honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create the cryptoservice later in startup process (elastic/x-pack-elasticsearch#2087) 

This commit moves the creation of the CryptoService to the createComponents method so that bootstrap
checks have been checked before the crypto service is instantiated. The cryptoservice was changed to
expect that the bootstrap check has passed before being instantiated in elastic/x-pack-elasticsearch#1831.

Original commit: elastic/x-pack-elasticsearch@cf11cf4782
This commit is contained in:
Jay Modi 2017-07-27 14:03:05 -06:00 committed by GitHub
parent 6614c86413
commit 3a1b64bb12
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
plugin/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
View File

@ -106,6 +106,7 @@ import org.elasticsearch.xpack.watcher.WatcherFeatureSet;
import javax.security.auth.DestroyFailedException; import javax.security.auth.DestroyFailedException;
import java.io.IOException; import java.io.IOException;
import java.io.UncheckedIOException;
import java.nio.file.Path; import java.nio.file.Path;
import java.security.AccessController; import java.security.AccessController;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
@ -205,7 +206,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
protected Graph graph; protected Graph graph;
protected MachineLearning machineLearning; protected MachineLearning machineLearning;
protected Logstash logstash; protected Logstash logstash;
protected CryptoService cryptoService;
protected Deprecation deprecation; protected Deprecation deprecation;
protected Upgrade upgrade; protected Upgrade upgrade;
@ -233,7 +234,6 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
} else { } else {
this.extensionsService = null; this.extensionsService = null;
} }
cryptoService = ENCRYPT_SENSITIVE_DATA_SETTING.get(settings) ? new CryptoService(settings) : null;
} }
// For tests only // For tests only
@ -286,6 +286,13 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
} }
components.addAll(monitoring.createComponents(internalClient, threadPool, clusterService, licenseService, sslService)); components.addAll(monitoring.createComponents(internalClient, threadPool, clusterService, licenseService, sslService));
final CryptoService cryptoService;
try {
cryptoService = ENCRYPT_SENSITIVE_DATA_SETTING.get(settings) ? new CryptoService(settings) : null;
} catch (IOException e) {
throw new UncheckedIOException(e);
}
// watcher http stuff // watcher http stuff
Map<String, HttpAuthFactory> httpAuthFactories = new HashMap<>(); Map<String, HttpAuthFactory> httpAuthFactories = new HashMap<>();
httpAuthFactories.put(BasicAuth.TYPE, new BasicAuthFactory(cryptoService)); httpAuthFactories.put(BasicAuth.TYPE, new BasicAuthFactory(cryptoService));
@ -297,7 +304,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
components.add(httpClient); components.add(httpClient);
Collection<Object> notificationComponents = createNotificationComponents(clusterService.getClusterSettings(), httpClient, Collection<Object> notificationComponents = createNotificationComponents(clusterService.getClusterSettings(), httpClient,
httpTemplateParser, scriptService, httpAuthRegistry); httpTemplateParser, scriptService, httpAuthRegistry, cryptoService);
components.addAll(notificationComponents); components.addAll(notificationComponents);
components.addAll(watcher.createComponents(getClock(), scriptService, internalClient, licenseState, components.addAll(watcher.createComponents(getClock(), scriptService, internalClient, licenseState,
@ -318,7 +325,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
private Collection<Object> createNotificationComponents(ClusterSettings clusterSettings, HttpClient httpClient, private Collection<Object> createNotificationComponents(ClusterSettings clusterSettings, HttpClient httpClient,
HttpRequestTemplate.Parser httpTemplateParser, ScriptService scriptService, HttpRequestTemplate.Parser httpTemplateParser, ScriptService scriptService,
HttpAuthRegistry httpAuthRegistry) { HttpAuthRegistry httpAuthRegistry, CryptoService cryptoService) {
List<Object> components = new ArrayList<>(); List<Object> components = new ArrayList<>();
components.add(new EmailService(settings, cryptoService, clusterSettings)); components.add(new EmailService(settings, cryptoService, clusterSettings));
components.add(new HipChatService(settings, httpClient, clusterSettings)); components.add(new HipChatService(settings, httpClient, clusterSettings));

5
plugin/src/main/java/org/elasticsearch/xpack/security/Security.java
View File

@ -417,7 +417,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
final String transportType = NetworkModule.TRANSPORT_TYPE_SETTING.get(settings); final String transportType = NetworkModule.TRANSPORT_TYPE_SETTING.get(settings);
if (NAME4.equals(transportType) == false) { if (NAME4.equals(transportType) == false) {
throw new IllegalArgumentException("transport type setting [" + NetworkModule.TRANSPORT_TYPE_KEY + "] must be [" + NAME4 throw new IllegalArgumentException("transport type setting [" + NetworkModule.TRANSPORT_TYPE_KEY + "] must be [" + NAME4
+ "]"); + "] but is [" + transportType + "]");
} }
} else { } else {
// default to security4 // default to security4
@ -429,7 +429,8 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
if (httpType.equals(NAME4)) { if (httpType.equals(NAME4)) {
SecurityNetty4HttpServerTransport.overrideSettings(settingsBuilder, settings); SecurityNetty4HttpServerTransport.overrideSettings(settingsBuilder, settings);
} else { } else {
throw new IllegalArgumentException("http type setting [" + NetworkModule.HTTP_TYPE_KEY + "] must be [" + NAME4 + "]"); throw new IllegalArgumentException("http type setting [" + NetworkModule.HTTP_TYPE_KEY + "] must be [" + NAME4
+ "] but is [" + httpType + "]");
} }
} else { } else {
// default to security4 // default to security4