only load the shield plugin for remote auditing client

Currently, any plugin that is on the classpath will be loaded by the TransportClient we create
for remote audit indexing. The only plugin that should be loaded for this client is the Shield
plugin. To accomplish this, we disable loading of plugins from the classpath and specify that
the Shield plugin should be loaded.

Closes elastic/elasticsearch#941

Original commit: elastic/x-pack-elasticsearch@2bc0a8ce17
This commit is contained in:
jaymode 2015-06-29 13:56:10 -04:00
parent 9edfd2f0d0
commit 480ee9cabc
1 changed files with 10 additions and 1 deletions

View File

@ -37,8 +37,10 @@ import org.elasticsearch.common.xcontent.XContentBuilderString;
import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.env.Environment; import org.elasticsearch.env.Environment;
import org.elasticsearch.gateway.GatewayService; import org.elasticsearch.gateway.GatewayService;
import org.elasticsearch.plugins.PluginsService;
import org.elasticsearch.rest.RestRequest; import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.shield.ShieldException; import org.elasticsearch.shield.ShieldException;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.User; import org.elasticsearch.shield.User;
import org.elasticsearch.shield.audit.AuditTrail; import org.elasticsearch.shield.audit.AuditTrail;
import org.elasticsearch.shield.authc.AuthenticationService; import org.elasticsearch.shield.authc.AuthenticationService;
@ -80,6 +82,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail {
public static final String ROLLOVER_SETTING = "shield.audit.index.rollover"; public static final String ROLLOVER_SETTING = "shield.audit.index.rollover";
public static final String QUEUE_SIZE_SETTING = "shield.audit.index.queue_max_size"; public static final String QUEUE_SIZE_SETTING = "shield.audit.index.queue_max_size";
public static final String INDEX_TEMPLATE_NAME = "shield_audit_log"; public static final String INDEX_TEMPLATE_NAME = "shield_audit_log";
public static final String DEFAULT_CLIENT_NAME = "shield-audit-client";
static final String[] DEFAULT_EVENT_INCLUDES = new String[] { static final String[] DEFAULT_EVENT_INCLUDES = new String[] {
ACCESS_DENIED.toString(), ACCESS_DENIED.toString(),
@ -579,7 +582,13 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail {
} }
final TransportClient transportClient = TransportClient.builder() final TransportClient transportClient = TransportClient.builder()
.settings(Settings.builder().put(clientSettings).put("path.home", environment.homeFile()).build()).build(); .settings(Settings.builder()
.put("name", DEFAULT_CLIENT_NAME)
.put("path.home", environment.homeFile())
.put(PluginsService.LOAD_PLUGIN_FROM_CLASSPATH, false)
.putArray("plugin.types", ShieldPlugin.class.getName())
.put(clientSettings))
.build();
for (Tuple<String, Integer> pair : hostPortPairs) { for (Tuple<String, Integer> pair : hostPortPairs) {
transportClient.addTransportAddress(new InetSocketTransportAddress(pair.v1(), pair.v2())); transportClient.addTransportAddress(new InetSocketTransportAddress(pair.v1(), pair.v2()));
} }