Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback
Conflicts: docs/structured/authentication/esusers.asciidoc docs/structured/authentication/ldap.asciidoc Original commit: elastic/x-pack-elasticsearch@c270c60d27
This commit is contained in:
Paul Echeverri
commit
2df57f0259
|
|
@ -39,7 +39,6 @@ import java.util.Map;
|
|||
public class FileUserPasswdStore extends AbstractComponent implements UserPasswdStore {
|
||||
|
||||
private final Path file;
|
||||
private final FileWatcher watcher;
|
||||
final Hasher hasher = Hasher.HTPASSWD;
|
||||
|
||||
private volatile ImmutableMap<String, char[]> esUsers;
|
||||
|
|
@ -55,9 +54,9 @@ public class FileUserPasswdStore extends AbstractComponent implements UserPasswd
|
|||
super(settings);
|
||||
file = resolveFile(settings, env);
|
||||
esUsers = parseFile(file, logger);
|
||||
watcher = new FileWatcher(file.getParent().toFile());
|
||||
FileWatcher watcher = new FileWatcher(file.getParent().toFile());
|
||||
watcher.addListener(new FileListener());
|
||||
watcherService.add(watcher);
|
||||
watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH);
|
||||
this.listener = listener;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ public class FileUserRolesStore extends AbstractComponent implements UserRolesSt
|
|||
userRoles = parseFile(file, logger);
|
||||
FileWatcher watcher = new FileWatcher(file.getParent().toFile());
|
||||
watcher.addListener(new FileListener());
|
||||
watcherService.add(watcher);
|
||||
watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH);
|
||||
this.listener = listener;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ public class ActiveDirectoryConnectionFactory extends AbstractComponent implemen
|
|||
public static final String AD_DOMAIN_NAME_SETTING = "domain_name";
|
||||
public static final String AD_PORT = "default_port";
|
||||
public static final String AD_USER_SEARCH_BASEDN_SETTING = "user_search_dn";
|
||||
static final String MODE_NAME = "active_directory";
|
||||
|
||||
private final ImmutableMap<String, Serializable> sharedLdapEnv;
|
||||
private final String userSearchDN;
|
||||
|
|
@ -47,8 +48,9 @@ public class ActiveDirectoryConnectionFactory extends AbstractComponent implemen
|
|||
throw new ShieldException("Missing [" + AD_DOMAIN_NAME_SETTING + "] setting for active directory");
|
||||
}
|
||||
userSearchDN = componentSettings.get(AD_USER_SEARCH_BASEDN_SETTING, buildDnFromDomain(domainName));
|
||||
int port = componentSettings.getAsInt(AD_PORT, 389);
|
||||
String[] ldapUrls = componentSettings.getAsArray(URLS_SETTING, new String[] { "ldap://" + domainName + ":" + port });
|
||||
int port = componentSettings.getAsInt(AD_PORT, 636);
|
||||
String protocol = port == 389 ? "ldap://" : "ldaps://";
|
||||
String[] ldapUrls = componentSettings.getAsArray(URLS_SETTING, new String[] { protocol + domainName + ":" + port });
|
||||
|
||||
ImmutableMap.Builder<String, Serializable> builder = ImmutableMap.<String, Serializable>builder()
|
||||
.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory")
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ public class LdapGroupToRoleMapper extends AbstractComponent {
|
|||
groupRoles = parseFile(file, logger);
|
||||
FileWatcher watcher = new FileWatcher(file.getParent().toFile());
|
||||
watcher.addListener(new FileListener());
|
||||
watcherService.add(watcher);
|
||||
watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH);
|
||||
this.listener = listener;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ package org.elasticsearch.shield.authc.ldap;
|
|||
|
||||
import org.elasticsearch.common.inject.util.Providers;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.shield.ShieldSettingsException;
|
||||
import org.elasticsearch.shield.authc.Realm;
|
||||
import org.elasticsearch.shield.support.AbstractShieldModule;
|
||||
|
||||
|
|
@ -16,7 +17,6 @@ import static org.elasticsearch.common.inject.name.Names.named;
|
|||
* Configures Ldap object injections
|
||||
*/
|
||||
public class LdapModule extends AbstractShieldModule.Node {
|
||||
|
||||
private final boolean enabled;
|
||||
|
||||
public LdapModule(Settings settings) {
|
||||
|
|
@ -34,14 +34,17 @@ public class LdapModule extends AbstractShieldModule.Node {
|
|||
|
||||
bind(Realm.class).annotatedWith(named(LdapRealm.TYPE)).to(LdapRealm.class).asEagerSingleton();
|
||||
bind(LdapGroupToRoleMapper.class).asEagerSingleton();
|
||||
String mode = settings.getComponentSettings(LdapModule.class).get("mode", "ldap");
|
||||
if ("ldap".equals(mode)) {
|
||||
String mode = settings.getComponentSettings(LdapModule.class).get("mode", StandardLdapConnectionFactory.MODE_NAME);
|
||||
if (StandardLdapConnectionFactory.MODE_NAME.equals(mode)) {
|
||||
bind(LdapConnectionFactory.class).to(StandardLdapConnectionFactory.class);
|
||||
} else {
|
||||
} else if (ActiveDirectoryConnectionFactory.MODE_NAME.equals(mode)) {
|
||||
bind(LdapConnectionFactory.class).to(ActiveDirectoryConnectionFactory.class);
|
||||
} else {
|
||||
throw new ShieldSettingsException("LDAP is enabled but mode [" + mode + "] does not match [" +
|
||||
StandardLdapConnectionFactory.MODE_NAME + "] or [" + ActiveDirectoryConnectionFactory.MODE_NAME +"]");
|
||||
}
|
||||
} else {
|
||||
bind(LdapRealm.class).toProvider(Providers.of((LdapRealm) null));
|
||||
bind(LdapRealm.class).toProvider(Providers.<LdapRealm>of(null));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -29,10 +29,10 @@ import java.util.Hashtable;
|
|||
* for each user context would need to be supplied.
|
||||
*/
|
||||
public class StandardLdapConnectionFactory extends AbstractComponent implements LdapConnectionFactory {
|
||||
|
||||
public static final String USER_DN_TEMPLATES_SETTING = "user_dn_templates";
|
||||
public static final String GROUP_SEARCH_SUBTREE_SETTING = "group_search.subtree_search";
|
||||
public static final String GROUP_SEARCH_BASEDN_SETTING = "group_search.group_search_dn";
|
||||
static final String MODE_NAME = "ldap";
|
||||
|
||||
private final ImmutableMap<String, Serializable> sharedLdapEnv;
|
||||
private final String[] userDnTemplates;
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ public class IPFilteringN2NAuthenticator extends AbstractComponent implements N2
|
|||
rules = parseFile(file, logger);
|
||||
FileWatcher watcher = new FileWatcher(file.getParent().toFile());
|
||||
watcher.addListener(new FileListener());
|
||||
watcherService.add(watcher);
|
||||
watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH);
|
||||
}
|
||||
|
||||
private Path resolveFile(Settings settings, Environment env) {
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ public class FileUserPasswdStoreTests extends ElasticsearchTestCase {
|
|||
Files.copy(users, Files.newOutputStream(tmp));
|
||||
|
||||
Settings settings = ImmutableSettings.builder()
|
||||
.put("watcher.interval", "2s")
|
||||
.put("watcher.interval.high", "2s")
|
||||
.put("shield.authc.esusers.files.users", tmp.toAbsolutePath())
|
||||
.build();
|
||||
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ public class FileUserRolesStoreTests extends ElasticsearchTestCase {
|
|||
Files.copy(users, Files.newOutputStream(tmp));
|
||||
|
||||
Settings settings = ImmutableSettings.builder()
|
||||
.put("watcher.interval", "2s")
|
||||
.put("watcher.interval.high", "2s")
|
||||
.put("shield.authc.esusers.files.users_roles", tmp.toAbsolutePath())
|
||||
.build();
|
||||
|
||||
|
|
|
|||
|
|
@ -74,7 +74,6 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
|
|||
.put("shield.transport.n2n.ip_filter.file", writeFile(folder, "ip_filter.yml", CONFIG_IPFILTER_ALLOW_ALL))
|
||||
.put(getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", "testnode"))
|
||||
.put("shield.audit.enabled", true)
|
||||
.put(getSSLSettingsForLdap("/org/elasticsearch/shield/authc/ldap/ldaptrust.jks", "changeit"))
|
||||
.put("plugins.load_classpath_plugins", false);
|
||||
|
||||
if (OsUtils.MAC) {
|
||||
|
|
@ -152,22 +151,6 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
|
|||
return builder.build();
|
||||
}
|
||||
|
||||
protected Settings getSSLSettingsForLdap(String resourcePathToStore, String password) {
|
||||
File store;
|
||||
try {
|
||||
store = new File(getClass().getResource(resourcePathToStore).toURI());
|
||||
assertThat(store.exists(), is(true));
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
||||
ImmutableSettings.Builder builder = settingsBuilder()
|
||||
.put("shield.authc.ldap.truststore_password", password)
|
||||
.put("shield.authc.ldap.truststore", store.getPath());
|
||||
|
||||
return builder.build();
|
||||
}
|
||||
|
||||
protected File newFolder() {
|
||||
try {
|
||||
return tmpFolder.newFolder();
|
||||
|
|
|
|||
|
|
@ -44,7 +44,9 @@ public class IPFilteringN2NAuthenticatorTests extends ElasticsearchTestCase {
|
|||
@Rule
|
||||
public TemporaryFolder temporaryFolder = new TemporaryFolder();
|
||||
|
||||
private final Settings resourceWatcherServiceSettings = settingsBuilder().put("watcher.interval.medium", TimeValue.timeValueMillis(200)).build();
|
||||
private final Settings resourceWatcherServiceSettings = settingsBuilder()
|
||||
.put("watcher.interval.high", TimeValue.timeValueMillis(200))
|
||||
.build();
|
||||
|
||||
private ResourceWatcherService resourceWatcherService;
|
||||
private File configFile;
|
||||
|
|
|
|||
Loading…
Reference in New Issue