From 327253870124b37da7d86d93bc2136958004e790 Mon Sep 17 00:00:00 2001 From: Tim Vernum Date: Wed, 5 Dec 2018 15:51:50 +1100 Subject: [PATCH] Make credentials mandatory when launching xpack/migrate (#36197) Made credentials mandatory for xpack migrate tool. Closes #29847. The x-pack user and roles APIs aren't available unless security is enabled, so the tool should always be called with the -u and -p options specified. --- .../authc/esnative/ESNativeRealmMigrateTool.java | 4 ++-- .../authc/esnative/ESNativeMigrateToolTests.java | 11 +++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java index 3f645eab78c..229c47c763c 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java @@ -104,10 +104,10 @@ public class ESNativeRealmMigrateTool extends LoggingAwareMultiCommand { super("Migrates users or roles from file to native realm"); this.username = parser.acceptsAll(Arrays.asList("u", "username"), "User used to authenticate with Elasticsearch") - .withRequiredArg(); + .withRequiredArg().required(); this.password = parser.acceptsAll(Arrays.asList("p", "password"), "Password used to authenticate with Elasticsearch") - .withRequiredArg(); + .withRequiredArg().required(); this.url = parser.acceptsAll(Arrays.asList("U", "url"), "URL of Elasticsearch host") .withRequiredArg(); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeMigrateToolTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeMigrateToolTests.java index 6d75cf09371..7f3e2cfce98 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeMigrateToolTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeMigrateToolTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.security.authc.esnative; +import joptsimple.OptionException; import joptsimple.OptionParser; import joptsimple.OptionSet; import org.elasticsearch.cli.MockTerminal; @@ -24,6 +25,7 @@ import java.util.Arrays; import java.util.HashSet; import java.util.Set; +import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.is; /** @@ -155,4 +157,13 @@ public class ESNativeMigrateToolTests extends NativeRealmIntegTestCase { assertThat("expected list to contain: " + r, roles.contains(r), is(true)); } } + + public void testMissingPasswordParameter() { + ESNativeRealmMigrateTool.MigrateUserOrRoles muor = new ESNativeRealmMigrateTool.MigrateUserOrRoles(); + + final OptionException ex = expectThrows(OptionException.class, + () -> muor.getParser().parse("-u", "elastic", "-U", "http://localhost:9200")); + + assertThat(ex.getMessage(), containsString("password")); + } }