diff --git a/marvel/src/test/java/org/elasticsearch/marvel/test/MarvelIntegTestCase.java b/marvel/src/test/java/org/elasticsearch/marvel/test/MarvelIntegTestCase.java index c9b73c79c46..1a3b7b77394 100644 --- a/marvel/src/test/java/org/elasticsearch/marvel/test/MarvelIntegTestCase.java +++ b/marvel/src/test/java/org/elasticsearch/marvel/test/MarvelIntegTestCase.java @@ -16,8 +16,8 @@ import org.elasticsearch.common.Strings; import org.elasticsearch.common.io.Streams; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.CountDown; +import org.elasticsearch.index.IndexModule; import org.elasticsearch.index.IndexNotFoundException; -import org.elasticsearch.index.cache.IndexCacheModule; import org.elasticsearch.license.plugin.LicensePlugin; import org.elasticsearch.marvel.MarvelPlugin; import org.elasticsearch.marvel.agent.AgentService; @@ -414,7 +414,7 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase { .put("shield.audit.enabled", auditLogsEnabled) // Test framework sometimes randomily selects the 'index' or 'none' cache and that makes the // validation in ShieldPlugin fail. Shield can only run with this query cache impl - .put(IndexCacheModule.QUERY_CACHE_TYPE, ShieldPlugin.OPT_OUT_QUERY_CACHE); + .put(IndexModule.QUERY_CACHE_TYPE, ShieldPlugin.OPT_OUT_QUERY_CACHE); } catch (IOException ex) { throw new RuntimeException("failed to build settings for shield", ex); } diff --git a/shield/src/main/java/org/elasticsearch/index/ProtectedServiceInstaller.java b/shield/src/main/java/org/elasticsearch/index/ProtectedServiceInstaller.java new file mode 100644 index 00000000000..90805ccd2ff --- /dev/null +++ b/shield/src/main/java/org/elasticsearch/index/ProtectedServiceInstaller.java @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.index; + +import org.elasticsearch.shield.ShieldPlugin; +import org.elasticsearch.shield.authz.accesscontrol.OptOutQueryCache; +import org.elasticsearch.shield.authz.accesscontrol.ShieldIndexSearcherWrapper; + +/** + * This class installs package protected extension points on the {@link IndexModule} + */ +public class ProtectedServiceInstaller { + + public static void install(IndexModule module, boolean clientMode) { + module.indexSearcherWrapper = ShieldIndexSearcherWrapper.class; + if (clientMode == false) { + module.registerQueryCache(ShieldPlugin.OPT_OUT_QUERY_CACHE, OptOutQueryCache::new); + } + } + +} diff --git a/shield/src/main/java/org/elasticsearch/index/SearcherWrapperInstaller.java b/shield/src/main/java/org/elasticsearch/index/SearcherWrapperInstaller.java deleted file mode 100644 index 6f1a254b92d..00000000000 --- a/shield/src/main/java/org/elasticsearch/index/SearcherWrapperInstaller.java +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.index; - -import org.elasticsearch.shield.authz.accesscontrol.ShieldIndexSearcherWrapper; - -public class SearcherWrapperInstaller { - - public static void install(IndexModule module) { - module.indexSearcherWrapper = ShieldIndexSearcherWrapper.class; - } - -} diff --git a/shield/src/main/java/org/elasticsearch/shield/ShieldPlugin.java b/shield/src/main/java/org/elasticsearch/shield/ShieldPlugin.java index e26df0606e0..49eebf04d06 100644 --- a/shield/src/main/java/org/elasticsearch/shield/ShieldPlugin.java +++ b/shield/src/main/java/org/elasticsearch/shield/ShieldPlugin.java @@ -16,7 +16,6 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.http.HttpServerModule; import org.elasticsearch.index.IndexModule; -import org.elasticsearch.index.cache.IndexCacheModule; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.rest.RestModule; import org.elasticsearch.shield.action.ShieldActionFilter; @@ -30,7 +29,7 @@ import org.elasticsearch.shield.authc.Realms; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.authz.AuthorizationModule; -import org.elasticsearch.index.SearcherWrapperInstaller; +import org.elasticsearch.index.ProtectedServiceInstaller; import org.elasticsearch.shield.authz.accesscontrol.OptOutQueryCache; import org.elasticsearch.shield.authz.store.FileRolesStore; import org.elasticsearch.shield.crypto.CryptoModule; @@ -154,7 +153,7 @@ public class ShieldPlugin extends Plugin { if (enabled == false) { return; } - SearcherWrapperInstaller.install(module); + ProtectedServiceInstaller.install(module, clientMode); } public void onModule(ActionModule module) { @@ -202,12 +201,6 @@ public class ShieldPlugin extends Plugin { } } - public void onModule(IndexCacheModule module) { - if (enabled && clientMode == false) { - module.registerQueryCache(OPT_OUT_QUERY_CACHE, OptOutQueryCache.class); - } - } - private void addUserSettings(Settings.Builder settingsBuilder) { String authHeaderSettingName = Headers.PREFIX + "." + UsernamePasswordToken.BASIC_AUTH_HEADER; if (settings.get(authHeaderSettingName) != null) { @@ -273,7 +266,7 @@ public class ShieldPlugin extends Plugin { unauthorized users. */ private void addQueryCacheSettings(Settings.Builder settingsBuilder) { - settingsBuilder.put(IndexCacheModule.QUERY_CACHE_TYPE, OPT_OUT_QUERY_CACHE); + settingsBuilder.put(IndexModule.QUERY_CACHE_TYPE, OPT_OUT_QUERY_CACHE); } private static boolean isShieldMandatory(String[] existingMandatoryPlugins) { @@ -307,12 +300,12 @@ public class ShieldPlugin extends Plugin { // in case this are node settings then the plugin additional settings have not been applied yet, // so we use 'opt_out_cache' as default. So in that case we only fail if the node settings contain // another cache impl than 'opt_out_cache'. - queryCacheImplementation = settings.get(IndexCacheModule.QUERY_CACHE_TYPE, OPT_OUT_QUERY_CACHE); + queryCacheImplementation = settings.get(IndexModule.QUERY_CACHE_TYPE, OPT_OUT_QUERY_CACHE); } else { - queryCacheImplementation = settings.get(IndexCacheModule.QUERY_CACHE_TYPE); + queryCacheImplementation = settings.get(IndexModule.QUERY_CACHE_TYPE); } if (OPT_OUT_QUERY_CACHE.equals(queryCacheImplementation) == false) { - throw new IllegalStateException("shield does not support a user specified query cache. remove the setting [" + IndexCacheModule.QUERY_CACHE_TYPE + "] with value [" + queryCacheImplementation + "]"); + throw new IllegalStateException("shield does not support a user specified query cache. remove the setting [" + IndexModule.QUERY_CACHE_TYPE + "] with value [" + queryCacheImplementation + "]"); } } } diff --git a/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/OptOutQueryCache.java b/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/OptOutQueryCache.java index 34ab50e17b5..11b70b3e773 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/OptOutQueryCache.java +++ b/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/OptOutQueryCache.java @@ -9,9 +9,7 @@ import org.apache.lucene.search.QueryCachingPolicy; import org.apache.lucene.search.Weight; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.support.broadcast.BroadcastShardRequest; -import org.elasticsearch.common.inject.Inject; import org.elasticsearch.index.AbstractIndexComponent; -import org.elasticsearch.index.Index; import org.elasticsearch.index.IndexSettings; import org.elasticsearch.index.cache.query.QueryCache; import org.elasticsearch.indices.cache.query.IndicesQueryCache; @@ -25,7 +23,6 @@ public final class OptOutQueryCache extends AbstractIndexComponent implements Qu final IndicesQueryCache indicesQueryCache; - @Inject public OptOutQueryCache(IndexSettings indexSettings, IndicesQueryCache indicesQueryCache) { super(indexSettings); this.indicesQueryCache = indicesQueryCache; diff --git a/shield/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java b/shield/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java index 3038fe57b60..54687e44d22 100644 --- a/shield/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java +++ b/shield/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java @@ -7,7 +7,7 @@ package org.elasticsearch.integration; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.index.cache.IndexCacheModule; +import org.elasticsearch.index.IndexModule; import org.elasticsearch.shield.authc.support.Hasher; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.test.ShieldIntegTestCase; @@ -95,7 +95,7 @@ public class DocumentAndFieldLevelSecurityTests extends ShieldIntegTestCase { public void testQueryCache() throws Exception { assertAcked(client().admin().indices().prepareCreate("test") - .setSettings(Settings.builder().put(IndexCacheModule.QUERY_CACHE_EVERYTHING, true)) + .setSettings(Settings.builder().put(IndexModule.QUERY_CACHE_EVERYTHING, true)) .addMapping("type1", "field1", "type=string", "field2", "type=string") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1") diff --git a/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java b/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java index 5063a1de1a3..606e0808e28 100644 --- a/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java +++ b/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java @@ -6,7 +6,6 @@ package org.elasticsearch.integration; import org.elasticsearch.ElasticsearchSecurityException; -import org.elasticsearch.Version; import org.elasticsearch.action.fieldstats.FieldStatsResponse; import org.elasticsearch.action.get.GetResponse; import org.elasticsearch.action.get.MultiGetResponse; @@ -16,9 +15,8 @@ import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.termvectors.MultiTermVectorsResponse; import org.elasticsearch.action.termvectors.TermVectorsRequest; import org.elasticsearch.action.termvectors.TermVectorsResponse; -import org.elasticsearch.cluster.metadata.IndexMetaData; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.index.cache.IndexCacheModule; +import org.elasticsearch.index.IndexModule; import org.elasticsearch.indices.cache.request.IndicesRequestCache; import org.elasticsearch.rest.RestStatus; import org.elasticsearch.search.aggregations.AggregationBuilders; @@ -357,7 +355,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase { public void testQueryCache() throws Exception { assertAcked(client().admin().indices().prepareCreate("test") - .setSettings(Settings.builder().put(IndexCacheModule.QUERY_CACHE_EVERYTHING, true)) + .setSettings(Settings.builder().put(IndexModule.QUERY_CACHE_EVERYTHING, true)) .addMapping("type1", "field1", "type=string", "field2", "type=string") ); client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2") diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java index e70e12a8bba..7d7e2060d85 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java @@ -17,8 +17,8 @@ import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.*; import org.elasticsearch.env.Environment; +import org.elasticsearch.index.IndexModule; import org.elasticsearch.index.IndexNotFoundException; -import org.elasticsearch.index.cache.IndexCacheModule; import org.elasticsearch.rest.RestRequest; import org.elasticsearch.search.SearchHit; import org.elasticsearch.shield.ShieldPlugin; @@ -149,7 +149,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { // For tests we forcefully configure Shield's custom query cache because the test framework randomizes the query cache impl, // but if shield is disabled then we don't need to forcefully set the query cache if (useShield == false) { - builder.remove(IndexCacheModule.QUERY_CACHE_TYPE); + builder.remove(IndexModule.QUERY_CACHE_TYPE); } return builder.build(); } diff --git a/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java b/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java index 5b387336e8e..8ca9d1542ba 100644 --- a/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java +++ b/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java @@ -9,7 +9,7 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.client.support.Headers; import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.index.cache.IndexCacheModule; +import org.elasticsearch.index.IndexModule; import org.elasticsearch.license.plugin.LicensePlugin; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.shield.ShieldPlugin; @@ -125,7 +125,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ .put("shield.authz.store.files.roles", writeFile(folder, "roles.yml", configRoles())) // Test framework sometimes randomily selects the 'index' or 'none' cache and that makes the // validation in ShieldPlugin fail. - .put(IndexCacheModule.QUERY_CACHE_TYPE, ShieldPlugin.OPT_OUT_QUERY_CACHE) + .put(IndexModule.QUERY_CACHE_TYPE, ShieldPlugin.OPT_OUT_QUERY_CACHE) .put(getNodeSSLSettings()); setUser(builder, nodeClientUsername(), nodeClientPassword()); diff --git a/watcher/src/test/java/org/elasticsearch/watcher/test/AbstractWatcherIntegrationTestCase.java b/watcher/src/test/java/org/elasticsearch/watcher/test/AbstractWatcherIntegrationTestCase.java index 1433ec914e1..a51f26ae505 100644 --- a/watcher/src/test/java/org/elasticsearch/watcher/test/AbstractWatcherIntegrationTestCase.java +++ b/watcher/src/test/java/org/elasticsearch/watcher/test/AbstractWatcherIntegrationTestCase.java @@ -18,7 +18,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.Callback; import org.elasticsearch.common.xcontent.XContentHelper; import org.elasticsearch.common.xcontent.support.XContentMapValues; -import org.elasticsearch.index.cache.IndexCacheModule; +import org.elasticsearch.index.IndexModule; import org.elasticsearch.index.query.QueryBuilder; import org.elasticsearch.license.plugin.LicensePlugin; import org.elasticsearch.plugins.Plugin; @@ -644,7 +644,7 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase .put("shield.audit.enabled", auditLogsEnabled) // Test framework sometimes randomily selects the 'index' or 'none' cache and that makes the // validation in ShieldPlugin fail. Shield can only run with this query cache impl - .put(IndexCacheModule.QUERY_CACHE_TYPE, ShieldPlugin.OPT_OUT_QUERY_CACHE) + .put(IndexModule.QUERY_CACHE_TYPE, ShieldPlugin.OPT_OUT_QUERY_CACHE) .build(); } catch (IOException ex) { throw new RuntimeException("failed to build settings for shield", ex);