honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecureSettings ignored by customAuditIndexSettings (elastic/x-pack-elasticsearch#2748) 

customAuditIndexSettings does not submit SecureSettings with putIndexMapping.

relates elastic/x-pack-elasticsearch#2705

* Randomize SecureSetting in testcase

* Apply feedback

Original commit: elastic/x-pack-elasticsearch@1a5414b057
This commit is contained in:
Albert Zaharovits 2017-10-24 13:50:35 +03:00 committed by GitHub
parent 6f437c973a
commit 403912b8a2
2 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java
View File

@ -827,7 +827,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
Settings customAuditIndexSettings(Settings nodeSettings) { Settings customAuditIndexSettings(Settings nodeSettings) {
Settings newSettings = Settings.builder() Settings newSettings = Settings.builder()
.put(INDEX_SETTINGS.get(nodeSettings)) .put(INDEX_SETTINGS.get(nodeSettings), false)
.build(); .build();
if (newSettings.names().isEmpty()) { if (newSettings.names().isEmpty()) {
return Settings.EMPTY; return Settings.EMPTY;

18
plugin/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java
View File

@ -22,6 +22,8 @@ import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.Priority; import org.elasticsearch.common.Priority;
import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.KeyStoreWrapper;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.plugins.Plugin; import org.elasticsearch.plugins.Plugin;
@ -275,11 +277,11 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
return remoteIndexing ? remoteCluster.client() : client(); return remoteIndexing ? remoteCluster.client() : client();
} }
private void initialize() throws IOException, InterruptedException { private void initialize() throws Exception {
initialize(null, null); initialize(null, null);
} }
private void initialize(String[] includes, String[] excludes) throws IOException, InterruptedException { private void initialize(String[] includes, String[] excludes) throws Exception {
rollover = randomFrom(HOURLY, DAILY, WEEKLY, MONTHLY); rollover = randomFrom(HOURLY, DAILY, WEEKLY, MONTHLY);
numReplicas = numberOfReplicas(); numReplicas = numberOfReplicas();
numShards = numberOfShards(); numShards = numberOfShards();
@ -288,8 +290,18 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
if (remoteIndexing) { if (remoteIndexing) {
builder.put(remoteSettings); builder.put(remoteSettings);
} }
builder.put(settings(rollover, includes, excludes));
// IndexAuditTrail should ignore secure settings
// they are merged on the master node creating the audit index
if (randomBoolean()) {
MockSecureSettings ignored = new MockSecureSettings();
if (randomBoolean()) {
ignored.setString(KeyStoreWrapper.SEED_SETTING.getKey(), "non-empty-secure-settings");
}
builder.setSecureSettings(ignored);
}
Settings settings = builder.build();
Settings settings = builder.put(settings(rollover, includes, excludes)).build();
logger.info("--> settings: [{}]", settings); logger.info("--> settings: [{}]", settings);
DiscoveryNode localNode = mock(DiscoveryNode.class); DiscoveryNode localNode = mock(DiscoveryNode.class);
when(localNode.getHostAddress()).thenReturn(remoteAddress.getAddress()); when(localNode.getHostAddress()).thenReturn(remoteAddress.getAddress());