diff --git a/qa/sql-no-security/src/test/java/org/elasticsearch/xpack/sql/RestSqlIT.java b/qa/sql-no-security/src/test/java/org/elasticsearch/xpack/sql/RestSqlIT.java index d5d0f452344..24811ed6eee 100644 --- a/qa/sql-no-security/src/test/java/org/elasticsearch/xpack/sql/RestSqlIT.java +++ b/qa/sql-no-security/src/test/java/org/elasticsearch/xpack/sql/RestSqlIT.java @@ -41,7 +41,7 @@ public class RestSqlIT extends ESRestTestCase { expected.put("columns", singletonMap("test", singletonMap("type", "text"))); expected.put("rows", Arrays.asList(singletonMap("test", "test"), singletonMap("test", "test"))); expected.put("size", 2); - assertResponse(expected, runSql("SELECT * FROM test.test")); + assertResponse(expected, runSql("SELECT * FROM test")); } @AwaitsFix(bugUrl="https://github.com/elastic/x-pack-elasticsearch/issues/2074") @@ -72,19 +72,19 @@ public class RestSqlIT extends ESRestTestCase { new StringEntity(bulk.toString(), ContentType.APPLICATION_JSON)); // NOCOMMIT "unresolved" should probably be changed to something users will understand like "missing" - expectBadRequest(() -> runSql("SELECT foo FROM test.test"), containsString("1:8: Unresolved item 'foo'")); + expectBadRequest(() -> runSql("SELECT foo FROM test"), containsString("1:8: Unresolved item 'foo'")); // NOCOMMIT the ones below one should include (foo) but it looks like the function is missing - expectBadRequest(() -> runSql("SELECT DAY_OF_YEAR(foo) FROM test.test"), containsString("1:20: Unresolved item 'DAY_OF_YEAR'")); - expectBadRequest(() -> runSql("SELECT foo, * FROM test.test GROUP BY DAY_OF_YEAR(foo)"), + expectBadRequest(() -> runSql("SELECT DAY_OF_YEAR(foo) FROM test"), containsString("1:20: Unresolved item 'DAY_OF_YEAR'")); + expectBadRequest(() -> runSql("SELECT foo, * FROM test GROUP BY DAY_OF_YEAR(foo)"), both(containsString("1:8: Unresolved item 'foo'")) - .and(containsString("1:51: Unresolved item 'DAY_OF_YEAR'"))); + .and(containsString("1:46: Unresolved item 'DAY_OF_YEAR'"))); // NOCOMMIT broken because we bail on the resolution phase if we can't resolve something in a previous phase -// expectBadRequest(() -> runSql("SELECT * FROM test.test WHERE foo = 1"), containsString("500")); -// expectBadRequest(() -> runSql("SELECT * FROM test.test WHERE DAY_OF_YEAR(foo) = 1"), containsString("500")); +// expectBadRequest(() -> runSql("SELECT * FROM test WHERE foo = 1"), containsString("500")); +// expectBadRequest(() -> runSql("SELECT * FROM test WHERE DAY_OF_YEAR(foo) = 1"), containsString("500")); // NOCOMMIT this should point to the column, no the (incorrectly capitalized) start or ORDER BY - expectBadRequest(() -> runSql("SELECT * FROM test.test ORDER BY foo"), containsString("line 1:34: Unresolved item 'Order'")); - expectBadRequest(() -> runSql("SELECT * FROM test.test ORDER BY DAY_OF_YEAR(foo)"), - containsString("line 1:46: Unresolved item 'Order'")); + expectBadRequest(() -> runSql("SELECT * FROM test ORDER BY foo"), containsString("line 1:29: Unresolved item 'Order'")); + expectBadRequest(() -> runSql("SELECT * FROM test ORDER BY DAY_OF_YEAR(foo)"), + containsString("line 1:41: Unresolved item 'Order'")); } private void expectBadRequest(ThrowingRunnable code, Matcher errorMessageMatcher) { diff --git a/qa/sql-security/src/test/java/org/elasticsearch/xpack/sql/SqlSecurityIT.java b/qa/sql-security/src/test/java/org/elasticsearch/xpack/sql/SqlSecurityIT.java index 7d16b8415ad..3ad37af5b8d 100644 --- a/qa/sql-security/src/test/java/org/elasticsearch/xpack/sql/SqlSecurityIT.java +++ b/qa/sql-security/src/test/java/org/elasticsearch/xpack/sql/SqlSecurityIT.java @@ -78,26 +78,26 @@ public class SqlSecurityIT extends ESRestTestCase { row2.put("c", 6); expected.put("rows", Arrays.asList(row1, row2)); expected.put("size", 2); - assertResponse(expected, runSql("SELECT * FROM test.test ORDER BY a", null)); + assertResponse(expected, runSql("SELECT * FROM test ORDER BY a", null)); } public void testSqlWithFullAccess() throws IOException { createUser("full_access", "read_test"); - assertResponse(runSql("SELECT * FROM test.test ORDER BY a", null), runSql("SELECT * FROM test.test ORDER BY a", "full_access")); + assertResponse(runSql("SELECT * FROM test ORDER BY a", null), runSql("SELECT * FROM test ORDER BY a", "full_access")); } public void testSqlNoAccess() throws IOException { createUser("no_access", "read_nothing"); - ResponseException e = expectThrows(ResponseException.class, () -> runSql("SELECT * FROM test.test", "no_access")); + ResponseException e = expectThrows(ResponseException.class, () -> runSql("SELECT * FROM test", "no_access")); assertThat(e.getMessage(), containsString("403 Forbidden")); } public void testSqlWrongAccess() throws IOException { createUser("wrong_access", "read_something_else"); - ResponseException e = expectThrows(ResponseException.class, () -> runSql("SELECT * FROM test.test", "no_access")); + ResponseException e = expectThrows(ResponseException.class, () -> runSql("SELECT * FROM test", "no_access")); assertThat(e.getMessage(), containsString("403 Forbidden")); } @@ -107,7 +107,7 @@ public class SqlSecurityIT extends ESRestTestCase { /* This doesn't work because sql doesn't see the field level security * and still adds the metadata even though the field "doesn't exist" */ - assertResponse(runSql("SELECT a FROM test.test", null), runSql("SELECT * FROM test.test", "only_a")); + assertResponse(runSql("SELECT a FROM test.test", null), runSql("SELECT * FROM test", "only_a")); /* This should probably be a 400 level error complaining about field * that do not exist because that is what makes sense in SQL. */ assertResponse(emptyMap(), runSql("SELECT * FROM test.test WHERE c = 3", "only_a")); @@ -119,16 +119,16 @@ public class SqlSecurityIT extends ESRestTestCase { /* This doesn't work because sql doesn't see the field level security * and still adds the metadata even though the field "doesn't exist" */ - assertResponse(runSql("SELECT a, b FROM test.test", null), runSql("SELECT * FROM test.test", "not_c")); + assertResponse(runSql("SELECT a, b FROM test", null), runSql("SELECT * FROM test", "not_c")); /* This should probably be a 400 level error complaining about field * that do not exist because that is what makes sense in SQL. */ - assertResponse(emptyMap(), runSql("SELECT * FROM test.test WHERE c = 3", "not_c")); + assertResponse(emptyMap(), runSql("SELECT * FROM test WHERE c = 3", "not_c")); } public void testSqlDocumentExclued() throws IOException { createUser("no_3s", "read_test_without_c_3"); - assertResponse(runSql("SELECT * FROM test.test WHERE c != 3", null), runSql("SELECT * FROM test.test", "no_3s")); + assertResponse(runSql("SELECT * FROM test WHERE c != 3", null), runSql("SELECT * FROM test", "no_3s")); } private void assertResponse(Map expected, Map actual) { diff --git a/sql/cli/src/test/java/org/elasticsearch/xpack/sql/cli/SelectIT.java b/sql/cli/src/test/java/org/elasticsearch/xpack/sql/cli/SelectIT.java index 760431d45b5..5814d07029c 100644 --- a/sql/cli/src/test/java/org/elasticsearch/xpack/sql/cli/SelectIT.java +++ b/sql/cli/src/test/java/org/elasticsearch/xpack/sql/cli/SelectIT.java @@ -14,7 +14,7 @@ import static org.hamcrest.Matchers.containsString; public class SelectIT extends CliIntegrationTestCase { public void testSelect() throws IOException { index("test", body -> body.field("test_field", "test_value")); - command("SELECT * FROM test.doc"); + command("SELECT * FROM test"); assertThat(in.readLine(), containsString("test_field")); assertThat(in.readLine(), containsString("----------")); assertThat(in.readLine(), containsString("test_value")); @@ -24,7 +24,7 @@ public class SelectIT extends CliIntegrationTestCase { public void testSelectWithWhere() throws IOException { index("test", body -> body.field("test_field", "test_value1").field("i", 1)); index("test", body -> body.field("test_field", "test_value2").field("i", 2)); - command("SELECT * FROM test.doc WHERE i = 2"); + command("SELECT * FROM test WHERE i = 2"); assertThat(in.readLine(), RegexMatcher.matches("\\s*i\\s*\\|\\s*test_field\\s*")); assertThat(in.readLine(), containsString("----------")); assertThat(in.readLine(), RegexMatcher.matches("\\s*2\\s*\\|\\s*test_value2\\s*")); diff --git a/sql/cli/src/test/java/org/elasticsearch/xpack/sql/cli/ShowIT.java b/sql/cli/src/test/java/org/elasticsearch/xpack/sql/cli/ShowIT.java index 6ac7fba7d7e..3b2fbc49b0a 100644 --- a/sql/cli/src/test/java/org/elasticsearch/xpack/sql/cli/ShowIT.java +++ b/sql/cli/src/test/java/org/elasticsearch/xpack/sql/cli/ShowIT.java @@ -17,10 +17,10 @@ public class ShowIT extends CliIntegrationTestCase { index("test1", body -> body.field("test_field", "test_value")); index("test2", body -> body.field("test_field", "test_value")); command("SHOW TABLES"); - assertThat(in.readLine(), RegexMatcher.matches("\\s*index\\s*\\|\\s*type\\s*")); + assertThat(in.readLine(), RegexMatcher.matches("\\s*table\\s*")); assertThat(in.readLine(), containsString("----------")); - assertThat(in.readLine(), RegexMatcher.matches("\\s*test[12]\\s*\\|\\s*doc\\s*")); - assertThat(in.readLine(), RegexMatcher.matches("\\s*test[12]\\s*\\|\\s*doc\\s*")); + assertThat(in.readLine(), RegexMatcher.matches("\\s*test[12]\\s*")); + assertThat(in.readLine(), RegexMatcher.matches("\\s*test[12]\\s*")); assertEquals("", in.readLine()); } diff --git a/sql/jdbc/src/test/java/org/elasticsearch/xpack/sql/jdbc/ErrorsIT.java b/sql/jdbc/src/test/java/org/elasticsearch/xpack/sql/jdbc/ErrorsIT.java index e2127d63e6a..575183ed7b4 100644 --- a/sql/jdbc/src/test/java/org/elasticsearch/xpack/sql/jdbc/ErrorsIT.java +++ b/sql/jdbc/src/test/java/org/elasticsearch/xpack/sql/jdbc/ErrorsIT.java @@ -9,28 +9,23 @@ import org.elasticsearch.xpack.sql.jdbc.framework.JdbcIntegrationTestCase; import java.sql.Connection; import java.sql.SQLException; -import java.util.Locale; /** * Tests for error messages. */ public class ErrorsIT extends JdbcIntegrationTestCase { - - String message(String index) { - return String.format(Locale.ROOT, "line 1:15: Cannot resolve index %s (does not exist or has multiple types)", index); - } public void testSelectFromMissingTable() throws Exception { try (Connection c = esJdbc()) { SQLException e = expectThrows(SQLException.class, () -> c.prepareStatement("SELECT * from test").executeQuery()); - assertEquals(message("test"), e.getMessage()); + assertEquals("line 1:15: Cannot resolve index test", e.getMessage()); } } - public void testMultiTypeIndex() throws Exception { - - try (Connection c = esJdbc()) { - SQLException e = expectThrows(SQLException.class, () -> c.prepareStatement("SELECT * from multi_type").executeQuery()); - assertEquals(message("multi_type"), e.getMessage()); - } - } +// public void testMultiTypeIndex() throws Exception { +// NOCOMMIT bwc tests +// try (Connection c = esJdbc()) { +// SQLException e = expectThrows(SQLException.class, () -> c.prepareStatement("SELECT * from multi_type").executeQuery()); +// assertEquals(message("multi_type"), e.getMessage()); +// } +// } } diff --git a/sql/jdbc/src/test/java/org/elasticsearch/xpack/sql/jdbc/ShowTablesIT.java b/sql/jdbc/src/test/java/org/elasticsearch/xpack/sql/jdbc/ShowTablesIT.java index b7cf37553b4..f27cfa05709 100644 --- a/sql/jdbc/src/test/java/org/elasticsearch/xpack/sql/jdbc/ShowTablesIT.java +++ b/sql/jdbc/src/test/java/org/elasticsearch/xpack/sql/jdbc/ShowTablesIT.java @@ -33,10 +33,10 @@ public class ShowTablesIT extends JdbcIntegrationTestCase { for (int i = 0; i < indices; i++) { String index = String.format(Locale.ROOT, "test%02d", i); index(index, builder -> builder.field("name", "bob")); - h2.createStatement().executeUpdate("INSERT INTO mock VALUES ('" + index + "', 'doc');"); + h2.createStatement().executeUpdate("INSERT INTO mock VALUES ('" + index + "');"); } - ResultSet expected = h2.createStatement().executeQuery("SELECT * FROM mock ORDER BY index, type"); + ResultSet expected = h2.createStatement().executeQuery("SELECT * FROM mock ORDER BY table"); assertResultSets(expected, es.createStatement().executeQuery("SHOW TABLES")); } } diff --git a/sql/jdbc/src/test/resources/setup_mock_show_tables.sql b/sql/jdbc/src/test/resources/setup_mock_show_tables.sql index f0c2e08aea7..eec1624bf7c 100644 --- a/sql/jdbc/src/test/resources/setup_mock_show_tables.sql +++ b/sql/jdbc/src/test/resources/setup_mock_show_tables.sql @@ -1,4 +1,3 @@ CREATE TABLE mock ( - "index" VARCHAR, - "type" VARCHAR + "table" VARCHAR ); diff --git a/sql/net-client/src/main/java/org/elasticsearch/xpack/sql/net/client/ConnectionConfiguration.java b/sql/net-client/src/main/java/org/elasticsearch/xpack/sql/net/client/ConnectionConfiguration.java index 116cff59c04..4dec68417e0 100644 --- a/sql/net-client/src/main/java/org/elasticsearch/xpack/sql/net/client/ConnectionConfiguration.java +++ b/sql/net-client/src/main/java/org/elasticsearch/xpack/sql/net/client/ConnectionConfiguration.java @@ -87,8 +87,8 @@ public class ConnectionConfiguration { user = settings.getProperty(AUTH_USER); pass = settings.getProperty(AUTH_PASS); - sslConfig = new SslConfig(props); - proxyConfig = new ProxyConfig(props); + sslConfig = new SslConfig(settings); + proxyConfig = new ProxyConfig(settings); } protected boolean isSSLEnabled() { diff --git a/sql/net-client/src/main/java/org/elasticsearch/xpack/sql/net/client/JreHttpUrlConnection.java b/sql/net-client/src/main/java/org/elasticsearch/xpack/sql/net/client/JreHttpUrlConnection.java index d13d7fcfd6d..45365b3661b 100644 --- a/sql/net-client/src/main/java/org/elasticsearch/xpack/sql/net/client/JreHttpUrlConnection.java +++ b/sql/net-client/src/main/java/org/elasticsearch/xpack/sql/net/client/JreHttpUrlConnection.java @@ -19,11 +19,14 @@ import java.io.OutputStream; import java.net.HttpURLConnection; import java.net.Proxy; import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Base64; import java.util.function.Function; import java.util.zip.GZIPInputStream; import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSocketFactory; public class JreHttpUrlConnection implements Closeable { public static R http(URL url, ConnectionConfiguration cfg, Function handler) { @@ -75,7 +78,11 @@ public class JreHttpUrlConnection implements Closeable { private void setupSSL(ConnectionConfiguration cfg) { if (cfg.sslConfig().isEnabled()) { HttpsURLConnection https = (HttpsURLConnection) con; - https.setSSLSocketFactory(cfg.sslConfig().sslSocketFactory()); + SSLSocketFactory factory = cfg.sslConfig().sslSocketFactory(); + AccessController.doPrivileged((PrivilegedAction) () -> { + https.setSSLSocketFactory(factory); + return null; + }); } } @@ -118,7 +125,7 @@ public class JreHttpUrlConnection implements Closeable { throw new ClientException(ex, "Cannot POST address %s (%s)", url, ex.getMessage()); } } - + private static InputStream getStream(HttpURLConnection con, InputStream stream) throws IOException { if (GZIP.equals(con.getContentEncoding())) { return new GZIPInputStream(stream); @@ -171,4 +178,4 @@ public class JreHttpUrlConnection implements Closeable { } } } -} \ No newline at end of file +} diff --git a/sql/net-client/src/test/java/org/elasticsearch/xpack/sql/net/client/BasicSSLServer.java b/sql/net-client/src/test/java/org/elasticsearch/xpack/sql/net/client/BasicSSLServer.java index d15c72cbe76..ac608c09262 100644 --- a/sql/net-client/src/test/java/org/elasticsearch/xpack/sql/net/client/BasicSSLServer.java +++ b/sql/net-client/src/test/java/org/elasticsearch/xpack/sql/net/client/BasicSSLServer.java @@ -66,6 +66,7 @@ public class BasicSSLServer { ks.load(BasicSSLServer.class.getResourceAsStream("/ssl/server.keystore"), pass); kmf.init(ks, pass); + // NOCOMMIT I think we could share a key rather than trust all, right? TrustManager[] trustAll = new TrustManager[] { new X509TrustManager() { @Override diff --git a/sql/net-client/src/test/java/org/elasticsearch/xpack/sql/net/client/SSLTests.java b/sql/net-client/src/test/java/org/elasticsearch/xpack/sql/net/client/SSLTests.java index 212b1e2da8f..d498fed4b1c 100644 --- a/sql/net-client/src/test/java/org/elasticsearch/xpack/sql/net/client/SSLTests.java +++ b/sql/net-client/src/test/java/org/elasticsearch/xpack/sql/net/client/SSLTests.java @@ -18,6 +18,8 @@ import org.junit.rules.ExternalResource; import java.io.ByteArrayInputStream; import java.io.DataInputStream; import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Arrays; import java.util.Properties; import java.util.UUID; @@ -81,6 +83,7 @@ public class SSLTests extends ESTestCase { } public void testSslSetup() throws Exception { + // NOCOMMIT this test doesn't test anything, just logs. Probably should fix that. SSLContext context = SSLContext.getDefault(); SSLSocketFactory factory = context.getSocketFactory(); SSLSocket socket = (SSLSocket) factory.createSocket(); @@ -100,16 +103,18 @@ public class SSLTests extends ESTestCase { } public void testSslHead() throws Exception { - assertTrue(JreHttpUrlConnection.http(sslServer, cfg, JreHttpUrlConnection::head)); + assertTrue(AccessController.doPrivileged((PrivilegedAction) () -> { + return JreHttpUrlConnection.http(sslServer, cfg, JreHttpUrlConnection::head); + })); } public void testSslPost() throws Exception { String message = UUID.randomUUID().toString(); - Bytes b = JreHttpUrlConnection.http(sslServer, cfg, c -> { - return c.post(o -> { - o.writeUTF(message); - }); - }); + Bytes b = AccessController.doPrivileged((PrivilegedAction) () -> + JreHttpUrlConnection.http(sslServer, cfg, c -> + c.post(o -> { + o.writeUTF(message); + }))); String received = new DataInputStream(new ByteArrayInputStream(b.bytes())).readUTF(); assertEquals(message, received); diff --git a/sql/net-client/src/test/resources/plugin-security.policy b/sql/net-client/src/test/resources/plugin-security.policy new file mode 100644 index 00000000000..82751bf76de --- /dev/null +++ b/sql/net-client/src/test/resources/plugin-security.policy @@ -0,0 +1,6 @@ +grant { + // Required for the net client to setup ssl rather than use global ssl. + permission java.lang.RuntimePermission "setFactory"; + // Required to connect to the test ssl server. + permission java.net.SocketPermission "*", "connect,resolve"; +};