From 403912b8a278a32648f25ef82354746ede0ec37e Mon Sep 17 00:00:00 2001 From: Albert Zaharovits Date: Tue, 24 Oct 2017 13:50:35 +0300 Subject: [PATCH] SecureSettings ignored by customAuditIndexSettings (elastic/x-pack-elasticsearch#2748) customAuditIndexSettings does not submit SecureSettings with putIndexMapping. relates elastic/x-pack-elasticsearch#2705 * Randomize SecureSetting in testcase * Apply feedback Original commit: elastic/x-pack-elasticsearch@1a5414b057657e69208f29f9d29a5d580a14b6c5 --- .../security/audit/index/IndexAuditTrail.java | 2 +- .../audit/index/IndexAuditTrailTests.java | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java b/plugin/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java index 605ff27e497..3a437341f4c 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java @@ -827,7 +827,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl Settings customAuditIndexSettings(Settings nodeSettings) { Settings newSettings = Settings.builder() - .put(INDEX_SETTINGS.get(nodeSettings)) + .put(INDEX_SETTINGS.get(nodeSettings), false) .build(); if (newSettings.names().isEmpty()) { return Settings.EMPTY; diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java b/plugin/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java index 1b3a9cfeb2a..637ef308958 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java @@ -22,6 +22,8 @@ import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.Priority; import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.network.NetworkModule; +import org.elasticsearch.common.settings.KeyStoreWrapper; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.plugins.Plugin; @@ -275,11 +277,11 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase { return remoteIndexing ? remoteCluster.client() : client(); } - private void initialize() throws IOException, InterruptedException { + private void initialize() throws Exception { initialize(null, null); } - private void initialize(String[] includes, String[] excludes) throws IOException, InterruptedException { + private void initialize(String[] includes, String[] excludes) throws Exception { rollover = randomFrom(HOURLY, DAILY, WEEKLY, MONTHLY); numReplicas = numberOfReplicas(); numShards = numberOfShards(); @@ -288,8 +290,18 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase { if (remoteIndexing) { builder.put(remoteSettings); } + builder.put(settings(rollover, includes, excludes)); + // IndexAuditTrail should ignore secure settings + // they are merged on the master node creating the audit index + if (randomBoolean()) { + MockSecureSettings ignored = new MockSecureSettings(); + if (randomBoolean()) { + ignored.setString(KeyStoreWrapper.SEED_SETTING.getKey(), "non-empty-secure-settings"); + } + builder.setSecureSettings(ignored); + } + Settings settings = builder.build(); - Settings settings = builder.put(settings(rollover, includes, excludes)).build(); logger.info("--> settings: [{}]", settings); DiscoveryNode localNode = mock(DiscoveryNode.class); when(localNode.getHostAddress()).thenReturn(remoteAddress.getAddress());