Fix loading of secured transports

Load transports in plugin. No need to specify any transport modules anymore.
Removed the transport modules.

Original commit: elastic/x-pack-elasticsearch@45f3245361
This commit is contained in:
Alexander Reelsen 2014-08-20 15:47:38 +02:00
parent 1728c2a381
commit 22862cd416
7 changed files with 43 additions and 31 deletions

View File

@ -17,6 +17,8 @@ import org.elasticsearch.shield.authc.AuthenticationModule;
import org.elasticsearch.shield.authz.AuthorizationModule; import org.elasticsearch.shield.authz.AuthorizationModule;
import org.elasticsearch.shield.n2n.N2NModule; import org.elasticsearch.shield.n2n.N2NModule;
import org.elasticsearch.shield.transport.SecuredTransportModule; import org.elasticsearch.shield.transport.SecuredTransportModule;
import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransportModule;
import org.elasticsearch.shield.transport.netty.NettySecuredTransportModule;
/** /**
* *
@ -54,6 +56,8 @@ public class SecurityModule extends AbstractModule implements SpawnModules, PreP
new AuthorizationModule(), new AuthorizationModule(),
new AuditTrailModule(settings), new AuditTrailModule(settings),
new N2NModule(), new N2NModule(),
new NettySecuredHttpServerTransportModule(),
new NettySecuredTransportModule(),
new SecuredTransportModule(settings)); new SecuredTransportModule(settings));
} }

View File

@ -7,8 +7,12 @@ package org.elasticsearch.shield.plugin;
import org.elasticsearch.common.collect.ImmutableList; import org.elasticsearch.common.collect.ImmutableList;
import org.elasticsearch.common.inject.Module; import org.elasticsearch.common.inject.Module;
import org.elasticsearch.http.HttpServerModule;
import org.elasticsearch.plugins.AbstractPlugin; import org.elasticsearch.plugins.AbstractPlugin;
import org.elasticsearch.shield.SecurityModule; import org.elasticsearch.shield.SecurityModule;
import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransport;
import org.elasticsearch.shield.transport.netty.NettySecuredTransport;
import org.elasticsearch.transport.TransportModule;
import java.util.Collection; import java.util.Collection;

View File

@ -6,16 +6,23 @@
package org.elasticsearch.shield.transport.netty; package org.elasticsearch.shield.transport.netty;
import org.elasticsearch.common.inject.AbstractModule; import org.elasticsearch.common.inject.AbstractModule;
import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.common.inject.Module;
import org.elasticsearch.common.inject.PreProcessModule;
import org.elasticsearch.http.HttpServerModule;
import org.elasticsearch.shield.plugin.SecurityPlugin;
/** /**
* *
*/ */
public class NettySecuredHttpServerTransportModule extends AbstractModule { public class NettySecuredHttpServerTransportModule extends AbstractModule implements PreProcessModule {
@Override @Override
protected void configure() { public void processModule(Module module) {
bind(HttpServerTransport.class).to(NettySecuredHttpServerTransport.class).asEagerSingleton(); if (module instanceof HttpServerModule) {
((HttpServerModule)module).setHttpServerTransport(NettySecuredHttpServerTransport.class, SecurityPlugin.NAME);
}
} }
@Override
protected void configure() {}
} }

View File

@ -6,15 +6,24 @@
package org.elasticsearch.shield.transport.netty; package org.elasticsearch.shield.transport.netty;
import org.elasticsearch.common.inject.AbstractModule; import org.elasticsearch.common.inject.AbstractModule;
import org.elasticsearch.transport.Transport; import org.elasticsearch.common.inject.Module;
import org.elasticsearch.common.inject.PreProcessModule;
import org.elasticsearch.shield.plugin.SecurityPlugin;
import org.elasticsearch.transport.TransportModule;
/** /**
* *
*/ */
public class NettySecuredTransportModule extends AbstractModule { public class NettySecuredTransportModule extends AbstractModule implements PreProcessModule {
@Override @Override
protected void configure() { public void processModule(Module module) {
bind(Transport.class).to(NettySecuredTransport.class).asEagerSingleton(); if (module instanceof TransportModule) {
((TransportModule)module).setTransport(NettySecuredTransport.class, SecurityPlugin.NAME);
}
} }
@Override
protected void configure() {}
} }

View File

@ -14,11 +14,8 @@ import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.shield.plugin.SecurityPlugin; import org.elasticsearch.shield.plugin.SecurityPlugin;
import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransportModule;
import org.elasticsearch.shield.transport.netty.NettySecuredTransportModule;
import org.elasticsearch.test.ElasticsearchIntegrationTest; import org.elasticsearch.test.ElasticsearchIntegrationTest;
import org.elasticsearch.transport.Transport; import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportModule;
import org.junit.Ignore; import org.junit.Ignore;
import org.junit.Test; import org.junit.Test;
@ -46,9 +43,7 @@ public class IpFilteringIntegrationTests extends ElasticsearchIntegrationTest {
.put("node.mode", "network") .put("node.mode", "network")
// todo http tests fail without an explicit IP (needs investigation) // todo http tests fail without an explicit IP (needs investigation)
.put("network.host", randomBoolean() ? "127.0.0.1" : "::1") .put("network.host", randomBoolean() ? "127.0.0.1" : "::1")
.put("http.type", NettySecuredHttpServerTransportModule.class.getName()) .put("plugin.types", SecurityPlugin.class.getName());
.put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName())
.put("plugin.types", N2NPlugin.class.getName());
//.put("shield.n2n.file", configFile.getPath()) //.put("shield.n2n.file", configFile.getPath())
if (OsUtils.MAC) { if (OsUtils.MAC) {
@ -67,7 +62,7 @@ public class IpFilteringIntegrationTests extends ElasticsearchIntegrationTest {
logger.info("Opening connection to {}", url); logger.info("Opening connection to {}", url);
HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection(); HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
connection.connect(); connection.connect();
connection.getResponseCode(); logger.info("HTTP connection response code [{}]", connection.getResponseCode());
} }
@Ignore("Need to investigate further, why this does not fail") @Ignore("Need to investigate further, why this does not fail")

View File

@ -22,8 +22,8 @@ import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.node.Node; import org.elasticsearch.node.Node;
import org.elasticsearch.node.NodeBuilder; import org.elasticsearch.node.NodeBuilder;
import org.elasticsearch.shield.n2n.N2NPlugin; import org.elasticsearch.shield.n2n.N2NPlugin;
import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransportModule; import org.elasticsearch.shield.plugin.SecurityPlugin;
import org.elasticsearch.shield.transport.netty.NettySecuredTransportModule; import org.elasticsearch.shield.transport.netty.NettySecuredTransport;
import org.elasticsearch.test.ElasticsearchIntegrationTest; import org.elasticsearch.test.ElasticsearchIntegrationTest;
import org.elasticsearch.test.junit.annotations.TestLogging; import org.elasticsearch.test.junit.annotations.TestLogging;
import org.elasticsearch.transport.Transport; import org.elasticsearch.transport.Transport;
@ -88,9 +88,7 @@ public class SslIntegrationTests extends ElasticsearchIntegrationTest {
.put("shield.http.ssl.truststore", testnodeStore.getPath()) .put("shield.http.ssl.truststore", testnodeStore.getPath())
.put("shield.http.ssl.truststore_password", "testnode") .put("shield.http.ssl.truststore_password", "testnode")
// SSL SETUP // SSL SETUP
.put("http.type", NettySecuredHttpServerTransportModule.class.getName()) .put("plugin.types", SecurityPlugin.class.getName())
.put("plugin.types", N2NPlugin.class.getName())
.put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName())
.put("shield.n2n.file", ipFilterFile.getPath()); .put("shield.n2n.file", ipFilterFile.getPath());
if (OsUtils.MAC) { if (OsUtils.MAC) {
@ -125,6 +123,7 @@ public class SslIntegrationTests extends ElasticsearchIntegrationTest {
} }
@Test @Test
@TestLogging("_root:DEBUG")
public void testConnectNodeWorks() throws Exception { public void testConnectNodeWorks() throws Exception {
try (Node node = NodeBuilder.nodeBuilder().settings(getSettings("ssl_node")).node().start()) { try (Node node = NodeBuilder.nodeBuilder().settings(getSettings("ssl_node")).node().start()) {
try (Client client = node.client()) { try (Client client = node.client()) {
@ -227,7 +226,7 @@ public class SslIntegrationTests extends ElasticsearchIntegrationTest {
.put("shield.transport.ssl.truststore", testClientTrustStore .getPath()) .put("shield.transport.ssl.truststore", testClientTrustStore .getPath())
.put("shield.transport.ssl.truststore_password", "testclient") .put("shield.transport.ssl.truststore_password", "testclient")
.put("discovery.zen.ping.multicast.ping.enabled", false) .put("discovery.zen.ping.multicast.ping.enabled", false)
.put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName()) .put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransport.class.getName())
.put("shield.n2n.file", ipFilterFile.getPath()) .put("shield.n2n.file", ipFilterFile.getPath())
.put("cluster.name", internalCluster().getClusterName()); .put("cluster.name", internalCluster().getClusterName());
} }

View File

@ -16,11 +16,9 @@ import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.shield.n2n.N2NPlugin; import org.elasticsearch.shield.n2n.N2NPlugin;
import org.elasticsearch.shield.transport.netty.NettySecuredHttpServerTransportModule; import org.elasticsearch.shield.plugin.SecurityPlugin;
import org.elasticsearch.shield.transport.netty.NettySecuredTransportModule;
import org.elasticsearch.test.ElasticsearchIntegrationTest; import org.elasticsearch.test.ElasticsearchIntegrationTest;
import org.elasticsearch.test.junit.annotations.TestLogging; import org.elasticsearch.test.junit.annotations.TestLogging;
import org.elasticsearch.transport.TransportModule;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.ClassRule; import org.junit.ClassRule;
import org.junit.Test; import org.junit.Test;
@ -91,11 +89,7 @@ public class SslRequireAuthTests extends ElasticsearchIntegrationTest {
.put("shield.http.ssl.keystore_password", "testnode") .put("shield.http.ssl.keystore_password", "testnode")
.put("shield.http.ssl.truststore", testnodeStore.getPath()) .put("shield.http.ssl.truststore", testnodeStore.getPath())
.put("shield.http.ssl.truststore_password", "testnode") .put("shield.http.ssl.truststore_password", "testnode")
// SSL SETUP .put("plugin.types", SecurityPlugin.class.getName())
.put("http.type", NettySecuredHttpServerTransportModule.class.getName())
.put(TransportModule.TRANSPORT_TYPE_KEY, NettySecuredTransportModule.class.getName())
.put("plugins.load_classpath_plugins", false)
.put("plugin.types", N2NPlugin.class.getName())
.put("shield.n2n.file", ipFilterFile.getPath()); .put("shield.n2n.file", ipFilterFile.getPath());
if (OsUtils.MAC) { if (OsUtils.MAC) {