Create the cryptoservice later in startup process (elastic/x-pack-elasticsearch#2087)

This commit moves the creation of the CryptoService to the createComponents method so that bootstrap checks have been checked before the crypto service is instantiated. The cryptoservice was changed to expect that the bootstrap check has passed before being instantiated in elastic/x-pack-elasticsearch#1831. Original commit: elastic/x-pack-elasticsearch@cf11cf4782
2017-07-27 14:03:05 -06:00 · 2017-07-27 14:03:05 -06:00 · 3a1b64bb12
parent 6614c86413
commit 3a1b64bb12
2 changed files with 14 additions and 6 deletions
--- a/plugin/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
+++ b/plugin/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
@ -106,6 +106,7 @@ import org.elasticsearch.xpack.watcher.WatcherFeatureSet;

 import javax.security.auth.DestroyFailedException;
 import java.io.IOException;
+import java.io.UncheckedIOException;
 import java.nio.file.Path;
 import java.security.AccessController;
 import java.security.GeneralSecurityException;
@ -205,7 +206,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
    protected Graph graph;
    protected MachineLearning machineLearning;
    protected Logstash logstash;
-    protected CryptoService cryptoService;
+
    protected Deprecation deprecation;
    protected Upgrade upgrade;

@ -233,7 +234,6 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
        } else {
            this.extensionsService = null;
        }
-        cryptoService = ENCRYPT_SENSITIVE_DATA_SETTING.get(settings) ? new CryptoService(settings) : null;
    }

    // For tests only
@ -286,6 +286,13 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
        }
        components.addAll(monitoring.createComponents(internalClient, threadPool, clusterService, licenseService, sslService));

+        final CryptoService cryptoService;
+        try {
+            cryptoService = ENCRYPT_SENSITIVE_DATA_SETTING.get(settings) ? new CryptoService(settings) : null;
+        } catch (IOException e) {
+            throw new UncheckedIOException(e);
+        }
+
        // watcher http stuff
        Map<String, HttpAuthFactory> httpAuthFactories = new HashMap<>();
        httpAuthFactories.put(BasicAuth.TYPE, new BasicAuthFactory(cryptoService));
@ -297,7 +304,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
        components.add(httpClient);

        Collection<Object> notificationComponents = createNotificationComponents(clusterService.getClusterSettings(), httpClient,
-                httpTemplateParser, scriptService, httpAuthRegistry);
+                httpTemplateParser, scriptService, httpAuthRegistry, cryptoService);
        components.addAll(notificationComponents);

        components.addAll(watcher.createComponents(getClock(), scriptService, internalClient, licenseState,
@ -318,7 +325,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I

    private Collection<Object> createNotificationComponents(ClusterSettings clusterSettings, HttpClient httpClient,
                                                            HttpRequestTemplate.Parser httpTemplateParser, ScriptService scriptService,
-                                                            HttpAuthRegistry httpAuthRegistry) {
+                                                            HttpAuthRegistry httpAuthRegistry, CryptoService cryptoService) {
        List<Object> components = new ArrayList<>();
        components.add(new EmailService(settings, cryptoService, clusterSettings));
        components.add(new HipChatService(settings, httpClient, clusterSettings));
--- a/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java
+++ b/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java
@ -417,7 +417,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
            final String transportType = NetworkModule.TRANSPORT_TYPE_SETTING.get(settings);
            if (NAME4.equals(transportType) == false) {
                throw new IllegalArgumentException("transport type setting [" + NetworkModule.TRANSPORT_TYPE_KEY + "] must be [" + NAME4
-                        + "]");
+                        + "] but is [" + transportType + "]");
            }
        } else {
            // default to security4
@ -429,7 +429,8 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
            if (httpType.equals(NAME4)) {
                SecurityNetty4HttpServerTransport.overrideSettings(settingsBuilder, settings);
            } else {
-                throw new IllegalArgumentException("http type setting [" + NetworkModule.HTTP_TYPE_KEY + "] must be [" + NAME4 + "]");
+                throw new IllegalArgumentException("http type setting [" + NetworkModule.HTTP_TYPE_KEY + "] must be [" + NAME4
+                        + "] but is [" + httpType + "]");
            }
        } else {
            // default to security4