Fix loading of secured transports
Load transports in plugin. No need to specify any transport modules anymore. Removed the transport modules. Original commit: elastic/x-pack-elasticsearch@45f3245361
This commit is contained in:
parent
1728c2a381
commit
22862cd416
|
@ -17,6 +17,8 @@ import org.elasticsearch.shield.authc.AuthenticationModule;
|
||||||
import org.elasticsearch.shield.authz.AuthorizationModule;
|
import org.elasticsearch.shield.authz.AuthorizationModule;
|
||||||
import org.elasticsearch.shield.n2n.N2NModule;
|
import org.elasticsearch.shield.n2n.N2NModule;
|
||||||
import org.elasticsearch.shield.transport.SecuredTransportModule;
|
import org.elasticsearch.shield.transport.SecuredTransportModule;
|
||||||
|
import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransportModule;
|
||||||
|
import org.elasticsearch.shield.transport.netty.NettySecuredTransportModule;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
|
@ -54,6 +56,8 @@ public class SecurityModule extends AbstractModule implements SpawnModules, PreP
|
||||||
new AuthorizationModule(),
|
new AuthorizationModule(),
|
||||||
new AuditTrailModule(settings),
|
new AuditTrailModule(settings),
|
||||||
new N2NModule(),
|
new N2NModule(),
|
||||||
|
new NettySecuredHttpServerTransportModule(),
|
||||||
|
new NettySecuredTransportModule(),
|
||||||
new SecuredTransportModule(settings));
|
new SecuredTransportModule(settings));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -7,8 +7,12 @@ package org.elasticsearch.shield.plugin;
|
||||||
|
|
||||||
import org.elasticsearch.common.collect.ImmutableList;
|
import org.elasticsearch.common.collect.ImmutableList;
|
||||||
import org.elasticsearch.common.inject.Module;
|
import org.elasticsearch.common.inject.Module;
|
||||||
|
import org.elasticsearch.http.HttpServerModule;
|
||||||
import org.elasticsearch.plugins.AbstractPlugin;
|
import org.elasticsearch.plugins.AbstractPlugin;
|
||||||
import org.elasticsearch.shield.SecurityModule;
|
import org.elasticsearch.shield.SecurityModule;
|
||||||
|
import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransport;
|
||||||
|
import org.elasticsearch.shield.transport.netty.NettySecuredTransport;
|
||||||
|
import org.elasticsearch.transport.TransportModule;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
||||||
|
|
|
@ -6,16 +6,23 @@
|
||||||
package org.elasticsearch.shield.transport.netty;
|
package org.elasticsearch.shield.transport.netty;
|
||||||
|
|
||||||
import org.elasticsearch.common.inject.AbstractModule;
|
import org.elasticsearch.common.inject.AbstractModule;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
import org.elasticsearch.common.inject.Module;
|
||||||
|
import org.elasticsearch.common.inject.PreProcessModule;
|
||||||
|
import org.elasticsearch.http.HttpServerModule;
|
||||||
|
import org.elasticsearch.shield.plugin.SecurityPlugin;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public class NettySecuredHttpServerTransportModule extends AbstractModule {
|
public class NettySecuredHttpServerTransportModule extends AbstractModule implements PreProcessModule {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure() {
|
public void processModule(Module module) {
|
||||||
bind(HttpServerTransport.class).to(NettySecuredHttpServerTransport.class).asEagerSingleton();
|
if (module instanceof HttpServerModule) {
|
||||||
|
((HttpServerModule)module).setHttpServerTransport(NettySecuredHttpServerTransport.class, SecurityPlugin.NAME);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure() {}
|
||||||
}
|
}
|
|
@ -6,15 +6,24 @@
|
||||||
package org.elasticsearch.shield.transport.netty;
|
package org.elasticsearch.shield.transport.netty;
|
||||||
|
|
||||||
import org.elasticsearch.common.inject.AbstractModule;
|
import org.elasticsearch.common.inject.AbstractModule;
|
||||||
import org.elasticsearch.transport.Transport;
|
import org.elasticsearch.common.inject.Module;
|
||||||
|
import org.elasticsearch.common.inject.PreProcessModule;
|
||||||
|
import org.elasticsearch.shield.plugin.SecurityPlugin;
|
||||||
|
import org.elasticsearch.transport.TransportModule;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public class NettySecuredTransportModule extends AbstractModule {
|
public class NettySecuredTransportModule extends AbstractModule implements PreProcessModule {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure() {
|
public void processModule(Module module) {
|
||||||
bind(Transport.class).to(NettySecuredTransport.class).asEagerSingleton();
|
if (module instanceof TransportModule) {
|
||||||
|
((TransportModule)module).setTransport(NettySecuredTransport.class, SecurityPlugin.NAME);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure() {}
|
||||||
|
|
||||||
}
|
}
|
|
@ -14,11 +14,8 @@ import org.elasticsearch.common.transport.InetSocketTransportAddress;
|
||||||
import org.elasticsearch.common.transport.TransportAddress;
|
import org.elasticsearch.common.transport.TransportAddress;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
import org.elasticsearch.http.HttpServerTransport;
|
||||||
import org.elasticsearch.shield.plugin.SecurityPlugin;
|
import org.elasticsearch.shield.plugin.SecurityPlugin;
|
||||||
import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransportModule;
|
|
||||||
import org.elasticsearch.shield.transport.netty.NettySecuredTransportModule;
|
|
||||||
import org.elasticsearch.test.ElasticsearchIntegrationTest;
|
import org.elasticsearch.test.ElasticsearchIntegrationTest;
|
||||||
import org.elasticsearch.transport.Transport;
|
import org.elasticsearch.transport.Transport;
|
||||||
import org.elasticsearch.transport.TransportModule;
|
|
||||||
import org.junit.Ignore;
|
import org.junit.Ignore;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
|
@ -46,9 +43,7 @@ public class IpFilteringIntegrationTests extends ElasticsearchIntegrationTest {
|
||||||
.put("node.mode", "network")
|
.put("node.mode", "network")
|
||||||
// todo http tests fail without an explicit IP (needs investigation)
|
// todo http tests fail without an explicit IP (needs investigation)
|
||||||
.put("network.host", randomBoolean() ? "127.0.0.1" : "::1")
|
.put("network.host", randomBoolean() ? "127.0.0.1" : "::1")
|
||||||
.put("http.type", NettySecuredHttpServerTransportModule.class.getName())
|
.put("plugin.types", SecurityPlugin.class.getName());
|
||||||
.put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName())
|
|
||||||
.put("plugin.types", N2NPlugin.class.getName());
|
|
||||||
//.put("shield.n2n.file", configFile.getPath())
|
//.put("shield.n2n.file", configFile.getPath())
|
||||||
|
|
||||||
if (OsUtils.MAC) {
|
if (OsUtils.MAC) {
|
||||||
|
@ -67,7 +62,7 @@ public class IpFilteringIntegrationTests extends ElasticsearchIntegrationTest {
|
||||||
logger.info("Opening connection to {}", url);
|
logger.info("Opening connection to {}", url);
|
||||||
HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
|
HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
|
||||||
connection.connect();
|
connection.connect();
|
||||||
connection.getResponseCode();
|
logger.info("HTTP connection response code [{}]", connection.getResponseCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Ignore("Need to investigate further, why this does not fail")
|
@Ignore("Need to investigate further, why this does not fail")
|
||||||
|
|
|
@ -22,8 +22,8 @@ import org.elasticsearch.http.HttpServerTransport;
|
||||||
import org.elasticsearch.node.Node;
|
import org.elasticsearch.node.Node;
|
||||||
import org.elasticsearch.node.NodeBuilder;
|
import org.elasticsearch.node.NodeBuilder;
|
||||||
import org.elasticsearch.shield.n2n.N2NPlugin;
|
import org.elasticsearch.shield.n2n.N2NPlugin;
|
||||||
import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransportModule;
|
import org.elasticsearch.shield.plugin.SecurityPlugin;
|
||||||
import org.elasticsearch.shield.transport.netty.NettySecuredTransportModule;
|
import org.elasticsearch.shield.transport.netty.NettySecuredTransport;
|
||||||
import org.elasticsearch.test.ElasticsearchIntegrationTest;
|
import org.elasticsearch.test.ElasticsearchIntegrationTest;
|
||||||
import org.elasticsearch.test.junit.annotations.TestLogging;
|
import org.elasticsearch.test.junit.annotations.TestLogging;
|
||||||
import org.elasticsearch.transport.Transport;
|
import org.elasticsearch.transport.Transport;
|
||||||
|
@ -88,9 +88,7 @@ public class SslIntegrationTests extends ElasticsearchIntegrationTest {
|
||||||
.put("shield.http.ssl.truststore", testnodeStore.getPath())
|
.put("shield.http.ssl.truststore", testnodeStore.getPath())
|
||||||
.put("shield.http.ssl.truststore_password", "testnode")
|
.put("shield.http.ssl.truststore_password", "testnode")
|
||||||
// SSL SETUP
|
// SSL SETUP
|
||||||
.put("http.type", NettySecuredHttpServerTransportModule.class.getName())
|
.put("plugin.types", SecurityPlugin.class.getName())
|
||||||
.put("plugin.types", N2NPlugin.class.getName())
|
|
||||||
.put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName())
|
|
||||||
.put("shield.n2n.file", ipFilterFile.getPath());
|
.put("shield.n2n.file", ipFilterFile.getPath());
|
||||||
|
|
||||||
if (OsUtils.MAC) {
|
if (OsUtils.MAC) {
|
||||||
|
@ -125,6 +123,7 @@ public class SslIntegrationTests extends ElasticsearchIntegrationTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@TestLogging("_root:DEBUG")
|
||||||
public void testConnectNodeWorks() throws Exception {
|
public void testConnectNodeWorks() throws Exception {
|
||||||
try (Node node = NodeBuilder.nodeBuilder().settings(getSettings("ssl_node")).node().start()) {
|
try (Node node = NodeBuilder.nodeBuilder().settings(getSettings("ssl_node")).node().start()) {
|
||||||
try (Client client = node.client()) {
|
try (Client client = node.client()) {
|
||||||
|
@ -227,7 +226,7 @@ public class SslIntegrationTests extends ElasticsearchIntegrationTest {
|
||||||
.put("shield.transport.ssl.truststore", testClientTrustStore .getPath())
|
.put("shield.transport.ssl.truststore", testClientTrustStore .getPath())
|
||||||
.put("shield.transport.ssl.truststore_password", "testclient")
|
.put("shield.transport.ssl.truststore_password", "testclient")
|
||||||
.put("discovery.zen.ping.multicast.ping.enabled", false)
|
.put("discovery.zen.ping.multicast.ping.enabled", false)
|
||||||
.put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName())
|
.put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransport.class.getName())
|
||||||
.put("shield.n2n.file", ipFilterFile.getPath())
|
.put("shield.n2n.file", ipFilterFile.getPath())
|
||||||
.put("cluster.name", internalCluster().getClusterName());
|
.put("cluster.name", internalCluster().getClusterName());
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,11 +16,9 @@ import org.elasticsearch.common.transport.InetSocketTransportAddress;
|
||||||
import org.elasticsearch.common.transport.TransportAddress;
|
import org.elasticsearch.common.transport.TransportAddress;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
import org.elasticsearch.http.HttpServerTransport;
|
||||||
import org.elasticsearch.shield.n2n.N2NPlugin;
|
import org.elasticsearch.shield.n2n.N2NPlugin;
|
||||||
import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransportModule;
|
import org.elasticsearch.shield.plugin.SecurityPlugin;
|
||||||
import org.elasticsearch.shield.transport.netty.NettySecuredTransportModule;
|
|
||||||
import org.elasticsearch.test.ElasticsearchIntegrationTest;
|
import org.elasticsearch.test.ElasticsearchIntegrationTest;
|
||||||
import org.elasticsearch.test.junit.annotations.TestLogging;
|
import org.elasticsearch.test.junit.annotations.TestLogging;
|
||||||
import org.elasticsearch.transport.TransportModule;
|
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
import org.junit.ClassRule;
|
import org.junit.ClassRule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
@ -91,11 +89,7 @@ public class SslRequireAuthTests extends ElasticsearchIntegrationTest {
|
||||||
.put("shield.http.ssl.keystore_password", "testnode")
|
.put("shield.http.ssl.keystore_password", "testnode")
|
||||||
.put("shield.http.ssl.truststore", testnodeStore.getPath())
|
.put("shield.http.ssl.truststore", testnodeStore.getPath())
|
||||||
.put("shield.http.ssl.truststore_password", "testnode")
|
.put("shield.http.ssl.truststore_password", "testnode")
|
||||||
// SSL SETUP
|
.put("plugin.types", SecurityPlugin.class.getName())
|
||||||
.put("http.type", NettySecuredHttpServerTransportModule.class.getName())
|
|
||||||
.put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName())
|
|
||||||
.put("plugins.load_classpath_plugins", false)
|
|
||||||
.put("plugin.types", N2NPlugin.class.getName())
|
|
||||||
.put("shield.n2n.file", ipFilterFile.getPath());
|
.put("shield.n2n.file", ipFilterFile.getPath());
|
||||||
|
|
||||||
if (OsUtils.MAC) {
|
if (OsUtils.MAC) {
|
||||||
|
|
Loading…
Reference in New Issue