Adopt to network settings cleanup in elastic/elasticsearch#25489
Original commit: elastic/x-pack-elasticsearch@364bb260ee
This commit is contained in:
Simon Willnauer
parent
02c0ad2aad
commit
20f6d66294
|
|
@ -17,6 +17,7 @@ import org.elasticsearch.common.util.concurrent.ThreadContext;
|
|||
import org.elasticsearch.license.XPackLicenseState;
|
||||
import org.elasticsearch.tasks.Task;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.TcpTransport;
|
||||
import org.elasticsearch.transport.Transport;
|
||||
import org.elasticsearch.transport.TransportChannel;
|
||||
import org.elasticsearch.transport.TransportException;
|
||||
|
|
@ -28,7 +29,6 @@ import org.elasticsearch.transport.TransportResponse;
|
|||
import org.elasticsearch.transport.TransportResponseHandler;
|
||||
import org.elasticsearch.transport.TransportService;
|
||||
import org.elasticsearch.transport.TransportService.ContextRestoreResponseHandler;
|
||||
import org.elasticsearch.transport.TransportSettings;
|
||||
import org.elasticsearch.xpack.XPackSettings;
|
||||
import org.elasticsearch.xpack.security.SecurityContext;
|
||||
import org.elasticsearch.xpack.security.authc.AuthenticationService;
|
||||
|
|
@ -168,9 +168,9 @@ public class SecurityServerTransportInterceptor extends AbstractComponent implem
|
|||
}
|
||||
}
|
||||
|
||||
if (!profileFilters.containsKey(TransportSettings.DEFAULT_PROFILE)) {
|
||||
if (!profileFilters.containsKey(TcpTransport.DEFAULT_PROFILE)) {
|
||||
final boolean extractClientCert = sslService.isSSLClientAuthEnabled(transportSSLSettings);
|
||||
profileFilters.put(TransportSettings.DEFAULT_PROFILE, new ServerTransportFilter.NodeProfile(authcService, authzService,
|
||||
profileFilters.put(TcpTransport.DEFAULT_PROFILE, new ServerTransportFilter.NodeProfile(authcService, authzService,
|
||||
threadPool.getThreadContext(), extractClientCert, destructiveOperations, reservedRealmEnabled, securityContext));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ import org.elasticsearch.common.settings.Settings;
|
|||
import org.elasticsearch.common.transport.BoundTransportAddress;
|
||||
import org.elasticsearch.common.transport.TransportAddress;
|
||||
import org.elasticsearch.license.XPackLicenseState;
|
||||
import org.elasticsearch.transport.TransportSettings;
|
||||
import org.elasticsearch.transport.TcpTransport;
|
||||
import org.elasticsearch.xpack.security.audit.AuditTrailService;
|
||||
|
||||
import java.net.InetSocketAddress;
|
||||
|
|
@ -118,7 +118,7 @@ public class IPFilter {
|
|||
isHttpFilterEnabled = IP_FILTER_ENABLED_HTTP_SETTING.get(settings);
|
||||
isIpFilterEnabled = IP_FILTER_ENABLED_SETTING.get(settings);
|
||||
|
||||
this.transportGroups = TransportSettings.TRANSPORT_PROFILES_SETTING.get(settings).getAsGroups(); // this is pretty crazy that we
|
||||
this.transportGroups = TcpTransport.TRANSPORT_PROFILES_SETTING.get(settings).getAsGroups(); // this is pretty crazy that we
|
||||
// allow this to be updateable!!! - we have to fix this very soon
|
||||
clusterSettings.addSettingsUpdateConsumer(IP_FILTER_ENABLED_HTTP_SETTING, this::setHttpFiltering);
|
||||
clusterSettings.addSettingsUpdateConsumer(IP_FILTER_ENABLED_SETTING, this::setTransportFiltering);
|
||||
|
|
@ -126,7 +126,7 @@ public class IPFilter {
|
|||
clusterSettings.addSettingsUpdateConsumer(TRANSPORT_FILTER_DENY_SETTING, this::setTransportDenyFilter);
|
||||
clusterSettings.addSettingsUpdateConsumer(HTTP_FILTER_ALLOW_SETTING, this::setHttpAllowFilter);
|
||||
clusterSettings.addSettingsUpdateConsumer(HTTP_FILTER_DENY_SETTING, this::setHttpDenyFilter);
|
||||
clusterSettings.addSettingsUpdateConsumer(TransportSettings.TRANSPORT_PROFILES_SETTING, this::setTransportProfiles);
|
||||
clusterSettings.addSettingsUpdateConsumer(TcpTransport.TRANSPORT_PROFILES_SETTING, this::setTransportProfiles);
|
||||
updateRules();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ import org.elasticsearch.common.settings.Settings;
|
|||
import org.elasticsearch.common.util.BigArrays;
|
||||
import org.elasticsearch.indices.breaker.CircuitBreakerService;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.TransportSettings;
|
||||
import org.elasticsearch.transport.TcpTransport;
|
||||
import org.elasticsearch.transport.netty4.Netty4Transport;
|
||||
import org.elasticsearch.xpack.ssl.SSLConfiguration;
|
||||
import org.elasticsearch.xpack.ssl.SSLService;
|
||||
|
|
@ -65,8 +65,8 @@ public class SecurityNetty4Transport extends Netty4Transport {
|
|||
profileConfiguration.put(entry.getKey(), configuration);
|
||||
}
|
||||
|
||||
if (profileConfiguration.containsKey(TransportSettings.DEFAULT_PROFILE) == false) {
|
||||
profileConfiguration.put(TransportSettings.DEFAULT_PROFILE, sslConfiguration);
|
||||
if (profileConfiguration.containsKey(TcpTransport.DEFAULT_PROFILE) == false) {
|
||||
profileConfiguration.put(TcpTransport.DEFAULT_PROFILE, sslConfiguration);
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ import org.elasticsearch.common.Strings;
|
|||
import org.elasticsearch.common.component.AbstractComponent;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.transport.TransportSettings;
|
||||
import org.elasticsearch.transport.TcpTransport;
|
||||
import org.elasticsearch.xpack.XPackSettings;
|
||||
import org.elasticsearch.xpack.common.socket.SocketAccess;
|
||||
import org.elasticsearch.xpack.security.Security;
|
||||
|
|
@ -852,7 +852,7 @@ public class SSLService extends AbstractComponent {
|
|||
|
||||
private static List<Settings> getTransportProfileSSLSettings(Settings settings) {
|
||||
List<Settings> sslSettings = new ArrayList<>();
|
||||
Map<String, Settings> profiles = TransportSettings.TRANSPORT_PROFILES_SETTING.get(settings).getAsGroups(true);
|
||||
Map<String, Settings> profiles = TcpTransport.TRANSPORT_PROFILES_SETTING.get(settings).getAsGroups(true);
|
||||
for (Entry<String, Settings> entry : profiles.entrySet()) {
|
||||
Settings profileSettings = entry.getValue().getByPrefix("xpack.security.ssl.");
|
||||
if (profileSettings.isEmpty() == false) {
|
||||
|
|
|
|||
|
|
@ -19,9 +19,9 @@ import org.elasticsearch.common.settings.ClusterSettings;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.transport.TcpTransport;
|
||||
import org.elasticsearch.transport.TransportChannel;
|
||||
import org.elasticsearch.transport.TransportRequest;
|
||||
import org.elasticsearch.transport.TransportSettings;
|
||||
import org.elasticsearch.xpack.security.SecurityContext;
|
||||
import org.elasticsearch.xpack.security.authc.Authentication;
|
||||
import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
|
||||
|
|
@ -68,7 +68,7 @@ public class ServerTransportFilterTests extends ESTestCase {
|
|||
authcService = mock(AuthenticationService.class);
|
||||
authzService = mock(AuthorizationService.class);
|
||||
channel = mock(TransportChannel.class);
|
||||
when(channel.getProfileName()).thenReturn(TransportSettings.DEFAULT_PROFILE);
|
||||
when(channel.getProfileName()).thenReturn(TcpTransport.DEFAULT_PROFILE);
|
||||
when(channel.getVersion()).thenReturn(Version.CURRENT);
|
||||
failDestructiveOperations = randomBoolean();
|
||||
Settings settings = Settings.builder()
|
||||
|
|
|
|||
|
|
@ -18,8 +18,8 @@ import org.elasticsearch.node.MockNode;
|
|||
import org.elasticsearch.node.Node;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.test.junit.annotations.Network;
|
||||
import org.elasticsearch.transport.TcpTransport;
|
||||
import org.elasticsearch.transport.Transport;
|
||||
import org.elasticsearch.transport.TransportSettings;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.elasticsearch.xpack.security.audit.AuditTrailService;
|
||||
import org.junit.Before;
|
||||
|
|
@ -62,7 +62,7 @@ public class IPFilterTests extends ESTestCase {
|
|||
IPFilter.IP_FILTER_ENABLED_SETTING,
|
||||
IPFilter.TRANSPORT_FILTER_ALLOW_SETTING,
|
||||
IPFilter.TRANSPORT_FILTER_DENY_SETTING,
|
||||
TransportSettings.TRANSPORT_PROFILES_SETTING)));
|
||||
TcpTransport.TRANSPORT_PROFILES_SETTING)));
|
||||
|
||||
httpTransport = mock(HttpServerTransport.class);
|
||||
TransportAddress httpAddress = new TransportAddress(InetAddress.getLoopbackAddress(), 9200);
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ public class DNSOnlyHostnameVerificationTests extends SecurityIntegTestCase {
|
|||
@BeforeClass
|
||||
public static void resolveNameForMachine() throws Exception {
|
||||
assert keystore == null : "keystore is only set by this method and it should only be called once";
|
||||
NetworkService networkService = new NetworkService(Settings.EMPTY, Collections.emptyList());
|
||||
NetworkService networkService = new NetworkService(Collections.emptyList());
|
||||
InetAddress inetAddress = networkService.resolvePublishHostAddresses(null);
|
||||
hostName = getHostName(inetAddress);
|
||||
String hostAddress = NetworkAddress.format(inetAddress);
|
||||
|
|
|
|||
|
|
@ -6,11 +6,10 @@
|
|||
package org.elasticsearch.xpack.security.transport.netty4;
|
||||
|
||||
import org.elasticsearch.client.Client;
|
||||
import org.elasticsearch.common.settings.MockSecureSettings;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||
import org.elasticsearch.test.SecuritySettingsSource;
|
||||
import org.elasticsearch.transport.TransportSettings;
|
||||
import org.elasticsearch.transport.TcpTransport;
|
||||
import org.elasticsearch.xpack.ssl.SSLClientAuth;
|
||||
|
||||
import java.nio.file.Files;
|
||||
|
|
@ -60,7 +59,7 @@ public class IPHostnameVerificationTests extends SecurityIntegTestCase {
|
|||
});
|
||||
return settingsBuilder.put("xpack.ssl.keystore.path", keystore.toAbsolutePath()) // settings for client truststore
|
||||
.put("xpack.ssl.truststore.path", keystore.toAbsolutePath()) // settings for client truststore
|
||||
.put(TransportSettings.BIND_HOST.getKey(), "127.0.0.1")
|
||||
.put(TcpTransport.BIND_HOST.getKey(), "127.0.0.1")
|
||||
.put("network.host", "127.0.0.1")
|
||||
.put("xpack.ssl.client_authentication", SSLClientAuth.NONE)
|
||||
.put("xpack.ssl.verification_mode", "full")
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@ import org.elasticsearch.common.transport.TransportAddress;
|
|||
import org.elasticsearch.http.HttpServerTransport;
|
||||
import org.elasticsearch.license.XPackLicenseState;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.transport.TcpTransport;
|
||||
import org.elasticsearch.transport.Transport;
|
||||
import org.elasticsearch.transport.TransportSettings;
|
||||
import org.elasticsearch.xpack.security.audit.AuditTrailService;
|
||||
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
|
||||
import org.junit.Before;
|
||||
|
|
@ -54,7 +54,7 @@ public class IpFilterRemoteAddressFilterTests extends ESTestCase {
|
|||
IPFilter.IP_FILTER_ENABLED_SETTING,
|
||||
IPFilter.TRANSPORT_FILTER_ALLOW_SETTING,
|
||||
IPFilter.TRANSPORT_FILTER_DENY_SETTING,
|
||||
TransportSettings.TRANSPORT_PROFILES_SETTING)));
|
||||
TcpTransport.TRANSPORT_PROFILES_SETTING)));
|
||||
XPackLicenseState licenseState = mock(XPackLicenseState.class);
|
||||
when(licenseState.isIpFilteringAllowed()).thenReturn(true);
|
||||
AuditTrailService auditTrailService = new AuditTrailService(settings, Collections.emptyList(), licenseState);
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ import org.junit.Before;
|
|||
import javax.net.ssl.SSLEngine;
|
||||
|
||||
import java.nio.file.Path;
|
||||
import java.util.Collections;
|
||||
import java.util.Locale;
|
||||
|
||||
import static org.hamcrest.Matchers.arrayContaining;
|
||||
|
|
@ -60,8 +61,9 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
|||
.put(env.settings())
|
||||
.put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true).build();
|
||||
sslService = new SSLService(settings, env);
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(), new NullDispatcher());
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings,
|
||||
new NetworkService(Collections.emptyList()), mock(BigArrays.class), mock(IPFilter.class), sslService,
|
||||
mock(ThreadPool.class), xContentRegistry(), new NullDispatcher());
|
||||
Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport);
|
||||
ChannelHandler handler = transport.configureServerChannelHandler();
|
||||
final EmbeddedChannel ch = new EmbeddedChannel(handler);
|
||||
|
|
@ -76,8 +78,9 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
|||
.put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true)
|
||||
.put("xpack.security.http.ssl.client_authentication", value).build();
|
||||
sslService = new SSLService(settings, env);
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(), new NullDispatcher());
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings,
|
||||
new NetworkService(Collections.emptyList()), mock(BigArrays.class), mock(IPFilter.class), sslService,
|
||||
mock(ThreadPool.class), xContentRegistry(), new NullDispatcher());
|
||||
Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport);
|
||||
ChannelHandler handler = transport.configureServerChannelHandler();
|
||||
final EmbeddedChannel ch = new EmbeddedChannel(handler);
|
||||
|
|
@ -92,8 +95,9 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
|||
.put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true)
|
||||
.put("xpack.security.http.ssl.client_authentication", value).build();
|
||||
sslService = new SSLService(settings, env);
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(), new NullDispatcher());
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings,
|
||||
new NetworkService(Collections.emptyList()), mock(BigArrays.class), mock(IPFilter.class), sslService,
|
||||
mock(ThreadPool.class), xContentRegistry(), new NullDispatcher());
|
||||
Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport);
|
||||
ChannelHandler handler = transport.configureServerChannelHandler();
|
||||
final EmbeddedChannel ch = new EmbeddedChannel(handler);
|
||||
|
|
@ -108,8 +112,9 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
|||
.put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true)
|
||||
.put("xpack.security.http.ssl.client_authentication", value).build();
|
||||
sslService = new SSLService(settings, env);
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(), new NullDispatcher());
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings,
|
||||
new NetworkService(Collections.emptyList()), mock(BigArrays.class), mock(IPFilter.class), sslService,
|
||||
mock(ThreadPool.class), xContentRegistry(), new NullDispatcher());
|
||||
Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport);
|
||||
ChannelHandler handler = transport.configureServerChannelHandler();
|
||||
final EmbeddedChannel ch = new EmbeddedChannel(handler);
|
||||
|
|
@ -122,8 +127,9 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
|||
.put(env.settings())
|
||||
.put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true).build();
|
||||
sslService = new SSLService(settings, env);
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(), new NullDispatcher());
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings,
|
||||
new NetworkService(Collections.emptyList()), mock(BigArrays.class), mock(IPFilter.class), sslService,
|
||||
mock(ThreadPool.class), xContentRegistry(), new NullDispatcher());
|
||||
Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport);
|
||||
ChannelHandler handler = transport.configureServerChannelHandler();
|
||||
EmbeddedChannel ch = new EmbeddedChannel(handler);
|
||||
|
|
@ -135,7 +141,7 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
|||
.put("xpack.security.http.ssl.supported_protocols", "TLSv1.2")
|
||||
.build();
|
||||
sslService = new SSLService(settings, new Environment(settings));
|
||||
transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
transport = new SecurityNetty4HttpServerTransport(settings, new NetworkService(Collections.emptyList()),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(), new NullDispatcher());
|
||||
Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport);
|
||||
handler = transport.configureServerChannelHandler();
|
||||
|
|
@ -186,7 +192,7 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
|||
env = new Environment(settings);
|
||||
sslService = new SSLService(settings, env);
|
||||
IllegalArgumentException e = expectThrows(IllegalArgumentException.class,
|
||||
() -> new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class), mock(BigArrays.class),
|
||||
() -> new SecurityNetty4HttpServerTransport(settings, new NetworkService(Collections.emptyList()), mock(BigArrays.class),
|
||||
mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(), new NullDispatcher()));
|
||||
assertThat(e.getMessage(), containsString("key must be provided"));
|
||||
}
|
||||
|
|
@ -202,8 +208,9 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
|||
.build();
|
||||
env = new Environment(settings);
|
||||
sslService = new SSLService(settings, env);
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(), new NullDispatcher());
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings,
|
||||
new NetworkService(Collections.emptyList()), mock(BigArrays.class), mock(IPFilter.class), sslService,
|
||||
mock(ThreadPool.class), xContentRegistry(), new NullDispatcher());
|
||||
assertNotNull(transport.configureServerChannelHandler());
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ import org.junit.Before;
|
|||
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import java.nio.file.Path;
|
||||
import java.util.Collections;
|
||||
import java.util.Locale;
|
||||
|
||||
import static org.hamcrest.Matchers.is;
|
||||
|
|
@ -61,7 +62,7 @@ public class SecurityNetty4TransportTests extends ESTestCase {
|
|||
return new SecurityNetty4Transport(
|
||||
settings,
|
||||
mock(ThreadPool.class),
|
||||
mock(NetworkService.class),
|
||||
new NetworkService(Collections.emptyList()),
|
||||
mock(BigArrays.class),
|
||||
mock(NamedWriteableRegistry.class),
|
||||
mock(CircuitBreakerService.class),
|
||||
|
|
|
|||
Loading…
Reference in New Issue