mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-17 18:35:25 +00:00
Merge remote-tracking branch 'origin/master' into strict-booleans
Original commit: elastic/x-pack-elasticsearch@a81d65f77f
This commit is contained in:
Daniel Mitterdorfer
commit
226d6872ff
@ -1,9 +1,9 @@
|
||||
appender.audit_rolling.type = RollingFile
|
||||
appender.audit_rolling.name = audit_rolling
|
||||
appender.audit_rolling.fileName = ${sys:es.logs}_access.log
|
||||
appender.audit_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_access.log
|
||||
appender.audit_rolling.layout.type = PatternLayout
|
||||
appender.audit_rolling.layout.pattern = [%d{ISO8601}] %m%n
|
||||
appender.audit_rolling.filePattern = ${sys:es.logs}_access-%d{yyyy-MM-dd}.log
|
||||
appender.audit_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_access-%d{yyyy-MM-dd}.log
|
||||
appender.audit_rolling.policies.type = Policies
|
||||
appender.audit_rolling.policies.time.type = TimeBasedTriggeringPolicy
|
||||
appender.audit_rolling.policies.time.interval = 1
|
||||
|
||||
@ -459,8 +459,8 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<TransportInterceptor> getTransportInterceptors(NamedWriteableRegistry namedWriteableRegistry) {
|
||||
return security.getTransportInterceptors(namedWriteableRegistry);
|
||||
public List<TransportInterceptor> getTransportInterceptors(NamedWriteableRegistry namedWriteableRegistry, ThreadContext threadContext) {
|
||||
return security.getTransportInterceptors(namedWriteableRegistry, threadContext);
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -476,9 +476,10 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
|
||||
CircuitBreakerService circuitBreakerService,
|
||||
NamedWriteableRegistry namedWriteableRegistry,
|
||||
NamedXContentRegistry xContentRegistry,
|
||||
NetworkService networkService) {
|
||||
NetworkService networkService,
|
||||
HttpServerTransport.Dispatcher dispatcher) {
|
||||
return security.getHttpTransports(settings, threadPool, bigArrays, circuitBreakerService, namedWriteableRegistry, xContentRegistry,
|
||||
networkService);
|
||||
networkService, dispatcher);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -15,9 +15,7 @@ import org.elasticsearch.cli.EnvironmentAwareCommand;
|
||||
import org.elasticsearch.cli.Terminal;
|
||||
import org.elasticsearch.cli.UserException;
|
||||
import org.elasticsearch.common.io.FileSystemUtils;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.node.internal.InternalSettingsPreparer;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
@ -29,7 +27,6 @@ import java.nio.file.Path;
|
||||
import java.nio.file.StandardCopyOption;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Map;
|
||||
import java.util.List;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Comparator;
|
||||
|
||||
@ -8,9 +8,7 @@ package org.elasticsearch.xpack.extensions;
|
||||
import joptsimple.OptionSet;
|
||||
import org.elasticsearch.cli.EnvironmentAwareCommand;
|
||||
import org.elasticsearch.cli.Terminal;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.node.internal.InternalSettingsPreparer;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.file.DirectoryStream;
|
||||
@ -19,7 +17,6 @@ import java.nio.file.Path;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.elasticsearch.cli.Terminal.Verbosity.VERBOSE;
|
||||
import static org.elasticsearch.xpack.XPackPlugin.resolveXPackExtensionsFile;
|
||||
|
||||
@ -13,16 +13,13 @@ import org.elasticsearch.cli.EnvironmentAwareCommand;
|
||||
import org.elasticsearch.cli.Terminal;
|
||||
import org.elasticsearch.cli.UserException;
|
||||
import org.elasticsearch.common.Strings;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.node.internal.InternalSettingsPreparer;
|
||||
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.StandardCopyOption;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.elasticsearch.cli.Terminal.Verbosity.VERBOSE;
|
||||
import static org.elasticsearch.xpack.XPackPlugin.resolveXPackExtensionsFile;
|
||||
|
||||
@ -116,7 +116,7 @@ public class MonitoringBulkResponse extends ActionResponse {
|
||||
@Override
|
||||
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
|
||||
builder.startObject();
|
||||
ElasticsearchException.toXContent(builder, params, cause);
|
||||
ElasticsearchException.generateThrowableXContent(builder, params, cause);
|
||||
builder.endObject();
|
||||
return builder;
|
||||
}
|
||||
|
||||
@ -61,8 +61,7 @@ public class ExportException extends ElasticsearchException implements Iterable<
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void innerToXContent(XContentBuilder builder, Params params) throws IOException {
|
||||
super.innerToXContent(builder, params);
|
||||
protected void metadataToXContent(XContentBuilder builder, Params params) throws IOException {
|
||||
if (hasExportExceptions()) {
|
||||
builder.startArray("exceptions");
|
||||
for (ExportException exception : exceptions) {
|
||||
|
||||
@ -166,7 +166,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
|
||||
/* what a PITA that we need an extra indirection to initialize this. Yet, once we got rid of guice we can thing about how
|
||||
* to fix this or make it simpler. Today we need several service that are created in createComponents but we need to register
|
||||
* an instance of TransportInterceptor way earlier before createComponents is called. */
|
||||
private final SetOnce<TransportInterceptor> securityIntercepter = new SetOnce<>();
|
||||
private final SetOnce<TransportInterceptor> securityInterceptor = new SetOnce<>();
|
||||
private final SetOnce<IPFilter> ipFilter = new SetOnce<>();
|
||||
private final SetOnce<AuthenticationService> authcService = new SetOnce<>();
|
||||
|
||||
@ -334,7 +334,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
|
||||
ipFilter.set(new IPFilter(settings, auditTrailService, clusterService.getClusterSettings(), licenseState));
|
||||
components.add(ipFilter.get());
|
||||
DestructiveOperations destructiveOperations = new DestructiveOperations(settings, clusterService.getClusterSettings());
|
||||
securityIntercepter.set(new SecurityServerTransportInterceptor(settings, threadPool, authcService.get(), authzService, licenseState,
|
||||
securityInterceptor.set(new SecurityServerTransportInterceptor(settings, threadPool, authcService.get(), authzService, licenseState,
|
||||
sslService, securityContext, destructiveOperations));
|
||||
return components;
|
||||
}
|
||||
@ -686,7 +686,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<TransportInterceptor> getTransportInterceptors(NamedWriteableRegistry namedWriteableRegistry) {
|
||||
public List<TransportInterceptor> getTransportInterceptors(NamedWriteableRegistry namedWriteableRegistry, ThreadContext threadContext) {
|
||||
if (transportClientMode || enabled == false) { // don't register anything if we are not enabled
|
||||
// interceptors are not installed if we are running on the transport client
|
||||
return Collections.emptyList();
|
||||
@ -695,14 +695,14 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
|
||||
@Override
|
||||
public <T extends TransportRequest> TransportRequestHandler<T> interceptHandler(String action, String executor,
|
||||
TransportRequestHandler<T> actualHandler) {
|
||||
assert securityIntercepter.get() != null;
|
||||
return securityIntercepter.get().interceptHandler(action, executor, actualHandler);
|
||||
assert securityInterceptor.get() != null;
|
||||
return securityInterceptor.get().interceptHandler(action, executor, actualHandler);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AsyncSender interceptSender(AsyncSender sender) {
|
||||
assert securityIntercepter.get() != null;
|
||||
return securityIntercepter.get().interceptSender(sender);
|
||||
assert securityInterceptor.get() != null;
|
||||
return securityInterceptor.get().interceptSender(sender);
|
||||
}
|
||||
});
|
||||
}
|
||||
@ -721,13 +721,16 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
|
||||
|
||||
@Override
|
||||
public Map<String, Supplier<HttpServerTransport>> getHttpTransports(Settings settings, ThreadPool threadPool, BigArrays bigArrays,
|
||||
CircuitBreakerService circuitBreakerService, NamedWriteableRegistry namedWriteableRegistry,
|
||||
NamedXContentRegistry xContentRegistry, NetworkService networkService) {
|
||||
CircuitBreakerService circuitBreakerService,
|
||||
NamedWriteableRegistry namedWriteableRegistry,
|
||||
NamedXContentRegistry xContentRegistry,
|
||||
NetworkService networkService,
|
||||
HttpServerTransport.Dispatcher dispatcher) {
|
||||
if (enabled == false) { // don't register anything if we are not enabled
|
||||
return Collections.emptyMap();
|
||||
}
|
||||
return Collections.singletonMap(Security.NAME4, () -> new SecurityNetty4HttpServerTransport(settings, networkService, bigArrays,
|
||||
ipFilter.get(), sslService, threadPool, xContentRegistry));
|
||||
ipFilter.get(), sslService, threadPool, xContentRegistry, dispatcher));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -16,7 +16,6 @@ import org.elasticsearch.common.Strings;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.set.Sets;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.node.internal.InternalSettingsPreparer;
|
||||
import org.elasticsearch.xpack.XPackSettings;
|
||||
import org.elasticsearch.xpack.security.authc.file.FileUserPasswdStore;
|
||||
import org.elasticsearch.xpack.security.authc.file.FileUserRolesStore;
|
||||
|
||||
@ -13,7 +13,9 @@ import org.elasticsearch.action.admin.indices.alias.Alias;
|
||||
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
|
||||
import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
|
||||
import org.elasticsearch.action.bulk.BulkAction;
|
||||
import org.elasticsearch.action.delete.DeleteAction;
|
||||
import org.elasticsearch.action.get.MultiGetAction;
|
||||
import org.elasticsearch.action.index.IndexAction;
|
||||
import org.elasticsearch.action.search.ClearScrollAction;
|
||||
import org.elasticsearch.action.search.MultiSearchAction;
|
||||
import org.elasticsearch.action.search.SearchScrollAction;
|
||||
@ -74,6 +76,11 @@ public class AuthorizationService extends AbstractComponent {
|
||||
private static final Predicate<String> MONITOR_INDEX_PREDICATE = IndexPrivilege.MONITOR.predicate();
|
||||
private static final Predicate<String> SAME_USER_PRIVILEGE = Automatons.predicate(ChangePasswordAction.NAME, AuthenticateAction.NAME);
|
||||
|
||||
private static final String INDEX_SUB_REQUEST_PRIMARY = IndexAction.NAME + "[p]";
|
||||
private static final String INDEX_SUB_REQUEST_REPLICA = IndexAction.NAME + "[r]";
|
||||
private static final String DELETE_SUB_REQUEST_PRIMARY = DeleteAction.NAME + "[p]";
|
||||
private static final String DELETE_SUB_REQUEST_REPLICA = DeleteAction.NAME + "[r]";
|
||||
|
||||
private final ClusterService clusterService;
|
||||
private final CompositeRolesStore rolesStore;
|
||||
private final AuditTrailService auditTrail;
|
||||
@ -176,6 +183,17 @@ public class AuthorizationService extends AbstractComponent {
|
||||
return;
|
||||
}
|
||||
throw denial(authentication, action, request);
|
||||
} else if (isTranslatedToBulkAction(action)) {
|
||||
if (request instanceof CompositeIndicesRequest == false) {
|
||||
throw new IllegalStateException("Bulk translated actions must implement " + CompositeIndicesRequest.class.getSimpleName()
|
||||
+ ", " + request.getClass().getSimpleName() + " doesn't");
|
||||
}
|
||||
// we check if the user can execute the action, without looking at indices, whici will be authorized at the shard level
|
||||
if (permission.indices().check(action)) {
|
||||
grant(authentication, action, request);
|
||||
return;
|
||||
}
|
||||
throw denial(authentication, action, request);
|
||||
}
|
||||
|
||||
// some APIs are indices requests that are not actually associated with indices. For example,
|
||||
@ -318,6 +336,15 @@ public class AuthorizationService extends AbstractComponent {
|
||||
action.equals("indices:data/write/reindex");
|
||||
}
|
||||
|
||||
private static boolean isTranslatedToBulkAction(String action) {
|
||||
return action.equals(IndexAction.NAME) ||
|
||||
action.equals(DeleteAction.NAME) ||
|
||||
action.equals(INDEX_SUB_REQUEST_PRIMARY) ||
|
||||
action.equals(INDEX_SUB_REQUEST_REPLICA) ||
|
||||
action.equals(DELETE_SUB_REQUEST_PRIMARY) ||
|
||||
action.equals(DELETE_SUB_REQUEST_REPLICA);
|
||||
}
|
||||
|
||||
private static boolean isScrollRelatedAction(String action) {
|
||||
return action.equals(SearchScrollAction.NAME) ||
|
||||
action.equals(SearchTransportService.FETCH_ID_SCROLL_ACTION_NAME) ||
|
||||
|
||||
@ -39,10 +39,11 @@ public final class IndexPrivilege extends Privilege {
|
||||
|
||||
private static final Automaton ALL_AUTOMATON = patterns("indices:*");
|
||||
private static final Automaton READ_AUTOMATON = patterns("indices:data/read/*");
|
||||
private static final Automaton CREATE_AUTOMATON = patterns("indices:data/write/index*", PutMappingAction.NAME);
|
||||
private static final Automaton CREATE_AUTOMATON = patterns("indices:data/write/index*", "indices:data/write/bulk*",
|
||||
PutMappingAction.NAME);
|
||||
private static final Automaton INDEX_AUTOMATON =
|
||||
patterns("indices:data/write/index*", "indices:data/write/update*", PutMappingAction.NAME);
|
||||
private static final Automaton DELETE_AUTOMATON = patterns("indices:data/write/delete*");
|
||||
patterns("indices:data/write/index*", "indices:data/write/bulk*", "indices:data/write/update*", PutMappingAction.NAME);
|
||||
private static final Automaton DELETE_AUTOMATON = patterns("indices:data/write/delete*", "indices:data/write/bulk*");
|
||||
private static final Automaton WRITE_AUTOMATON = patterns("indices:data/write/*", PutMappingAction.NAME);
|
||||
private static final Automaton MONITOR_AUTOMATON = patterns("indices:monitor/*");
|
||||
private static final Automaton MANAGE_AUTOMATON =
|
||||
|
||||
@ -13,10 +13,8 @@ import org.elasticsearch.cli.Terminal;
|
||||
import org.elasticsearch.cli.UserException;
|
||||
import org.elasticsearch.common.SuppressForbidden;
|
||||
import org.elasticsearch.common.io.PathUtils;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.set.Sets;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.node.internal.InternalSettingsPreparer;
|
||||
import org.elasticsearch.xpack.security.crypto.CryptoService;
|
||||
|
||||
import java.nio.file.Files;
|
||||
@ -26,7 +24,6 @@ import java.nio.file.attribute.PosixFileAttributeView;
|
||||
import java.nio.file.attribute.PosixFilePermission;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
public class SystemKeyTool extends EnvironmentAwareCommand {
|
||||
|
||||
@ -16,6 +16,7 @@ import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.BigArrays;
|
||||
import org.elasticsearch.common.xcontent.NamedXContentRegistry;
|
||||
import org.elasticsearch.http.netty4.Netty4HttpServerTransport;
|
||||
import org.elasticsearch.rest.RestController;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.netty4.Netty4Utils;
|
||||
import org.elasticsearch.xpack.ssl.SSLService;
|
||||
@ -35,8 +36,9 @@ public class SecurityNetty4HttpServerTransport extends Netty4HttpServerTransport
|
||||
private final boolean ssl;
|
||||
|
||||
public SecurityNetty4HttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays, IPFilter ipFilter,
|
||||
SSLService sslService, ThreadPool threadPool, NamedXContentRegistry xContentRegistry) {
|
||||
super(settings, networkService, bigArrays, threadPool, xContentRegistry);
|
||||
SSLService sslService, ThreadPool threadPool, NamedXContentRegistry xContentRegistry,
|
||||
Dispatcher dispatcher) {
|
||||
super(settings, networkService, bigArrays, threadPool, xContentRegistry, dispatcher);
|
||||
this.ipFilter = ipFilter;
|
||||
this.ssl = HTTP_SSL_ENABLED.get(settings);
|
||||
this.sslService = sslService;
|
||||
|
||||
@ -24,4 +24,7 @@ grant {
|
||||
// Netty SelectorUtil wants to change this, because of https://bugs.openjdk.java.net/browse/JDK-6427854
|
||||
// the bug says it only happened rarely, and that its fixed, but apparently it still happens rarely!
|
||||
permission java.util.PropertyPermission "sun.nio.ch.bugLevel", "write";
|
||||
|
||||
// needed for multiple server implementations used in tests
|
||||
permission java.net.SocketPermission "*", "accept";
|
||||
};
|
||||
|
||||
@ -7,7 +7,7 @@ package org.elasticsearch.action;
|
||||
|
||||
import org.elasticsearch.action.support.IndicesOptions;
|
||||
|
||||
public class MockIndicesRequest extends ActionRequest implements IndicesRequest {
|
||||
public class MockIndicesRequest extends ActionRequest implements IndicesRequest, CompositeIndicesRequest {
|
||||
|
||||
private final String[] indices;
|
||||
private final IndicesOptions indicesOptions;
|
||||
|
||||
@ -23,6 +23,7 @@ import java.util.HashMap;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
@ -74,6 +75,27 @@ public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase {
|
||||
assertThat(message, statusLine.getStatusCode(), is(403));
|
||||
}
|
||||
|
||||
|
||||
protected void assertBodyHasAccessIsDenied(String user, String method, String uri, String body) throws IOException {
|
||||
assertBodyHasAccessIsDenied(user, method, uri, body, new HashMap<>());
|
||||
}
|
||||
|
||||
/**
|
||||
* Like {@code assertAcessIsDenied}, but for _bulk requests since the entire
|
||||
* request will not be failed, just the individual ones
|
||||
*/
|
||||
protected void assertBodyHasAccessIsDenied(String user, String method, String uri, String body,
|
||||
Map<String, String> params) throws IOException {
|
||||
Response resp = getRestClient().performRequest(method, uri, params, entityOrNull(body),
|
||||
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||
UsernamePasswordToken.basicAuthHeaderValue(user, new SecuredString("passwd".toCharArray()))));
|
||||
StatusLine statusLine = resp.getStatusLine();
|
||||
assertThat(statusLine.getStatusCode(), is(200));
|
||||
HttpEntity bodyEntity = resp.getEntity();
|
||||
String bodyStr = EntityUtils.toString(bodyEntity);
|
||||
assertThat(bodyStr, containsString("unauthorized for user [" + user + "]"));
|
||||
}
|
||||
|
||||
private static HttpEntity entityOrNull(String body) {
|
||||
HttpEntity entity = null;
|
||||
if (body != null) {
|
||||
|
||||
@ -347,7 +347,7 @@ public class IndexPrivilegeTests extends AbstractPrivilegeTestCase {
|
||||
assertAccessIsDenied("u11",
|
||||
"GET", "/" + randomIndex() + "/foo/_msearch", "{}\n{ \"query\" : { \"match_all\" : {} } }\n");
|
||||
assertAccessIsDenied("u11", "POST", "/" + randomIndex() + "/foo/_mget", "{ \"ids\" : [ \"1\", \"2\" ] } ");
|
||||
assertAccessIsDenied("u11", "PUT",
|
||||
assertBodyHasAccessIsDenied("u11", "PUT",
|
||||
"/" + randomIndex() + "/foo/_bulk", "{ \"index\" : { \"_id\" : \"123\" } }\n{ \"foo\" : \"bar\" }\n");
|
||||
assertAccessIsDenied("u11",
|
||||
"GET", "/" + randomIndex() + "/foo/_mtermvectors", "{ \"docs\" : [ { \"_id\": \"1\" }, { \"_id\": \"2\" } ] }");
|
||||
@ -386,8 +386,8 @@ public class IndexPrivilegeTests extends AbstractPrivilegeTestCase {
|
||||
assertAccessIsAllowed("u13",
|
||||
"GET", "/" + randomIndex() + "/foo/_msearch", "{}\n{ \"query\" : { \"match_all\" : {} } }\n");
|
||||
assertAccessIsAllowed("u13", "POST", "/" + randomIndex() + "/foo/_mget", "{ \"ids\" : [ \"1\", \"2\" ] } ");
|
||||
assertAccessIsDenied("u13", "PUT",
|
||||
"/" + randomIndex() + "/foo/_bulk", "{ \"index\" : { \"_id\" : \"123\" } }\n{ \"foo\" : \"bar\" }\n");
|
||||
assertAccessIsAllowed("u13", "PUT", "/a/foo/_bulk", "{ \"index\" : { \"_id\" : \"123\" } }\n{ \"foo\" : \"bar\" }\n");
|
||||
assertBodyHasAccessIsDenied("u13", "PUT", "/b/foo/_bulk", "{ \"index\" : { \"_id\" : \"123\" } }\n{ \"foo\" : \"bar\" }\n");
|
||||
assertAccessIsAllowed("u13",
|
||||
"GET", "/" + randomIndex() + "/foo/_mtermvectors", "{ \"docs\" : [ { \"_id\": \"1\" }, { \"_id\": \"2\" } ] }");
|
||||
}
|
||||
|
||||
@ -53,7 +53,7 @@ public class TransportXPackInfoActionTests extends ESTestCase {
|
||||
}
|
||||
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportXPackInfoAction action = new TransportXPackInfoAction(Settings.EMPTY, mock(ThreadPool.class), transportService,
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), licenseService, featureSets);
|
||||
|
||||
|
||||
@ -13,6 +13,7 @@ import org.elasticsearch.common.bytes.BytesArray;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.mocksocket.MockServerSocket;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.test.http.MockResponse;
|
||||
import org.elasticsearch.test.http.MockWebServer;
|
||||
@ -400,7 +401,7 @@ public class HttpClientTests extends ESTestCase {
|
||||
public void testThatHttpClientFailsOnNonHttpResponse() throws Exception {
|
||||
ExecutorService executor = Executors.newSingleThreadExecutor();
|
||||
AtomicReference<Exception> hasExceptionHappened = new AtomicReference();
|
||||
try (ServerSocket serverSocket = new ServerSocket(0, 50, InetAddress.getByName("localhost"))) {
|
||||
try (ServerSocket serverSocket = new MockServerSocket(0, 50, InetAddress.getByName("localhost"))) {
|
||||
executor.execute(() -> {
|
||||
try (Socket socket = serverSocket.accept()) {
|
||||
BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream(), StandardCharsets.UTF_8));
|
||||
|
||||
@ -91,11 +91,11 @@ public class TransportMonitoringBulkActionTests extends ESTestCase {
|
||||
Set<Setting<?>> clusterSettings = new HashSet<>();
|
||||
clusterSettings.addAll(ClusterSettings.BUILT_IN_CLUSTER_SETTINGS);
|
||||
clusterSettings.add(MonitoringSettings.EXPORTERS_SETTINGS);
|
||||
final DiscoveryNode node = new DiscoveryNode("node", buildNewFakeTransportAddress(), emptyMap(), emptySet(),
|
||||
Version.CURRENT);
|
||||
clusterService = new ClusterService(Settings.builder().put("cluster.name",
|
||||
TransportMonitoringBulkActionTests.class.getName()).build(),
|
||||
new ClusterSettings(Settings.EMPTY, clusterSettings), threadPool);
|
||||
clusterService.setLocalNode(new DiscoveryNode("node", buildNewFakeTransportAddress(), emptyMap(), emptySet(),
|
||||
Version.CURRENT));
|
||||
new ClusterSettings(Settings.EMPTY, clusterSettings), threadPool, () -> node);
|
||||
clusterService.setNodeConnectionsService(new NodeConnectionsService(Settings.EMPTY, null, null) {
|
||||
@Override
|
||||
public void connectToNodes(Iterable<DiscoveryNode> discoveryNodes) {
|
||||
@ -113,7 +113,7 @@ public class TransportMonitoringBulkActionTests extends ESTestCase {
|
||||
clusterService.start();
|
||||
|
||||
transportService = new TransportService(clusterService.getSettings(), transport, threadPool,
|
||||
TransportService.NOOP_TRANSPORT_INTERCEPTOR, null);
|
||||
TransportService.NOOP_TRANSPORT_INTERCEPTOR, x -> node, null);
|
||||
transportService.start();
|
||||
transportService.acceptIncomingRequests();
|
||||
exportService = new CapturingExporters();
|
||||
|
||||
@ -16,6 +16,8 @@ import javax.mail.Session;
|
||||
import javax.mail.internet.MimeMessage;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.util.List;
|
||||
import java.util.Properties;
|
||||
import java.util.concurrent.CopyOnWriteArrayList;
|
||||
@ -75,7 +77,11 @@ public class EmailServer {
|
||||
}
|
||||
|
||||
public void start() {
|
||||
server.start();
|
||||
// Must have privileged access because underlying server will accept socket connections
|
||||
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
|
||||
server.start();
|
||||
return null;
|
||||
});
|
||||
}
|
||||
|
||||
public void stop() {
|
||||
|
||||
@ -41,7 +41,7 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
|
||||
final String roleName = randomFrom(new ArrayList<>(ReservedRolesStore.names()));
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
(x) -> null, null);
|
||||
TransportDeleteRoleAction action = new TransportDeleteRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, transportService);
|
||||
|
||||
@ -72,7 +72,7 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
|
||||
final String roleName = randomFrom("admin", "dept_a", "restricted");
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
(x) -> null, null);
|
||||
TransportDeleteRoleAction action = new TransportDeleteRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, transportService);
|
||||
|
||||
@ -116,7 +116,7 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
|
||||
final String roleName = randomFrom("admin", "dept_a", "restricted");
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
(x) -> null, null);
|
||||
TransportDeleteRoleAction action = new TransportDeleteRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, transportService);
|
||||
|
||||
|
||||
@ -42,7 +42,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
|
||||
public void testReservedRoles() {
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportGetRolesAction action = new TransportGetRolesAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, transportService, new ReservedRolesStore());
|
||||
|
||||
@ -88,7 +88,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
|
||||
final List<RoleDescriptor> storeRoleDescriptors = randomRoleDescriptors();
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportGetRolesAction action = new TransportGetRolesAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, transportService, new ReservedRolesStore());
|
||||
|
||||
@ -140,7 +140,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
|
||||
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportGetRolesAction action = new TransportGetRolesAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, transportService, new ReservedRolesStore());
|
||||
|
||||
@ -204,7 +204,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
|
||||
final List<RoleDescriptor> storeRoleDescriptors = randomRoleDescriptors();
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportGetRolesAction action = new TransportGetRolesAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, transportService, new ReservedRolesStore());
|
||||
|
||||
|
||||
@ -42,7 +42,7 @@ public class TransportPutRoleActionTests extends ESTestCase {
|
||||
final String roleName = randomFrom(new ArrayList<>(ReservedRolesStore.names()));
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportPutRoleAction action = new TransportPutRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, transportService);
|
||||
|
||||
@ -73,7 +73,7 @@ public class TransportPutRoleActionTests extends ESTestCase {
|
||||
final String roleName = randomFrom("admin", "dept_a", "restricted");
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportPutRoleAction action = new TransportPutRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, transportService);
|
||||
|
||||
@ -117,7 +117,7 @@ public class TransportPutRoleActionTests extends ESTestCase {
|
||||
final String roleName = randomFrom("admin", "dept_a", "restricted");
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportPutRoleAction action = new TransportPutRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, transportService);
|
||||
|
||||
|
||||
@ -36,7 +36,7 @@ public class TransportAuthenticateActionTests extends ESTestCase {
|
||||
SecurityContext securityContext = mock(SecurityContext.class);
|
||||
when(securityContext.getUser()).thenReturn(randomFrom(SystemUser.INSTANCE, XPackUser.INSTANCE));
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportAuthenticateAction action = new TransportAuthenticateAction(Settings.EMPTY, mock(ThreadPool.class), transportService,
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), securityContext);
|
||||
|
||||
@ -62,7 +62,7 @@ public class TransportAuthenticateActionTests extends ESTestCase {
|
||||
public void testNullUser() {
|
||||
SecurityContext securityContext = mock(SecurityContext.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportAuthenticateAction action = new TransportAuthenticateAction(Settings.EMPTY, mock(ThreadPool.class), transportService,
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), securityContext);
|
||||
|
||||
@ -90,7 +90,7 @@ public class TransportAuthenticateActionTests extends ESTestCase {
|
||||
SecurityContext securityContext = mock(SecurityContext.class);
|
||||
when(securityContext.getUser()).thenReturn(user);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportAuthenticateAction action = new TransportAuthenticateAction(Settings.EMPTY, mock(ThreadPool.class), transportService,
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), securityContext);
|
||||
|
||||
|
||||
@ -48,7 +48,7 @@ public class TransportChangePasswordActionTests extends ESTestCase {
|
||||
AnonymousUser anonymousUser = new AnonymousUser(settings);
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportChangePasswordAction action = new TransportChangePasswordAction(settings, mock(ThreadPool.class), transportService,
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
@ -79,7 +79,7 @@ public class TransportChangePasswordActionTests extends ESTestCase {
|
||||
public void testInternalUsers() {
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportChangePasswordAction action = new TransportChangePasswordAction(Settings.EMPTY, mock(ThreadPool.class), transportService,
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
@ -123,7 +123,7 @@ public class TransportChangePasswordActionTests extends ESTestCase {
|
||||
}
|
||||
}).when(usersStore).changePassword(eq(request), any(ActionListener.class));
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportChangePasswordAction action = new TransportChangePasswordAction(Settings.EMPTY, mock(ThreadPool.class), transportService,
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
@ -164,7 +164,7 @@ public class TransportChangePasswordActionTests extends ESTestCase {
|
||||
}
|
||||
}).when(usersStore).changePassword(eq(request), any(ActionListener.class));
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportChangePasswordAction action = new TransportChangePasswordAction(Settings.EMPTY, mock(ThreadPool.class), transportService,
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
|
||||
@ -45,7 +45,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
|
||||
Settings settings = Settings.builder().put(AnonymousUser.ROLES_SETTING.getKey(), "superuser").build();
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportDeleteUserAction action = new TransportDeleteUserAction(settings, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService);
|
||||
|
||||
@ -74,7 +74,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
|
||||
public void testInternalUser() {
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportDeleteUserAction action = new TransportDeleteUserAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService);
|
||||
|
||||
@ -104,7 +104,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
|
||||
final User reserved = randomFrom(new ElasticUser(true), new KibanaUser(true));
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportDeleteUserAction action = new TransportDeleteUserAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService);
|
||||
|
||||
@ -134,7 +134,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
|
||||
final User user = new User("joe");
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportDeleteUserAction action = new TransportDeleteUserAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService);
|
||||
|
||||
@ -175,7 +175,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
|
||||
final User user = new User("joe");
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportDeleteUserAction action = new TransportDeleteUserAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService);
|
||||
|
||||
|
||||
@ -5,8 +5,6 @@
|
||||
*/
|
||||
package org.elasticsearch.xpack.security.action.user;
|
||||
|
||||
import org.apache.log4j.Level;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.elasticsearch.ElasticsearchSecurityException;
|
||||
import org.elasticsearch.action.ActionListener;
|
||||
import org.elasticsearch.action.support.ActionFilters;
|
||||
@ -77,7 +75,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
|
||||
AnonymousUser anonymousUser = new AnonymousUser(settings);
|
||||
ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), settings, usersStore, anonymousUser);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService, reservedRealm);
|
||||
|
||||
@ -112,7 +110,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
|
||||
public void testInternalUser() {
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService, mock(ReservedRealm.class));
|
||||
|
||||
@ -153,7 +151,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
|
||||
final List<User> reservedUsers = randomSubsetOf(size, allReservedUsers);
|
||||
final List<String> names = reservedUsers.stream().map(User::principal).collect(Collectors.toList());
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService, reservedRealm);
|
||||
|
||||
@ -189,7 +187,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
|
||||
ReservedRealmTests.mockGetAllReservedUserInfo(usersStore, Collections.emptyMap());
|
||||
ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), settings, usersStore, new AnonymousUser(settings));
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService, reservedRealm);
|
||||
|
||||
@ -236,7 +234,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
|
||||
final String[] storeUsernames = storeUsers.stream().map(User::principal).collect(Collectors.toList()).toArray(Strings.EMPTY_ARRAY);
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService, mock(ReservedRealm.class));
|
||||
|
||||
@ -284,7 +282,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
|
||||
final String[] storeUsernames = storeUsers.stream().map(User::principal).collect(Collectors.toList()).toArray(Strings.EMPTY_ARRAY);
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService, mock(ReservedRealm.class));
|
||||
|
||||
|
||||
@ -54,7 +54,7 @@ public class TransportPutUserActionTests extends ESTestCase {
|
||||
final AnonymousUser anonymousUser = new AnonymousUser(settings);
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportPutUserAction action = new TransportPutUserAction(settings, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService);
|
||||
|
||||
@ -84,7 +84,7 @@ public class TransportPutUserActionTests extends ESTestCase {
|
||||
public void testSystemUser() {
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportPutUserAction action = new TransportPutUserAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService);
|
||||
|
||||
@ -121,7 +121,7 @@ public class TransportPutUserActionTests extends ESTestCase {
|
||||
reservedRealm.users(userFuture);
|
||||
final User reserved = randomFrom(userFuture.actionGet().toArray(new User[0]));
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportPutUserAction action = new TransportPutUserAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService);
|
||||
|
||||
@ -152,7 +152,7 @@ public class TransportPutUserActionTests extends ESTestCase {
|
||||
final User user = new User("joe");
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportPutUserAction action = new TransportPutUserAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService);
|
||||
|
||||
@ -198,7 +198,7 @@ public class TransportPutUserActionTests extends ESTestCase {
|
||||
final User user = new User("joe");
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportPutUserAction action = new TransportPutUserAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore, transportService);
|
||||
|
||||
|
||||
@ -59,7 +59,7 @@ public class TransportSetEnabledActionTests extends ESTestCase {
|
||||
when(authentication.getRunAsUser()).thenReturn(user);
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportSetEnabledAction action = new TransportSetEnabledAction(settings, threadPool, transportService, mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
@ -97,7 +97,7 @@ public class TransportSetEnabledActionTests extends ESTestCase {
|
||||
when(authentication.getRunAsUser()).thenReturn(user);
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportSetEnabledAction action = new TransportSetEnabledAction(Settings.EMPTY, threadPool, transportService,
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
@ -151,7 +151,7 @@ public class TransportSetEnabledActionTests extends ESTestCase {
|
||||
}).when(usersStore)
|
||||
.setEnabled(eq(user.principal()), eq(request.enabled()), eq(request.getRefreshPolicy()), any(ActionListener.class));
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportSetEnabledAction action = new TransportSetEnabledAction(Settings.EMPTY, threadPool, transportService,
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
@ -203,7 +203,7 @@ public class TransportSetEnabledActionTests extends ESTestCase {
|
||||
}).when(usersStore)
|
||||
.setEnabled(eq(user.principal()), eq(request.enabled()), eq(request.getRefreshPolicy()), any(ActionListener.class));
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportSetEnabledAction action = new TransportSetEnabledAction(Settings.EMPTY, threadPool, transportService,
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
@ -243,7 +243,7 @@ public class TransportSetEnabledActionTests extends ESTestCase {
|
||||
request.enabled(randomBoolean());
|
||||
request.setRefreshPolicy(randomFrom(RefreshPolicy.values()));
|
||||
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
|
||||
null);
|
||||
x -> null, null);
|
||||
TransportSetEnabledAction action = new TransportSetEnabledAction(Settings.EMPTY, threadPool, transportService,
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
|
||||
@ -34,6 +34,8 @@ import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@ -99,7 +101,11 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
|
||||
directoryServer.add("dc=ad,dc=test,dc=elasticsearch,dc=com", new Attribute("dc", "UnboundID"),
|
||||
new Attribute("objectClass", "top", "domain", "extensibleObject"));
|
||||
directoryServer.importFromLDIF(false, getDataPath("ad.ldif").toString());
|
||||
directoryServer.startListening();
|
||||
// Must have privileged access because underlying server will accept socket connections
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
directoryServer.startListening();
|
||||
return null;
|
||||
});
|
||||
directoryServers[i] = directoryServer;
|
||||
}
|
||||
threadPool = new TestThreadPool("active directory realm tests");
|
||||
|
||||
@ -24,6 +24,9 @@ import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
@ -52,7 +55,11 @@ public abstract class LdapTestCase extends ESTestCase {
|
||||
new Attribute("objectClass", "top", "domain", "extensibleObject"));
|
||||
ldapServer.importFromLDIF(false,
|
||||
getDataPath("/org/elasticsearch/xpack/security/authc/ldap/support/seven-seas.ldif").toString());
|
||||
ldapServer.startListening();
|
||||
// Must have privileged access because underlying server will accept socket connections
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
ldapServer.startListening();
|
||||
return null;
|
||||
});
|
||||
ldapServers[i] = ldapServer;
|
||||
}
|
||||
}
|
||||
|
||||
@ -557,9 +557,9 @@ public class AuthorizationServiceTests extends ESTestCase {
|
||||
.build());
|
||||
|
||||
List<Tuple<String, TransportRequest>> requests = new ArrayList<>();
|
||||
requests.add(new Tuple<>(DeleteAction.NAME, new DeleteRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
|
||||
requests.add(new Tuple<>(BulkAction.NAME + "[s]", new DeleteRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
|
||||
requests.add(new Tuple<>(UpdateAction.NAME, new UpdateRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
|
||||
requests.add(new Tuple<>(IndexAction.NAME, new IndexRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
|
||||
requests.add(new Tuple<>(BulkAction.NAME + "[s]", new IndexRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
|
||||
requests.add(new Tuple<>(SearchAction.NAME, new SearchRequest(SecurityTemplateService.SECURITY_INDEX_NAME)));
|
||||
requests.add(new Tuple<>(TermVectorsAction.NAME,
|
||||
new TermVectorsRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
|
||||
@ -642,8 +642,11 @@ public class AuthorizationServiceTests extends ESTestCase {
|
||||
for (User user : Arrays.asList(XPackUser.INSTANCE, superuser)) {
|
||||
List<Tuple<String, TransportRequest>> requests = new ArrayList<>();
|
||||
requests.add(new Tuple<>(DeleteAction.NAME, new DeleteRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
|
||||
requests.add(new Tuple<>(BulkAction.NAME + "[s]",
|
||||
new DeleteRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
|
||||
requests.add(new Tuple<>(UpdateAction.NAME, new UpdateRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
|
||||
requests.add(new Tuple<>(IndexAction.NAME, new IndexRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
|
||||
requests.add(new Tuple<>(BulkAction.NAME + "[s]", new IndexRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
|
||||
requests.add(new Tuple<>(SearchAction.NAME, new SearchRequest(SecurityTemplateService.SECURITY_INDEX_NAME)));
|
||||
requests.add(new Tuple<>(TermVectorsAction.NAME,
|
||||
new TermVectorsRequest(SecurityTemplateService.SECURITY_INDEX_NAME, "type", "id")));
|
||||
@ -770,7 +773,7 @@ public class AuthorizationServiceTests extends ESTestCase {
|
||||
|
||||
public void testCompositeActionsIndicesAreCheckedAtTheShardLevel() {
|
||||
String action;
|
||||
switch(randomIntBetween(0, 5)) {
|
||||
switch(randomIntBetween(0, 4)) {
|
||||
case 0:
|
||||
action = MultiGetAction.NAME + "[shard]";
|
||||
break;
|
||||
@ -787,13 +790,10 @@ public class AuthorizationServiceTests extends ESTestCase {
|
||||
case 4:
|
||||
action = "indices:data/read/mpercolate[s]";
|
||||
break;
|
||||
case 5:
|
||||
//reindex delegates to index, other than search covered above
|
||||
action = IndexAction.NAME;
|
||||
break;
|
||||
default:
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
logger.info("--> action: {}", action);
|
||||
|
||||
TransportRequest request = new MockIndicesRequest(IndicesOptions.strictExpandOpen(), "index");
|
||||
User userAllowed = new User("userAllowed", "roleAllowed");
|
||||
|
||||
@ -9,9 +9,7 @@ import org.elasticsearch.ElasticsearchSecurityException;
|
||||
import org.elasticsearch.action.DocWriteRequest;
|
||||
import org.elasticsearch.action.bulk.BulkAction;
|
||||
import org.elasticsearch.action.bulk.BulkResponse;
|
||||
import org.elasticsearch.action.delete.DeleteAction;
|
||||
import org.elasticsearch.action.delete.DeleteRequest;
|
||||
import org.elasticsearch.action.index.IndexAction;
|
||||
import org.elasticsearch.action.index.IndexRequest;
|
||||
import org.elasticsearch.action.update.UpdateAction;
|
||||
import org.elasticsearch.action.update.UpdateRequest;
|
||||
@ -47,12 +45,12 @@ public class WriteActionsTests extends SecurityIntegTestCase {
|
||||
client().prepareIndex("test1", "type", "id").setSource("field", "value").get();
|
||||
|
||||
assertThrowsAuthorizationExceptionDefaultUsers(client().prepareIndex("index1", "type", "id").setSource("field", "value")::get,
|
||||
IndexAction.NAME);
|
||||
BulkAction.NAME + "[s]");
|
||||
|
||||
client().prepareIndex("test4", "type", "id").setSource("field", "value").get();
|
||||
//the missing index gets automatically created (user has permissions for that), but indexing fails due to missing authorization
|
||||
assertThrowsAuthorizationExceptionDefaultUsers(client().prepareIndex("missing", "type", "id").setSource("field", "value")::get,
|
||||
IndexAction.NAME);
|
||||
BulkAction.NAME + "[s]");
|
||||
}
|
||||
|
||||
public void testDelete() {
|
||||
@ -60,11 +58,11 @@ public class WriteActionsTests extends SecurityIntegTestCase {
|
||||
client().prepareIndex("test1", "type", "id").setSource("field", "value").get();
|
||||
assertEquals(RestStatus.OK, client().prepareDelete("test1", "type", "id").get().status());
|
||||
|
||||
assertThrowsAuthorizationExceptionDefaultUsers(client().prepareDelete("index1", "type", "id")::get, DeleteAction.NAME);
|
||||
assertThrowsAuthorizationExceptionDefaultUsers(client().prepareDelete("index1", "type", "id")::get, BulkAction.NAME + "[s]");
|
||||
|
||||
assertEquals(RestStatus.NOT_FOUND, client().prepareDelete("test4", "type", "id").get().status());
|
||||
|
||||
assertThrowsAuthorizationExceptionDefaultUsers(client().prepareDelete("missing", "type", "id")::get, DeleteAction.NAME);
|
||||
assertThrowsAuthorizationExceptionDefaultUsers(client().prepareDelete("missing", "type", "id")::get, BulkAction.NAME + "[s]");
|
||||
}
|
||||
|
||||
public void testUpdate() {
|
||||
|
||||
@ -57,7 +57,8 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
||||
.put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true).build();
|
||||
sslService = new SSLService(settings, env);
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry());
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(),
|
||||
(request, channel, context) -> {});
|
||||
Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport);
|
||||
ChannelHandler handler = transport.configureServerChannelHandler();
|
||||
final EmbeddedChannel ch = new EmbeddedChannel(handler);
|
||||
@ -73,7 +74,8 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
||||
.put("xpack.security.http.ssl.client_authentication", value).build();
|
||||
sslService = new SSLService(settings, env);
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry());
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(),
|
||||
(request, channel, context) -> {});
|
||||
Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport);
|
||||
ChannelHandler handler = transport.configureServerChannelHandler();
|
||||
final EmbeddedChannel ch = new EmbeddedChannel(handler);
|
||||
@ -89,7 +91,8 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
||||
.put("xpack.security.http.ssl.client_authentication", value).build();
|
||||
sslService = new SSLService(settings, env);
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry());
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(),
|
||||
(request, channel, context) -> {});
|
||||
Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport);
|
||||
ChannelHandler handler = transport.configureServerChannelHandler();
|
||||
final EmbeddedChannel ch = new EmbeddedChannel(handler);
|
||||
@ -105,7 +108,8 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
||||
.put("xpack.security.http.ssl.client_authentication", value).build();
|
||||
sslService = new SSLService(settings, env);
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry());
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(),
|
||||
(request, channel, context) -> {});
|
||||
Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport);
|
||||
ChannelHandler handler = transport.configureServerChannelHandler();
|
||||
final EmbeddedChannel ch = new EmbeddedChannel(handler);
|
||||
@ -119,7 +123,8 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
||||
.put(XPackSettings.HTTP_SSL_ENABLED.getKey(), true).build();
|
||||
sslService = new SSLService(settings, env);
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry());
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(),
|
||||
(request, channel, context) -> {});
|
||||
Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport);
|
||||
ChannelHandler handler = transport.configureServerChannelHandler();
|
||||
EmbeddedChannel ch = new EmbeddedChannel(handler);
|
||||
@ -132,7 +137,8 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
||||
.build();
|
||||
sslService = new SSLService(settings, new Environment(settings));
|
||||
transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry());
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(),
|
||||
(request, channel, context) -> {});
|
||||
Netty4HttpMockUtil.setOpenChannelsHandlerToMock(transport);
|
||||
handler = transport.configureServerChannelHandler();
|
||||
ch = new EmbeddedChannel(handler);
|
||||
@ -180,7 +186,8 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
||||
env = new Environment(settings);
|
||||
sslService = new SSLService(settings, env);
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry());
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(),
|
||||
(request, channel, context) -> {});
|
||||
IllegalArgumentException e = expectThrows(IllegalArgumentException.class, transport::configureServerChannelHandler);
|
||||
assertThat(e.getMessage(), containsString("key must be provided"));
|
||||
}
|
||||
@ -195,7 +202,8 @@ public class SecurityNetty4HttpServerTransportTests extends ESTestCase {
|
||||
env = new Environment(settings);
|
||||
sslService = new SSLService(settings, env);
|
||||
SecurityNetty4HttpServerTransport transport = new SecurityNetty4HttpServerTransport(settings, mock(NetworkService.class),
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry());
|
||||
mock(BigArrays.class), mock(IPFilter.class), sslService, mock(ThreadPool.class), xContentRegistry(),
|
||||
(request, channel, context) -> {});
|
||||
assertNotNull(transport.configureServerChannelHandler());
|
||||
}
|
||||
}
|
||||
|
||||
@ -58,6 +58,18 @@ indices:data/read/search[phase/query/id]
|
||||
indices:data/read/search[phase/query/query+fetch]
|
||||
indices:data/read/search[phase/query/scroll]
|
||||
indices:data/read/search[phase/query]
|
||||
internal:transport/proxy/indices:data/read/search[clear_scroll_contexts]
|
||||
internal:transport/proxy/indices:data/read/search[free_context/scroll]
|
||||
internal:transport/proxy/indices:data/read/search[free_context]
|
||||
internal:transport/proxy/indices:data/read/search[phase/dfs]
|
||||
internal:transport/proxy/indices:data/read/search[phase/fetch/id/scroll]
|
||||
internal:transport/proxy/indices:data/read/search[phase/fetch/id]
|
||||
internal:transport/proxy/indices:data/read/search[phase/query+fetch/scroll]
|
||||
internal:transport/proxy/indices:data/read/search[phase/query+fetch]
|
||||
internal:transport/proxy/indices:data/read/search[phase/query/id]
|
||||
internal:transport/proxy/indices:data/read/search[phase/query/query+fetch]
|
||||
internal:transport/proxy/indices:data/read/search[phase/query/scroll]
|
||||
internal:transport/proxy/indices:data/read/search[phase/query]
|
||||
indices:data/read/tv[s]
|
||||
indices:data/write/bulk[s]
|
||||
indices:data/write/bulk[s][p]
|
||||
|
||||
@ -30,6 +30,27 @@
|
||||
- '{"index": {"_index": "test_index", "_type": "test_type"}}'
|
||||
- '{"f1": "v5_mixed", "f2": 9}'
|
||||
|
||||
- do:
|
||||
index:
|
||||
index: test_index
|
||||
type: test_type
|
||||
id: d10
|
||||
body: {"f1": "v6_mixed", "f2": 10}
|
||||
|
||||
- do:
|
||||
index:
|
||||
index: test_index
|
||||
type: test_type
|
||||
id: d11
|
||||
body: {"f1": "v7_mixed", "f2": 11}
|
||||
|
||||
- do:
|
||||
index:
|
||||
index: test_index
|
||||
type: test_type
|
||||
id: d12
|
||||
body: {"f1": "v8_mixed", "f2": 12}
|
||||
|
||||
- do:
|
||||
indices.flush:
|
||||
index: test_index
|
||||
@ -38,4 +59,26 @@
|
||||
search:
|
||||
index: test_index
|
||||
|
||||
- match: { hits.total: 10 } # 5 docs from old cluster, 5 docs from mixed cluster
|
||||
- match: { hits.total: 13 } # 5 docs from old cluster, 8 docs from mixed cluster
|
||||
|
||||
- do:
|
||||
delete:
|
||||
index: test_index
|
||||
type: test_type
|
||||
id: d10
|
||||
|
||||
- do:
|
||||
delete:
|
||||
index: test_index
|
||||
type: test_type
|
||||
id: d11
|
||||
|
||||
- do:
|
||||
delete:
|
||||
index: test_index
|
||||
type: test_type
|
||||
id: d12
|
||||
|
||||
- do:
|
||||
indices.flush:
|
||||
index: test_index
|
||||
|
||||
@ -17,7 +17,7 @@ graph_explorer:
|
||||
- write
|
||||
- indices:admin/refresh
|
||||
- indices:admin/create
|
||||
|
||||
|
||||
|
||||
no_graph_explorer:
|
||||
cluster:
|
||||
@ -28,5 +28,6 @@ no_graph_explorer:
|
||||
privileges:
|
||||
- indices:data/read/search
|
||||
- indices:data/write/index
|
||||
- indices:data/write/bulk
|
||||
- indices:admin/refresh
|
||||
- indices:admin/create
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user