Keep imports consistent with 6.x
Some imports were changed in 6.x to address line-length issues there. This commit pulls the same changes to master to keep the branches consistent to simplify backports. Original commit: elastic/x-pack-elasticsearch@190f9d41f5
This commit is contained in:
parent
64cfa017f0
commit
51c53710d7
|
@ -64,6 +64,7 @@ import java.util.function.Supplier;
|
||||||
import static org.elasticsearch.xpack.ClientHelper.SECURITY_ORIGIN;
|
import static org.elasticsearch.xpack.ClientHelper.SECURITY_ORIGIN;
|
||||||
import static org.elasticsearch.xpack.ClientHelper.executeAsyncWithOrigin;
|
import static org.elasticsearch.xpack.ClientHelper.executeAsyncWithOrigin;
|
||||||
import static org.elasticsearch.xpack.ClientHelper.stashWithOrigin;
|
import static org.elasticsearch.xpack.ClientHelper.stashWithOrigin;
|
||||||
|
import static org.elasticsearch.xpack.security.SecurityLifecycleService.SECURITY_INDEX_NAME;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* NativeUsersStore is a store for users that reads from an Elasticsearch index. This store is responsible for fetching the full
|
* NativeUsersStore is a store for users that reads from an Elasticsearch index. This store is responsible for fetching the full
|
||||||
|
@ -135,7 +136,7 @@ public class NativeUsersStore extends AbstractComponent {
|
||||||
}
|
}
|
||||||
final Supplier<ThreadContext.StoredContext> supplier = client.threadPool().getThreadContext().newRestorableContext(false);
|
final Supplier<ThreadContext.StoredContext> supplier = client.threadPool().getThreadContext().newRestorableContext(false);
|
||||||
try (ThreadContext.StoredContext ignore = stashWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN)) {
|
try (ThreadContext.StoredContext ignore = stashWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN)) {
|
||||||
SearchRequest request = client.prepareSearch(SecurityLifecycleService.SECURITY_INDEX_NAME)
|
SearchRequest request = client.prepareSearch(SECURITY_INDEX_NAME)
|
||||||
.setScroll(TimeValue.timeValueSeconds(10L))
|
.setScroll(TimeValue.timeValueSeconds(10L))
|
||||||
.setQuery(query)
|
.setQuery(query)
|
||||||
.setSize(1000)
|
.setSize(1000)
|
||||||
|
@ -161,7 +162,7 @@ public class NativeUsersStore extends AbstractComponent {
|
||||||
} else {
|
} else {
|
||||||
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () ->
|
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () ->
|
||||||
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
||||||
client.prepareGet(SecurityLifecycleService.SECURITY_INDEX_NAME,
|
client.prepareGet(SECURITY_INDEX_NAME,
|
||||||
INDEX_TYPE, getIdForUser(USER_DOC_TYPE, user)).request(),
|
INDEX_TYPE, getIdForUser(USER_DOC_TYPE, user)).request(),
|
||||||
new ActionListener<GetResponse>() {
|
new ActionListener<GetResponse>() {
|
||||||
@Override
|
@Override
|
||||||
|
@ -205,7 +206,7 @@ public class NativeUsersStore extends AbstractComponent {
|
||||||
|
|
||||||
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
||||||
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
||||||
client.prepareUpdate(SecurityLifecycleService.SECURITY_INDEX_NAME, INDEX_TYPE, getIdForUser(docType, username))
|
client.prepareUpdate(SECURITY_INDEX_NAME, INDEX_TYPE, getIdForUser(docType, username))
|
||||||
.setDoc(Requests.INDEX_CONTENT_TYPE, Fields.PASSWORD.getPreferredName(),
|
.setDoc(Requests.INDEX_CONTENT_TYPE, Fields.PASSWORD.getPreferredName(),
|
||||||
String.valueOf(request.passwordHash()))
|
String.valueOf(request.passwordHash()))
|
||||||
.setRefreshPolicy(request.getRefreshPolicy()).request(),
|
.setRefreshPolicy(request.getRefreshPolicy()).request(),
|
||||||
|
@ -244,7 +245,7 @@ public class NativeUsersStore extends AbstractComponent {
|
||||||
private void createReservedUser(String username, char[] passwordHash, RefreshPolicy refresh, ActionListener<Void> listener) {
|
private void createReservedUser(String username, char[] passwordHash, RefreshPolicy refresh, ActionListener<Void> listener) {
|
||||||
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
||||||
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
||||||
client.prepareIndex(SecurityLifecycleService.SECURITY_INDEX_NAME, INDEX_TYPE,
|
client.prepareIndex(SECURITY_INDEX_NAME, INDEX_TYPE,
|
||||||
getIdForUser(RESERVED_USER_TYPE, username))
|
getIdForUser(RESERVED_USER_TYPE, username))
|
||||||
.setSource(Fields.PASSWORD.getPreferredName(), String.valueOf(passwordHash),
|
.setSource(Fields.PASSWORD.getPreferredName(), String.valueOf(passwordHash),
|
||||||
Fields.ENABLED.getPreferredName(), true,
|
Fields.ENABLED.getPreferredName(), true,
|
||||||
|
@ -288,7 +289,7 @@ public class NativeUsersStore extends AbstractComponent {
|
||||||
// We must have an existing document
|
// We must have an existing document
|
||||||
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
||||||
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
||||||
client.prepareUpdate(SecurityLifecycleService.SECURITY_INDEX_NAME, INDEX_TYPE,
|
client.prepareUpdate(SECURITY_INDEX_NAME, INDEX_TYPE,
|
||||||
getIdForUser(USER_DOC_TYPE, putUserRequest.username()))
|
getIdForUser(USER_DOC_TYPE, putUserRequest.username()))
|
||||||
.setDoc(Requests.INDEX_CONTENT_TYPE,
|
.setDoc(Requests.INDEX_CONTENT_TYPE,
|
||||||
Fields.USERNAME.getPreferredName(), putUserRequest.username(),
|
Fields.USERNAME.getPreferredName(), putUserRequest.username(),
|
||||||
|
@ -331,7 +332,7 @@ public class NativeUsersStore extends AbstractComponent {
|
||||||
assert putUserRequest.passwordHash() != null;
|
assert putUserRequest.passwordHash() != null;
|
||||||
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
||||||
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
||||||
client.prepareIndex(SecurityLifecycleService.SECURITY_INDEX_NAME, INDEX_TYPE,
|
client.prepareIndex(SECURITY_INDEX_NAME, INDEX_TYPE,
|
||||||
getIdForUser(USER_DOC_TYPE, putUserRequest.username()))
|
getIdForUser(USER_DOC_TYPE, putUserRequest.username()))
|
||||||
.setSource(Fields.USERNAME.getPreferredName(), putUserRequest.username(),
|
.setSource(Fields.USERNAME.getPreferredName(), putUserRequest.username(),
|
||||||
Fields.PASSWORD.getPreferredName(), String.valueOf(putUserRequest.passwordHash()),
|
Fields.PASSWORD.getPreferredName(), String.valueOf(putUserRequest.passwordHash()),
|
||||||
|
@ -377,7 +378,7 @@ public class NativeUsersStore extends AbstractComponent {
|
||||||
final ActionListener<Void> listener) {
|
final ActionListener<Void> listener) {
|
||||||
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
||||||
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
||||||
client.prepareUpdate(SecurityLifecycleService.SECURITY_INDEX_NAME, INDEX_TYPE,
|
client.prepareUpdate(SECURITY_INDEX_NAME, INDEX_TYPE,
|
||||||
getIdForUser(USER_DOC_TYPE, username))
|
getIdForUser(USER_DOC_TYPE, username))
|
||||||
.setDoc(Requests.INDEX_CONTENT_TYPE, Fields.ENABLED.getPreferredName(), enabled)
|
.setDoc(Requests.INDEX_CONTENT_TYPE, Fields.ENABLED.getPreferredName(), enabled)
|
||||||
.setRefreshPolicy(refreshPolicy)
|
.setRefreshPolicy(refreshPolicy)
|
||||||
|
@ -412,7 +413,7 @@ public class NativeUsersStore extends AbstractComponent {
|
||||||
boolean clearCache, final ActionListener<Void> listener) {
|
boolean clearCache, final ActionListener<Void> listener) {
|
||||||
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
||||||
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
||||||
client.prepareUpdate(SecurityLifecycleService.SECURITY_INDEX_NAME, INDEX_TYPE,
|
client.prepareUpdate(SECURITY_INDEX_NAME, INDEX_TYPE,
|
||||||
getIdForUser(RESERVED_USER_TYPE, username))
|
getIdForUser(RESERVED_USER_TYPE, username))
|
||||||
.setDoc(Requests.INDEX_CONTENT_TYPE, Fields.ENABLED.getPreferredName(), enabled)
|
.setDoc(Requests.INDEX_CONTENT_TYPE, Fields.ENABLED.getPreferredName(), enabled)
|
||||||
.setUpsert(XContentType.JSON,
|
.setUpsert(XContentType.JSON,
|
||||||
|
@ -444,7 +445,7 @@ public class NativeUsersStore extends AbstractComponent {
|
||||||
listener.onFailure(new UnsupportedOperationException("users may not be deleted using a tribe node"));
|
listener.onFailure(new UnsupportedOperationException("users may not be deleted using a tribe node"));
|
||||||
} else {
|
} else {
|
||||||
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () -> {
|
||||||
DeleteRequest request = client.prepareDelete(SecurityLifecycleService.SECURITY_INDEX_NAME,
|
DeleteRequest request = client.prepareDelete(SECURITY_INDEX_NAME,
|
||||||
INDEX_TYPE, getIdForUser(USER_DOC_TYPE, deleteUserRequest.username())).request();
|
INDEX_TYPE, getIdForUser(USER_DOC_TYPE, deleteUserRequest.username())).request();
|
||||||
request.setRefreshPolicy(deleteUserRequest.getRefreshPolicy());
|
request.setRefreshPolicy(deleteUserRequest.getRefreshPolicy());
|
||||||
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN, request,
|
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN, request,
|
||||||
|
@ -489,7 +490,7 @@ public class NativeUsersStore extends AbstractComponent {
|
||||||
} else {
|
} else {
|
||||||
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () ->
|
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () ->
|
||||||
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
||||||
client.prepareGet(SecurityLifecycleService.SECURITY_INDEX_NAME, INDEX_TYPE,
|
client.prepareGet(SECURITY_INDEX_NAME, INDEX_TYPE,
|
||||||
getIdForUser(RESERVED_USER_TYPE, username)).request(),
|
getIdForUser(RESERVED_USER_TYPE, username)).request(),
|
||||||
new ActionListener<GetResponse>() {
|
new ActionListener<GetResponse>() {
|
||||||
@Override
|
@Override
|
||||||
|
@ -529,7 +530,7 @@ public class NativeUsersStore extends AbstractComponent {
|
||||||
void getAllReservedUserInfo(ActionListener<Map<String, ReservedUserInfo>> listener) {
|
void getAllReservedUserInfo(ActionListener<Map<String, ReservedUserInfo>> listener) {
|
||||||
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () ->
|
securityLifecycleService.prepareIndexIfNeededThenExecute(listener::onFailure, () ->
|
||||||
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
executeAsyncWithOrigin(client.threadPool().getThreadContext(), SECURITY_ORIGIN,
|
||||||
client.prepareSearch(SecurityLifecycleService.SECURITY_INDEX_NAME)
|
client.prepareSearch(SECURITY_INDEX_NAME)
|
||||||
.setQuery(QueryBuilders.termQuery(Fields.TYPE.getPreferredName(), RESERVED_USER_TYPE))
|
.setQuery(QueryBuilders.termQuery(Fields.TYPE.getPreferredName(), RESERVED_USER_TYPE))
|
||||||
.setFetchSource(true).request(),
|
.setFetchSource(true).request(),
|
||||||
new ActionListener<SearchResponse>() {
|
new ActionListener<SearchResponse>() {
|
||||||
|
|
|
@ -54,6 +54,7 @@ import java.util.concurrent.CountDownLatch;
|
||||||
|
|
||||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
||||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoTimeout;
|
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoTimeout;
|
||||||
|
import static org.elasticsearch.xpack.security.SecurityLifecycleService.SECURITY_INDEX_NAME;
|
||||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
import static org.elasticsearch.xpack.security.support.IndexLifecycleManager.INTERNAL_SECURITY_INDEX;
|
import static org.elasticsearch.xpack.security.support.IndexLifecycleManager.INTERNAL_SECURITY_INDEX;
|
||||||
import static org.hamcrest.Matchers.arrayContaining;
|
import static org.hamcrest.Matchers.arrayContaining;
|
||||||
|
@ -128,7 +129,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
|
||||||
logger.error("--> creating user");
|
logger.error("--> creating user");
|
||||||
c.preparePutUser("joe", "s3kirt".toCharArray(), "role1", "user").get();
|
c.preparePutUser("joe", "s3kirt".toCharArray(), "role1", "user").get();
|
||||||
logger.error("--> waiting for .security index");
|
logger.error("--> waiting for .security index");
|
||||||
ensureGreen(SecurityLifecycleService.SECURITY_INDEX_NAME);
|
ensureGreen(SECURITY_INDEX_NAME);
|
||||||
logger.info("--> retrieving user");
|
logger.info("--> retrieving user");
|
||||||
GetUsersResponse resp = c.prepareGetUsers("joe").get();
|
GetUsersResponse resp = c.prepareGetUsers("joe").get();
|
||||||
assertTrue("user should exist", resp.hasUsers());
|
assertTrue("user should exist", resp.hasUsers());
|
||||||
|
@ -183,7 +184,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
|
||||||
.metadata(metadata)
|
.metadata(metadata)
|
||||||
.get();
|
.get();
|
||||||
logger.error("--> waiting for .security index");
|
logger.error("--> waiting for .security index");
|
||||||
ensureGreen(SecurityLifecycleService.SECURITY_INDEX_NAME);
|
ensureGreen(SECURITY_INDEX_NAME);
|
||||||
logger.info("--> retrieving role");
|
logger.info("--> retrieving role");
|
||||||
GetRolesResponse resp = c.prepareGetRoles().names("test_role").get();
|
GetRolesResponse resp = c.prepareGetRoles().names("test_role").get();
|
||||||
assertTrue("role should exist", resp.hasRoles());
|
assertTrue("role should exist", resp.hasRoles());
|
||||||
|
@ -234,7 +235,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
|
||||||
logger.error("--> creating user");
|
logger.error("--> creating user");
|
||||||
c.preparePutUser("joe", "s3krit".toCharArray(), "test_role").get();
|
c.preparePutUser("joe", "s3krit".toCharArray(), "test_role").get();
|
||||||
logger.error("--> waiting for .security index");
|
logger.error("--> waiting for .security index");
|
||||||
ensureGreen(SecurityLifecycleService.SECURITY_INDEX_NAME);
|
ensureGreen(SECURITY_INDEX_NAME);
|
||||||
logger.info("--> retrieving user");
|
logger.info("--> retrieving user");
|
||||||
GetUsersResponse resp = c.prepareGetUsers("joe").get();
|
GetUsersResponse resp = c.prepareGetUsers("joe").get();
|
||||||
assertTrue("user should exist", resp.hasUsers());
|
assertTrue("user should exist", resp.hasUsers());
|
||||||
|
@ -255,7 +256,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
|
||||||
logger.error("--> creating user");
|
logger.error("--> creating user");
|
||||||
c.preparePutUser("joe", "s3krit".toCharArray(), SecuritySettingsSource.TEST_ROLE).get();
|
c.preparePutUser("joe", "s3krit".toCharArray(), SecuritySettingsSource.TEST_ROLE).get();
|
||||||
logger.error("--> waiting for .security index");
|
logger.error("--> waiting for .security index");
|
||||||
ensureGreen(SecurityLifecycleService.SECURITY_INDEX_NAME);
|
ensureGreen(SECURITY_INDEX_NAME);
|
||||||
logger.info("--> retrieving user");
|
logger.info("--> retrieving user");
|
||||||
GetUsersResponse resp = c.prepareGetUsers("joe").get();
|
GetUsersResponse resp = c.prepareGetUsers("joe").get();
|
||||||
assertTrue("user should exist", resp.hasUsers());
|
assertTrue("user should exist", resp.hasUsers());
|
||||||
|
@ -290,7 +291,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
|
||||||
logger.error("--> creating user");
|
logger.error("--> creating user");
|
||||||
c.preparePutUser("joe", "s3krit".toCharArray(), SecuritySettingsSource.TEST_ROLE).get();
|
c.preparePutUser("joe", "s3krit".toCharArray(), SecuritySettingsSource.TEST_ROLE).get();
|
||||||
logger.error("--> waiting for .security index");
|
logger.error("--> waiting for .security index");
|
||||||
ensureGreen(SecurityLifecycleService.SECURITY_INDEX_NAME);
|
ensureGreen(SECURITY_INDEX_NAME);
|
||||||
logger.info("--> retrieving user");
|
logger.info("--> retrieving user");
|
||||||
GetUsersResponse resp = c.prepareGetUsers("joe").get();
|
GetUsersResponse resp = c.prepareGetUsers("joe").get();
|
||||||
assertTrue("user should exist", resp.hasUsers());
|
assertTrue("user should exist", resp.hasUsers());
|
||||||
|
@ -328,7 +329,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
|
||||||
logger.error("--> creating user");
|
logger.error("--> creating user");
|
||||||
c.preparePutUser("joe", "s3krit".toCharArray(), "test_role").get();
|
c.preparePutUser("joe", "s3krit".toCharArray(), "test_role").get();
|
||||||
logger.error("--> waiting for .security index");
|
logger.error("--> waiting for .security index");
|
||||||
ensureGreen(SecurityLifecycleService.SECURITY_INDEX_NAME);
|
ensureGreen(SECURITY_INDEX_NAME);
|
||||||
|
|
||||||
if (authenticate) {
|
if (authenticate) {
|
||||||
final String token = basicAuthHeaderValue("joe", new SecureString("s3krit".toCharArray()));
|
final String token = basicAuthHeaderValue("joe", new SecureString("s3krit".toCharArray()));
|
||||||
|
@ -377,7 +378,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
|
||||||
.get();
|
.get();
|
||||||
c.preparePutUser("joe", "s3krit".toCharArray(), "test_role").get();
|
c.preparePutUser("joe", "s3krit".toCharArray(), "test_role").get();
|
||||||
logger.error("--> waiting for .security index");
|
logger.error("--> waiting for .security index");
|
||||||
ensureGreen(SecurityLifecycleService.SECURITY_INDEX_NAME);
|
ensureGreen(SECURITY_INDEX_NAME);
|
||||||
|
|
||||||
final String token = basicAuthHeaderValue("joe", new SecureString("s3krit".toCharArray()));
|
final String token = basicAuthHeaderValue("joe", new SecureString("s3krit".toCharArray()));
|
||||||
ClusterHealthResponse response = client().filterWithHeader(Collections.singletonMap("Authorization", token)).admin().cluster()
|
ClusterHealthResponse response = client().filterWithHeader(Collections.singletonMap("Authorization", token)).admin().cluster()
|
||||||
|
@ -503,7 +504,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
|
||||||
.get();
|
.get();
|
||||||
}
|
}
|
||||||
|
|
||||||
IndicesStatsResponse response = client().admin().indices().prepareStats("foo", SecurityLifecycleService.SECURITY_INDEX_NAME).get();
|
IndicesStatsResponse response = client().admin().indices().prepareStats("foo", SECURITY_INDEX_NAME).get();
|
||||||
assertThat(response.getFailedShards(), is(0));
|
assertThat(response.getFailedShards(), is(0));
|
||||||
assertThat(response.getIndices().size(), is(2));
|
assertThat(response.getIndices().size(), is(2));
|
||||||
assertThat(response.getIndices().get(INTERNAL_SECURITY_INDEX), notNullValue());
|
assertThat(response.getIndices().get(INTERNAL_SECURITY_INDEX), notNullValue());
|
||||||
|
|
|
@ -135,6 +135,7 @@ import org.mockito.Mockito;
|
||||||
import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException;
|
import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException;
|
||||||
import static org.elasticsearch.test.SecurityTestsUtils.assertThrowsAuthorizationException;
|
import static org.elasticsearch.test.SecurityTestsUtils.assertThrowsAuthorizationException;
|
||||||
import static org.elasticsearch.test.SecurityTestsUtils.assertThrowsAuthorizationExceptionRunAs;
|
import static org.elasticsearch.test.SecurityTestsUtils.assertThrowsAuthorizationExceptionRunAs;
|
||||||
|
import static org.elasticsearch.xpack.security.SecurityLifecycleService.SECURITY_INDEX_NAME;
|
||||||
import static org.hamcrest.Matchers.arrayContaining;
|
import static org.hamcrest.Matchers.arrayContaining;
|
||||||
import static org.hamcrest.Matchers.containsString;
|
import static org.hamcrest.Matchers.containsString;
|
||||||
import static org.hamcrest.Matchers.endsWith;
|
import static org.hamcrest.Matchers.endsWith;
|
||||||
|
@ -674,28 +675,28 @@ public class AuthorizationServiceTests extends ESTestCase {
|
||||||
ClusterState state = mock(ClusterState.class);
|
ClusterState state = mock(ClusterState.class);
|
||||||
when(clusterService.state()).thenReturn(state);
|
when(clusterService.state()).thenReturn(state);
|
||||||
when(state.metaData()).thenReturn(MetaData.builder()
|
when(state.metaData()).thenReturn(MetaData.builder()
|
||||||
.put(new IndexMetaData.Builder(SecurityLifecycleService.SECURITY_INDEX_NAME)
|
.put(new IndexMetaData.Builder(SECURITY_INDEX_NAME)
|
||||||
.settings(Settings.builder().put("index.version.created", Version.CURRENT).build())
|
.settings(Settings.builder().put("index.version.created", Version.CURRENT).build())
|
||||||
.numberOfShards(1).numberOfReplicas(0).build(), true)
|
.numberOfShards(1).numberOfReplicas(0).build(), true)
|
||||||
.build());
|
.build());
|
||||||
|
|
||||||
List<Tuple<String, TransportRequest>> requests = new ArrayList<>();
|
List<Tuple<String, TransportRequest>> requests = new ArrayList<>();
|
||||||
requests.add(new Tuple<>(BulkAction.NAME + "[s]",
|
requests.add(new Tuple<>(BulkAction.NAME + "[s]",
|
||||||
new DeleteRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "type", "id")));
|
new DeleteRequest(SECURITY_INDEX_NAME, "type", "id")));
|
||||||
requests.add(new Tuple<>(UpdateAction.NAME,
|
requests.add(new Tuple<>(UpdateAction.NAME,
|
||||||
new UpdateRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "type", "id")));
|
new UpdateRequest(SECURITY_INDEX_NAME, "type", "id")));
|
||||||
requests.add(new Tuple<>(BulkAction.NAME + "[s]",
|
requests.add(new Tuple<>(BulkAction.NAME + "[s]",
|
||||||
new IndexRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "type", "id")));
|
new IndexRequest(SECURITY_INDEX_NAME, "type", "id")));
|
||||||
requests.add(new Tuple<>(SearchAction.NAME, new SearchRequest(SecurityLifecycleService.SECURITY_INDEX_NAME)));
|
requests.add(new Tuple<>(SearchAction.NAME, new SearchRequest(SECURITY_INDEX_NAME)));
|
||||||
requests.add(new Tuple<>(TermVectorsAction.NAME,
|
requests.add(new Tuple<>(TermVectorsAction.NAME,
|
||||||
new TermVectorsRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "type", "id")));
|
new TermVectorsRequest(SECURITY_INDEX_NAME, "type", "id")));
|
||||||
requests.add(new Tuple<>(GetAction.NAME, new GetRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "type", "id")));
|
requests.add(new Tuple<>(GetAction.NAME, new GetRequest(SECURITY_INDEX_NAME, "type", "id")));
|
||||||
requests.add(new Tuple<>(TermVectorsAction.NAME,
|
requests.add(new Tuple<>(TermVectorsAction.NAME,
|
||||||
new TermVectorsRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "type", "id")));
|
new TermVectorsRequest(SECURITY_INDEX_NAME, "type", "id")));
|
||||||
requests.add(new Tuple<>(IndicesAliasesAction.NAME, new IndicesAliasesRequest()
|
requests.add(new Tuple<>(IndicesAliasesAction.NAME, new IndicesAliasesRequest()
|
||||||
.addAliasAction(AliasActions.add().alias("security_alias").index(SecurityLifecycleService.SECURITY_INDEX_NAME))));
|
.addAliasAction(AliasActions.add().alias("security_alias").index(SECURITY_INDEX_NAME))));
|
||||||
requests.add(
|
requests.add(
|
||||||
new Tuple<>(UpdateSettingsAction.NAME, new UpdateSettingsRequest().indices(SecurityLifecycleService.SECURITY_INDEX_NAME)));
|
new Tuple<>(UpdateSettingsAction.NAME, new UpdateSettingsRequest().indices(SECURITY_INDEX_NAME)));
|
||||||
|
|
||||||
for (Tuple<String, TransportRequest> requestTuple : requests) {
|
for (Tuple<String, TransportRequest> requestTuple : requests) {
|
||||||
String action = requestTuple.v1();
|
String action = requestTuple.v1();
|
||||||
|
@ -708,12 +709,12 @@ public class AuthorizationServiceTests extends ESTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
// we should allow waiting for the health of the index or any index if the user has this permission
|
// we should allow waiting for the health of the index or any index if the user has this permission
|
||||||
ClusterHealthRequest request = new ClusterHealthRequest(SecurityLifecycleService.SECURITY_INDEX_NAME);
|
ClusterHealthRequest request = new ClusterHealthRequest(SECURITY_INDEX_NAME);
|
||||||
authorize(createAuthentication(user), ClusterHealthAction.NAME, request);
|
authorize(createAuthentication(user), ClusterHealthAction.NAME, request);
|
||||||
verify(auditTrail).accessGranted(user, ClusterHealthAction.NAME, request, new String[] { role.getName() });
|
verify(auditTrail).accessGranted(user, ClusterHealthAction.NAME, request, new String[] { role.getName() });
|
||||||
|
|
||||||
// multiple indices
|
// multiple indices
|
||||||
request = new ClusterHealthRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "foo", "bar");
|
request = new ClusterHealthRequest(SECURITY_INDEX_NAME, "foo", "bar");
|
||||||
authorize(createAuthentication(user), ClusterHealthAction.NAME, request);
|
authorize(createAuthentication(user), ClusterHealthAction.NAME, request);
|
||||||
verify(auditTrail).accessGranted(user, ClusterHealthAction.NAME, request, new String[] { role.getName() });
|
verify(auditTrail).accessGranted(user, ClusterHealthAction.NAME, request, new String[] { role.getName() });
|
||||||
|
|
||||||
|
@ -731,21 +732,20 @@ public class AuthorizationServiceTests extends ESTestCase {
|
||||||
ClusterState state = mock(ClusterState.class);
|
ClusterState state = mock(ClusterState.class);
|
||||||
when(clusterService.state()).thenReturn(state);
|
when(clusterService.state()).thenReturn(state);
|
||||||
when(state.metaData()).thenReturn(MetaData.builder()
|
when(state.metaData()).thenReturn(MetaData.builder()
|
||||||
.put(new IndexMetaData.Builder(SecurityLifecycleService.SECURITY_INDEX_NAME)
|
.put(new IndexMetaData.Builder(SECURITY_INDEX_NAME)
|
||||||
.settings(Settings.builder().put("index.version.created", Version.CURRENT).build())
|
.settings(Settings.builder().put("index.version.created", Version.CURRENT).build())
|
||||||
.numberOfShards(1).numberOfReplicas(0).build(), true)
|
.numberOfShards(1).numberOfReplicas(0).build(), true)
|
||||||
.build());
|
.build());
|
||||||
|
|
||||||
List<Tuple<String, ? extends TransportRequest>> requests = new ArrayList<>();
|
List<Tuple<String, ? extends TransportRequest>> requests = new ArrayList<>();
|
||||||
requests.add(new Tuple<>(IndicesStatsAction.NAME, new IndicesStatsRequest().indices(SecurityLifecycleService.SECURITY_INDEX_NAME)));
|
requests.add(new Tuple<>(IndicesStatsAction.NAME, new IndicesStatsRequest().indices(SECURITY_INDEX_NAME)));
|
||||||
requests.add(new Tuple<>(RecoveryAction.NAME, new RecoveryRequest().indices(SecurityLifecycleService.SECURITY_INDEX_NAME)));
|
requests.add(new Tuple<>(RecoveryAction.NAME, new RecoveryRequest().indices(SECURITY_INDEX_NAME)));
|
||||||
requests.add(new Tuple<>(IndicesSegmentsAction.NAME,
|
requests.add(new Tuple<>(IndicesSegmentsAction.NAME, new IndicesSegmentsRequest().indices(SECURITY_INDEX_NAME)));
|
||||||
new IndicesSegmentsRequest().indices(SecurityLifecycleService.SECURITY_INDEX_NAME)));
|
requests.add(new Tuple<>(GetSettingsAction.NAME, new GetSettingsRequest().indices(SECURITY_INDEX_NAME)));
|
||||||
requests.add(new Tuple<>(GetSettingsAction.NAME, new GetSettingsRequest().indices(SecurityLifecycleService.SECURITY_INDEX_NAME)));
|
|
||||||
requests.add(new Tuple<>(IndicesShardStoresAction.NAME,
|
requests.add(new Tuple<>(IndicesShardStoresAction.NAME,
|
||||||
new IndicesShardStoresRequest().indices(SecurityLifecycleService.SECURITY_INDEX_NAME)));
|
new IndicesShardStoresRequest().indices(SECURITY_INDEX_NAME)));
|
||||||
requests.add(new Tuple<>(UpgradeStatusAction.NAME,
|
requests.add(new Tuple<>(UpgradeStatusAction.NAME,
|
||||||
new UpgradeStatusRequest().indices(SecurityLifecycleService.SECURITY_INDEX_NAME)));
|
new UpgradeStatusRequest().indices(SECURITY_INDEX_NAME)));
|
||||||
|
|
||||||
for (Tuple<String, ? extends TransportRequest> requestTuple : requests) {
|
for (Tuple<String, ? extends TransportRequest> requestTuple : requests) {
|
||||||
String action = requestTuple.v1();
|
String action = requestTuple.v1();
|
||||||
|
@ -761,33 +761,33 @@ public class AuthorizationServiceTests extends ESTestCase {
|
||||||
ClusterState state = mock(ClusterState.class);
|
ClusterState state = mock(ClusterState.class);
|
||||||
when(clusterService.state()).thenReturn(state);
|
when(clusterService.state()).thenReturn(state);
|
||||||
when(state.metaData()).thenReturn(MetaData.builder()
|
when(state.metaData()).thenReturn(MetaData.builder()
|
||||||
.put(new IndexMetaData.Builder(SecurityLifecycleService.SECURITY_INDEX_NAME)
|
.put(new IndexMetaData.Builder(SECURITY_INDEX_NAME)
|
||||||
.settings(Settings.builder().put("index.version.created", Version.CURRENT).build())
|
.settings(Settings.builder().put("index.version.created", Version.CURRENT).build())
|
||||||
.numberOfShards(1).numberOfReplicas(0).build(), true)
|
.numberOfShards(1).numberOfReplicas(0).build(), true)
|
||||||
.build());
|
.build());
|
||||||
|
|
||||||
List<Tuple<String, TransportRequest>> requests = new ArrayList<>();
|
List<Tuple<String, TransportRequest>> requests = new ArrayList<>();
|
||||||
requests.add(new Tuple<>(DeleteAction.NAME,
|
requests.add(new Tuple<>(DeleteAction.NAME,
|
||||||
new DeleteRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "type", "id")));
|
new DeleteRequest(SECURITY_INDEX_NAME, "type", "id")));
|
||||||
requests.add(new Tuple<>(BulkAction.NAME + "[s]",
|
requests.add(new Tuple<>(BulkAction.NAME + "[s]",
|
||||||
createBulkShardRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, DeleteRequest::new)));
|
createBulkShardRequest(SECURITY_INDEX_NAME, DeleteRequest::new)));
|
||||||
requests.add(new Tuple<>(UpdateAction.NAME,
|
requests.add(new Tuple<>(UpdateAction.NAME,
|
||||||
new UpdateRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "type", "id")));
|
new UpdateRequest(SECURITY_INDEX_NAME, "type", "id")));
|
||||||
requests.add(new Tuple<>(IndexAction.NAME,
|
requests.add(new Tuple<>(IndexAction.NAME,
|
||||||
new IndexRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "type", "id")));
|
new IndexRequest(SECURITY_INDEX_NAME, "type", "id")));
|
||||||
requests.add(new Tuple<>(BulkAction.NAME + "[s]",
|
requests.add(new Tuple<>(BulkAction.NAME + "[s]",
|
||||||
createBulkShardRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, IndexRequest::new)));
|
createBulkShardRequest(SECURITY_INDEX_NAME, IndexRequest::new)));
|
||||||
requests.add(new Tuple<>(SearchAction.NAME, new SearchRequest(SecurityLifecycleService.SECURITY_INDEX_NAME)));
|
requests.add(new Tuple<>(SearchAction.NAME, new SearchRequest(SECURITY_INDEX_NAME)));
|
||||||
requests.add(new Tuple<>(TermVectorsAction.NAME,
|
requests.add(new Tuple<>(TermVectorsAction.NAME,
|
||||||
new TermVectorsRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "type", "id")));
|
new TermVectorsRequest(SECURITY_INDEX_NAME, "type", "id")));
|
||||||
requests.add(new Tuple<>(GetAction.NAME, new GetRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "type", "id")));
|
requests.add(new Tuple<>(GetAction.NAME, new GetRequest(SECURITY_INDEX_NAME, "type", "id")));
|
||||||
requests.add(new Tuple<>(TermVectorsAction.NAME,
|
requests.add(new Tuple<>(TermVectorsAction.NAME,
|
||||||
new TermVectorsRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "type", "id")));
|
new TermVectorsRequest(SECURITY_INDEX_NAME, "type", "id")));
|
||||||
requests.add(new Tuple<>(IndicesAliasesAction.NAME, new IndicesAliasesRequest()
|
requests.add(new Tuple<>(IndicesAliasesAction.NAME, new IndicesAliasesRequest()
|
||||||
.addAliasAction(AliasActions.add().alias("security_alias").index(SecurityLifecycleService.SECURITY_INDEX_NAME))));
|
.addAliasAction(AliasActions.add().alias("security_alias").index(SECURITY_INDEX_NAME))));
|
||||||
requests.add(new Tuple<>(ClusterHealthAction.NAME, new ClusterHealthRequest(SecurityLifecycleService.SECURITY_INDEX_NAME)));
|
requests.add(new Tuple<>(ClusterHealthAction.NAME, new ClusterHealthRequest(SECURITY_INDEX_NAME)));
|
||||||
requests.add(new Tuple<>(ClusterHealthAction.NAME,
|
requests.add(new Tuple<>(ClusterHealthAction.NAME,
|
||||||
new ClusterHealthRequest(SecurityLifecycleService.SECURITY_INDEX_NAME, "foo", "bar")));
|
new ClusterHealthRequest(SECURITY_INDEX_NAME, "foo", "bar")));
|
||||||
|
|
||||||
for (Tuple<String, TransportRequest> requestTuple : requests) {
|
for (Tuple<String, TransportRequest> requestTuple : requests) {
|
||||||
String action = requestTuple.v1();
|
String action = requestTuple.v1();
|
||||||
|
@ -803,7 +803,7 @@ public class AuthorizationServiceTests extends ESTestCase {
|
||||||
ClusterState state = mock(ClusterState.class);
|
ClusterState state = mock(ClusterState.class);
|
||||||
when(clusterService.state()).thenReturn(state);
|
when(clusterService.state()).thenReturn(state);
|
||||||
when(state.metaData()).thenReturn(MetaData.builder()
|
when(state.metaData()).thenReturn(MetaData.builder()
|
||||||
.put(new IndexMetaData.Builder(SecurityLifecycleService.SECURITY_INDEX_NAME)
|
.put(new IndexMetaData.Builder(SECURITY_INDEX_NAME)
|
||||||
.settings(Settings.builder().put("index.version.created", Version.CURRENT).build())
|
.settings(Settings.builder().put("index.version.created", Version.CURRENT).build())
|
||||||
.numberOfShards(1).numberOfReplicas(0).build(), true)
|
.numberOfShards(1).numberOfReplicas(0).build(), true)
|
||||||
.build());
|
.build());
|
||||||
|
|
|
@ -1201,7 +1201,7 @@ public class IndicesAndAliasesResolverTests extends ESTestCase {
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
IndicesAliasesRequest aliasesRequest = new IndicesAliasesRequest();
|
IndicesAliasesRequest aliasesRequest = new IndicesAliasesRequest();
|
||||||
aliasesRequest.addAliasAction(AliasActions.add().alias("security_alias").index(SecurityLifecycleService.SECURITY_INDEX_NAME));
|
aliasesRequest.addAliasAction(AliasActions.add().alias("security_alias").index(SECURITY_INDEX_NAME));
|
||||||
final AuthorizedIndices authorizedIndices = buildAuthorizedIndices(XPackSecurityUser.INSTANCE, IndicesAliasesAction.NAME);
|
final AuthorizedIndices authorizedIndices = buildAuthorizedIndices(XPackSecurityUser.INSTANCE, IndicesAliasesAction.NAME);
|
||||||
List<String> indices = resolveIndices(aliasesRequest, authorizedIndices).getLocal();
|
List<String> indices = resolveIndices(aliasesRequest, authorizedIndices).getLocal();
|
||||||
assertThat(indices, hasItem(SecurityLifecycleService.SECURITY_INDEX_NAME));
|
assertThat(indices, hasItem(SecurityLifecycleService.SECURITY_INDEX_NAME));
|
||||||
|
|
|
@ -217,8 +217,11 @@ public class BootStrapTests extends AbstractWatcherIntegrationTestCase {
|
||||||
Wid wid = new Wid(watchId, now);
|
Wid wid = new Wid(watchId, now);
|
||||||
TriggeredWatch triggeredWatch = new TriggeredWatch(wid, event);
|
TriggeredWatch triggeredWatch = new TriggeredWatch(wid, event);
|
||||||
bulkRequestBuilder.add(
|
bulkRequestBuilder.add(
|
||||||
client().prepareIndex(TriggeredWatchStoreField.INDEX_NAME,
|
client().prepareIndex(
|
||||||
TriggeredWatchStoreField.DOC_TYPE, triggeredWatch.id().value()).setSource(jsonBuilder().value(triggeredWatch))
|
TriggeredWatchStoreField.INDEX_NAME,
|
||||||
|
TriggeredWatchStoreField.DOC_TYPE,
|
||||||
|
triggeredWatch.id().value())
|
||||||
|
.setSource(jsonBuilder().value(triggeredWatch))
|
||||||
.request());
|
.request());
|
||||||
}
|
}
|
||||||
bulkRequestBuilder.setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).get();
|
bulkRequestBuilder.setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).get();
|
||||||
|
|
Loading…
Reference in New Issue