTransportSettings.SETTING_HTTP_COMPRESSION; -import static org.elasticsearch.xpack.security.Security.setting; import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isCloseDuringHandshakeException; import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isNotSslRecordException; +import static org.elasticsearch.xpack.XPackSettings.HTTP_SSL_ENABLED; /** * */ public class SecurityNetty3HttpServerTransport extends Netty3HttpServerTransport { - public static final boolean SSL_DEFAULT = false; - public static final String CLIENT_AUTH_DEFAULT = SSLClientAuth.NO.name(); - - public static final Setting DEPRECATED_SSL_SETTING = - Setting.boolSetting(setting("http.ssl"), SSL_DEFAULT, Property.NodeScope, Property.Deprecated); - public static final Setting SSL_SETTING = - Setting.boolSetting(setting("http.ssl.enabled"), DEPRECATED_SSL_SETTING, Property.NodeScope); - public static final Setting CLIENT_AUTH_SETTING = - new Setting<>(setting("http.ssl.client.auth"), CLIENT_AUTH_DEFAULT, SSLClientAuth::parse, Property.NodeScope); - private final IPFilter ipFilter; private final SSLService sslService; private final boolean ssl; - private final Settings sslSettings; @Inject public SecurityNetty3HttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays, IPFilter ipFilter, SSLService sslService, ThreadPool threadPool) { super(settings, networkService, bigArrays, threadPool); this.ipFilter = ipFilter; - this.ssl = SSL_SETTING.get(settings); this.sslService = sslService; - if (ssl) { - sslSettings = settings.getByPrefix(setting("http.ssl.")); - } else { - sslSettings = Settings.EMPTY; - } + this.ssl = HTTP_SSL_ENABLED.get(settings); } @Override @@ -74,14 +55,18 @@ public class SecurityNetty3HttpServerTransport extends Netty3HttpServerTransport Throwable t = e.getCause(); if (isNotSslRecordException(t)) { if (logger.isTraceEnabled()) { - logger.trace("received plaintext http traffic on a https channel, closing connection {}", t, ctx.getChannel()); + logger.trace( + (Supplier) () -> new ParameterizedMessage( + "received plaintext http traffic on a https channel, closing connection {}", + ctx.getChannel()), + t); } else { logger.warn("received plaintext http traffic on a https channel, closing connection {}", ctx.getChannel()); } ctx.getChannel().close(); } else if (isCloseDuringHandshakeException(t)) { if (logger.isTraceEnabled()) { - logger.trace("connection {} closed during handshake", t, ctx.getChannel()); + logger.trace((Supplier) () -> new ParameterizedMessage("connection {} closed during handshake", ctx.getChannel()), t); } else { logger.warn("connection {} closed during handshake", ctx.getChannel()); } @@ -104,13 +89,14 @@ public class SecurityNetty3HttpServerTransport extends Netty3HttpServerTransport private class HttpSslChannelPipelineFactory extends HttpChannelPipelineFactory { - private final SSLClientAuth clientAuth; + private final Settings sslSettings; public HttpSslChannelPipelineFactory(Netty3HttpServerTransport transport) { super(transport, detailedErrorsEnabled, threadPool.getThreadContext()); - clientAuth = CLIENT_AUTH_SETTING.get(settings); - if (ssl && sslService.isConfigurationValidForServerUsage(sslSettings) == false) { - throw new IllegalArgumentException("a key must be provided to run as a server"); + this.sslSettings = SSLService.getHttpTransportSSLSettings(settings); + if (ssl && sslService.isConfigurationValidForServerUsage(sslSettings, Settings.EMPTY) == false) { + throw new IllegalArgumentException("a key must be provided to run as a server. the key should be configured using the " + + "[xpack.security.http.ssl.key] or [xpack.security.http.ssl.keystore.path] setting"); } } @@ -118,10 +104,7 @@ public class SecurityNetty3HttpServerTransport extends Netty3HttpServerTransport public ChannelPipeline getPipeline() throws Exception { ChannelPipeline pipeline = super.getPipeline(); if (ssl) { - SSLEngine engine = sslService.createSSLEngine(sslSettings); - engine.setUseClientMode(false); - clientAuth.configure(engine); - + SSLEngine engine = sslService.createSSLEngine(sslSettings, Settings.EMPTY); pipeline.addFirst("ssl", new SslHandler(engine)); } pipeline.addFirst("ipfilter", new IPFilterNetty3UpstreamHandler(ipFilter, IPFilter.HTTP_PROFILE_NAME)); @@ -129,14 +112,8 @@ public class SecurityNetty3HttpServerTransport extends Netty3HttpServerTransport } } - public static void addSettings(List> settings) { - settings.add(SSL_SETTING); - settings.add(CLIENT_AUTH_SETTING); - settings.add(DEPRECATED_SSL_SETTING); - } - public static void overrideSettings(Settings.Builder settingsBuilder, Settings settings) { - if (SSL_SETTING.get(settings) && SETTING_HTTP_COMPRESSION.exists(settings) == false) { + if (HTTP_SSL_ENABLED.get(settings) && SETTING_HTTP_COMPRESSION.exists(settings) == false) { settingsBuilder.put(SETTING_HTTP_COMPRESSION.getKey(), false); } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3Transport.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3Transport.java index 0433ac38eda..ca3d2257be8 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3Transport.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3Transport.java @@ -5,21 +5,21 @@ */ package org.elasticsearch.xpack.security.transport.netty3; -import org.elasticsearch.common.SuppressForbidden; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.inject.internal.Nullable; import org.elasticsearch.common.io.stream.NamedWriteableRegistry; import org.elasticsearch.common.network.NetworkService; import org.elasticsearch.common.settings.Setting; -import org.elasticsearch.common.settings.Setting.Property; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.BigArrays; import org.elasticsearch.indices.breaker.CircuitBreakerService; -import org.elasticsearch.xpack.security.ssl.SSLService; -import org.elasticsearch.xpack.security.transport.SSLClientAuth; -import org.elasticsearch.xpack.security.transport.filter.IPFilter; +import org.elasticsearch.transport.TransportSettings; +import org.elasticsearch.xpack.ssl.SSLService; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.netty3.Netty3Transport; +import org.elasticsearch.xpack.security.transport.filter.IPFilter; import org.jboss.netty.channel.Channel; import org.jboss.netty.channel.ChannelHandlerContext; import org.jboss.netty.channel.ChannelPipeline; @@ -29,69 +29,21 @@ import org.jboss.netty.channel.SimpleChannelHandler; import org.jboss.netty.handler.ssl.SslHandler; import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLParameters; import java.io.IOException; import java.net.InetSocketAddress; -import java.util.List; import static org.elasticsearch.xpack.security.Security.setting; -import static org.elasticsearch.xpack.security.Security.settingPrefix; import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isCloseDuringHandshakeException; import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isNotSslRecordException; +import static org.elasticsearch.xpack.XPackSettings.TRANSPORT_SSL_ENABLED; public class SecurityNetty3Transport extends Netty3Transport { - public static final String CLIENT_AUTH_DEFAULT = SSLClientAuth.REQUIRED.name(); - public static final boolean SSL_DEFAULT = false; - - public static final Setting DEPRECATED_HOSTNAME_VERIFICATION_SETTING = - Setting.boolSetting( - setting("ssl.hostname_verification"), - true, - new Property[]{Property.NodeScope, Property.Filtered, Property.Deprecated, Property.Shared}); - - public static final Setting HOSTNAME_VERIFICATION_SETTING = - Setting.boolSetting(setting("ssl.hostname_verification.enabled"), DEPRECATED_HOSTNAME_VERIFICATION_SETTING, - Property.NodeScope, Property.Filtered, Property.Shared); - - public static final Setting HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING = - Setting.boolSetting( - setting("ssl.hostname_verification.resolve_name"), - true, - new Property[]{Property.NodeScope, Property.Filtered, Property.Shared}); - - public static final Setting DEPRECATED_SSL_SETTING = - Setting.boolSetting(setting("transport.ssl"), SSL_DEFAULT, - Property.Filtered, Property.NodeScope, Property.Deprecated, Property.Shared); - - public static final Setting SSL_SETTING = - Setting.boolSetting( - setting("transport.ssl.enabled"), - DEPRECATED_SSL_SETTING, - new Property[]{Property.Filtered, Property.NodeScope, Property.Shared}); - - public static final Setting CLIENT_AUTH_SETTING = - new Setting<>( - setting("transport.ssl.client.auth"), - CLIENT_AUTH_DEFAULT, - SSLClientAuth::parse, - new Property[]{Property.NodeScope, Property.Filtered, Property.Shared}); - - public static final Setting DEPRECATED_PROFILE_SSL_SETTING = - Setting.boolSetting(setting("ssl"), SSL_SETTING, Property.Filtered, Property.NodeScope, Property.Deprecated, Property.Shared); - - public static final Setting PROFILE_SSL_SETTING = - Setting.boolSetting(setting("ssl.enabled"), SSL_DEFAULT, Property.Filtered, Property.NodeScope, Property.Shared); - - public static final Setting PROFILE_CLIENT_AUTH_SETTING = - new Setting<>( - setting("ssl.client.auth"), - CLIENT_AUTH_SETTING, - SSLClientAuth::parse, - new Property[]{Property.NodeScope, Property.Filtered, Property.Shared}); + public static final Setting PROFILE_SSL_SETTING = Setting.boolSetting(setting("ssl.enabled"), false); private final SSLService sslService; @Nullable private final IPFilter authenticator; + private final Settings transportSSLSettings; private final boolean ssl; @Inject @@ -100,8 +52,10 @@ public class SecurityNetty3Transport extends Netty3Transport { CircuitBreakerService circuitBreakerService) { super(settings, threadPool, networkService, bigArrays, namedWriteableRegistry, circuitBreakerService); this.authenticator = authenticator; - this.ssl = SSL_SETTING.get(settings); + this.ssl = TRANSPORT_SSL_ENABLED.get(settings); this.sslService = sslService; + this.transportSSLSettings = settings.getByPrefix(setting("transport.ssl.")); + } @Override @@ -126,14 +80,16 @@ public class SecurityNetty3Transport extends Netty3Transport { protected void onException(Channel channel, Exception e) throws IOException { if (isNotSslRecordException(e)) { if (logger.isTraceEnabled()) { - logger.trace("received plaintext traffic on a encrypted channel, closing connection {}", e, channel); + logger.trace( + (Supplier) () -> new ParameterizedMessage( + "received plaintext traffic on a encrypted channel, closing connection {}", channel), e); } else { logger.warn("received plaintext traffic on a encrypted channel, closing connection {}", channel); } disconnectFromNodeChannel(channel, e); } else if (isCloseDuringHandshakeException(e)) { if (logger.isTraceEnabled()) { - logger.trace("connection {} closed during handshake", e, channel); + logger.trace((Supplier) () -> new ParameterizedMessage("connection {} closed during handshake", channel), e); } else { logger.warn("connection {} closed during handshake", channel); } @@ -143,42 +99,36 @@ public class SecurityNetty3Transport extends Netty3Transport { } } - public static boolean profileSsl(Settings profileSettings, Settings settings) { - // we can't use the fallback mechanism here since it may not exist in the profile settings and we get the wrong value - // for the profile if they use the old setting - if (PROFILE_SSL_SETTING.exists(profileSettings)) { - return PROFILE_SSL_SETTING.get(profileSettings); - } else if (DEPRECATED_PROFILE_SSL_SETTING.exists(profileSettings)) { - return DEPRECATED_PROFILE_SSL_SETTING.get(profileSettings); - } else { - return SSL_SETTING.get(settings); - } + public static Settings profileSslSettings(Settings profileSettings) { + return profileSettings.getByPrefix(setting("ssl.")); } private class SslServerChannelPipelineFactory extends ServerChannelPipelineFactory { - private final boolean sslEnabled; - private final Settings securityProfileSettings; - private final SSLClientAuth sslClientAuth; + private final boolean profileSsl; + private final Settings profileSslSettings; - public SslServerChannelPipelineFactory(Netty3Transport nettyTransport, String name, Settings settings, Settings profileSettings) { + SslServerChannelPipelineFactory(Netty3Transport nettyTransport, String name, Settings settings, Settings profileSettings) { super(nettyTransport, name, settings); - this.sslEnabled = profileSsl(profileSettings, settings); - this.securityProfileSettings = profileSettings.getByPrefix(settingPrefix()); - this.sslClientAuth = PROFILE_CLIENT_AUTH_SETTING.get(profileSettings, settings); - if (sslEnabled && sslService.isConfigurationValidForServerUsage(securityProfileSettings) == false) { - throw new IllegalArgumentException("a key must be provided to run as a server"); + this.profileSsl = PROFILE_SSL_SETTING.exists(profileSettings) ? PROFILE_SSL_SETTING.get(profileSettings) : ssl; + this.profileSslSettings = profileSslSettings(profileSettings); + if (profileSsl && sslService.isConfigurationValidForServerUsage(profileSslSettings, transportSSLSettings) == false) { + if (TransportSettings.DEFAULT_PROFILE.equals(name)) { + throw new IllegalArgumentException("a key must be provided to run as a server. the key should be configured using the " + + "[xpack.security.transport.ssl.key] or [xpack.security.transport.ssl.keystore.path] setting"); + } + throw new IllegalArgumentException("a key must be provided to run as a server. the key should be configured using the " + + "[transport.profiles." + name + ".xpack.security.ssl.key] or [transport.profiles." + name + + ".xpack.security.ssl.keystore.path] setting"); } } @Override public ChannelPipeline getPipeline() throws Exception { ChannelPipeline pipeline = super.getPipeline(); - if (sslEnabled) { - SSLEngine serverEngine = sslService.createSSLEngine(securityProfileSettings); + if (profileSsl) { + final SSLEngine serverEngine = sslService.createSSLEngine(profileSslSettings, transportSSLSettings); serverEngine.setUseClientMode(false); - sslClientAuth.configure(serverEngine); - pipeline.addFirst("ssl", new SslHandler(serverEngine)); } if (authenticator != null) { @@ -190,8 +140,12 @@ public class SecurityNetty3Transport extends Netty3Transport { private class SslClientChannelPipelineFactory extends ClientChannelPipelineFactory { - public SslClientChannelPipelineFactory(Netty3Transport transport) { + private final boolean hostnameVerificationEnabled; + + SslClientChannelPipelineFactory(Netty3Transport transport) { super(transport); + this.hostnameVerificationEnabled = + sslService.getVerificationMode(transportSSLSettings, Settings.EMPTY).isHostnameVerificationEnabled(); } @Override @@ -212,19 +166,13 @@ public class SecurityNetty3Transport extends Netty3Transport { @Override public void connectRequested(ChannelHandlerContext ctx, ChannelStateEvent e) { SSLEngine sslEngine; - if (HOSTNAME_VERIFICATION_SETTING.get(settings)) { + if (hostnameVerificationEnabled) { InetSocketAddress inetSocketAddress = (InetSocketAddress) e.getValue(); - sslEngine = sslService.createSSLEngine(Settings.EMPTY, getHostname(inetSocketAddress), + // we create the socket based on the name given. don't reverse DNS + sslEngine = sslService.createSSLEngine(transportSSLSettings, Settings.EMPTY, inetSocketAddress.getHostString(), inetSocketAddress.getPort()); - - // By default, a SSLEngine will not perform hostname verification. In order to perform hostname verification - // we need to specify a EndpointIdentificationAlgorithm. We use the HTTPS algorithm to prevent against - // man in the middle attacks for transport connections - SSLParameters parameters = new SSLParameters(); - parameters.setEndpointIdentificationAlgorithm("HTTPS"); - sslEngine.setSSLParameters(parameters); } else { - sslEngine = sslService.createSSLEngine(Settings.EMPTY); + sslEngine = sslService.createSSLEngine(transportSSLSettings, Settings.EMPTY); } sslEngine.setUseClientMode(true); @@ -233,36 +181,6 @@ public class SecurityNetty3Transport extends Netty3Transport { ctx.sendDownstream(e); } - - @SuppressForbidden(reason = "need to use getHostName to resolve DNS name for SSL connections and hostname verification") - private String getHostname(InetSocketAddress inetSocketAddress) { - String hostname; - if (HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.get(settings)) { - hostname = inetSocketAddress.getHostName(); - } else { - hostname = inetSocketAddress.getHostString(); - } - - if (logger.isTraceEnabled()) { - logger.trace("resolved hostname [{}] for address [{}] to be used in ssl hostname verification", hostname, - inetSocketAddress); - } - return hostname; - } } } - - public static void addSettings(List> settingsModule) { - settingsModule.add(SSL_SETTING); - settingsModule.add(HOSTNAME_VERIFICATION_SETTING); - settingsModule.add(HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING); - settingsModule.add(CLIENT_AUTH_SETTING); - settingsModule.add(PROFILE_SSL_SETTING); - settingsModule.add(PROFILE_CLIENT_AUTH_SETTING); - - // deprecated transport settings - settingsModule.add(DEPRECATED_SSL_SETTING); - settingsModule.add(DEPRECATED_PROFILE_SSL_SETTING); - settingsModule.add(DEPRECATED_HOSTNAME_VERIFICATION_SETTING); - } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4HttpServerTransport.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4HttpServerTransport.java index 4c4276a27d7..11c907bafd4 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4HttpServerTransport.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4HttpServerTransport.java @@ -9,56 +9,37 @@ import io.netty.channel.Channel; import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelHandlerContext; import io.netty.handler.ssl.SslHandler; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.network.NetworkService; -import org.elasticsearch.common.settings.Setting; -import org.elasticsearch.common.settings.Setting.Property; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.BigArrays; import org.elasticsearch.http.netty4.Netty4HttpServerTransport; import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.xpack.security.ssl.SSLService; -import org.elasticsearch.xpack.security.transport.SSLClientAuth; +import org.elasticsearch.xpack.ssl.SSLService; import org.elasticsearch.xpack.security.transport.filter.IPFilter; import javax.net.ssl.SSLEngine; -import java.util.List; - import static org.elasticsearch.http.HttpTransportSettings.SETTING_HTTP_COMPRESSION; -import static org.elasticsearch.xpack.security.Security.setting; import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isCloseDuringHandshakeException; import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isNotSslRecordException; +import static org.elasticsearch.xpack.XPackSettings.HTTP_SSL_ENABLED; public class SecurityNetty4HttpServerTransport extends Netty4HttpServerTransport { - public static final boolean SSL_DEFAULT = false; - public static final String CLIENT_AUTH_DEFAULT = SSLClientAuth.NO.name(); - - public static final Setting DEPRECATED_SSL_SETTING = - Setting.boolSetting(setting("http.ssl"), SSL_DEFAULT, Property.NodeScope, Property.Deprecated); - public static final Setting SSL_SETTING = - Setting.boolSetting(setting("http.ssl.enabled"), DEPRECATED_SSL_SETTING, Property.NodeScope); - public static final Setting CLIENT_AUTH_SETTING = - new Setting<>(setting("http.ssl.client.auth"), CLIENT_AUTH_DEFAULT, SSLClientAuth::parse, Property.NodeScope); - private final IPFilter ipFilter; private final SSLService sslService; private final boolean ssl; - private final Settings sslSettings; @Inject public SecurityNetty4HttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays, IPFilter ipFilter, SSLService sslService, ThreadPool threadPool) { super(settings, networkService, bigArrays, threadPool); this.ipFilter = ipFilter; - this.ssl = SSL_SETTING.get(settings); + this.ssl = HTTP_SSL_ENABLED.get(settings); this.sslService = sslService; - if (ssl) { - sslSettings = settings.getByPrefix(setting("http.ssl.")); - } else { - sslSettings = Settings.EMPTY; - } } @Override @@ -69,14 +50,18 @@ public class SecurityNetty4HttpServerTransport extends Netty4HttpServerTransport if (isNotSslRecordException(cause)) { if (logger.isTraceEnabled()) { - logger.trace("received plaintext http traffic on a https channel, closing connection {}", cause, ctx.channel()); + logger.trace( + (Supplier) () -> new ParameterizedMessage( + "received plaintext http traffic on a https channel, closing connection {}", + ctx.channel()), + cause); } else { logger.warn("received plaintext http traffic on a https channel, closing connection {}", ctx.channel()); } ctx.channel().close(); } else if (isCloseDuringHandshakeException(cause)) { if (logger.isTraceEnabled()) { - logger.trace("connection {} closed during handshake", cause, ctx.channel()); + logger.trace((Supplier) () -> new ParameterizedMessage("connection {} closed during handshake", ctx.channel()), cause); } else { logger.warn("connection {} closed during handshake", ctx.channel()); } @@ -99,13 +84,14 @@ public class SecurityNetty4HttpServerTransport extends Netty4HttpServerTransport private class HttpSslChannelHandler extends HttpChannelHandler { - private final SSLClientAuth clientAuth; + private final Settings sslSettings; HttpSslChannelHandler(Netty4HttpServerTransport transport) { super(transport, detailedErrorsEnabled, threadPool.getThreadContext()); - clientAuth = CLIENT_AUTH_SETTING.get(settings); - if (ssl && sslService.isConfigurationValidForServerUsage(sslSettings) == false) { - throw new IllegalArgumentException("a key must be provided to run as a server"); + this.sslSettings = SSLService.getHttpTransportSSLSettings(settings); + if (ssl && sslService.isConfigurationValidForServerUsage(sslSettings, Settings.EMPTY) == false) { + throw new IllegalArgumentException("a key must be provided to run as a server. the key should be configured using the " + + "[xpack.security.http.ssl.key] or [xpack.security.http.ssl.keystore.path] setting"); } } @@ -113,9 +99,8 @@ public class SecurityNetty4HttpServerTransport extends Netty4HttpServerTransport protected void initChannel(Channel ch) throws Exception { super.initChannel(ch); if (ssl) { - final SSLEngine engine = sslService.createSSLEngine(sslSettings); + final SSLEngine engine = sslService.createSSLEngine(sslSettings, Settings.EMPTY); engine.setUseClientMode(false); - clientAuth.configure(engine); ch.pipeline().addFirst("ssl", new SslHandler(engine)); } ch.pipeline().addFirst("ip_filter", new IpFilterRemoteAddressFilter(ipFilter, IPFilter.HTTP_PROFILE_NAME)); @@ -123,14 +108,8 @@ public class SecurityNetty4HttpServerTransport extends Netty4HttpServerTransport } - public static void addSettings(List> settings) { - settings.add(SSL_SETTING); - settings.add(CLIENT_AUTH_SETTING); - settings.add(DEPRECATED_SSL_SETTING); - } - public static void overrideSettings(Settings.Builder settingsBuilder, Settings settings) { - if (SSL_SETTING.get(settings) && SETTING_HTTP_COMPRESSION.exists(settings) == false) { + if (HTTP_SSL_ENABLED.get(settings) && SETTING_HTTP_COMPRESSION.exists(settings) == false) { settingsBuilder.put(SETTING_HTTP_COMPRESSION.getKey(), false); } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4Transport.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4Transport.java index 4d3f40f7bd4..64654218a2f 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4Transport.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4Transport.java @@ -11,30 +11,27 @@ import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelOutboundHandlerAdapter; import io.netty.channel.ChannelPromise; import io.netty.handler.ssl.SslHandler; -import org.elasticsearch.common.SuppressForbidden; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.inject.internal.Nullable; import org.elasticsearch.common.io.stream.NamedWriteableRegistry; import org.elasticsearch.common.network.NetworkService; import org.elasticsearch.common.settings.Setting; -import org.elasticsearch.common.settings.Setting.Property; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.BigArrays; import org.elasticsearch.indices.breaker.CircuitBreakerService; import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.transport.TransportSettings; import org.elasticsearch.transport.netty4.Netty4Transport; -import org.elasticsearch.xpack.security.ssl.SSLService; -import org.elasticsearch.xpack.security.transport.SSLClientAuth; +import org.elasticsearch.xpack.ssl.SSLService; import org.elasticsearch.xpack.security.transport.filter.IPFilter; import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLParameters; import java.net.InetSocketAddress; import java.net.SocketAddress; import static org.elasticsearch.xpack.security.Security.setting; -import static org.elasticsearch.xpack.security.Security.settingPrefix; +import static org.elasticsearch.xpack.XPackSettings.TRANSPORT_SSL_ENABLED; /** @@ -42,58 +39,11 @@ import static org.elasticsearch.xpack.security.Security.settingPrefix; */ public class SecurityNetty4Transport extends Netty4Transport { - public static final String CLIENT_AUTH_DEFAULT = SSLClientAuth.REQUIRED.name(); - public static final boolean SSL_DEFAULT = false; - - public static final Setting DEPRECATED_HOSTNAME_VERIFICATION_SETTING = - Setting.boolSetting( - setting("ssl.hostname_verification"), - true, - new Property[]{Property.NodeScope, Property.Filtered, Property.Deprecated, Property.Shared}); - - public static final Setting HOSTNAME_VERIFICATION_SETTING = - Setting.boolSetting(setting("ssl.hostname_verification.enabled"), DEPRECATED_HOSTNAME_VERIFICATION_SETTING, - Property.NodeScope, Property.Filtered, Property.Shared); - - public static final Setting HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING = - Setting.boolSetting( - setting("ssl.hostname_verification.resolve_name"), - true, - new Property[]{Property.NodeScope, Property.Filtered, Property.Shared}); - - public static final Setting DEPRECATED_SSL_SETTING = - Setting.boolSetting(setting("transport.ssl"), SSL_DEFAULT, - Property.Filtered, Property.NodeScope, Property.Deprecated, Property.Shared); - - public static final Setting SSL_SETTING = - Setting.boolSetting( - setting("transport.ssl.enabled"), - DEPRECATED_SSL_SETTING, - new Property[]{Property.Filtered, Property.NodeScope, Property.Shared}); - - public static final Setting CLIENT_AUTH_SETTING = - new Setting<>( - setting("transport.ssl.client.auth"), - CLIENT_AUTH_DEFAULT, - SSLClientAuth::parse, - new Property[]{Property.NodeScope, Property.Filtered, Property.Shared}); - - public static final Setting DEPRECATED_PROFILE_SSL_SETTING = - Setting.boolSetting(setting("ssl"), SSL_SETTING, Property.Filtered, Property.NodeScope, Property.Deprecated, Property.Shared); - - public static final Setting PROFILE_SSL_SETTING = - Setting.boolSetting(setting("ssl.enabled"), SSL_DEFAULT, Property.Filtered, Property.NodeScope, Property.Shared); - - public static final Setting PROFILE_CLIENT_AUTH_SETTING = - new Setting<>( - setting("ssl.client.auth"), - CLIENT_AUTH_SETTING, - SSLClientAuth::parse, - new Property[]{Property.NodeScope, Property.Filtered, Property.Shared}); + private static final Setting PROFILE_SSL_SETTING = Setting.boolSetting(setting("ssl.enabled"), false); private final SSLService sslService; @Nullable private final IPFilter authenticator; - private final SSLClientAuth clientAuth; + private final Settings transportSSLSettings; private final boolean ssl; @Inject @@ -102,9 +52,9 @@ public class SecurityNetty4Transport extends Netty4Transport { @Nullable IPFilter authenticator, SSLService sslService) { super(settings, threadPool, networkService, bigArrays, namedWriteableRegistry, circuitBreakerService); this.authenticator = authenticator; - this.ssl = SSL_SETTING.get(settings); - this.clientAuth = CLIENT_AUTH_SETTING.get(settings); + this.ssl = TRANSPORT_SSL_ENABLED.get(settings); this.sslService = sslService; + this.transportSSLSettings = settings.getByPrefix(setting("transport.ssl.")); } @Override @@ -130,12 +80,18 @@ public class SecurityNetty4Transport extends Netty4Transport { private final boolean sslEnabled; private final Settings securityProfileSettings; - protected SecurityServerChannelInitializer(String name, Settings settings) { - super(name, settings); - this.sslEnabled = profileSSL(settings, ssl); - this.securityProfileSettings = settings.getByPrefix(settingPrefix()); - if (sslEnabled && sslService.isConfigurationValidForServerUsage(securityProfileSettings) == false) { - throw new IllegalArgumentException("a key must be provided to run as a server"); + SecurityServerChannelInitializer(String name, Settings profileSettings) { + super(name, profileSettings); + this.sslEnabled = PROFILE_SSL_SETTING.exists(profileSettings) ? PROFILE_SSL_SETTING.get(profileSettings) : ssl; + this.securityProfileSettings = profileSettings.getByPrefix(setting("ssl.")); + if (sslEnabled && sslService.isConfigurationValidForServerUsage(securityProfileSettings, transportSSLSettings) == false) { + if (TransportSettings.DEFAULT_PROFILE.equals(name)) { + throw new IllegalArgumentException("a key must be provided to run as a server. the key should be configured using the " + + "[xpack.security.transport.ssl.key] or [xpack.security.transport.ssl.keystore.path] setting"); + } + throw new IllegalArgumentException("a key must be provided to run as a server. the key should be configured using the " + + "[transport.profiles." + name + ".xpack.security.ssl.key] or [transport.profiles." + name + + ".xpack.security.ssl.keystore.path] setting"); } } @@ -143,10 +99,8 @@ public class SecurityNetty4Transport extends Netty4Transport { protected void initChannel(Channel ch) throws Exception { super.initChannel(ch); if (sslEnabled) { - SSLEngine serverEngine = sslService.createSSLEngine(securityProfileSettings); + SSLEngine serverEngine = sslService.createSSLEngine(securityProfileSettings, transportSSLSettings); serverEngine.setUseClientMode(false); - final SSLClientAuth profileClientAuth = profileClientAuth(settings, clientAuth); - profileClientAuth.configure(serverEngine); ch.pipeline().addFirst(new SslHandler(serverEngine)); } if (authenticator != null) { @@ -155,72 +109,52 @@ public class SecurityNetty4Transport extends Netty4Transport { } } - class SecurityClientChannelInitializer extends ClientChannelInitializer { + private class SecurityClientChannelInitializer extends ClientChannelInitializer { + + private final boolean hostnameVerificationEnabled; + + SecurityClientChannelInitializer() { + this.hostnameVerificationEnabled = + sslService.getVerificationMode(transportSSLSettings, Settings.EMPTY).isHostnameVerificationEnabled(); + } + @Override protected void initChannel(Channel ch) throws Exception { super.initChannel(ch); if (ssl) { - ch.pipeline().addFirst(new ClientSslHandlerInitializer()); + ch.pipeline().addFirst(new ClientSslHandlerInitializer(transportSSLSettings, sslService, hostnameVerificationEnabled)); } } } - private class ClientSslHandlerInitializer extends ChannelOutboundHandlerAdapter { + private static class ClientSslHandlerInitializer extends ChannelOutboundHandlerAdapter { + + private final boolean hostnameVerificationEnabled; + private final Settings sslSettings; + private final SSLService sslService; + + private ClientSslHandlerInitializer(Settings sslSettings, SSLService sslService, boolean hostnameVerificationEnabled) { + this.sslSettings = sslSettings; + this.hostnameVerificationEnabled = hostnameVerificationEnabled; + this.sslService = sslService; + } @Override public void connect(ChannelHandlerContext ctx, SocketAddress remoteAddress, SocketAddress localAddress, ChannelPromise promise) throws Exception { final SSLEngine sslEngine; - if (HOSTNAME_VERIFICATION_SETTING.get(settings)) { + if (hostnameVerificationEnabled) { InetSocketAddress inetSocketAddress = (InetSocketAddress) remoteAddress; - sslEngine = sslService.createSSLEngine(Settings.EMPTY, getHostname(inetSocketAddress), inetSocketAddress.getPort()); - - // By default, a SSLEngine will not perform hostname verification. In order to perform hostname verification - // we need to specify a EndpointIdentificationAlgorithm. We use the HTTPS algorithm to prevent against - // man in the middle attacks for transport connections - SSLParameters parameters = new SSLParameters(); - parameters.setEndpointIdentificationAlgorithm("HTTPS"); - sslEngine.setSSLParameters(parameters); + // we create the socket based on the name given. don't reverse DNS + sslEngine = sslService.createSSLEngine(sslSettings, Settings.EMPTY, inetSocketAddress.getHostString(), + inetSocketAddress.getPort()); } else { - sslEngine = sslService.createSSLEngine(Settings.EMPTY); + sslEngine = sslService.createSSLEngine(sslSettings, Settings.EMPTY); } sslEngine.setUseClientMode(true); ctx.pipeline().replace(this, "ssl", new SslHandler(sslEngine)); super.connect(ctx, remoteAddress, localAddress, promise); } - - @SuppressForbidden(reason = "need to use getHostName to resolve DNS name for SSL connections and hostname verification") - private String getHostname(InetSocketAddress inetSocketAddress) { - String hostname; - if (HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.get(settings)) { - hostname = inetSocketAddress.getHostName(); - } else { - hostname = inetSocketAddress.getHostString(); - } - - if (logger.isTraceEnabled()) { - logger.trace("resolved hostname [{}] for address [{}] to be used in ssl hostname verification", hostname, - inetSocketAddress); - } - return hostname; - } - } - - public static boolean profileSSL(Settings profileSettings, boolean defaultSSL) { - if (PROFILE_SSL_SETTING.exists(profileSettings)) { - return PROFILE_SSL_SETTING.get(profileSettings); - } else if (DEPRECATED_PROFILE_SSL_SETTING.exists(profileSettings)) { - return DEPRECATED_PROFILE_SSL_SETTING.get(profileSettings); - } else { - return defaultSSL; - } - } - - static SSLClientAuth profileClientAuth(Settings settings, SSLClientAuth clientAuth) { - if (PROFILE_CLIENT_AUTH_SETTING.exists(settings)) { - return PROFILE_CLIENT_AUTH_SETTING.get(settings); - } - return clientAuth; } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/OldSecurityIndexBackwardsCompatibilityIT.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/OldSecurityIndexBackwardsCompatibilityIT.java index 16486414b6d..9384027d250 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/OldSecurityIndexBackwardsCompatibilityIT.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/OldSecurityIndexBackwardsCompatibilityIT.java @@ -15,6 +15,7 @@ import org.elasticsearch.common.io.FileSystemUtils; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.NodeEnvironment; import org.elasticsearch.test.ESIntegTestCase; +import org.elasticsearch.test.InternalTestCluster; import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.test.VersionUtils; import org.elasticsearch.xpack.security.action.role.GetRolesResponse; @@ -30,6 +31,7 @@ import org.elasticsearch.xpack.security.user.User; import org.junit.AfterClass; import org.junit.Before; +import java.io.IOException; import java.io.InputStream; import java.nio.file.Files; import java.nio.file.Path; @@ -106,6 +108,15 @@ public class OldSecurityIndexBackwardsCompatibilityIT extends SecurityIntegTestC .put(settings).build(); } + @Override + protected int maxNumberOfNodes() { + try { + return SecurityIntegTestCase.defaultMaxNumberOfNodes() + loadIndexesList("x-pack", getBwcIndicesPath()).size(); + } catch (IOException e) { + throw new RuntimeException("couldn't enumerate bwc indices", e); + } + } + void setupCluster(String pathToZipFile) throws Exception { // shutdown any nodes from previous zip files while (internalCluster().size() > 0) { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java index 76e65e995c0..b4777b63c9b 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java @@ -12,12 +12,11 @@ import org.elasticsearch.action.index.IndexResponse; import org.elasticsearch.client.Client; import org.elasticsearch.common.logging.ESLoggerFactory; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.xpack.security.authc.activedirectory.ActiveDirectoryRealm; import org.elasticsearch.xpack.security.authc.ldap.LdapRealm; import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; -import org.elasticsearch.test.SecurityIntegTestCase; import org.junit.AfterClass; import org.junit.BeforeClass; @@ -31,8 +30,6 @@ import static org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScop import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; import static org.elasticsearch.xpack.security.test.SecurityTestUtils.writeFile; import static org.hamcrest.Matchers.equalTo; -import static org.hamcrest.Matchers.is; - /** * This test assumes all subclass tests will be of type SUITE. It picks a random realm configuration for the tests, and @@ -166,11 +163,11 @@ public abstract class AbstractAdLdapRealmTestCase extends SecurityIntegTestCase private Settings sslSettingsForStore(Path store, String password) { return Settings.builder() - .put("xpack.security.ssl.keystore.path", store) - .put("xpack.security.ssl.keystore.password", password) - .put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), false) - .put("xpack.security.ssl.truststore.path", store) - .put("xpack.security.ssl.truststore.password", password).build(); + .put("xpack.ssl.keystore.path", store) + .put("xpack.ssl.keystore.password", password) + .put("xpack.ssl.verification_mode", "certificate") + .put("xpack.ssl.truststore.path", store) + .put("xpack.ssl.truststore.password", password).build(); } /** diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecurityIntegTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecurityIntegTestCase.java index 48ddbf62112..1a60747cd93 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecurityIntegTestCase.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecurityIntegTestCase.java @@ -16,6 +16,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.plugins.Plugin; +import org.elasticsearch.xpack.XPackSettings; import org.elasticsearch.xpack.security.InternalClient; import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.authc.support.SecuredString; @@ -23,7 +24,6 @@ import org.elasticsearch.xpack.security.client.SecurityClient; import org.elasticsearch.test.ESIntegTestCase.SuppressLocalMode; import org.elasticsearch.xpack.XPackClient; import org.elasticsearch.xpack.XPackPlugin; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; @@ -66,7 +66,7 @@ public abstract class SecurityIntegTestCase extends ESIntegTestCase { //UnicastZen requires the number of nodes in a cluster to generate the unicast configuration. //The number of nodes is randomized though, but we can predict what the maximum number of nodes will be //and configure them all in unicast.hosts - private static int maxNumberOfNodes() { + protected static int defaultMaxNumberOfNodes() { ClusterScope clusterScope = SecurityIntegTestCase.class.getAnnotation(ClusterScope.class); if (clusterScope == null) { return InternalTestCluster.DEFAULT_HIGH_NUM_MASTER_NODES + @@ -82,7 +82,17 @@ public abstract class SecurityIntegTestCase extends ESIntegTestCase { masterNodes = InternalTestCluster.DEFAULT_HIGH_NUM_MASTER_NODES; } - return masterNodes + clusterScope.maxNumDataNodes() + clientNodes; + int dataNodes = 0; + if (clusterScope.numDataNodes() < 0) { + if (clusterScope.maxNumDataNodes() < 0) { + dataNodes = InternalTestCluster.DEFAULT_MAX_NUM_DATA_NODES; + } else { + dataNodes = clusterScope.maxNumDataNodes(); + } + } else { + dataNodes = clusterScope.numDataNodes(); + } + return masterNodes + dataNodes + clientNodes; } } @@ -109,7 +119,8 @@ public abstract class SecurityIntegTestCase extends ESIntegTestCase { @BeforeClass public static void initDefaultSettings() { if (SECURITY_DEFAULT_SETTINGS == null) { - SECURITY_DEFAULT_SETTINGS = new SecuritySettingsSource(maxNumberOfNodes(), randomBoolean(), createTempDir(), Scope.SUITE); + SECURITY_DEFAULT_SETTINGS = + new SecuritySettingsSource(defaultMaxNumberOfNodes(), randomBoolean(), createTempDir(), Scope.SUITE); } } @@ -274,6 +285,10 @@ public abstract class SecurityIntegTestCase extends ESIntegTestCase { return randomBoolean(); } + protected int maxNumberOfNodes() { + return defaultMaxNumberOfNodes(); + } + protected Class xpackPluginClass() { return SECURITY_DEFAULT_SETTINGS.xpackPluginClass(); } @@ -362,7 +377,7 @@ public abstract class SecurityIntegTestCase extends ESIntegTestCase { final List nodes = nodeInfos.getNodes(); assertTrue("there is at least one node", nodes.size() > 0); NodeInfo ni = randomFrom(nodes); - boolean useSSL = SecurityNetty3HttpServerTransport.SSL_SETTING.get(ni.getSettings()); + boolean useSSL = XPackSettings.HTTP_SSL_ENABLED.get(ni.getSettings()); TransportAddress publishAddress = ni.getHttp().address().publishAddress(); assertEquals(1, publishAddress.uniqueAddressTypeId()); InetSocketAddress address = ((InetSocketTransportAddress) publishAddress).address(); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecuritySettingsSource.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecuritySettingsSource.java index 1e8ad5a1414..1f0610373d1 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecuritySettingsSource.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecuritySettingsSource.java @@ -25,8 +25,6 @@ import org.elasticsearch.xpack.security.authc.support.Hasher; import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.elasticsearch.xpack.security.crypto.CryptoService; import org.elasticsearch.xpack.security.test.SecurityTestUtils; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; import org.elasticsearch.test.discovery.ClusterDiscoveryConfiguration; import org.elasticsearch.xpack.XPackPlugin; @@ -36,11 +34,9 @@ import java.nio.file.Path; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; -import java.util.Collections; import java.util.List; import static com.carrotsearch.randomizedtesting.RandomizedTest.randomBoolean; -import static org.elasticsearch.test.ESTestCase.randomFrom; import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.elasticsearch.xpack.security.test.SecurityTestUtils.writeFile; @@ -87,7 +83,6 @@ public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.Unicas private final byte[] systemKey; private final boolean sslTransportEnabled; private final boolean hostnameVerificationEnabled; - private final boolean hostnameVerificationResolveNameEnabled; /** * Creates a new {@link org.elasticsearch.test.NodeConfigurationSource} for the security configuration. @@ -117,7 +112,6 @@ public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.Unicas this.subfolderPrefix = scope.name(); this.sslTransportEnabled = sslTransportEnabled; this.hostnameVerificationEnabled = randomBoolean(); - this.hostnameVerificationResolveNameEnabled = randomBoolean(); } @Override @@ -218,29 +212,29 @@ public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.Unicas public Settings getNodeSSLSettings() { if (randomBoolean()) { return getSSLSettingsForPEMFiles("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem", "testnode", - Collections.singletonList("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), + "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt", Arrays.asList("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.crt", "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/active-directory-ca.crt", "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt", "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/openldap.crt", "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), - sslTransportEnabled, hostnameVerificationEnabled, hostnameVerificationResolveNameEnabled, false); + sslTransportEnabled, hostnameVerificationEnabled, false); } return getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks", "testnode", - sslTransportEnabled, hostnameVerificationEnabled, hostnameVerificationResolveNameEnabled, false); + sslTransportEnabled, hostnameVerificationEnabled, false); } public Settings getClientSSLSettings() { if (randomBoolean()) { return getSSLSettingsForPEMFiles("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.pem", "testclient", - Collections.singletonList("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), + "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt", Arrays.asList("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt", "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), - sslTransportEnabled, hostnameVerificationEnabled, hostnameVerificationResolveNameEnabled, true); + sslTransportEnabled, hostnameVerificationEnabled, true); } return getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks", "testclient", - sslTransportEnabled, hostnameVerificationEnabled, hostnameVerificationResolveNameEnabled, true); + sslTransportEnabled, hostnameVerificationEnabled, true); } /** @@ -251,67 +245,57 @@ public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.Unicas * @return the configuration settings */ public static Settings getSSLSettingsForStore(String resourcePathToStore, String password) { - return getSSLSettingsForStore(resourcePathToStore, password, true, true, true, true); + return getSSLSettingsForStore(resourcePathToStore, password, true, true, true); } private static Settings getSSLSettingsForStore(String resourcePathToStore, String password, boolean sslTransportEnabled, - boolean hostnameVerificationEnabled, boolean hostnameVerificationResolveNameEnabled, - boolean transportClient) { + boolean hostnameVerificationEnabled, boolean transportClient) { Path store = resolveResourcePath(resourcePathToStore); - final String sslEnabledSetting = - randomFrom(SecurityNetty3Transport.SSL_SETTING.getKey(), SecurityNetty3Transport.DEPRECATED_SSL_SETTING.getKey()); - Settings.Builder builder = Settings.builder().put(sslEnabledSetting, sslTransportEnabled); + Settings.Builder builder = Settings.builder().put(XPackSettings.TRANSPORT_SSL_ENABLED.getKey(), sslTransportEnabled); if (transportClient == false) { - builder.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), false); + builder.put("xpack.security.http.ssl.enabled", false); } if (sslTransportEnabled) { - builder.put("xpack.security.ssl.keystore.path", store) - .put("xpack.security.ssl.keystore.password", password) - .put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), hostnameVerificationEnabled) - .put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), - hostnameVerificationResolveNameEnabled); + builder.put("xpack.ssl.keystore.path", store) + .put("xpack.ssl.keystore.password", password) + .put("xpack.ssl.verification_mode", hostnameVerificationEnabled ? "full" : "certificate"); } if (sslTransportEnabled && randomBoolean()) { - builder.put("xpack.security.ssl.truststore.path", store) - .put("xpack.security.ssl.truststore.password", password); + builder.put("xpack.ssl.truststore.path", store) + .put("xpack.ssl.truststore.password", password); } return builder.build(); } - private static Settings getSSLSettingsForPEMFiles(String keyPath, String password, List certificateFiles, + private static Settings getSSLSettingsForPEMFiles(String keyPath, String password, String certificatePath, List trustedCertificates, boolean sslTransportEnabled, - boolean hostnameVerificationEnabled, boolean hostnameVerificationResolveNameEnabled, - boolean transportClient) { + boolean hostnameVerificationEnabled, boolean transportClient) { Settings.Builder builder = Settings.builder(); - final String sslEnabledSetting = - randomFrom(SecurityNetty3Transport.SSL_SETTING.getKey(), SecurityNetty3Transport.DEPRECATED_SSL_SETTING.getKey()); - builder.put(sslEnabledSetting, sslTransportEnabled); + builder.put(XPackSettings.TRANSPORT_SSL_ENABLED.getKey(), sslTransportEnabled); if (transportClient == false) { - builder.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), false); + builder.put("xpack.security.http.ssl.enabled", false); } if (sslTransportEnabled) { - builder.put("xpack.security.ssl.key.path", resolveResourcePath(keyPath)) - .put("xpack.security.ssl.key.password", password) - .put("xpack.security.ssl.cert", Strings.arrayToCommaDelimitedString(resolvePathsToString(certificateFiles))) - .put(randomFrom(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), - SecurityNetty3Transport.DEPRECATED_HOSTNAME_VERIFICATION_SETTING.getKey()), hostnameVerificationEnabled) - .put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), - hostnameVerificationResolveNameEnabled); + builder.put("xpack.ssl.key", resolveResourcePath(keyPath)) + .put("xpack.ssl.key_passphrase", password) + .put("xpack.ssl.certificate", resolveResourcePath(certificatePath)) + .put("xpack.ssl.verification_mode", hostnameVerificationEnabled ? "full" : "certificate"); if (trustedCertificates.isEmpty() == false) { - builder.put("xpack.security.ssl.ca", Strings.arrayToCommaDelimitedString(resolvePathsToString(trustedCertificates))); + builder.put("xpack.ssl.certificate_authorities", + Strings.arrayToCommaDelimitedString(resolvePathsToString(trustedCertificates))); } } return builder.build(); } - static String[] resolvePathsToString(List resourcePaths) { + private static String[] resolvePathsToString(List resourcePaths) { List resolvedPaths = new ArrayList<>(resourcePaths.size()); for (String resource : resourcePaths) { resolvedPaths.add(resolveResourcePath(resource).toString()); @@ -319,7 +303,7 @@ public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.Unicas return resolvedPaths.toArray(new String[resolvedPaths.size()]); } - static Path resolveResourcePath(String resourcePathToStore) { + private static Path resolveResourcePath(String resourcePathToStore) { try { Path path = PathUtils.get(SecuritySettingsSource.class.getResource(resourcePathToStore).toURI()); if (Files.notExists(path)) { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SettingsFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SettingsFilterTests.java index 830361379a5..e5323d315b5 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SettingsFilterTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SettingsFilterTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.test; +import org.elasticsearch.common.Strings; import org.elasticsearch.common.inject.Guice; import org.elasticsearch.common.inject.Injector; import org.elasticsearch.common.settings.Setting; @@ -12,8 +13,11 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsFilter; import org.elasticsearch.common.settings.SettingsModule; import org.elasticsearch.xpack.XPackPlugin; +import org.elasticsearch.xpack.XPackSettings; import org.hamcrest.Matcher; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.TrustManagerFactory; import java.io.IOException; import java.util.ArrayList; import java.util.HashMap; @@ -53,26 +57,32 @@ public class SettingsFilterTests extends ESTestCase { configureFilteredSetting("xpack.security.authc.realms.pki1.truststore.password", "truststore-testnode-only"); configureFilteredSetting("xpack.security.authc.realms.pki1.truststore.algorithm", "SunX509"); - configureFilteredSetting("xpack.security.ssl.keystore.path", "/path/to/keystore"); - configureFilteredSetting("xpack.security.ssl.ciphers", "_ciphers"); - configureFilteredSetting("xpack.security.ssl.supported_protocols", randomFrom("TLSv1", "TLSv1.1", "TLSv1.2")); - configureFilteredSetting("xpack.security.ssl.keystore.password", randomAsciiOfLength(5)); - configureFilteredSetting("xpack.security.ssl.keystore.algorithm", "_algorithm"); - configureFilteredSetting("xpack.security.ssl.keystore.key_password", randomAsciiOfLength(5)); - configureFilteredSetting("xpack.security.ssl.truststore.password", randomAsciiOfLength(5)); - configureFilteredSetting("xpack.security.ssl.truststore.algorithm", "_algorithm"); + configureFilteredSetting("xpack.ssl.keystore.path", + getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks").toString()); + configureFilteredSetting("xpack.ssl.cipher_suites", + Strings.arrayToCommaDelimitedString(XPackSettings.DEFAULT_CIPHERS.toArray())); + configureFilteredSetting("xpack.ssl.supported_protocols", randomFrom("TLSv1", "TLSv1.1", "TLSv1.2")); + configureFilteredSetting("xpack.ssl.keystore.password", "testnode"); + configureFilteredSetting("xpack.ssl.keystore.algorithm", KeyManagerFactory.getDefaultAlgorithm()); + configureFilteredSetting("xpack.ssl.keystore.key_password", "testnode"); + configureFilteredSetting("xpack.ssl.truststore.password", randomAsciiOfLength(5)); + configureFilteredSetting("xpack.ssl.truststore.algorithm", TrustManagerFactory.getDefaultAlgorithm()); // client profile configureUnfilteredSetting("transport.profiles.client.port", "9500-9600"); - configureFilteredSetting("transport.profiles.client.xpack.security.keystore.path", "/path/to/keystore"); - configureFilteredSetting("transport.profiles.client.xpack.security.ciphers", "_ciphers"); - configureFilteredSetting("transport.profiles.client.xpack.security.supported_protocols", + configureFilteredSetting("transport.profiles.client.xpack.security.ssl.keystore.path", + getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks").toString()); + configureFilteredSetting("transport.profiles.client.xpack.security.ssl.cipher_suites", + Strings.arrayToCommaDelimitedString(XPackSettings.DEFAULT_CIPHERS.toArray())); + configureFilteredSetting("transport.profiles.client.xpack.security.ssl.supported_protocols", randomFrom("TLSv1", "TLSv1.1", "TLSv1.2")); - configureFilteredSetting("transport.profiles.client.xpack.security.keystore.password", randomAsciiOfLength(5)); - configureFilteredSetting("transport.profiles.client.xpack.security.keystore.algorithm", "_algorithm"); - configureFilteredSetting("transport.profiles.client.xpack.security.keystore.key_password", randomAsciiOfLength(5)); - configureFilteredSetting("transport.profiles.client.xpack.security.truststore.password", randomAsciiOfLength(5)); - configureFilteredSetting("transport.profiles.client.xpack.security.truststore.algorithm", "_algorithm"); + configureFilteredSetting("transport.profiles.client.xpack.security.ssl.keystore.password", "testnode"); + configureFilteredSetting("transport.profiles.client.xpack.security.ssl.keystore.algorithm", + KeyManagerFactory.getDefaultAlgorithm()); + configureFilteredSetting("transport.profiles.client.xpack.security.ssl.keystore.key_password", "testnode"); + configureFilteredSetting("transport.profiles.client.xpack.security.ssl.truststore.password", randomAsciiOfLength(5)); + configureFilteredSetting("transport.profiles.client.xpack.security.ssl.truststore.algorithm", + TrustManagerFactory.getDefaultAlgorithm()); // custom settings, potentially added by a plugin configureFilteredSetting("foo.bar", "_secret"); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java index 83a017bcd40..38df2751180 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java @@ -22,8 +22,6 @@ import org.elasticsearch.xpack.security.authc.Realms; import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore; import org.elasticsearch.xpack.security.crypto.CryptoService; import org.elasticsearch.xpack.security.transport.filter.IPFilter; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; import org.elasticsearch.xpack.security.user.AnonymousUser; import org.elasticsearch.xpack.watcher.support.xcontent.XContentSource; import org.junit.After; @@ -111,9 +109,9 @@ public class SecurityFeatureSetTests extends ESTestCase { settings.put("xpack.security.enabled", enabled); final boolean httpSSLEnabled = randomBoolean(); - settings.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), httpSSLEnabled); + settings.put("xpack.security.http.ssl.enabled", httpSSLEnabled); final boolean transportSSLEnabled = randomBoolean(); - settings.put(SecurityNetty3Transport.SSL_SETTING.getKey(), transportSSLEnabled); + settings.put("xpack.security.transport.ssl.enabled", transportSSLEnabled); final boolean auditingEnabled = randomBoolean(); final String[] auditOutputs = randomFrom(new String[] {"logfile"}, new String[] {"index"}, new String[] {"logfile", "index"}); when(auditTrail.usageStats()) diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java index b7a9f195cc8..3e28f984873 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java @@ -31,6 +31,7 @@ import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail; import org.elasticsearch.xpack.security.authc.Realm; import org.elasticsearch.xpack.security.authc.Realms; import org.elasticsearch.xpack.security.authc.file.FileRealm; +import org.elasticsearch.xpack.ssl.SSLService; import static org.hamcrest.Matchers.containsString; import static org.mockito.Mockito.mock; @@ -61,7 +62,7 @@ public class SecurityTests extends ESTestCase { Settings settings = Settings.builder().put(testSettings) .put("path.home", createTempDir()).build(); Environment env = new Environment(settings); - Security security = new Security(settings, env, new XPackLicenseState()); + Security security = new Security(settings, env, new XPackLicenseState(), new SSLService(settings, env)); ThreadPool threadPool = mock(ThreadPool.class); ClusterService clusterService = mock(ClusterService.class); settings = Security.additionalSettings(settings, false); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java index 6ed3520f046..b5baf410824 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java @@ -173,7 +173,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase { builder.put("xpack.security.audit.index.client." + entry.getKey(), entry.getValue()); } } else { - builder.put("xpack.security.audit.index.client." + SecurityNetty3Transport.SSL_SETTING.getKey(), false); + builder.put("xpack.security.audit.index.client.xpack.ssl.client_authentication", "none"); } remoteSettings = builder.build(); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/CapturingLogger.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/CapturingLogger.java index f95f2ab80e5..9353e46f154 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/CapturingLogger.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/CapturingLogger.java @@ -5,156 +5,112 @@ */ package org.elasticsearch.xpack.security.audit.logfile; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Level; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.core.LogEvent; +import org.apache.logging.log4j.core.LoggerContext; +import org.apache.logging.log4j.core.appender.AbstractAppender; +import org.apache.logging.log4j.core.config.Configuration; +import org.apache.logging.log4j.core.config.LoggerConfig; +import org.apache.logging.log4j.core.filter.RegexFilter; +import org.apache.logging.log4j.core.impl.MutableLogEvent; +import org.elasticsearch.common.logging.ESLoggerFactory; +import org.elasticsearch.common.logging.Loggers; +import org.elasticsearch.common.logging.TestLoggers; import java.util.ArrayList; import java.util.List; -import java.util.Locale; -import static org.elasticsearch.common.logging.LoggerMessageFormat.format; +public class CapturingLogger { -/** -* -*/ -public class CapturingLogger extends ESLogger { - - private Level level; - - public final List error = new ArrayList<>(); - public final List warn = new ArrayList<>(); - public final List info = new ArrayList<>(); - public final List debug = new ArrayList<>(); - public final List trace = new ArrayList<>(); - - public CapturingLogger(Level level) { - super(null, null); - this.level = level; + public static Logger newCapturingLogger(final Level level) throws IllegalAccessException { + final StackTraceElement caller = Thread.currentThread().getStackTrace()[2]; + final String name = caller.getClassName() + "." + caller.getMethodName() + "." + level.toString(); + final Logger logger = ESLoggerFactory.getLogger(name); + Loggers.setLevel(logger, level); + TestLoggers.addAppender(logger, new MockAppender(name)); + return logger; } - @Override - public void trace(String msg, Throwable cause, Object... params) { - if (isTraceEnabled()) { - add(trace, format(msg, params), cause); + private static MockAppender getMockAppender(final String name) { + final LoggerContext ctx = (LoggerContext) LogManager.getContext(false); + final Configuration config = ctx.getConfiguration(); + final LoggerConfig loggerConfig = config.getLoggerConfig(name); + return (MockAppender) loggerConfig.getAppenders().get(name); + } + + public static boolean isEmpty(final String name) { + final MockAppender appender = getMockAppender(name); + return appender.isEmpty(); + } + + public static List output(final String name, final Level level) { + final MockAppender appender = getMockAppender(name); + return appender.output(level); + } + + private static class MockAppender extends AbstractAppender { + + public final List error = new ArrayList<>(); + public final List warn = new ArrayList<>(); + public final List info = new ArrayList<>(); + public final List debug = new ArrayList<>(); + public final List trace = new ArrayList<>(); + + private MockAppender(final String name) throws IllegalAccessException { + super(name, RegexFilter.createFilter(".*(\n.*)*", new String[0], true, null, null), null); + } + + @Override + public void append(LogEvent event) { + switch (event.getLevel().toString()) { + // we can not keep a reference to the event here because Log4j is using a thread + // local instance under the hood + case "ERROR": + error.add(event.getMessage().getFormattedMessage()); + break; + case "WARN": + warn.add(event.getMessage().getFormattedMessage()); + break; + case "INFO": + info.add(event.getMessage().getFormattedMessage()); + break; + case "DEBUG": + debug.add(event.getMessage().getFormattedMessage()); + break; + case "TRACE": + trace.add(event.getMessage().getFormattedMessage()); + break; + default: + throw invalidLevelException(event.getLevel()); + } + } + + private IllegalArgumentException invalidLevelException(Level level) { + return new IllegalArgumentException("invalid level, expected [ERROR|WARN|INFO|DEBUG|TRACE] but was [" + level + "]"); + } + + public boolean isEmpty() { + return error.isEmpty() && warn.isEmpty() && info.isEmpty() && debug.isEmpty() && trace.isEmpty(); + } + + public List output(Level level) { + switch (level.toString()) { + case "ERROR": + return error; + case "WARN": + return warn; + case "INFO": + return info; + case "DEBUG": + return debug; + case "TRACE": + return trace; + default: + throw invalidLevelException(level); + } } } - @Override - public void debug(String msg, Throwable cause, Object... params) { - if (isDebugEnabled()) { - add(debug, format(msg, params), cause); - } - } - - @Override - public void info(String msg, Throwable cause, Object... params) { - if (isInfoEnabled()) { - add(info, format(msg, params), cause); - } - } - - @Override - public void warn(String msg, Throwable cause, Object... params) { - if (isWarnEnabled()) { - add(warn, format(msg, params), cause); - } - } - - @Override - public void error(String msg, Throwable cause, Object... params) { - if (isErrorEnabled()) { - add(error, format(msg, params), cause); - } - } - - @Override - public String getName() { - return "capturing"; - } - - @Override - public void setLevel(String level) { - this.level = Level.resolve(level); - } - - @Override - public String getLevel() { - return level.name().toLowerCase(Locale.ROOT); - } - - public Level level() { - return level; - } - - @Override - public boolean isTraceEnabled() { - return level.enabled(Level.TRACE); - } - - @Override - public boolean isDebugEnabled() { - return level.enabled(Level.DEBUG); - } - - @Override - public boolean isInfoEnabled() { - return level.enabled(Level.INFO); - } - - @Override - public boolean isWarnEnabled() { - return level.enabled(Level.WARN); - } - - @Override - public boolean isErrorEnabled() { - return level.enabled(Level.ERROR); - } - - public List output(Level level) { - switch (level) { - case ERROR: return error; - case WARN: return warn; - case INFO: return info; - case DEBUG: return debug; - case TRACE: return trace; - default: - return null; // can never happen - } - } - - private static void add(List list, String text, Throwable t) { - list.add(new Msg(text, t)); - } - - public boolean isEmpty() { - return error.isEmpty() && warn.isEmpty() && info.isEmpty() && debug.isEmpty() && trace.isEmpty(); - } - - public static class Msg { - public String text; - public Throwable t; - - public Msg(String text, Throwable t) { - this.text = text; - this.t = t; - } - } - - public enum Level { - ERROR(0), WARN(1), INFO(2), DEBUG(3), TRACE(4); - - private final int value; - - private Level(int value) { - this.value = value; - } - - public boolean enabled(Level other) { - return value >= other.value; - } - - private static Level resolve(String level) { - return Level.valueOf(level.toUpperCase(Locale.ROOT)); - } - } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java index 3c9d37efac2..0d0f0a159a1 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java @@ -5,6 +5,8 @@ */ package org.elasticsearch.xpack.security.audit.logfile; +import org.apache.logging.log4j.Level; +import org.apache.logging.log4j.Logger; import org.elasticsearch.action.IndicesRequest; import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.cluster.node.DiscoveryNode; @@ -22,7 +24,6 @@ import org.elasticsearch.rest.RestRequest; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.transport.TransportMessage; import org.elasticsearch.xpack.security.audit.AuditUtil; -import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger.Level; import org.elasticsearch.xpack.security.authc.AuthenticationToken; import org.elasticsearch.xpack.security.rest.RemoteHostHeader; import org.elasticsearch.xpack.security.transport.filter.IPFilter; @@ -43,7 +44,8 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; public class LoggingAuditTrailTests extends ESTestCase { - private static enum RestContent { + + private enum RestContent { VALID() { @Override protected boolean hasContent() { @@ -121,17 +123,17 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testAnonymousAccessDeniedTransport() throws Exception { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); String origins = LoggingAuditTrail.originAttributes(message, clusterService.localNode(), threadContext); auditTrail.anonymousAccessDenied("_action", message); - switch (level) { - case ERROR: + switch (level.toString()) { + case "ERROR": assertEmptyLog(logger); break; - case WARN: - case INFO: + case "WARN": + case "INFO": if (message instanceof IndicesRequest) { assertMsg(logger, Level.WARN, prefix + "[transport] [anonymous_access_denied]\t" + origins + ", action=[_action], indices=[" + indices(message) + "]"); @@ -139,8 +141,8 @@ public class LoggingAuditTrailTests extends ESTestCase { assertMsg(logger, Level.WARN, prefix + "[transport] [anonymous_access_denied]\t" + origins + ", action=[_action]"); } break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": if (message instanceof IndicesRequest) { assertMsg(logger, Level.DEBUG, prefix + "[transport] [anonymous_access_denied]\t" + origins + ", action=[_action], indices=[" + indices(message) + "], request=[MockIndicesRequest]"); @@ -161,20 +163,20 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.anonymousAccessDenied(request); - switch (level) { - case ERROR: + switch (level.toString()) { + case "ERROR": assertEmptyLog(logger); break; - case WARN: - case INFO: + case "WARN": + case "INFO": assertMsg(logger, Level.WARN, prefix + "[rest] [anonymous_access_denied]\torigin_address=[" + NetworkAddress.format(address) + "], uri=[_uri]"); break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": assertMsg(logger, Level.DEBUG, prefix + "[rest] [anonymous_access_denied]\torigin_address=[" + NetworkAddress.format(address) + "], uri=[_uri], request_body=[" + expectedMessage + "]"); } @@ -184,15 +186,15 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testAuthenticationFailed() throws Exception { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);; auditTrail.authenticationFailed(new MockToken(), "_action", message); - switch (level) { - case ERROR: - case WARN: - case INFO: + switch (level.toString()) { + case "ERROR": + case "WARN": + case "INFO": if (message instanceof IndicesRequest) { assertMsg(logger, Level.ERROR, prefix + "[transport] [authentication_failed]\t" + origins + ", principal=[_principal], action=[_action], indices=[" + indices(message) + "]"); @@ -201,8 +203,8 @@ public class LoggingAuditTrailTests extends ESTestCase { ", principal=[_principal], action=[_action]"); } break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": if (message instanceof IndicesRequest) { assertMsg(logger, Level.DEBUG, prefix + "[transport] [authentication_failed]\t" + origins + ", principal=[_principal], action=[_action], indices=[" + indices(message) + @@ -218,15 +220,15 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testAuthenticationFailedNoToken() throws Exception { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);; auditTrail.authenticationFailed("_action", message); - switch (level) { - case ERROR: - case WARN: - case INFO: + switch (level.toString()) { + case "ERROR": + case "WARN": + case "INFO": if (message instanceof IndicesRequest) { assertMsg(logger, Level.ERROR, prefix + "[transport] [authentication_failed]\t" + origins + ", action=[_action], indices=[" + indices(message) + "]"); @@ -235,8 +237,8 @@ public class LoggingAuditTrailTests extends ESTestCase { ", action=[_action]"); } break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": if (message instanceof IndicesRequest) { assertMsg(logger, Level.DEBUG, prefix + "[transport] [authentication_failed]\t" + origins + ", action=[_action], indices=[" + indices(message) + "], request=[MockIndicesRequest]"); @@ -256,18 +258,18 @@ public class LoggingAuditTrailTests extends ESTestCase { when(request.getRemoteAddress()).thenReturn(new InetSocketAddress(address, 9200)); when(request.uri()).thenReturn("_uri"); String expectedMessage = prepareRestContent(request); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.authenticationFailed(new MockToken(), request); - switch (level) { - case ERROR: - case WARN: - case INFO: + switch (level.toString()) { + case "ERROR": + case "WARN": + case "INFO": assertMsg(logger, Level.ERROR, prefix + "[rest] [authentication_failed]\torigin_address=[" + NetworkAddress.format(address) + "], principal=[_principal], uri=[_uri]"); break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": assertMsg(logger, Level.DEBUG, prefix + "[rest] [authentication_failed]\torigin_address=[" + NetworkAddress.format(address) + "], principal=[_principal], uri=[_uri], request_body=[" + expectedMessage + "]"); @@ -283,18 +285,18 @@ public class LoggingAuditTrailTests extends ESTestCase { when(request.getRemoteAddress()).thenReturn(new InetSocketAddress(address, 9200)); when(request.uri()).thenReturn("_uri"); String expectedMessage = prepareRestContent(request); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.authenticationFailed(request); - switch (level) { - case ERROR: - case WARN: - case INFO: + switch (level.toString()) { + case "ERROR": + case "WARN": + case "INFO": assertMsg(logger, Level.ERROR, prefix + "[rest] [authentication_failed]\torigin_address=[" + NetworkAddress.format(address) + "], uri=[_uri]"); break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": assertMsg(logger, Level.DEBUG, prefix + "[rest] [authentication_failed]\torigin_address=[" + NetworkAddress.format(address) + "], uri=[_uri], request_body=[" + expectedMessage + "]"); } @@ -304,19 +306,19 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testAuthenticationFailedRealm() throws Exception { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);; auditTrail.authenticationFailed("_realm", new MockToken(), "_action", message); - switch (level) { - case ERROR: - case WARN: - case INFO: - case DEBUG: + switch (level.toString()) { + case "ERROR": + case "WARN": + case "INFO": + case "DEBUG": assertEmptyLog(logger); break; - case TRACE: + case "TRACE": if (message instanceof IndicesRequest) { assertMsg(logger, Level.TRACE, prefix + "[transport] [authentication_failed]\trealm=[_realm], " + origins + ", principal=[_principal], action=[_action], indices=[" + indices(message) + "], " + @@ -337,17 +339,17 @@ public class LoggingAuditTrailTests extends ESTestCase { when(request.getRemoteAddress()).thenReturn(new InetSocketAddress(address, 9200)); when(request.uri()).thenReturn("_uri"); String expectedMessage = prepareRestContent(request); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.authenticationFailed("_realm", new MockToken(), request); - switch (level) { - case ERROR: - case WARN: - case INFO: - case DEBUG: + switch (level.toString()) { + case "ERROR": + case "WARN": + case "INFO": + case "DEBUG": assertEmptyLog(logger); break; - case TRACE: + case "TRACE": assertMsg(logger, Level.TRACE, prefix + "[rest] [authentication_failed]\trealm=[_realm], origin_address=[" + NetworkAddress.format(address) + "], principal=[_principal], uri=[_uri], request_body=[" + expectedMessage + "]"); @@ -358,7 +360,7 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testAccessGranted() throws Exception { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); @@ -372,12 +374,12 @@ public class LoggingAuditTrailTests extends ESTestCase { } String userInfo = runAs ? "principal=[running as], run_by_principal=[_username]" : "principal=[_username]"; auditTrail.accessGranted(user, "_action", message); - switch (level) { - case ERROR: - case WARN: + switch (level.toString()) { + case "ERROR": + case "WARN": assertEmptyLog(logger); break; - case INFO: + case "INFO": if (message instanceof IndicesRequest) { assertMsg(logger, Level.INFO, prefix + "[transport] [access_granted]\t" + origins + ", " + userInfo + ", action=[_action], indices=[" + indices(message) + "]"); @@ -386,8 +388,8 @@ public class LoggingAuditTrailTests extends ESTestCase { ", action=[_action]"); } break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": if (message instanceof IndicesRequest) { assertMsg(logger, Level.DEBUG, prefix + "[transport] [access_granted]\t" + origins + ", " + userInfo + ", action=[_action], indices=[" + indices(message) + "], request=[MockIndicesRequest]"); @@ -402,19 +404,19 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testAccessGrantedInternalSystemAction() throws Exception { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); auditTrail.accessGranted(SystemUser.INSTANCE, "internal:_action", message); - switch (level) { - case ERROR: - case WARN: - case INFO: - case DEBUG: + switch (level.toString()) { + case "ERROR": + case "WARN": + case "INFO": + case "DEBUG": assertEmptyLog(logger); break; - case TRACE: + case "TRACE": if (message instanceof IndicesRequest) { assertMsg(logger, Level.TRACE, prefix + "[transport] [access_granted]\t" + origins + ", principal=[" + SystemUser.INSTANCE.principal() @@ -430,7 +432,7 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testAccessGrantedInternalSystemActionNonSystemUser() throws Exception { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); @@ -444,12 +446,12 @@ public class LoggingAuditTrailTests extends ESTestCase { } String userInfo = runAs ? "principal=[running as], run_by_principal=[_username]" : "principal=[_username]"; auditTrail.accessGranted(user, "internal:_action", message); - switch (level) { - case ERROR: - case WARN: + switch (level.toString()) { + case "ERROR": + case "WARN": assertEmptyLog(logger); break; - case INFO: + case "INFO": if (message instanceof IndicesRequest) { assertMsg(logger, Level.INFO, prefix + "[transport] [access_granted]\t" + origins + ", " + userInfo + ", action=[internal:_action], indices=[" + indices(message) + "]"); @@ -458,8 +460,8 @@ public class LoggingAuditTrailTests extends ESTestCase { ", action=[internal:_action]"); } break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": if (message instanceof IndicesRequest) { assertMsg(logger, Level.DEBUG, prefix + "[transport] [access_granted]\t" + origins + ", " + userInfo + ", action=[internal:_action], indices=[" + indices(message) + "], request=[MockIndicesRequest]"); @@ -474,7 +476,7 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testAccessDenied() throws Exception { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); @@ -488,10 +490,10 @@ public class LoggingAuditTrailTests extends ESTestCase { } String userInfo = runAs ? "principal=[running as], run_by_principal=[_username]" : "principal=[_username]"; auditTrail.accessDenied(user, "_action", message); - switch (level) { - case ERROR: - case WARN: - case INFO: + switch (level.toString()) { + case "ERROR": + case "WARN": + case "INFO": if (message instanceof IndicesRequest) { assertMsg(logger, Level.ERROR, prefix + "[transport] [access_denied]\t" + origins + ", " + userInfo + ", action=[_action], indices=[" + indices(message) + "]"); @@ -500,8 +502,8 @@ public class LoggingAuditTrailTests extends ESTestCase { ", action=[_action]"); } break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": if (message instanceof IndicesRequest) { assertMsg(logger, Level.DEBUG, prefix + "[transport] [access_denied]\t" + origins + ", " + userInfo + ", action=[_action], indices=[" + indices(message) + "], request=[MockIndicesRequest]"); @@ -522,18 +524,18 @@ public class LoggingAuditTrailTests extends ESTestCase { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.tamperedRequest(request); - switch (level) { - case ERROR: - case WARN: - case INFO: + switch (level.toString()) { + case "ERROR": + case "WARN": + case "INFO": assertMsg(logger, Level.ERROR, prefix + "[rest] [tampered_request]\torigin_address=[" + NetworkAddress.format(address) + "], uri=[_uri]"); break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": assertMsg(logger, Level.DEBUG, prefix + "[rest] [tampered_request]\torigin_address=[" + NetworkAddress.format(address) + "], uri=[_uri], request_body=[" + expectedMessage + "]"); } @@ -546,13 +548,13 @@ public class LoggingAuditTrailTests extends ESTestCase { threadContext = new ThreadContext(Settings.EMPTY); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.tamperedRequest(action, message); - switch (level) { - case ERROR: - case WARN: - case INFO: + switch (level.toString()) { + case "ERROR": + case "WARN": + case "INFO": if (message instanceof IndicesRequest) { assertMsg(logger, Level.ERROR, prefix + "[transport] [tampered_request]\t" + origins + ", action=[_action], indices=[" + indices(message) + "]"); @@ -560,8 +562,8 @@ public class LoggingAuditTrailTests extends ESTestCase { assertMsg(logger, Level.ERROR, prefix + "[transport] [tampered_request]\t" + origins + ", action=[_action]"); } break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": if (message instanceof IndicesRequest) { assertMsg(logger, Level.DEBUG, prefix + "[transport] [tampered_request]\t" + origins + ", action=[_action], indices=[" + indices(message) + "], request=[MockIndicesRequest]"); @@ -587,13 +589,13 @@ public class LoggingAuditTrailTests extends ESTestCase { threadContext = new ThreadContext(Settings.EMPTY); TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext); String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); auditTrail.tamperedRequest(user, action, message); - switch (level) { - case ERROR: - case WARN: - case INFO: + switch (level.toString()) { + case "ERROR": + case "WARN": + case "INFO": if (message instanceof IndicesRequest) { assertMsg(logger, Level.ERROR, prefix + "[transport] [tampered_request]\t" + origins + ", " + userInfo + ", action=[_action], indices=[" + indices(message) + "]"); @@ -602,8 +604,8 @@ public class LoggingAuditTrailTests extends ESTestCase { ", action=[_action]"); } break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": if (message instanceof IndicesRequest) { assertMsg(logger, Level.DEBUG, prefix + "[transport] [tampered_request]\t" + origins + ", " + userInfo + ", action=[_action], indices=[" + indices(message) + "], request=[MockIndicesRequest]"); @@ -618,21 +620,21 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testConnectionDenied() throws Exception { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); InetAddress inetAddress = InetAddress.getLoopbackAddress(); SecurityIpFilterRule rule = new SecurityIpFilterRule(false, "_all"); auditTrail.connectionDenied(inetAddress, "default", rule); - switch (level) { - case ERROR: + switch (level.toString()) { + case "ERROR": assertMsg(logger, Level.ERROR, String.format(Locale.ROOT, prefix + "[ip_filter] [connection_denied]\torigin_address=[%s], transport_profile=[%s], rule=[deny %s]", NetworkAddress.format(inetAddress), "default", "_all")); break; - case WARN: - case INFO: - case DEBUG: - case TRACE: + case "WARN": + case "INFO": + case "DEBUG": + case "TRACE": } } } @@ -640,19 +642,19 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testConnectionGranted() throws Exception { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); InetAddress inetAddress = InetAddress.getLoopbackAddress(); SecurityIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL; auditTrail.connectionGranted(inetAddress, "default", rule); - switch (level) { - case ERROR: - case WARN: - case INFO: - case DEBUG: + switch (level.toString()) { + case "ERROR": + case "WARN": + case "INFO": + case "DEBUG": assertEmptyLog(logger); break; - case TRACE: + case "TRACE": assertMsg(logger, Level.TRACE, String.format(Locale.ROOT, prefix + "[ip_filter] " + "[connection_granted]\torigin_address=[%s], transport_profile=[default], rule=[allow default:accept_all]", NetworkAddress.format(inetAddress))); @@ -663,23 +665,23 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testRunAsGranted() throws Exception { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = new MockMessage(threadContext); String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); User user = new User("_username", new String[]{"r1"}, new User("running as", new String[] {"r2"})); auditTrail.runAsGranted(user, "_action", message); - switch (level) { - case ERROR: - case WARN: + switch (level.toString()) { + case "ERROR": + case "WARN": assertEmptyLog(logger); break; - case INFO: + case "INFO": assertMsg(logger, Level.INFO, prefix + "[transport] [run_as_granted]\t" + origins + ", principal=[_username], run_as_principal=[running as], action=[_action]"); break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": assertMsg(logger, Level.DEBUG, prefix + "[transport] [run_as_granted]\t" + origins + ", principal=[_username], run_as_principal=[running as], action=[_action], request=[MockMessage]"); } @@ -689,23 +691,23 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testRunAsDenied() throws Exception { for (Level level : Level.values()) { threadContext = new ThreadContext(Settings.EMPTY); - CapturingLogger logger = new CapturingLogger(level); + Logger logger = CapturingLogger.newCapturingLogger(level); LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext); TransportMessage message = new MockMessage(threadContext); String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext); User user = new User("_username", new String[]{"r1"}, new User("running as", new String[] {"r2"})); auditTrail.runAsDenied(user, "_action", message); - switch (level) { - case ERROR: - case WARN: + switch (level.toString()) { + case "ERROR": + case "WARN": assertEmptyLog(logger); break; - case INFO: + case "INFO": assertMsg(logger, Level.INFO, prefix + "[transport] [run_as_denied]\t" + origins + ", principal=[_username], run_as_principal=[running as], action=[_action]"); break; - case DEBUG: - case TRACE: + case "DEBUG": + case "TRACE": assertMsg(logger, Level.DEBUG, prefix + "[transport] [run_as_denied]\t" + origins + ", principal=[_username], run_as_principal=[running as], action=[_action], request=[MockMessage]"); } @@ -736,14 +738,14 @@ public class LoggingAuditTrailTests extends ESTestCase { } } - private void assertMsg(CapturingLogger logger, Level msgLevel, String msg) { - List output = logger.output(msgLevel); + private void assertMsg(Logger logger, Level level, String message) { + List output = CapturingLogger.output(logger.getName(), level); assertThat(output.size(), is(1)); - assertThat(output.get(0).text, equalTo(msg)); + assertThat(output.get(0), equalTo(message)); } - private void assertEmptyLog(CapturingLogger logger) { - assertThat(logger.isEmpty(), is(true)); + private void assertEmptyLog(Logger logger) { + assertThat(CapturingLogger.isEmpty(logger.getName()), is(true)); } private String prepareRestContent(RestRequest mock) { @@ -825,4 +827,5 @@ public class LoggingAuditTrailTests extends ESTestCase { } } + } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java index fe9ce7eb91f..e756ff6aabc 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java @@ -20,7 +20,6 @@ import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.elasticsearch.xpack.security.authc.support.SecuredStringTests; import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.test.SecuritySettingsSource; import org.elasticsearch.xpack.XPackTransportClient; @@ -229,7 +228,7 @@ public class RunAsIntegTests extends SecurityIntegTestCase { Settings settings = Settings.builder() .put(extraSettings) .put("cluster.name", clusterName) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), false) + .put("xpack.security.transport.ssl.enabled", false) .build(); return new XPackTransportClient(settings) diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java index 9c6489908b8..6cf6d67bb38 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java @@ -10,7 +10,7 @@ import org.elasticsearch.env.Environment; import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.junit.annotations.Network; -import org.elasticsearch.xpack.security.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLService; import org.junit.Before; import java.nio.file.Path; @@ -37,8 +37,8 @@ public class AbstractActiveDirectoryIntegTests extends ESTestCase { */ Settings.Builder builder = Settings.builder().put("path.home", createTempDir()); if (useGlobalSSL) { - builder.put("xpack.security.ssl.keystore.path", keystore) - .put("xpack.security.ssl.keystore.password", "changeit"); + builder.put("xpack.ssl.keystore.path", keystore) + .put("xpack.ssl.keystore.password", "changeit"); } else { // fake a realm so ssl will get loaded builder.put("xpack.security.authc.realms.foo.ssl.truststore.path", keystore); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java index 2a02e94af60..8e821d4b385 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java @@ -24,7 +24,7 @@ import static org.hamcrest.Matchers.is; @Network public class ActiveDirectoryGroupsResolverTests extends GroupsResolverTestCase { - public static final String BRUCE_BANNER_DN = "cn=Bruce Banner,CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com"; + private static final String BRUCE_BANNER_DN = "cn=Bruce Banner,CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com"; public void testResolveSubTree() throws Exception { Settings settings = Settings.builder() diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeMigrateToolTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeMigrateToolTests.java index 59ed23be55e..2d33333eb02 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeMigrateToolTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeMigrateToolTests.java @@ -44,7 +44,7 @@ public class ESNativeMigrateToolTests extends NativeRealmIntegTestCase { Settings s = Settings.builder() .put(super.nodeSettings(nodeOrdinal)) .put(NetworkModule.HTTP_ENABLED.getKey(), true) - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), useSSL) + .put("xpack.security.http.ssl.enabled", useSSL) .build(); return s; } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStoreTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStoreTests.java index d390c64d487..fbd7ed13548 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStoreTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStoreTests.java @@ -5,17 +5,20 @@ */ package org.elasticsearch.xpack.security.authc.file; +import org.apache.logging.log4j.Level; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.core.LogEvent; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; +import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; +import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger; import org.elasticsearch.xpack.security.authc.RealmConfig; import org.elasticsearch.xpack.security.authc.support.Hasher; import org.elasticsearch.xpack.security.authc.support.RefreshListener; import org.elasticsearch.xpack.security.authc.support.SecuredStringTests; -import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.threadpool.TestThreadPool; -import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.XPackPlugin; import org.junit.After; import org.junit.Before; @@ -40,9 +43,6 @@ import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; -/** - * - */ public class FileUserPasswdStoreTests extends ESTestCase { private Settings settings; @@ -173,17 +173,17 @@ public class FileUserPasswdStoreTests extends ESTestCase { public void testParseFile_Empty() throws Exception { Path empty = createTempFile(); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.DEBUG); + Logger logger = CapturingLogger.newCapturingLogger(Level.DEBUG); Map users = FileUserPasswdStore.parseFile(empty, logger); assertThat(users.isEmpty(), is(true)); - List msgs = logger.output(CapturingLogger.Level.DEBUG); - assertThat(msgs.size(), is(1)); - assertThat(msgs.get(0).text, containsString("parsed [0] users")); + List events = CapturingLogger.output(logger.getName(), Level.DEBUG); + assertThat(events.size(), is(1)); + assertThat(events.get(0), containsString("parsed [0] users")); } public void testParseFile_WhenFileDoesNotExist() throws Exception { Path file = createTempDir().resolve(randomAsciiOfLength(10)); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.INFO); + Logger logger = CapturingLogger.newCapturingLogger(Level.INFO); Map users = FileUserPasswdStore.parseFile(file, logger); assertThat(users, notNullValue()); assertThat(users.isEmpty(), is(true)); @@ -193,7 +193,7 @@ public class FileUserPasswdStoreTests extends ESTestCase { Path file = createTempFile(); // writing in utf_16 should cause a parsing error as we try to read the file in utf_8 Files.write(file, Collections.singletonList("aldlfkjldjdflkjd"), StandardCharsets.UTF_16); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.INFO); + Logger logger = CapturingLogger.newCapturingLogger(Level.INFO); try { FileUserPasswdStore.parseFile(file, logger); fail("expected a parse failure"); @@ -214,13 +214,13 @@ public class FileUserPasswdStoreTests extends ESTestCase { Path file = createTempFile(); // writing in utf_16 should cause a parsing error as we try to read the file in utf_8 Files.write(file, Collections.singletonList("aldlfkjldjdflkjd"), StandardCharsets.UTF_16); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.INFO); + Logger logger = CapturingLogger.newCapturingLogger(Level.INFO); Map users = FileUserPasswdStore.parseFileLenient(file, logger); assertThat(users, notNullValue()); assertThat(users.isEmpty(), is(true)); - List msgs = logger.output(CapturingLogger.Level.ERROR); - assertThat(msgs.size(), is(1)); - assertThat(msgs.get(0).text, containsString("failed to parse users file")); + List events = CapturingLogger.output(logger.getName(), Level.ERROR); + assertThat(events.size(), is(1)); + assertThat(events.get(0), containsString("failed to parse users file")); } public void testParseFileWithLineWithEmptyPasswordAndWhitespace() throws Exception { @@ -230,4 +230,5 @@ public class FileUserPasswdStoreTests extends ESTestCase { assertThat(users, notNullValue()); assertThat(users.keySet(), is(empty())); } + } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStoreTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStoreTests.java index 93e394f101f..272f7ae5b06 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStoreTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStoreTests.java @@ -5,19 +5,21 @@ */ package org.elasticsearch.xpack.security.authc.file; +import org.apache.logging.log4j.Level; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.core.LogEvent; import org.elasticsearch.common.Strings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; -import org.elasticsearch.xpack.XPackPlugin; -import org.elasticsearch.xpack.XPackSettings; -import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger; -import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger.Level; -import org.elasticsearch.xpack.security.authc.RealmConfig; -import org.elasticsearch.xpack.security.authc.support.RefreshListener; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.watcher.ResourceWatcherService; +import org.elasticsearch.xpack.XPackPlugin; +import org.elasticsearch.xpack.XPackSettings; +import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger; +import org.elasticsearch.xpack.security.authc.RealmConfig; +import org.elasticsearch.xpack.security.authc.support.RefreshListener; import org.junit.After; import org.junit.Before; @@ -44,6 +46,7 @@ import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; public class FileUserRolesStoreTests extends ESTestCase { + private Settings settings; private Environment env; private ThreadPool threadPool; @@ -182,16 +185,16 @@ public class FileUserRolesStoreTests extends ESTestCase { public void testParseFileEmpty() throws Exception { Path empty = createTempFile(); - CapturingLogger log = new CapturingLogger(Level.DEBUG); + Logger log = CapturingLogger.newCapturingLogger(Level.DEBUG); FileUserRolesStore.parseFile(empty, log); - List msgs = log.output(CapturingLogger.Level.DEBUG); - assertThat(msgs.size(), is(1)); - assertThat(msgs.get(0).text, containsString("parsed [0] user to role mappings")); + List events = CapturingLogger.output(log.getName(), Level.DEBUG); + assertThat(events.size(), is(1)); + assertThat(events.get(0), containsString("parsed [0] user to role mappings")); } public void testParseFileWhenFileDoesNotExist() throws Exception { Path file = createTempDir().resolve(randomAsciiOfLength(10)); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.INFO); + Logger logger = CapturingLogger.newCapturingLogger(Level.INFO); Map usersRoles = FileUserRolesStore.parseFile(file, logger); assertThat(usersRoles, notNullValue()); assertThat(usersRoles.isEmpty(), is(true)); @@ -204,7 +207,7 @@ public class FileUserRolesStoreTests extends ESTestCase { // writing in utf_16 should cause a parsing error as we try to read the file in utf_8 Files.write(file, lines, StandardCharsets.UTF_16); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.INFO); + Logger logger = CapturingLogger.newCapturingLogger(Level.DEBUG); try { FileUserRolesStore.parseFile(file, logger); fail("expected a parse failure"); @@ -261,13 +264,13 @@ public class FileUserRolesStoreTests extends ESTestCase { // writing in utf_16 should cause a parsing error as we try to read the file in utf_8 Files.write(file, lines, StandardCharsets.UTF_16); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.INFO); + Logger logger = CapturingLogger.newCapturingLogger(Level.DEBUG); Map usersRoles = FileUserRolesStore.parseFileLenient(file, logger); assertThat(usersRoles, notNullValue()); assertThat(usersRoles.isEmpty(), is(true)); - List msgs = logger.output(CapturingLogger.Level.ERROR); - assertThat(msgs.size(), is(1)); - assertThat(msgs.get(0).text, containsString("failed to parse users_roles file")); + List events = CapturingLogger.output(logger.getName(), Level.ERROR); + assertThat(events.size(), is(1)); + assertThat(events.get(0), containsString("failed to parse users_roles file")); } private Path writeUsersRoles(String input) throws Exception { @@ -289,4 +292,5 @@ public class FileUserRolesStoreTests extends ESTestCase { String reason = String.format(Locale.ROOT, "Expected userRoles to be empty, but was %s", usersRoles.keySet()); assertThat(reason, usersRoles.keySet(), hasSize(0)); } + } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java index 3791ff8906d..c8b4718c60c 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java @@ -12,7 +12,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory; import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.xpack.security.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLService; import org.junit.After; import org.junit.Before; @@ -34,8 +34,8 @@ public abstract class GroupsResolverTestCase extends ESTestCase { boolean useGlobalSSL = randomBoolean(); Settings.Builder builder = Settings.builder().put("path.home", createTempDir()); if (useGlobalSSL) { - builder.put("xpack.security.ssl.keystore.path", keystore) - .put("xpack.security.ssl.keystore.password", "changeit"); + builder.put("xpack.ssl.keystore.path", keystore) + .put("xpack.ssl.keystore.password", "changeit"); } else { // fake a realm so ssl will get loaded builder.put("xpack.security.authc.realms.foo.ssl.keystore.path", keystore); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java index 3cf8ddd03e8..a9ba816e4a7 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java @@ -25,7 +25,7 @@ import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession; import org.elasticsearch.xpack.security.authc.ldap.support.LdapTestCase; import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.elasticsearch.xpack.security.authc.support.SecuredStringTests; -import org.elasticsearch.xpack.security.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLService; import org.elasticsearch.xpack.security.support.NoOpLogger; import org.elasticsearch.test.junit.annotations.Network; import org.junit.Before; @@ -59,8 +59,8 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase { */ globalSettings = Settings.builder() .put("path.home", createTempDir()) - .put("xpack.security.ssl.keystore.path", keystore) - .put("xpack.security.ssl.keystore.password", "changeit") + .put("xpack.ssl.keystore.path", keystore) + .put("xpack.ssl.keystore.password", "changeit") .build(); sslService = new SSLService(globalSettings, env); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java index dacf3231201..37a9648b21f 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java @@ -16,7 +16,7 @@ import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory; import org.elasticsearch.xpack.security.authc.support.SecuredStringTests; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.junit.annotations.Network; -import org.elasticsearch.xpack.security.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLService; import org.junit.Before; import java.nio.file.Path; @@ -46,8 +46,8 @@ public class OpenLdapTests extends ESTestCase { useGlobalSSL = randomBoolean(); Settings.Builder builder = Settings.builder().put("path.home", createTempDir()); if (useGlobalSSL) { - builder.put("xpack.security.ssl.keystore.path", keystore) - .put("xpack.security.ssl.keystore.password", "changeit"); + builder.put("xpack.ssl.keystore.path", keystore) + .put("xpack.ssl.keystore.password", "changeit"); } else { // fake a realm so ssl will get loaded builder.put("xpack.security.authc.realms.foo.ssl.truststore.path", keystore); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryLoadBalancingTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryLoadBalancingTests.java index e34b71a7239..2e4677fa86f 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryLoadBalancingTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryLoadBalancingTests.java @@ -10,7 +10,7 @@ import com.unboundid.ldap.sdk.LDAPConnection; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.xpack.security.authc.RealmConfig; import org.elasticsearch.xpack.security.authc.support.SecuredString; -import org.elasticsearch.xpack.security.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLService; import java.util.ArrayList; import java.util.Arrays; diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java index 84eeae70802..4ab41345245 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java @@ -21,8 +21,7 @@ import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.authc.file.FileRealm; -import org.elasticsearch.xpack.security.transport.SSLClientAuth; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; +import org.elasticsearch.xpack.ssl.SSLClientAuth; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.transport.Transport; @@ -57,8 +56,8 @@ public class PkiAuthenticationTests extends SecurityIntegTestCase { .put(super.nodeSettings(nodeOrdinal)) .put(NetworkModule.HTTP_ENABLED.getKey(), true) - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true) - .put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), sslClientAuth) + .put("xpack.security.http.ssl.enabled", true) + .put("xpack.security.http.ssl.client_authentication", sslClientAuth) .put("xpack.security.authc.realms.file.type", FileRealm.TYPE) .put("xpack.security.authc.realms.file.order", "0") .put("xpack.security.authc.realms.pki1.type", PkiRealm.TYPE) @@ -141,10 +140,10 @@ public class PkiAuthenticationTests extends SecurityIntegTestCase { private TransportClient createTransportClient(Settings additionalSettings) { Settings clientSettings = transportClientSettings(); - if (additionalSettings.getByPrefix("xpack.security.ssl.").isEmpty() == false) { + if (additionalSettings.getByPrefix("xpack.ssl.").isEmpty() == false) { Settings.Builder builder = Settings.builder(); for (Entry entry : clientSettings.getAsMap().entrySet()) { - if (entry.getKey().startsWith("xpack.security.ssl.") == false) { + if (entry.getKey().startsWith("xpack.ssl.") == false) { builder.put(entry.getKey(), entry.getValue()); } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java index 58b15f5a289..9e2ce4e0bf8 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java @@ -21,9 +21,7 @@ import org.elasticsearch.xpack.XPackTransportClient; import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; -import org.elasticsearch.xpack.security.transport.SSLClientAuth; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; +import org.elasticsearch.xpack.ssl.SSLClientAuth; import org.junit.BeforeClass; import javax.net.ssl.SSLContext; @@ -56,8 +54,8 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase { return Settings.builder() .put(super.nodeSettings(nodeOrdinal)) .put(NetworkModule.HTTP_ENABLED.getKey(), true) - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true) - .put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), SSLClientAuth.OPTIONAL) + .put("xpack.security.http.ssl.enabled", true) + .put("xpack.security.http.ssl.client_authentication", SSLClientAuth.OPTIONAL) .put("xpack.security.authc.realms.file.type", "file") .put("xpack.security.authc.realms.file.order", "0") .put("xpack.security.authc.realms.pki1.type", "pki") @@ -68,7 +66,7 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase { .put("xpack.security.authc.realms.pki1.files.role_mapping", getDataPath("role_mapping.yml")) .put("transport.profiles.want_client_auth.port", randomClientPortRange) .put("transport.profiles.want_client_auth.bind_host", "localhost") - .put("transport.profiles.want_client_auth.xpack.security.ssl.client.auth", SSLClientAuth.OPTIONAL) + .put("transport.profiles.want_client_auth.xpack.security.ssl.client_authentication", SSLClientAuth.OPTIONAL) .build(); } @@ -106,7 +104,7 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase { .put(sslSettingsForStore) .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) .put("cluster.name", internalCluster().getClusterName()) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) + .put("xpack.ssl.client_authentication", SSLClientAuth.REQUIRED) .build(); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiRealmTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiRealmTests.java index 5fbba1c04b1..2ecefa36944 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiRealmTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiRealmTests.java @@ -7,6 +7,9 @@ package org.elasticsearch.xpack.security.authc.pki; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; +import org.elasticsearch.env.Environment; +import org.elasticsearch.xpack.ssl.SSLClientAuth; +import org.elasticsearch.xpack.ssl.SSLService; import org.elasticsearch.xpack.security.user.User; import org.elasticsearch.xpack.security.authc.RealmConfig; import org.elasticsearch.xpack.security.authc.support.DnRoleMapper; @@ -35,16 +38,25 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; public class PkiRealmTests extends ESTestCase { + private Settings globalSettings; + private SSLService sslService; @Before public void setup() { - globalSettings = Settings.builder().put("path.home", createTempDir()).build(); + Path testnodeStore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"); + globalSettings = Settings.builder() + .put("path.home", createTempDir()) + .put("xpack.ssl.keystore.path", testnodeStore) + .put("xpack.ssl.keystore.password", "testnode") + .put("xpack.security.transport.ssl.enabled", true) + .build(); + sslService = new SSLService(globalSettings, new Environment(globalSettings)); } public void testTokenSupport() { RealmConfig config = new RealmConfig("", Settings.EMPTY, globalSettings); - PkiRealm realm = new PkiRealm(config, mock(DnRoleMapper.class)); + PkiRealm realm = new PkiRealm(config, mock(DnRoleMapper.class), sslService); assertThat(realm.supports(null), is(false)); assertThat(realm.supports(new UsernamePasswordToken("", new SecuredString(new char[0]))), is(false)); @@ -55,7 +67,7 @@ public class PkiRealmTests extends ESTestCase { X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt")); ThreadContext threadContext = new ThreadContext(Settings.EMPTY); threadContext.putTransient(PkiRealm.PKI_CERT_HEADER_NAME, new X509Certificate[] { certificate }); - PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.EMPTY, globalSettings), mock(DnRoleMapper.class)); + PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.EMPTY, globalSettings), mock(DnRoleMapper.class), sslService); X509AuthenticationToken token = realm.token(threadContext); assertThat(token, is(notNullValue())); @@ -68,7 +80,7 @@ public class PkiRealmTests extends ESTestCase { X509AuthenticationToken token = new X509AuthenticationToken(new X509Certificate[] { certificate }, "Elasticsearch Test Node", "CN=Elasticsearch Test Node,"); DnRoleMapper roleMapper = mock(DnRoleMapper.class); - PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.EMPTY, globalSettings), roleMapper); + PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.EMPTY, globalSettings), roleMapper, sslService); when(roleMapper.resolveRoles(anyString(), anyList())).thenReturn(Collections.emptySet()); User user = realm.authenticate(token); @@ -82,7 +94,7 @@ public class PkiRealmTests extends ESTestCase { X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt")); DnRoleMapper roleMapper = mock(DnRoleMapper.class); PkiRealm realm = new PkiRealm(new RealmConfig("", Settings.builder().put("username_pattern", "OU=(.*?),").build(), globalSettings), - roleMapper); + roleMapper, sslService); when(roleMapper.resolveRoles(anyString(), anyList())).thenReturn(Collections.emptySet()); ThreadContext threadContext = new ThreadContext(Settings.EMPTY); threadContext.putTransient(PkiRealm.PKI_CERT_HEADER_NAME, new X509Certificate[] { certificate }); @@ -102,7 +114,7 @@ public class PkiRealmTests extends ESTestCase { .put("truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks")) .put("truststore.password", "testnode") .build(); - PkiRealm realm = new PkiRealm(new RealmConfig("", settings, globalSettings), roleMapper); + PkiRealm realm = new PkiRealm(new RealmConfig("", settings, globalSettings), roleMapper, sslService); when(roleMapper.resolveRoles(anyString(), anyList())).thenReturn(Collections.emptySet()); ThreadContext threadContext = new ThreadContext(Settings.EMPTY); @@ -124,7 +136,7 @@ public class PkiRealmTests extends ESTestCase { getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks")) .put("truststore.password", "testnode-client-profile") .build(); - PkiRealm realm = new PkiRealm(new RealmConfig("", settings, globalSettings), roleMapper); + PkiRealm realm = new PkiRealm(new RealmConfig("", settings, globalSettings), roleMapper, sslService); when(roleMapper.resolveRoles(anyString(), anyList())).thenReturn(Collections.emptySet()); ThreadContext threadContext = new ThreadContext(Settings.EMPTY); @@ -141,10 +153,10 @@ public class PkiRealmTests extends ESTestCase { getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks")) .build(); try { - new PkiRealm(new RealmConfig("", settings, globalSettings), mock(DnRoleMapper.class)); + new PkiRealm(new RealmConfig("mypki", settings, globalSettings), mock(DnRoleMapper.class), sslService); fail("exception should have been thrown"); } catch (IllegalArgumentException e) { - assertThat(e.getMessage(), containsString("no truststore password configured")); + assertThat(e.getMessage(), containsString("[xpack.security.authc.realms.mypki.truststore.password] is not configured")); } } @@ -184,6 +196,41 @@ public class PkiRealmTests extends ESTestCase { assertThat(token.dn(), is("EMAILADDRESS=pki@elastic.co, CN=PKI Client, OU=Security")); } + public void testNoClientAuthThrowsException() throws Exception { + Settings settings = Settings.builder() + .put(globalSettings) + .put("xpack.ssl.client_authentication", "none") + .build(); + + IllegalStateException e = expectThrows(IllegalStateException.class, + () -> new PkiRealm(new RealmConfig("", Settings.EMPTY, settings), mock(DnRoleMapper.class), + new SSLService(settings, new Environment(settings)))); + assertThat(e.getMessage(), containsString("has SSL with client authentication enabled")); + } + + public void testHttpClientAuthOnly() { + Settings settings = Settings.builder() + .put(globalSettings) + .put("xpack.ssl.client_authentication", "none") + .put("xpack.security.http.ssl.enabled", true) + .put("xpack.security.http.ssl.client_authentication", randomFrom(SSLClientAuth.OPTIONAL, SSLClientAuth.REQUIRED)) + .build(); + new PkiRealm(new RealmConfig("", Settings.EMPTY, settings), mock(DnRoleMapper.class), + new SSLService(settings, new Environment(settings))); + } + + public void testNoSSLThrowsException() throws Exception { + Settings settings = Settings.builder() + .put(globalSettings) + .put("xpack.security.transport.ssl.enabled", false) + .build(); + + IllegalStateException e = expectThrows(IllegalStateException.class, + () -> new PkiRealm(new RealmConfig("", Settings.EMPTY, settings), mock(DnRoleMapper.class), + new SSLService(settings, new Environment(settings)))); + assertThat(e.getMessage(), containsString("has SSL with client authentication enabled")); + } + static X509Certificate readCert(Path path) throws Exception { try (InputStream in = Files.newInputStream(path)) { CertificateFactory factory = CertificateFactory.getInstance("X.509"); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutClientAuthenticationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutClientAuthenticationTests.java deleted file mode 100644 index 7a21022f6e8..00000000000 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutClientAuthenticationTests.java +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.xpack.security.authc.pki; - - -import org.apache.http.message.BasicHeader; -import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; -import org.elasticsearch.client.Client; -import org.elasticsearch.client.Response; -import org.elasticsearch.client.RestClient; -import org.elasticsearch.common.network.NetworkModule; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.test.ESIntegTestCase.ClusterScope; -import org.elasticsearch.test.SecurityIntegTestCase; -import org.elasticsearch.test.SecuritySettingsSource; -import org.elasticsearch.xpack.security.authc.support.SecuredString; -import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; -import org.elasticsearch.xpack.security.transport.SSLClientAuth; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; - -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; -import java.security.SecureRandom; -import java.security.cert.X509Certificate; -import java.util.Locale; - -import static org.hamcrest.Matchers.is; - -@ClusterScope(numClientNodes = 0, supportsDedicatedMasters = false, numDataNodes = 1) -public class PkiWithoutClientAuthenticationTests extends SecurityIntegTestCase { - private TrustManager[] trustAllCerts = new TrustManager[] { - new X509TrustManager() { - @Override - public X509Certificate[] getAcceptedIssuers() { - return null; - } - - @Override - public void checkClientTrusted(X509Certificate[] certs, String authType) { - } - - @Override - public void checkServerTrusted(X509Certificate[] certs, String authType) { - } - } - }; - - @Override - public boolean sslTransportEnabled() { - return true; - } - - @Override - public Settings nodeSettings(int nodeOrdinal) { - return Settings.builder() - .put(super.nodeSettings(nodeOrdinal)) - .put(NetworkModule.HTTP_ENABLED.getKey(), true) - .put(SecurityNetty3Transport.CLIENT_AUTH_SETTING.getKey(), false) - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true) - .put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), - randomFrom(SSLClientAuth.NO.name(), false, "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT))) - .put("xpack.security.authc.realms.pki1.type", "pki") - .put("xpack.security.authc.realms.pki1.order", "0") - .build(); - } - - public void testThatTransportClientWorks() { - Client client = internalCluster().transportClient(); - assertGreenClusterState(client); - } - - public void testThatHttpWorks() throws Exception { - SSLContext sc = SSLContext.getInstance("SSL"); - sc.init(null, trustAllCerts, new SecureRandom()); - SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sc); - try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) { - Response response = restClient.performRequest("GET", "/_nodes", - new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, - UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, - new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))); - assertThat(response.getStatusLine().getStatusCode(), is(200)); - } - } -} diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutSSLTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutSSLTests.java deleted file mode 100644 index 375acafc2cf..00000000000 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutSSLTests.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.xpack.security.authc.pki; - -import org.apache.http.message.BasicHeader; -import org.elasticsearch.client.Client; -import org.elasticsearch.client.Response; -import org.elasticsearch.common.network.NetworkModule; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.test.ESIntegTestCase.ClusterScope; -import org.elasticsearch.test.SecurityIntegTestCase; -import org.elasticsearch.test.SecuritySettingsSource; -import org.elasticsearch.xpack.security.authc.support.SecuredString; -import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; - -import static org.hamcrest.Matchers.is; - -@ClusterScope(numClientNodes = 0, supportsDedicatedMasters = false, numDataNodes = 1) -public class PkiWithoutSSLTests extends SecurityIntegTestCase { - @Override - public boolean sslTransportEnabled() { - return false; - } - - @Override - public Settings nodeSettings(int nodeOrdinal) { - return Settings.builder() - .put(super.nodeSettings(nodeOrdinal)) - .put(NetworkModule.HTTP_ENABLED.getKey(), true) - .put("xpack.security.authc.realms.pki1.type", "pki") - .put("xpack.security.authc.realms.pki1.order", "0") - .build(); - } - - public void testThatTransportClientWorks() { - Client client = internalCluster().transportClient(); - assertGreenClusterState(client); - } - - public void testThatHttpWorks() throws Exception { - Response response = getRestClient().performRequest("GET", "/_nodes", - new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, - UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME, - new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))); - assertThat(response.getStatusLine().getStatusCode(), is(200)); - } -} diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapperTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapperTests.java index 0bc9cf30099..b0472bf0214 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapperTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapperTests.java @@ -6,6 +6,9 @@ package org.elasticsearch.xpack.security.authc.support; import com.unboundid.ldap.sdk.DN; +import org.apache.logging.log4j.Level; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.core.LogEvent; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger; @@ -166,7 +169,7 @@ public class DnRoleMapperTests extends ESTestCase { public void testParseFile() throws Exception { Path file = getDataPath("role_mapping.yml"); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.INFO); + Logger logger = CapturingLogger.newCapturingLogger(Level.INFO); Map> mappings = DnRoleMapper.parseFile(file, logger, "_type", "_name"); assertThat(mappings, notNullValue()); assertThat(mappings.size(), is(3)); @@ -196,18 +199,18 @@ public class DnRoleMapperTests extends ESTestCase { public void testParseFile_Empty() throws Exception { Path file = createTempDir().resolve("foo.yaml"); Files.createFile(file); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.DEBUG); + Logger logger = CapturingLogger.newCapturingLogger(Level.DEBUG); Map> mappings = DnRoleMapper.parseFile(file, logger, "_type", "_name"); assertThat(mappings, notNullValue()); assertThat(mappings.isEmpty(), is(true)); - List msgs = logger.output(CapturingLogger.Level.DEBUG); - assertThat(msgs.size(), is(1)); - assertThat(msgs.get(0).text, containsString("[0] role mappings found")); + List events = CapturingLogger.output(logger.getName(), Level.DEBUG); + assertThat(events.size(), is(1)); + assertThat(events.get(0), containsString("[0] role mappings found")); } public void testParseFile_WhenFileDoesNotExist() throws Exception { Path file = createTempDir().resolve(randomAsciiOfLength(10)); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.INFO); + Logger logger = CapturingLogger.newCapturingLogger(Level.INFO); Map> mappings = DnRoleMapper.parseFile(file, logger, "_type", "_name"); assertThat(mappings, notNullValue()); assertThat(mappings.isEmpty(), is(true)); @@ -217,7 +220,7 @@ public class DnRoleMapperTests extends ESTestCase { Path file = createTempFile(); // writing in utf_16 should cause a parsing error as we try to read the file in utf_8 Files.write(file, Collections.singletonList("aldlfkjldjdflkjd"), StandardCharsets.UTF_16); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.INFO); + Logger logger = CapturingLogger.newCapturingLogger(Level.INFO); try { DnRoleMapper.parseFile(file, logger, "_type", "_name"); fail("expected a parse failure"); @@ -230,13 +233,13 @@ public class DnRoleMapperTests extends ESTestCase { Path file = createTempFile(); // writing in utf_16 should cause a parsing error as we try to read the file in utf_8 Files.write(file, Collections.singletonList("aldlfkjldjdflkjd"), StandardCharsets.UTF_16); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.INFO); + Logger logger = CapturingLogger.newCapturingLogger(Level.INFO); Map> mappings = DnRoleMapper.parseFileLenient(file, logger, "_type", "_name"); assertThat(mappings, notNullValue()); assertThat(mappings.isEmpty(), is(true)); - List msgs = logger.output(CapturingLogger.Level.ERROR); - assertThat(msgs.size(), is(1)); - assertThat(msgs.get(0).text, containsString("failed to parse role mappings file")); + List events = CapturingLogger.output(logger.getName(), Level.ERROR); + assertThat(events.size(), is(1)); + assertThat(events.get(0), containsString("failed to parse role mappings file")); } public void testYaml() throws Exception { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/IngestAdminRoleTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/IngestAdminRoleTests.java new file mode 100644 index 00000000000..266c44f36ba --- /dev/null +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/permission/IngestAdminRoleTests.java @@ -0,0 +1,51 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.security.authz.permission; + +import org.elasticsearch.action.admin.cluster.reroute.ClusterRerouteAction; +import org.elasticsearch.action.admin.cluster.settings.ClusterUpdateSettingsAction; +import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateAction; +import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesAction; +import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateAction; +import org.elasticsearch.action.get.GetAction; +import org.elasticsearch.action.index.IndexAction; +import org.elasticsearch.action.ingest.DeletePipelineAction; +import org.elasticsearch.action.ingest.GetPipelineAction; +import org.elasticsearch.action.ingest.PutPipelineAction; +import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.transport.TransportRequest; +import org.elasticsearch.xpack.monitoring.action.MonitoringBulkAction; +import org.elasticsearch.xpack.security.authc.Authentication; + +import static org.hamcrest.Matchers.is; +import static org.mockito.Mockito.mock; + +public class IngestAdminRoleTests extends ESTestCase { + + public void testClusterPermissions() { + final TransportRequest request = new TransportRequest.Empty(); + final Authentication authentication = mock(Authentication.class); + assertThat(IngestAdminRole.INSTANCE.cluster().check(PutIndexTemplateAction.NAME, request, authentication), is(true)); + assertThat(IngestAdminRole.INSTANCE.cluster().check(GetIndexTemplatesAction.NAME, request, authentication), is(true)); + assertThat(IngestAdminRole.INSTANCE.cluster().check(DeleteIndexTemplateAction.NAME, request, authentication), is(true)); + assertThat(IngestAdminRole.INSTANCE.cluster().check(PutPipelineAction.NAME, request, authentication), is(true)); + assertThat(IngestAdminRole.INSTANCE.cluster().check(GetPipelineAction.NAME, request, authentication), is(true)); + assertThat(IngestAdminRole.INSTANCE.cluster().check(DeletePipelineAction.NAME, request, authentication), is(true)); + + + assertThat(IngestAdminRole.INSTANCE.cluster().check(ClusterRerouteAction.NAME, request, authentication), is(false)); + assertThat(IngestAdminRole.INSTANCE.cluster().check(ClusterUpdateSettingsAction.NAME, request, authentication), is(false)); + assertThat(IngestAdminRole.INSTANCE.cluster().check(MonitoringBulkAction.NAME, request, authentication), is(false)); + } + + public void testNoIndicesPermissions() { + assertThat(IngestAdminRole.INSTANCE.indices().allowedIndicesMatcher(IndexAction.NAME).test("foo"), is(false)); + assertThat(IngestAdminRole.INSTANCE.indices().allowedIndicesMatcher("indices:foo").test(randomAsciiOfLengthBetween(8, 24)), + is(false)); + assertThat(IngestAdminRole.INSTANCE.indices().allowedIndicesMatcher(GetAction.NAME).test(randomAsciiOfLengthBetween(8, 24)), + is(false)); + } +} diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java index 8968883647a..b5c754151dd 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java @@ -5,6 +5,9 @@ */ package org.elasticsearch.xpack.security.authz.store; +import org.apache.logging.log4j.Level; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.core.LogEvent; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.xpack.XPackPlugin; @@ -48,9 +51,6 @@ import static org.hamcrest.Matchers.nullValue; import static org.hamcrest.Matchers.startsWith; import static org.mockito.Mockito.mock; -/** - * - */ public class FileRolesStoreTests extends ESTestCase { public void testParseFile() throws Exception { @@ -207,7 +207,7 @@ public class FileRolesStoreTests extends ESTestCase { public void testParseFileWithFLSAndDLSDisabled() throws Exception { Path path = getDataPath("roles.yml"); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.ERROR); + Logger logger = CapturingLogger.newCapturingLogger(Level.ERROR); Map roles = FileRolesStore.parseFile(path, logger, Settings.builder() .put(XPackSettings.DLS_FLS_ENABLED.getKey(), false) .build()); @@ -217,14 +217,18 @@ public class FileRolesStoreTests extends ESTestCase { assertThat(roles.get("role_query"), nullValue()); assertThat(roles.get("role_query_fields"), nullValue()); - List entries = logger.output(CapturingLogger.Level.ERROR); - assertThat(entries, hasSize(3)); - assertThat(entries.get(0).text, startsWith("invalid role definition [role_fields] in roles file [" + path.toAbsolutePath() + - "]. document and field level security is not enabled.")); - assertThat(entries.get(1).text, startsWith("invalid role definition [role_query] in roles file [" + path.toAbsolutePath() + - "]. document and field level security is not enabled.")); - assertThat(entries.get(2).text, startsWith("invalid role definition [role_query_fields] in roles file [" + path.toAbsolutePath() + - "]. document and field level security is not enabled.")); + List events = CapturingLogger.output(logger.getName(), Level.ERROR); + assertThat(events, hasSize(3)); + assertThat( + events.get(0), + startsWith("invalid role definition [role_fields] in roles file [" + path.toAbsolutePath() + + "]. document and field level security is not enabled.")); + assertThat(events.get(1), + startsWith("invalid role definition [role_query] in roles file [" + path.toAbsolutePath() + + "]. document and field level security is not enabled.")); + assertThat(events.get(2), + startsWith("invalid role definition [role_query_fields] in roles file [" + path.toAbsolutePath() + + "]. document and field level security is not enabled.")); } /** @@ -310,7 +314,7 @@ public class FileRolesStoreTests extends ESTestCase { public void testThatInvalidRoleDefinitions() throws Exception { Path path = getDataPath("invalid_roles.yml"); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.ERROR); + Logger logger = CapturingLogger.newCapturingLogger(Level.ERROR); Map roles = FileRolesStore.parseFile(path, logger, Settings.EMPTY); assertThat(roles.size(), is(1)); assertThat(roles, hasKey("valid_role")); @@ -318,33 +322,37 @@ public class FileRolesStoreTests extends ESTestCase { assertThat(role, notNullValue()); assertThat(role.name(), equalTo("valid_role")); - List entries = logger.output(CapturingLogger.Level.ERROR); + List entries = CapturingLogger.output(logger.getName(), Level.ERROR); assertThat(entries, hasSize(6)); - assertThat(entries.get(0).text, startsWith("invalid role definition [$dlk39] in roles file [" + path.toAbsolutePath() + - "]. invalid role name")); - assertThat(entries.get(1).text, startsWith("invalid role definition [role1] in roles file [" + path.toAbsolutePath() + "]")); - assertThat(entries.get(2).text, startsWith("failed to parse role [role2]")); - assertThat(entries.get(3).text, startsWith("failed to parse role [role3]")); - assertThat(entries.get(4).text, startsWith("failed to parse role [role4]")); - assertThat(entries.get(5).text, startsWith("failed to parse indices privileges for role [role5]")); + assertThat( + entries.get(0), + startsWith("invalid role definition [$dlk39] in roles file [" + path.toAbsolutePath() + "]. invalid role name")); + assertThat( + entries.get(1), + startsWith("invalid role definition [role1] in roles file [" + path.toAbsolutePath() + "]")); + assertThat(entries.get(2), startsWith("failed to parse role [role2]")); + assertThat(entries.get(3), startsWith("failed to parse role [role3]")); + assertThat(entries.get(4), startsWith("failed to parse role [role4]")); + assertThat(entries.get(5), startsWith("failed to parse indices privileges for role [role5]")); } public void testThatRoleNamesDoesNotResolvePermissions() throws Exception { Path path = getDataPath("invalid_roles.yml"); - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.ERROR); + Logger logger = CapturingLogger.newCapturingLogger(Level.ERROR); Set roleNames = FileRolesStore.parseFileForRoleNames(path, logger); assertThat(roleNames.size(), is(6)); assertThat(roleNames, containsInAnyOrder("valid_role", "role1", "role2", "role3", "role4", "role5")); - List entries = logger.output(CapturingLogger.Level.ERROR); - assertThat(entries, hasSize(1)); - assertThat(entries.get(0).text, startsWith("invalid role definition [$dlk39] in roles file [" + path.toAbsolutePath() + - "]. invalid role name")); + List events = CapturingLogger.output(logger.getName(), Level.ERROR); + assertThat(events, hasSize(1)); + assertThat( + events.get(0), + startsWith("invalid role definition [$dlk39] in roles file [" + path.toAbsolutePath() + "]. invalid role name")); } public void testReservedRoles() throws Exception { - CapturingLogger logger = new CapturingLogger(CapturingLogger.Level.INFO); + Logger logger = CapturingLogger.newCapturingLogger(Level.INFO); Path path = getDataPath("reserved_roles.yml"); Map roles = FileRolesStore.parseFile(path, logger, Settings.EMPTY); @@ -353,14 +361,14 @@ public class FileRolesStoreTests extends ESTestCase { assertThat(roles, hasKey("admin")); - List messages = logger.output(CapturingLogger.Level.WARN); - assertThat(messages, notNullValue()); - assertThat(messages, hasSize(4)); + List events = CapturingLogger.output(logger.getName(), Level.WARN); + assertThat(events, notNullValue()); + assertThat(events, hasSize(4)); // the system role will always be checked first - assertThat(messages.get(0).text, containsString("role [_system] is reserved")); - assertThat(messages.get(1).text, containsString("role [superuser] is reserved")); - assertThat(messages.get(2).text, containsString("role [kibana] is reserved")); - assertThat(messages.get(3).text, containsString("role [transport_client] is reserved")); + assertThat(events.get(0), containsString("role [_system] is reserved")); + assertThat(events.get(1), containsString("role [superuser] is reserved")); + assertThat(events.get(2), containsString("role [kibana] is reserved")); + assertThat(events.get(3), containsString("role [transport_client] is reserved")); } public void testUsageStats() throws Exception { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStoreTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStoreTests.java index 991b500eaa2..bffce016af9 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStoreTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStoreTests.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.security.authz.store; import org.elasticsearch.xpack.security.SecurityContext; +import org.elasticsearch.xpack.security.authz.permission.IngestAdminRole; import org.elasticsearch.xpack.security.authz.permission.KibanaRole; import org.elasticsearch.xpack.security.authz.permission.KibanaUserRole; import org.elasticsearch.xpack.security.authz.permission.MonitoringUserRole; @@ -56,6 +57,9 @@ public class ReservedRolesStoreTests extends ESTestCase { assertThat(reservedRolesStore.role(KibanaUserRole.NAME), sameInstance(KibanaUserRole.INSTANCE)); assertThat(reservedRolesStore.roleDescriptor(KibanaUserRole.NAME), sameInstance(KibanaUserRole.DESCRIPTOR)); + assertThat(reservedRolesStore.role(IngestAdminRole.NAME), sameInstance(IngestAdminRole.INSTANCE)); + assertThat(reservedRolesStore.roleDescriptor(IngestAdminRole.NAME), sameInstance(IngestAdminRole.DESCRIPTOR)); + assertThat(reservedRolesStore.role(MonitoringUserRole.NAME), sameInstance(MonitoringUserRole.INSTANCE)); assertThat(reservedRolesStore.roleDescriptor(MonitoringUserRole.NAME), sameInstance(MonitoringUserRole.DESCRIPTOR)); @@ -63,7 +67,8 @@ public class ReservedRolesStoreTests extends ESTestCase { assertThat(reservedRolesStore.roleDescriptor(RemoteMonitoringAgentRole.NAME), sameInstance(RemoteMonitoringAgentRole.DESCRIPTOR)); assertThat(reservedRolesStore.roleDescriptors(), contains(SuperuserRole.DESCRIPTOR, TransportClientRole.DESCRIPTOR, - KibanaUserRole.DESCRIPTOR, MonitoringUserRole.DESCRIPTOR, RemoteMonitoringAgentRole.DESCRIPTOR)); + KibanaUserRole.DESCRIPTOR, MonitoringUserRole.DESCRIPTOR, RemoteMonitoringAgentRole.DESCRIPTOR, + IngestAdminRole.DESCRIPTOR)); assertThat(reservedRolesStore.role(KibanaRole.NAME), nullValue()); assertThat(reservedRolesStore.roleDescriptor(KibanaRole.NAME), nullValue()); @@ -82,6 +87,9 @@ public class ReservedRolesStoreTests extends ESTestCase { assertThat(reservedRolesStore.role(KibanaUserRole.NAME), sameInstance(KibanaUserRole.INSTANCE)); assertThat(reservedRolesStore.roleDescriptor(KibanaUserRole.NAME), sameInstance(KibanaUserRole.DESCRIPTOR)); + assertThat(reservedRolesStore.role(IngestAdminRole.NAME), sameInstance(IngestAdminRole.INSTANCE)); + assertThat(reservedRolesStore.roleDescriptor(IngestAdminRole.NAME), sameInstance(IngestAdminRole.DESCRIPTOR)); + assertThat(reservedRolesStore.role(KibanaRole.NAME), sameInstance(KibanaRole.INSTANCE)); assertThat(reservedRolesStore.roleDescriptor(KibanaRole.NAME), sameInstance(KibanaRole.DESCRIPTOR)); @@ -92,7 +100,8 @@ public class ReservedRolesStoreTests extends ESTestCase { assertThat(reservedRolesStore.roleDescriptor(RemoteMonitoringAgentRole.NAME), sameInstance(RemoteMonitoringAgentRole.DESCRIPTOR)); assertThat(reservedRolesStore.roleDescriptors(), contains(SuperuserRole.DESCRIPTOR, TransportClientRole.DESCRIPTOR, - KibanaUserRole.DESCRIPTOR, KibanaRole.DESCRIPTOR, MonitoringUserRole.DESCRIPTOR, RemoteMonitoringAgentRole.DESCRIPTOR)); + KibanaUserRole.DESCRIPTOR, KibanaRole.DESCRIPTOR, MonitoringUserRole.DESCRIPTOR, RemoteMonitoringAgentRole.DESCRIPTOR, + IngestAdminRole.DESCRIPTOR)); assertThat(reservedRolesStore.role(SystemUser.ROLE_NAME), nullValue()); } @@ -104,6 +113,7 @@ public class ReservedRolesStoreTests extends ESTestCase { assertThat(ReservedRolesStore.isReserved(SystemUser.ROLE_NAME), is(true)); assertThat(ReservedRolesStore.isReserved(TransportClientRole.NAME), is(true)); assertThat(ReservedRolesStore.isReserved(KibanaUserRole.NAME), is(true)); + assertThat(ReservedRolesStore.isReserved(IngestAdminRole.NAME), is(true)); assertThat(ReservedRolesStore.isReserved(RemoteMonitoringAgentRole.NAME), is(true)); assertThat(ReservedRolesStore.isReserved(MonitoringUserRole.NAME), is(true)); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java index c693add0a6a..e732ea4156e 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/rest/SecurityRestFilterTests.java @@ -17,6 +17,7 @@ import org.elasticsearch.xpack.security.authc.AuthenticationService; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.xpack.ssl.SSLService; import org.junit.Before; import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError; @@ -46,7 +47,7 @@ public class SecurityRestFilterTests extends ESTestCase { when(licenseState.isAuthAllowed()).thenReturn(true); ThreadPool threadPool = mock(ThreadPool.class); when(threadPool.getThreadContext()).thenReturn(new ThreadContext(Settings.EMPTY)); - filter = new SecurityRestFilter(authcService, restController, Settings.EMPTY, threadPool, licenseState); + filter = new SecurityRestFilter(authcService, restController, Settings.EMPTY, threadPool, licenseState, mock(SSLService.class)); verify(restController).registerFilter(filter); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterIntegrationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterIntegrationTests.java index cfc487feddf..adb1fc7ee4b 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterIntegrationTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterIntegrationTests.java @@ -19,7 +19,7 @@ import org.elasticsearch.transport.Transport; import org.elasticsearch.xpack.XPackPlugin; import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.authc.file.FileRealm; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; +import org.elasticsearch.xpack.ssl.SSLClientAuth; import org.junit.BeforeClass; import java.io.IOException; @@ -64,7 +64,7 @@ public class ServerTransportFilterIntegrationTests extends SecurityIntegTestCase if (sslTransportEnabled()) { settingsBuilder.put("transport.profiles.client.xpack.security.truststore.path", store) // settings for client truststore .put("transport.profiles.client.xpack.security.truststore.password", "testnode") - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true); + .put("xpack.ssl.client_authentication", SSLClientAuth.REQUIRED); } return settingsBuilder @@ -97,7 +97,7 @@ public class ServerTransportFilterIntegrationTests extends SecurityIntegTestCase .put("network.host", "localhost") .put("cluster.name", internalCluster().getClusterName()) .put("discovery.zen.ping.unicast.hosts", unicastHost) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), sslTransportEnabled()) + .put("xpack.security.transport.ssl.enabled", sslTransportEnabled()) .put("xpack.security.audit.enabled", false) .put("path.home", home) .put(NetworkModule.HTTP_ENABLED.getKey(), false) @@ -133,7 +133,7 @@ public class ServerTransportFilterIntegrationTests extends SecurityIntegTestCase .put(Security.USER_SETTING.getKey(), "test_user:changeme") .put("cluster.name", internalCluster().getClusterName()) .put("discovery.zen.ping.unicast.hosts", "localhost:" + randomClientPort) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), sslTransportEnabled()) + .put("xpack.security.transport.ssl.enabled", sslTransportEnabled()) .put("xpack.security.audit.enabled", false) .put(NetworkModule.HTTP_ENABLED.getKey(), false) .put("discovery.initial_state_timeout", "2s") diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/TransportFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/TransportFilterTests.java index 1697eda141f..6315f743abf 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/TransportFilterTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/TransportFilterTests.java @@ -33,6 +33,7 @@ import org.elasticsearch.transport.TransportResponseHandler; import org.elasticsearch.transport.TransportService; import org.elasticsearch.transport.TransportSettings; import org.elasticsearch.xpack.security.user.SystemUser; +import org.elasticsearch.xpack.ssl.SSLService; import org.mockito.InOrder; import java.io.IOException; @@ -287,7 +288,8 @@ public class TransportFilterTests extends ESIntegTestCase { public InternalPluginServerTransportService(Settings settings, Transport transport, ThreadPool threadPool, AuthenticationService authcService, AuthorizationService authzService, SecurityActionMapper actionMapper) { - super(settings, transport, threadPool, authcService, authzService, actionMapper, mock(XPackLicenseState.class)); + super(settings, transport, threadPool, authcService, authzService, actionMapper, mock(XPackLicenseState.class), + mock(SSLService.class)); when(licenseState.isAuthAllowed()).thenReturn(true); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPHostnameVerificationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPHostnameVerificationTests.java index 91333bf42c4..1d72b5d800d 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPHostnameVerificationTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPHostnameVerificationTests.java @@ -9,6 +9,7 @@ import org.elasticsearch.client.Client; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.transport.TransportSettings; +import org.elasticsearch.xpack.ssl.SSLClientAuth; import java.nio.file.Files; import java.nio.file.Path; @@ -16,6 +17,7 @@ import java.util.Map.Entry; import static org.hamcrest.CoreMatchers.is; +// TODO delete this test? public class IPHostnameVerificationTests extends SecurityIntegTestCase { Path keystore; @@ -29,7 +31,7 @@ public class IPHostnameVerificationTests extends SecurityIntegTestCase { Settings settings = super.nodeSettings(nodeOrdinal); Settings.Builder builder = Settings.builder(); for (Entry entry : settings.getAsMap().entrySet()) { - if (entry.getKey().startsWith("xpack.security.ssl.") == false) { + if (entry.getKey().startsWith("xpack.ssl.") == false) { builder.put(entry.getKey(), entry.getValue()); } } @@ -54,15 +56,14 @@ public class IPHostnameVerificationTests extends SecurityIntegTestCase { throw new RuntimeException(e); } - return settingsBuilder.put("xpack.security.ssl.keystore.path", keystore.toAbsolutePath()) // settings for client truststore - .put("xpack.security.ssl.keystore.password", "testnode-ip-only") - .put("xpack.security.ssl.truststore.path", keystore.toAbsolutePath()) // settings for client truststore - .put("xpack.security.ssl.truststore.password", "testnode-ip-only") + return settingsBuilder.put("xpack.ssl.keystore.path", keystore.toAbsolutePath()) // settings for client truststore + .put("xpack.ssl.keystore.password", "testnode-ip-only") + .put("xpack.ssl.truststore.path", keystore.toAbsolutePath()) // settings for client truststore + .put("xpack.ssl.truststore.password", "testnode-ip-only") .put(TransportSettings.BIND_HOST.getKey(), "127.0.0.1") .put("network.host", "127.0.0.1") - .put("xpack.security.ssl.client.auth", "false") - .put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), true) - .put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), false) + .put("xpack.ssl.client_authentication", SSLClientAuth.NONE) + .put("xpack.ssl.verification_mode", "full") .build(); } @@ -71,19 +72,18 @@ public class IPHostnameVerificationTests extends SecurityIntegTestCase { Settings clientSettings = super.transportClientSettings(); Settings.Builder builder = Settings.builder(); for (Entry entry : clientSettings.getAsMap().entrySet()) { - if (entry.getKey().startsWith("xpack.security.ssl.") == false) { + if (entry.getKey().startsWith("xpack.ssl.") == false) { builder.put(entry.getKey(), entry.getValue()); } } clientSettings = builder.build(); return Settings.builder().put(clientSettings) - .put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), true) - .put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), false) - .put("xpack.security.ssl.keystore.path", keystore.toAbsolutePath()) - .put("xpack.security.ssl.keystore.password", "testnode-ip-only") - .put("xpack.security.ssl.truststore.path", keystore.toAbsolutePath()) - .put("xpack.security.ssl.truststore.password", "testnode-ip-only") + .put("xpack.ssl.verification_mode", "certificate") + .put("xpack.ssl.keystore.path", keystore.toAbsolutePath()) + .put("xpack.ssl.keystore.password", "testnode-ip-only") + .put("xpack.ssl.truststore.path", keystore.toAbsolutePath()) + .put("xpack.ssl.truststore.password", "testnode-ip-only") .build(); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/Netty3HandshakeWaitingHandlerTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/Netty3HandshakeWaitingHandlerTests.java index 96d05ffc8d2..a097117ea98 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/Netty3HandshakeWaitingHandlerTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/Netty3HandshakeWaitingHandlerTests.java @@ -9,7 +9,7 @@ import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.xpack.security.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLService; import org.jboss.netty.bootstrap.ClientBootstrap; import org.jboss.netty.bootstrap.ServerBootstrap; import org.jboss.netty.buffer.ChannelBuffer; @@ -69,9 +69,9 @@ public class Netty3HandshakeWaitingHandlerTests extends ESTestCase { iterations = randomIntBetween(10, 100); Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", + .put("xpack.ssl.keystore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks")) - .put("xpack.security.ssl.keystore.password", "testnode") + .put("xpack.ssl.keystore.password", "testnode") .build(); Environment env = new Environment(Settings.builder().put("path.home", createTempDir()).build()); sslService = new SSLService(settings, env); @@ -100,7 +100,7 @@ public class Netty3HandshakeWaitingHandlerTests extends ESTestCase { clientBootstrap.setPipelineFactory(new ChannelPipelineFactory() { @Override public ChannelPipeline getPipeline() throws Exception { - final SSLEngine engine = sslService.createSSLEngine(Settings.EMPTY); + final SSLEngine engine = sslService.createSSLEngine(Settings.EMPTY, Settings.EMPTY); engine.setUseClientMode(true); return Channels.pipeline( new SslHandler(engine)); @@ -137,7 +137,7 @@ public class Netty3HandshakeWaitingHandlerTests extends ESTestCase { @Override public ChannelPipeline getPipeline() throws Exception { - final SSLEngine engine = sslService.createSSLEngine(Settings.EMPTY); + final SSLEngine engine = sslService.createSSLEngine(Settings.EMPTY, Settings.EMPTY); engine.setUseClientMode(true); return Channels.pipeline( new SslHandler(engine), @@ -208,7 +208,7 @@ public class Netty3HandshakeWaitingHandlerTests extends ESTestCase { return new ChannelPipelineFactory() { @Override public ChannelPipeline getPipeline() throws Exception { - final SSLEngine sslEngine = sslService.createSSLEngine(Settings.EMPTY); + final SSLEngine sslEngine = sslService.createSSLEngine(Settings.EMPTY, Settings.EMPTY); sslEngine.setUseClientMode(false); return Channels.pipeline(new SslHandler(sslEngine), new SimpleChannelHandler() { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransportTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransportTests.java index f5d08ddbb3f..d338e36a9fd 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransportTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransportTests.java @@ -11,8 +11,8 @@ import org.elasticsearch.common.util.BigArrays; import org.elasticsearch.env.Environment; import org.elasticsearch.http.HttpTransportSettings; import org.elasticsearch.http.netty3.Netty3HttpMockUtil; -import org.elasticsearch.xpack.security.ssl.SSLService; -import org.elasticsearch.xpack.security.transport.SSLClientAuth; +import org.elasticsearch.xpack.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLClientAuth; import org.elasticsearch.xpack.security.transport.filter.IPFilter; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; @@ -40,8 +40,8 @@ public class SecurityNetty3HttpServerTransportTests extends ESTestCase { public void createSSLService() throws Exception { Path testnodeStore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"); Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") + .put("xpack.ssl.keystore.path", testnodeStore) + .put("xpack.ssl.keystore.password", "testnode") .put("path.home", createTempDir()) .build(); env = new Environment(settings); @@ -49,7 +49,10 @@ public class SecurityNetty3HttpServerTransportTests extends ESTestCase { } public void testDefaultClientAuth() throws Exception { - Settings settings = Settings.builder().put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true).build(); + Settings settings = Settings.builder() + .put(env.settings()) + .put("xpack.security.http.ssl.enabled", true).build(); + sslService = new SSLService(settings, env); SecurityNetty3HttpServerTransport transport = new SecurityNetty3HttpServerTransport(settings, mock(NetworkService.class), mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class)); Netty3HttpMockUtil.setOpenChannelsHandlerToMock(transport); @@ -61,8 +64,10 @@ public class SecurityNetty3HttpServerTransportTests extends ESTestCase { public void testOptionalClientAuth() throws Exception { String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT)); Settings settings = Settings.builder() - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true) - .put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build(); + .put(env.settings()) + .put("xpack.security.http.ssl.enabled", true) + .put("xpack.security.http.ssl.client_authentication", value).build(); + sslService = new SSLService(settings, env); SecurityNetty3HttpServerTransport transport = new SecurityNetty3HttpServerTransport(settings, mock(NetworkService.class), mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class)); Netty3HttpMockUtil.setOpenChannelsHandlerToMock(transport); @@ -72,10 +77,11 @@ public class SecurityNetty3HttpServerTransportTests extends ESTestCase { } public void testRequiredClientAuth() throws Exception { - String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true", "TRUE"); Settings settings = Settings.builder() - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true) - .put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build(); + .put(env.settings()) + .put("xpack.security.http.ssl.enabled", true) + .put("xpack.security.http.ssl.client_authentication", SSLClientAuth.REQUIRED).build(); + sslService = new SSLService(settings, env); SecurityNetty3HttpServerTransport transport = new SecurityNetty3HttpServerTransport(settings, mock(NetworkService.class), mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class)); Netty3HttpMockUtil.setOpenChannelsHandlerToMock(transport); @@ -85,10 +91,11 @@ public class SecurityNetty3HttpServerTransportTests extends ESTestCase { } public void testNoClientAuth() throws Exception { - String value = randomFrom(SSLClientAuth.NO.name(), SSLClientAuth.NO.name().toLowerCase(Locale.ROOT), "false", "FALSE"); Settings settings = Settings.builder() - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true) - .put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build(); + .put(env.settings()) + .put("xpack.security.http.ssl.enabled", true) + .put("xpack.security.http.ssl.client_authentication", SSLClientAuth.NONE).build(); + sslService = new SSLService(settings, env); SecurityNetty3HttpServerTransport transport = new SecurityNetty3HttpServerTransport(settings, mock(NetworkService.class), mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class)); Netty3HttpMockUtil.setOpenChannelsHandlerToMock(transport); @@ -99,7 +106,9 @@ public class SecurityNetty3HttpServerTransportTests extends ESTestCase { public void testCustomSSLConfiguration() throws Exception { Settings settings = Settings.builder() - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true).build(); + .put(env.settings()) + .put("xpack.security.http.ssl.enabled", true).build(); + sslService = new SSLService(settings, env); SecurityNetty3HttpServerTransport transport = new SecurityNetty3HttpServerTransport(settings, mock(NetworkService.class), mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class)); Netty3HttpMockUtil.setOpenChannelsHandlerToMock(transport); @@ -108,7 +117,7 @@ public class SecurityNetty3HttpServerTransportTests extends ESTestCase { settings = Settings.builder() .put(env.settings()) - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true) + .put("xpack.security.http.ssl.enabled", true) .put("xpack.security.http.ssl.supported_protocols", "TLSv1.2") .build(); sslService = new SSLService(settings, new Environment(settings)); @@ -123,7 +132,7 @@ public class SecurityNetty3HttpServerTransportTests extends ESTestCase { public void testDisablesCompressionByDefaultForSsl() throws Exception { Settings settings = Settings.builder() - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true).build(); + .put("xpack.security.http.ssl.enabled", true).build(); Settings.Builder pluginSettingsBuilder = Settings.builder(); SecurityNetty3HttpServerTransport.overrideSettings(pluginSettingsBuilder, settings); @@ -132,7 +141,7 @@ public class SecurityNetty3HttpServerTransportTests extends ESTestCase { public void testLeavesCompressionOnIfNotSsl() throws Exception { Settings settings = Settings.builder() - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), false).build(); + .put("xpack.security.http.ssl.enabled", false).build(); Settings.Builder pluginSettingsBuilder = Settings.builder(); SecurityNetty3HttpServerTransport.overrideSettings(pluginSettingsBuilder, settings); assertThat(pluginSettingsBuilder.build().isEmpty(), is(true)); @@ -140,7 +149,7 @@ public class SecurityNetty3HttpServerTransportTests extends ESTestCase { public void testDoesNotChangeExplicitlySetCompression() throws Exception { Settings settings = Settings.builder() - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true) + .put("xpack.security.http.ssl.enabled", true) .put(HttpTransportSettings.SETTING_HTTP_COMPRESSION.getKey(), true) .build(); @@ -151,10 +160,10 @@ public class SecurityNetty3HttpServerTransportTests extends ESTestCase { public void testThatExceptionIsThrownWhenConfiguredWithoutSslKey() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", + .put("xpack.ssl.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks")) - .put("xpack.security.ssl.truststore.password", "testnode") - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true) + .put("xpack.ssl.truststore.password", "testnode") + .put("xpack.security.http.ssl.enabled", true) .put("path.home", createTempDir()) .build(); env = new Environment(settings); @@ -167,9 +176,9 @@ public class SecurityNetty3HttpServerTransportTests extends ESTestCase { public void testNoExceptionWhenConfiguredWithoutSslKeySSLDisabled() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", + .put("xpack.ssl.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks")) - .put("xpack.security.ssl.truststore.password", "testnode") + .put("xpack.ssl.truststore.password", "testnode") .put("path.home", createTempDir()) .build(); env = new Environment(settings); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3TransportTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3TransportTests.java index 81e4de857df..b3286ecad3e 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3TransportTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3TransportTests.java @@ -11,8 +11,9 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.BigArrays; import org.elasticsearch.env.Environment; import org.elasticsearch.indices.breaker.CircuitBreakerService; -import org.elasticsearch.xpack.security.ssl.SSLService; -import org.elasticsearch.xpack.security.transport.SSLClientAuth; +import org.elasticsearch.xpack.XPackSettings; +import org.elasticsearch.xpack.ssl.SSLService; +import org.elasticsearch.xpack.ssl.SSLClientAuth; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.netty3.Netty3MockUtil; @@ -20,6 +21,7 @@ import org.jboss.netty.channel.ChannelPipelineFactory; import org.jboss.netty.handler.ssl.SslHandler; import org.junit.Before; +import javax.net.ssl.SSLEngine; import java.nio.file.Path; import java.util.Locale; @@ -38,37 +40,38 @@ public class SecurityNetty3TransportTests extends ESTestCase { public void createSSLService() throws Exception { Path testnodeStore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"); Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") + .put("path.home", createTempDir()) + .put("xpack.ssl.keystore.path", testnodeStore) + .put("xpack.ssl.keystore.password", "testnode") .build(); - env = new Environment(Settings.builder().put("path.home", createTempDir()).build()); + env = new Environment(settings); sslService = new SSLService(settings, env); } public void testThatSSLCanBeDisabledByProfile() throws Exception { - Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), true).build(); + Settings settings = Settings.builder().put("xpack.security.transport.ssl.enabled", true).build(); SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), null, sslService, mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class)); Netty3MockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", - Settings.builder().put("xpack.security.ssl", false).build()); + Settings.builder().put("xpack.security.ssl.enabled", false).build()); assertThat(factory.getPipeline().get(SslHandler.class), nullValue()); } public void testThatSSLCanBeEnabledByProfile() throws Exception { - Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), false).build(); + Settings settings = Settings.builder().put("xpack.security.transport.ssl.enabled", false).build(); SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), null, sslService, mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class)); Netty3MockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", - Settings.builder().put("xpack.security.ssl", true).build()); + Settings.builder().put("xpack.security.ssl.enabled", true).build()); assertThat(factory.getPipeline().get(SslHandler.class), notNullValue()); } public void testThatProfileTakesDefaultSSLSetting() throws Exception { - Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), true).build(); + Settings settings = Settings.builder().put("xpack.security.transport.ssl.enabled", true).build(); SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), null, sslService, mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class)); @@ -78,7 +81,7 @@ public class SecurityNetty3TransportTests extends ESTestCase { } public void testDefaultClientAuth() throws Exception { - Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), true).build(); + Settings settings = Settings.builder().put("xpack.security.transport.ssl.enabled", true).build(); SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), null, sslService, mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class)); @@ -89,10 +92,13 @@ public class SecurityNetty3TransportTests extends ESTestCase { } public void testRequiredClientAuth() throws Exception { - String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true"); + String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT)); Settings settings = Settings.builder() - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) - .put(SecurityNetty3Transport.CLIENT_AUTH_SETTING.getKey(), value).build(); + .put(env.settings()) + .put("xpack.security.transport.ssl.enabled", true) + .put("xpack.ssl.client_authentication", value) + .build(); + sslService = new SSLService(settings, env); SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), null, sslService, mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class)); @@ -103,10 +109,12 @@ public class SecurityNetty3TransportTests extends ESTestCase { } public void testNoClientAuth() throws Exception { - String value = randomFrom(SSLClientAuth.NO.name(), "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT)); + String value = randomFrom(SSLClientAuth.NONE.name(), SSLClientAuth.NONE.name().toLowerCase(Locale.ROOT)); Settings settings = Settings.builder() - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) - .put(SecurityNetty3Transport.CLIENT_AUTH_SETTING.getKey(), value).build(); + .put(env.settings()) + .put("xpack.security.transport.ssl.enabled", true) + .put("xpack.ssl.client_authentication", value).build(); + sslService = new SSLService(settings, env); SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), null, sslService, mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class)); @@ -119,8 +127,10 @@ public class SecurityNetty3TransportTests extends ESTestCase { public void testOptionalClientAuth() throws Exception { String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT)); Settings settings = Settings.builder() - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) - .put(SecurityNetty3Transport.CLIENT_AUTH_SETTING.getKey(), value).build(); + .put(env.settings()) + .put("xpack.security.transport.ssl.enabled", true) + .put("xpack.ssl.client_authentication", value).build(); + sslService = new SSLService(settings, env); SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), null, sslService, mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class)); @@ -131,50 +141,65 @@ public class SecurityNetty3TransportTests extends ESTestCase { } public void testProfileRequiredClientAuth() throws Exception { - String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true", "TRUE"); - Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), true).build(); + String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT)); + Settings settings = Settings.builder() + .put(env.settings()) + .put("xpack.security.transport.ssl.enabled", true) + .put("transport.profiles.client.xpack.security.ssl.client_authentication", value) + .build(); + sslService = new SSLService(settings, env); SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), null, sslService, mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class)); Netty3MockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", - Settings.builder().put(SecurityNetty3Transport.PROFILE_CLIENT_AUTH_SETTING, value).build()); + Settings.builder().put("xpack.security.ssl.client_authentication", value).build()); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true)); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(false)); } public void testProfileNoClientAuth() throws Exception { - String value = randomFrom(SSLClientAuth.NO.name(), "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT)); - Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), true).build(); + String value = randomFrom(SSLClientAuth.NONE.name(), SSLClientAuth.NONE.name().toLowerCase(Locale.ROOT)); + Settings settings = Settings.builder() + .put(env.settings()) + .put("xpack.security.transport.ssl.enabled", true) + .put("transport.profiles.client.xpack.security.ssl.client_authentication", value) + .build(); + sslService = new SSLService(settings, env); SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), null, sslService, mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class)); Netty3MockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", - Settings.builder().put(SecurityNetty3Transport.PROFILE_CLIENT_AUTH_SETTING.getKey(), value).build()); + Settings.builder().put("xpack.security.ssl.client_authentication", value).build()); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false)); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(false)); } public void testProfileOptionalClientAuth() throws Exception { String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT)); - Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), true).build(); + Settings settings = Settings.builder() + .put(env.settings()) + .put("xpack.security.transport.ssl.enabled", true) + .put("transport.profiles.client.xpack.security.ssl.client_authentication", value) + .build(); + sslService = new SSLService(settings, env); SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class), mock(BigArrays.class), null, sslService, mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class)); Netty3MockUtil.setOpenChannelsHandlerToMock(transport); ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", - Settings.builder().put(SecurityNetty3Transport.PROFILE_CLIENT_AUTH_SETTING.getKey(), value).build()); + Settings.builder().put("xpack.security.ssl.client_authentication", value).build()); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false)); assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(true)); } public void testThatExceptionIsThrownWhenConfiguredWithoutSslKey() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", + .put("xpack.ssl.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks")) - .put("xpack.security.ssl.truststore.password", "testnode") - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) + .put("xpack.ssl.truststore.password", "testnode") + .put(XPackSettings.TRANSPORT_SSL_ENABLED.getKey(), true) .put("path.home", createTempDir()) .build(); env = new Environment(settings); @@ -189,10 +214,10 @@ public class SecurityNetty3TransportTests extends ESTestCase { public void testNoExceptionWhenConfiguredWithoutSslKeySSLDisabled() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", + .put("xpack.ssl.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks")) - .put("xpack.security.ssl.truststore.password", "testnode") - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), false) + .put("xpack.ssl.truststore.password", "testnode") + .put(XPackSettings.TRANSPORT_SSL_ENABLED.getKey(), false) .put("path.home", createTempDir()) .build(); env = new Environment(settings); @@ -202,4 +227,36 @@ public class SecurityNetty3TransportTests extends ESTestCase { mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class)); assertNotNull(transport.configureServerChannelPipelineFactory(randomAsciiOfLength(6), Settings.EMPTY)); } + + public void testTransportSSLOverridesGlobalSSL() throws Exception { + final boolean useGlobalKeystoreWithoutKey = randomBoolean(); + Settings.Builder builder = Settings.builder() + .put("xpack.security.transport.ssl.keystore.path", + getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks")) + .put("xpack.security.transport.ssl.keystore.password", "testnode") + .put("xpack.security.transport.ssl.client_authentication", "none") + .put(XPackSettings.TRANSPORT_SSL_ENABLED.getKey(), true) + .put("path.home", createTempDir()); + if (useGlobalKeystoreWithoutKey) { + builder.put("xpack.ssl.keystore.path", + getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks")) + .put("xpack.ssl.keystore.password", "truststore-testnode-only"); + } + Settings settings = builder.build(); + env = new Environment(settings); + sslService = new SSLService(settings, env); + SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), + mock(NetworkService.class), mock(BigArrays.class), null, sslService, + mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class)); + Netty3MockUtil.setOpenChannelsHandlerToMock(transport); + ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("default", Settings.EMPTY); + final SSLEngine engine = factory.getPipeline().get(SslHandler.class).getEngine(); + assertFalse(engine.getNeedClientAuth()); + assertFalse(engine.getWantClientAuth()); + + // get the global and verify that it is different in that it requires client auth + final SSLEngine globalEngine = sslService.createSSLEngine(Settings.EMPTY, Settings.EMPTY); + assertTrue(globalEngine.getNeedClientAuth()); + assertFalse(globalEngine.getWantClientAuth()); + } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SslHostnameVerificationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SslHostnameVerificationTests.java index a5fcfbfae36..ffa3c34b33b 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SslHostnameVerificationTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SslHostnameVerificationTests.java @@ -37,7 +37,7 @@ public class SslHostnameVerificationTests extends SecurityIntegTestCase { Settings settings = super.nodeSettings(nodeOrdinal); Settings.Builder settingsBuilder = Settings.builder(); for (Entry entry : settings.getAsMap().entrySet()) { - if (entry.getKey().startsWith("xpack.security.ssl.") == false) { + if (entry.getKey().startsWith("xpack.ssl.") == false) { settingsBuilder.put(entry.getKey(), entry.getValue()); } } @@ -54,12 +54,12 @@ public class SslHostnameVerificationTests extends SecurityIntegTestCase { throw new RuntimeException(e); } - return settingsBuilder.put("xpack.security.ssl.keystore.path", keystore.toAbsolutePath()) - .put("xpack.security.ssl.keystore.password", "testnode-no-subjaltname") - .put("xpack.security.ssl.truststore.path", keystore.toAbsolutePath()) - .put("xpack.security.ssl.truststore.password", "testnode-no-subjaltname") - // disable hostname verification as this test uses non-localhost addresses - .put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), false) + return settingsBuilder.put("xpack.ssl.keystore.path", keystore.toAbsolutePath()) + .put("xpack.ssl.keystore.password", "testnode-no-subjaltname") + .put("xpack.ssl.truststore.path", keystore.toAbsolutePath()) + .put("xpack.ssl.truststore.password", "testnode-no-subjaltname") + // disable hostname verification as this test uses certs without a valid SAN or DNS in the CN + .put("xpack.ssl.verification_mode", "certificate") .build(); } @@ -72,19 +72,19 @@ public class SslHostnameVerificationTests extends SecurityIntegTestCase { Settings.Builder builder = Settings.builder(); for (Entry entry : settings.getAsMap().entrySet()) { String key = entry.getKey(); - if (key.startsWith(Security.setting("ssl.")) == false) { + if (key.startsWith("xpack.ssl.") == false) { builder.put(key, entry.getValue()); } } - builder.put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), false) - .put("xpack.security.ssl.keystore.path", keystore.toAbsolutePath()) // settings for client keystore - .put("xpack.security.ssl.keystore.password", "testnode-no-subjaltname"); + builder.put("xpack.ssl.verification_mode", "certificate") + .put("xpack.ssl.keystore.path", keystore.toAbsolutePath()) // settings for client keystore + .put("xpack.ssl.keystore.password", "testnode-no-subjaltname"); if (randomBoolean()) { // randomly set the truststore, if not set the keystore should be used - builder.put("xpack.security.ssl.truststore.path", keystore.toAbsolutePath()) - .put("xpack.security.ssl.truststore.password", "testnode-no-subjaltname"); + builder.put("xpack.ssl.truststore.path", keystore.toAbsolutePath()) + .put("xpack.ssl.truststore.password", "testnode-no-subjaltname"); } return builder.build(); } @@ -96,7 +96,7 @@ public class SslHostnameVerificationTests extends SecurityIntegTestCase { InetSocketAddress inetSocketAddress = ((InetSocketTransportAddress) transportAddress).address(); Settings settings = Settings.builder().put(transportClientSettings()) - .put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), true) + .put("xpack.ssl.verification_mode", "full") .build(); try (TransportClient client = new XPackTransportClient(settings)) { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4HttpServerTransportTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4HttpServerTransportTests.java index 3b81dcf2d1c..1a1c1cda354 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4HttpServerTransportTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4HttpServerTransportTests.java @@ -16,8 +16,9 @@ import org.elasticsearch.http.HttpTransportSettings; import org.elasticsearch.http.netty4.Netty4HttpMockUtil; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.xpack.security.ssl.SSLService; -import org.elasticsearch.xpack.security.transport.SSLClientAuth; +import org.elasticsearch.xpack.XPackSettings; +import org.elasticsearch.xpack.ssl.SSLClientAuth; +import org.elasticsearch.xpack.ssl.SSLService; import org.elasticsearch.xpack.security.transport.filter.IPFilter; import org.junit.Before; @@ -42,8 +43,8 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase { public void createSSLService() throws Exception { Path testNodeStore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"); Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testNodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") + .put("xpack.ssl.keystore.path", testNodeStore) + .put("xpack.ssl.keystore.password", "testnode") .put("path.home", createTempDir()) .build(); env = new Environment(settings); @@ -51,7 +52,10 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase { } public void testDefaultClientAuth() throws Exception { - Settings settings = Settings.builder().put(SecurityNetty4HttpServerTransport.SSL_SETTING.getKey(), true).build(); + Settings settings = Settings.builder() + .put(env.settings()) + .put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true).build(); + sslService = new SSLService(settings, env); SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class), mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class)); Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport); @@ -64,8 +68,10 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase { public void testOptionalClientAuth() throws Exception { String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT)); Settings settings = Settings.builder() - .put(SecurityNetty4HttpServerTransport.SSL_SETTING.getKey(), true) - .put(SecurityNetty4HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build(); + .put(env.settings()) + .put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true) + .put("xpack.security.http.ssl.client_authentication", value).build(); + sslService = new SSLService(settings, env); SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class), mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class)); Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport); @@ -76,10 +82,12 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase { } public void testRequiredClientAuth() throws Exception { - String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true", "TRUE"); + String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT)); Settings settings = Settings.builder() - .put(SecurityNetty4HttpServerTransport.SSL_SETTING.getKey(), true) - .put(SecurityNetty4HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build(); + .put(env.settings()) + .put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true) + .put("xpack.security.http.ssl.client_authentication", value).build(); + sslService = new SSLService(settings, env); SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class), mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class)); Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport); @@ -90,10 +98,12 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase { } public void testNoClientAuth() throws Exception { - String value = randomFrom(SSLClientAuth.NO.name(), SSLClientAuth.NO.name().toLowerCase(Locale.ROOT), "false", "FALSE"); + String value = randomFrom(SSLClientAuth.NONE.name(), SSLClientAuth.NONE.name().toLowerCase(Locale.ROOT)); Settings settings = Settings.builder() - .put(SecurityNetty4HttpServerTransport.SSL_SETTING.getKey(), true) - .put(SecurityNetty4HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build(); + .put(env.settings()) + .put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true) + .put("xpack.security.http.ssl.client_authentication", value).build(); + sslService = new SSLService(settings, env); SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class), mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class)); Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport); @@ -105,7 +115,9 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase { public void testCustomSSLConfiguration() throws Exception { Settings settings = Settings.builder() - .put(SecurityNetty4HttpServerTransport.SSL_SETTING.getKey(), true).build(); + .put(env.settings()) + .put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true).build(); + sslService = new SSLService(settings, env); SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class), mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class)); Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport); @@ -115,7 +127,7 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase { settings = Settings.builder() .put(env.settings()) - .put(SecurityNetty4HttpServerTransport.SSL_SETTING.getKey(), true) + .put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true) .put("xpack.security.http.ssl.supported_protocols", "TLSv1.2") .build(); sslService = new SSLService(settings, new Environment(settings)); @@ -131,7 +143,7 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase { public void testDisablesCompressionByDefaultForSsl() throws Exception { Settings settings = Settings.builder() - .put(SecurityNetty4HttpServerTransport.SSL_SETTING.getKey(), true).build(); + .put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true).build(); Settings.Builder pluginSettingsBuilder = Settings.builder(); SecurityNetty4HttpServerTransport.overrideSettings(pluginSettingsBuilder, settings); @@ -140,7 +152,7 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase { public void testLeavesCompressionOnIfNotSsl() throws Exception { Settings settings = Settings.builder() - .put(SecurityNetty4HttpServerTransport.SSL_SETTING.getKey(), false).build(); + .put(XPackSettings.HTTP_SSL_ENABLED.getKey(), false).build(); Settings.Builder pluginSettingsBuilder = Settings.builder(); SecurityNetty4HttpServerTransport.overrideSettings(pluginSettingsBuilder, settings); assertThat(pluginSettingsBuilder.build().isEmpty(), is(true)); @@ -148,7 +160,7 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase { public void testDoesNotChangeExplicitlySetCompression() throws Exception { Settings settings = Settings.builder() - .put(SecurityNetty4HttpServerTransport.SSL_SETTING.getKey(), true) + .put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true) .put(HttpTransportSettings.SETTING_HTTP_COMPRESSION.getKey(), true) .build(); @@ -159,10 +171,10 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase { public void testThatExceptionIsThrownWhenConfiguredWithoutSslKey() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", + .put("xpack.ssl.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks")) - .put("xpack.security.ssl.truststore.password", "testnode") - .put(SecurityNetty4HttpServerTransport.SSL_SETTING.getKey(), true) + .put("xpack.ssl.truststore.password", "testnode") + .put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true) .put("path.home", createTempDir()) .build(); env = new Environment(settings); @@ -175,9 +187,9 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase { public void testNoExceptionWhenConfiguredWithoutSslKeySSLDisabled() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", + .put("xpack.ssl.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks")) - .put("xpack.security.ssl.truststore.password", "testnode") + .put("xpack.ssl.truststore.password", "testnode") .put("path.home", createTempDir()) .build(); env = new Environment(settings); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4TransportTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4TransportTests.java index bbdb87e180a..94a520b1512 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4TransportTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4TransportTests.java @@ -17,10 +17,12 @@ import org.elasticsearch.indices.breaker.CircuitBreakerService; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.netty4.Netty4MockUtil; -import org.elasticsearch.xpack.security.ssl.SSLService; -import org.elasticsearch.xpack.security.transport.SSLClientAuth; +import org.elasticsearch.xpack.XPackSettings; +import org.elasticsearch.xpack.ssl.SSLClientAuth; +import org.elasticsearch.xpack.ssl.SSLService; import org.junit.Before; +import javax.net.ssl.SSLEngine; import java.nio.file.Path; import java.util.Locale; @@ -39,8 +41,8 @@ public class SecurityNetty4TransportTests extends ESTestCase { public void createSSLService() throws Exception { Path testnodeStore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"); Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") + .put("xpack.ssl.keystore.path", testnodeStore) + .put("xpack.ssl.keystore.password", "testnode") .put("path.home", createTempDir()) .build(); env = new Environment(settings); @@ -54,7 +56,7 @@ public class SecurityNetty4TransportTests extends ESTestCase { private SecurityNetty4Transport createTransport(boolean sslEnabled, Settings additionalSettings) { final Settings settings = Settings.builder() - .put(SecurityNetty4Transport.SSL_SETTING.getKey(), sslEnabled) + .put(XPackSettings.TRANSPORT_SSL_ENABLED.getKey(), sslEnabled) .put(additionalSettings) .build(); return new SecurityNetty4Transport( @@ -72,7 +74,7 @@ public class SecurityNetty4TransportTests extends ESTestCase { SecurityNetty4Transport transport = createTransport(true); Netty4MockUtil.setOpenChannelsHandlerToMock(transport); ChannelHandler handler = transport.getServerChannelInitializer("client", - Settings.builder().put("xpack.security.ssl", false).build()); + Settings.builder().put("xpack.security.ssl.enabled", false).build()); final EmbeddedChannel ch = new EmbeddedChannel(handler); assertThat(ch.pipeline().get(SslHandler.class), nullValue()); } @@ -81,7 +83,7 @@ public class SecurityNetty4TransportTests extends ESTestCase { SecurityNetty4Transport transport = createTransport(false); Netty4MockUtil.setOpenChannelsHandlerToMock(transport); ChannelHandler handler = transport.getServerChannelInitializer("client", - Settings.builder().put("xpack.security.ssl", true).build()); + Settings.builder().put("xpack.security.ssl.enabled", true).build()); final EmbeddedChannel ch = new EmbeddedChannel(handler); assertThat(ch.pipeline().get(SslHandler.class), notNullValue()); } @@ -104,9 +106,13 @@ public class SecurityNetty4TransportTests extends ESTestCase { } public void testRequiredClientAuth() throws Exception { - String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true"); - SecurityNetty4Transport transport = - createTransport(true, Settings.builder().put(SecurityNetty4Transport.CLIENT_AUTH_SETTING.getKey(), value).build()); + String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT)); + Settings settings = Settings.builder() + .put(env.settings()) + .put("xpack.ssl.client_authentication", value) + .build(); + sslService = new SSLService(settings, env); + SecurityNetty4Transport transport = createTransport(true, settings); Netty4MockUtil.setOpenChannelsHandlerToMock(transport); ChannelHandler handler = transport.getServerChannelInitializer("client", Settings.EMPTY); final EmbeddedChannel ch = new EmbeddedChannel(handler); @@ -115,9 +121,13 @@ public class SecurityNetty4TransportTests extends ESTestCase { } public void testNoClientAuth() throws Exception { - String value = randomFrom(SSLClientAuth.NO.name(), "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT)); - SecurityNetty4Transport transport = - createTransport(true, Settings.builder().put(SecurityNetty4Transport.CLIENT_AUTH_SETTING.getKey(), value).build()); + String value = randomFrom(SSLClientAuth.NONE.name(), SSLClientAuth.NONE.name().toLowerCase(Locale.ROOT)); + Settings settings = Settings.builder() + .put(env.settings()) + .put("xpack.ssl.client_authentication", value) + .build(); + sslService = new SSLService(settings, env); + SecurityNetty4Transport transport = createTransport(true, settings); Netty4MockUtil.setOpenChannelsHandlerToMock(transport); ChannelHandler handler = transport.getServerChannelInitializer("client", Settings.EMPTY); final EmbeddedChannel ch = new EmbeddedChannel(handler); @@ -127,8 +137,12 @@ public class SecurityNetty4TransportTests extends ESTestCase { public void testOptionalClientAuth() throws Exception { String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT)); - SecurityNetty4Transport transport = - createTransport(true, Settings.builder().put(SecurityNetty4Transport.CLIENT_AUTH_SETTING.getKey(), value).build()); + Settings settings = Settings.builder() + .put(env.settings()) + .put("xpack.ssl.client_authentication", value) + .build(); + sslService = new SSLService(settings, env); + SecurityNetty4Transport transport = createTransport(true, settings); Netty4MockUtil.setOpenChannelsHandlerToMock(transport); ChannelHandler handler = transport.getServerChannelInitializer("client", Settings.EMPTY); final EmbeddedChannel ch = new EmbeddedChannel(handler); @@ -137,22 +151,34 @@ public class SecurityNetty4TransportTests extends ESTestCase { } public void testProfileRequiredClientAuth() throws Exception { - String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true", "TRUE"); - SecurityNetty4Transport transport = createTransport(true); + String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT)); + Settings settings = Settings.builder() + .put(env.settings()) + .put("xpack.security.transport.ssl.enabled", true) + .put("transport.profiles.client.xpack.security.ssl.client_authentication", value) + .build(); + sslService = new SSLService(settings, env); + SecurityNetty4Transport transport = createTransport(true, settings); Netty4MockUtil.setOpenChannelsHandlerToMock(transport); ChannelHandler handler = transport.getServerChannelInitializer("client", - Settings.builder().put(SecurityNetty4Transport.PROFILE_CLIENT_AUTH_SETTING, value).build()); + Settings.builder().put("xpack.security.ssl.client_authentication", value).build()); final EmbeddedChannel ch = new EmbeddedChannel(handler); assertThat(ch.pipeline().get(SslHandler.class).engine().getNeedClientAuth(), is(true)); assertThat(ch.pipeline().get(SslHandler.class).engine().getWantClientAuth(), is(false)); } public void testProfileNoClientAuth() throws Exception { - String value = randomFrom(SSLClientAuth.NO.name(), "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT)); - SecurityNetty4Transport transport = createTransport(true); + String value = randomFrom(SSLClientAuth.NONE.name(), SSLClientAuth.NONE.name().toLowerCase(Locale.ROOT)); + Settings settings = Settings.builder() + .put(env.settings()) + .put("xpack.security.transport.ssl.enabled", true) + .put("transport.profiles.client.xpack.security.ssl.client_authentication", value) + .build(); + sslService = new SSLService(settings, env); + SecurityNetty4Transport transport = createTransport(true, settings); Netty4MockUtil.setOpenChannelsHandlerToMock(transport); ChannelHandler handler = transport.getServerChannelInitializer("client", - Settings.builder().put(SecurityNetty4Transport.PROFILE_CLIENT_AUTH_SETTING.getKey(), value).build()); + Settings.builder().put("xpack.security.ssl.client_authentication", value).build()); final EmbeddedChannel ch = new EmbeddedChannel(handler); assertThat(ch.pipeline().get(SslHandler.class).engine().getNeedClientAuth(), is(false)); assertThat(ch.pipeline().get(SslHandler.class).engine().getWantClientAuth(), is(false)); @@ -160,10 +186,16 @@ public class SecurityNetty4TransportTests extends ESTestCase { public void testProfileOptionalClientAuth() throws Exception { String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT)); - SecurityNetty4Transport transport = createTransport(true); + Settings settings = Settings.builder() + .put(env.settings()) + .put("xpack.security.transport.ssl.enabled", true) + .put("transport.profiles.client.xpack.security.ssl.client_authentication", value) + .build(); + sslService = new SSLService(settings, env); + SecurityNetty4Transport transport = createTransport(true, settings); Netty4MockUtil.setOpenChannelsHandlerToMock(transport); final ChannelHandler handler = transport.getServerChannelInitializer("client", - Settings.builder().put(SecurityNetty4Transport.PROFILE_CLIENT_AUTH_SETTING.getKey(), value).build()); + Settings.builder().put("xpack.security.ssl.client_authentication", value).build()); final EmbeddedChannel ch = new EmbeddedChannel(handler); assertThat(ch.pipeline().get(SslHandler.class).engine().getNeedClientAuth(), is(false)); assertThat(ch.pipeline().get(SslHandler.class).engine().getWantClientAuth(), is(true)); @@ -171,10 +203,10 @@ public class SecurityNetty4TransportTests extends ESTestCase { public void testThatExceptionIsThrownWhenConfiguredWithoutSslKey() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", + .put("xpack.ssl.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks")) - .put("xpack.security.ssl.truststore.password", "testnode") - .put(SecurityNetty4Transport.SSL_SETTING.getKey(), true) + .put("xpack.ssl.truststore.password", "testnode") + .put(XPackSettings.TRANSPORT_SSL_ENABLED.getKey(), true) .put("path.home", createTempDir()) .build(); env = new Environment(settings); @@ -188,10 +220,10 @@ public class SecurityNetty4TransportTests extends ESTestCase { public void testNoExceptionWhenConfiguredWithoutSslKeySSLDisabled() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", + .put("xpack.ssl.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks")) - .put("xpack.security.ssl.truststore.password", "testnode") - .put(SecurityNetty4Transport.SSL_SETTING.getKey(), false) + .put("xpack.ssl.truststore.password", "testnode") + .put(XPackSettings.TRANSPORT_SSL_ENABLED.getKey(), false) .put("path.home", createTempDir()) .build(); env = new Environment(settings); @@ -200,4 +232,35 @@ public class SecurityNetty4TransportTests extends ESTestCase { mock(BigArrays.class), mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class), null, sslService); assertNotNull(transport.getServerChannelInitializer(randomAsciiOfLength(6), Settings.EMPTY)); } + + public void testTransportSSLOverridesGlobalSSL() throws Exception { + final boolean useGlobalKeystoreWithoutKey = randomBoolean(); + Settings.Builder builder = Settings.builder() + .put("xpack.security.transport.ssl.keystore.path", + getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks")) + .put("xpack.security.transport.ssl.keystore.password", "testnode") + .put("xpack.security.transport.ssl.client_authentication", "none") + .put(XPackSettings.TRANSPORT_SSL_ENABLED.getKey(), true) + .put("path.home", createTempDir()); + if (useGlobalKeystoreWithoutKey) { + builder.put("xpack.ssl.keystore.path", + getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks")) + .put("xpack.ssl.keystore.password", "truststore-testnode-only"); + } + Settings settings = builder.build(); + env = new Environment(settings); + sslService = new SSLService(settings, env); + SecurityNetty4Transport transport = createTransport(true, settings); + Netty4MockUtil.setOpenChannelsHandlerToMock(transport); + final ChannelHandler handler = transport.getServerChannelInitializer("default", Settings.EMPTY); + final EmbeddedChannel ch = new EmbeddedChannel(handler); + final SSLEngine engine = ch.pipeline().get(SslHandler.class).engine(); + assertFalse(engine.getNeedClientAuth()); + assertFalse(engine.getWantClientAuth()); + + // get the global and verify that it is different in that it requires client auth + final SSLEngine globalEngine = sslService.createSSLEngine(Settings.EMPTY, Settings.EMPTY); + assertTrue(globalEngine.getNeedClientAuth()); + assertFalse(globalEngine.getWantClientAuth()); + } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslIntegrationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslIntegrationTests.java index 808f0d63eec..a6ad62ea776 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslIntegrationTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslIntegrationTests.java @@ -23,8 +23,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.http.HttpServerTransport; -import org.elasticsearch.xpack.security.ssl.SSLService; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; +import org.elasticsearch.xpack.ssl.SSLService; import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.transport.Transport; import org.elasticsearch.xpack.XPackTransportClient; @@ -48,7 +47,7 @@ public class SslIntegrationTests extends SecurityIntegTestCase { protected Settings nodeSettings(int nodeOrdinal) { return Settings.builder().put(super.nodeSettings(nodeOrdinal)) .put(NetworkModule.HTTP_ENABLED.getKey(), true) - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true).build(); + .put("xpack.security.http.ssl.enabled", true).build(); } @Override @@ -62,7 +61,7 @@ public class SslIntegrationTests extends SecurityIntegTestCase { .put(transportClientSettings()) .put("node.name", "programmatic_transport_client") .put("cluster.name", internalCluster().getClusterName()) - .putArray("xpack.security.ssl.ciphers", new String[]{"TLS_ECDH_anon_WITH_RC4_128_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA"}) + .putArray("xpack.ssl.cipher_suites", "TLS_ECDH_anon_WITH_RC4_128_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA") .build())) { TransportAddress transportAddress = randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses()); @@ -81,7 +80,7 @@ public class SslIntegrationTests extends SecurityIntegTestCase { .put(transportClientSettings()) .put("node.name", "programmatic_transport_client") .put("cluster.name", internalCluster().getClusterName()) - .putArray("xpack.security.ssl.supported_protocols", new String[]{"SSLv3"}) + .putArray("xpack.ssl.supported_protocols", new String[]{"SSLv3"}) .build())) { TransportAddress transportAddress = randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses()); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslMultiPortTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslMultiPortTests.java index 3f95dee6380..d787e356361 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslMultiPortTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslMultiPortTests.java @@ -11,7 +11,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.xpack.security.Security; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; +import org.elasticsearch.xpack.ssl.SSLClientAuth; import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.transport.Transport; import org.elasticsearch.xpack.XPackTransportClient; @@ -70,15 +70,14 @@ public class SslMultiPortTests extends SecurityIntegTestCase { .put("transport.profiles.client.port", randomClientPortRange) // make sure this is "localhost", no matter if ipv4 or ipv6, but be consistent .put("transport.profiles.client.bind_host", "localhost") - .put("transport.profiles.client.xpack.security.truststore.path", store.toAbsolutePath()) // settings for client truststore - .put("transport.profiles.client.xpack.security.truststore.password", "testnode-client-profile") + .put("transport.profiles.client.xpack.security.ssl.truststore.path", store.toAbsolutePath()) + .put("transport.profiles.client.xpack.security.ssl.truststore.password", "testnode-client-profile") .put("transport.profiles.no_ssl.port", randomNonSslPortRange) .put("transport.profiles.no_ssl.bind_host", "localhost") - .put(randomFrom( - "transport.profiles.no_ssl.xpack.security.ssl.enabled", "transport.profiles.no_ssl.xpack.security.ssl"), "false") + .put("transport.profiles.no_ssl.xpack.security.ssl.enabled", "false") .put("transport.profiles.no_client_auth.port", randomNoClientAuthPortRange) .put("transport.profiles.no_client_auth.bind_host", "localhost") - .put("transport.profiles.no_client_auth.xpack.security.ssl.client.auth", false) + .put("transport.profiles.no_client_auth.xpack.security.ssl.client_authentication", SSLClientAuth.NONE) .build(); } @@ -89,10 +88,10 @@ public class SslMultiPortTests extends SecurityIntegTestCase { private TransportClient createTransportClient(Settings additionalSettings) { Settings clientSettings = transportClientSettings(); - if (additionalSettings.getByPrefix("xpack.security.ssl.").isEmpty() == false) { + if (additionalSettings.getByPrefix("xpack.ssl.").isEmpty() == false) { Settings.Builder builder = Settings.builder(); for (Entry entry : clientSettings.getAsMap().entrySet()) { - if (entry.getKey().startsWith("xpack.security.ssl.") == false) { + if (entry.getKey().startsWith("xpack.ssl.") == false) { builder.put(entry.getKey(), entry.getValue()); } } @@ -234,7 +233,7 @@ public class SslMultiPortTests extends SecurityIntegTestCase { public void testThatTransportClientCanConnectToNoSslProfile() throws Exception { Settings settings = Settings.builder() .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), false) + .put("xpack.security.transport.ssl.enabled", false) .put("cluster.name", internalCluster().getClusterName()) .build(); try (TransportClient transportClient = new XPackTransportClient(settings)) { @@ -307,10 +306,10 @@ public class SslMultiPortTests extends SecurityIntegTestCase { Settings settings = Settings.builder() .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) .put("cluster.name", internalCluster().getClusterName()) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) - .put("xpack.security.ssl.truststore.path", + .put("xpack.security.transport.ssl.enabled", true) + .put("xpack.ssl.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks")) - .put("xpack.security.ssl.truststore.password", "truststore-testnode-only") + .put("xpack.ssl.truststore.password", "truststore-testnode-only") .build(); try (TransportClient transportClient = new XPackTransportClient(settings)) { transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), @@ -329,10 +328,10 @@ public class SslMultiPortTests extends SecurityIntegTestCase { Settings settings = Settings.builder() .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) .put("cluster.name", internalCluster().getClusterName()) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) - .put("xpack.security.ssl.truststore.path", + .put("xpack.ssl.client_authentication", SSLClientAuth.REQUIRED) + .put("xpack.ssl.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks")) - .put("xpack.security.ssl.truststore.password", "truststore-testnode-only") + .put("xpack.ssl.truststore.password", "truststore-testnode-only") .build(); try (TransportClient transportClient = new XPackTransportClient(settings)) { transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("client"))); @@ -353,10 +352,10 @@ public class SslMultiPortTests extends SecurityIntegTestCase { Settings settings = Settings.builder() .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) .put("cluster.name", internalCluster().getClusterName()) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) - .put("xpack.security.ssl.truststore.path", + .put("xpack.ssl.client_authentication", SSLClientAuth.REQUIRED) + .put("xpack.ssl.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks")) - .put("xpack.security.ssl.truststore.password", "truststore-testnode-only") + .put("xpack.ssl.truststore.password", "truststore-testnode-only") .build(); try (TransportClient transportClient = new XPackTransportClient(settings)) { transportClient.addTransportAddress(randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses())); @@ -376,10 +375,10 @@ public class SslMultiPortTests extends SecurityIntegTestCase { Settings settings = Settings.builder() .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) .put("cluster.name", internalCluster().getClusterName()) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) - .put("xpack.security.ssl.truststore.path", + .put("xpack.security.transport.ssl.enabled", true) + .put("xpack.ssl.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks")) - .put("xpack.security.ssl.truststore.password", "truststore-testnode-only") + .put("xpack.ssl.truststore.password", "truststore-testnode-only") .build(); try (TransportClient transportClient = new XPackTransportClient(settings)) { transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_ssl"))); @@ -399,7 +398,7 @@ public class SslMultiPortTests extends SecurityIntegTestCase { Settings settings = Settings.builder() .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) .put("cluster.name", internalCluster().getClusterName()) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) + .put("xpack.ssl.client_authentication", SSLClientAuth.REQUIRED) .build(); try (TransportClient transportClient = new XPackTransportClient(settings)) { transportClient.addTransportAddress(randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses())); @@ -419,7 +418,7 @@ public class SslMultiPortTests extends SecurityIntegTestCase { Settings settings = Settings.builder() .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) .put("cluster.name", internalCluster().getClusterName()) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) + .put("xpack.ssl.client_authentication", SSLClientAuth.REQUIRED) .build(); try (TransportClient transportClient = new XPackTransportClient(settings)) { transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("client"))); @@ -439,7 +438,7 @@ public class SslMultiPortTests extends SecurityIntegTestCase { Settings settings = Settings.builder() .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) .put("cluster.name", internalCluster().getClusterName()) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) + .put("xpack.ssl.client_authentication", SSLClientAuth.REQUIRED) .build(); try (TransportClient transportClient = new XPackTransportClient(settings)) { transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), @@ -451,26 +450,6 @@ public class SslMultiPortTests extends SecurityIntegTestCase { } } - /** - * Uses a transport client with the default JDK truststore; this truststore only trusts the known good public - * certificate authorities. This test connects to the no_ssl profile, which does not use SSL so the connection - * will not work - */ - public void testThatSSLTransportClientWithNoTruststoreCannotConnectToNoSslProfile() throws Exception { - Settings settings = Settings.builder() - .put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalCluster().getClusterName()) - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) - .build(); - try (TransportClient transportClient = new XPackTransportClient(settings)) { - transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_ssl"))); - assertGreenClusterState(transportClient); - fail("Expected NoNodeAvailableException"); - } catch (NoNodeAvailableException e) { - assertThat(e.getMessage(), containsString("None of the configured nodes are available: [{#transport#-")); - } - } - private static int getProfilePort(String profile) { TransportAddress transportAddress = randomFrom(internalCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddresses()); diff --git a/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks index 71d33bfacf2..f18b9288b10 100644 Binary files a/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks and b/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks differ diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/common/network/InetAddressHelper.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/common/network/InetAddressHelper.java similarity index 100% rename from elasticsearch/x-pack/security/src/main/java/org/elasticsearch/common/network/InetAddressHelper.java rename to elasticsearch/x-pack/src/main/java/org/elasticsearch/common/network/InetAddressHelper.java diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java index 6faaf1aa7b5..9de4e85f5c0 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java @@ -89,6 +89,8 @@ import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.SecurityFeatureSet; import org.elasticsearch.xpack.security.authc.AuthenticationService; import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; +import org.elasticsearch.xpack.ssl.SSLConfigurationReloader; +import org.elasticsearch.xpack.ssl.SSLService; import org.elasticsearch.xpack.support.clock.Clock; import org.elasticsearch.xpack.support.clock.SystemClock; import org.elasticsearch.xpack.watcher.Watcher; @@ -152,6 +154,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I protected final XPackExtensionsService extensionsService; protected XPackLicenseState licenseState; + protected SSLService sslService; protected Licensing licensing; protected Security security; protected Monitoring monitoring; @@ -163,9 +166,10 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I this.transportClientMode = transportClientMode(settings); this.env = transportClientMode ? null : new Environment(settings); this.licenseState = new XPackLicenseState(); + this.sslService = new SSLService(settings, env); this.licensing = new Licensing(settings); - this.security = new Security(settings, env, licenseState); + this.security = new Security(settings, env, licenseState, sslService); this.monitoring = new Monitoring(settings, env, licenseState); this.watcher = new Watcher(settings); this.graph = new Graph(settings); @@ -207,6 +211,8 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I ResourceWatcherService resourceWatcherService, ScriptService scriptService, SearchRequestParsers searchRequestParsers) { List components = new ArrayList<>(); + components.add(sslService); + final InternalClient internalClient = new InternalClient(settings, threadPool, client, security.getCryptoService()); components.add(internalClient); @@ -217,7 +223,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I components.addAll(security.createComponents(internalClient, threadPool, clusterService, resourceWatcherService, extensionsService.getExtensions())); - components.addAll(monitoring.createComponents(internalClient, threadPool, clusterService, licenseService)); + components.addAll(monitoring.createComponents(internalClient, threadPool, clusterService, licenseService, sslService)); // watcher http stuff Map httpAuthFactories = new HashMap<>(); @@ -226,12 +232,14 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I HttpAuthRegistry httpAuthRegistry = new HttpAuthRegistry(httpAuthFactories); HttpRequestTemplate.Parser httpTemplateParser = new HttpRequestTemplate.Parser(httpAuthRegistry); components.add(httpTemplateParser); - final HttpClient httpClient = new HttpClient(settings, httpAuthRegistry, env); + final HttpClient httpClient = new HttpClient(settings, httpAuthRegistry, env, sslService); components.add(httpClient); components.addAll(createNotificationComponents(clusterService.getClusterSettings(), httpClient, httpTemplateParser, scriptService)); + // just create the reloader as it will pull all of the loaded ssl configurations and start watching them + new SSLConfigurationReloader(settings, env, sslService, resourceWatcherService); return components; } @@ -288,7 +296,6 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I settings.addAll(MonitoringSettings.getSettings()); settings.addAll(watcher.getSettings()); settings.addAll(licensing.getSettings()); - settings.addAll(XPackSettings.getAllSettings()); // we add the `xpack.version` setting to all internal indices diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackSettings.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackSettings.java index 2dc2d09aea4..6727916ba5e 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackSettings.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackSettings.java @@ -6,13 +6,22 @@ package org.elasticsearch.xpack; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.List; -import java.util.Map; +import java.util.Optional; import java.util.function.Function; import org.elasticsearch.common.settings.Setting; +import org.elasticsearch.common.settings.Setting.Property; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.xpack.ssl.SSLClientAuth; +import org.elasticsearch.xpack.ssl.VerificationMode; + +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.TrustManagerFactory; + +import static java.util.Collections.emptyList; /** * A container for xpack setting constants. @@ -41,6 +50,192 @@ public class XPackSettings { /** Setting for enabling or disabling document/field level security. Defaults to true. */ public static final Setting DLS_FLS_ENABLED = enabledSetting(XPackPlugin.SECURITY + ".dls_fls", true); + /** Setting for enabling or disabling transport ssl. Defaults to false. */ + public static final Setting TRANSPORT_SSL_ENABLED = enabledSetting(XPackPlugin.SECURITY + ".transport.ssl", false); + + /** Setting for enabling or disabling http ssl. Defaults to false. */ + public static final Setting HTTP_SSL_ENABLED = enabledSetting(XPackPlugin.SECURITY + ".http.ssl", false); + + /* + * SSL settings. These are the settings that are specifically registered for SSL. Many are private as we do not explicitly use them + * but instead parse based on a prefix (eg *.ssl.*) + */ + public static final List DEFAULT_CIPHERS = + Arrays.asList("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256", + "TLS_RSA_WITH_AES_128_CBC_SHA"); + public static final List DEFAULT_SUPPORTED_PROTOCOLS = Arrays.asList("TLSv1.2", "TLSv1.1", "TLSv1"); + public static final SSLClientAuth CLIENT_AUTH_DEFAULT = SSLClientAuth.REQUIRED; + public static final SSLClientAuth HTTP_CLIENT_AUTH_DEFAULT = SSLClientAuth.NONE; + public static final VerificationMode VERIFICATION_MODE_DEFAULT = VerificationMode.FULL; + + // global settings that apply to everything! + private static final Setting> CIPHERS_SETTING = Setting.listSetting("xpack.ssl.cipher_suites", DEFAULT_CIPHERS, + Function.identity(), Property.NodeScope, Property.Filtered); + private static final Setting> SUPPORTED_PROTOCOLS_SETTING = Setting.listSetting("xpack.ssl.supported_protocols", + DEFAULT_SUPPORTED_PROTOCOLS, Function.identity(), Property.NodeScope, Property.Filtered); + private static final Setting CLIENT_AUTH_SETTING = new Setting<>("xpack.ssl.client_authentication", + CLIENT_AUTH_DEFAULT.name(), SSLClientAuth::parse, Property.NodeScope, Property.Filtered); + private static final Setting VERIFICATION_MODE_SETTING = new Setting<>("xpack.ssl.verification_mode", + VERIFICATION_MODE_DEFAULT.name(), VerificationMode::parse, Property.NodeScope, Property.Filtered); + private static final Setting> KEYSTORE_PATH_SETTING = new Setting<>("xpack.ssl.keystore.path", + s -> System.getProperty("javax.net.ssl.keyStore"), Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting> KEYSTORE_PASSWORD_SETTING = new Setting<>("xpack.ssl.keystore.password", + s -> System.getProperty("javax.net.ssl.keyStorePassword"), Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting KEYSTORE_ALGORITHM_SETTING = new Setting<>("xpack.ssl.keystore.algorithm", + s -> System.getProperty("ssl.KeyManagerFactory.algorithm", KeyManagerFactory.getDefaultAlgorithm()), + Function.identity(), Property.NodeScope, Property.Filtered); + private static final Setting> KEYSTORE_KEY_PASSWORD_SETTING = + new Setting<>("xpack.ssl.keystore.key_password", KEYSTORE_PASSWORD_SETTING, Optional::ofNullable, + Property.NodeScope, Property.Filtered); + private static final Setting> TRUSTSTORE_PATH_SETTING = new Setting<>("xpack.ssl.truststore.path", + s -> System.getProperty("javax.net.ssl.trustStore"), Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting> TRUSTSTORE_PASSWORD_SETTING = new Setting<>("xpack.ssl.truststore.password", + s -> System.getProperty("javax.net.ssl.trustStorePassword"), Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting TRUSTSTORE_ALGORITHM_SETTING = new Setting<>("xpack.ssl.truststore.algorithm", + s -> System.getProperty("ssl.TrustManagerFactory.algorithm", TrustManagerFactory.getDefaultAlgorithm()), + Function.identity(), Property.NodeScope, Property.Filtered); + private static final Setting> KEY_PATH_SETTING = + new Setting<>("xpack.ssl.key", (String) null, Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting> KEY_PASSWORD_SETTING = + new Setting<>("xpack.ssl.key_passphrase", (String) null, Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting> CERT_SETTING = + new Setting<>("xpack.ssl.certificate", (String) null, Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting> CA_PATHS_SETTING = Setting.listSetting("xpack.ssl.certificate_authorities", + Collections.emptyList(), s -> s, Property.NodeScope, Property.Filtered); + + // http specific settings + private static final Setting> HTTP_CIPHERS_SETTING = Setting.listSetting("xpack.security.http.ssl.cipher_suites", + DEFAULT_CIPHERS, Function.identity(), Property.NodeScope, Property.Filtered); + private static final Setting> HTTP_SUPPORTED_PROTOCOLS_SETTING = + Setting.listSetting("xpack.security.http.ssl.supported_protocols", emptyList(), Function.identity(), + Property.NodeScope, Property.Filtered); + private static final Setting HTTP_CLIENT_AUTH_SETTING = new Setting<>("xpack.security.http.ssl.client_authentication", + CLIENT_AUTH_DEFAULT.name(), SSLClientAuth::parse, Property.NodeScope, Property.Filtered); + private static final Setting HTTP_VERIFICATION_MODE_SETTING = + new Setting<>("xpack.security.http.ssl.verification_mode", VERIFICATION_MODE_DEFAULT.name(), VerificationMode::parse, + Property.NodeScope, Property.Filtered); + private static final Setting> HTTP_KEYSTORE_PATH_SETTING = new Setting<>("xpack.security.http.ssl.keystore.path", + (String) null, Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting> HTTP_KEYSTORE_PASSWORD_SETTING = + new Setting<>("xpack.security.http.ssl.keystore.password", (String) null, Optional::ofNullable, + Property.NodeScope, Property.Filtered); + private static final Setting HTTP_KEYSTORE_ALGORITHM_SETTING = new Setting<>("xpack.security.http.ssl.keystore.algorithm", + "", Function.identity(), Property.NodeScope, Property.Filtered); + private static final Setting> HTTP_KEYSTORE_KEY_PASSWORD_SETTING = + new Setting<>("xpack.security.http.ssl.keystore.key_password", HTTP_KEYSTORE_PASSWORD_SETTING, Optional::ofNullable, + Property.NodeScope, Property.Filtered); + private static final Setting> HTTP_TRUSTSTORE_PATH_SETTING = new Setting<>("xpack.security.http.ssl.truststore.path", + (String) null, Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting> HTTP_TRUSTSTORE_PASSWORD_SETTING = + new Setting<>("xpack.security.http.ssl.truststore.password", (String) null, Optional::ofNullable, + Property.NodeScope, Property.Filtered); + private static final Setting HTTP_TRUSTSTORE_ALGORITHM_SETTING = new Setting<>("xpack.security.http.ssl.truststore.algorithm", + "", Function.identity(), Property.NodeScope, Property.Filtered); + private static final Setting> HTTP_KEY_PATH_SETTING = + new Setting<>("xpack.security.http.ssl.key", (String) null, Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting> HTTP_KEY_PASSWORD_SETTING = new Setting<>("xpack.security.http.ssl.key_passphrase", + (String) null, Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting> HTTP_CERT_SETTING = new Setting<>("xpack.security.http.ssl.certificate", + (String) null, Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting> HTTP_CA_PATHS_SETTING = + Setting.listSetting("xpack.security.http.ssl.certificate_authorities", emptyList(), s -> s, + Property.NodeScope, Property.Filtered); + + // transport specific settings + private static final Setting> TRANSPORT_CIPHERS_SETTING = + Setting.listSetting("xpack.security.transport.ssl.cipher_suites", DEFAULT_CIPHERS, Function.identity(), + Property.NodeScope, Property.Filtered); + private static final Setting> TRANSPORT_SUPPORTED_PROTOCOLS_SETTING = + Setting.listSetting("xpack.security.transport.ssl.supported_protocols", emptyList(), Function.identity(), + Property.NodeScope, Property.Filtered); + private static final Setting TRANSPORT_CLIENT_AUTH_SETTING = + new Setting<>("xpack.security.transport.ssl.client_authentication", CLIENT_AUTH_DEFAULT.name(), SSLClientAuth::parse, + Property.NodeScope, Property.Filtered); + private static final Setting TRANSPORT_VERIFICATION_MODE_SETTING = + new Setting<>("xpack.security.transport.ssl.verification_mode", VERIFICATION_MODE_DEFAULT.name(), VerificationMode::parse, + Property.NodeScope, Property.Filtered); + private static final Setting> TRANSPORT_KEYSTORE_PATH_SETTING = + new Setting<>("xpack.security.transport.ssl.keystore.path", (String) null, Optional::ofNullable, + Property.NodeScope, Property.Filtered); + private static final Setting> TRANSPORT_KEYSTORE_PASSWORD_SETTING = + new Setting<>("xpack.security.transport.ssl.keystore.password", (String) null, Optional::ofNullable, + Property.NodeScope, Property.Filtered); + private static final Setting TRANSPORT_KEYSTORE_ALGORITHM_SETTING = + new Setting<>("xpack.security.transport.ssl.keystore.algorithm", "", Function.identity(), Property.NodeScope, + Property.Filtered); + private static final Setting> TRANSPORT_KEYSTORE_KEY_PASSWORD_SETTING = + new Setting<>("xpack.security.transport.ssl.keystore.key_password", TRANSPORT_KEYSTORE_PASSWORD_SETTING, Optional::ofNullable, + Property.NodeScope, Property.Filtered); + private static final Setting> TRANSPORT_TRUSTSTORE_PATH_SETTING = + new Setting<>("xpack.security.transport.ssl.truststore.path", (String) null, Optional::ofNullable, + Property.NodeScope, Property.Filtered); + private static final Setting> TRANSPORT_TRUSTSTORE_PASSWORD_SETTING = + new Setting<>("xpack.security.transport.ssl.truststore.password", (String) null, Optional::ofNullable, + Property.NodeScope, Property.Filtered); + private static final Setting TRANSPORT_TRUSTSTORE_ALGORITHM_SETTING = + new Setting<>("xpack.security.transport.ssl.truststore.algorithm", "", Function.identity(), + Property.NodeScope, Property.Filtered); + private static final Setting> TRANSPORT_KEY_PATH_SETTING = + new Setting<>("xpack.security.transport.ssl.key", (String) null, Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting> TRANSPORT_KEY_PASSWORD_SETTING = + new Setting<>("xpack.security.transport.ssl.key_passphrase", (String) null, Optional::ofNullable, Property.NodeScope, + Property.Filtered); + private static final Setting> TRANSPORT_CERT_SETTING = new Setting<>("xpack.security.transport.ssl.certificate", + (String) null, Optional::ofNullable, Property.NodeScope, Property.Filtered); + private static final Setting> TRANSPORT_CA_PATHS_SETTING = + Setting.listSetting("xpack.security.transport.ssl.certificate_authorities", emptyList(), s -> s, + Property.NodeScope, Property.Filtered); + /* End SSL settings */ + + static { + ALL_SETTINGS.add(CIPHERS_SETTING); + ALL_SETTINGS.add(SUPPORTED_PROTOCOLS_SETTING); + ALL_SETTINGS.add(KEYSTORE_PATH_SETTING); + ALL_SETTINGS.add(KEYSTORE_PASSWORD_SETTING); + ALL_SETTINGS.add(KEYSTORE_ALGORITHM_SETTING); + ALL_SETTINGS.add(KEYSTORE_KEY_PASSWORD_SETTING); + ALL_SETTINGS.add(KEY_PATH_SETTING); + ALL_SETTINGS.add(KEY_PASSWORD_SETTING); + ALL_SETTINGS.add(CERT_SETTING); + ALL_SETTINGS.add(TRUSTSTORE_PATH_SETTING); + ALL_SETTINGS.add(TRUSTSTORE_PASSWORD_SETTING); + ALL_SETTINGS.add(TRUSTSTORE_ALGORITHM_SETTING); + ALL_SETTINGS.add(CA_PATHS_SETTING); + ALL_SETTINGS.add(VERIFICATION_MODE_SETTING); + ALL_SETTINGS.add(CLIENT_AUTH_SETTING); + ALL_SETTINGS.add(HTTP_CIPHERS_SETTING); + ALL_SETTINGS.add(HTTP_SUPPORTED_PROTOCOLS_SETTING); + ALL_SETTINGS.add(HTTP_KEYSTORE_PATH_SETTING); + ALL_SETTINGS.add(HTTP_KEYSTORE_PASSWORD_SETTING); + ALL_SETTINGS.add(HTTP_KEYSTORE_ALGORITHM_SETTING); + ALL_SETTINGS.add(HTTP_KEYSTORE_KEY_PASSWORD_SETTING); + ALL_SETTINGS.add(HTTP_KEY_PATH_SETTING); + ALL_SETTINGS.add(HTTP_KEY_PASSWORD_SETTING); + ALL_SETTINGS.add(HTTP_CERT_SETTING); + ALL_SETTINGS.add(HTTP_TRUSTSTORE_PATH_SETTING); + ALL_SETTINGS.add(HTTP_TRUSTSTORE_PASSWORD_SETTING); + ALL_SETTINGS.add(HTTP_TRUSTSTORE_ALGORITHM_SETTING); + ALL_SETTINGS.add(HTTP_CA_PATHS_SETTING); + ALL_SETTINGS.add(HTTP_VERIFICATION_MODE_SETTING); + ALL_SETTINGS.add(HTTP_CLIENT_AUTH_SETTING); + ALL_SETTINGS.add(TRANSPORT_CIPHERS_SETTING); + ALL_SETTINGS.add(TRANSPORT_SUPPORTED_PROTOCOLS_SETTING); + ALL_SETTINGS.add(TRANSPORT_KEYSTORE_PATH_SETTING); + ALL_SETTINGS.add(TRANSPORT_KEYSTORE_PASSWORD_SETTING); + ALL_SETTINGS.add(TRANSPORT_KEYSTORE_ALGORITHM_SETTING); + ALL_SETTINGS.add(TRANSPORT_KEYSTORE_KEY_PASSWORD_SETTING); + ALL_SETTINGS.add(TRANSPORT_KEY_PATH_SETTING); + ALL_SETTINGS.add(TRANSPORT_KEY_PASSWORD_SETTING); + ALL_SETTINGS.add(TRANSPORT_CERT_SETTING); + ALL_SETTINGS.add(TRANSPORT_TRUSTSTORE_PATH_SETTING); + ALL_SETTINGS.add(TRANSPORT_TRUSTSTORE_PASSWORD_SETTING); + ALL_SETTINGS.add(TRANSPORT_TRUSTSTORE_ALGORITHM_SETTING); + ALL_SETTINGS.add(TRANSPORT_CA_PATHS_SETTING); + ALL_SETTINGS.add(TRANSPORT_VERIFICATION_MODE_SETTING); + ALL_SETTINGS.add(TRANSPORT_CLIENT_AUTH_SETTING); + } + /** * Create a Setting for the enabled state of features in xpack. * diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpClient.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpClient.java index 0f8a1290654..624eece797a 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpClient.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpClient.java @@ -5,25 +5,20 @@ */ package org.elasticsearch.xpack.common.http; -import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchTimeoutException; import org.elasticsearch.SpecialPermission; import org.elasticsearch.common.Strings; -import org.elasticsearch.common.component.AbstractLifecycleComponent; +import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.io.Streams; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.env.Environment; import org.elasticsearch.xpack.common.http.auth.ApplicableHttpAuth; import org.elasticsearch.xpack.common.http.auth.HttpAuthRegistry; +import org.elasticsearch.xpack.ssl.SSLService; import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; @@ -32,12 +27,8 @@ import java.net.SocketTimeoutException; import java.net.URL; import java.net.URLEncoder; import java.nio.charset.StandardCharsets; -import java.nio.file.Files; -import java.nio.file.Path; import java.security.AccessController; -import java.security.KeyStore; import java.security.PrivilegedAction; -import java.security.SecureRandom; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -45,30 +36,13 @@ import java.util.Map; /** * Client class to wrap http connections */ -public class HttpClient extends AbstractLifecycleComponent { +public class HttpClient extends AbstractComponent { static final String SETTINGS_SSL_PREFIX = "xpack.http.ssl."; static final String SETTINGS_PROXY_PREFIX = "xpack.http.proxy."; - static final String SETTINGS_SSL_SECURITY_PREFIX = "xpack.security.ssl."; - public static final String SETTINGS_SSL_PROTOCOL = SETTINGS_SSL_PREFIX + "protocol"; - static final String SETTINGS_SSL_SECURITY_PROTOCOL = SETTINGS_SSL_SECURITY_PREFIX + "protocol"; - public static final String SETTINGS_SSL_KEYSTORE = SETTINGS_SSL_PREFIX + "keystore.path"; - static final String SETTINGS_SSL_SECURITY_KEYSTORE = SETTINGS_SSL_SECURITY_PREFIX + "keystore.path"; - public static final String SETTINGS_SSL_KEYSTORE_PASSWORD = SETTINGS_SSL_PREFIX + "keystore.password"; - static final String SETTINGS_SSL_SECURITY_KEYSTORE_PASSWORD = SETTINGS_SSL_SECURITY_PREFIX + "keystore.password"; - public static final String SETTINGS_SSL_KEYSTORE_KEY_PASSWORD = SETTINGS_SSL_PREFIX + "keystore.key_password"; - static final String SETTINGS_SSL_SECURITY_KEYSTORE_KEY_PASSWORD = SETTINGS_SSL_SECURITY_PREFIX + "keystore.key_password"; - public static final String SETTINGS_SSL_KEYSTORE_ALGORITHM = SETTINGS_SSL_PREFIX + "keystore.algorithm"; - static final String SETTINGS_SSL_SECURITY_KEYSTORE_ALGORITHM = SETTINGS_SSL_SECURITY_PREFIX + "keystore.algorithm"; - public static final String SETTINGS_SSL_TRUSTSTORE = SETTINGS_SSL_PREFIX + "truststore.path"; - static final String SETTINGS_SSL_SECURITY_TRUSTSTORE = SETTINGS_SSL_SECURITY_PREFIX + "truststore.path"; - public static final String SETTINGS_SSL_TRUSTSTORE_PASSWORD = SETTINGS_SSL_PREFIX + "truststore.password"; - static final String SETTINGS_SSL_SECURITY_TRUSTSTORE_PASSWORD = SETTINGS_SSL_SECURITY_PREFIX + "truststore.password"; - public static final String SETTINGS_SSL_TRUSTSTORE_ALGORITHM = SETTINGS_SSL_PREFIX + "truststore.algorithm"; - static final String SETTINGS_SSL_SECURITY_TRUSTSTORE_ALGORITHM = SETTINGS_SSL_SECURITY_PREFIX + "truststore.algorithm"; - public static final String SETTINGS_PROXY_HOST = SETTINGS_PROXY_PREFIX + "host"; - public static final String SETTINGS_PROXY_PORT = SETTINGS_PROXY_PREFIX + "port"; + static final String SETTINGS_PROXY_HOST = SETTINGS_PROXY_PREFIX + "host"; + static final String SETTINGS_PROXY_PORT = SETTINGS_PROXY_PREFIX + "port"; private final HttpAuthRegistry httpAuthRegistry; private final Environment env; @@ -78,16 +52,12 @@ public class HttpClient extends AbstractLifecycleComponent { private SSLSocketFactory sslSocketFactory; private HttpProxy proxy = HttpProxy.NO_PROXY; - public HttpClient(Settings settings, HttpAuthRegistry httpAuthRegistry, Environment env) { + public HttpClient(Settings settings, HttpAuthRegistry httpAuthRegistry, Environment env, SSLService sslService) { super(settings); this.httpAuthRegistry = httpAuthRegistry; this.env = env; defaultConnectionTimeout = settings.getAsTime("xpack.http.default_connection_timeout", TimeValue.timeValueSeconds(10)); defaultReadTimeout = settings.getAsTime("xpack.http.default_read_timeout", TimeValue.timeValueSeconds(10)); - } - - @Override - protected void doStart() throws ElasticsearchException { Integer proxyPort = settings.getAsInt(SETTINGS_PROXY_PORT, null); String proxyHost = settings.get(SETTINGS_PROXY_HOST, null); if (proxyPort != null && Strings.hasText(proxyHost)) { @@ -99,22 +69,7 @@ public class HttpClient extends AbstractLifecycleComponent { SETTINGS_PROXY_PORT); } } - - if (!settings.getByPrefix(SETTINGS_SSL_PREFIX).getAsMap().isEmpty() || - !settings.getByPrefix(SETTINGS_SSL_SECURITY_PREFIX).getAsMap().isEmpty()) { - sslSocketFactory = createSSLSocketFactory(settings); - } else { - logger.trace("no ssl context configured"); - sslSocketFactory = null; - } - } - - @Override - protected void doStop() throws ElasticsearchException { - } - - @Override - protected void doClose() throws ElasticsearchException { + sslSocketFactory = sslService.sslSocketFactory(settings.getByPrefix(SETTINGS_SSL_PREFIX)); } public HttpResponse execute(HttpRequest request) throws IOException { @@ -153,7 +108,7 @@ public class HttpClient extends AbstractLifecycleComponent { HttpProxy proxyToUse = request.proxy != null ? request.proxy : proxy; HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection(proxyToUse.proxy()); - if (urlConnection instanceof HttpsURLConnection && sslSocketFactory != null) { + if (urlConnection instanceof HttpsURLConnection) { final HttpsURLConnection httpsConn = (HttpsURLConnection) urlConnection; final SSLSocketFactory factory = sslSocketFactory; SecurityManager sm = System.getSecurityManager(); @@ -224,107 +179,8 @@ public class HttpClient extends AbstractLifecycleComponent { return new HttpResponse(statusCode, body, responseHeaders); } - /** SSL Initialization **/ - private SSLSocketFactory createSSLSocketFactory(Settings settings) { - try { - String sslContextProtocol = settings.get(SETTINGS_SSL_PROTOCOL, settings.get(SETTINGS_SSL_SECURITY_PROTOCOL, "TLS")); - String keyStore = settings.get(SETTINGS_SSL_KEYSTORE, settings.get(SETTINGS_SSL_SECURITY_KEYSTORE, - System.getProperty("javax.net.ssl.keyStore"))); - String keyStorePassword = settings.get(SETTINGS_SSL_KEYSTORE_PASSWORD, settings.get(SETTINGS_SSL_SECURITY_KEYSTORE_PASSWORD, - System.getProperty("javax.net.ssl.keyStorePassword"))); - String keyPassword = settings.get(SETTINGS_SSL_KEYSTORE_KEY_PASSWORD, settings.get(SETTINGS_SSL_SECURITY_KEYSTORE_KEY_PASSWORD, - keyStorePassword)); - String keyStoreAlgorithm = settings.get(SETTINGS_SSL_KEYSTORE_ALGORITHM, settings.get(SETTINGS_SSL_SECURITY_KEYSTORE_ALGORITHM, - System.getProperty("ssl.KeyManagerFactory.algorithm", KeyManagerFactory.getDefaultAlgorithm()))); - String trustStore = settings.get(SETTINGS_SSL_TRUSTSTORE, settings.get(SETTINGS_SSL_SECURITY_TRUSTSTORE, - System.getProperty("javax.net.ssl.trustStore"))); - String trustStorePassword = settings.get(SETTINGS_SSL_TRUSTSTORE_PASSWORD, - settings.get(SETTINGS_SSL_SECURITY_TRUSTSTORE_PASSWORD, System.getProperty("javax.net.ssl.trustStorePassword"))); - String trustStoreAlgorithm = settings.get(SETTINGS_SSL_TRUSTSTORE_ALGORITHM, - settings.get(SETTINGS_SSL_SECURITY_TRUSTSTORE_ALGORITHM, - System.getProperty("ssl.TrustManagerFactory.algorithm", TrustManagerFactory.getDefaultAlgorithm()))); - - if (keyStore != null) { - if (trustStore == null) { - logger.debug("keystore defined with no truststore defined, using keystore as truststore"); - trustStore = keyStore; - trustStorePassword = keyStorePassword; - trustStoreAlgorithm = keyStoreAlgorithm; - } - } else if (trustStore == null) { - logger.debug("no truststore defined, using system default"); - } - - if (trustStoreAlgorithm == null) { - trustStoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); - } - logger.debug("using protocol [{}], keyStore [{}], keyStoreAlgorithm [{}], trustStore [{}] and trustAlgorithm [{}]", - sslContextProtocol, keyStore, keyStoreAlgorithm, trustStore, trustStoreAlgorithm); - - SSLContext sslContext = SSLContext.getInstance(sslContextProtocol); - KeyManager[] keyManagers = keyManagers(env, keyStore, keyStorePassword, keyStoreAlgorithm, keyPassword); - TrustManager[] trustManagers = trustManagers(env, trustStore, trustStorePassword, trustStoreAlgorithm); - sslContext.init(keyManagers, trustManagers, new SecureRandom()); - return sslContext.getSocketFactory(); - } catch (Exception e) { - throw new RuntimeException("http client failed to initialize the SSLContext", e); - } - } - + // TODO: we shouldn't expose this just for tests public SSLSocketFactory getSslSocketFactory() { return sslSocketFactory; } - - private static KeyManager[] keyManagers(Environment env, String keyStore, String keyStorePassword, String keyStoreAlgorithm, - String keyPassword) { - if (keyStore == null) { - return null; - } - Path path = env.configFile().resolve(keyStore); - if (Files.notExists(path)) { - return null; - } - - try { - // Load KeyStore - KeyStore ks = readKeystore(path, keyStorePassword); - - // Initialize KeyManagerFactory - KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyStoreAlgorithm); - kmf.init(ks, keyPassword.toCharArray()); - return kmf.getKeyManagers(); - } catch (Exception e) { - throw new RuntimeException("http client failed to initialize a KeyManagerFactory", e); - } - } - - private static TrustManager[] trustManagers(Environment env, String trustStore, String trustStorePassword, String trustStoreAlgorithm) { - try { - // Load TrustStore - KeyStore ks = null; - if (trustStore != null) { - Path trustStorePath = env.configFile().resolve(trustStore); - if (Files.exists(trustStorePath)) { - ks = readKeystore(trustStorePath, trustStorePassword); - } - } - - // Initialize a trust manager factory with the trusted store - TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(trustStoreAlgorithm); - trustFactory.init(ks); - return trustFactory.getTrustManagers(); - } catch (Exception e) { - throw new RuntimeException("http client failed to initialize a TrustManagerFactory", e); - } - } - - private static KeyStore readKeystore(Path path, String password) throws Exception { - try (InputStream in = Files.newInputStream(path)) { - // Load TrustStore - KeyStore ks = KeyStore.getInstance("jks"); - assert password != null; - ks.load(in, password.toCharArray()); - return ks; - } - } } diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionCli.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionCli.java index c17ae66e589..2bfc84c344d 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionCli.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionCli.java @@ -5,8 +5,6 @@ */ package org.elasticsearch.xpack.extensions; -import org.apache.log4j.BasicConfigurator; -import org.apache.log4j.varia.NullAppender; import org.elasticsearch.cli.MultiCommand; import org.elasticsearch.cli.Terminal; @@ -15,7 +13,7 @@ import org.elasticsearch.cli.Terminal; */ public class XPackExtensionCli extends MultiCommand { - public XPackExtensionCli() { + private XPackExtensionCli() { super("A tool for managing installed x-pack extensions"); subcommands.put("list", new ListXPackExtensionCommand()); subcommands.put("install", new InstallXPackExtensionCommand()); @@ -23,7 +21,6 @@ public class XPackExtensionCli extends MultiCommand { } public static void main(String[] args) throws Exception { - BasicConfigurator.configure(new NullAppender()); exit(new XPackExtensionCli().main(args, Terminal.DEFAULT)); } diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java index d8d3c753b40..69d1757e654 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java @@ -5,11 +5,11 @@ */ package org.elasticsearch.xpack.extensions; +import org.apache.logging.log4j.Logger; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.bootstrap.JarHell; import org.elasticsearch.common.collect.Tuple; import org.elasticsearch.common.io.FileSystemUtils; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; @@ -19,11 +19,11 @@ import java.net.URLClassLoader; import java.nio.file.DirectoryStream; import java.nio.file.Files; import java.nio.file.Path; +import java.util.ArrayList; +import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.List; -import java.util.ArrayList; -import java.util.Arrays; import java.util.stream.Collectors; import static org.elasticsearch.common.io.FileSystemUtils.isAccessibleDirectory; @@ -84,7 +84,7 @@ public class XPackExtensionsService { } static List getExtensionBundles(Path extsDirectory) throws IOException { - ESLogger logger = Loggers.getLogger(XPackExtensionsService.class); + Logger logger = Loggers.getLogger(XPackExtensionsService.class); // TODO: remove this leniency, but tests bogusly rely on it if (!isAccessibleDirectory(extsDirectory, logger)) { diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Account.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Account.java index f1d5571106d..ef42446a1e4 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Account.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Account.java @@ -5,6 +5,13 @@ */ package org.elasticsearch.xpack.notification.email; +import org.apache.logging.log4j.Logger; +import org.elasticsearch.SpecialPermission; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.settings.SettingsException; +import org.elasticsearch.common.unit.TimeValue; +import org.elasticsearch.xpack.security.crypto.CryptoService; + import javax.activation.CommandMap; import javax.activation.MailcapCommandMap; import javax.mail.MessagingException; @@ -17,13 +24,6 @@ import java.security.PrivilegedAction; import java.util.Map; import java.util.Properties; -import org.elasticsearch.SpecialPermission; -import org.elasticsearch.common.logging.ESLogger; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.settings.SettingsException; -import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.xpack.security.crypto.CryptoService; - /** * */ @@ -63,10 +63,10 @@ public class Account { private final Config config; private final CryptoService cryptoService; - private final ESLogger logger; + private final Logger logger; private final Session session; - Account(Config config, CryptoService cryptoService, ESLogger logger) { + Account(Config config, CryptoService cryptoService, Logger logger) { this.config = config; this.cryptoService = cryptoService; this.logger = logger; diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Accounts.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Accounts.java index b1317480b34..810e5ad079d 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Accounts.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/Accounts.java @@ -5,14 +5,14 @@ */ package org.elasticsearch.xpack.notification.email; -import java.util.HashMap; -import java.util.Map; - -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.xpack.security.crypto.CryptoService; +import java.util.HashMap; +import java.util.Map; + /** * */ @@ -21,7 +21,7 @@ public class Accounts { private final String defaultAccountName; private final Map accounts; - public Accounts(Settings settings, CryptoService cryptoService, ESLogger logger) { + public Accounts(Settings settings, CryptoService cryptoService, Logger logger) { Settings accountsSettings = settings.getAsSettings("account"); accounts = new HashMap<>(); for (String name : accountsSettings.names()) { diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/EmailService.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/EmailService.java index e70355537e8..0a4246d9719 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/EmailService.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/EmailService.java @@ -5,17 +5,16 @@ */ package org.elasticsearch.xpack.notification.email; -import javax.mail.MessagingException; - +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.component.AbstractComponent; -import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.xpack.security.crypto.CryptoService; +import javax.mail.MessagingException; + /** * A component to store email credentials and handle sending email notifications. */ @@ -62,7 +61,7 @@ public class EmailService extends AbstractComponent { return new EmailSent(account.name(), email); } - protected Accounts createAccounts(Settings settings, ESLogger logger) { + protected Accounts createAccounts(Settings settings, Logger logger) { return new Accounts(settings, cryptoService, logger); } diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/attachment/HttpEmailAttachementParser.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/attachment/HttpEmailAttachementParser.java index d9118019eb3..b2b4167d911 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/attachment/HttpEmailAttachementParser.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/email/attachment/HttpEmailAttachementParser.java @@ -5,16 +5,15 @@ */ package org.elasticsearch.xpack.notification.email.attachment; -import java.io.IOException; -import java.util.Map; - +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.common.ParseField; import org.elasticsearch.common.ParseFieldMatcher; import org.elasticsearch.common.Strings; import org.elasticsearch.common.bytes.BytesReference; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.xpack.common.http.HttpClient; @@ -27,6 +26,9 @@ import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.watcher.support.Variables; import org.elasticsearch.xpack.watcher.watch.Payload; +import java.io.IOException; +import java.util.Map; + public class HttpEmailAttachementParser implements EmailAttachmentParser { public interface Fields { @@ -39,7 +41,7 @@ public class HttpEmailAttachementParser implements EmailAttachmentParser) () -> new ParameterizedMessage( + "Error executing HTTP request: [host[{}], port[{}], method[{}], path[{}]", + httpRequest.host(), + httpRequest.port(), + httpRequest.method(), + httpRequest.path()), + e); } throw new ElasticsearchException("Unable to get attachment of type [{}] with id [{}] in watch [{}] aborting watch execution", diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/HipChatAccount.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/HipChatAccount.java index 6881ea2b57c..91a0bff946f 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/HipChatAccount.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/HipChatAccount.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.notification.hipchat; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.xcontent.ToXContent; @@ -32,7 +32,7 @@ public abstract class HipChatAccount { public static final String DEFAULT_COLOR_SETTING = "message_defaults." + HipChatMessage.Field.COLOR.getPreferredName(); public static final String DEFAULT_NOTIFY_SETTING = "message_defaults." + HipChatMessage.Field.NOTIFY.getPreferredName(); - protected final ESLogger logger; + protected final Logger logger; protected final String name; protected final Profile profile; protected final HipChatServer server; @@ -40,7 +40,7 @@ public abstract class HipChatAccount { protected final String authToken; protected HipChatAccount(String name, Profile profile, Settings settings, HipChatServer defaultServer, HttpClient httpClient, - ESLogger logger) { + Logger logger) { this.name = name; this.profile = profile; this.server = new HipChatServer(settings, defaultServer); @@ -66,27 +66,27 @@ public abstract class HipChatAccount { V1() { @Override HipChatAccount createAccount(String name, Settings settings, HipChatServer defaultServer, HttpClient httpClient, - ESLogger logger) { + Logger logger) { return new V1Account(name, settings, defaultServer, httpClient, logger); } }, INTEGRATION() { @Override HipChatAccount createAccount(String name, Settings settings, HipChatServer defaultServer, HttpClient httpClient, - ESLogger logger) { + Logger logger) { return new IntegrationAccount(name, settings, defaultServer, httpClient, logger); } }, USER() { @Override HipChatAccount createAccount(String name, Settings settings, HipChatServer defaultServer, HttpClient httpClient, - ESLogger logger) { + Logger logger) { return new UserAccount(name, settings, defaultServer, httpClient, logger); } }; abstract HipChatAccount createAccount(String name, Settings settings, HipChatServer defaultServer, HttpClient httpClient, - ESLogger logger); + Logger logger); @Override public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException { diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/HipChatAccounts.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/HipChatAccounts.java index 6d70d19d216..883bc52b206 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/HipChatAccounts.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/HipChatAccounts.java @@ -5,11 +5,11 @@ */ package org.elasticsearch.xpack.notification.hipchat; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; -import org.elasticsearch.xpack.notification.hipchat.HipChatAccount.Profile; import org.elasticsearch.xpack.common.http.HttpClient; +import org.elasticsearch.xpack.notification.hipchat.HipChatAccount.Profile; import java.util.HashMap; import java.util.Map; @@ -22,7 +22,7 @@ public class HipChatAccounts { private final Map accounts; private final String defaultAccountName; - public HipChatAccounts(Settings settings, HttpClient httpClient, ESLogger logger) { + public HipChatAccounts(Settings settings, HttpClient httpClient, Logger logger) { HipChatServer defaultServer = new HipChatServer(settings); Settings accountsSettings = settings.getAsSettings("account"); accounts = new HashMap<>(); diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/IntegrationAccount.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/IntegrationAccount.java index abcc9fa0324..7a381e3420f 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/IntegrationAccount.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/IntegrationAccount.java @@ -5,24 +5,24 @@ */ package org.elasticsearch.xpack.notification.hipchat; +import org.apache.logging.log4j.Logger; import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.common.Nullable; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentHelper; -import org.elasticsearch.xpack.common.text.TextTemplateEngine; -import org.elasticsearch.xpack.watcher.actions.hipchat.HipChatAction; -import org.elasticsearch.xpack.notification.hipchat.HipChatMessage.Color; -import org.elasticsearch.xpack.notification.hipchat.HipChatMessage.Format; import org.elasticsearch.xpack.common.http.HttpClient; import org.elasticsearch.xpack.common.http.HttpMethod; import org.elasticsearch.xpack.common.http.HttpRequest; import org.elasticsearch.xpack.common.http.HttpResponse; import org.elasticsearch.xpack.common.http.Scheme; +import org.elasticsearch.xpack.common.text.TextTemplateEngine; +import org.elasticsearch.xpack.notification.hipchat.HipChatMessage.Color; +import org.elasticsearch.xpack.notification.hipchat.HipChatMessage.Format; +import org.elasticsearch.xpack.watcher.actions.hipchat.HipChatAction; import java.io.IOException; import java.util.ArrayList; @@ -39,7 +39,7 @@ public class IntegrationAccount extends HipChatAccount { final String room; final Defaults defaults; - public IntegrationAccount(String name, Settings settings, HipChatServer defaultServer, HttpClient httpClient, ESLogger logger) { + public IntegrationAccount(String name, Settings settings, HipChatServer defaultServer, HttpClient httpClient, Logger logger) { super(name, Profile.INTEGRATION, settings, defaultServer, httpClient, logger); String[] rooms = settings.getAsArray(ROOM_SETTING, null); if (rooms == null || rooms.length == 0) { diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/UserAccount.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/UserAccount.java index 70da2a79b45..e0a77c4ac7c 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/UserAccount.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/UserAccount.java @@ -5,24 +5,24 @@ */ package org.elasticsearch.xpack.notification.hipchat; +import org.apache.logging.log4j.Logger; import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.common.Nullable; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentHelper; -import org.elasticsearch.xpack.common.text.TextTemplateEngine; -import org.elasticsearch.xpack.watcher.actions.hipchat.HipChatAction; -import org.elasticsearch.xpack.notification.hipchat.HipChatMessage.Color; -import org.elasticsearch.xpack.notification.hipchat.HipChatMessage.Format; import org.elasticsearch.xpack.common.http.HttpClient; import org.elasticsearch.xpack.common.http.HttpMethod; import org.elasticsearch.xpack.common.http.HttpRequest; import org.elasticsearch.xpack.common.http.HttpResponse; import org.elasticsearch.xpack.common.http.Scheme; +import org.elasticsearch.xpack.common.text.TextTemplateEngine; +import org.elasticsearch.xpack.notification.hipchat.HipChatMessage.Color; +import org.elasticsearch.xpack.notification.hipchat.HipChatMessage.Format; +import org.elasticsearch.xpack.watcher.actions.hipchat.HipChatAction; import java.io.IOException; import java.util.ArrayList; @@ -38,7 +38,7 @@ public class UserAccount extends HipChatAccount { final Defaults defaults; - public UserAccount(String name, Settings settings, HipChatServer defaultServer, HttpClient httpClient, ESLogger logger) { + public UserAccount(String name, Settings settings, HipChatServer defaultServer, HttpClient httpClient, Logger logger) { super(name, Profile.USER, settings, defaultServer, httpClient, logger); defaults = new Defaults(settings); } diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/V1Account.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/V1Account.java index 39be8c5d4d4..03a057abee7 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/V1Account.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/hipchat/V1Account.java @@ -5,20 +5,20 @@ */ package org.elasticsearch.xpack.notification.hipchat; +import org.apache.logging.log4j.Logger; import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.common.Nullable; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.xpack.common.text.TextTemplateEngine; -import org.elasticsearch.xpack.watcher.actions.hipchat.HipChatAction; -import org.elasticsearch.xpack.notification.hipchat.HipChatMessage.Color; -import org.elasticsearch.xpack.notification.hipchat.HipChatMessage.Format; import org.elasticsearch.xpack.common.http.HttpClient; import org.elasticsearch.xpack.common.http.HttpMethod; import org.elasticsearch.xpack.common.http.HttpRequest; import org.elasticsearch.xpack.common.http.HttpResponse; import org.elasticsearch.xpack.common.http.Scheme; +import org.elasticsearch.xpack.common.text.TextTemplateEngine; +import org.elasticsearch.xpack.notification.hipchat.HipChatMessage.Color; +import org.elasticsearch.xpack.notification.hipchat.HipChatMessage.Format; +import org.elasticsearch.xpack.watcher.actions.hipchat.HipChatAction; import java.util.ArrayList; import java.util.List; @@ -33,7 +33,7 @@ public class V1Account extends HipChatAccount { final Defaults defaults; - public V1Account(String name, Settings settings, HipChatServer defaultServer, HttpClient httpClient, ESLogger logger) { + public V1Account(String name, Settings settings, HipChatServer defaultServer, HttpClient httpClient, Logger logger) { super(name, Profile.V1, settings, defaultServer, httpClient, logger); defaults = new Defaults(settings); } diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/pagerduty/PagerDutyAccount.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/pagerduty/PagerDutyAccount.java index eae818265eb..5a98b0105a4 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/pagerduty/PagerDutyAccount.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/pagerduty/PagerDutyAccount.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.notification.pagerduty; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.xpack.common.http.HttpClient; @@ -27,9 +27,9 @@ public class PagerDutyAccount { final String serviceKey; final HttpClient httpClient; final IncidentEventDefaults eventDefaults; - final ESLogger logger; + final Logger logger; - public PagerDutyAccount(String name, Settings accountSettings, Settings serviceSettings, HttpClient httpClient, ESLogger logger) { + public PagerDutyAccount(String name, Settings accountSettings, Settings serviceSettings, HttpClient httpClient, Logger logger) { this.name = name; this.serviceKey = accountSettings.get(SERVICE_KEY_SETTING, serviceSettings.get(SERVICE_KEY_SETTING, null)); if (this.serviceKey == null) { diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/pagerduty/PagerDutyAccounts.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/pagerduty/PagerDutyAccounts.java index 88d225fe2e6..57ff792a240 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/pagerduty/PagerDutyAccounts.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/pagerduty/PagerDutyAccounts.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.notification.pagerduty; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.xpack.common.http.HttpClient; @@ -21,7 +21,7 @@ public class PagerDutyAccounts { private final Map accounts; private final String defaultAccountName; - public PagerDutyAccounts(Settings serviceSettings, HttpClient httpClient, ESLogger logger) { + public PagerDutyAccounts(Settings serviceSettings, HttpClient httpClient, Logger logger) { Settings accountsSettings = serviceSettings.getAsSettings("account"); accounts = new HashMap<>(); for (String name : accountsSettings.names()) { diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/slack/SlackAccount.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/slack/SlackAccount.java index d61650a09e5..dfc2f1e761d 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/slack/SlackAccount.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/slack/SlackAccount.java @@ -5,8 +5,8 @@ */ package org.elasticsearch.xpack.notification.slack; +import org.apache.logging.log4j.Logger; import org.elasticsearch.ExceptionsHelper; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.xcontent.ToXContent; @@ -37,10 +37,10 @@ public class SlackAccount { final String name; final URI url; final HttpClient httpClient; - final ESLogger logger; + final Logger logger; final SlackMessageDefaults messageDefaults; - public SlackAccount(String name, Settings settings, Settings defaultSettings, HttpClient httpClient, ESLogger logger) { + public SlackAccount(String name, Settings settings, Settings defaultSettings, HttpClient httpClient, Logger logger) { this.name = name; this.url = url(name, settings, defaultSettings); this.messageDefaults = new SlackMessageDefaults(settings.getAsSettings(MESSAGE_DEFAULTS_SETTING)); diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/slack/SlackAccounts.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/slack/SlackAccounts.java index 30fed9e93c7..8d325ff7f5f 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/slack/SlackAccounts.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/notification/slack/SlackAccounts.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.notification.slack; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.xpack.common.http.HttpClient; @@ -21,7 +21,7 @@ public class SlackAccounts { private final Map accounts; private final String defaultAccountName; - public SlackAccounts(Settings settings, HttpClient httpClient, ESLogger logger) { + public SlackAccounts(Settings settings, HttpClient httpClient, Logger logger) { Settings accountsSettings = settings.getAsSettings("account"); accounts = new HashMap<>(); for (String name : accountsSettings.names()) { diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/CertUtils.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/CertUtils.java similarity index 72% rename from elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/CertUtils.java rename to elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/CertUtils.java index ab0817079d7..f2afc01f25d 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/CertUtils.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/CertUtils.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; @@ -30,7 +30,6 @@ import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; -import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; import org.elasticsearch.common.SuppressForbidden; @@ -71,13 +70,21 @@ import java.util.Locale; import java.util.Set; import java.util.function.Supplier; -class CertUtils { +/** + * Utility methods that deal with {@link Certificate}, {@link KeyStore}, {@link X509ExtendedTrustManager}, {@link X509ExtendedKeyManager} + * and other certificate related objects. + */ +public class CertUtils { private static final int SERIAL_BIT_LENGTH = 20 * 8; static final BouncyCastleProvider BC_PROV = new BouncyCastleProvider(); private CertUtils() {} + /** + * Resolves a path with or without an {@link Environment} as we may be running in a transport client where we do not have access to + * the environment + */ @SuppressForbidden(reason = "we don't have the environment to resolve files from when running in a transport client") static Path resolvePath(String path, @Nullable Environment environment) { if (environment != null) { @@ -86,15 +93,21 @@ class CertUtils { return PathUtils.get(Strings.cleanPath(path)); } - static X509ExtendedKeyManager keyManagers(Certificate[] certificateChain, PrivateKey privateKey, char[] password) throws Exception { + /** + * Returns a {@link X509ExtendedKeyManager} that is built from the provided private key and certificate chain + */ + static X509ExtendedKeyManager keyManager(Certificate[] certificateChain, PrivateKey privateKey, char[] password) throws Exception { KeyStore keyStore = KeyStore.getInstance("jks"); keyStore.load(null, null); // password must be non-null for keystore... keyStore.setKeyEntry("key", privateKey, password, certificateChain); - return keyManagers(keyStore, password, KeyManagerFactory.getDefaultAlgorithm()); + return keyManager(keyStore, password, KeyManagerFactory.getDefaultAlgorithm()); } - static X509ExtendedKeyManager keyManagers(KeyStore keyStore, char[] password, String algorithm) throws Exception { + /** + * Returns a {@link X509ExtendedKeyManager} that is built from the provided keystore + */ + static X509ExtendedKeyManager keyManager(KeyStore keyStore, char[] password, String algorithm) throws Exception { KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(keyStore, password); KeyManager[] keyManagers = kmf.getKeyManagers(); @@ -106,7 +119,13 @@ class CertUtils { throw new IllegalStateException("failed to find a X509ExtendedKeyManager"); } - static X509ExtendedTrustManager trustManagers(Certificate[] certificates) throws Exception { + /** + * Creates a {@link X509ExtendedTrustManager} based on the provided certificates + * @param certificates the certificates to trust + * @return a trust manager that trusts the provided certificates + * @throws Exception if there is an error loading the certificates or trust manager + */ + public static X509ExtendedTrustManager trustManager(Certificate[] certificates) throws Exception { KeyStore store = KeyStore.getInstance("jks"); store.load(null, null); int counter = 0; @@ -114,23 +133,33 @@ class CertUtils { store.setCertificateEntry("cert" + counter, certificate); counter++; } - return trustManagers(store, TrustManagerFactory.getDefaultAlgorithm()); + return trustManager(store, TrustManagerFactory.getDefaultAlgorithm()); } - static X509ExtendedTrustManager trustManagers(String trustStorePath, String trustStorePassword, String trustStoreAlgorithm, - Environment env) throws Exception { + /** + * Loads the truststore and creates a {@link X509ExtendedTrustManager} + * @param trustStorePath the path to the truststore + * @param trustStorePassword the password to the truststore + * @param trustStoreAlgorithm the algorithm to use for the truststore + * @param env the environment to use for file resolution. May be {@code null} + * @return a trust manager with the trust material from the store + * @throws Exception if an error occurs when loading the truststore or the trust manager + */ + public static X509ExtendedTrustManager trustManager(String trustStorePath, String trustStorePassword, String trustStoreAlgorithm, + @Nullable Environment env) throws Exception { try (InputStream in = Files.newInputStream(resolvePath(trustStorePath, env))) { // TODO remove reliance on JKS since we can PKCS12 stores... KeyStore trustStore = KeyStore.getInstance("jks"); assert trustStorePassword != null; trustStore.load(in, trustStorePassword.toCharArray()); - return CertUtils.trustManagers(trustStore, trustStoreAlgorithm); - } catch (Exception e) { - throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e); + return CertUtils.trustManager(trustStore, trustStoreAlgorithm); } } - static X509ExtendedTrustManager trustManagers(KeyStore keyStore, String algorithm) throws Exception { + /** + * Creates a {@link X509ExtendedTrustManager} based on the trust material in the provided {@link KeyStore} + */ + static X509ExtendedTrustManager trustManager(KeyStore keyStore, String algorithm) throws Exception { TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); tmf.init(keyStore); TrustManager[] trustManagers = tmf.getTrustManagers(); @@ -142,7 +171,14 @@ class CertUtils { throw new IllegalStateException("failed to find a X509ExtendedTrustManager"); } - static Certificate[] readCertificates(List certPaths, Environment environment) throws Exception { + /** + * Reads the provided paths and parses them into {@link Certificate} objects + * @param certPaths the paths to the PEM encoded certificates + * @param environment the environment to resolve files against. May be {@code null} + * @return an array of {@link Certificate} objects + * @throws Exception if an error occurs reading a file or parsing a certificate + */ + public static Certificate[] readCertificates(List certPaths, @Nullable Environment environment) throws Exception { List certificates = new ArrayList<>(certPaths.size()); CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); for (String path : certPaths) { @@ -153,6 +189,9 @@ class CertUtils { return certificates.toArray(new Certificate[certificates.size()]); } + /** + * Reads the certificates from the provided reader + */ static void readCertificates(Reader reader, List certificates, CertificateFactory certFactory) throws Exception { try (PEMParser pemParser = new PEMParser(reader)) { @@ -178,6 +217,9 @@ class CertUtils { } } + /** + * Reads the private key from the reader and optionally uses the password supplier to retrieve a password if the key is encrypted + */ static PrivateKey readPrivateKey(Reader reader, Supplier passwordSupplier) throws Exception { try (PEMParser parser = new PEMParser(reader)) { Object parsed; @@ -219,17 +261,35 @@ class CertUtils { } } + /** + * Generates a CA certificate + */ static X509Certificate generateCACertificate(X500Principal x500Principal, KeyPair keyPair) throws Exception { return generateSignedCertificate(x500Principal, null, keyPair, null, null, true); } + /** + * Generates a signed certificate using the provided CA private key and information from the CA certificate + */ static X509Certificate generateSignedCertificate(X500Principal principal, GeneralNames subjectAltNames, KeyPair keyPair, X509Certificate caCert, PrivateKey caPrivKey) throws Exception { return generateSignedCertificate(principal, subjectAltNames, keyPair, caCert, caPrivKey, false); } + /** + * Generates a signed certificate + * @param principal the principal of the certificate; commonly referred to as the distinguished name (DN) + * @param subjectAltNames the subject alternative names that should be added to the certificate as an X509v3 extension. May be + * {@code null} + * @param keyPair the key pair that will be associated with the certificate + * @param caCert the CA certificate. If {@code null}, this results in a self signed certificate + * @param caPrivKey the CA private key. If {@code null}, this results in a self signed certificate + * @param isCa whether or not the generated certificate is a CA + * @return a signed {@link X509Certificate} + * @throws Exception if an error occurs during the certificate creation + */ private static X509Certificate generateSignedCertificate(X500Principal principal, GeneralNames subjectAltNames, KeyPair keyPair, - X509Certificate caCert, PrivateKey caPrivKey, boolean ca) throws Exception { + X509Certificate caCert, PrivateKey caPrivKey, boolean isCa) throws Exception { final DateTime notBefore = new DateTime(DateTimeZone.UTC); final DateTime notAfter = notBefore.plusYears(1); final BigInteger serial = CertUtils.getSerial(); @@ -259,7 +319,7 @@ class CertUtils { if (subjectAltNames != null) { builder.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); } - builder.addExtension(Extension.basicConstraints, ca, new BasicConstraints(ca)); + builder.addExtension(Extension.basicConstraints, isCa, new BasicConstraints(isCa)); PrivateKey signingKey = caPrivKey != null ? caPrivKey : keyPair.getPrivate(); ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(signingKey); @@ -267,6 +327,15 @@ class CertUtils { return new JcaX509CertificateConverter().getCertificate(certificateHolder); } + /** + * Generates a certificate signing request + * @param keyPair the key pair that will be associated by the certificate generated from the certificate signing request + * @param principal the principal of the certificate; commonly referred to as the distinguished name (DN) + * @param sanList the subject alternative names that should be added to the certificate as an X509v3 extension. May be +* {@code null} + * @return a certificate signing request + * @throws Exception if an error occurs generating or signing the CSR + */ static PKCS10CertificationRequest generateCSR(KeyPair keyPair, X500Principal principal, GeneralNames sanList) throws Exception { JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(principal, keyPair.getPublic()); if (sanList != null) { @@ -278,6 +347,9 @@ class CertUtils { return builder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider(CertUtils.BC_PROV).build(keyPair.getPrivate())); } + /** + * Gets a random serial for a certificate that is generated from a {@link SecureRandom} + */ static BigInteger getSerial() { SecureRandom random = new SecureRandom(); BigInteger serial = new BigInteger(SERIAL_BIT_LENGTH, random); @@ -285,6 +357,9 @@ class CertUtils { return serial; } + /** + * Generates a RSA key pair with the provided key size (in bits) + */ static KeyPair generateKeyPair(int keysize) throws Exception { // generate a private key KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); @@ -292,6 +367,9 @@ class CertUtils { return keyPairGenerator.generateKeyPair(); } + /** + * Converts the {@link InetAddress} objects into a {@link GeneralNames} object that is used to represent subject alternative names. + */ static GeneralNames getSubjectAlternativeNames(boolean resolveName, Set addresses) throws Exception { Set generalNameList = new HashSet<>(); for (InetAddress address : addresses) { @@ -308,7 +386,7 @@ class CertUtils { } @SuppressForbidden(reason = "need to use getHostName to resolve DNS name and getHostAddress to ensure we resolved the name") - static void addSubjectAlternativeNames(boolean resolveName, InetAddress inetAddress, Set list) { + private static void addSubjectAlternativeNames(boolean resolveName, InetAddress inetAddress, Set list) { String hostaddress = inetAddress.getHostAddress(); String ip = NetworkAddress.format(inetAddress); list.add(new GeneralName(GeneralName.iPAddress, ip)); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/CertificateTool.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/CertificateTool.java similarity index 99% rename from elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/CertificateTool.java rename to elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/CertificateTool.java index 43c19994bad..f8f20d32f01 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/CertificateTool.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/CertificateTool.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import joptsimple.OptionSet; import joptsimple.OptionSpec; diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/DefaultJDKTrustConfig.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/DefaultJDKTrustConfig.java new file mode 100644 index 00000000000..29197ab8773 --- /dev/null +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/DefaultJDKTrustConfig.java @@ -0,0 +1,128 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.ssl; + +import org.elasticsearch.ElasticsearchException; +import org.elasticsearch.common.Nullable; +import org.elasticsearch.env.Environment; + +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509ExtendedTrustManager; +import java.nio.file.Path; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.List; + +/** + * This class represents a trust configuration that corresponds to the default trusted certificates of the JDK + */ +class DefaultJDKTrustConfig extends TrustConfig { + + static final DefaultJDKTrustConfig INSTANCE = new DefaultJDKTrustConfig(); + + private DefaultJDKTrustConfig() { + } + + @Override + X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) { + try { + return CertUtils.trustManager(null, TrustManagerFactory.getDefaultAlgorithm()); + } catch (Exception e) { + throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e); + } + } + + @Override + List filesToMonitor(@Nullable Environment environment) { + return Collections.emptyList(); + } + + @Override + public String toString() { + return "JDK trusted certs"; + } + + @Override + public boolean equals(Object o) { + return o == this; + } + + @Override + public int hashCode() { + return System.identityHashCode(this); + } + + /** + * Merges the default trust configuration with the provided {@link TrustConfig} + * @param trustConfig the trust configuration to merge with + * @return a {@link TrustConfig} that represents a combination of both trust configurations + */ + static TrustConfig merge(TrustConfig trustConfig) { + return new CombiningTrustConfig(trustConfig); + } + + /** + * A trust configuration that is a combination of a trust configuration with the default JDK trust configuration. This trust + * configuration returns a trust manager verifies certificates against both the default JDK trusted configurations and the specific + * {@link TrustConfig} provided. + */ + static class CombiningTrustConfig extends TrustConfig { + + private final TrustConfig trustConfig; + + private CombiningTrustConfig(TrustConfig trustConfig) { + this.trustConfig = trustConfig; + } + + @Override + X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) { + X509ExtendedTrustManager trustManager = trustConfig.createTrustManager(environment); + X509ExtendedTrustManager defaultTrustManager = INSTANCE.createTrustManager(environment); + if (trustManager == null) { + return defaultTrustManager; + } + + X509Certificate[] firstIssuers = trustManager.getAcceptedIssuers(); + X509Certificate[] secondIssuers = defaultTrustManager.getAcceptedIssuers(); + X509Certificate[] acceptedIssuers = new X509Certificate[firstIssuers.length + secondIssuers.length]; + System.arraycopy(firstIssuers, 0, acceptedIssuers, 0, firstIssuers.length); + System.arraycopy(secondIssuers, 0, acceptedIssuers, firstIssuers.length, secondIssuers.length); + try { + return CertUtils.trustManager(acceptedIssuers); + } catch (Exception e) { + throw new ElasticsearchException("failed to create trust manager", e); + } + } + + @Override + List filesToMonitor(@Nullable Environment environment) { + return trustConfig.filesToMonitor(environment); + } + + @Override + public String toString() { + return "Combining Trust Config{first=[" + trustConfig.toString() + "], second=[" + INSTANCE.toString() + "]}"; + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (!(o instanceof CombiningTrustConfig)) { + return false; + } + + CombiningTrustConfig that = (CombiningTrustConfig) o; + return trustConfig.equals(that.trustConfig); + } + + @Override + public int hashCode() { + return trustConfig.hashCode(); + } + } +} diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/KeyConfig.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/KeyConfig.java similarity index 70% rename from elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/KeyConfig.java rename to elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/KeyConfig.java index baef56615e6..49657d6c66f 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/KeyConfig.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/KeyConfig.java @@ -3,43 +3,30 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.elasticsearch.common.Nullable; import org.elasticsearch.env.Environment; -import javax.net.ssl.SSLEngine; import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509ExtendedTrustManager; -import java.net.Socket; import java.nio.file.Path; -import java.security.Principal; -import java.security.PrivateKey; -import java.security.cert.X509Certificate; import java.util.Collections; import java.util.List; abstract class KeyConfig extends TrustConfig { - KeyConfig(boolean includeSystem) { - super(includeSystem); - } - - static final KeyConfig NONE = new KeyConfig(false) { + static final KeyConfig NONE = new KeyConfig() { @Override X509ExtendedKeyManager createKeyManager(@Nullable Environment environment) { return null; } @Override - X509ExtendedTrustManager nonSystemTrustManager(@Nullable Environment environment) { + X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) { return null; } - @Override - void validate() { - } - @Override List filesToMonitor(@Nullable Environment environment) { return Collections.emptyList(); @@ -49,6 +36,16 @@ abstract class KeyConfig extends TrustConfig { public String toString() { return "NONE"; } + + @Override + public boolean equals(Object o) { + return o == this; + } + + @Override + public int hashCode() { + return System.identityHashCode(this); + } }; abstract X509ExtendedKeyManager createKeyManager(@Nullable Environment environment); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMKeyConfig.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/PEMKeyConfig.java similarity index 64% rename from elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMKeyConfig.java rename to elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/PEMKeyConfig.java index bf92e63e8ac..7604f654b9b 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMKeyConfig.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/PEMKeyConfig.java @@ -3,11 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Nullable; -import org.elasticsearch.common.Strings; import org.elasticsearch.env.Environment; import javax.net.ssl.X509ExtendedKeyManager; @@ -20,19 +19,29 @@ import java.security.PrivateKey; import java.security.cert.Certificate; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.List; +import java.util.Objects; +/** + * Implementation of a key configuration that is backed by a PEM encoded key file and one or more certificates + */ class PEMKeyConfig extends KeyConfig { - final String keyPath; - final String keyPassword; - final List certPaths; + private final String keyPath; + private final String keyPassword; + private final String certPath; - PEMKeyConfig(boolean includeSystem, String keyPath, String keyPassword, List certPaths) { - super(includeSystem); - this.keyPath = keyPath; + /** + * Creates a new key configuration backed by the key and certificate chain provided + * @param keyPath the path to the key file + * @param keyPassword the password for the key. May be {@code null} + * @param certChainPath the path to the file containing the certificate chain + */ + PEMKeyConfig(String keyPath, String keyPassword, String certChainPath) { + this.keyPath = Objects.requireNonNull(keyPath, "key file must be specified"); this.keyPassword = keyPassword; - this.certPaths = certPaths; + this.certPath = Objects.requireNonNull(certChainPath, "certificate must be specified"); } @Override @@ -41,8 +50,9 @@ class PEMKeyConfig extends KeyConfig { char[] password = keyPassword == null ? new char[0] : keyPassword.toCharArray(); try { PrivateKey privateKey = readPrivateKey(CertUtils.resolvePath(keyPath, environment)); - Certificate[] certificateChain = CertUtils.readCertificates(certPaths, environment); - return CertUtils.keyManagers(certificateChain, privateKey, password); + Certificate[] certificateChain = CertUtils.readCertificates(Collections.singletonList(certPath), environment); + // password must be non-null for keystore... + return CertUtils.keyManager(certificateChain, privateKey, password); } catch (Exception e) { throw new ElasticsearchException("failed to initialize a KeyManagerFactory", e); } finally { @@ -52,7 +62,7 @@ class PEMKeyConfig extends KeyConfig { } } - PrivateKey readPrivateKey(Path keyPath) throws Exception { + private PrivateKey readPrivateKey(Path keyPath) throws Exception { char[] password = keyPassword == null ? null : keyPassword.toCharArray(); try (Reader reader = Files.newBufferedReader(keyPath, StandardCharsets.UTF_8)) { return CertUtils.readPrivateKey(reader, () -> password); @@ -64,31 +74,20 @@ class PEMKeyConfig extends KeyConfig { } @Override - X509ExtendedTrustManager nonSystemTrustManager(@Nullable Environment environment) { + X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) { try { - Certificate[] certificates = CertUtils.readCertificates(certPaths, environment); - return CertUtils.trustManagers(certificates); + Certificate[] certificates = CertUtils.readCertificates(Collections.singletonList(certPath), environment); + return CertUtils.trustManager(certificates); } catch (Exception e) { throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e); } } - @Override - void validate() { - if (keyPath == null) { - throw new IllegalArgumentException("no key file configured"); - } else if (certPaths == null || certPaths.isEmpty()) { - throw new IllegalArgumentException("no certificate provided"); - } - } - @Override List filesToMonitor(@Nullable Environment environment) { - List paths = new ArrayList<>(1 + certPaths.size()); + List paths = new ArrayList<>(2); paths.add(CertUtils.resolvePath(keyPath, environment)); - for (String certPath : certPaths) { - paths.add(CertUtils.resolvePath(certPath, environment)); - } + paths.add(CertUtils.resolvePath(certPath, environment)); return paths; } @@ -101,7 +100,7 @@ class PEMKeyConfig extends KeyConfig { if (keyPath != null ? !keyPath.equals(that.keyPath) : that.keyPath != null) return false; if (keyPassword != null ? !keyPassword.equals(that.keyPassword) : that.keyPassword != null) return false; - return certPaths != null ? certPaths.equals(that.certPaths) : that.certPaths == null; + return certPath != null ? certPath.equals(that.certPath) : that.certPath == null; } @@ -109,14 +108,14 @@ class PEMKeyConfig extends KeyConfig { public int hashCode() { int result = keyPath != null ? keyPath.hashCode() : 0; result = 31 * result + (keyPassword != null ? keyPassword.hashCode() : 0); - result = 31 * result + (certPaths != null ? certPaths.hashCode() : 0); + result = 31 * result + (certPath != null ? certPath.hashCode() : 0); return result; } @Override public String toString() { return "keyPath=[" + keyPath + - "], certPaths=[" + Strings.collectionToCommaDelimitedString(certPaths) + + "], certPaths=[" + certPath + "]"; } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMTrustConfig.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/PEMTrustConfig.java similarity index 73% rename from elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMTrustConfig.java rename to elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/PEMTrustConfig.java index 5e5f42ba45c..77c45763e68 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMTrustConfig.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/PEMTrustConfig.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Nullable; @@ -15,33 +15,33 @@ import java.nio.file.Path; import java.security.cert.Certificate; import java.util.ArrayList; import java.util.List; +import java.util.Objects; +/** + * Implementation of trust configuration that is backed by PEM encoded certificate files. + */ class PEMTrustConfig extends TrustConfig { - final List caPaths; + private final List caPaths; - PEMTrustConfig(boolean includeSystem, List caPaths) { - super(includeSystem); - this.caPaths = caPaths; + /** + * Create a new trust configuration that is built from the certificate files + * @param caPaths the paths to the certificate files to trust + */ + PEMTrustConfig(List caPaths) { + this.caPaths = Objects.requireNonNull(caPaths, "ca paths must be specified"); } @Override - X509ExtendedTrustManager nonSystemTrustManager(@Nullable Environment environment) { + X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) { try { Certificate[] certificates = CertUtils.readCertificates(caPaths, environment); - return CertUtils.trustManagers(certificates); + return CertUtils.trustManager(certificates); } catch (Exception e) { throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e); } } - @Override - void validate() { - if (caPaths == null) { - throw new IllegalArgumentException("no ca paths have been configured"); - } - } - @Override List filesToMonitor(@Nullable Environment environment) { List paths = new ArrayList<>(caPaths.size()); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SSLClientAuth.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/SSLClientAuth.java similarity index 78% rename from elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SSLClientAuth.java rename to elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/SSLClientAuth.java index a08df4a2106..af290c93d96 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SSLClientAuth.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/SSLClientAuth.java @@ -3,14 +3,17 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.transport; +package org.elasticsearch.xpack.ssl; import javax.net.ssl.SSLEngine; import java.util.Locale; +/** + * The client authentication mode that is used for SSL servers + */ public enum SSLClientAuth { - NO() { + NONE() { public boolean enabled() { return false; } @@ -40,25 +43,27 @@ public enum SSLClientAuth { } }; + /** + * @return true if client authentication is enabled + */ public abstract boolean enabled(); + /** + * Configure client authentication of the provided {@link SSLEngine} + */ public abstract void configure(SSLEngine engine); public static SSLClientAuth parse(String value) { assert value != null; switch (value.toLowerCase(Locale.ROOT)) { - case "no": - case "false": - return NO; - + case "none": + return NONE; case "optional": return OPTIONAL; - case "required": - case "true": return REQUIRED; default: - throw new IllegalArgumentException("could not resolve ssl client auth. unknown ssl client auth value [" + value + "]"); + throw new IllegalArgumentException("could not resolve ssl client auth. unknown value [" + value + "]"); } } } diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/SSLConfiguration.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/SSLConfiguration.java new file mode 100644 index 00000000000..db5c2f8ba40 --- /dev/null +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/SSLConfiguration.java @@ -0,0 +1,295 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.ssl; + +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.TrustManagerFactory; +import java.nio.file.Path; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import java.util.function.Function; + +import org.elasticsearch.common.Nullable; +import org.elasticsearch.common.settings.Setting; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.env.Environment; +import org.elasticsearch.xpack.XPackSettings; + +/** + * Represents the configuration for an SSLContext + */ +class SSLConfiguration { + + // These settings are never registered, but they exist so that we can parse the values defined under grouped settings. Also, some are + // implemented as optional settings, which provides a declarative manner for fallback as we typically fallback to values from a + // different configuration + private static final Setting> CIPHERS_SETTING = Setting.listSetting("cipher_suites", Collections.emptyList(), s -> s); + private static final Setting> SUPPORTED_PROTOCOLS_SETTING = + Setting.listSetting("supported_protocols", Collections.emptyList(), s -> s); + private static final Setting> KEYSTORE_PATH_SETTING = + new Setting<>("keystore.path", (String) null, Optional::ofNullable); + private static final Setting> KEYSTORE_PASSWORD_SETTING = + new Setting<>("keystore.password", (String) null, Optional::ofNullable); + private static final Setting KEYSTORE_ALGORITHM_SETTING = new Setting<>("keystore.algorithm", + s -> System.getProperty("ssl.KeyManagerFactory.algorithm", KeyManagerFactory.getDefaultAlgorithm()), Function.identity()); + private static final Setting> KEYSTORE_KEY_PASSWORD_SETTING = + new Setting<>("keystore.key_password", KEYSTORE_PASSWORD_SETTING, Optional::ofNullable); + private static final Setting> TRUSTSTORE_PATH_SETTING = + new Setting<>("truststore.path", (String) null, Optional::ofNullable); + private static final Setting> TRUSTSTORE_PASSWORD_SETTING = + new Setting<>("truststore.password", (String) null, Optional::ofNullable); + private static final Setting TRUSTSTORE_ALGORITHM_SETTING = new Setting<>("truststore.algorithm", + s -> System.getProperty("ssl.TrustManagerFactory.algorithm", + TrustManagerFactory.getDefaultAlgorithm()), Function.identity()); + private static final Setting> KEY_PATH_SETTING = + new Setting<>("key", (String) null, Optional::ofNullable); + private static final Setting> KEY_PASSWORD_SETTING = + new Setting<>("key_passphrase", (String) null, Optional::ofNullable); + private static final Setting> CERT_SETTING = + new Setting<>("certificate", (String) null, Optional::ofNullable); + private static final Setting> CA_PATHS_SETTING = + Setting.listSetting("certificate_authorities", Collections.emptyList(), s -> s); + private static final Setting> CLIENT_AUTH_SETTING = + new Setting<>("client_authentication", (String) null, s -> { + if (s == null) { + return Optional.ofNullable(null); + } else { + return Optional.of(SSLClientAuth.parse(s)); + } + }); + private static final Setting> VERIFICATION_MODE_SETTING = new Setting<>("verification_mode", (String) null, + s -> { + if (s == null) { + return Optional.ofNullable(null); + } else { + return Optional.of(VerificationMode.parse(s)); + } + }); + + private final KeyConfig keyConfig; + private final TrustConfig trustConfig; + private final List ciphers; + private final List supportedProtocols; + private final SSLClientAuth sslClientAuth; + private final VerificationMode verificationMode; + + /** + * Creates a new SSLConfiguration from the given settings. There is no fallback configuration when invoking this constructor so + * un-configured aspects will take on their default values. + * @param settings the SSL specific settings; only the settings under a *.ssl. prefix + */ + SSLConfiguration(Settings settings) { + this.keyConfig = createKeyConfig(settings, null); + this.trustConfig = createTrustConfig(settings, keyConfig, null); + this.ciphers = getListOrDefault(CIPHERS_SETTING, settings, XPackSettings.DEFAULT_CIPHERS); + this.supportedProtocols = getListOrDefault(SUPPORTED_PROTOCOLS_SETTING, settings, XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS); + this.sslClientAuth = CLIENT_AUTH_SETTING.get(settings).orElse(XPackSettings.CLIENT_AUTH_DEFAULT); + this.verificationMode = VERIFICATION_MODE_SETTING.get(settings).orElse(XPackSettings.VERIFICATION_MODE_DEFAULT); + } + + /** + * Creates a new SSLConfiguration from the given settings and global/default SSLConfiguration. If the settings do not contain a value + * for a given aspect, the value from the global configuration will be used. + * @param settings the SSL specific settings; only the settings under a *.ssl. prefix + * @param globalSSLConfiguration the default configuration that is used as a fallback + */ + SSLConfiguration(Settings settings, SSLConfiguration globalSSLConfiguration) { + Objects.requireNonNull(globalSSLConfiguration); + this.keyConfig = createKeyConfig(settings, globalSSLConfiguration); + this.trustConfig = createTrustConfig(settings, keyConfig, globalSSLConfiguration); + this.ciphers = getListOrDefault(CIPHERS_SETTING, settings, globalSSLConfiguration.cipherSuites()); + this.supportedProtocols = getListOrDefault(SUPPORTED_PROTOCOLS_SETTING, settings, globalSSLConfiguration.supportedProtocols()); + this.sslClientAuth = CLIENT_AUTH_SETTING.get(settings).orElse(globalSSLConfiguration.sslClientAuth()); + this.verificationMode = VERIFICATION_MODE_SETTING.get(settings).orElse(globalSSLConfiguration.verificationMode()); + } + + /** + * The configuration for the key, if any, that will be used as part of this ssl configuration + */ + KeyConfig keyConfig() { + return keyConfig; + } + + /** + * The configuration of trust material that will be used as part of this ssl configuration + */ + TrustConfig trustConfig() { + return trustConfig; + } + + /** + * The cipher suites that will be used for this ssl configuration + */ + List cipherSuites() { + return ciphers; + } + + /** + * The protocols that are supported by this configuration + */ + List supportedProtocols() { + return supportedProtocols; + } + + /** + * The verification mode for this configuration; this mode controls certificate and hostname verification + */ + VerificationMode verificationMode() { + return verificationMode; + } + + /** + * The client auth configuration + */ + SSLClientAuth sslClientAuth() { + return sslClientAuth; + } + + /** + * Provides the list of paths to files that back this configuration + */ + List filesToMonitor(@Nullable Environment environment) { + if (keyConfig() == trustConfig()) { + return keyConfig().filesToMonitor(environment); + } + List paths = new ArrayList<>(keyConfig().filesToMonitor(environment)); + paths.addAll(trustConfig().filesToMonitor(environment)); + return paths; + } + + @Override + public String toString() { + return "SSLConfiguration{" + + "keyConfig=[" + keyConfig + + "], trustConfig=" + trustConfig + + "], cipherSuites=[" + ciphers + + "], supportedProtocols=[" + supportedProtocols + + "], sslClientAuth=[" + sslClientAuth + + "], verificationMode=[" + verificationMode + + "]}"; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof SSLConfiguration)) return false; + + SSLConfiguration that = (SSLConfiguration) o; + + if (this.keyConfig() != null ? !this.keyConfig().equals(that.keyConfig()) : that.keyConfig() != null) { + return false; + } + if (this.trustConfig() != null ? !this.trustConfig().equals(that.trustConfig()) : that.trustConfig() != null) { + return false; + } + if (this.cipherSuites() != null ? !this.cipherSuites().equals(that.cipherSuites()) : that.cipherSuites() != null) { + return false; + } + if (!this.supportedProtocols().equals(that.supportedProtocols())) { + return false; + } + if (this.verificationMode() != that.verificationMode()) { + return false; + } + if (this.sslClientAuth() != that.sslClientAuth()) { + return false; + } + return this.supportedProtocols() != null ? + this.supportedProtocols().equals(that.supportedProtocols()) : that.supportedProtocols() == null; + } + + @Override + public int hashCode() { + int result = this.keyConfig() != null ? this.keyConfig().hashCode() : 0; + result = 31 * result + (this.trustConfig() != null ? this.trustConfig().hashCode() : 0); + result = 31 * result + (this.cipherSuites() != null ? this.cipherSuites().hashCode() : 0); + result = 31 * result + (this.supportedProtocols() != null ? this.supportedProtocols().hashCode() : 0); + result = 31 * result + this.verificationMode().hashCode(); + result = 31 * result + this.sslClientAuth().hashCode(); + return result; + } + + private static KeyConfig createKeyConfig(Settings settings, SSLConfiguration global) { + String keyStorePath = KEYSTORE_PATH_SETTING.get(settings).orElse(null); + String keyPath = KEY_PATH_SETTING.get(settings).orElse(null); + if (keyPath != null && keyStorePath != null) { + throw new IllegalArgumentException("you cannot specify a keystore and key file"); + } else if (keyStorePath == null && keyPath == null) { + if (global != null) { + return global.keyConfig(); + } else if (System.getProperty("javax.net.ssl.keyStore") != null) { + return new StoreKeyConfig(System.getProperty("javax.net.ssl.keyStore"), + System.getProperty("javax.net.ssl.keyStorePassword", ""), System.getProperty("javax.net.ssl.keyStorePassword", ""), + System.getProperty("ssl.KeyManagerFactory.algorithm", KeyManagerFactory.getDefaultAlgorithm()), + System.getProperty("ssl.TrustManagerFactory.algorithm", TrustManagerFactory.getDefaultAlgorithm())); + } + return KeyConfig.NONE; + } + + if (keyPath != null) { + String keyPassword = KEY_PASSWORD_SETTING.get(settings).orElse(null); + String certPath = CERT_SETTING.get(settings).orElse(null); + if (certPath == null) { + throw new IllegalArgumentException("you must specify the certificates to use with the key"); + } + return new PEMKeyConfig(keyPath, keyPassword, certPath); + } else { + String keyStorePassword = KEYSTORE_PASSWORD_SETTING.get(settings).orElse(null); + String keyStoreAlgorithm = KEYSTORE_ALGORITHM_SETTING.get(settings); + String keyStoreKeyPassword = KEYSTORE_KEY_PASSWORD_SETTING.get(settings).orElse(keyStorePassword); + String trustStoreAlgorithm = TRUSTSTORE_ALGORITHM_SETTING.get(settings); + return new StoreKeyConfig(keyStorePath, keyStorePassword, keyStoreKeyPassword, keyStoreAlgorithm, trustStoreAlgorithm); + } + } + + private static TrustConfig createTrustConfig(Settings settings, KeyConfig keyConfig, SSLConfiguration global) { + String trustStorePath = TRUSTSTORE_PATH_SETTING.get(settings).orElse(null); + List caPaths = getListOrNull(CA_PATHS_SETTING, settings); + if (trustStorePath != null && caPaths != null) { + throw new IllegalArgumentException("you cannot specify a truststore and ca files"); + } + + VerificationMode verificationMode = VERIFICATION_MODE_SETTING.get(settings).orElseGet(() -> { + if (global != null) { + return global.verificationMode(); + } + return XPackSettings.VERIFICATION_MODE_DEFAULT; + }); + if (verificationMode.isCertificateVerificationEnabled() == false) { + return TrustAllConfig.INSTANCE; + } else if (caPaths != null) { + return new PEMTrustConfig(caPaths); + } else if (trustStorePath != null) { + String trustStorePassword = TRUSTSTORE_PASSWORD_SETTING.get(settings).orElse(null); + String trustStoreAlgorithm = TRUSTSTORE_ALGORITHM_SETTING.get(settings); + return new StoreTrustConfig(trustStorePath, trustStorePassword, trustStoreAlgorithm); + } else if (global == null && System.getProperty("javax.net.ssl.trustStore") != null) { + return new StoreTrustConfig(System.getProperty("javax.net.ssl.trustStore"), + System.getProperty("javax.net.ssl.trustStorePassword", ""), + System.getProperty("ssl.TrustManagerFactory.algorithm", TrustManagerFactory.getDefaultAlgorithm())); + } else if (global != null && keyConfig == global.keyConfig()) { + return global.trustConfig(); + } else if (keyConfig != KeyConfig.NONE) { + return DefaultJDKTrustConfig.merge(keyConfig); + } else { + return DefaultJDKTrustConfig.INSTANCE; + } + } + + private static List getListOrNull(Setting> listSetting, Settings settings) { + return getListOrDefault(listSetting, settings, null); + } + + private static List getListOrDefault(Setting> listSetting, Settings settings, List defaultValue) { + if (listSetting.exists(settings)) { + return listSetting.get(settings); + } + return defaultValue; + } +} diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloader.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/SSLConfigurationReloader.java similarity index 97% rename from elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloader.java rename to elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/SSLConfigurationReloader.java index 5c2179b4096..993bd794eeb 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloader.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/SSLConfigurationReloader.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.settings.Settings; @@ -12,7 +12,7 @@ import org.elasticsearch.watcher.FileChangesListener; import org.elasticsearch.watcher.FileWatcher; import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.watcher.ResourceWatcherService.Frequency; -import org.elasticsearch.xpack.security.ssl.SSLService.SSLContextHolder; +import org.elasticsearch.xpack.ssl.SSLService.SSLContextHolder; import javax.net.ssl.SSLContext; import java.io.IOException; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLService.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/SSLService.java similarity index 68% rename from elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLService.java rename to elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/SSLService.java index 12eed7ff049..4890636af61 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLService.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/SSLService.java @@ -3,22 +3,19 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Strings; import org.elasticsearch.common.component.AbstractComponent; -import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.transport.TransportSettings; -import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Custom; -import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; -import org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport; -import org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4Transport; +import org.elasticsearch.xpack.XPackSettings; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; @@ -45,11 +42,6 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; -import static org.elasticsearch.xpack.security.Security.setting; -import static org.elasticsearch.xpack.security.Security.settingPrefix; -import static org.elasticsearch.xpack.security.authc.Realms.REALMS_GROUPS_SETTINGS; -import static org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4Transport.SSL_SETTING; - /** * Provides access to {@link SSLEngine} and {@link SSLSocketFactory} objects based on a provided configuration. All * configurations loaded by this service must be configured on construction. @@ -60,13 +52,46 @@ public class SSLService extends AbstractComponent { private final SSLConfiguration globalSSLConfiguration; private final Environment env; + /** + * Create a new SSLService that parses the settings for the ssl contexts that need to be created, creates them, and then caches them + * for use later + */ public SSLService(Settings settings, Environment environment) { super(settings); this.env = environment; - this.globalSSLConfiguration = new Global(settings); + this.globalSSLConfiguration = new SSLConfiguration(settings.getByPrefix("xpack.ssl.")); this.sslContexts = loadSSLConfigurations(); } + /** + * Creates a new SSLService that supports dynamic creation of SSLContext instances. Instances created by this service will not be + * cached and will not be monitored for reloading. This dynamic server does have access to the cached and monitored instances that + * have been created during initialization + */ + public SSLService createDynamicSSLService() { + return new SSLService(settings, env) { + + @Override + Map loadSSLConfigurations() { + // we don't need to load anything... + return Collections.emptyMap(); + } + + /** + * Returns the existing {@link SSLContextHolder} for the configuration + * @throws IllegalArgumentException if not found + */ + SSLContextHolder sslContextHolder(SSLConfiguration sslConfiguration) { + SSLContextHolder holder = SSLService.this.sslContexts.get(sslConfiguration); + if (holder == null) { + // normally we'd throw here but let's create a new one that is not cached and will not be monitored for changes! + holder = SSLService.this.createSslContext(sslConfiguration); + } + return holder; + } + }; + } + /** * Create a new {@link SSLSocketFactory} based on the provided settings. The settings are used to identify the ssl configuration that * should be used to create the socket factory. The socket factory will also properly configure the ciphers and protocols on each @@ -79,7 +104,7 @@ public class SSLService extends AbstractComponent { SSLConfiguration sslConfiguration = sslConfiguration(settings); SSLSocketFactory socketFactory = sslContext(sslConfiguration).getSocketFactory(); return new SecuritySSLSocketFactory(socketFactory, sslConfiguration.supportedProtocols().toArray(Strings.EMPTY_ARRAY), - supportedCiphers(socketFactory.getSupportedCipherSuites(), sslConfiguration.ciphers(), false)); + supportedCiphers(socketFactory.getSupportedCipherSuites(), sslConfiguration.cipherSuites(), false)); } /** @@ -89,28 +114,32 @@ public class SSLService extends AbstractComponent { * will not use hostname verification. * @param settings the settings used to identify the ssl configuration, typically under a *.ssl. prefix. An empty settings will return * a SSLEngine created from the default configuration + * @param fallbackSettings the settings that should be used for the fallback of the SSLConfiguration. Using {@link Settings#EMPTY} + * results in a fallback to the global configuration * @return {@link SSLEngine} */ - public SSLEngine createSSLEngine(Settings settings) { - return createSSLEngine(settings, null, -1); + public SSLEngine createSSLEngine(Settings settings, Settings fallbackSettings) { + return createSSLEngine(settings, fallbackSettings, null, -1); } /** * Creates an {@link SSLEngine} based on the provided settings. The settings are used to identify the ssl configuration that should be * used to create the engine. This SSLEngine can be used for a connection that requires hostname verification assuming the provided - * host and port are correct. The SSLEngine created by this method is most useful for clients with hostname verificaton enabled + * host and port are correct. The SSLEngine created by this method is most useful for clients with hostname verification enabled * @param settings the settings used to identify the ssl configuration, typically under a *.ssl. prefix. An empty settings will return * a SSLEngine created from the default configuration + * @param fallbackSettings the settings that should be used for the fallback of the SSLConfiguration. Using {@link Settings#EMPTY} + * results in a fallback to the global configuration * @param host the host of the remote endpoint. If using hostname verification, this should match what is in the remote endpoint's * certificate * @param port the port of the remote endpoint * @return {@link SSLEngine} */ - public SSLEngine createSSLEngine(Settings settings, String host, int port) { - SSLConfiguration configuration = sslConfiguration(settings); + public SSLEngine createSSLEngine(Settings settings, Settings fallbackSettings, String host, int port) { + SSLConfiguration configuration = sslConfiguration(settings, fallbackSettings); SSLContext sslContext = sslContext(configuration); SSLEngine sslEngine = sslContext.createSSLEngine(host, port); - String[] ciphers = supportedCiphers(sslEngine.getSupportedCipherSuites(), configuration.ciphers(), false); + String[] ciphers = supportedCiphers(sslEngine.getSupportedCipherSuites(), configuration.cipherSuites(), false); try { sslEngine.setEnabledCipherSuites(ciphers); } catch (ElasticsearchException e) { @@ -125,16 +154,61 @@ public class SSLService extends AbstractComponent { } catch (IllegalArgumentException e) { throw new IllegalArgumentException("failed setting supported protocols " + Arrays.toString(supportedProtocols), e); } + + if (configuration.verificationMode().isHostnameVerificationEnabled() && host != null) { + // By default, a SSLEngine will not perform hostname verification. In order to perform hostname verification + // we need to specify a EndpointIdentificationAlgorithm. We use the HTTPS algorithm to prevent against + // man in the middle attacks for all of our connections. + SSLParameters parameters = new SSLParameters(); + parameters.setEndpointIdentificationAlgorithm("HTTPS"); + sslEngine.setSSLParameters(parameters); + } + + // TODO configure using SSLParameters + configuration.sslClientAuth().configure(sslEngine); return sslEngine; } /** * Returns whether the provided settings results in a valid configuration that can be used for server connections + * @param settings the settings used to identify the ssl configuration, typically under a *.ssl. prefix + * @param fallback the settings that should be used for the fallback of the SSLConfiguration. Using {@link Settings#EMPTY} + * results in a fallback to the global configuration */ - public boolean isConfigurationValidForServerUsage(Settings settings) { - SSLConfiguration sslConfiguration = sslConfiguration(settings); + public boolean isConfigurationValidForServerUsage(Settings settings, Settings fallback) { + SSLConfiguration sslConfiguration = sslConfiguration(settings, fallback); return sslConfiguration.keyConfig() != KeyConfig.NONE; } + /** + * Indicates whether client authentication is enabled for a particular configuration + * @param settings the settings used to identify the ssl configuration, typically under a *.ssl. prefix. The global configuration + * will be used for fallback + */ + public boolean isSSLClientAuthEnabled(Settings settings) { + return isSSLClientAuthEnabled(settings, Settings.EMPTY); + } + + /** + * Indicates whether client authentication is enabled for a particular configuration + * @param settings the settings used to identify the ssl configuration, typically under a *.ssl. prefix + * @param fallback the settings that should be used for the fallback of the SSLConfiguration. Using {@link Settings#EMPTY} + * results in a fallback to the global configuration + */ + public boolean isSSLClientAuthEnabled(Settings settings, Settings fallback) { + SSLConfiguration sslConfiguration = sslConfiguration(settings, fallback); + return sslConfiguration.sslClientAuth().enabled(); + } + + /** + * Returns the {@link VerificationMode} that is specified in the settings (or the default) + * @param settings the settings used to identify the ssl configuration, typically under a *.ssl. prefix + * @param fallback the settings that should be used for the fallback of the SSLConfiguration. Using {@link Settings#EMPTY} + * results in a fallback to the global configuration + */ + public VerificationMode getVerificationMode(Settings settings, Settings fallback) { + SSLConfiguration sslConfiguration = sslConfiguration(settings, fallback); + return sslConfiguration.verificationMode(); + } /** * Returns the {@link SSLContext} for the global configuration. Mainly used for testing @@ -171,7 +245,23 @@ public class SSLService extends AbstractComponent { if (settings.isEmpty()) { return globalSSLConfiguration; } - return new Custom(settings, globalSSLConfiguration); + return new SSLConfiguration(settings, globalSSLConfiguration); + } + + /** + * Returns the existing {@link SSLConfiguration} for the given settings and applies the provided fallback settings instead of the global + * configuration + * @param settings the settings for the ssl configuration + * @param fallbackSettings the settings that should be used for the fallback of the SSLConfiguration. Using {@link Settings#EMPTY} + * results in a fallback to the global configuration + * @return the ssl configuration for the provided settings. If the settings are empty, the global configuration is returned + */ + SSLConfiguration sslConfiguration(Settings settings, Settings fallbackSettings) { + if (settings.isEmpty() && fallbackSettings.isEmpty()) { + return globalSSLConfiguration; + } + SSLConfiguration fallback = sslConfiguration(fallbackSettings); + return new SSLConfiguration(settings, fallback); } /** @@ -235,13 +325,11 @@ public class SSLService extends AbstractComponent { // Initialize sslContext try { - SSLContext sslContext = SSLContext.getInstance(sslConfiguration.protocol()); + SSLContext sslContext = SSLContext.getInstance(sslContextAlgorithm(sslConfiguration.supportedProtocols())); sslContext.init(new X509ExtendedKeyManager[] { keyManager }, new X509ExtendedTrustManager[] { trustManager }, null); - sslContext.getServerSessionContext().setSessionCacheSize(sslConfiguration.sessionCacheSize()); - sslContext.getServerSessionContext().setSessionTimeout(Math.toIntExact(sslConfiguration.sessionCacheTimeout().seconds())); // check the supported ciphers and log them here to prevent spamming logs on every call - supportedCiphers(sslContext.getSupportedSSLParameters().getCipherSuites(), sslConfiguration.ciphers(), true); + supportedCiphers(sslContext.getSupportedSSLParameters().getCipherSuites(), sslConfiguration.cipherSuites(), true); return new SSLContextHolder(sslContext, trustManager, keyManager); } catch (NoSuchAlgorithmException | KeyManagementException e) { @@ -252,17 +340,29 @@ public class SSLService extends AbstractComponent { /** * Parses the settings to load all SSLConfiguration objects that will be used. */ - private Map loadSSLConfigurations() { + Map loadSSLConfigurations() { Map sslConfigurations = new HashMap<>(); - validateSSLConfiguration(globalSSLConfiguration); sslConfigurations.put(globalSSLConfiguration, createSslContext(globalSSLConfiguration)); - List sslSettings = new ArrayList<>(); - sslSettings.addAll(getTransportSSLSettings(settings)); - sslSettings.addAll(getRealmsSSLSettings(settings)); - sslSettings.addAll(getHttpSSLSettings(settings)); - for (Settings settings : sslSettings) { - SSLConfiguration sslConfiguration = new Custom(settings, globalSSLConfiguration); - validateSSLConfiguration(sslConfiguration); + + final Settings transportSSLSettings = settings.getByPrefix("xpack.security.transport.ssl."); + List sslSettingsList = new ArrayList<>(); + sslSettingsList.add(transportSSLSettings); + sslSettingsList.add(getHttpTransportSSLSettings(settings)); + sslSettingsList.add(settings.getByPrefix("xpack.http.ssl.")); + sslSettingsList.addAll(getRealmsSSLSettings(settings)); + sslSettingsList.addAll(getMonitoringExporterSettings(settings)); + + for (Settings sslSettings : sslSettingsList) { + SSLConfiguration sslConfiguration = new SSLConfiguration(sslSettings, globalSSLConfiguration); + if (sslConfigurations.containsKey(sslConfiguration) == false) { + sslConfigurations.put(sslConfiguration, createSslContext(sslConfiguration)); + } + } + + // transport profiles are special since they fallback is to the transport settings which in turn falls back to global. + SSLConfiguration transportSSLConfiguration = new SSLConfiguration(transportSSLSettings, globalSSLConfiguration); + for (Settings profileSettings : getTransportProfileSSLSettings(settings)) { + SSLConfiguration sslConfiguration = new SSLConfiguration(profileSettings, transportSSLConfiguration); if (sslConfigurations.containsKey(sslConfiguration) == false) { sslConfigurations.put(sslConfiguration, createSslContext(sslConfiguration)); } @@ -270,11 +370,6 @@ public class SSLService extends AbstractComponent { return Collections.unmodifiableMap(sslConfigurations); } - private void validateSSLConfiguration(SSLConfiguration configuration) { - configuration.keyConfig().validate(); - configuration.trustConfig().validate(); - } - /** * This socket factory wraps an existing SSLSocketFactory and sets the protocols and ciphers on each SSLSocket after it is created. This * is needed even though the SSLContext is configured properly as the configuration does not flow down to the sockets created by the @@ -599,29 +694,9 @@ public class SSLService extends AbstractComponent { } } - public static void addSettings(List> settings) { - settings.add(Global.CIPHERS_SETTING); - settings.add(Global.SUPPORTED_PROTOCOLS_SETTING); - settings.add(Global.KEYSTORE_PATH_SETTING); - settings.add(Global.KEYSTORE_PASSWORD_SETTING); - settings.add(Global.KEYSTORE_ALGORITHM_SETTING); - settings.add(Global.KEYSTORE_KEY_PASSWORD_SETTING); - settings.add(Global.KEY_PATH_SETTING); - settings.add(Global.KEY_PASSWORD_SETTING); - settings.add(Global.CERT_SETTING); - settings.add(Global.TRUSTSTORE_PATH_SETTING); - settings.add(Global.TRUSTSTORE_PASSWORD_SETTING); - settings.add(Global.TRUSTSTORE_ALGORITHM_SETTING); - settings.add(Global.PROTOCOL_SETTING); - settings.add(Global.SESSION_CACHE_SIZE_SETTING); - settings.add(Global.SESSION_CACHE_TIMEOUT_SETTING); - settings.add(Global.CA_PATHS_SETTING); - settings.add(Global.INCLUDE_JDK_CERTS_SETTING); - } - private static List getRealmsSSLSettings(Settings settings) { List sslSettings = new ArrayList<>(); - Settings realmsSettings = REALMS_GROUPS_SETTINGS.get(settings); + Settings realmsSettings = settings.getByPrefix("xpack.security.authc.realms."); for (String name : realmsSettings.names()) { Settings realmSSLSettings = realmsSettings.getAsSettings(name).getByPrefix("ssl."); if (realmSSLSettings.isEmpty() == false) { @@ -631,23 +706,87 @@ public class SSLService extends AbstractComponent { return sslSettings; } - private static List getTransportSSLSettings(Settings settings) { + private static List getTransportProfileSSLSettings(Settings settings) { List sslSettings = new ArrayList<>(); Map profiles = TransportSettings.TRANSPORT_PROFILES_SETTING.get(settings).getAsGroups(true); for (Entry entry : profiles.entrySet()) { - Settings profileSettings = entry.getValue(); - final boolean profileSsl = SecurityNetty4Transport.profileSSL(profileSettings, SSL_SETTING.get(settings)); - if (profileSsl && profileSettings.isEmpty() == false) { - sslSettings.add(profileSettings.getByPrefix(settingPrefix())); + Settings profileSettings = entry.getValue().getByPrefix("xpack.security.ssl."); + if (profileSettings.isEmpty() == false) { + sslSettings.add(profileSettings); } } return sslSettings; } - private static List getHttpSSLSettings(Settings settings) { - if (SecurityNetty4HttpServerTransport.SSL_SETTING.get(settings)) { - return Collections.singletonList(settings.getByPrefix(setting("http.ssl."))); + public static Settings getHttpTransportSSLSettings(Settings settings) { + Settings httpSSLSettings = settings.getByPrefix("xpack.security.http.ssl."); + if (httpSSLSettings.isEmpty()) { + return httpSSLSettings; } - return Collections.emptyList(); + + Settings.Builder builder = Settings.builder().put(httpSSLSettings); + if (builder.get("client_authentication") == null) { + builder.put("client_authentication", XPackSettings.HTTP_CLIENT_AUTH_DEFAULT); + } + return builder.build(); + } + + private static List getMonitoringExporterSettings(Settings settings) { + List sslSettings = new ArrayList<>(); + Map exportersSettings = settings.getGroups("xpack.monitoring.exporters."); + for (Entry entry : exportersSettings.entrySet()) { + Settings exporterSSLSettings = entry.getValue().getByPrefix("ssl."); + if (exporterSSLSettings.isEmpty() == false) { + sslSettings.add(exporterSSLSettings); + } + } + return sslSettings; + } + + /** + * Maps the supported protocols to an appropriate ssl context algorithm. We make an attempt to use the "best" algorithm when + * possible. The names in this method are taken from the + * JCA Standard Algorithm Name + * Documentation for Java 8. + */ + private static String sslContextAlgorithm(List supportedProtocols) { + if (supportedProtocols.isEmpty()) { + return "TLSv1.2"; + } + + String algorithm = "SSL"; + for (String supportedProtocol : supportedProtocols) { + switch (supportedProtocol) { + case "TLSv1.2": + return "TLSv1.2"; + case "TLSv1.1": + if ("TLSv1.2".equals(algorithm) == false) { + algorithm = "TLSv1.1"; + } + break; + case "TLSv1": + switch (algorithm) { + case "TLSv1.2": + case "TLSv1.1": + break; + default: + algorithm = "TLSv1"; + } + break; + case "SSLv3": + switch (algorithm) { + case "SSLv2": + case "SSL": + algorithm = "SSLv3"; + } + break; + case "SSLv2": + case "SSLv2Hello": + break; + default: + throw new IllegalArgumentException("found unexpected value in supported protocols: " + supportedProtocol); + } + } + return algorithm; } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreKeyConfig.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/StoreKeyConfig.java similarity index 72% rename from elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreKeyConfig.java rename to elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/StoreKeyConfig.java index b8e5c074c84..d0b5d4761ae 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreKeyConfig.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/StoreKeyConfig.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Nullable; @@ -17,7 +17,11 @@ import java.nio.file.Path; import java.security.KeyStore; import java.util.Collections; import java.util.List; +import java.util.Objects; +/** + * A key configuration that is backed by a {@link KeyStore} + */ class StoreKeyConfig extends KeyConfig { final String keyStorePath; @@ -26,11 +30,18 @@ class StoreKeyConfig extends KeyConfig { final String keyPassword; final String trustStoreAlgorithm; - StoreKeyConfig(boolean includeSystem, String keyStorePath, String keyStorePassword, String keyPassword, - String keyStoreAlgorithm, String trustStoreAlgorithm) { - super(includeSystem); - this.keyStorePath = keyStorePath; - this.keyStorePassword = keyStorePassword; + /** + * Creates a new configuration that can be used to load key and trust material from a {@link KeyStore} + * @param keyStorePath the path to the keystore file + * @param keyStorePassword the password for the keystore + * @param keyPassword the password for the private key in the keystore + * @param keyStoreAlgorithm the algorithm for the keystore + * @param trustStoreAlgorithm the algorithm to use when loading as a truststore + */ + StoreKeyConfig(String keyStorePath, String keyStorePassword, String keyPassword, String keyStoreAlgorithm, + String trustStoreAlgorithm) { + this.keyStorePath = Objects.requireNonNull(keyStorePath, "keystore path must be specified"); + this.keyStorePassword = Objects.requireNonNull(keyStorePassword, "keystore password must be specified"); this.keyPassword = keyPassword; this.keyStoreAlgorithm = keyStoreAlgorithm; this.trustStoreAlgorithm = trustStoreAlgorithm; @@ -39,34 +50,25 @@ class StoreKeyConfig extends KeyConfig { @Override X509ExtendedKeyManager createKeyManager(@Nullable Environment environment) { try (InputStream in = Files.newInputStream(CertUtils.resolvePath(keyStorePath, environment))) { - // TODO remove reliance on JKS since we can PKCS12 stores... + // TODO remove reliance on JKS since we can use PKCS12 stores in JDK8+... KeyStore ks = KeyStore.getInstance("jks"); assert keyStorePassword != null; ks.load(in, keyStorePassword.toCharArray()); - return CertUtils.keyManagers(ks, keyPassword.toCharArray(), keyStoreAlgorithm); + return CertUtils.keyManager(ks, keyPassword.toCharArray(), keyStoreAlgorithm); } catch (Exception e) { throw new ElasticsearchException("failed to initialize a KeyManagerFactory", e); } } @Override - X509ExtendedTrustManager nonSystemTrustManager(@Nullable Environment environment) { + X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) { try { - return CertUtils.trustManagers(keyStorePath, keyStorePassword, trustStoreAlgorithm, environment); + return CertUtils.trustManager(keyStorePath, keyStorePassword, trustStoreAlgorithm, environment); } catch (Exception e) { throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e); } } - @Override - void validate() { - if (keyStorePath == null) { - throw new IllegalArgumentException("keystore path must be specified"); - } else if (keyStorePassword == null) { - throw new IllegalArgumentException("no keystore password configured"); - } - } - @Override List filesToMonitor(@Nullable Environment environment) { return Collections.singletonList(CertUtils.resolvePath(keyStorePath, environment)); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreTrustConfig.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/StoreTrustConfig.java similarity index 70% rename from elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreTrustConfig.java rename to elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/StoreTrustConfig.java index 1c7cb2571cc..d635e14e155 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreTrustConfig.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/StoreTrustConfig.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Nullable; @@ -13,41 +13,39 @@ import javax.net.ssl.X509ExtendedTrustManager; import java.nio.file.Path; import java.util.Collections; import java.util.List; +import java.util.Objects; +/** + * Trust configuration that is backed by a {@link java.security.KeyStore} + */ class StoreTrustConfig extends TrustConfig { final String trustStorePath; final String trustStorePassword; final String trustStoreAlgorithm; - StoreTrustConfig(boolean includeSystem, String trustStorePath, String trustStorePassword, String trustStoreAlgorithm) { - super(includeSystem); + /** + * Create a new configuration based on the provided parameters + * @param trustStorePath the path to the truststore + * @param trustStorePassword the password for the truststore + * @param trustStoreAlgorithm the algorithm to use for reading the truststore + */ + StoreTrustConfig(String trustStorePath, String trustStorePassword, String trustStoreAlgorithm) { this.trustStorePath = trustStorePath; - this.trustStorePassword = trustStorePassword; + this.trustStorePassword = trustStorePath != null ? + Objects.requireNonNull(trustStorePassword, "truststore password must be specified") : trustStorePassword; this.trustStoreAlgorithm = trustStoreAlgorithm; } @Override - X509ExtendedTrustManager nonSystemTrustManager(@Nullable Environment environment) { - if (trustStorePath == null) { - return null; - } + X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) { try { - return CertUtils.trustManagers(trustStorePath, trustStorePassword, trustStoreAlgorithm, environment); + return CertUtils.trustManager(trustStorePath, trustStorePassword, trustStoreAlgorithm, environment); } catch (Exception e) { throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e); } } - @Override - void validate() { - if (trustStorePath != null) { - if (trustStorePassword == null) { - throw new IllegalArgumentException("no truststore password configured"); - } - } - } - @Override List filesToMonitor(@Nullable Environment environment) { if (trustStorePath == null) { @@ -66,9 +64,7 @@ class StoreTrustConfig extends TrustConfig { if (trustStorePath != null ? !trustStorePath.equals(that.trustStorePath) : that.trustStorePath != null) return false; if (trustStorePassword != null ? !trustStorePassword.equals(that.trustStorePassword) : that.trustStorePassword != null) return false; - return trustStoreAlgorithm != null ? trustStoreAlgorithm.equals(that.trustStoreAlgorithm) : that.trustStoreAlgorithm == - null; - + return trustStoreAlgorithm != null ? trustStoreAlgorithm.equals(that.trustStoreAlgorithm) : that.trustStoreAlgorithm == null; } @Override diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/TrustAllConfig.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/TrustAllConfig.java new file mode 100644 index 00000000000..c3032a30ebd --- /dev/null +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/TrustAllConfig.java @@ -0,0 +1,89 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.ssl; + +import org.elasticsearch.common.Nullable; +import org.elasticsearch.env.Environment; + +import javax.net.ssl.SSLEngine; +import javax.net.ssl.X509ExtendedTrustManager; +import java.net.Socket; +import java.nio.file.Path; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.List; + +/** + * A trust manager that trusts all certificates + */ +class TrustAllConfig extends TrustConfig { + + public static final TrustAllConfig INSTANCE = new TrustAllConfig(); + + /** + * The {@link X509ExtendedTrustManager} that will trust all certificates. All methods are implemented as a no-op and do not throw + * exceptions regardless of the certificate presented. + */ + private static final X509ExtendedTrustManager TRUST_MANAGER = new X509ExtendedTrustManager() { + @Override + public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException { + } + + @Override + public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException { + } + + @Override + public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException { + } + + @Override + public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException { + } + + @Override + public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { + } + + @Override + public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; + } + }; + + private TrustAllConfig() { + } + + @Override + X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) { + return TRUST_MANAGER; + } + + @Override + List filesToMonitor(@Nullable Environment environment) { + return Collections.emptyList(); + } + + @Override + public String toString() { + return "trust all"; + } + + @Override + public boolean equals(Object o) { + return o == this; + } + + @Override + public int hashCode() { + return System.identityHashCode(this); + } +} diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/TrustConfig.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/TrustConfig.java new file mode 100644 index 00000000000..0e0b6bb1c4e --- /dev/null +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/TrustConfig.java @@ -0,0 +1,46 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.ssl; + +import org.elasticsearch.common.Nullable; +import org.elasticsearch.env.Environment; + +import javax.net.ssl.X509ExtendedTrustManager; +import java.nio.file.Path; +import java.util.List; + +/** + * The configuration of trust material for SSL usage + */ +abstract class TrustConfig { + + /** + * Creates a {@link X509ExtendedTrustManager} based on the provided configuration + * @param environment the environment to resolve files against or null in the case of running in a transport client + */ + abstract X509ExtendedTrustManager createTrustManager(@Nullable Environment environment); + + /** + * Returns a list of files that should be monitored for changes + * @param environment the environment to resolve files against or null in the case of running in a transport client + */ + abstract List filesToMonitor(@Nullable Environment environment); + + /** + * {@inheritDoc}. Declared as abstract to force implementors to provide a custom implementation + */ + public abstract String toString(); + + /** + * {@inheritDoc}. Declared as abstract to force implementors to provide a custom implementation + */ + public abstract boolean equals(Object o); + + /** + * {@inheritDoc}. Declared as abstract to force implementors to provide a custom implementation + */ + public abstract int hashCode(); +} diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/VerificationMode.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/VerificationMode.java new file mode 100644 index 00000000000..116b1d96aac --- /dev/null +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/ssl/VerificationMode.java @@ -0,0 +1,71 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.ssl; + +import java.util.Locale; + +/** + * Represents the verification mode to be used for SSL connections. + */ +public enum VerificationMode { + NONE { + @Override + public boolean isHostnameVerificationEnabled() { + return false; + } + + @Override + public boolean isCertificateVerificationEnabled() { + return false; + } + }, + CERTIFICATE { + @Override + public boolean isHostnameVerificationEnabled() { + return false; + } + + @Override + public boolean isCertificateVerificationEnabled() { + return true; + } + }, + FULL { + @Override + public boolean isHostnameVerificationEnabled() { + return true; + } + + @Override + public boolean isCertificateVerificationEnabled() { + return true; + } + }; + + /** + * @return true if hostname verification is enabled + */ + public abstract boolean isHostnameVerificationEnabled(); + + /** + * @return true if certificate verification is enabled + */ + public abstract boolean isCertificateVerificationEnabled(); + + public static VerificationMode parse(String value) { + assert value != null; + switch (value.toLowerCase(Locale.ROOT)) { + case "none": + return NONE; + case "certificate": + return CERTIFICATE; + case "full": + return FULL; + default: + throw new IllegalArgumentException("could not resolve verification mode. unknown value [" + value + "]"); + } + } +} \ No newline at end of file diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpClientTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpClientTests.java index d659ee93b3b..187cc2760e7 100644 --- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpClientTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpClientTests.java @@ -19,6 +19,7 @@ import org.elasticsearch.test.junit.annotations.Network; import org.elasticsearch.xpack.common.http.auth.HttpAuthRegistry; import org.elasticsearch.xpack.common.http.auth.basic.BasicAuth; import org.elasticsearch.xpack.common.http.auth.basic.BasicAuthFactory; +import org.elasticsearch.xpack.ssl.SSLService; import org.junit.After; import org.junit.Before; @@ -57,8 +58,7 @@ public class HttpClientTests extends ESTestCase { authRegistry = new HttpAuthRegistry(singletonMap(BasicAuth.TYPE, new BasicAuthFactory(null))); webServer = startWebServer(); webPort = webServer.getPort(); - httpClient = new HttpClient(Settings.EMPTY, authRegistry, environment); - httpClient.start(); + httpClient = new HttpClient(Settings.EMPTY, authRegistry, environment, new SSLService(environment.settings(), environment)); } @After @@ -162,24 +162,23 @@ public class HttpClientTests extends ESTestCase { Settings settings; if (randomBoolean()) { settings = Settings.builder() - .put(HttpClient.SETTINGS_SSL_TRUSTSTORE, resource.toString()) - .put(HttpClient.SETTINGS_SSL_TRUSTSTORE_PASSWORD, "truststore-testnode-only") + .put("xpack.http.ssl.truststore.path", resource.toString()) + .put("xpack.http.ssl.truststore.password", "truststore-testnode-only") .build(); } else { settings = Settings.builder() - .put(HttpClient.SETTINGS_SSL_SECURITY_TRUSTSTORE, resource.toString()) - .put(HttpClient.SETTINGS_SSL_SECURITY_TRUSTSTORE_PASSWORD, "truststore-testnode-only") + .put("xpack.ssl.truststore.path", resource.toString()) + .put("xpack.ssl.truststore.password", "truststore-testnode-only") .build(); } - HttpClient httpClient = new HttpClient(settings, authRegistry, environment); - httpClient.start(); + HttpClient httpClient = new HttpClient(settings, authRegistry, environment, new SSLService(settings, environment)); // We can't use the client created above for the server since it is only a truststore - HttpClient httpClient2 = new HttpClient(Settings.builder() - .put(HttpClient.SETTINGS_SSL_KEYSTORE, getDataPath("/org/elasticsearch/xpack/security/keystore/testnode.jks")) - .put(HttpClient.SETTINGS_SSL_KEYSTORE_PASSWORD, "testnode") - .build(), authRegistry, environment); - httpClient2.start(); + Settings settings2 = Settings.builder() + .put("xpack.http.ssl.keystore.path", getDataPath("/org/elasticsearch/xpack/security/keystore/testnode.jks")) + .put("xpack.http.ssl.keystore.password", "testnode") + .build(); + HttpClient httpClient2 = new HttpClient(settings2, authRegistry, environment, new SSLService(settings2, environment)); webServer.useHttps(httpClient2.getSslSocketFactory(), false); webServer.enqueue(new MockResponse().setResponseCode(200).setBody("body")); @@ -200,18 +199,17 @@ public class HttpClientTests extends ESTestCase { Settings settings; if (randomBoolean()) { settings = Settings.builder() - .put(HttpClient.SETTINGS_SSL_KEYSTORE, resource.toString()) - .put(HttpClient.SETTINGS_SSL_KEYSTORE_PASSWORD, "testnode") + .put("xpack.http.ssl.keystore.path", resource.toString()) + .put("xpack.http.ssl.keystore.password", "testnode") .build(); } else { settings = Settings.builder() - .put(HttpClient.SETTINGS_SSL_SECURITY_KEYSTORE, resource.toString()) - .put(HttpClient.SETTINGS_SSL_SECURITY_KEYSTORE_PASSWORD, "testnode") + .put("xpack.ssl.keystore.path", resource.toString()) + .put("xpack.ssl.keystore.password", "testnode") .build(); } - HttpClient httpClient = new HttpClient(settings, authRegistry, environment); - httpClient.start(); + HttpClient httpClient = new HttpClient(settings, authRegistry, environment, new SSLService(settings, environment)); webServer.useHttps(new ClientAuthRequiringSSLSocketFactory(httpClient.getSslSocketFactory()), false); webServer.enqueue(new MockResponse().setResponseCode(200).setBody("body")); @@ -235,31 +233,30 @@ public class HttpClientTests extends ESTestCase { final boolean watcherSettings = randomBoolean(); if (watcherSettings) { settings = Settings.builder() - .put(HttpClient.SETTINGS_SSL_KEYSTORE, resource.toString()) - .put(HttpClient.SETTINGS_SSL_KEYSTORE_PASSWORD, "testnode") - .put(HttpClient.SETTINGS_SSL_KEYSTORE_KEY_PASSWORD, "testnode1") + .put("xpack.http.ssl.keystore.path", resource.toString()) + .put("xpack.http.ssl.keystore.password", "testnode") + .put("xpack.http.ssl.keystore.key_password", "testnode1") .build(); } else { settings = Settings.builder() - .put(HttpClient.SETTINGS_SSL_SECURITY_KEYSTORE, resource.toString()) - .put(HttpClient.SETTINGS_SSL_SECURITY_KEYSTORE_PASSWORD, "testnode") - .put(HttpClient.SETTINGS_SSL_SECURITY_KEYSTORE_KEY_PASSWORD, "testnode1") + .put("xpack.ssl.keystore.path", resource.toString()) + .put("xpack.ssl.keystore.password", "testnode") + .put("xpack.ssl.keystore.key_password", "testnode1") .build(); } - HttpClient httpClient = new HttpClient(settings, authRegistry, environment); - httpClient.start(); + HttpClient httpClient = new HttpClient(settings, authRegistry, environment, new SSLService(settings, environment)); assertThat(httpClient.getSslSocketFactory(), notNullValue()); Settings.Builder badSettings = Settings.builder().put(settings); if (watcherSettings) { - badSettings.remove(HttpClient.SETTINGS_SSL_KEYSTORE_KEY_PASSWORD); + badSettings.remove("xpack.http.ssl.keystore.key_password"); } else { - badSettings.remove(HttpClient.SETTINGS_SSL_SECURITY_KEYSTORE_KEY_PASSWORD); + badSettings.remove("xpack.ssl.keystore.key_password"); } try { - new HttpClient(badSettings.build(), authRegistry, environment).start(); + new HttpClient(badSettings.build(), authRegistry, environment, new SSLService(badSettings.build(), environment)); fail("an exception should have been thrown since the key is not recoverable without the password"); } catch (Exception e) { UnrecoverableKeyException rootCause = (UnrecoverableKeyException) ExceptionsHelper.unwrap(e, UnrecoverableKeyException.class); @@ -294,9 +291,8 @@ public class HttpClientTests extends ESTestCase { @Network public void testHttpsWithoutTruststore() throws Exception { - HttpClient httpClient = new HttpClient(Settings.EMPTY, authRegistry, environment); - httpClient.start(); - assertThat(httpClient.getSslSocketFactory(), nullValue()); + HttpClient httpClient = new HttpClient(Settings.EMPTY, authRegistry, environment, new SSLService(Settings.EMPTY, environment)); + assertThat(httpClient.getSslSocketFactory(), notNullValue()); // Known server with a valid cert from a commercial CA HttpRequest.Builder request = HttpRequest.builder("www.elastic.co", 443).scheme(Scheme.HTTPS); @@ -309,13 +305,12 @@ public class HttpClientTests extends ESTestCase { @Network public void testHttpsWithoutTruststoreAndSSLIntegrationActive() throws Exception { // Add some settings with SSL prefix to force socket factory creation - String setting = (randomBoolean() ? HttpClient.SETTINGS_SSL_PREFIX : HttpClient.SETTINGS_SSL_SECURITY_PREFIX) + + String setting = (randomBoolean() ? HttpClient.SETTINGS_SSL_PREFIX : "xpack.ssl.") + "foo.bar"; Settings settings = Settings.builder() .put(setting, randomBoolean()) .build(); - HttpClient httpClient = new HttpClient(settings, authRegistry, environment); - httpClient.start(); + HttpClient httpClient = new HttpClient(settings, authRegistry, environment, new SSLService(Settings.EMPTY, environment)); assertThat(httpClient.getSslSocketFactory(), notNullValue()); // Known server with a valid cert from a commercial CA @@ -336,8 +331,7 @@ public class HttpClientTests extends ESTestCase { .put(HttpClient.SETTINGS_PROXY_HOST, "localhost") .put(HttpClient.SETTINGS_PROXY_PORT, proxyServer.getPort()) .build(); - HttpClient httpClient = new HttpClient(settings, authRegistry, environment); - httpClient.start(); + HttpClient httpClient = new HttpClient(settings, authRegistry, environment, new SSLService(settings, environment)); HttpRequest.Builder requestBuilder = HttpRequest.builder("localhost", webPort) .method(HttpMethod.GET) @@ -365,8 +359,7 @@ public class HttpClientTests extends ESTestCase { .put(HttpClient.SETTINGS_PROXY_HOST, "localhost") .put(HttpClient.SETTINGS_PROXY_PORT, proxyServer.getPort() + 1) .build(); - HttpClient httpClient = new HttpClient(settings, authRegistry, environment); - httpClient.start(); + HttpClient httpClient = new HttpClient(settings, authRegistry, environment, new SSLService(settings, environment)); HttpRequest.Builder requestBuilder = HttpRequest.builder("localhost", webPort) .method(HttpMethod.GET) diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpConnectionTimeoutTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpConnectionTimeoutTests.java index a51336dbf21..119f03589ad 100644 --- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpConnectionTimeoutTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpConnectionTimeoutTests.java @@ -11,10 +11,8 @@ import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.env.Environment; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.junit.annotations.Network; -import org.elasticsearch.xpack.common.http.HttpClient; -import org.elasticsearch.xpack.common.http.HttpMethod; -import org.elasticsearch.xpack.common.http.HttpRequest; import org.elasticsearch.xpack.common.http.auth.HttpAuthRegistry; +import org.elasticsearch.xpack.ssl.SSLService; import static org.hamcrest.Matchers.greaterThan; import static org.hamcrest.Matchers.lessThan; @@ -29,8 +27,8 @@ public class HttpConnectionTimeoutTests extends ESTestCase { @Network public void testDefaultTimeout() throws Exception { Environment environment = new Environment(Settings.builder().put("path.home", createTempDir()).build()); - HttpClient httpClient = new HttpClient(Settings.EMPTY, mock(HttpAuthRegistry.class), environment); - httpClient.start(); + HttpClient httpClient = new HttpClient(Settings.EMPTY, mock(HttpAuthRegistry.class), environment, + new SSLService(environment.settings(), environment)); HttpRequest request = HttpRequest.builder(UNROUTABLE_IP, 12345) .method(HttpMethod.POST) @@ -56,8 +54,7 @@ public class HttpConnectionTimeoutTests extends ESTestCase { Environment environment = new Environment(Settings.builder().put("path.home", createTempDir()).build()); HttpClient httpClient = new HttpClient(Settings.builder() .put("xpack.http.default_connection_timeout", "5s").build() - , mock(HttpAuthRegistry.class), environment); - httpClient.start(); + , mock(HttpAuthRegistry.class), environment, new SSLService(environment.settings(), environment)); HttpRequest request = HttpRequest.builder(UNROUTABLE_IP, 12345) .method(HttpMethod.POST) @@ -83,8 +80,7 @@ public class HttpConnectionTimeoutTests extends ESTestCase { Environment environment = new Environment(Settings.builder().put("path.home", createTempDir()).build()); HttpClient httpClient = new HttpClient(Settings.builder() .put("xpack.http.default_connection_timeout", "10s").build() - , mock(HttpAuthRegistry.class), environment); - httpClient.start(); + , mock(HttpAuthRegistry.class), environment, new SSLService(environment.settings(), environment)); HttpRequest request = HttpRequest.builder(UNROUTABLE_IP, 12345) .connectionTimeout(TimeValue.timeValueSeconds(5)) diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpReadTimeoutTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpReadTimeoutTests.java index 58caf5ad8e2..4ae9e7b491d 100644 --- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpReadTimeoutTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/common/http/HttpReadTimeoutTests.java @@ -14,10 +14,8 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.env.Environment; import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.xpack.common.http.HttpClient; -import org.elasticsearch.xpack.common.http.HttpMethod; -import org.elasticsearch.xpack.common.http.HttpRequest; import org.elasticsearch.xpack.common.http.auth.HttpAuthRegistry; +import org.elasticsearch.xpack.ssl.SSLService; import org.junit.After; import org.junit.Before; @@ -48,8 +46,8 @@ public class HttpReadTimeoutTests extends ESTestCase { public void testDefaultTimeout() throws Exception { Environment environment = new Environment(Settings.builder().put("path.home", createTempDir()).build()); - HttpClient httpClient = new HttpClient(Settings.EMPTY, mock(HttpAuthRegistry.class), environment); - httpClient.start(); + HttpClient httpClient = new HttpClient(Settings.EMPTY, mock(HttpAuthRegistry.class), environment, + new SSLService(environment.settings(), environment)); // we're not going to enqueue an response... so the server will just hang @@ -76,8 +74,7 @@ public class HttpReadTimeoutTests extends ESTestCase { HttpClient httpClient = new HttpClient(Settings.builder() .put("xpack.http.default_read_timeout", "3s").build() - , mock(HttpAuthRegistry.class), environment); - httpClient.start(); + , mock(HttpAuthRegistry.class), environment, new SSLService(environment.settings(), environment)); final String path = '/' + randomAsciiOfLength(5); final CountDownLatch latch = new CountDownLatch(1); @@ -109,8 +106,7 @@ public class HttpReadTimeoutTests extends ESTestCase { HttpClient httpClient = new HttpClient(Settings.builder() .put("xpack.http.default_read_timeout", "10s").build() - , mock(HttpAuthRegistry.class), environment); - httpClient.start(); + , mock(HttpAuthRegistry.class), environment, new SSLService(environment.settings(), environment)); final String path = '/' + randomAsciiOfLength(5); final CountDownLatch latch = new CountDownLatch(1); diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/email/EmailServiceTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/email/EmailServiceTests.java index b85ee604e9c..a6106c861e8 100644 --- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/email/EmailServiceTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/email/EmailServiceTests.java @@ -5,12 +5,11 @@ */ package org.elasticsearch.xpack.notification.email; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.common.secret.Secret; -import org.junit.After; import org.junit.Before; import java.util.Collections; @@ -32,7 +31,7 @@ public class EmailServiceTests extends ESTestCase { service = new EmailService(Settings.EMPTY, null, new ClusterSettings(Settings.EMPTY, Collections.singleton(EmailService.EMAIL_ACCOUNT_SETTING))) { @Override - protected Accounts createAccounts(Settings settings, ESLogger logger) { + protected Accounts createAccounts(Settings settings, Logger logger) { return accounts; } }; diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/email/support/EmailServer.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/email/support/EmailServer.java index 6179d98cb12..cc458099897 100644 --- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/email/support/EmailServer.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/email/support/EmailServer.java @@ -5,8 +5,10 @@ */ package org.elasticsearch.xpack.notification.email.support; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.transport.PortsRange; import org.subethamail.smtp.TooMuchDataException; import org.subethamail.smtp.auth.EasyAuthenticationHandlerFactory; @@ -42,7 +44,7 @@ public class EmailServer { private final SMTPServer server; - public EmailServer(String host, int port, final String username, final String password, final ESLogger logger) { + public EmailServer(String host, int port, final String username, final String password, final Logger logger) { server = new SMTPServer(new SimpleMessageListenerAdapter(new SimpleMessageListener() { @Override public boolean accept(String from, String recipient) { @@ -98,7 +100,7 @@ public class EmailServer { return new Listener.Handle(listeners, listener); } - public static EmailServer localhost(String portRangeStr, final String username, final String password, final ESLogger logger) { + public static EmailServer localhost(String portRangeStr, final String username, final String password, final Logger logger) { final AtomicReference emailServer = new AtomicReference<>(); boolean bound = new PortsRange(portRangeStr).iterate(new PortsRange.PortCallback() { @Override @@ -110,7 +112,8 @@ public class EmailServer { return true; } catch (RuntimeException re) { if (re.getCause() instanceof BindException) { - logger.warn("port [{}] was already in use trying next port", re, port); + logger.warn( + (Supplier) () -> new ParameterizedMessage("port [{}] was already in use trying next port", port), re); return false; } else { throw re; diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/hipchat/IntegrationAccountTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/hipchat/IntegrationAccountTests.java index c08b113d02c..66457eb96ba 100644 --- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/hipchat/IntegrationAccountTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/hipchat/IntegrationAccountTests.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.notification.hipchat; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.xcontent.ToXContent; @@ -71,7 +71,7 @@ public class IntegrationAccountTests extends ESTestCase { Settings settings = sb.build(); IntegrationAccount account = new IntegrationAccount(accountName, settings, HipChatServer.DEFAULT, mock(HttpClient.class), - mock(ESLogger.class)); + mock(Logger.class)); assertThat(account.profile, is(HipChatAccount.Profile.INTEGRATION)); assertThat(account.name, equalTo(accountName)); @@ -88,7 +88,7 @@ public class IntegrationAccountTests extends ESTestCase { Settings.Builder sb = Settings.builder(); sb.put(IntegrationAccount.ROOM_SETTING, randomAsciiOfLength(10)); try { - new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(ESLogger.class)); + new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); fail("Expected SettingsException"); } catch (SettingsException e) { assertThat(e.getMessage(), is("hipchat account [_name] missing required [auth_token] setting")); @@ -99,7 +99,7 @@ public class IntegrationAccountTests extends ESTestCase { Settings.Builder sb = Settings.builder(); sb.put(IntegrationAccount.AUTH_TOKEN_SETTING, randomAsciiOfLength(50)); try { - new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(ESLogger.class)); + new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); fail("Expected SettingsException"); } catch (SettingsException e) { assertThat(e.getMessage(), containsString("missing required [room] setting for [integration] account profile")); @@ -111,7 +111,7 @@ public class IntegrationAccountTests extends ESTestCase { sb.put(IntegrationAccount.AUTH_TOKEN_SETTING, randomAsciiOfLength(50)); sb.put(IntegrationAccount.ROOM_SETTING, "_r1,_r2"); try { - new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(ESLogger.class)); + new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); fail("Expected SettingsException"); } catch (SettingsException e) { assertThat(e.getMessage(), containsString("[room] setting for [integration] account must only be set with a single value")); @@ -125,7 +125,7 @@ public class IntegrationAccountTests extends ESTestCase { .put("port", "443") .put("auth_token", "_token") .put("room", "_room") - .build(), HipChatServer.DEFAULT, httpClient, mock(ESLogger.class)); + .build(), HipChatServer.DEFAULT, httpClient, mock(Logger.class)); HipChatMessage.Format format = randomFrom(HipChatMessage.Format.values()); HipChatMessage.Color color = randomFrom(HipChatMessage.Color.values()); diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/hipchat/UserAccountTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/hipchat/UserAccountTests.java index 0b1272a9172..7954692b8ed 100644 --- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/hipchat/UserAccountTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/hipchat/UserAccountTests.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.notification.hipchat; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.xcontent.ToXContent; @@ -83,7 +83,7 @@ public class UserAccountTests extends ESTestCase { } Settings settings = sb.build(); - UserAccount account = new UserAccount(accountName, settings, HipChatServer.DEFAULT, mock(HttpClient.class), mock(ESLogger.class)); + UserAccount account = new UserAccount(accountName, settings, HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); assertThat(account.profile, is(HipChatAccount.Profile.USER)); assertThat(account.name, equalTo(accountName)); @@ -108,7 +108,7 @@ public class UserAccountTests extends ESTestCase { public void testSettingsNoAuthToken() throws Exception { Settings.Builder sb = Settings.builder(); try { - new UserAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(ESLogger.class)); + new UserAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); fail("Expected SettingsException"); } catch (SettingsException e) { assertThat(e.getMessage(), is("hipchat account [_name] missing required [auth_token] setting")); @@ -121,7 +121,7 @@ public class UserAccountTests extends ESTestCase { .put("host", "_host") .put("port", "443") .put("auth_token", "_token") - .build(), HipChatServer.DEFAULT, httpClient, mock(ESLogger.class)); + .build(), HipChatServer.DEFAULT, httpClient, mock(Logger.class)); HipChatMessage.Format format = randomFrom(HipChatMessage.Format.values()); HipChatMessage.Color color = randomFrom(HipChatMessage.Color.values()); diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/hipchat/V1AccountTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/hipchat/V1AccountTests.java index 58bcb7a85bd..c2fc525a843 100644 --- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/hipchat/V1AccountTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/notification/hipchat/V1AccountTests.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.notification.hipchat; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.test.ESTestCase; @@ -74,7 +74,7 @@ public class V1AccountTests extends ESTestCase { } Settings settings = sb.build(); - V1Account account = new V1Account(accountName, settings, HipChatServer.DEFAULT, mock(HttpClient.class), mock(ESLogger.class)); + V1Account account = new V1Account(accountName, settings, HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); assertThat(account.profile, is(HipChatAccount.Profile.V1)); assertThat(account.name, equalTo(accountName)); @@ -95,7 +95,7 @@ public class V1AccountTests extends ESTestCase { public void testSettingsNoAuthToken() throws Exception { Settings.Builder sb = Settings.builder(); try { - new V1Account("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(ESLogger.class)); + new V1Account("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); fail("Expected SettingsException"); } catch (SettingsException e) { assertThat(e.getMessage(), is("hipchat account [_name] missing required [auth_token] setting")); @@ -108,7 +108,7 @@ public class V1AccountTests extends ESTestCase { .put("host", "_host") .put("port", "443") .put("auth_token", "_token") - .build(), HipChatServer.DEFAULT, httpClient, mock(ESLogger.class)); + .build(), HipChatServer.DEFAULT, httpClient, mock(Logger.class)); HipChatMessage.Format format = randomFrom(HipChatMessage.Format.values()); HipChatMessage.Color color = randomFrom(HipChatMessage.Color.values()); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/CertUtilsTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/CertUtilsTests.java similarity index 99% rename from elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/CertUtilsTests.java rename to elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/CertUtilsTests.java index 555d6a67fc2..c314da82d60 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/CertUtilsTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/CertUtilsTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/CertificateToolTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/CertificateToolTests.java similarity index 98% rename from elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/CertificateToolTests.java rename to elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/CertificateToolTests.java index 4ae4aabc22e..4db0ae20d44 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/CertificateToolTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/CertificateToolTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.bouncycastle.asn1.ASN1String; import org.bouncycastle.asn1.DEROctetString; @@ -24,9 +24,9 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.XPackPlugin; -import org.elasticsearch.xpack.security.ssl.CertificateTool.CAInfo; -import org.elasticsearch.xpack.security.ssl.CertificateTool.CertificateInformation; -import org.elasticsearch.xpack.security.ssl.CertificateTool.Name; +import org.elasticsearch.xpack.ssl.CertificateTool.CAInfo; +import org.elasticsearch.xpack.ssl.CertificateTool.CertificateInformation; +import org.elasticsearch.xpack.ssl.CertificateTool.Name; import javax.security.auth.x500.X500Principal; import java.io.Reader; diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLClientAuthTests.java similarity index 88% rename from elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java rename to elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLClientAuthTests.java index edb3e7bfe60..d3bef0f39dc 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLClientAuthTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.transport.ssl; +package org.elasticsearch.xpack.ssl; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.message.BasicHeader; @@ -22,8 +22,6 @@ import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.transport.Transport; import org.elasticsearch.xpack.XPackTransportClient; import org.elasticsearch.xpack.security.Security; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; -import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; @@ -42,16 +40,16 @@ import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.instanceOf; -public class SslClientAuthTests extends SecurityIntegTestCase { +public class SSLClientAuthTests extends SecurityIntegTestCase { @Override protected Settings nodeSettings(int nodeOrdinal) { return Settings.builder() .put(super.nodeSettings(nodeOrdinal)) // invert the require auth settings - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) - .put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true) - .put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), true) - .put("transport.profiles.default.xpack.security.ssl.client.auth", false) + .put("xpack.ssl.client_authentication", SSLClientAuth.REQUIRED) + .put("xpack.security.http.ssl.enabled", true) + .put("xpack.security.http.ssl.client_authentication", SSLClientAuth.REQUIRED) + .put("transport.profiles.default.xpack.security.ssl.client_authentication", SSLClientAuth.NONE) .put(NetworkModule.HTTP_ENABLED.getKey(), true) .build(); } @@ -92,9 +90,10 @@ public class SslClientAuthTests extends SecurityIntegTestCase { } Settings settings = Settings.builder() - .put(SecurityNetty3Transport.SSL_SETTING.getKey(), true) - .put("xpack.security.ssl.keystore.path", store) - .put("xpack.security.ssl.keystore.password", "testclient-client-profile") + .put("xpack.security.transport.ssl.enabled", true) + .put("xpack.ssl.client_authentication", SSLClientAuth.NONE) + .put("xpack.ssl.keystore.path", store) + .put("xpack.ssl.keystore.password", "testclient-client-profile") .put("cluster.name", internalCluster().getClusterName()) .put(Security.USER_SETTING.getKey(), transportClientUsername() + ":" + new String(transportClientPassword().internalChars())) diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloaderTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLConfigurationReloaderTests.java similarity index 94% rename from elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloaderTests.java rename to elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLConfigurationReloaderTests.java index 8e5aa5c19be..bf72385993d 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloaderTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLConfigurationReloaderTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.apache.lucene.util.SetOnce; import org.bouncycastle.openssl.jcajce.JcaPEMWriter; @@ -14,7 +14,6 @@ import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.watcher.ResourceWatcherService; -import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; import org.junit.After; import org.junit.Before; @@ -77,8 +76,8 @@ public class SSLConfigurationReloaderTests extends ESTestCase { Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), keystorePath); final Settings settings = Settings.builder() .put("path.home", createTempDir()) - .put("xpack.security.ssl.keystore.path", keystorePath) - .put("xpack.security.ssl.keystore.password", "testnode") + .put("xpack.ssl.keystore.path", keystorePath) + .put("xpack.ssl.keystore.password", "testnode") .build(); final Environment env = randomBoolean() ? null : new Environment(settings); @@ -136,10 +135,10 @@ public class SSLConfigurationReloaderTests extends ESTestCase { Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath); final Settings settings = Settings.builder() .put("path.home", createTempDir()) - .put("xpack.security.ssl.key.path", keyPath) - .put("xpack.security.ssl.key.password", "testnode") - .put("xpack.security.ssl.cert", certPath) - .putArray("xpack.security.ssl.ca", certPath.toString(), clientCertPath.toString()) + .put("xpack.ssl.key", keyPath) + .put("xpack.ssl.key_passphrase", "testnode") + .put("xpack.ssl.certificate", certPath) + .putArray("xpack.ssl.certificate_authorities", certPath.toString(), clientCertPath.toString()) .build(); final Environment env = randomBoolean() ? null : new Environment(Settings.builder().put("path.home", createTempDir()).build()); @@ -201,8 +200,8 @@ public class SSLConfigurationReloaderTests extends ESTestCase { Path trustStorePath = tempDir.resolve("testnode.jks"); Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), trustStorePath); Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", trustStorePath) - .put("xpack.security.ssl.truststore.password", "testnode") + .put("xpack.ssl.truststore.path", trustStorePath) + .put("xpack.ssl.truststore.password", "testnode") .put("path.home", createTempDir()) .build(); Environment env = randomBoolean() ? null : new Environment(settings); @@ -247,9 +246,8 @@ public class SSLConfigurationReloaderTests extends ESTestCase { Path clientCertPath = tempDir.resolve("testclient.crt"); Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath); Settings settings = Settings.builder() - .putArray("xpack.security.ssl.ca", clientCertPath.toString()) + .putArray("xpack.ssl.certificate_authorities", clientCertPath.toString()) .put("path.home", createTempDir()) - .put(Global.INCLUDE_JDK_CERTS_SETTING.getKey(), false) .build(); Environment env = randomBoolean() ? null : new Environment(settings); @@ -291,8 +289,8 @@ public class SSLConfigurationReloaderTests extends ESTestCase { Path keystorePath = tempDir.resolve("testnode.jks"); Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), keystorePath); Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", keystorePath) - .put("xpack.security.ssl.keystore.password", "testnode") + .put("xpack.ssl.keystore.path", keystorePath) + .put("xpack.ssl.keystore.password", "testnode") .put("path.home", createTempDir()) .build(); Environment env = randomBoolean() ? null : new Environment(settings); @@ -329,10 +327,10 @@ public class SSLConfigurationReloaderTests extends ESTestCase { Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), certPath); Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath); Settings settings = Settings.builder() - .put("xpack.security.ssl.key.path", keyPath) - .put("xpack.security.ssl.key.password", "testnode") - .put("xpack.security.ssl.cert", certPath) - .putArray("xpack.security.ssl.ca", certPath.toString(), clientCertPath.toString()) + .put("xpack.ssl.key", keyPath) + .put("xpack.ssl.key_passphrase", "testnode") + .put("xpack.ssl.certificate", certPath) + .putArray("xpack.ssl.certificate_authorities", certPath.toString(), clientCertPath.toString()) .put("path.home", createTempDir()) .build(); Environment env = randomBoolean() ? null : new Environment(settings); @@ -364,8 +362,8 @@ public class SSLConfigurationReloaderTests extends ESTestCase { Path trustStorePath = tempDir.resolve("testnode.jks"); Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), trustStorePath); Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", trustStorePath) - .put("xpack.security.ssl.truststore.password", "testnode") + .put("xpack.ssl.truststore.path", trustStorePath) + .put("xpack.ssl.truststore.password", "testnode") .put("path.home", createTempDir()) .build(); Environment env = randomBoolean() ? null : new Environment(settings); @@ -397,7 +395,7 @@ public class SSLConfigurationReloaderTests extends ESTestCase { Path clientCertPath = tempDir.resolve("testclient.crt"); Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath); Settings settings = Settings.builder() - .putArray("xpack.security.ssl.ca", clientCertPath.toString()) + .putArray("xpack.ssl.certificate_authorities", clientCertPath.toString()) .put("path.home", createTempDir()) .build(); Environment env = randomBoolean() ? null : new Environment(settings); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLConfigurationTests.java similarity index 50% rename from elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationTests.java rename to elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLConfigurationTests.java index 6531d62f823..a07054e610c 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLConfigurationTests.java @@ -3,22 +3,23 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.env.Environment; -import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Custom; -import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; +import org.elasticsearch.xpack.ssl.DefaultJDKTrustConfig.CombiningTrustConfig; import org.elasticsearch.test.ESTestCase; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.TrustManager; +import java.security.cert.X509Certificate; import java.util.Arrays; import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.everyItem; import static org.hamcrest.Matchers.instanceOf; +import static org.hamcrest.Matchers.isIn; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.not; import static org.hamcrest.Matchers.sameInstance; @@ -26,65 +27,51 @@ import static org.hamcrest.Matchers.sameInstance; public class SSLConfigurationTests extends ESTestCase { public void testThatSSLConfigurationHasCorrectDefaults() { - SSLConfiguration globalConfig = new Global(Settings.EMPTY); + SSLConfiguration globalConfig = new SSLConfiguration(Settings.EMPTY); assertThat(globalConfig.keyConfig(), sameInstance(KeyConfig.NONE)); assertThat(globalConfig.trustConfig(), is(not((globalConfig.keyConfig())))); - assertThat(globalConfig.trustConfig(), instanceOf(StoreTrustConfig.class)); - assertThat(globalConfig.sessionCacheSize(), is(equalTo(Global.DEFAULT_SESSION_CACHE_SIZE))); - assertThat(globalConfig.sessionCacheTimeout(), is(equalTo(Global.DEFAULT_SESSION_CACHE_TIMEOUT))); - assertThat(globalConfig.protocol(), is(equalTo(Global.DEFAULT_PROTOCOL))); + assertThat(globalConfig.trustConfig(), instanceOf(DefaultJDKTrustConfig.class)); - SSLConfiguration scopedConfig = new Custom(Settings.EMPTY, globalConfig); + SSLConfiguration scopedConfig = new SSLConfiguration(Settings.EMPTY, globalConfig); assertThat(scopedConfig.keyConfig(), sameInstance(globalConfig.keyConfig())); assertThat(scopedConfig.trustConfig(), sameInstance(globalConfig.trustConfig())); - assertThat(globalConfig.sessionCacheSize(), is(equalTo(Global.DEFAULT_SESSION_CACHE_SIZE))); - assertThat(globalConfig.sessionCacheTimeout(), is(equalTo(Global.DEFAULT_SESSION_CACHE_TIMEOUT))); - assertThat(globalConfig.protocol(), is(equalTo(Global.DEFAULT_PROTOCOL))); } public void testThatOnlyKeystoreInSettingsSetsTruststoreSettings() { + final String path = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks").toString(); Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", "path") - .put("xpack.security.ssl.keystore.password", "password") + .put("keystore.path", path) + .put("keystore.password", "testnode") .build(); - Settings profileSettings = settings.getByPrefix("xpack.security.ssl."); // Pass settings in as component settings - SSLConfiguration globalSettings = new Global(settings); - SSLConfiguration scopedSettings = new Custom(profileSettings, globalSettings); + SSLConfiguration globalSettings = new SSLConfiguration(settings); + SSLConfiguration scopedSettings = new SSLConfiguration(settings, globalSettings); SSLConfiguration scopedEmptyGlobalSettings = - new Custom(profileSettings, new Global(Settings.EMPTY)); + new SSLConfiguration(settings, new SSLConfiguration(Settings.EMPTY)); for (SSLConfiguration sslConfiguration : Arrays.asList(globalSettings, scopedSettings, scopedEmptyGlobalSettings)) { assertThat(sslConfiguration.keyConfig(), instanceOf(StoreKeyConfig.class)); StoreKeyConfig ksKeyInfo = (StoreKeyConfig) sslConfiguration.keyConfig(); - assertThat(ksKeyInfo.keyStorePath, is(equalTo("path"))); - assertThat(ksKeyInfo.keyStorePassword, is(equalTo("password"))); + assertThat(ksKeyInfo.keyStorePath, is(equalTo(path))); + assertThat(ksKeyInfo.keyStorePassword, is(equalTo("testnode"))); assertThat(ksKeyInfo.keyPassword, is(equalTo(ksKeyInfo.keyStorePassword))); assertThat(ksKeyInfo.keyStoreAlgorithm, is(KeyManagerFactory.getDefaultAlgorithm())); - assertThat(sslConfiguration.trustConfig(), is(sameInstance(ksKeyInfo))); + assertThat(sslConfiguration.trustConfig(), is(instanceOf(CombiningTrustConfig.class))); + assertCombiningTrustConfigContainsCorrectIssuers(sslConfiguration); } } public void testThatKeyPasswordCanBeSet() { Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", "path") - .put("xpack.security.ssl.keystore.password", "password") - .put("xpack.security.ssl.keystore.key_password", "key") + .put("keystore.path", "path") + .put("keystore.password", "password") + .put("keystore.key_password", "key") .build(); - SSLConfiguration sslConfiguration = new Global(settings); + SSLConfiguration sslConfiguration = new SSLConfiguration(settings); assertThat(sslConfiguration.keyConfig(), instanceOf(StoreKeyConfig.class)); StoreKeyConfig ksKeyInfo = (StoreKeyConfig) sslConfiguration.keyConfig(); assertThat(ksKeyInfo.keyStorePassword, is(equalTo("password"))); assertThat(ksKeyInfo.keyPassword, is(equalTo("key"))); - - // Pass settings in as profile settings - Settings profileSettings = settings.getByPrefix("xpack.security.ssl."); - SSLConfiguration sslConfiguration1 = new Custom(profileSettings, - randomBoolean() ? sslConfiguration : new Global(Settings.EMPTY)); - assertThat(sslConfiguration1.keyConfig(), instanceOf(StoreKeyConfig.class)); - ksKeyInfo = (StoreKeyConfig) sslConfiguration1.keyConfig(); - assertThat(ksKeyInfo.keyStorePassword, is(equalTo("password"))); - assertThat(ksKeyInfo.keyPassword, is(equalTo("key"))); } @@ -97,26 +84,20 @@ public class SSLConfigurationTests extends ESTestCase { .put("truststore.path", "trust path") .put("truststore.password", "password for trust") .put("truststore.algorithm", "trusted") - .put("protocol", "ssl") - .put("session.cache_size", "3") - .put("session.cache_timeout", "10m") .build(); Settings serviceSettings = Settings.builder() - .put("xpack.security.ssl.keystore.path", "comp path") - .put("xpack.security.ssl.keystore.password", "comp password") - .put("xpack.security.ssl.keystore.key_password", "comp key") - .put("xpack.security.ssl.keystore.algorithm", "comp algo") - .put("xpack.security.ssl.truststore.path", "comp trust path") - .put("xpack.security.ssl.truststore.password", "comp password for trust") - .put("xpack.security.ssl.truststore.algorithm", "comp trusted") - .put("xpack.security.ssl.protocol", "tls") - .put("xpack.security.ssl.session.cache_size", "7") - .put("xpack.security.ssl.session.cache_timeout", "20m") + .put("xpack.ssl.keystore.path", "comp path") + .put("xpack.ssl.keystore.password", "comp password") + .put("xpack.ssl.keystore.key_password", "comp key") + .put("xpack.ssl.keystore.algorithm", "comp algo") + .put("xpack.ssl.truststore.path", "comp trust path") + .put("xpack.ssl.truststore.password", "comp password for trust") + .put("xpack.ssl.truststore.algorithm", "comp trusted") .build(); - SSLConfiguration globalSettings = new Global(serviceSettings); - SSLConfiguration sslConfiguration = new Custom(profileSettings, globalSettings); + SSLConfiguration globalSettings = new SSLConfiguration(serviceSettings); + SSLConfiguration sslConfiguration = new SSLConfiguration(profileSettings, globalSettings); assertThat(sslConfiguration.keyConfig(), instanceOf(StoreKeyConfig.class)); StoreKeyConfig ksKeyInfo = (StoreKeyConfig) sslConfiguration.keyConfig(); assertThat(ksKeyInfo.keyStorePath, is(equalTo("path"))); @@ -128,41 +109,31 @@ public class SSLConfigurationTests extends ESTestCase { assertThat(ksTrustInfo.trustStorePath, is(equalTo("trust path"))); assertThat(ksTrustInfo.trustStorePassword, is(equalTo("password for trust"))); assertThat(ksTrustInfo.trustStoreAlgorithm, is(equalTo("trusted"))); - assertThat(sslConfiguration.protocol(), is(equalTo("ssl"))); - assertThat(sslConfiguration.sessionCacheSize(), is(equalTo(3))); - assertThat(sslConfiguration.sessionCacheTimeout(), is(equalTo(TimeValue.timeValueMinutes(10L)))); } public void testThatEmptySettingsAreEqual() { - SSLConfiguration sslConfiguration = new Global(Settings.EMPTY); - SSLConfiguration sslConfiguration1 = new Global(Settings.EMPTY); + SSLConfiguration sslConfiguration = new SSLConfiguration(Settings.EMPTY); + SSLConfiguration sslConfiguration1 = new SSLConfiguration(Settings.EMPTY); assertThat(sslConfiguration.equals(sslConfiguration1), is(equalTo(true))); assertThat(sslConfiguration1.equals(sslConfiguration), is(equalTo(true))); assertThat(sslConfiguration.equals(sslConfiguration), is(equalTo(true))); assertThat(sslConfiguration1.equals(sslConfiguration1), is(equalTo(true))); - SSLConfiguration profileSSLConfiguration = new Custom(Settings.EMPTY, sslConfiguration); + SSLConfiguration profileSSLConfiguration = new SSLConfiguration(Settings.EMPTY, sslConfiguration); assertThat(sslConfiguration.equals(profileSSLConfiguration), is(equalTo(true))); assertThat(profileSSLConfiguration.equals(sslConfiguration), is(equalTo(true))); assertThat(profileSSLConfiguration.equals(profileSSLConfiguration), is(equalTo(true))); } public void testThatSettingsWithDifferentKeystoresAreNotEqual() { - SSLConfiguration sslConfiguration = new Global(Settings.builder() - .put("xpack.security.ssl.keystore.path", "path").build()); - SSLConfiguration sslConfiguration1 = new Global(Settings.builder() - .put("xpack.security.ssl.keystore.path", "path1").build()); - assertThat(sslConfiguration.equals(sslConfiguration1), is(equalTo(false))); - assertThat(sslConfiguration1.equals(sslConfiguration), is(equalTo(false))); - assertThat(sslConfiguration.equals(sslConfiguration), is(equalTo(true))); - assertThat(sslConfiguration1.equals(sslConfiguration1), is(equalTo(true))); - } - - public void testThatSettingsWithDifferentProtocolsAreNotEqual() { - SSLConfiguration sslConfiguration = new Global(Settings.builder() - .put("xpack.security.ssl.protocol", "ssl").build()); - SSLConfiguration sslConfiguration1 = new Global(Settings.builder() - .put("xpack.security.ssl.protocol", "tls").build()); + SSLConfiguration sslConfiguration = new SSLConfiguration(Settings.builder() + .put("keystore.path", "path") + .put("keystore.password", randomAsciiOfLength(5)) + .build()); + SSLConfiguration sslConfiguration1 = new SSLConfiguration(Settings.builder() + .put("keystore.path", "path1") + .put("keystore.password", randomAsciiOfLength(5)) + .build()); assertThat(sslConfiguration.equals(sslConfiguration1), is(equalTo(false))); assertThat(sslConfiguration1.equals(sslConfiguration), is(equalTo(false))); assertThat(sslConfiguration.equals(sslConfiguration), is(equalTo(true))); @@ -170,10 +141,14 @@ public class SSLConfigurationTests extends ESTestCase { } public void testThatSettingsWithDifferentTruststoresAreNotEqual() { - SSLConfiguration sslConfiguration = new Global(Settings.builder() - .put("xpack.security.ssl.truststore.path", "/trust").build()); - SSLConfiguration sslConfiguration1 = new Global(Settings.builder() - .put("xpack.security.ssl.truststore.path", "/truststore").build()); + SSLConfiguration sslConfiguration = new SSLConfiguration(Settings.builder() + .put("truststore.path", "/trust") + .put("truststore.password", randomAsciiOfLength(5)) + .build()); + SSLConfiguration sslConfiguration1 = new SSLConfiguration(Settings.builder() + .put("truststore.path", "/truststore") + .put("truststore.password", randomAsciiOfLength(5)) + .build()); assertThat(sslConfiguration.equals(sslConfiguration1), is(equalTo(false))); assertThat(sslConfiguration1.equals(sslConfiguration), is(equalTo(false))); assertThat(sslConfiguration.equals(sslConfiguration), is(equalTo(true))); @@ -181,35 +156,35 @@ public class SSLConfigurationTests extends ESTestCase { } public void testThatEmptySettingsHaveSameHashCode() { - SSLConfiguration sslConfiguration = new Global(Settings.EMPTY); - SSLConfiguration sslConfiguration1 = new Global(Settings.EMPTY); + SSLConfiguration sslConfiguration = new SSLConfiguration(Settings.EMPTY); + SSLConfiguration sslConfiguration1 = new SSLConfiguration(Settings.EMPTY); assertThat(sslConfiguration.hashCode(), is(equalTo(sslConfiguration1.hashCode()))); - SSLConfiguration profileSettings = new Custom(Settings.EMPTY, sslConfiguration); + SSLConfiguration profileSettings = new SSLConfiguration(Settings.EMPTY, sslConfiguration); assertThat(profileSettings.hashCode(), is(equalTo(sslConfiguration.hashCode()))); } public void testThatSettingsWithDifferentKeystoresHaveDifferentHashCode() { - SSLConfiguration sslConfiguration = new Global(Settings.builder() - .put("xpack.security.ssl.keystore.path", "path").build()); - SSLConfiguration sslConfiguration1 = new Global(Settings.builder() - .put("xpack.security.ssl.keystore.path", "path1").build()); - assertThat(sslConfiguration.hashCode(), is(not(equalTo(sslConfiguration1.hashCode())))); - } - - public void testThatSettingsWithDifferentProtocolsHaveDifferentHashCode() { - SSLConfiguration sslConfiguration = new Global(Settings.builder() - .put("xpack.security.ssl.protocol", "ssl").build()); - SSLConfiguration sslConfiguration1 = new Global(Settings.builder() - .put("xpack.security.ssl.protocol", "tls").build()); + SSLConfiguration sslConfiguration = new SSLConfiguration(Settings.builder() + .put("keystore.path", "path") + .put("keystore.password", randomAsciiOfLength(5)) + .build()); + SSLConfiguration sslConfiguration1 = new SSLConfiguration(Settings.builder() + .put("keystore.path", "path1") + .put("keystore.password", randomAsciiOfLength(5)) + .build()); assertThat(sslConfiguration.hashCode(), is(not(equalTo(sslConfiguration1.hashCode())))); } public void testThatSettingsWithDifferentTruststoresHaveDifferentHashCode() { - SSLConfiguration sslConfiguration = new Global(Settings.builder() - .put("xpack.security.ssl.truststore.path", "/trust").build()); - SSLConfiguration sslConfiguration1 = new Global(Settings.builder() - .put("xpack.security.ssl.truststore.path", "/truststore").build()); + SSLConfiguration sslConfiguration = new SSLConfiguration(Settings.builder() + .put("truststore.path", "/trust") + .put("truststore.password", randomAsciiOfLength(5)) + .build()); + SSLConfiguration sslConfiguration1 = new SSLConfiguration(Settings.builder() + .put("truststore.path", "/truststore") + .put("truststore.password", randomAsciiOfLength(5)) + .build()); assertThat(sslConfiguration.hashCode(), is(not(equalTo(sslConfiguration1.hashCode())))); } @@ -217,36 +192,37 @@ public class SSLConfigurationTests extends ESTestCase { Environment env = randomBoolean() ? null : new Environment(Settings.builder().put("path.home", createTempDir()).build()); Settings settings = Settings.builder() - .put("xpack.security.ssl.key.path", + .put("key", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem")) - .put("xpack.security.ssl.key.password", "testnode") - .put("xpack.security.ssl.cert", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt")) + .put("key_passphrase", "testnode") + .put("certificate", + getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt")) .build(); - SSLConfiguration config = new Global(settings); + SSLConfiguration config = new SSLConfiguration(settings); assertThat(config.keyConfig(), instanceOf(PEMKeyConfig.class)); PEMKeyConfig keyConfig = (PEMKeyConfig) config.keyConfig(); KeyManager keyManager = keyConfig.createKeyManager(env); assertNotNull(keyManager); - assertThat(config.trustConfig(), sameInstance(keyConfig)); - TrustManager trustManager = keyConfig.createTrustManager(env); - assertNotNull(trustManager); + assertThat(config.trustConfig(), instanceOf(CombiningTrustConfig.class)); + assertCombiningTrustConfigContainsCorrectIssuers(config); } public void testConfigurationUsingPEMKeyAndTrustFiles() { Environment env = randomBoolean() ? null : new Environment(Settings.builder().put("path.home", createTempDir()).build()); Settings settings = Settings.builder() - .put("xpack.security.ssl.key.path", + .put("key", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem")) - .put("xpack.security.ssl.key.password", "testnode") - .put("xpack.security.ssl.cert", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt")) - .putArray("xpack.security.ssl.ca", + .put("key_passphrase", "testnode") + .put("certificate", + getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt")) + .putArray("certificate_authorities", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt").toString(), getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt").toString()) .build(); - SSLConfiguration config = new Global(settings); + SSLConfiguration config = new SSLConfiguration(settings); assertThat(config.keyConfig(), instanceOf(PEMKeyConfig.class)); PEMKeyConfig keyConfig = (PEMKeyConfig) config.keyConfig(); KeyManager keyManager = keyConfig.createKeyManager(env); @@ -256,4 +232,13 @@ public class SSLConfigurationTests extends ESTestCase { TrustManager trustManager = keyConfig.createTrustManager(env); assertNotNull(trustManager); } + + private void assertCombiningTrustConfigContainsCorrectIssuers(SSLConfiguration sslConfiguration) { + X509Certificate[] trustConfAcceptedIssuers = sslConfiguration.trustConfig().createTrustManager(null).getAcceptedIssuers(); + X509Certificate[] keyConfAcceptedIssuers = sslConfiguration.keyConfig().createTrustManager(null).getAcceptedIssuers(); + X509Certificate[] defaultAcceptedIssuers = DefaultJDKTrustConfig.INSTANCE.createTrustManager(null).getAcceptedIssuers(); + assertEquals(keyConfAcceptedIssuers.length + defaultAcceptedIssuers.length, trustConfAcceptedIssuers.length); + assertThat(Arrays.asList(keyConfAcceptedIssuers), everyItem(isIn(trustConfAcceptedIssuers))); + assertThat(Arrays.asList(defaultAcceptedIssuers), everyItem(isIn(trustConfAcceptedIssuers))); + } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLReloadIntegTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLReloadIntegTests.java similarity index 92% rename from elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLReloadIntegTests.java rename to elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLReloadIntegTests.java index 6ff302e1ad0..cd0ed69859e 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLReloadIntegTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLReloadIntegTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.Extension; @@ -71,7 +71,7 @@ public class SSLReloadIntegTests extends SecurityIntegTestCase { Settings settings = super.nodeSettings(nodeOrdinal); Settings.Builder builder = Settings.builder(); for (Entry entry : settings.getAsMap().entrySet()) { - if (entry.getKey().startsWith(Security.setting("ssl.")) == false) { + if (entry.getKey().startsWith("xpack.ssl.") == false) { builder.put(entry.getKey(), entry.getValue()); } } @@ -79,10 +79,10 @@ public class SSLReloadIntegTests extends SecurityIntegTestCase { builder.put("resource.reload.interval.high", "1s") .put(SecuritySettingsSource.getSSLSettingsForStore( "/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks", "testnode")) - .put("xpack.security.ssl.keystore.path", nodeStorePath); + .put("xpack.ssl.keystore.path", nodeStorePath); - if (builder.get("xpack.security.ssl.truststore.path") != null) { - builder.put("xpack.security.ssl.truststore.path", nodeStorePath); + if (builder.get("xpack.ssl.truststore.path") != null) { + builder.put("xpack.ssl.truststore.path", nodeStorePath); } return builder.build(); @@ -106,10 +106,10 @@ public class SSLReloadIntegTests extends SecurityIntegTestCase { Settings settings = Settings.builder() .put("path.home", createTempDir()) - .put("xpack.security.ssl.keystore.path", keystorePath) - .put("xpack.security.ssl.keystore.password", "changeme") - .put("xpack.security.ssl.truststore.path", nodeStorePath) - .put("xpack.security.ssl.truststore.password", "testnode") + .put("xpack.ssl.keystore.path", keystorePath) + .put("xpack.ssl.keystore.password", "changeme") + .put("xpack.ssl.truststore.path", nodeStorePath) + .put("xpack.ssl.truststore.password", "testnode") .build(); String node = randomFrom(internalCluster().getNodeNames()); SSLService sslService = new SSLService(settings, new Environment(settings)); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLServiceTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLServiceTests.java similarity index 58% rename from elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLServiceTests.java rename to elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLServiceTests.java index a4fc145d4c9..2622fa4b239 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLServiceTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/ssl/SSLServiceTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.ssl; +package org.elasticsearch.xpack.ssl; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.CloseableHttpClient; @@ -11,17 +11,14 @@ import org.apache.http.impl.client.HttpClients; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Strings; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.env.Environment; import org.elasticsearch.test.junit.annotations.Network; -import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.xpack.XPackSettings; import org.junit.Before; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLHandshakeException; -import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import java.nio.file.Path; @@ -29,11 +26,10 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; +import static org.hamcrest.Matchers.arrayContainingInAnyOrder; import static org.hamcrest.Matchers.contains; import static org.hamcrest.Matchers.containsString; -import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasItem; -import static org.hamcrest.Matchers.instanceOf; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.not; import static org.hamcrest.Matchers.notNullValue; @@ -53,49 +49,33 @@ public class SSLServiceTests extends ESTestCase { env = new Environment(Settings.builder().put("path.home", createTempDir()).build()); } - public void testThatInvalidProtocolThrowsException() throws Exception { - Settings settings = Settings.builder() - .put("xpack.security.ssl.protocol", "non-existing") - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") - .put("xpack.security.ssl.truststore.path", testnodeStore) - .put("xpack.security.ssl.truststore.password", "testnode") - .build(); - try { - new SSLService(settings, env); - fail("expected an exception"); - } catch (ElasticsearchException e) { - assertThat(e.getMessage(), containsString("failed to initialize the SSLContext")); - } - } - public void testThatCustomTruststoreCanBeSpecified() throws Exception { Path testClientStore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks"); Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") + .put("xpack.ssl.truststore.path", testnodeStore) + .put("xpack.ssl.truststore.password", "testnode") .put("transport.profiles.foo.xpack.security.ssl.truststore.path", testClientStore) .put("transport.profiles.foo.xpack.security.ssl.truststore.password", "testclient") .build(); SSLService sslService = new SSLService(settings, env); Settings customTruststoreSettings = Settings.builder() - .put("ssl.truststore.path", testClientStore) - .put("ssl.truststore.password", "testclient") + .put("truststore.path", testClientStore) + .put("truststore.password", "testclient") .build(); - SSLEngine sslEngineWithTruststore = sslService.createSSLEngine(customTruststoreSettings); + SSLEngine sslEngineWithTruststore = sslService.createSSLEngine(customTruststoreSettings, Settings.EMPTY); assertThat(sslEngineWithTruststore, is(not(nullValue()))); - SSLEngine sslEngine = sslService.createSSLEngine(Settings.EMPTY); + SSLEngine sslEngine = sslService.createSSLEngine(Settings.EMPTY, Settings.EMPTY); assertThat(sslEngineWithTruststore, is(not(sameInstance(sslEngine)))); } public void testThatSslContextCachingWorks() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") + .put("xpack.ssl.keystore.path", testnodeStore) + .put("xpack.ssl.keystore.password", "testnode") .build(); SSLService sslService = new SSLService(settings, env); @@ -109,11 +89,11 @@ public class SSLServiceTests extends ESTestCase { Path differentPasswordsStore = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-different-passwords.jks"); Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", differentPasswordsStore) - .put("xpack.security.ssl.keystore.password", "testnode") - .put("xpack.security.ssl.keystore.key_password", "testnode1") + .put("xpack.ssl.keystore.path", differentPasswordsStore) + .put("xpack.ssl.keystore.password", "testnode") + .put("xpack.ssl.keystore.key_password", "testnode1") .build(); - new SSLService(settings, env).createSSLEngine(Settings.EMPTY); + new SSLService(settings, env).createSSLEngine(Settings.EMPTY, Settings.EMPTY); } public void testIncorrectKeyPasswordThrowsException() throws Exception { @@ -121,10 +101,10 @@ public class SSLServiceTests extends ESTestCase { getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-different-passwords.jks"); try { Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", differentPasswordsStore) - .put("xpack.security.ssl.keystore.password", "testnode") + .put("xpack.ssl.keystore.path", differentPasswordsStore) + .put("xpack.ssl.keystore.password", "testnode") .build(); - new SSLService(settings, env).createSSLEngine(Settings.EMPTY); + new SSLService(settings, env).createSSLEngine(Settings.EMPTY, Settings.EMPTY); fail("expected an exception"); } catch (ElasticsearchException e) { assertThat(e.getMessage(), containsString("failed to initialize a KeyManagerFactory")); @@ -133,108 +113,142 @@ public class SSLServiceTests extends ESTestCase { public void testThatSSLv3IsNotEnabled() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") + .put("xpack.ssl.keystore.path", testnodeStore) + .put("xpack.ssl.keystore.password", "testnode") .build(); SSLService sslService = new SSLService(settings, env); - SSLEngine engine = sslService.createSSLEngine(Settings.EMPTY); + SSLEngine engine = sslService.createSSLEngine(Settings.EMPTY, Settings.EMPTY); assertThat(Arrays.asList(engine.getEnabledProtocols()), not(hasItem("SSLv3"))); } - public void testThatSSLSessionCacheHasDefaultLimits() throws Exception { - Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") - .build(); - SSLService sslService = new SSLService(settings, env); - SSLSessionContext context = sslService.sslContext().getServerSessionContext(); - assertThat(context.getSessionCacheSize(), equalTo(1000)); - assertThat(context.getSessionTimeout(), equalTo((int) TimeValue.timeValueHours(24).seconds())); - } - - public void testThatSettingSSLSessionCacheLimitsWorks() throws Exception { - Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") - .put("xpack.security.ssl.session.cache_size", "300") - .put("xpack.security.ssl.session.cache_timeout", "600s") - .build(); - SSLService sslService = new SSLService(settings, env); - SSLSessionContext context = sslService.sslContext().getServerSessionContext(); - assertThat(context.getSessionCacheSize(), equalTo(300)); - assertThat(context.getSessionTimeout(), equalTo(600)); - } - - public void testCreateWithoutAnySettingsNotValidForServer() throws Exception { - SSLService sslService = new SSLService(Settings.EMPTY, env); - assertFalse(sslService.isConfigurationValidForServerUsage(Settings.EMPTY)); - } - - public void testCreateWithOnlyTruststoreNotValidForServer() throws Exception { - Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", testnodeStore) - .put("xpack.security.ssl.truststore.password", "testnode") - .build(); - SSLService sslService = new SSLService(settings, env); - assertFalse(sslService.isConfigurationValidForServerUsage(Settings.EMPTY)); - } - - public void testCreateWithKeystoreIsValidForServer() throws Exception { - Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") - .build(); - SSLService sslService = new SSLService(settings, env); - assertTrue(sslService.isConfigurationValidForServerUsage(Settings.EMPTY)); - } - public void testThatCreateClientSSLEngineWithoutAnySettingsWorks() throws Exception { SSLService sslService = new SSLService(Settings.EMPTY, env); - SSLEngine sslEngine = sslService.createSSLEngine(Settings.EMPTY); + SSLEngine sslEngine = sslService.createSSLEngine(Settings.EMPTY, Settings.EMPTY); assertThat(sslEngine, notNullValue()); } public void testThatCreateSSLEngineWithOnlyTruststoreWorks() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", testclientStore) - .put("xpack.security.ssl.truststore.password", "testclient") + .put("xpack.ssl.truststore.path", testclientStore) + .put("xpack.ssl.truststore.password", "testclient") .build(); SSLService sslService = new SSLService(settings, env); - SSLEngine sslEngine = sslService.createSSLEngine(Settings.EMPTY); + SSLEngine sslEngine = sslService.createSSLEngine(Settings.EMPTY, Settings.EMPTY); assertThat(sslEngine, notNullValue()); } + public void testCreateWithoutAnySettingsNotValidForServer() throws Exception { + SSLService sslService = new SSLService(Settings.EMPTY, env); + assertFalse(sslService.isConfigurationValidForServerUsage(Settings.EMPTY, Settings.EMPTY)); + } + + public void testCreateWithOnlyTruststoreNotValidForServer() throws Exception { + Settings settings = Settings.builder() + .put("xpack.ssl.truststore.path", testnodeStore) + .put("xpack.ssl.truststore.password", "testnode") + .build(); + SSLService sslService = new SSLService(settings, env); + assertFalse(sslService.isConfigurationValidForServerUsage(Settings.EMPTY, Settings.EMPTY)); + } + + public void testCreateWithKeystoreIsValidForServer() throws Exception { + Settings settings = Settings.builder() + .put("xpack.ssl.keystore.path", testnodeStore) + .put("xpack.ssl.keystore.password", "testnode") + .build(); + SSLService sslService = new SSLService(settings, env); + assertTrue(sslService.isConfigurationValidForServerUsage(Settings.EMPTY, Settings.EMPTY)); + } + + public void testValidForServerWithFallback() throws Exception { + Settings settings = Settings.builder() + .put("xpack.ssl.truststore.path", testnodeStore) + .put("xpack.ssl.truststore.password", "testnode") + .build(); + SSLService sslService = new SSLService(settings, env); + assertFalse(sslService.isConfigurationValidForServerUsage(Settings.EMPTY, settings.getByPrefix("xpack.ssl."))); + + settings = Settings.builder() + .put("xpack.ssl.truststore.path", testnodeStore) + .put("xpack.ssl.truststore.password", "testnode") + .put("xpack.security.transport.ssl.keystore.path", testnodeStore) + .put("xpack.security.transport.ssl.keystore.password", "testnode") + .build(); + sslService = new SSLService(settings, env); + assertFalse(sslService.isConfigurationValidForServerUsage(Settings.EMPTY, settings.getByPrefix("xpack.ssl."))); + assertTrue(sslService.isConfigurationValidForServerUsage( + settings.getByPrefix("xpack.security.transport.ssl."), settings.getByPrefix("xpack.ssl."))); + assertTrue(sslService.isConfigurationValidForServerUsage(Settings.EMPTY, settings.getByPrefix("xpack.security.transport.ssl."))); + } + + public void testGetVerificationMode() { + SSLService sslService = new SSLService(Settings.EMPTY, env); + assertThat(sslService.getVerificationMode(Settings.EMPTY, Settings.EMPTY), is(XPackSettings.VERIFICATION_MODE_DEFAULT)); + + Settings settings = Settings.builder() + .put("xpack.ssl.verification_mode", "none") + .put("xpack.security.transport.ssl.verification_mode", "certificate") + .put("transport.profiles.foo.xpack.security.ssl.verification_mode", "full") + .build(); + sslService = new SSLService(settings, env); + assertThat(sslService.getVerificationMode(Settings.EMPTY, Settings.EMPTY), is(VerificationMode.NONE)); + assertThat(sslService.getVerificationMode(settings.getByPrefix("xpack.security.transport.ssl."), Settings.EMPTY), + is(VerificationMode.CERTIFICATE)); + assertThat(sslService.getVerificationMode(settings.getByPrefix("transport.profiles.foo.xpack.security.ssl."), + settings.getByPrefix("xpack.security.transport.ssl.")), is(VerificationMode.FULL)); + assertThat(sslService.getVerificationMode(Settings.EMPTY, settings.getByPrefix("xpack.security.transport.ssl.")), + is(VerificationMode.CERTIFICATE)); + } + + public void testIsSSLClientAuthEnabled() { + SSLService sslService = new SSLService(Settings.EMPTY, env); + assertTrue(sslService.isSSLClientAuthEnabled(Settings.EMPTY)); + assertTrue(sslService.isSSLClientAuthEnabled(Settings.EMPTY, Settings.EMPTY)); + + Settings settings = Settings.builder() + .put("xpack.ssl.client_authentication", "none") + .put("xpack.security.transport.ssl.client_authentication", "optional") + .build(); + sslService = new SSLService(settings, env); + assertFalse(sslService.isSSLClientAuthEnabled(Settings.EMPTY)); + assertFalse(sslService.isSSLClientAuthEnabled(Settings.EMPTY, Settings.EMPTY)); + assertTrue(sslService.isSSLClientAuthEnabled(settings.getByPrefix("xpack.security.transport.ssl."))); + assertTrue(sslService.isSSLClientAuthEnabled(settings.getByPrefix("xpack.security.transport.ssl."), Settings.EMPTY)); + assertTrue(sslService.isSSLClientAuthEnabled(settings.getByPrefix("transport.profiles.foo.xpack.security.ssl."), + settings.getByPrefix("xpack.security.transport.ssl."))); + } + public void testThatTruststorePasswordIsRequired() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") - .put("xpack.security.ssl.truststore.path", testnodeStore) + .put("xpack.ssl.keystore.path", testnodeStore) + .put("xpack.ssl.keystore.password", "testnode") + .put("xpack.ssl.truststore.path", testnodeStore) .build(); - IllegalArgumentException e = - expectThrows(IllegalArgumentException.class, () -> new SSLService(settings, env)); - assertThat(e.getMessage(), is("no truststore password configured")); + NullPointerException e = + expectThrows(NullPointerException.class, () -> new SSLService(settings, env)); + assertThat(e.getMessage(), is("truststore password must be specified")); } public void testThatKeystorePasswordIsRequired() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) + .put("xpack.ssl.keystore.path", testnodeStore) .build(); - IllegalArgumentException e = - expectThrows(IllegalArgumentException.class, () -> new SSLService(settings, env)); - assertThat(e.getMessage(), is("no keystore password configured")); + NullPointerException e = + expectThrows(NullPointerException.class, () -> new SSLService(settings, env)); + assertThat(e.getMessage(), is("keystore password must be specified")); } public void testCiphersAndInvalidCiphersWork() throws Exception { - List ciphers = new ArrayList<>(Global.DEFAULT_CIPHERS); + List ciphers = new ArrayList<>(XPackSettings.DEFAULT_CIPHERS); ciphers.add("foo"); ciphers.add("bar"); Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") - .putArray("xpack.security.ssl.ciphers", ciphers.toArray(new String[ciphers.size()])) + .put("xpack.ssl.keystore.path", testnodeStore) + .put("xpack.ssl.keystore.password", "testnode") + .putArray("xpack.ssl.ciphers", ciphers.toArray(new String[ciphers.size()])) .build(); SSLService sslService = new SSLService(settings, env); - SSLEngine engine = sslService.createSSLEngine(Settings.EMPTY); + SSLEngine engine = sslService.createSSLEngine(Settings.EMPTY, Settings.EMPTY); assertThat(engine, is(notNullValue())); String[] enabledCiphers = engine.getEnabledCipherSuites(); assertThat(Arrays.asList(enabledCiphers), not(contains("foo", "bar"))); @@ -242,9 +256,9 @@ public class SSLServiceTests extends ESTestCase { public void testInvalidCiphersOnlyThrowsException() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") - .putArray("xpack.security.ssl.ciphers", new String[] { "foo", "bar" }) + .put("xpack.ssl.keystore.path", testnodeStore) + .put("xpack.ssl.keystore.password", "testnode") + .putArray("xpack.ssl.cipher_suites", new String[]{"foo", "bar"}) .build(); IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> new SSLService(settings, env)); @@ -253,18 +267,19 @@ public class SSLServiceTests extends ESTestCase { public void testThatSSLSocketFactoryHasProperCiphersAndProtocols() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testnodeStore) - .put("xpack.security.ssl.keystore.password", "testnode") + .put("xpack.ssl.keystore.path", testnodeStore) + .put("xpack.ssl.keystore.password", "testnode") .build(); SSLService sslService = new SSLService(settings, env); SSLSocketFactory factory = sslService.sslSocketFactory(Settings.EMPTY); SSLConfiguration config = sslService.sslConfiguration(Settings.EMPTY); - final String[] ciphers = sslService.supportedCiphers(factory.getSupportedCipherSuites(), config.ciphers(), false); + final String[] ciphers = sslService.supportedCiphers(factory.getSupportedCipherSuites(), config.cipherSuites(), false); assertThat(factory.getDefaultCipherSuites(), is(ciphers)); try (SSLSocket socket = (SSLSocket) factory.createSocket()) { assertThat(socket.getEnabledCipherSuites(), is(ciphers)); - assertThat(socket.getEnabledProtocols(), is(config.supportedProtocols().toArray(Strings.EMPTY_ARRAY))); + // the order we set the protocols in is not going to be what is returned as internally the JDK may sort the versions + assertThat(socket.getEnabledProtocols(), arrayContainingInAnyOrder(config.supportedProtocols().toArray(Strings.EMPTY_ARRAY))); } } @@ -283,8 +298,8 @@ public class SSLServiceTests extends ESTestCase { @Network public void testThatSSLContextTrustsJDKTrustedCAs() throws Exception { Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testclientStore) - .put("xpack.security.ssl.keystore.password", "testclient") + .put("xpack.ssl.keystore.path", testclientStore) + .put("xpack.ssl.keystore.password", "testclient") .build(); SSLContext sslContext = new SSLService(settings, env).sslContext(); try (CloseableHttpClient client = HttpClients.custom().setSSLContext(sslContext).build()) { @@ -292,21 +307,5 @@ public class SSLServiceTests extends ESTestCase { // certs are trusted by default client.execute(new HttpGet("https://www.elastic.co/")).close(); } - - settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", testclientStore) - .put("xpack.security.ssl.keystore.password", "testclient") - .put(Global.INCLUDE_JDK_CERTS_SETTING.getKey(), "false") - .build(); - sslContext = new SSLService(settings, env).sslContext(); - try (CloseableHttpClient client = HttpClients.custom().setSSLContext(sslContext).build()) { - // Execute a GET on a site known to have a valid certificate signed by a trusted public CA - // This will result in a SSLHandshakeException because the truststore is the testnodestore, which doesn't - // trust any public CAs - client.execute(new HttpGet("https://www.elastic.co/")); - fail("A SSLHandshakeException should have been thrown here"); - } catch (Exception e) { - assertThat(e, instanceOf(SSLHandshakeException.class)); - } } } diff --git a/elasticsearch/x-pack/src/test/resources/indices/bwc/x-pack-2.4.0.zip b/elasticsearch/x-pack/src/test/resources/indices/bwc/x-pack-2.4.0.zip new file mode 100644 index 00000000000..8977cdf8cbf Binary files /dev/null and b/elasticsearch/x-pack/src/test/resources/indices/bwc/x-pack-2.4.0.zip differ diff --git a/elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/ssl/instances.yml b/elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/ssl/instances.yml similarity index 100% rename from elasticsearch/x-pack/security/src/test/resources/org/elasticsearch/xpack/security/ssl/instances.yml rename to elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/ssl/instances.yml diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java index 93c70bd020f..455dd0a3f35 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.watcher; +import org.apache.logging.log4j.Logger; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionResponse; import org.elasticsearch.client.Client; @@ -12,7 +13,6 @@ import org.elasticsearch.cluster.metadata.MetaData; import org.elasticsearch.common.Booleans; import org.elasticsearch.common.Strings; import org.elasticsearch.common.inject.Module; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.LoggerMessageFormat; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.regex.Regex; @@ -96,7 +96,7 @@ public class Watcher implements ActionPlugin, ScriptPlugin { private static final ScriptContext.Plugin SCRIPT_PLUGIN = new ScriptContext.Plugin("xpack", "watch"); public static final ScriptContext SCRIPT_CONTEXT = SCRIPT_PLUGIN::getKey; - private static final ESLogger logger = Loggers.getLogger(XPackPlugin.class); + private static final Logger logger = Loggers.getLogger(XPackPlugin.class); static { MetaData.registerPrototype(WatcherMetaData.TYPE, WatcherMetaData.PROTO); diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/WatcherLifeCycleService.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/WatcherLifeCycleService.java index 4bded277ee0..daa21ac5d89 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/WatcherLifeCycleService.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/WatcherLifeCycleService.java @@ -5,14 +5,16 @@ */ package org.elasticsearch.xpack.watcher; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.action.ActionListener; import org.elasticsearch.cluster.AckedClusterStateUpdateTask; import org.elasticsearch.cluster.ClusterChangedEvent; -import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.ClusterStateListener; import org.elasticsearch.cluster.ack.AckedRequest; import org.elasticsearch.cluster.metadata.MetaData; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.component.LifecycleListener; import org.elasticsearch.common.inject.Inject; @@ -201,7 +203,7 @@ public class WatcherLifeCycleService extends AbstractComponent implements Cluste @Override public void onFailure(String source, Exception throwable) { latch.countDown(); - logger.warn("couldn't update watcher metadata [{}]", throwable, source); + logger.warn((Supplier) () -> new ParameterizedMessage("couldn't update watcher metadata [{}]", source), throwable); } }); try { diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/ActionFactory.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/ActionFactory.java index 819c93eec01..102f4aadd54 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/ActionFactory.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/ActionFactory.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.actions; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.xcontent.XContentParser; import java.io.IOException; @@ -15,9 +15,9 @@ import java.io.IOException; */ public abstract class ActionFactory> { - protected final ESLogger actionLogger; + protected final Logger actionLogger; - protected ActionFactory(ESLogger actionLogger) { + protected ActionFactory(Logger actionLogger) { this.actionLogger = actionLogger; } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/ActionWrapper.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/ActionWrapper.java index c113b6df343..ead7a5a30a9 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/ActionWrapper.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/ActionWrapper.java @@ -5,6 +5,8 @@ */ package org.elasticsearch.xpack.watcher.actions; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.common.Nullable; @@ -15,6 +17,7 @@ import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.license.XPackLicenseState; +import org.elasticsearch.xpack.support.clock.Clock; import org.elasticsearch.xpack.watcher.actions.throttler.ActionThrottler; import org.elasticsearch.xpack.watcher.actions.throttler.Throttler; import org.elasticsearch.xpack.watcher.condition.Condition; @@ -22,7 +25,6 @@ import org.elasticsearch.xpack.watcher.condition.ConditionRegistry; import org.elasticsearch.xpack.watcher.condition.ExecutableCondition; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.watcher.support.WatcherDateTimeUtils; -import org.elasticsearch.xpack.support.clock.Clock; import org.elasticsearch.xpack.watcher.transform.ExecutableTransform; import org.elasticsearch.xpack.watcher.transform.Transform; import org.elasticsearch.xpack.watcher.transform.TransformRegistry; @@ -113,7 +115,9 @@ public class ActionWrapper implements ToXContent { new Action.Result.ConditionFailed(action.type(), "condition not met. skipping")); } } catch (RuntimeException e) { - action.logger().error("failed to execute action [{}/{}]. failed to execute condition", e, ctx.watch().id(), id); + action.logger().error( + (Supplier) () -> new ParameterizedMessage( + "failed to execute action [{}/{}]. failed to execute condition", ctx.watch().id(), id), e); return new ActionWrapper.Result(id, new Action.Result.ConditionFailed(action.type(), "condition failed. skipping: {}", e.getMessage())); } @@ -131,7 +135,9 @@ public class ActionWrapper implements ToXContent { } payload = transformResult.payload(); } catch (Exception e) { - action.logger().error("failed to execute action [{}/{}]. failed to transform payload.", e, ctx.watch().id(), id); + action.logger().error( + (Supplier) () -> new ParameterizedMessage( + "failed to execute action [{}/{}]. failed to transform payload.", ctx.watch().id(), id), e); return new ActionWrapper.Result(id, conditionResult, null, new Action.Result.Failure(action.type(), "Failed to transform payload. error: {}", ExceptionsHelper.detailedMessage(e))); @@ -141,7 +147,8 @@ public class ActionWrapper implements ToXContent { Action.Result actionResult = action.execute(id, ctx, payload); return new ActionWrapper.Result(id, conditionResult, transformResult, actionResult); } catch (Exception e) { - action.logger().error("failed to execute action [{}/{}]", e, ctx.watch().id(), id); + action.logger().error( + (Supplier) () -> new ParameterizedMessage("failed to execute action [{}/{}]", ctx.watch().id(), id), e); return new ActionWrapper.Result(id, new Action.Result.Failure(action.type(), ExceptionsHelper.detailedMessage(e))); } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/ExecutableAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/ExecutableAction.java index b8207e44765..b7d1a0276d4 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/ExecutableAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/ExecutableAction.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.actions; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; @@ -18,9 +18,9 @@ import java.io.IOException; public abstract class ExecutableAction implements ToXContent { protected final A action; - protected final ESLogger logger; + protected final Logger logger; - protected ExecutableAction(A action, ESLogger logger) { + protected ExecutableAction(A action, Logger logger) { this.action = action; this.logger = logger; } @@ -39,7 +39,7 @@ public abstract class ExecutableAction implements ToXContent { /** * yack... needed to expose that for testing purposes */ - public ESLogger logger() { + public Logger logger() { return logger; } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/email/ExecutableEmailAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/email/ExecutableEmailAction.java index 9ec7056f657..0e08a50cc13 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/email/ExecutableEmailAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/email/ExecutableEmailAction.java @@ -5,20 +5,20 @@ */ package org.elasticsearch.xpack.watcher.actions.email; +import org.apache.logging.log4j.Logger; import org.elasticsearch.ElasticsearchException; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.xpack.common.text.TextTemplateEngine; -import org.elasticsearch.xpack.watcher.actions.Action; -import org.elasticsearch.xpack.watcher.actions.ExecutableAction; -import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; -import org.elasticsearch.xpack.watcher.support.Variables; -import org.elasticsearch.xpack.watcher.watch.Payload; import org.elasticsearch.xpack.notification.email.Attachment; import org.elasticsearch.xpack.notification.email.DataAttachment; import org.elasticsearch.xpack.notification.email.Email; import org.elasticsearch.xpack.notification.email.EmailService; import org.elasticsearch.xpack.notification.email.HtmlSanitizer; import org.elasticsearch.xpack.notification.email.attachment.EmailAttachmentParser; +import org.elasticsearch.xpack.watcher.actions.Action; +import org.elasticsearch.xpack.watcher.actions.ExecutableAction; +import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; +import org.elasticsearch.xpack.watcher.support.Variables; +import org.elasticsearch.xpack.watcher.watch.Payload; import java.util.HashMap; import java.util.Map; @@ -32,7 +32,7 @@ public class ExecutableEmailAction extends ExecutableAction { final HtmlSanitizer htmlSanitizer; private final Map emailAttachmentParsers; - public ExecutableEmailAction(EmailAction action, ESLogger logger, EmailService emailService, TextTemplateEngine templateEngine, + public ExecutableEmailAction(EmailAction action, Logger logger, EmailService emailService, TextTemplateEngine templateEngine, HtmlSanitizer htmlSanitizer, Map emailAttachmentParsers) { super(action, logger); this.emailService = emailService; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/hipchat/ExecutableHipChatAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/hipchat/ExecutableHipChatAction.java index 2986a20c618..f75177fc28e 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/hipchat/ExecutableHipChatAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/hipchat/ExecutableHipChatAction.java @@ -5,14 +5,14 @@ */ package org.elasticsearch.xpack.watcher.actions.hipchat; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.xpack.common.text.TextTemplateEngine; -import org.elasticsearch.xpack.watcher.actions.Action; -import org.elasticsearch.xpack.watcher.actions.ExecutableAction; import org.elasticsearch.xpack.notification.hipchat.HipChatAccount; import org.elasticsearch.xpack.notification.hipchat.HipChatMessage; import org.elasticsearch.xpack.notification.hipchat.HipChatService; import org.elasticsearch.xpack.notification.hipchat.SentMessages; +import org.elasticsearch.xpack.watcher.actions.Action; +import org.elasticsearch.xpack.watcher.actions.ExecutableAction; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.watcher.support.Variables; import org.elasticsearch.xpack.watcher.watch.Payload; @@ -27,7 +27,7 @@ public class ExecutableHipChatAction extends ExecutableAction { private final TextTemplateEngine templateEngine; private final HipChatService hipchatService; - public ExecutableHipChatAction(HipChatAction action, ESLogger logger, HipChatService hipchatService, + public ExecutableHipChatAction(HipChatAction action, Logger logger, HipChatService hipchatService, TextTemplateEngine templateEngine) { super(action, logger); this.hipchatService = hipchatService; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/index/ExecutableIndexAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/index/ExecutableIndexAction.java index 2d78c24e3cf..d8f9c4c46b6 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/index/ExecutableIndexAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/index/ExecutableIndexAction.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.watcher.actions.index; +import org.apache.logging.log4j.Logger; import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.bulk.BulkItemResponse; import org.elasticsearch.action.bulk.BulkRequest; @@ -12,7 +13,6 @@ import org.elasticsearch.action.bulk.BulkResponse; import org.elasticsearch.action.index.IndexRequest; import org.elasticsearch.action.index.IndexResponse; import org.elasticsearch.common.Nullable; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentType; @@ -38,7 +38,7 @@ public class ExecutableIndexAction extends ExecutableAction { private final WatcherClientProxy client; private final TimeValue timeout; - public ExecutableIndexAction(IndexAction action, ESLogger logger, WatcherClientProxy client, @Nullable TimeValue defaultTimeout) { + public ExecutableIndexAction(IndexAction action, Logger logger, WatcherClientProxy client, @Nullable TimeValue defaultTimeout) { super(action, logger); this.client = client; this.timeout = action.timeout != null ? action.timeout : defaultTimeout; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/logging/ExecutableLoggingAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/logging/ExecutableLoggingAction.java index fc3051e7072..5bab8eae3a0 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/logging/ExecutableLoggingAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/logging/ExecutableLoggingAction.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.actions.logging; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.xpack.common.text.TextTemplateEngine; @@ -22,23 +22,23 @@ import java.util.Map; */ public class ExecutableLoggingAction extends ExecutableAction { - private final ESLogger textLogger; + private final Logger textLogger; private final TextTemplateEngine templateEngine; - ExecutableLoggingAction(LoggingAction action, ESLogger logger, Settings settings, TextTemplateEngine templateEngine) { + ExecutableLoggingAction(LoggingAction action, Logger logger, Settings settings, TextTemplateEngine templateEngine) { super(action, logger); this.textLogger = action.category != null ? Loggers.getLogger(action.category, settings) : logger; this.templateEngine = templateEngine; } // for tests - ExecutableLoggingAction(LoggingAction action, ESLogger logger, ESLogger textLogger, TextTemplateEngine templateEngine) { + ExecutableLoggingAction(LoggingAction action, Logger logger, Logger textLogger, TextTemplateEngine templateEngine) { super(action, logger); this.textLogger = textLogger; this.templateEngine = templateEngine; } - ESLogger textLogger() { + Logger textLogger() { return textLogger; } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/logging/LoggingLevel.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/logging/LoggingLevel.java index 6524f7ff257..83044444f59 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/logging/LoggingLevel.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/logging/LoggingLevel.java @@ -5,8 +5,8 @@ */ package org.elasticsearch.xpack.watcher.actions.logging; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.SuppressLoggerChecks; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -21,40 +21,40 @@ public enum LoggingLevel implements ToXContent { ERROR() { @Override @SuppressLoggerChecks(reason = "logger delegation") - void log(ESLogger logger, String text) { + void log(Logger logger, String text) { logger.error(text); } }, WARN() { @Override @SuppressLoggerChecks(reason = "logger delegation") - void log(ESLogger logger, String text) { + void log(Logger logger, String text) { logger.warn(text); } }, INFO() { @Override @SuppressLoggerChecks(reason = "logger delegation") - void log(ESLogger logger, String text) { + void log(Logger logger, String text) { logger.info(text); } }, DEBUG() { @Override @SuppressLoggerChecks(reason = "logger delegation") - void log(ESLogger logger, String text) { + void log(Logger logger, String text) { logger.debug(text); } }, TRACE() { @Override @SuppressLoggerChecks(reason = "logger delegation") - void log(ESLogger logger, String text) { + void log(Logger logger, String text) { logger.trace(text); } }; - abstract void log(ESLogger logger, String text); + abstract void log(Logger logger, String text); @Override diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/pagerduty/ExecutablePagerDutyAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/pagerduty/ExecutablePagerDutyAction.java index bb8db884d11..c49f1a6a9ae 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/pagerduty/ExecutablePagerDutyAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/pagerduty/ExecutablePagerDutyAction.java @@ -5,14 +5,14 @@ */ package org.elasticsearch.xpack.watcher.actions.pagerduty; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.xpack.common.text.TextTemplateEngine; -import org.elasticsearch.xpack.watcher.actions.Action; -import org.elasticsearch.xpack.watcher.actions.ExecutableAction; +import org.elasticsearch.xpack.notification.pagerduty.IncidentEvent; import org.elasticsearch.xpack.notification.pagerduty.PagerDutyAccount; import org.elasticsearch.xpack.notification.pagerduty.PagerDutyService; import org.elasticsearch.xpack.notification.pagerduty.SentEvent; -import org.elasticsearch.xpack.notification.pagerduty.IncidentEvent; +import org.elasticsearch.xpack.watcher.actions.Action; +import org.elasticsearch.xpack.watcher.actions.ExecutableAction; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.watcher.support.Variables; import org.elasticsearch.xpack.watcher.watch.Payload; @@ -27,7 +27,7 @@ public class ExecutablePagerDutyAction extends ExecutableAction private final TextTemplateEngine templateEngine; private final PagerDutyService pagerDutyService; - public ExecutablePagerDutyAction(PagerDutyAction action, ESLogger logger, PagerDutyService pagerDutyService, + public ExecutablePagerDutyAction(PagerDutyAction action, Logger logger, PagerDutyService pagerDutyService, TextTemplateEngine templateEngine) { super(action, logger); this.pagerDutyService = pagerDutyService; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/slack/ExecutableSlackAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/slack/ExecutableSlackAction.java index ffeafc46024..3c1ef7be642 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/slack/ExecutableSlackAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/slack/ExecutableSlackAction.java @@ -5,14 +5,14 @@ */ package org.elasticsearch.xpack.watcher.actions.slack; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.xpack.common.text.TextTemplateEngine; -import org.elasticsearch.xpack.watcher.actions.Action; -import org.elasticsearch.xpack.watcher.actions.ExecutableAction; import org.elasticsearch.xpack.notification.slack.SentMessages; import org.elasticsearch.xpack.notification.slack.SlackAccount; import org.elasticsearch.xpack.notification.slack.SlackService; import org.elasticsearch.xpack.notification.slack.message.SlackMessage; +import org.elasticsearch.xpack.watcher.actions.Action; +import org.elasticsearch.xpack.watcher.actions.ExecutableAction; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.watcher.support.Variables; import org.elasticsearch.xpack.watcher.watch.Payload; @@ -27,7 +27,7 @@ public class ExecutableSlackAction extends ExecutableAction { private final TextTemplateEngine templateEngine; private final SlackService slackService; - public ExecutableSlackAction(SlackAction action, ESLogger logger, SlackService slackService, TextTemplateEngine templateEngine) { + public ExecutableSlackAction(SlackAction action, Logger logger, SlackService slackService, TextTemplateEngine templateEngine) { super(action, logger); this.slackService = slackService; this.templateEngine = templateEngine; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/webhook/ExecutableWebhookAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/webhook/ExecutableWebhookAction.java index 62a26122f01..6ac91d9ce93 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/webhook/ExecutableWebhookAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/webhook/ExecutableWebhookAction.java @@ -5,15 +5,15 @@ */ package org.elasticsearch.xpack.watcher.actions.webhook; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; +import org.elasticsearch.xpack.common.http.HttpClient; +import org.elasticsearch.xpack.common.http.HttpRequest; +import org.elasticsearch.xpack.common.http.HttpResponse; import org.elasticsearch.xpack.common.text.TextTemplateEngine; import org.elasticsearch.xpack.watcher.actions.Action; import org.elasticsearch.xpack.watcher.actions.ExecutableAction; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.watcher.support.Variables; -import org.elasticsearch.xpack.common.http.HttpClient; -import org.elasticsearch.xpack.common.http.HttpRequest; -import org.elasticsearch.xpack.common.http.HttpResponse; import org.elasticsearch.xpack.watcher.watch.Payload; import java.util.Map; @@ -25,7 +25,7 @@ public class ExecutableWebhookAction extends ExecutableAction { private final HttpClient httpClient; private final TextTemplateEngine templateEngine; - public ExecutableWebhookAction(WebhookAction action, ESLogger logger, HttpClient httpClient, TextTemplateEngine templateEngine) { + public ExecutableWebhookAction(WebhookAction action, Logger logger, HttpClient httpClient, TextTemplateEngine templateEngine) { super(action, logger); this.httpClient = httpClient; this.templateEngine = templateEngine; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/ConditionFactory.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/ConditionFactory.java index c16c74c11d9..3de9db7ff69 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/ConditionFactory.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/ConditionFactory.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.condition; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.xcontent.XContentParser; import java.io.IOException; @@ -15,9 +15,9 @@ import java.io.IOException; */ public abstract class ConditionFactory> { - protected final ESLogger conditionLogger; + protected final Logger conditionLogger; - public ConditionFactory(ESLogger conditionLogger) { + public ConditionFactory(Logger conditionLogger) { this.conditionLogger = conditionLogger; } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/ExecutableCondition.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/ExecutableCondition.java index eb871596825..7c3eff1c0a7 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/ExecutableCondition.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/ExecutableCondition.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.condition; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; @@ -18,9 +18,9 @@ import java.io.IOException; public abstract class ExecutableCondition implements ToXContent { protected final C condition; - protected final ESLogger logger; + protected final Logger logger; - protected ExecutableCondition(C condition, ESLogger logger) { + protected ExecutableCondition(C condition, Logger logger) { this.condition = condition; this.logger = logger; } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/always/ExecutableAlwaysCondition.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/always/ExecutableAlwaysCondition.java index 6d4e71995c8..0284753ddf3 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/always/ExecutableAlwaysCondition.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/always/ExecutableAlwaysCondition.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.condition.always; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.watcher.condition.ExecutableCondition; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; @@ -16,7 +16,7 @@ import java.io.IOException; */ public class ExecutableAlwaysCondition extends ExecutableCondition { - public ExecutableAlwaysCondition(ESLogger logger) { + public ExecutableAlwaysCondition(Logger logger) { super(AlwaysCondition.INSTANCE, logger); } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/compare/AbstractExecutableCompareCondition.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/compare/AbstractExecutableCompareCondition.java index 568320852be..f0f4048cf3a 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/compare/AbstractExecutableCompareCondition.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/compare/AbstractExecutableCompareCondition.java @@ -5,13 +5,13 @@ */ package org.elasticsearch.xpack.watcher.condition.compare; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; +import org.elasticsearch.xpack.support.clock.Clock; import org.elasticsearch.xpack.watcher.condition.Condition; import org.elasticsearch.xpack.watcher.condition.ExecutableCondition; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.watcher.support.Variables; import org.elasticsearch.xpack.watcher.support.WatcherDateTimeUtils; -import org.elasticsearch.xpack.support.clock.Clock; import org.elasticsearch.xpack.watcher.support.xcontent.ObjectPath; import org.joda.time.DateTime; import org.joda.time.DateTimeZone; @@ -28,7 +28,7 @@ public abstract class AbstractExecutableCompareCondition { - public ExecutableCompareCondition(CompareCondition condition, ESLogger logger, Clock clock) { + public ExecutableCompareCondition(CompareCondition condition, Logger logger, Clock clock) { super(condition, logger, clock); } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/compare/array/ExecutableArrayCompareCondition.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/compare/array/ExecutableArrayCompareCondition.java index 0827acca17d..aa1f037d958 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/compare/array/ExecutableArrayCompareCondition.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/compare/array/ExecutableArrayCompareCondition.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.condition.compare.array; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.xpack.support.clock.Clock; import org.elasticsearch.xpack.watcher.condition.compare.AbstractExecutableCompareCondition; import org.elasticsearch.xpack.watcher.support.xcontent.ObjectPath; @@ -18,7 +18,7 @@ import java.util.Map; public class ExecutableArrayCompareCondition extends AbstractExecutableCompareCondition { - public ExecutableArrayCompareCondition(ArrayCompareCondition condition, ESLogger logger, Clock clock) { + public ExecutableArrayCompareCondition(ArrayCompareCondition condition, Logger logger, Clock clock) { super(condition, logger, clock); } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/never/ExecutableNeverCondition.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/never/ExecutableNeverCondition.java index a304c847315..4fdb70cc6e4 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/never/ExecutableNeverCondition.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/never/ExecutableNeverCondition.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.condition.never; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.watcher.condition.ExecutableCondition; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; @@ -16,7 +16,7 @@ import java.io.IOException; */ public class ExecutableNeverCondition extends ExecutableCondition { - public ExecutableNeverCondition(ESLogger logger) { + public ExecutableNeverCondition(Logger logger) { super(NeverCondition.INSTANCE, logger); } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/script/ExecutableScriptCondition.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/script/ExecutableScriptCondition.java index 7fcf43e432a..bec88e6a726 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/script/ExecutableScriptCondition.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/script/ExecutableScriptCondition.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.condition.script; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.script.CompiledScript; import org.elasticsearch.script.ExecutableScript; import org.elasticsearch.script.Script; @@ -28,7 +28,7 @@ public class ExecutableScriptCondition extends ExecutableCondition new TriggerEvent[size])); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "failed to process triggered events [{}]", + (Object) stream(events.spliterator(), false).toArray(size -> new TriggerEvent[size])), + e); } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/ExecutionService.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/ExecutionService.java index c3a9fe25e8b..35ad6a9f9da 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/ExecutionService.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/ExecutionService.java @@ -5,6 +5,8 @@ */ package org.elasticsearch.xpack.watcher.execution; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.action.ActionListener; import org.elasticsearch.cluster.ClusterState; @@ -15,9 +17,9 @@ import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.util.concurrent.EsRejectedExecutionException; +import org.elasticsearch.xpack.common.stats.Counters; import org.elasticsearch.xpack.support.clock.Clock; import org.elasticsearch.xpack.watcher.Watcher; -import org.elasticsearch.xpack.common.stats.Counters; import org.elasticsearch.xpack.watcher.actions.ActionWrapper; import org.elasticsearch.xpack.watcher.condition.Condition; import org.elasticsearch.xpack.watcher.history.HistoryStore; @@ -199,7 +201,7 @@ public class ExecutionService extends AbstractComponent { try { executeAsync(contexts.get(slot), triggeredWatch); } catch (Exception e) { - logger.error("failed to execute watch [{}]", e, triggeredWatch.id()); + logger.error((Supplier) () -> new ParameterizedMessage("failed to execute watch [{}]", triggeredWatch.id()), e); } } } @@ -280,14 +282,14 @@ public class ExecutionService extends AbstractComponent { historyStore.put(record); } } catch (Exception e) { - logger.error("failed to update watch record [{}]", e, ctx.id()); + logger.error((Supplier) () -> new ParameterizedMessage("failed to update watch record [{}]", ctx.id()), e); // TODO log watch record in logger, when saving in history store failed, otherwise the info is gone! } } try { triggeredWatchStore.delete(ctx.id()); } catch (Exception e) { - logger.error("failed to delete triggered watch [{}]", e, ctx.id()); + logger.error((Supplier) () -> new ParameterizedMessage("failed to delete triggered watch [{}]", ctx.id()), e); } currentExecutions.remove(ctx.watch().id()); if (logger.isTraceEnabled()) { @@ -315,7 +317,7 @@ public class ExecutionService extends AbstractComponent { private void logWatchRecord(WatchExecutionContext ctx, Exception e) { // failed watches stack traces are only logged in debug, otherwise they should be checked out in the history if (logger.isDebugEnabled()) { - logger.debug("failed to execute watch [{}]", e, ctx.id()); + logger.debug((Supplier) () -> new ParameterizedMessage("failed to execute watch [{}]", ctx.id()), e); } else { logger.warn("Failed to execute watch [{}]", ctx.id()); } @@ -461,7 +463,8 @@ public class ExecutionService extends AbstractComponent { try { execute(ctx); } catch (Exception e) { - logger.error("could not execute watch [{}]/[{}]", e, ctx.watch().id(), ctx.id()); + logger.error( + (Supplier) () -> new ParameterizedMessage("could not execute watch [{}]/[{}]", ctx.watch().id(), ctx.id()), e); } } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/SyncTriggerListener.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/SyncTriggerListener.java index 36c28fc142e..f0a3c667971 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/SyncTriggerListener.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/SyncTriggerListener.java @@ -5,22 +5,24 @@ */ package org.elasticsearch.xpack.watcher.execution; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.xpack.watcher.trigger.TriggerEngine; import org.elasticsearch.xpack.watcher.trigger.TriggerEvent; import org.elasticsearch.xpack.watcher.trigger.TriggerService; -import java.util.stream.StreamSupport; +import static java.util.stream.StreamSupport.stream; /** */ public class SyncTriggerListener implements TriggerEngine.Listener { private final ExecutionService executionService; - private final ESLogger logger; + private final Logger logger; @Inject public SyncTriggerListener(Settings settings, ExecutionService executionService, TriggerService triggerService) { @@ -34,8 +36,11 @@ public class SyncTriggerListener implements TriggerEngine.Listener { try { executionService.processEventsSync(events); } catch (Exception e) { - logger.error("failed to process triggered events [{}]", e, - (Object) StreamSupport.stream(events.spliterator(), false).toArray(size -> new TriggerEvent[size])); + logger.error( + (Supplier) () -> new ParameterizedMessage( + "failed to process triggered events [{}]", + (Object) stream(events.spliterator(), false).toArray(size -> new TriggerEvent[size])), + e); } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/TriggeredWatchStore.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/TriggeredWatchStore.java index e5619f2096c..c1b64a9a630 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/TriggeredWatchStore.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/TriggeredWatchStore.java @@ -5,6 +5,8 @@ */ package org.elasticsearch.xpack.watcher.execution; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.admin.indices.refresh.RefreshRequest; import org.elasticsearch.action.admin.indices.refresh.RefreshResponse; @@ -268,7 +270,8 @@ public class TriggeredWatchStore extends AbstractComponent { logger.debug("loaded triggered watch [{}/{}/{}]", sh.index(), sh.type(), sh.id()); triggeredWatches.add(triggeredWatch); } catch (Exception e) { - logger.error("couldn't load triggered watch [{}], ignoring it...", e, id); + logger.error( + (Supplier) () -> new ParameterizedMessage("couldn't load triggered watch [{}], ignoring it...", id), e); } } response = client.searchScroll(response.getScrollId(), scrollTimeout); diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/ExecutableInput.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/ExecutableInput.java index 080497b30a7..6d13cefe091 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/ExecutableInput.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/ExecutableInput.java @@ -5,8 +5,8 @@ */ package org.elasticsearch.xpack.watcher.input; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.Nullable; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; @@ -20,9 +20,9 @@ import java.io.IOException; public abstract class ExecutableInput implements ToXContent { protected final I input; - protected final ESLogger logger; + protected final Logger logger; - protected ExecutableInput(I input, ESLogger logger) { + protected ExecutableInput(I input, Logger logger) { this.input = input; this.logger = logger; } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/InputFactory.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/InputFactory.java index 0734a3f8a68..6d7e900fe14 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/InputFactory.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/InputFactory.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.input; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.xcontent.XContentParser; import java.io.IOException; @@ -15,9 +15,9 @@ import java.io.IOException; */ public abstract class InputFactory> { - protected final ESLogger inputLogger; + protected final Logger inputLogger; - public InputFactory(ESLogger inputLogger) { + public InputFactory(Logger inputLogger) { this.inputLogger = inputLogger; } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/chain/ExecutableChainInput.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/chain/ExecutableChainInput.java index 0a3a002c747..5493f1a5e2e 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/chain/ExecutableChainInput.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/chain/ExecutableChainInput.java @@ -5,8 +5,10 @@ */ package org.elasticsearch.xpack.watcher.input.chain; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.common.collect.Tuple; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.watcher.input.ExecutableInput; import org.elasticsearch.xpack.watcher.input.Input; @@ -17,11 +19,13 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import static org.elasticsearch.xpack.watcher.input.chain.ChainInput.TYPE; + public class ExecutableChainInput extends ExecutableInput { private List> inputs; - public ExecutableChainInput(ChainInput input, List> inputs, ESLogger logger) { + public ExecutableChainInput(ChainInput input, List> inputs, Logger logger) { super(input, logger); this.inputs = inputs; } @@ -40,7 +44,7 @@ public class ExecutableChainInput extends ExecutableInput) () -> new ParameterizedMessage("failed to execute [{}] input for [{}]", TYPE, ctx.watch().id()), e); return new ChainInput.Result(e); } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/http/ExecutableHttpInput.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/http/ExecutableHttpInput.java index 34bf5467650..34eea823f99 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/http/ExecutableHttpInput.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/http/ExecutableHttpInput.java @@ -6,8 +6,10 @@ package org.elasticsearch.xpack.watcher.input.http; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchParseException; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.XContentType; @@ -25,6 +27,8 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import static org.elasticsearch.xpack.watcher.input.http.HttpInput.TYPE; + /** */ public class ExecutableHttpInput extends ExecutableInput { @@ -32,7 +36,7 @@ public class ExecutableHttpInput extends ExecutableInput) () -> new ParameterizedMessage("failed to execute [{}] input for [{}]", TYPE, ctx.watch()), e); return new HttpInput.Result(request, e); } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/none/ExecutableNoneInput.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/none/ExecutableNoneInput.java index 0613b87c7e1..cf18af72462 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/none/ExecutableNoneInput.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/none/ExecutableNoneInput.java @@ -6,7 +6,7 @@ package org.elasticsearch.xpack.watcher.input.none; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.watcher.input.ExecutableInput; import org.elasticsearch.xpack.watcher.watch.Payload; @@ -16,7 +16,7 @@ import org.elasticsearch.xpack.watcher.watch.Payload; */ public class ExecutableNoneInput extends ExecutableInput { - public ExecutableNoneInput(ESLogger logger) { + public ExecutableNoneInput(Logger logger) { super(NoneInput.INSTANCE, logger); } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/search/ExecutableSearchInput.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/search/ExecutableSearchInput.java index 06a50644eb7..b5bf6708117 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/search/ExecutableSearchInput.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/search/ExecutableSearchInput.java @@ -5,11 +5,13 @@ */ package org.elasticsearch.xpack.watcher.input.search; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.search.SearchType; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.bytes.BytesReference; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentHelper; @@ -27,6 +29,7 @@ import org.elasticsearch.xpack.watcher.watch.Payload; import java.util.Map; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; +import static org.elasticsearch.xpack.watcher.input.search.SearchInput.TYPE; /** * An input that executes search and returns the search response as the initial payload @@ -39,7 +42,7 @@ public class ExecutableSearchInput extends ExecutableInput) () -> new ParameterizedMessage("failed to execute [{}] input for [{}]", TYPE, ctx.watch()), e); return new SearchInput.Result(request, e); } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/simple/ExecutableSimpleInput.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/simple/ExecutableSimpleInput.java index 4c0f2075382..513386d67db 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/simple/ExecutableSimpleInput.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/simple/ExecutableSimpleInput.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.input.simple; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.watcher.input.ExecutableInput; import org.elasticsearch.xpack.watcher.watch.Payload; @@ -15,7 +15,7 @@ import org.elasticsearch.xpack.watcher.watch.Payload; */ public class ExecutableSimpleInput extends ExecutableInput { - public ExecutableSimpleInput(SimpleInput input, ESLogger logger) { + public ExecutableSimpleInput(SimpleInput input, Logger logger) { super(input, logger); } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/ExecutableTransform.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/ExecutableTransform.java index dd4aab7bb19..cf4f4421161 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/ExecutableTransform.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/ExecutableTransform.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.transform; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; @@ -19,9 +19,9 @@ import java.io.IOException; public abstract class ExecutableTransform implements ToXContent { protected final T transform; - protected final ESLogger logger; + protected final Logger logger; - public ExecutableTransform(T transform, ESLogger logger) { + public ExecutableTransform(T transform, Logger logger) { this.transform = transform; this.logger = logger; } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/TransformFactory.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/TransformFactory.java index 762b381623f..0e38bb7bd11 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/TransformFactory.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/TransformFactory.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.transform; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.xcontent.XContentParser; import java.io.IOException; @@ -15,9 +15,9 @@ import java.io.IOException; */ public abstract class TransformFactory> { - protected final ESLogger transformLogger; + protected final Logger transformLogger; - public TransformFactory(ESLogger transformLogger) { + public TransformFactory(Logger transformLogger) { this.transformLogger = transformLogger; } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/chain/ExecutableChainTransform.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/chain/ExecutableChainTransform.java index 5d2d3c0f109..1664dd60b9b 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/chain/ExecutableChainTransform.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/chain/ExecutableChainTransform.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.watcher.transform.chain; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.watcher.transform.ExecutableTransform; import org.elasticsearch.xpack.watcher.transform.Transform; @@ -18,6 +20,7 @@ import java.util.Collections; import java.util.List; import static org.elasticsearch.common.logging.LoggerMessageFormat.format; +import static org.elasticsearch.xpack.watcher.transform.chain.ChainTransform.TYPE; /** * @@ -26,11 +29,11 @@ public class ExecutableChainTransform extends ExecutableTransform transforms; - public ExecutableChainTransform(ChainTransform transform, ESLogger logger, ExecutableTransform... transforms) { + public ExecutableChainTransform(ChainTransform transform, Logger logger, ExecutableTransform... transforms) { this(transform, logger, Arrays.asList(transforms)); } - public ExecutableChainTransform(ChainTransform transform, ESLogger logger, List transforms) { + public ExecutableChainTransform(ChainTransform transform, Logger logger, List transforms) { super(transform, logger); this.transforms = Collections.unmodifiableList(transforms); } @@ -45,7 +48,7 @@ public class ExecutableChainTransform extends ExecutableTransform) () -> new ParameterizedMessage("failed to execute [{}] transform for [{}]", TYPE, ctx.id()), e); return new ChainTransform.Result(e, results); } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/script/ExecutableScriptTransform.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/script/ExecutableScriptTransform.java index 426045ad79e..0c829df17da 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/script/ExecutableScriptTransform.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/script/ExecutableScriptTransform.java @@ -5,7 +5,9 @@ */ package org.elasticsearch.xpack.watcher.transform.script; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.script.CompiledScript; import org.elasticsearch.script.ExecutableScript; import org.elasticsearch.script.Script; @@ -22,13 +24,14 @@ import java.util.Map; import static org.elasticsearch.xpack.watcher.support.Exceptions.invalidScript; import static org.elasticsearch.xpack.watcher.support.Variables.createCtxModel; +import static org.elasticsearch.xpack.watcher.transform.script.ScriptTransform.TYPE; public class ExecutableScriptTransform extends ExecutableTransform { private final ScriptService scriptService; private final CompiledScript compiledScript; - public ExecutableScriptTransform(ScriptTransform transform, ESLogger logger, ScriptService scriptService) { + public ExecutableScriptTransform(ScriptTransform transform, Logger logger, ScriptService scriptService) { super(transform, logger); this.scriptService = scriptService; Script script = transform.getScript(); @@ -44,7 +47,7 @@ public class ExecutableScriptTransform extends ExecutableTransform) () -> new ParameterizedMessage("failed to execute [{}] transform for [{}]", TYPE, ctx.id()), e); return new ScriptTransform.Result(e); } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/search/ExecutableSearchTransform.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/search/ExecutableSearchTransform.java index 377b221d615..57f4e725001 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/search/ExecutableSearchTransform.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transform/search/ExecutableSearchTransform.java @@ -5,11 +5,13 @@ */ package org.elasticsearch.xpack.watcher.transform.search; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.search.SearchType; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.bytes.BytesReference; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.script.Script; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; @@ -19,6 +21,8 @@ import org.elasticsearch.xpack.watcher.support.search.WatcherSearchTemplateServi import org.elasticsearch.xpack.watcher.transform.ExecutableTransform; import org.elasticsearch.xpack.watcher.watch.Payload; +import static org.elasticsearch.xpack.watcher.transform.search.SearchTransform.TYPE; + public class ExecutableSearchTransform extends ExecutableTransform { public static final SearchType DEFAULT_SEARCH_TYPE = SearchType.QUERY_THEN_FETCH; @@ -27,7 +31,7 @@ public class ExecutableSearchTransform extends ExecutableTransform) () -> new ParameterizedMessage("failed to execute [{}] transform for [{}]", TYPE, ctx.id()), e); return new SearchTransform.Result(request, e); } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/execute/TransportExecuteWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/execute/TransportExecuteWatchAction.java index 21e638b8155..848c621acb1 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/execute/TransportExecuteWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/execute/TransportExecuteWatchAction.java @@ -5,14 +5,16 @@ */ package org.elasticsearch.xpack.watcher.transport.actions.execute; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; -import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.block.ClusterBlockException; import org.elasticsearch.cluster.block.ClusterBlockLevel; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -21,13 +23,13 @@ import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportService; +import org.elasticsearch.xpack.support.clock.Clock; import org.elasticsearch.xpack.watcher.condition.always.AlwaysCondition; import org.elasticsearch.xpack.watcher.execution.ActionExecutionMode; import org.elasticsearch.xpack.watcher.execution.ExecutionService; import org.elasticsearch.xpack.watcher.execution.ManualExecutionContext; import org.elasticsearch.xpack.watcher.history.WatchRecord; import org.elasticsearch.xpack.watcher.input.simple.SimpleInput; -import org.elasticsearch.xpack.support.clock.Clock; import org.elasticsearch.xpack.watcher.support.xcontent.WatcherParams; import org.elasticsearch.xpack.watcher.transport.actions.WatcherTransportAction; import org.elasticsearch.xpack.watcher.trigger.TriggerEvent; @@ -125,7 +127,7 @@ public class TransportExecuteWatchAction extends WatcherTransportAction) () -> new ParameterizedMessage("failed to execute [{}]", request.getId()), e); listener.onFailure(e); } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/get/TransportGetWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/get/TransportGetWatchAction.java index 119a5c70ef0..94ea8a0a58c 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/get/TransportGetWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/get/TransportGetWatchAction.java @@ -5,8 +5,8 @@ */ package org.elasticsearch.xpack.watcher.transport.actions.get; -import java.io.IOException; - +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; @@ -31,6 +31,8 @@ import org.elasticsearch.xpack.watcher.transport.actions.WatcherTransportAction; import org.elasticsearch.xpack.watcher.watch.Watch; import org.elasticsearch.xpack.watcher.watch.WatchStore; +import java.io.IOException; + import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; /** @@ -87,7 +89,7 @@ public class TransportGetWatchAction extends WatcherTransportAction) () -> new ParameterizedMessage("failed to get watch [{}]", request.getId()), e); throw e; } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/watch/WatchLockService.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/watch/WatchLockService.java index 2aa1f9edc8b..4ec9a5cd186 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/watch/WatchLockService.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/watch/WatchLockService.java @@ -5,6 +5,8 @@ */ package org.elasticsearch.xpack.watcher.watch; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchTimeoutException; import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.inject.Inject; @@ -63,7 +65,7 @@ public class WatchLockService extends AbstractComponent { } catch (InterruptedException ie) { Thread.currentThread().interrupt(); //todo figure out a better std exception for this - logger.error("could not acquire lock for watch [{}]", ie, name); + logger.error((Supplier) () -> new ParameterizedMessage("could not acquire lock for watch [{}]", name), ie); return null; } return new Lock(name, watchLocks); diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/watch/WatchStore.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/watch/WatchStore.java index 4e18fcaa3b6..4975baaa470 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/watch/WatchStore.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/watch/WatchStore.java @@ -5,6 +5,8 @@ */ package org.elasticsearch.xpack.watcher.watch; +import org.apache.logging.log4j.message.ParameterizedMessage; +import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.admin.indices.refresh.RefreshRequest; import org.elasticsearch.action.admin.indices.refresh.RefreshResponse; @@ -31,9 +33,8 @@ import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.search.SearchHit; import org.elasticsearch.search.builder.SearchSourceBuilder; import org.elasticsearch.search.sort.SortBuilders; -import org.elasticsearch.xpack.security.InternalClient; -import org.elasticsearch.xpack.watcher.WatcherFeatureSet; import org.elasticsearch.xpack.common.stats.Counters; +import org.elasticsearch.xpack.security.InternalClient; import org.elasticsearch.xpack.watcher.actions.ActionWrapper; import org.elasticsearch.xpack.watcher.support.init.proxy.WatcherClientProxy; import org.elasticsearch.xpack.watcher.trigger.schedule.Schedule; @@ -93,7 +94,7 @@ public class WatchStore extends AbstractComponent { logger.debug("loaded [{}] watches from the watches index [{}]", count, INDEX); started.set(true); } catch (Exception e) { - logger.debug("failed to load watches for watch index [{}]", e, INDEX); + logger.debug((Supplier) () -> new ParameterizedMessage("failed to load watches for watch index [{}]", INDEX), e); watches.clear(); throw e; } @@ -315,7 +316,7 @@ public class WatchStore extends AbstractComponent { watches.put(id, watch); count++; } catch (Exception e) { - logger.error("couldn't load watch [{}], ignoring it...", e, id); + logger.error((Supplier) () -> new ParameterizedMessage("couldn't load watch [{}], ignoring it...", id), e); } } response = client.searchScroll(response.getScrollId(), scrollTimeout); diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/ActionErrorIntegrationTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/ActionErrorIntegrationTests.java index 920a717801a..cfa11843db1 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/ActionErrorIntegrationTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/ActionErrorIntegrationTests.java @@ -5,8 +5,8 @@ */ package org.elasticsearch.xpack.watcher.actions; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; @@ -144,7 +144,7 @@ public class ActionErrorIntegrationTests extends AbstractWatcherIntegrationTestC public static class Executable extends ExecutableAction { - public Executable(ErrorAction action, ESLogger logger) { + public Executable(ErrorAction action, Logger logger) { super(action, logger); } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/logging/LoggingActionTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/logging/LoggingActionTests.java index 2da0f10c13d..6e25b6c112e 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/logging/LoggingActionTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/logging/LoggingActionTests.java @@ -5,21 +5,21 @@ */ package org.elasticsearch.xpack.watcher.actions.logging; +import org.apache.logging.log4j.Logger; import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.common.SuppressLoggerChecks; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.xpack.common.text.TextTemplate; import org.elasticsearch.xpack.common.text.TextTemplateEngine; +import org.elasticsearch.xpack.notification.email.Attachment; import org.elasticsearch.xpack.watcher.actions.Action; import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; -import org.elasticsearch.xpack.common.text.TextTemplate; import org.elasticsearch.xpack.watcher.test.WatcherTestUtils; import org.elasticsearch.xpack.watcher.watch.Payload; -import org.elasticsearch.xpack.notification.email.Attachment; import org.joda.time.DateTime; import org.junit.Before; @@ -42,16 +42,15 @@ import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -/** - */ public class LoggingActionTests extends ESTestCase { - private ESLogger actionLogger; + + private Logger actionLogger; private LoggingLevel level; private TextTemplateEngine engine; @Before public void init() throws IOException { - actionLogger = mock(ESLogger.class); + actionLogger = mock(Logger.class); level = randomFrom(LoggingLevel.values()); engine = mock(TextTemplateEngine.class); } @@ -192,7 +191,7 @@ public class LoggingActionTests extends ESTestCase { } @SuppressLoggerChecks(reason = "mock usage") - static void verifyLogger(ESLogger logger, LoggingLevel level, String text) { + static void verifyLogger(Logger logger, LoggingLevel level, String text) { switch (level) { case ERROR: verify(logger, times(1)).error(text); @@ -213,4 +212,5 @@ public class LoggingActionTests extends ESTestCase { fail("unhandled logging level [" + level.name() + "]"); } } + } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookActionTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookActionTests.java index 0d845d1b8b7..78e8ca95185 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookActionTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookActionTests.java @@ -16,6 +16,7 @@ import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.env.Environment; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.common.text.TextTemplateEngine; +import org.elasticsearch.xpack.ssl.SSLService; import org.elasticsearch.xpack.watcher.actions.Action; import org.elasticsearch.xpack.watcher.actions.Action.Result.Status; import org.elasticsearch.xpack.watcher.execution.TriggeredExecutionContext; @@ -224,8 +225,8 @@ public class WebhookActionTests extends ESTestCase { public void testThatSelectingProxyWorks() throws Exception { Environment environment = new Environment(Settings.builder().put("path.home", createTempDir()).build()); - HttpClient httpClient = new HttpClient(Settings.EMPTY, authRegistry, environment); - httpClient.start(); + HttpClient httpClient = new HttpClient(Settings.EMPTY, authRegistry, environment, + new SSLService(environment.settings(), environment)); MockWebServer proxyServer = new MockWebServer(); try { diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookHttpsIntegrationTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookHttpsIntegrationTests.java index 983e31f7bd2..f3af18ff56f 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookHttpsIntegrationTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/webhook/WebhookHttpsIntegrationTests.java @@ -50,8 +50,8 @@ public class WebhookHttpsIntegrationTests extends AbstractWatcherIntegrationTest Path resource = getDataPath("/org/elasticsearch/xpack/security/keystore/testnode.jks"); return Settings.builder() .put(super.nodeSettings(nodeOrdinal)) - .put(HttpClient.SETTINGS_SSL_KEYSTORE, resource.toString()) - .put(HttpClient.SETTINGS_SSL_KEYSTORE_PASSWORD, "testnode") + .put("xpack.http.ssl.keystore.path", resource.toString()) + .put("xpack.http.ssl.keystore.password", "testnode") .build(); } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java index 27f0605259a..d68f4857de2 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java @@ -6,7 +6,6 @@ package org.elasticsearch.xpack.watcher.history; import org.elasticsearch.action.search.SearchResponse; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.search.aggregations.Aggregations; @@ -35,9 +34,9 @@ import static org.hamcrest.Matchers.notNullValue; * not analyzed so they can be used in aggregations */ public class HistoryTemplateEmailMappingsTests extends AbstractWatcherIntegrationTestCase { - private static final ESLogger logger = Loggers.getLogger(HistoryTemplateEmailMappingsTests.class); - static final String USERNAME = "_user"; - static final String PASSWORD = "_passwd"; + + private static final String USERNAME = "_user"; + private static final String PASSWORD = "_passwd"; private static EmailServer server; @@ -46,6 +45,7 @@ public class HistoryTemplateEmailMappingsTests extends AbstractWatcherIntegratio if (server != null) { server.stop(); } + server = null; } @Override @@ -60,9 +60,9 @@ public class HistoryTemplateEmailMappingsTests extends AbstractWatcherIntegratio @BeforeClass public static void setupEmailServer() { - if(server == null) { + if (server == null) { //Need to construct the Email Server here as this happens before init() - server = EmailServer.localhost("2500-2600", USERNAME, PASSWORD, logger); + server = EmailServer.localhost("2500-2600", USERNAME, PASSWORD, Loggers.getLogger(HistoryTemplateTimeMappingsTests.class)); } } @@ -155,4 +155,5 @@ public class HistoryTemplateEmailMappingsTests extends AbstractWatcherIntegratio assertThat(terms.getBucketByKey("rt2@example.com"), notNullValue()); assertThat(terms.getBucketByKey("rt2@example.com").getDocCount(), is(1L)); } + } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/WatcherTestUtils.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/WatcherTestUtils.java index 76126d3dafd..3717c620999 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/WatcherTestUtils.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/WatcherTestUtils.java @@ -5,12 +5,12 @@ */ package org.elasticsearch.xpack.watcher.test; +import org.apache.logging.log4j.Logger; import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.action.search.SearchType; import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.common.Strings; import org.elasticsearch.common.bytes.BytesReference; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.xcontent.XContent; @@ -174,14 +174,14 @@ public final class WatcherTestUtils { public static Watch createTestWatch(String watchName, HttpClient httpClient, EmailService emailService, - WatcherSearchTemplateService searchTemplateService, ESLogger logger) throws AddressException { + WatcherSearchTemplateService searchTemplateService, Logger logger) throws AddressException { WatcherClientProxy client = WatcherClientProxy.of(ESIntegTestCase.client()); return createTestWatch(watchName, client, httpClient, emailService, searchTemplateService, logger); } public static Watch createTestWatch(String watchName, WatcherClientProxy client, HttpClient httpClient, EmailService emailService, - WatcherSearchTemplateService searchTemplateService, ESLogger logger) throws AddressException { + WatcherSearchTemplateService searchTemplateService, Logger logger) throws AddressException { WatcherSearchTemplateRequest transformRequest = templateRequest(searchSource().query(matchAllQuery()), "my-payload-index"); diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/BasicWatcherTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/BasicWatcherTests.java index 007f7b9c91b..55f3b8cf043 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/BasicWatcherTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/BasicWatcherTests.java @@ -384,11 +384,9 @@ public class BasicWatcherTests extends AbstractWatcherIntegrationTestCase { logger.info("created watch [{}] at [{}]", watchName, SystemClock.INSTANCE.nowUTC()); client().prepareIndex("events", "event") - .setCreate(true) .setSource("level", "a") .get(); client().prepareIndex("events", "event") - .setCreate(true) .setSource("level", "a") .get(); @@ -397,7 +395,6 @@ public class BasicWatcherTests extends AbstractWatcherIntegrationTestCase { assertWatchWithNoActionNeeded(watchName, 1); client().prepareIndex("events", "event") - .setCreate(true) .setSource("level", "b") .get(); refresh(); @@ -405,7 +402,6 @@ public class BasicWatcherTests extends AbstractWatcherIntegrationTestCase { assertWatchWithNoActionNeeded(watchName, 2); client().prepareIndex("events", "event") - .setCreate(true) .setSource("level", "a") .get(); refresh(); diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transform/chain/ChainTransformTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transform/chain/ChainTransformTests.java index 4fa70235414..382fd4a6f15 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transform/chain/ChainTransformTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/transform/chain/ChainTransformTests.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.xpack.watcher.transform.chain; -import org.elasticsearch.common.logging.ESLogger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -194,7 +194,7 @@ public class ChainTransformTests extends ESTestCase { } public static class Factory extends TransformFactory { - public Factory(ESLogger transformLogger) { + public Factory(Logger transformLogger) { super(transformLogger); } @@ -230,7 +230,7 @@ public class ChainTransformTests extends ESTestCase { FailingExecutableTransform.Result> { private static final String TYPE = "throwing"; - public FailingExecutableTransform(ESLogger logger) { + public FailingExecutableTransform(Logger logger) { super(new Transform(), logger); } @@ -263,7 +263,7 @@ public class ChainTransformTests extends ESTestCase { } public static class Factory extends TransformFactory { - public Factory(ESLogger transformLogger) { + public Factory(Logger transformLogger) { super(transformLogger); } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/trigger/ScheduleTriggerEngineMock.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/trigger/ScheduleTriggerEngineMock.java index 16a87d205bb..424aa09ce91 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/trigger/ScheduleTriggerEngineMock.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/trigger/ScheduleTriggerEngineMock.java @@ -5,8 +5,8 @@ */ package org.elasticsearch.xpack.watcher.trigger; +import org.apache.logging.log4j.Logger; import org.elasticsearch.common.inject.Inject; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; @@ -32,7 +32,7 @@ import java.util.concurrent.ConcurrentMap; */ public class ScheduleTriggerEngineMock extends ScheduleTriggerEngine { - private final ESLogger logger; + private final Logger logger; private final ConcurrentMap jobs = new ConcurrentHashMap<>(); @Inject diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/watch/WatchTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/watch/WatchTests.java index 6612682d64e..9ff4ef0c06b 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/watch/WatchTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/watch/WatchTests.java @@ -5,9 +5,9 @@ */ package org.elasticsearch.xpack.watcher.watch; +import org.apache.logging.log4j.Logger; import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.common.bytes.BytesReference; -import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; @@ -149,7 +149,7 @@ public class WatchTests extends ESTestCase { private HtmlSanitizer htmlSanitizer; private HttpAuthRegistry authRegistry; private XPackLicenseState licenseState; - private ESLogger logger; + private Logger logger; private Settings settings = Settings.EMPTY; private WatcherSearchTemplateService searchTemplateService;