Logging: Drop Settings from security logger get calls (#33940)

`Settings` is no longer required to get a `Logger` and we went to quite
a bit of effort to pass it to the `Logger` getters. This removes the
`Settings` from all of the logger fetches in security and x-pack:core.
This commit is contained in:
Nik Everett 2018-09-27 17:35:04 -04:00 committed by GitHub
parent 15515a616e
commit 33a264a408
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
33 changed files with 78 additions and 122 deletions

View File

@ -6,6 +6,7 @@
package org.elasticsearch.license;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.apache.logging.log4j.util.Supplier;
import org.elasticsearch.Version;
@ -14,7 +15,6 @@ import org.elasticsearch.cluster.ClusterStateUpdateTask;
import org.elasticsearch.cluster.metadata.MetaData;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.core.XPackPlugin;
@ -22,6 +22,7 @@ import java.time.Clock;
import java.util.UUID;
public class StartupSelfGeneratedLicenseTask extends ClusterStateUpdateTask {
private static final Logger logger = LogManager.getLogger(StartupSelfGeneratedLicenseTask.class);
/**
* Max number of nodes licensed by generated trial license
@ -31,13 +32,11 @@ public class StartupSelfGeneratedLicenseTask extends ClusterStateUpdateTask {
private final Settings settings;
private final Clock clock;
private final ClusterService clusterService;
private final Logger logger;
public StartupSelfGeneratedLicenseTask(Settings settings, Clock clock, ClusterService clusterService) {
this.settings = settings;
this.clock = clock;
this.clusterService = clusterService;
this.logger = Loggers.getLogger(getClass(), settings);
}
@Override

View File

@ -6,8 +6,8 @@
package org.elasticsearch.xpack.core.security;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.Version;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.util.concurrent.ThreadContext.StoredContext;
@ -23,8 +23,8 @@ import java.util.function.Consumer;
* A lightweight utility that can find the current user and authentication information for the local thread.
*/
public class SecurityContext {
private final Logger logger = LogManager.getLogger(SecurityContext.class);
private final Logger logger;
private final ThreadContext threadContext;
private final UserSettings userSettings;
private final String nodeName;
@ -35,9 +35,8 @@ public class SecurityContext {
* and {@link UserSettings#getAuthentication()} will always return null.
*/
public SecurityContext(Settings settings, ThreadContext threadContext) {
this.logger = Loggers.getLogger(getClass(), settings);
this.threadContext = threadContext;
this.userSettings = new UserSettings(settings, threadContext);
this.userSettings = new UserSettings(threadContext);
this.nodeName = Node.NODE_NAME_SETTING.get(settings);
}

View File

@ -6,8 +6,7 @@
package org.elasticsearch.xpack.core.security;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.xpack.core.security.authc.Authentication;
import org.elasticsearch.xpack.core.security.user.User;
@ -15,15 +14,14 @@ import org.elasticsearch.xpack.core.security.user.User;
import java.io.IOException;
public final class UserSettings {
private final Logger logger;
private final Logger logger = LogManager.getLogger(UserSettings.class);
private final ThreadContext threadContext;
UserSettings(Settings settings, ThreadContext threadContext) {
this.logger = Loggers.getLogger(getClass(), settings);
UserSettings(ThreadContext threadContext) {
this.threadContext = threadContext;
}
/**
* Returns the current user information, or null if the current request has no authentication info.
*/

View File

@ -6,6 +6,7 @@
package org.elasticsearch.xpack.core.security.authc;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.license.XPackLicenseState;
@ -25,7 +26,7 @@ import java.util.Map;
*/
public abstract class Realm implements Comparable<Realm> {
protected final Logger logger;
protected final Logger logger = LogManager.getLogger(getClass());
protected final String type;
public String getType() {
@ -37,7 +38,6 @@ public abstract class Realm implements Comparable<Realm> {
public Realm(String type, RealmConfig config) {
this.type = type;
this.config = config;
this.logger = config.logger(getClass());
}
/**

View File

@ -5,8 +5,6 @@
*/
package org.elasticsearch.xpack.core.security.authc;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
@ -59,10 +57,6 @@ public class RealmConfig {
return globalSettings;
}
public Logger logger(Class clazz) {
return Loggers.getLogger(clazz, globalSettings);
}
public Environment env() {
return env;
}

View File

@ -6,6 +6,7 @@
package org.elasticsearch.xpack.core.security.authz.accesscontrol;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.apache.lucene.index.DirectoryReader;
import org.apache.lucene.index.LeafReaderContext;
import org.apache.lucene.search.BooleanQuery;
@ -30,14 +31,12 @@ import org.elasticsearch.ElasticsearchParseException;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.logging.LoggerMessageFormat;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.lucene.search.Queries;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.xcontent.LoggingDeprecationHandler;
import org.elasticsearch.common.xcontent.NamedXContentRegistry;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.index.IndexSettings;
import org.elasticsearch.index.cache.bitset.BitsetFilterCache;
import org.elasticsearch.index.engine.EngineException;
import org.elasticsearch.index.query.BoolQueryBuilder;
@ -89,19 +88,18 @@ import static org.apache.lucene.search.BooleanClause.Occur.SHOULD;
* instance.
*/
public class SecurityIndexSearcherWrapper extends IndexSearcherWrapper {
private static final Logger logger = LogManager.getLogger(SecurityIndexSearcherWrapper.class);
private final Function<ShardId, QueryShardContext> queryShardContextProvider;
private final BitsetFilterCache bitsetFilterCache;
private final XPackLicenseState licenseState;
private final ThreadContext threadContext;
private final Logger logger;
private final ScriptService scriptService;
public SecurityIndexSearcherWrapper(IndexSettings indexSettings, Function<ShardId, QueryShardContext> queryShardContextProvider,
public SecurityIndexSearcherWrapper(Function<ShardId, QueryShardContext> queryShardContextProvider,
BitsetFilterCache bitsetFilterCache, ThreadContext threadContext, XPackLicenseState licenseState,
ScriptService scriptService) {
this.scriptService = scriptService;
this.logger = Loggers.getLogger(getClass(), indexSettings.getSettings());
this.queryShardContextProvider = queryShardContextProvider;
this.bitsetFilterCache = bitsetFilterCache;
this.threadContext = threadContext;

View File

@ -30,12 +30,10 @@ import java.util.Objects;
public final class RestrictedTrustConfig extends TrustConfig {
private static final String RESTRICTIONS_KEY_SUBJECT_NAME = "trust.subject_name";
private final Settings settings;
private final String groupConfigPath;
private final TrustConfig delegate;
RestrictedTrustConfig(Settings settings, String groupConfigPath, TrustConfig delegate) {
this.settings = settings;
RestrictedTrustConfig(String groupConfigPath, TrustConfig delegate) {
this.groupConfigPath = Objects.requireNonNull(groupConfigPath);
this.delegate = Objects.requireNonNull(delegate);
}
@ -45,7 +43,7 @@ public final class RestrictedTrustConfig extends TrustConfig {
try {
final X509ExtendedTrustManager delegateTrustManager = delegate.createTrustManager(environment);
final CertificateTrustRestrictions trustGroupConfig = readTrustGroup(resolveGroupConfigPath(environment));
return new RestrictedTrustManager(settings, delegateTrustManager, trustGroupConfig);
return new RestrictedTrustManager(delegateTrustManager, trustGroupConfig);
} catch (IOException e) {
throw new ElasticsearchException("failed to initialize TrustManager for {}", e, toString());
}

View File

@ -6,9 +6,8 @@
package org.elasticsearch.xpack.core.ssl;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
@ -35,15 +34,14 @@ import java.util.stream.Collectors;
* The underlying certificate validation is delegated to another TrustManager.
*/
public final class RestrictedTrustManager extends X509ExtendedTrustManager {
private static final Logger logger = LogManager.getLogger(RestrictedTrustManager.class);
private static final String CN_OID = "2.5.4.3";
private static final int SAN_CODE_OTHERNAME = 0;
private final Logger logger;
private final X509ExtendedTrustManager delegate;
private final CertificateTrustRestrictions trustRestrictions;
public RestrictedTrustManager(Settings settings, X509ExtendedTrustManager delegate, CertificateTrustRestrictions restrictions) {
this.logger = Loggers.getLogger(getClass(), settings);
public RestrictedTrustManager(X509ExtendedTrustManager delegate, CertificateTrustRestrictions restrictions) {
this.delegate = delegate;
this.trustRestrictions = restrictions;
logger.debug("Configured with trust restrictions: [{}]", restrictions);

View File

@ -206,7 +206,7 @@ public final class SSLConfiguration {
private static TrustConfig createTrustConfig(Settings settings, KeyConfig keyConfig, SSLConfiguration global) {
final TrustConfig trustConfig = createCertChainTrustConfig(settings, keyConfig, global);
return SETTINGS_PARSER.trustRestrictionsPath.get(settings)
.map(path -> (TrustConfig) new RestrictedTrustConfig(settings, path, trustConfig))
.map(path -> (TrustConfig) new RestrictedTrustConfig(path, trustConfig))
.orElse(trustConfig);
}

View File

@ -6,7 +6,6 @@
package org.elasticsearch.xpack.core.watcher.transform;
import org.elasticsearch.ElasticsearchParseException;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.xpack.core.watcher.transform.chain.ChainTransform;
import org.elasticsearch.xpack.core.watcher.transform.chain.ChainTransformFactory;
@ -20,9 +19,9 @@ public class TransformRegistry {
private final Map<String, TransformFactory> factories;
public TransformRegistry(Settings settings, Map<String, TransformFactory> factories) {
public TransformRegistry(Map<String, TransformFactory> factories) {
Map<String, TransformFactory> map = new HashMap<>(factories);
map.put(ChainTransform.TYPE, new ChainTransformFactory(settings, this));
map.put(ChainTransform.TYPE, new ChainTransformFactory(this));
this.factories = Collections.unmodifiableMap(map);
}

View File

@ -5,8 +5,7 @@
*/
package org.elasticsearch.xpack.core.watcher.transform.chain;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.xpack.core.watcher.transform.ExecutableTransform;
import org.elasticsearch.xpack.core.watcher.transform.Transform;
@ -20,8 +19,8 @@ public final class ChainTransformFactory extends TransformFactory<ChainTransform
private final TransformRegistry registry;
public ChainTransformFactory(Settings settings, TransformRegistry registry) {
super(Loggers.getLogger(ExecutableChainTransform.class, settings));
public ChainTransformFactory(TransformRegistry registry) {
super(LogManager.getLogger(ExecutableChainTransform.class));
this.registry = registry;
}

View File

@ -86,7 +86,7 @@ public class SecurityIndexSearcherWrapperIntegrationTests extends ESTestCase {
});
XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isDocumentAndFieldLevelSecurityAllowed()).thenReturn(true);
SecurityIndexSearcherWrapper wrapper = new SecurityIndexSearcherWrapper(indexSettings, s -> queryShardContext,
SecurityIndexSearcherWrapper wrapper = new SecurityIndexSearcherWrapper(s -> queryShardContext,
bitsetFilterCache, threadContext, licenseState, scriptService) {
@Override

View File

@ -152,7 +152,7 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase {
public void testDefaultMetaFields() throws Exception {
securityIndexSearcherWrapper =
new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService) {
new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService) {
@Override
protected IndicesAccessControl getIndicesAccessControl() {
IndicesAccessControl.IndexAccessControl indexAccessControl = new IndicesAccessControl.IndexAccessControl(true,
@ -182,14 +182,14 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase {
public void testWrapReaderWhenFeatureDisabled() throws Exception {
when(licenseState.isDocumentAndFieldLevelSecurityAllowed()).thenReturn(false);
securityIndexSearcherWrapper =
new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService);
new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService);
DirectoryReader reader = securityIndexSearcherWrapper.wrap(esIn);
assertThat(reader, sameInstance(esIn));
}
public void testWrapSearcherWhenFeatureDisabled() throws Exception {
securityIndexSearcherWrapper =
new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService);
new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService);
IndexSearcher indexSearcher = new IndexSearcher(esIn);
IndexSearcher result = securityIndexSearcherWrapper.wrap(indexSearcher);
assertThat(result, sameInstance(indexSearcher));
@ -228,7 +228,7 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase {
DirectoryReader directoryReader = DocumentSubsetReader.wrap(esIn, bitsetFilterCache, new MatchAllDocsQuery());
IndexSearcher indexSearcher = new IndexSearcher(directoryReader);
securityIndexSearcherWrapper =
new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService);
new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService);
IndexSearcher result = securityIndexSearcherWrapper.wrap(indexSearcher);
assertThat(result, not(sameInstance(indexSearcher)));
assertThat(result.getSimilarity(), sameInstance(indexSearcher.getSimilarity()));
@ -237,7 +237,7 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase {
public void testIntersectScorerAndRoleBits() throws Exception {
securityIndexSearcherWrapper =
new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService);
new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService);
final Directory directory = newDirectory();
IndexWriter iw = new IndexWriter(
directory,
@ -326,7 +326,7 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase {
public void testFieldPermissionsWithFieldExceptions() throws Exception {
securityIndexSearcherWrapper =
new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, null);
new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, null);
String[] grantedFields = new String[]{};
String[] deniedFields;
Set<String> expected = new HashSet<>(META_FIELDS);
@ -427,7 +427,7 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase {
User user = new User("_username", new String[]{"role1", "role2"}, "_full_name", "_email",
Collections.singletonMap("key", "value"), true);
securityIndexSearcherWrapper =
new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService) {
new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService) {
@Override
protected User getUser() {
@ -475,7 +475,7 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase {
public void testSkipTemplating() throws Exception {
securityIndexSearcherWrapper =
new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService);
new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService);
XContentBuilder builder = jsonBuilder();
String querySource = Strings.toString(new TermQueryBuilder("field", "value").toXContent(builder, ToXContent.EMPTY_PARAMS));
String result = securityIndexSearcherWrapper.evaluateTemplate(querySource);

View File

@ -69,7 +69,7 @@ public class RestrictedTrustConfigTests extends ESTestCase {
}
};
final RestrictedTrustConfig restrictedTrustConfig = new RestrictedTrustConfig(settings, groupConfigPath.toString(), delegate);
final RestrictedTrustConfig restrictedTrustConfig = new RestrictedTrustConfig(groupConfigPath.toString(), delegate);
List<Path> filesToMonitor = restrictedTrustConfig.filesToMonitor(environment);
List<Path> expectedPathList = new ArrayList<>(otherFiles);
expectedPathList.add(groupConfigPath);

View File

@ -6,8 +6,7 @@
package org.elasticsearch.xpack.core.ssl;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.test.ESTestCase;
import org.hamcrest.Description;
import org.hamcrest.TypeSafeMatcher;
@ -50,7 +49,7 @@ public class RestrictedTrustManagerTests extends ESTestCase {
@BeforeClass
public static void ensureSupportedLocale() throws Exception {
Logger logger = Loggers.getLogger(RestrictedTrustManagerTests.class);
Logger logger = LogManager.getLogger(RestrictedTrustManagerTests.class);
if (isUnusableLocale()) {
// See: https://github.com/elastic/elasticsearch/issues/33081
logger.warn("Attempting to run RestrictedTrustManagerTests tests in an unusable locale in a FIPS JVM. Certificate expiration " +
@ -129,7 +128,7 @@ public class RestrictedTrustManagerTests extends ESTestCase {
trustedNames.add("node" + node + ".cluster" + trustedCluster + ".elasticsearch");
}
final CertificateTrustRestrictions restrictions = new CertificateTrustRestrictions(trustedNames);
final RestrictedTrustManager trustManager = new RestrictedTrustManager(Settings.EMPTY, baseTrustManager, restrictions);
final RestrictedTrustManager trustManager = new RestrictedTrustManager(baseTrustManager, restrictions);
assertSingleClusterIsTrusted(trustedCluster, trustManager, trustedNames);
}
@ -137,7 +136,7 @@ public class RestrictedTrustManagerTests extends ESTestCase {
final int trustedCluster = randomIntBetween(1, numberOfClusters);
final List<String> trustedNames = Collections.singletonList("*.cluster" + trustedCluster + ".elasticsearch");
final CertificateTrustRestrictions restrictions = new CertificateTrustRestrictions(trustedNames);
final RestrictedTrustManager trustManager = new RestrictedTrustManager(Settings.EMPTY, baseTrustManager, restrictions);
final RestrictedTrustManager trustManager = new RestrictedTrustManager(baseTrustManager, restrictions);
assertSingleClusterIsTrusted(trustedCluster, trustManager, trustedNames);
}
@ -147,7 +146,7 @@ public class RestrictedTrustManagerTests extends ESTestCase {
final CertificateTrustRestrictions restrictions = new CertificateTrustRestrictions(
trustedNames
);
final RestrictedTrustManager trustManager = new RestrictedTrustManager(Settings.EMPTY, baseTrustManager, restrictions);
final RestrictedTrustManager trustManager = new RestrictedTrustManager(baseTrustManager, restrictions);
for (int cluster = 1; cluster <= numberOfClusters; cluster++) {
for (int node = 1; node <= numberOfNodes; node++) {
if (node == trustedNode) {
@ -161,7 +160,7 @@ public class RestrictedTrustManagerTests extends ESTestCase {
public void testThatDelegateTrustManagerIsRespected() throws Exception {
final CertificateTrustRestrictions restrictions = new CertificateTrustRestrictions(Collections.singletonList("*.elasticsearch"));
final RestrictedTrustManager trustManager = new RestrictedTrustManager(Settings.EMPTY, baseTrustManager, restrictions);
final RestrictedTrustManager trustManager = new RestrictedTrustManager(baseTrustManager, restrictions);
for (String cert : certificates.keySet()) {
if (cert.endsWith("/ca")) {
assertTrusted(trustManager, cert);

View File

@ -658,7 +658,7 @@ public class Security extends Plugin implements ActionPlugin, IngestPlugin, Netw
assert getLicenseState() != null;
if (XPackSettings.DLS_FLS_ENABLED.get(settings)) {
module.setSearcherWrapper(indexService ->
new SecurityIndexSearcherWrapper(indexService.getIndexSettings(),
new SecurityIndexSearcherWrapper(
shardId -> indexService.newQueryShardContext(shardId.id(),
// we pass a null index reader, which is legal and will disable rewrite optimizations
// based on index statistics, which is probably safer...

View File

@ -6,11 +6,11 @@
package org.elasticsearch.xpack.security.authc;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.bulk.BulkItemResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
@ -35,15 +35,14 @@ import static org.elasticsearch.xpack.core.ClientHelper.executeAsyncWithOrigin;
* Responsible for cleaning the invalidated tokens from the invalidated tokens index.
*/
final class ExpiredTokenRemover extends AbstractRunnable {
private static final Logger logger = LogManager.getLogger(ExpiredTokenRemover.class);
private final Client client;
private final AtomicBoolean inProgress = new AtomicBoolean(false);
private final Logger logger;
private final TimeValue timeout;
ExpiredTokenRemover(Settings settings, Client client) {
this.client = client;
this.logger = Loggers.getLogger(getClass(), settings);
this.timeout = TokenService.DELETE_TIMEOUT.get(settings);
}

View File

@ -6,6 +6,7 @@
package org.elasticsearch.xpack.security.authc.file;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.apache.logging.log4j.util.Supplier;
import org.elasticsearch.ElasticsearchException;
@ -42,8 +43,7 @@ import static java.util.Collections.emptyMap;
import static java.util.Collections.unmodifiableMap;
public class FileUserPasswdStore {
private final Logger logger;
private static final Logger logger = LogManager.getLogger(FileUserPasswdStore.class);
private final Path file;
private final Settings settings;
@ -55,7 +55,6 @@ public class FileUserPasswdStore {
}
FileUserPasswdStore(RealmConfig config, ResourceWatcherService watcherService, Runnable listener) {
logger = config.logger(FileUserPasswdStore.class);
file = resolveFile(config.env());
settings = config.globalSettings();
users = parseFileLenient(file, logger, settings);

View File

@ -6,6 +6,7 @@
package org.elasticsearch.xpack.security.authc.file;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.apache.logging.log4j.util.Supplier;
import org.elasticsearch.ElasticsearchException;
@ -39,11 +40,10 @@ import static java.util.Collections.unmodifiableMap;
import static org.elasticsearch.common.Strings.collectionToCommaDelimitedString;
public class FileUserRolesStore {
private static final Logger logger = LogManager.getLogger(FileUserRolesStore.class);
private static final Pattern USERS_DELIM = Pattern.compile("\\s*,\\s*");
private final Logger logger;
private final Path file;
private final CopyOnWriteArrayList<Runnable> listeners;
private volatile Map<String, String[]> userRoles;
@ -53,7 +53,6 @@ public class FileUserRolesStore {
}
FileUserRolesStore(RealmConfig config, ResourceWatcherService watcherService, Runnable listener) {
logger = config.logger(FileUserRolesStore.class);
file = resolveFile(config.env());
userRoles = parseFileLenient(file, logger);
listeners = new CopyOnWriteArrayList<>(Collections.singletonList(listener));

View File

@ -11,6 +11,7 @@ import com.unboundid.ldap.sdk.LDAPURL;
import com.unboundid.ldap.sdk.ServerSet;
import com.unboundid.util.ssl.HostNameSSLSocketVerifier;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.logging.DeprecationLogger;
@ -62,7 +63,7 @@ public abstract class SessionFactory {
protected SessionFactory(RealmConfig config, SSLService sslService, ThreadPool threadPool) {
this.config = config;
this.logger = config.logger(getClass());
this.logger = LogManager.getLogger(getClass());
final Settings settings = config.settings();
TimeValue searchTimeout = settings.getAsTime(SessionFactorySettings.TIMEOUT_LDAP_SETTING, SessionFactorySettings.TIMEOUT_DEFAULT);
if (searchTimeout.millis() < 1000L) {

View File

@ -19,7 +19,6 @@ import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
@ -52,12 +51,11 @@ class SamlAuthenticator extends SamlRequestHandler {
private static final String RESPONSE_TAG_NAME = "Response";
SamlAuthenticator(RealmConfig realmConfig,
Clock clock,
SamlAuthenticator(Clock clock,
IdpConfiguration idp,
SpConfiguration sp,
TimeValue maxSkew) {
super(realmConfig, clock, idp, sp, maxSkew);
super(clock, idp, sp, maxSkew);
}
/**

View File

@ -23,7 +23,6 @@ import org.elasticsearch.common.Strings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.core.internal.io.Streams;
import org.elasticsearch.rest.RestUtils;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.core.EncryptedID;
import org.opensaml.saml.saml2.core.LogoutRequest;
@ -42,8 +41,8 @@ public class SamlLogoutRequestHandler extends SamlRequestHandler {
private static final String REQUEST_TAG_NAME = "LogoutRequest";
SamlLogoutRequestHandler(RealmConfig realmConfig, Clock clock, IdpConfiguration idp, SpConfiguration sp, TimeValue maxSkew) {
super(realmConfig, clock, idp, sp, maxSkew);
SamlLogoutRequestHandler(Clock clock, IdpConfiguration idp, SpConfiguration sp, TimeValue maxSkew) {
super(clock, idp, sp, maxSkew);
}
/**

View File

@ -15,6 +15,7 @@ import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.ExceptionsHelper;
@ -134,6 +135,7 @@ import static org.elasticsearch.xpack.core.security.authc.saml.SamlRealmSettings
* are still cool and no chance to opt out
*/
public final class SamlRealm extends Realm implements Releasable {
private static final Logger logger = LogManager.getLogger(SamlRealm.class);
public static final String USER_METADATA_NAMEID_VALUE = "saml_" + SamlAttributes.NAMEID_SYNTHENTIC_ATTRIBUTE;
public static final String USER_METADATA_NAMEID_FORMAT = USER_METADATA_NAMEID_VALUE + "_format";
@ -178,7 +180,6 @@ public final class SamlRealm extends Realm implements Releasable {
*/
public static SamlRealm create(RealmConfig config, SSLService sslService, ResourceWatcherService watcherService,
UserRoleMapper roleMapper) throws Exception {
final Logger logger = config.logger(SamlRealm.class);
SamlUtils.initialize(logger);
if (TokenService.isTokenServiceEnabled(config.globalSettings()) == false) {
@ -196,9 +197,9 @@ public final class SamlRealm extends Realm implements Releasable {
final Clock clock = Clock.systemUTC();
final IdpConfiguration idpConfiguration = getIdpConfiguration(config, metadataResolver, idpDescriptor);
final TimeValue maxSkew = CLOCK_SKEW.get(config.settings());
final SamlAuthenticator authenticator = new SamlAuthenticator(config, clock, idpConfiguration, serviceProvider, maxSkew);
final SamlAuthenticator authenticator = new SamlAuthenticator(clock, idpConfiguration, serviceProvider, maxSkew);
final SamlLogoutRequestHandler logoutHandler =
new SamlLogoutRequestHandler(config, clock, idpConfiguration, serviceProvider, maxSkew);
new SamlLogoutRequestHandler(clock, idpConfiguration, serviceProvider, maxSkew);
final SamlRealm realm = new SamlRealm(config, roleMapper, authenticator, logoutHandler, idpDescriptor, serviceProvider);

View File

@ -6,14 +6,13 @@
package org.elasticsearch.xpack.security.authc.saml;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.CheckedFunction;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.support.RestorableContextClassLoader;
import org.joda.time.DateTime;
import org.opensaml.core.xml.XMLObject;
@ -82,7 +81,7 @@ public class SamlRequestHandler {
}
});
protected final Logger logger;
protected final Logger logger = LogManager.getLogger(getClass());
@Nullable
protected final Decrypter decrypter;
@ -93,8 +92,7 @@ public class SamlRequestHandler {
private final TimeValue maxSkew;
private final UnmarshallerFactory unmarshallerFactory;
public SamlRequestHandler(RealmConfig realmConfig, Clock clock, IdpConfiguration idp, SpConfiguration sp, TimeValue maxSkew) {
this.logger = Loggers.getLogger(getClass(), realmConfig.globalSettings());
public SamlRequestHandler(Clock clock, IdpConfiguration idp, SpConfiguration sp, TimeValue maxSkew) {
this.clock = clock;
this.idp = idp;
this.sp = sp;

View File

@ -20,6 +20,7 @@ import java.util.concurrent.CopyOnWriteArrayList;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.LDAPException;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.apache.logging.log4j.util.Supplier;
import org.elasticsearch.ElasticsearchException;
@ -43,8 +44,8 @@ import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.rela
* This class loads and monitors the file defining the mappings of DNs to internal ES Roles.
*/
public class DnRoleMapper implements UserRoleMapper {
private static final Logger logger = LogManager.getLogger(DnRoleMapper.class);
protected final Logger logger;
protected final RealmConfig config;
private final Path file;
@ -54,7 +55,6 @@ public class DnRoleMapper implements UserRoleMapper {
public DnRoleMapper(RealmConfig config, ResourceWatcherService watcherService) {
this.config = config;
this.logger = config.logger(getClass());
useUnmappedGroupsAsRoles = DnRoleMapperSettings.USE_UNMAPPED_GROUPS_AS_ROLES_SETTING.get(config.settings());
file = resolveFile(config.settings(), config.env());

View File

@ -7,6 +7,7 @@ package org.elasticsearch.xpack.security.authc.support;
import java.nio.file.Path;
import org.apache.logging.log4j.LogManager;
import org.elasticsearch.bootstrap.BootstrapCheck;
import org.elasticsearch.bootstrap.BootstrapContext;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
@ -28,7 +29,7 @@ public class RoleMappingFileBootstrapCheck implements BootstrapCheck {
@Override
public BootstrapCheckResult check(BootstrapContext context) {
try {
DnRoleMapper.parseFile(path, realmConfig.logger(getClass()), realmConfig.type(), realmConfig.name(), true);
DnRoleMapper.parseFile(path, LogManager.getLogger(getClass()), realmConfig.type(), realmConfig.name(), true);
return BootstrapCheckResult.success();
} catch (Exception e) {
return BootstrapCheckResult.failure(e.getMessage());

View File

@ -8,9 +8,9 @@ package org.elasticsearch.xpack.security.transport.filter;
import io.netty.handler.ipfilter.IpFilterRuleType;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.apache.lucene.util.SetOnce;
import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Setting.Property;
@ -96,11 +96,12 @@ public class IPFilter {
}
};
private static final Logger logger = LogManager.getLogger(IPFilter.class);
private final AuditTrailService auditTrail;
private final XPackLicenseState licenseState;
private final boolean alwaysAllowBoundAddresses;
private final Logger logger;
private volatile Map<String, SecurityIpFilterRule[]> rules = Collections.emptyMap();
private volatile boolean isIpFilterEnabled;
private volatile boolean isHttpFilterEnabled;
@ -117,7 +118,6 @@ public class IPFilter {
public IPFilter(final Settings settings, AuditTrailService auditTrail, ClusterSettings clusterSettings,
XPackLicenseState licenseState) {
this.logger = Loggers.getLogger(getClass(), settings);
this.auditTrail = auditTrail;
this.licenseState = licenseState;
this.alwaysAllowBoundAddresses = ALLOW_BOUND_ADDRESSES_SETTING.get(settings);

View File

@ -17,13 +17,8 @@ import org.elasticsearch.common.CheckedConsumer;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.env.Environment;
import org.elasticsearch.env.TestEnvironment;
import org.elasticsearch.xpack.core.watcher.watch.ClockMock;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.hamcrest.Matchers;
import org.junit.AfterClass;
import org.junit.Before;
@ -183,10 +178,8 @@ public class SamlAuthenticatorTests extends SamlTestCase {
this.requestId = randomId();
}
private SamlAuthenticator buildAuthenticator(Supplier<List<Credential>> credentials, List<String> reqAuthnCtxClassRef) throws
Exception {
final Settings globalSettings = Settings.builder().put("path.home", createTempDir()).build();
final Settings realmSettings = Settings.EMPTY;
private SamlAuthenticator buildAuthenticator(Supplier<List<Credential>> credentials, List<String> reqAuthnCtxClassRef)
throws Exception {
final IdpConfiguration idp = new IdpConfiguration(IDP_ENTITY_ID, credentials);
final SigningConfiguration signingConfiguration = new SigningConfiguration(Collections.singleton("*"),
@ -195,9 +188,7 @@ public class SamlAuthenticatorTests extends SamlTestCase {
.map((cred) -> (X509Credential) cred).collect(Collectors.<X509Credential>toList());
final SpConfiguration sp = new SpConfiguration(SP_ENTITY_ID, SP_ACS_URL, null, signingConfiguration, spEncryptionCredentials,
reqAuthnCtxClassRef);
final Environment env = TestEnvironment.newEnvironment(globalSettings);
return new SamlAuthenticator(
new RealmConfig("saml_test", realmSettings, globalSettings, env, new ThreadContext(globalSettings)),
clock,
idp,
sp,

View File

@ -15,13 +15,8 @@ import java.util.Arrays;
import java.util.Collections;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.env.Environment;
import org.elasticsearch.env.TestEnvironment;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.joda.time.DateTime;
import org.junit.AfterClass;
import org.junit.Before;
@ -206,17 +201,13 @@ public class SamlLogoutRequestHandlerTests extends SamlTestCase {
}
private SamlLogoutRequestHandler buildHandler() throws Exception {
final Settings globalSettings = Settings.builder().put("path.home", createTempDir()).build();
final Settings realmSettings = Settings.EMPTY;
final IdpConfiguration idp = new IdpConfiguration(IDP_ENTITY_ID, () -> Collections.singletonList(credential));
final X509Credential spCredential = (X509Credential) buildOpenSamlCredential(readRandomKeyPair()).get(0);
final SigningConfiguration signingConfiguration = new SigningConfiguration(Collections.singleton("*"), spCredential);
final SpConfiguration sp = new SpConfiguration("https://sp.test/", "https://sp.test/saml/asc", LOGOUT_URL,
signingConfiguration, Arrays.asList(spCredential), Collections.emptyList());
final Environment env = TestEnvironment.newEnvironment(globalSettings);
return new SamlLogoutRequestHandler(
new RealmConfig("saml_test", realmSettings, globalSettings, env, new ThreadContext(globalSettings)),
clock,
idp,
sp,

View File

@ -315,7 +315,7 @@ public class Watcher extends Plugin implements ActionPlugin, ScriptPlugin, Reloa
final Map<String, TransformFactory> transformFactories = new HashMap<>();
transformFactories.put(ScriptTransform.TYPE, new ScriptTransformFactory(settings, scriptService));
transformFactories.put(SearchTransform.TYPE, new SearchTransformFactory(settings, client, xContentRegistry, scriptService));
final TransformRegistry transformRegistry = new TransformRegistry(settings, Collections.unmodifiableMap(transformFactories));
final TransformRegistry transformRegistry = new TransformRegistry(Collections.unmodifiableMap(transformFactories));
// actions
final Map<String, ActionFactory> actionFactoryMap = new HashMap<>();

View File

@ -73,7 +73,7 @@ public class TransformInputTests extends ESTestCase {
public void testParserValid() throws Exception {
Map<String, TransformFactory> transformFactories = Collections.singletonMap("script",
new ScriptTransformFactory(Settings.EMPTY, scriptService));
TransformRegistry registry = new TransformRegistry(Settings.EMPTY, transformFactories);
TransformRegistry registry = new TransformRegistry(transformFactories);
TransformInputFactory factory = new TransformInputFactory(Settings.EMPTY, registry);
// { "script" : { "lang" : "mockscript", "source" : "1" } }
@ -97,7 +97,7 @@ public class TransformInputTests extends ESTestCase {
Map<String, TransformFactory> transformFactories = Collections.singletonMap("script",
new ScriptTransformFactory(Settings.EMPTY, scriptService));
TransformRegistry registry = new TransformRegistry(Settings.EMPTY, transformFactories);
TransformRegistry registry = new TransformRegistry(transformFactories);
TransformInputFactory factory = new TransformInputFactory(Settings.EMPTY, registry);
XContentParser parser = createParser(jsonBuilder);
@ -116,7 +116,7 @@ public class TransformInputTests extends ESTestCase {
public void testTransformInputToXContentIsSameAsParsing() throws Exception {
Map<String, TransformFactory> transformFactories = Collections.singletonMap("script",
new ScriptTransformFactory(Settings.EMPTY, scriptService));
TransformRegistry registry = new TransformRegistry(Settings.EMPTY, transformFactories);
TransformRegistry registry = new TransformRegistry(transformFactories);
TransformInputFactory factory = new TransformInputFactory(Settings.EMPTY, registry);
XContentBuilder jsonBuilder = jsonBuilder().startObject().startObject("script")

View File

@ -8,7 +8,6 @@ package org.elasticsearch.xpack.watcher.transform.chain;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.common.xcontent.json.JsonXContent;
@ -113,10 +112,9 @@ public class ChainTransformTests extends ESTestCase {
}
public void testParser() throws Exception {
TransformRegistry registry = new TransformRegistry(Settings.EMPTY,
singletonMap("named", new NamedExecutableTransform.Factory(logger)));
TransformRegistry registry = new TransformRegistry(singletonMap("named", new NamedExecutableTransform.Factory(logger)));
ChainTransformFactory transformParser = new ChainTransformFactory(Settings.EMPTY, registry);
ChainTransformFactory transformParser = new ChainTransformFactory(registry);
XContentBuilder builder = jsonBuilder().startArray()
.startObject().startObject("named").field("name", "name1").endObject().endObject()

View File

@ -570,7 +570,7 @@ public class WatchTests extends ESTestCase {
Map<String, TransformFactory> factories = new HashMap<>();
factories.put(ScriptTransform.TYPE, new ScriptTransformFactory(settings, scriptService));
factories.put(SearchTransform.TYPE, new SearchTransformFactory(settings, client, xContentRegistry(), scriptService));
return new TransformRegistry(Settings.EMPTY, unmodifiableMap(factories));
return new TransformRegistry(unmodifiableMap(factories));
}
private List<ActionWrapper> randomActions() {