From 480ee9cabce2af0975950a3dd5dc3ebb88924be2 Mon Sep 17 00:00:00 2001
From: jaymode <jay.modi@elasticsearch.com>
Date: Mon, 29 Jun 2015 13:56:10 -0400
Subject: [PATCH] only load the shield plugin for remote auditing client

Currently, any plugin that is on the classpath will be loaded by the TransportClient we create
for remote audit indexing. The only plugin that should be loaded for this client is the Shield
plugin. To accomplish this, we disable loading of plugins from the classpath and specify that
the Shield plugin should be loaded.

Closes elastic/elasticsearch#941

Original commit: elastic/x-pack-elasticsearch@2bc0a8ce17548881772e1c6183884365c10076f0
---
 .../shield/audit/index/IndexAuditTrail.java           | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java b/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java
index f377adbc3ff..18662719f03 100644
--- a/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java
+++ b/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java
@@ -37,8 +37,10 @@ import org.elasticsearch.common.xcontent.XContentBuilderString;
 import org.elasticsearch.common.xcontent.XContentFactory;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.gateway.GatewayService;
+import org.elasticsearch.plugins.PluginsService;
 import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.shield.ShieldException;
+import org.elasticsearch.shield.ShieldPlugin;
 import org.elasticsearch.shield.User;
 import org.elasticsearch.shield.audit.AuditTrail;
 import org.elasticsearch.shield.authc.AuthenticationService;
@@ -80,6 +82,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail {
     public static final String ROLLOVER_SETTING = "shield.audit.index.rollover";
     public static final String QUEUE_SIZE_SETTING = "shield.audit.index.queue_max_size";
     public static final String INDEX_TEMPLATE_NAME = "shield_audit_log";
+    public static final String DEFAULT_CLIENT_NAME = "shield-audit-client";
 
     static final String[] DEFAULT_EVENT_INCLUDES = new String[] {
             ACCESS_DENIED.toString(),
@@ -579,7 +582,13 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail {
             }
 
             final TransportClient transportClient = TransportClient.builder()
-                    .settings(Settings.builder().put(clientSettings).put("path.home", environment.homeFile()).build()).build();
+                    .settings(Settings.builder()
+                            .put("name", DEFAULT_CLIENT_NAME)
+                            .put("path.home", environment.homeFile())
+                            .put(PluginsService.LOAD_PLUGIN_FROM_CLASSPATH, false)
+                            .putArray("plugin.types", ShieldPlugin.class.getName())
+                            .put(clientSettings))
+                    .build();
             for (Tuple<String, Integer> pair : hostPortPairs) {
                 transportClient.addTransportAddress(new InetSocketTransportAddress(pair.v1(), pair.v2()));
             }