honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-20 03:45:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove Watcher Account "unsecure" settings (#36736)

Browse Source 
Removes all sensitive settings (passwords, auth tokens, urls, etc...) for
watcher notifications accounts. These settings were deprecated (and
herein removed) in favor of their secure sibling that is set inside the
elasticsearch keystore. For example:
`xpack.notification.email.account.<id>.smtp.password`
is no longer a valid setting, and it is replaced by
`xpack.notification.email.account.<id>.smtp.secure_password`
This commit is contained in:
Albert Zaharovits 2019-01-20 12:51:24 +02:00 committed by GitHub
parent fc99eb3e65
commit 5308746270
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
28 changed files with 243 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
docs/reference/migration/migrate_7_0/settings.asciidoc
View File

@ -131,3 +131,26 @@ The removal of these default settings also removes the ability for a component t
fallback to a default configuration when using TLS. Each component (realm, transport, http, fallback to a default configuration when using TLS. Each component (realm, transport, http,
http client, etc) must now be configured with their own settings for TLS if it is being http client, etc) must now be configured with their own settings for TLS if it is being
used. used.
[float]
[[watcher-notifications-account-settings]]
==== Watcher notifications account settings
The following settings have been removed in favor of the secure variants.
The <<secure-settings, secure settings>> have to be defined inside each cluster
node's keystore, i.e., they are not to be specified via the cluster settings API.
- `xpack.notification.email.account.<id>.smtp.password`, instead use
`xpack.notification.email.account.<id>.smtp.secure_password`
- `xpack.notification.hipchat.account.<id>.auth_token`, instead use
`xpack.notification.hipchat.account.<id>.secure_auth_token`
- `xpack.notification.jira.account.<id>.url`, instead use
`xpack.notification.jira.account.<id>.secure_url`
- `xpack.notification.jira.account.<id>.user`, instead use
`xpack.notification.jira.account.<id>.secure_user`
- `xpack.notification.jira.account.<id>.password`, instead use
`xpack.notification.jira.account.<id>.secure_password`
- `xpack.notification.pagerduty.account.<id>.service_api_key`, instead use
`xpack.notification.pagerduty.account.<id>.secure_service_api_key`
- `xpack.notification.slack.account.<id>.url`, instead use
`xpack.notification.slack.account.<id>.secure_url`

20
docs/reference/settings/notification-settings.asciidoc
View File

@ -115,7 +115,7 @@ can specify the following email account attributes:
`smtp.user` (<<cluster-update-settings,Dynamic>>);; `smtp.user` (<<cluster-update-settings,Dynamic>>);;
The user name for SMTP. Required. The user name for SMTP. Required.
`smtp.password` (<<cluster-update-settings,Dynamic>>);; `smtp.secure_password` (<<secure-settings,Secure>>);;
The password for the specified SMTP user. The password for the specified SMTP user.
`smtp.starttls.enable` (<<cluster-update-settings,Dynamic>>);; `smtp.starttls.enable` (<<cluster-update-settings,Dynamic>>);;
@ -222,9 +222,8 @@ via HipChat. You can specify the following HipChat account attributes:
The HipChat account profile to use: `integration`, The HipChat account profile to use: `integration`,
`user`, or `v1`. Required. `user`, or `v1`. Required.
`auth_token`;; `secure_auth_token` (<<secure-settings,Secure>>);;
The authentication token to use to access The authentication token to use to access the HipChat API. Required.
the HipChat API. Required.
`host`;; `host`;;
The HipChat server hostname. Defaults to `api.hipchat.com`. The HipChat server hostname. Defaults to `api.hipchat.com`.
@ -268,9 +267,8 @@ via Slack. You can specify the following Slack account attributes:
[[slack-account-attributes]] [[slack-account-attributes]]
`url`;; `secure_url` (<<secure-settings,Secure>>);;
The Incoming Webhook URL to use to post The Incoming Webhook URL to use to post messages to Slack. Required.
messages to Slack. Required.
`message_defaults.from`;; `message_defaults.from`;;
The sender name to display in the The sender name to display in the
@ -309,13 +307,13 @@ issues in Jira. You can specify the following Jira account attributes:
[[jira-account-attributes]] [[jira-account-attributes]]
`url`;; `secure_url` (<<secure-settings,Secure>>);;
The URL of the Jira Software server. Required. The URL of the Jira Software server. Required.
`user`;; `secure_user` (<<secure-settings,Secure>>);;
The name of the user to connect to the Jira Software server. Required. The name of the user to connect to the Jira Software server. Required.
`password`;; `secure_password` (<<secure-settings,Secure>>);;
The password of the user to connect to the Jira Software server. Required. The password of the user to connect to the Jira Software server. Required.
`issue_defaults`;; `issue_defaults`;;
@ -341,7 +339,7 @@ via PagerDuty. You can specify the following PagerDuty account attributes:
A name for the PagerDuty account associated with the API key you A name for the PagerDuty account associated with the API key you
are using to access PagerDuty. Required. are using to access PagerDuty. Required.
`service_api_key`;; `secure_service_api_key` (<<secure-settings,Secure>>);;
The https://developer.pagerduty.com/documentation/rest/authentication[ The https://developer.pagerduty.com/documentation/rest/authentication[
PagerDuty API key] to use to access PagerDuty. Required. PagerDuty API key] to use to access PagerDuty. Required.

20
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/email/Account.java
View File

@ -32,8 +32,7 @@ import java.util.Set;
public class Account { public class Account {
static final String SMTP_PROTOCOL = "smtp"; static final String SMTP_PROTOCOL = "smtp";
private static final String SMTP_PASSWORD = "password"; public static final Setting<SecureString> SECURE_PASSWORD_SETTING = SecureSetting.secureString("secure_password", null);
private static final Setting<SecureString> SECURE_PASSWORD_SETTING = SecureSetting.secureString("secure_" + SMTP_PASSWORD, null);
static { static {
SecurityManager sm = System.getSecurityManager(); SecurityManager sm = System.getSecurityManager();
@ -213,7 +212,7 @@ public class Account {
port = settings.getAsInt("port", settings.getAsInt("localport", settings.getAsInt("local_port", 25))); port = settings.getAsInt("port", settings.getAsInt("localport", settings.getAsInt("local_port", 25)));
user = settings.get("user", settings.get("from", null)); user = settings.get("user", settings.get("from", null));
password = getSecureSetting(SMTP_PASSWORD, settings, SECURE_PASSWORD_SETTING); password = getSecureSetting(settings, SECURE_PASSWORD_SETTING);
//password = passStr != null ? passStr.toCharArray() : null; //password = passStr != null ? passStr.toCharArray() : null;
properties = loadSmtpProperties(settings); properties = loadSmtpProperties(settings);
} }
@ -225,17 +224,12 @@ public class Account {
* Note: if your setting was not previously secure, than the string reference that is in the setting object is still * Note: if your setting was not previously secure, than the string reference that is in the setting object is still
* insecure. This is only constructing a new SecureString with the char[] of the insecure setting. * insecure. This is only constructing a new SecureString with the char[] of the insecure setting.
*/ */
private static SecureString getSecureSetting(String settingName, Settings settings, Setting<SecureString> secureSetting) { private static SecureString getSecureSetting(Settings settings, Setting<SecureString> secureSetting) {
String value = settings.get(settingName); SecureString secureString = secureSetting.get(settings);
if (value == null) { if (secureString != null && secureString.length() > 0) {
SecureString secureString = secureSetting.get(settings); return secureString;
if (secureString != null && secureString.length() > 0) {
return secureString;
} else {
return null;
}
} else { } else {
return new SecureString(value.toCharArray()); return null;
} }
} }

7
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/email/EmailService.java
View File

@ -65,10 +65,6 @@ public class EmailService extends NotificationService<Account> {
Setting.affixKeySetting("xpack.notification.email.account.", "smtp.user", Setting.affixKeySetting("xpack.notification.email.account.", "smtp.user",
(key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope)); (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope));
private static final Setting.AffixSetting<String> SETTING_SMTP_PASSWORD =
Setting.affixKeySetting("xpack.notification.email.account.", "smtp.password",
(key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered));
private static final Setting.AffixSetting<SecureString> SETTING_SECURE_PASSWORD = private static final Setting.AffixSetting<SecureString> SETTING_SECURE_PASSWORD =
Setting.affixKeySetting("xpack.notification.email.account.", "smtp.secure_password", Setting.affixKeySetting("xpack.notification.email.account.", "smtp.secure_password",
(key) -> SecureSetting.secureString(key, null)); (key) -> SecureSetting.secureString(key, null));
@ -122,7 +118,6 @@ public class EmailService extends NotificationService<Account> {
clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_HOST, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_HOST, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_PORT, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_PORT, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_USER, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_USER, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_PASSWORD, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_TIMEOUT, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_TIMEOUT, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_CONNECTION_TIMEOUT, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_CONNECTION_TIMEOUT, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_WRITE_TIMEOUT, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_WRITE_TIMEOUT, (s, o) -> {}, (s, o) -> {});
@ -182,7 +177,7 @@ public class EmailService extends NotificationService<Account> {
private static List<Setting<?>> getDynamicSettings() { private static List<Setting<?>> getDynamicSettings() {
return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_PROFILE, SETTING_EMAIL_DEFAULTS, SETTING_SMTP_AUTH, SETTING_SMTP_HOST, return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_PROFILE, SETTING_EMAIL_DEFAULTS, SETTING_SMTP_AUTH, SETTING_SMTP_HOST,
SETTING_SMTP_PASSWORD, SETTING_SMTP_PORT, SETTING_SMTP_STARTTLS_ENABLE, SETTING_SMTP_USER, SETTING_SMTP_STARTTLS_REQUIRED, SETTING_SMTP_PORT, SETTING_SMTP_STARTTLS_ENABLE, SETTING_SMTP_USER, SETTING_SMTP_STARTTLS_REQUIRED,
SETTING_SMTP_TIMEOUT, SETTING_SMTP_CONNECTION_TIMEOUT, SETTING_SMTP_WRITE_TIMEOUT, SETTING_SMTP_LOCAL_ADDRESS, SETTING_SMTP_TIMEOUT, SETTING_SMTP_CONNECTION_TIMEOUT, SETTING_SMTP_WRITE_TIMEOUT, SETTING_SMTP_LOCAL_ADDRESS,
SETTING_SMTP_LOCAL_PORT, SETTING_SMTP_SEND_PARTIAL, SETTING_SMTP_WAIT_ON_QUIT, SETTING_SMTP_SSL_TRUST_ADDRESS); SETTING_SMTP_LOCAL_PORT, SETTING_SMTP_SEND_PARTIAL, SETTING_SMTP_WAIT_ON_QUIT, SETTING_SMTP_SSL_TRUST_ADDRESS);
} }

17
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccount.java
View File

@ -23,7 +23,6 @@ import java.util.Map;
public abstract class HipChatAccount { public abstract class HipChatAccount {
public static final String AUTH_TOKEN_SETTING = "auth_token";
public static final String ROOM_SETTING = HipChatMessage.Field.ROOM.getPreferredName(); public static final String ROOM_SETTING = HipChatMessage.Field.ROOM.getPreferredName();
public static final String DEFAULT_ROOM_SETTING = "message_defaults." + HipChatMessage.Field.ROOM.getPreferredName(); public static final String DEFAULT_ROOM_SETTING = "message_defaults." + HipChatMessage.Field.ROOM.getPreferredName();
public static final String DEFAULT_USER_SETTING = "message_defaults." + HipChatMessage.Field.USER.getPreferredName(); public static final String DEFAULT_USER_SETTING = "message_defaults." + HipChatMessage.Field.USER.getPreferredName();
@ -32,7 +31,7 @@ public abstract class HipChatAccount {
public static final String DEFAULT_COLOR_SETTING = "message_defaults." + HipChatMessage.Field.COLOR.getPreferredName(); public static final String DEFAULT_COLOR_SETTING = "message_defaults." + HipChatMessage.Field.COLOR.getPreferredName();
public static final String DEFAULT_NOTIFY_SETTING = "message_defaults." + HipChatMessage.Field.NOTIFY.getPreferredName(); public static final String DEFAULT_NOTIFY_SETTING = "message_defaults." + HipChatMessage.Field.NOTIFY.getPreferredName();
private static final Setting<SecureString> SECURE_AUTH_TOKEN_SETTING = SecureSetting.secureString("secure_" + AUTH_TOKEN_SETTING, null); static final Setting<SecureString> SECURE_AUTH_TOKEN_SETTING = SecureSetting.secureString("secure_auth_token", null);
protected final Logger logger; protected final Logger logger;
protected final String name; protected final String name;
@ -52,16 +51,12 @@ public abstract class HipChatAccount {
} }
private static String getAuthToken(String name, Settings settings) { private static String getAuthToken(String name, Settings settings) {
String authToken = settings.get(AUTH_TOKEN_SETTING); SecureString secureString = SECURE_AUTH_TOKEN_SETTING.get(settings);
if (authToken == null || authToken.length() == 0) { if (secureString == null || secureString.length() < 1) {
SecureString secureString = SECURE_AUTH_TOKEN_SETTING.get(settings); throw new SettingsException(
if (secureString == null || secureString.length() < 1) { "hipchat account [" + name + "] missing required [" + SECURE_AUTH_TOKEN_SETTING.getKey() + "] secure setting");
throw new SettingsException("hipchat account [" + name + "] missing required [" + AUTH_TOKEN_SETTING + "] setting");
}
authToken = secureString.toString();
} }
return secureString.toString();
return authToken;
} }
public abstract String type(); public abstract String type();

8
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatService.java
View File

@ -34,11 +34,6 @@ public class HipChatService extends NotificationService<HipChatAccount> {
static final Setting<Integer> SETTING_DEFAULT_PORT = static final Setting<Integer> SETTING_DEFAULT_PORT =
Setting.intSetting("xpack.notification.hipchat.port", 443, Setting.Property.Dynamic, Setting.Property.NodeScope); Setting.intSetting("xpack.notification.hipchat.port", 443, Setting.Property.Dynamic, Setting.Property.NodeScope);
private static final Setting.AffixSetting<String> SETTING_AUTH_TOKEN =
Setting.affixKeySetting("xpack.notification.hipchat.account.", "auth_token",
(key) -> Setting.simpleString(key, Setting.Property.Dynamic, Setting.Property.NodeScope, Setting.Property.Filtered,
Setting.Property.Deprecated));
private static final Setting.AffixSetting<SecureString> SETTING_AUTH_TOKEN_SECURE = private static final Setting.AffixSetting<SecureString> SETTING_AUTH_TOKEN_SECURE =
Setting.affixKeySetting("xpack.notification.hipchat.account.", "secure_auth_token", Setting.affixKeySetting("xpack.notification.hipchat.account.", "secure_auth_token",
(key) -> SecureSetting.secureString(key, null)); (key) -> SecureSetting.secureString(key, null));
@ -75,7 +70,6 @@ public class HipChatService extends NotificationService<HipChatAccount> {
clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {}); clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {});
clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_HOST, (s) -> {}); clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_HOST, (s) -> {});
clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_PORT, (s) -> {}); clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_PORT, (s) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_AUTH_TOKEN, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_PROFILE, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_PROFILE, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_ROOM, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_ROOM, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_HOST, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_HOST, (s, o) -> {}, (s, o) -> {});
@ -101,7 +95,7 @@ public class HipChatService extends NotificationService<HipChatAccount> {
} }
private static List<Setting<?>> getDynamicSettings() { private static List<Setting<?>> getDynamicSettings() {
return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_AUTH_TOKEN, SETTING_PROFILE, SETTING_ROOM, SETTING_MESSAGE_DEFAULTS, return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_PROFILE, SETTING_ROOM, SETTING_MESSAGE_DEFAULTS,
SETTING_DEFAULT_HOST, SETTING_DEFAULT_PORT, SETTING_HOST, SETTING_PORT); SETTING_DEFAULT_HOST, SETTING_DEFAULT_PORT, SETTING_HOST, SETTING_PORT);
} }

40
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccount.java
View File

@ -6,7 +6,6 @@
package org.elasticsearch.xpack.watcher.notification.jira; package org.elasticsearch.xpack.watcher.notification.jira;
import org.elasticsearch.common.Booleans; import org.elasticsearch.common.Booleans;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.settings.SecureSetting; import org.elasticsearch.common.settings.SecureSetting;
import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.SecureString;
@ -42,15 +41,12 @@ public class JiraAccount {
**/ **/
public static final String DEFAULT_PATH = "/rest/api/2/issue"; public static final String DEFAULT_PATH = "/rest/api/2/issue";
static final String USER_SETTING = "user";
static final String PASSWORD_SETTING = "password";
static final String URL_SETTING = "url";
static final String ISSUE_DEFAULTS_SETTING = "issue_defaults"; static final String ISSUE_DEFAULTS_SETTING = "issue_defaults";
static final String ALLOW_HTTP_SETTING = "allow_http"; static final String ALLOW_HTTP_SETTING = "allow_http";
private static final Setting<SecureString> SECURE_USER_SETTING = SecureSetting.secureString("secure_" + USER_SETTING, null); public static final Setting<SecureString> SECURE_USER_SETTING = SecureSetting.secureString("secure_user", null);
private static final Setting<SecureString> SECURE_PASSWORD_SETTING = SecureSetting.secureString("secure_" + PASSWORD_SETTING, null); public static final Setting<SecureString> SECURE_PASSWORD_SETTING = SecureSetting.secureString("secure_password", null);
private static final Setting<SecureString> SECURE_URL_SETTING = SecureSetting.secureString("secure_" + URL_SETTING, null); public static final Setting<SecureString> SECURE_URL_SETTING = SecureSetting.secureString("secure_url", null);
private final HttpClient httpClient; private final HttpClient httpClient;
private final String name; private final String name;
@ -62,7 +58,7 @@ public class JiraAccount {
public JiraAccount(String name, Settings settings, HttpClient httpClient) { public JiraAccount(String name, Settings settings, HttpClient httpClient) {
this.httpClient = httpClient; this.httpClient = httpClient;
this.name = name; this.name = name;
String url = getSetting(name, URL_SETTING, settings, SECURE_URL_SETTING); String url = getSetting(name, settings, SECURE_URL_SETTING);
try { try {
URI uri = new URI(url); URI uri = new URI(url);
Scheme protocol = Scheme.parse(uri.getScheme()); Scheme protocol = Scheme.parse(uri.getScheme());
@ -71,16 +67,11 @@ public class JiraAccount {
} }
this.url = uri; this.url = uri;
} catch (URISyntaxException | IllegalArgumentException e) { } catch (URISyntaxException | IllegalArgumentException e) {
throw new SettingsException("invalid jira [" + name + "] account settings. invalid [" + URL_SETTING + "] setting", e); throw new SettingsException(
} "invalid jira [" + name + "] account settings. invalid [" + SECURE_URL_SETTING.getKey() + "] setting", e);
this.user = getSetting(name, USER_SETTING, settings, SECURE_USER_SETTING);
if (Strings.isEmpty(this.user)) {
throw requiredSettingException(name, USER_SETTING);
}
this.password = getSetting(name, PASSWORD_SETTING, settings, SECURE_PASSWORD_SETTING);
if (Strings.isEmpty(this.password)) {
throw requiredSettingException(name, PASSWORD_SETTING);
} }
this.user = getSetting(name, settings, SECURE_USER_SETTING);
this.password = getSetting(name, settings, SECURE_PASSWORD_SETTING);
try (XContentBuilder builder = XContentBuilder.builder(XContentType.JSON.xContent())) { try (XContentBuilder builder = XContentBuilder.builder(XContentType.JSON.xContent())) {
builder.startObject(); builder.startObject();
settings.getAsSettings(ISSUE_DEFAULTS_SETTING).toXContent(builder, ToXContent.EMPTY_PARAMS); settings.getAsSettings(ISSUE_DEFAULTS_SETTING).toXContent(builder, ToXContent.EMPTY_PARAMS);
@ -95,17 +86,12 @@ public class JiraAccount {
} }
} }
private static String getSetting(String accountName, String settingName, Settings settings, Setting<SecureString> secureSetting) { private static String getSetting(String accountName, Settings settings, Setting<SecureString> secureSetting) {
String value = settings.get(settingName); SecureString secureString = secureSetting.get(settings);
if (value == null) { if (secureString == null || secureString.length() < 1) {
SecureString secureString = secureSetting.get(settings); throw requiredSettingException(accountName, secureSetting.getKey());
if (secureString == null || secureString.length() < 1) {
throw requiredSettingException(accountName, settingName);
}
value = secureString.toString();
} }
return secureString.toString();
return value;
} }
public String getName() { public String getName() {

17
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraService.java
View File

@ -32,18 +32,6 @@ public class JiraService extends NotificationService<JiraAccount> {
Setting.affixKeySetting("xpack.notification.jira.account.", "allow_http", Setting.affixKeySetting("xpack.notification.jira.account.", "allow_http",
(key) -> Setting.boolSetting(key, false, Property.Dynamic, Property.NodeScope)); (key) -> Setting.boolSetting(key, false, Property.Dynamic, Property.NodeScope));
private static final Setting.AffixSetting<String> SETTING_URL =
Setting.affixKeySetting("xpack.notification.jira.account.", "url",
(key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered));
private static final Setting.AffixSetting<String> SETTING_USER =
Setting.affixKeySetting("xpack.notification.jira.account.", "user",
(key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered));
private static final Setting.AffixSetting<String> SETTING_PASSWORD =
Setting.affixKeySetting("xpack.notification.jira.account.", "password",
(key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered, Property.Deprecated));
private static final Setting.AffixSetting<SecureString> SETTING_SECURE_USER = private static final Setting.AffixSetting<SecureString> SETTING_SECURE_USER =
Setting.affixKeySetting("xpack.notification.jira.account.", "secure_user", Setting.affixKeySetting("xpack.notification.jira.account.", "secure_user",
(key) -> SecureSetting.secureString(key, null)); (key) -> SecureSetting.secureString(key, null));
@ -68,9 +56,6 @@ public class JiraService extends NotificationService<JiraAccount> {
// ensure logging of setting changes // ensure logging of setting changes
clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {}); clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_ALLOW_HTTP, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_ALLOW_HTTP, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_URL, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_USER, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_PASSWORD, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_DEFAULTS, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_DEFAULTS, (s, o) -> {}, (s, o) -> {});
// do an initial load // do an initial load
reload(settings); reload(settings);
@ -82,7 +67,7 @@ public class JiraService extends NotificationService<JiraAccount> {
} }
private static List<Setting<?>> getDynamicSettings() { private static List<Setting<?>> getDynamicSettings() {
return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_ALLOW_HTTP, SETTING_URL, SETTING_USER, SETTING_PASSWORD, SETTING_DEFAULTS); return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_ALLOW_HTTP, SETTING_DEFAULTS);
} }
private static List<Setting<?>> getSecureSettings() { private static List<Setting<?>> getSecureSettings() {

25
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccount.java
View File

@ -19,19 +19,17 @@ import java.io.IOException;
public class PagerDutyAccount { public class PagerDutyAccount {
private static final String SERVICE_KEY_SETTING = "service_api_key";
private static final String TRIGGER_DEFAULTS_SETTING = "event_defaults"; private static final String TRIGGER_DEFAULTS_SETTING = "event_defaults";
private static final Setting<SecureString> SECURE_SERVICE_API_KEY_SETTING = public static final Setting<SecureString> SECURE_SERVICE_API_KEY_SETTING = SecureSetting.secureString("secure_service_api_key", null);
SecureSetting.secureString("secure_" + SERVICE_KEY_SETTING, null);
private final String name; private final String name;
private final String serviceKey; private final String serviceKey;
private final HttpClient httpClient; private final HttpClient httpClient;
private final IncidentEventDefaults eventDefaults; private final IncidentEventDefaults eventDefaults;
PagerDutyAccount(String name, Settings accountSettings, Settings serviceSettings, HttpClient httpClient) { PagerDutyAccount(String name, Settings accountSettings, HttpClient httpClient) {
this.name = name; this.name = name;
this.serviceKey = getServiceKey(name, accountSettings, serviceSettings); this.serviceKey = getServiceKey(name, accountSettings);
this.httpClient = httpClient; this.httpClient = httpClient;
this.eventDefaults = new IncidentEventDefaults(accountSettings.getAsSettings(TRIGGER_DEFAULTS_SETTING)); this.eventDefaults = new IncidentEventDefaults(accountSettings.getAsSettings(TRIGGER_DEFAULTS_SETTING));
@ -51,17 +49,12 @@ public class PagerDutyAccount {
return SentEvent.responded(event, request, response); return SentEvent.responded(event, request, response);
} }
private static String getServiceKey(String name, Settings accountSettings, Settings serviceSettings) { private static String getServiceKey(String name, Settings accountSettings) {
String serviceKey = accountSettings.get(SERVICE_KEY_SETTING, serviceSettings.get(SERVICE_KEY_SETTING, null)); SecureString secureString = SECURE_SERVICE_API_KEY_SETTING.get(accountSettings);
if (serviceKey == null) { if (secureString == null || secureString.length() < 1) {
SecureString secureString = SECURE_SERVICE_API_KEY_SETTING.get(accountSettings); throw new SettingsException(
if (secureString == null || secureString.length() < 1) { "invalid pagerduty account [" + name + "]. missing required [" + SECURE_SERVICE_API_KEY_SETTING.getKey() + "] setting");
throw new SettingsException("invalid pagerduty account [" + name + "]. missing required [" + SERVICE_KEY_SETTING +
"] setting");
}
serviceKey = secureString.toString();
} }
return secureString.toString();
return serviceKey;
} }
} }

9
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyService.java
View File

@ -26,10 +26,6 @@ public class PagerDutyService extends NotificationService<PagerDutyAccount> {
private static final Setting<String> SETTING_DEFAULT_ACCOUNT = private static final Setting<String> SETTING_DEFAULT_ACCOUNT =
Setting.simpleString("xpack.notification.pagerduty.default_account", Property.Dynamic, Property.NodeScope); Setting.simpleString("xpack.notification.pagerduty.default_account", Property.Dynamic, Property.NodeScope);
private static final Setting.AffixSetting<String> SETTING_SERVICE_API_KEY =
Setting.affixKeySetting("xpack.notification.pagerduty.account.", "service_api_key",
(key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered, Property.Deprecated));
private static final Setting.AffixSetting<SecureString> SETTING_SECURE_SERVICE_API_KEY = private static final Setting.AffixSetting<SecureString> SETTING_SECURE_SERVICE_API_KEY =
Setting.affixKeySetting("xpack.notification.pagerduty.account.", "secure_service_api_key", Setting.affixKeySetting("xpack.notification.pagerduty.account.", "secure_service_api_key",
(key) -> SecureSetting.secureString(key, null)); (key) -> SecureSetting.secureString(key, null));
@ -45,7 +41,6 @@ public class PagerDutyService extends NotificationService<PagerDutyAccount> {
this.httpClient = httpClient; this.httpClient = httpClient;
// ensure logging of setting changes // ensure logging of setting changes
clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {}); clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_SERVICE_API_KEY, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_DEFAULTS, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_DEFAULTS, (s, o) -> {}, (s, o) -> {});
// do an initial load // do an initial load
reload(settings); reload(settings);
@ -53,11 +48,11 @@ public class PagerDutyService extends NotificationService<PagerDutyAccount> {
@Override @Override
protected PagerDutyAccount createAccount(String name, Settings accountSettings) { protected PagerDutyAccount createAccount(String name, Settings accountSettings) {
return new PagerDutyAccount(name, accountSettings, accountSettings, httpClient); return new PagerDutyAccount(name, accountSettings, httpClient);
} }
private static List<Setting<?>> getDynamicSettings() { private static List<Setting<?>> getDynamicSettings() {
return Arrays.asList(SETTING_SERVICE_API_KEY, SETTING_DEFAULTS, SETTING_DEFAULT_ACCOUNT); return Arrays.asList(SETTING_DEFAULTS, SETTING_DEFAULT_ACCOUNT);
} }
private static List<Setting<?>> getSecureSettings() { private static List<Setting<?>> getSecureSettings() {

28
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackAccount.java
View File

@ -32,11 +32,9 @@ import java.util.List;
public class SlackAccount { public class SlackAccount {
public static final String URL_SETTING = "url";
public static final String MESSAGE_DEFAULTS_SETTING = "message_defaults"; public static final String MESSAGE_DEFAULTS_SETTING = "message_defaults";
private static final Setting<SecureString> SECURE_URL_SETTING = SecureSetting.secureString("secure_" + URL_SETTING, null); private static final Setting<SecureString> SECURE_URL_SETTING = SecureSetting.secureString("secure_url", null);
final String name; final String name;
final URI url; final URI url;
@ -44,9 +42,9 @@ public class SlackAccount {
final Logger logger; final Logger logger;
final SlackMessageDefaults messageDefaults; final SlackMessageDefaults messageDefaults;
public SlackAccount(String name, Settings settings, Settings defaultSettings, HttpClient httpClient, Logger logger) { public SlackAccount(String name, Settings settings, HttpClient httpClient, Logger logger) {
this.name = name; this.name = name;
this.url = url(name, settings, defaultSettings); this.url = url(name, settings);
this.messageDefaults = new SlackMessageDefaults(settings.getAsSettings(MESSAGE_DEFAULTS_SETTING)); this.messageDefaults = new SlackMessageDefaults(settings.getAsSettings(MESSAGE_DEFAULTS_SETTING));
this.httpClient = httpClient; this.httpClient = httpClient;
this.logger = logger; this.logger = logger;
@ -120,21 +118,17 @@ public class SlackAccount {
} }
} }
static URI url(String name, Settings settings, Settings defaultSettings) { static URI url(String name, Settings settings) {
String url = settings.get(URL_SETTING, defaultSettings.get(URL_SETTING, null)); SecureString secureStringUrl = SECURE_URL_SETTING.get(settings);
if (url == null) { if (secureStringUrl == null || secureStringUrl.length() < 1) {
SecureString secureStringUrl = SECURE_URL_SETTING.get(settings); throw new SettingsException(
if (secureStringUrl != null && secureStringUrl.length() > 0) { "invalid slack [" + name + "] account settings. missing required [" + SECURE_URL_SETTING.getKey() + "] setting");
url = secureStringUrl.toString();
}
}
if (url == null) {
throw new SettingsException("invalid slack [" + name + "] account settings. missing required [" + URL_SETTING + "] setting");
} }
try { try {
return new URI(url); return new URI(secureStringUrl.toString());
} catch (URISyntaxException e) { } catch (URISyntaxException e) {
throw new SettingsException("invalid slack [" + name + "] account settings. invalid [" + URL_SETTING + "] setting", e); throw new SettingsException(
"invalid slack [" + name + "] account settings. invalid [" + SECURE_URL_SETTING.getKey() + "] setting", e);
} }
} }
} }

9
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackService.java
View File

@ -28,10 +28,6 @@ public class SlackService extends NotificationService<SlackAccount> {
private static final Setting<String> SETTING_DEFAULT_ACCOUNT = private static final Setting<String> SETTING_DEFAULT_ACCOUNT =
Setting.simpleString("xpack.notification.slack.default_account", Property.Dynamic, Property.NodeScope); Setting.simpleString("xpack.notification.slack.default_account", Property.Dynamic, Property.NodeScope);
private static final Setting.AffixSetting<String> SETTING_URL =
Setting.affixKeySetting("xpack.notification.slack.account.", "url",
(key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered, Property.Deprecated));
private static final Setting.AffixSetting<SecureString> SETTING_URL_SECURE = private static final Setting.AffixSetting<SecureString> SETTING_URL_SECURE =
Setting.affixKeySetting("xpack.notification.slack.account.", "secure_url", (key) -> SecureSetting.secureString(key, null)); Setting.affixKeySetting("xpack.notification.slack.account.", "secure_url", (key) -> SecureSetting.secureString(key, null));
@ -48,7 +44,6 @@ public class SlackService extends NotificationService<SlackAccount> {
this.httpClient = httpClient; this.httpClient = httpClient;
// ensure logging of setting changes // ensure logging of setting changes
clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {}); clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_URL, (s, o) -> {}, (s, o) -> {});
clusterSettings.addAffixUpdateConsumer(SETTING_DEFAULTS, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_DEFAULTS, (s, o) -> {}, (s, o) -> {});
// do an initial load // do an initial load
reload(settings); reload(settings);
@ -56,11 +51,11 @@ public class SlackService extends NotificationService<SlackAccount> {
@Override @Override
protected SlackAccount createAccount(String name, Settings accountSettings) { protected SlackAccount createAccount(String name, Settings accountSettings) {
return new SlackAccount(name, accountSettings, accountSettings, httpClient, logger); return new SlackAccount(name, accountSettings, httpClient, logger);
} }
private static List<Setting<?>> getDynamicSettings() { private static List<Setting<?>> getDynamicSettings() {
return Arrays.asList(SETTING_URL, SETTING_DEFAULT_ACCOUNT, SETTING_DEFAULTS); return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_DEFAULTS);
} }
private static List<Setting<?>> getSecureSettings() { private static List<Setting<?>> getSecureSettings() {

5
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/email/EmailAttachmentTests.java
View File

@ -8,6 +8,7 @@ package org.elasticsearch.xpack.watcher.actions.email;
import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.common.Strings; import org.elasticsearch.common.Strings;
import org.elasticsearch.common.io.Streams; import org.elasticsearch.common.io.Streams;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentBuilder;
@ -82,13 +83,15 @@ public class EmailAttachmentTests extends AbstractWatcherIntegrationTestCase {
@Override @Override
protected Settings nodeSettings(int nodeOrdinal) { protected Settings nodeSettings(int nodeOrdinal) {
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("xpack.notification.email.account.test.smtp.secure_password", EmailServer.PASSWORD);
return Settings.builder() return Settings.builder()
.put(super.nodeSettings(nodeOrdinal)) .put(super.nodeSettings(nodeOrdinal))
.put("xpack.notification.email.account.test.smtp.auth", true) .put("xpack.notification.email.account.test.smtp.auth", true)
.put("xpack.notification.email.account.test.smtp.user", EmailServer.USERNAME) .put("xpack.notification.email.account.test.smtp.user", EmailServer.USERNAME)
.put("xpack.notification.email.account.test.smtp.password", EmailServer.PASSWORD)
.put("xpack.notification.email.account.test.smtp.port", server.port()) .put("xpack.notification.email.account.test.smtp.port", server.port())
.put("xpack.notification.email.account.test.smtp.host", "localhost") .put("xpack.notification.email.account.test.smtp.host", "localhost")
.setSecureSettings(secureSettings)
.build(); .build();
} }

5
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/email/EmailMessageIdTests.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.xpack.watcher.actions.email; package org.elasticsearch.xpack.watcher.actions.email;
import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.ESTestCase;
@ -42,12 +43,14 @@ public class EmailMessageIdTests extends ESTestCase {
public void startSmtpServer() { public void startSmtpServer() {
server = EmailServer.localhost(logger); server = EmailServer.localhost(logger);
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("xpack.notification.email.account.test.smtp.secure_password", EmailServer.PASSWORD);
Settings settings = Settings.builder() Settings settings = Settings.builder()
.put("xpack.notification.email.account.test.smtp.auth", true) .put("xpack.notification.email.account.test.smtp.auth", true)
.put("xpack.notification.email.account.test.smtp.user", EmailServer.USERNAME) .put("xpack.notification.email.account.test.smtp.user", EmailServer.USERNAME)
.put("xpack.notification.email.account.test.smtp.password", EmailServer.PASSWORD)
.put("xpack.notification.email.account.test.smtp.port", server.port()) .put("xpack.notification.email.account.test.smtp.port", server.port())
.put("xpack.notification.email.account.test.smtp.host", "localhost") .put("xpack.notification.email.account.test.smtp.host", "localhost")
.setSecureSettings(secureSettings)
.build(); .build();
Set<Setting<?>> registeredSettings = new HashSet<>(ClusterSettings.BUILT_IN_CLUSTER_SETTINGS); Set<Setting<?>> registeredSettings = new HashSet<>(ClusterSettings.BUILT_IN_CLUSTER_SETTINGS);

19
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/jira/ExecutableJiraActionTests.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.xpack.watcher.actions.jira; package org.elasticsearch.xpack.watcher.actions.jira;
import org.elasticsearch.common.collect.MapBuilder; import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.script.ScriptService; import org.elasticsearch.script.ScriptService;
import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.ESTestCase;
@ -63,11 +64,11 @@ public class ExecutableJiraActionTests extends ESTestCase {
final String user = randomAlphaOfLength(10); final String user = randomAlphaOfLength(10);
final String password = randomAlphaOfLength(10); final String password = randomAlphaOfLength(10);
Settings accountSettings = Settings.builder() final MockSecureSettings secureSettings = new MockSecureSettings();
.put("url", url) secureSettings.setString(JiraAccount.SECURE_URL_SETTING.getKey(), url);
.put("user", user) secureSettings.setString(JiraAccount.SECURE_USER_SETTING.getKey(), user);
.put("password", password) secureSettings.setString(JiraAccount.SECURE_PASSWORD_SETTING.getKey(), password);
.build(); Settings accountSettings = Settings.builder().setSecureSettings(secureSettings).build();
JiraAccount account = new JiraAccount("account1", accountSettings, httpClient); JiraAccount account = new JiraAccount("account1", accountSettings, httpClient);
@ -259,10 +260,12 @@ public class ExecutableJiraActionTests extends ESTestCase {
} }
private JiraAction.Simulated simulateExecution(Map<String, Object> actionFields, Map<String, String> accountFields) throws Exception { private JiraAction.Simulated simulateExecution(Map<String, Object> actionFields, Map<String, String> accountFields) throws Exception {
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(JiraAccount.SECURE_URL_SETTING.getKey(), "https://internal-jira.elastic.co:443");
secureSettings.setString(JiraAccount.SECURE_USER_SETTING.getKey(), "elastic");
secureSettings.setString(JiraAccount.SECURE_PASSWORD_SETTING.getKey(), "secret");
Settings.Builder settings = Settings.builder() Settings.Builder settings = Settings.builder()
.put("url", "https://internal-jira.elastic.co:443") .setSecureSettings(secureSettings)
.put("user", "elastic")
.put("password", "secret")
.putProperties(accountFields, s -> "issue_defaults." + s); .putProperties(accountFields, s -> "issue_defaults." + s);
JiraAccount account = new JiraAccount("account", settings.build(), mock(HttpClient.class)); JiraAccount account = new JiraAccount("account", settings.build(), mock(HttpClient.class));

10
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/jira/JiraActionTests.java
View File

@ -9,6 +9,7 @@ import org.apache.http.HttpStatus;
import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.ElasticsearchParseException;
import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.collect.MapBuilder; import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentBuilder;
@ -216,10 +217,13 @@ public class JiraActionTests extends ESTestCase {
HttpClient httpClient = mock(HttpClient.class); HttpClient httpClient = mock(HttpClient.class);
when(httpClient.execute(any(HttpRequest.class))).thenReturn(new HttpResponse(HttpStatus.SC_CREATED)); when(httpClient.execute(any(HttpRequest.class))).thenReturn(new HttpResponse(HttpStatus.SC_CREATED));
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("secure_url", "https://internal-jira.elastic.co:443");
secureSettings.setString("secure_user", "elastic");
secureSettings.setString("secure_password", "secret");
Settings.Builder settings = Settings.builder() Settings.Builder settings = Settings.builder()
.put("url", "https://internal-jira.elastic.co:443") .setSecureSettings(secureSettings)
.put("user", "elastic")
.put("password", "secret")
.put("issue_defaults.customfield_000", "foo") .put("issue_defaults.customfield_000", "foo")
.put("issue_defaults.customfield_001", "bar"); .put("issue_defaults.customfield_001", "bar");

7
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/slack/ExecutableSlackActionTests.java
View File

@ -5,6 +5,7 @@
*/ */
package org.elasticsearch.xpack.watcher.actions.slack; package org.elasticsearch.xpack.watcher.actions.slack;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.xpack.core.watcher.execution.WatchExecutionContext; import org.elasticsearch.xpack.core.watcher.execution.WatchExecutionContext;
@ -40,8 +41,10 @@ public class ExecutableSlackActionTests extends ESTestCase {
ArgumentCaptor<HttpRequest> argumentCaptor = ArgumentCaptor.forClass(HttpRequest.class); ArgumentCaptor<HttpRequest> argumentCaptor = ArgumentCaptor.forClass(HttpRequest.class);
when(httpClient.execute(argumentCaptor.capture())).thenReturn(new HttpResponse(200)); when(httpClient.execute(argumentCaptor.capture())).thenReturn(new HttpResponse(200));
Settings accountSettings = Settings.builder().put("url", "http://example.org").build(); final MockSecureSettings secureSettings = new MockSecureSettings();
SlackAccount account = new SlackAccount("account1", accountSettings, Settings.EMPTY, httpClient, logger); secureSettings.setString("secure_url", "http://example.org");
Settings accountSettings = Settings.builder().setSecureSettings(secureSettings).build();
SlackAccount account = new SlackAccount("account1", accountSettings, httpClient, logger);
SlackService service = mock(SlackService.class); SlackService service = mock(SlackService.class);
when(service.getAccount(eq("account1"))).thenReturn(account); when(service.getAccount(eq("account1"))).thenReturn(account);

7
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryStoreTests.java
View File

@ -16,6 +16,7 @@ import org.elasticsearch.action.bulk.BulkResponse;
import org.elasticsearch.action.index.IndexRequest; import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.index.IndexResponse; import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.client.Client; import org.elasticsearch.client.Client;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.ESTestCase;
@ -121,7 +122,11 @@ public class HistoryStoreTests extends ESTestCase {
final String password = randomFrom("secret", "supersecret", "123456"); final String password = randomFrom("secret", "supersecret", "123456");
final String url = "https://" + randomFrom("localhost", "internal-jira.elastic.co") + ":" + randomFrom(80, 8080, 449, 9443); final String url = "https://" + randomFrom("localhost", "internal-jira.elastic.co") + ":" + randomFrom(80, 8080, 449, 9443);
Settings settings = Settings.builder().put("url", url).put("user", username).put("password", password).build(); final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("secure_url", url);
secureSettings.setString("secure_user", username);
secureSettings.setString("secure_password", password);
Settings settings = Settings.builder().setSecureSettings(secureSettings).build();
JiraAccount account = new JiraAccount("_account", settings, httpClient); JiraAccount account = new JiraAccount("_account", settings, httpClient);
JiraIssue jiraIssue = account.createIssue(singletonMap("foo", "bar"), null); JiraIssue jiraIssue = account.createIssue(singletonMap("foo", "bar"), null);

6
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.xpack.watcher.history; package org.elasticsearch.xpack.watcher.history;
import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.protocol.xpack.watcher.PutWatchResponse; import org.elasticsearch.protocol.xpack.watcher.PutWatchResponse;
import org.elasticsearch.search.aggregations.Aggregations; import org.elasticsearch.search.aggregations.Aggregations;
@ -52,16 +53,17 @@ public class HistoryTemplateEmailMappingsTests extends AbstractWatcherIntegratio
@Override @Override
protected Settings nodeSettings(int nodeOrdinal) { protected Settings nodeSettings(int nodeOrdinal) {
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("xpack.notification.email.account.test.smtp.secure_password", EmailServer.PASSWORD);
return Settings.builder() return Settings.builder()
.put(super.nodeSettings(nodeOrdinal)) .put(super.nodeSettings(nodeOrdinal))
// email // email
.put("xpack.notification.email.account.test.smtp.auth", true) .put("xpack.notification.email.account.test.smtp.auth", true)
.put("xpack.notification.email.account.test.smtp.user", EmailServer.USERNAME) .put("xpack.notification.email.account.test.smtp.user", EmailServer.USERNAME)
.put("xpack.notification.email.account.test.smtp.password", EmailServer.PASSWORD)
.put("xpack.notification.email.account.test.smtp.port", server.port()) .put("xpack.notification.email.account.test.smtp.port", server.port())
.put("xpack.notification.email.account.test.smtp.host", "localhost") .put("xpack.notification.email.account.test.smtp.host", "localhost")
.setSecureSettings(secureSettings)
.build(); .build();
} }

38
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/email/AccountTests.java
View File

@ -116,8 +116,9 @@ public class AccountTests extends ESTestCase {
String password = null; String password = null;
if (randomBoolean()) { if (randomBoolean()) {
password = randomAlphaOfLength(8); password = randomAlphaOfLength(8);
smtpBuilder.put("password", password); final MockSecureSettings secureSettings = new MockSecureSettings();
smtpProps.put("mail.smtp.password", password); secureSettings.setString("smtp." + Account.SECURE_PASSWORD_SETTING.getKey(), password);
builder.setSecureSettings(secureSettings);
} }
for (int i = 0; i < 5; i++) { for (int i = 0; i < 5; i++) {
String name = randomAlphaOfLength(5); String name = randomAlphaOfLength(5);
@ -157,11 +158,13 @@ public class AccountTests extends ESTestCase {
} }
public void testSend() throws Exception { public void testSend() throws Exception {
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("smtp." + Account.SECURE_PASSWORD_SETTING.getKey(), EmailServer.PASSWORD);
Account account = new Account(new Account.Config("default", Settings.builder() Account account = new Account(new Account.Config("default", Settings.builder()
.put("smtp.host", "localhost") .put("smtp.host", "localhost")
.put("smtp.port", server.port()) .put("smtp.port", server.port())
.put("smtp.user", EmailServer.USERNAME) .put("smtp.user", EmailServer.USERNAME)
.put("smtp.password", EmailServer.PASSWORD) .setSecureSettings(secureSettings)
.build()), null, logger); .build()), null, logger);
Email email = Email.builder() Email email = Email.builder()
@ -192,11 +195,13 @@ public class AccountTests extends ESTestCase {
} }
public void testSendCCAndBCC() throws Exception { public void testSendCCAndBCC() throws Exception {
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("smtp." + Account.SECURE_PASSWORD_SETTING.getKey(), EmailServer.PASSWORD);
Account account = new Account(new Account.Config("default", Settings.builder() Account account = new Account(new Account.Config("default", Settings.builder()
.put("smtp.host", "localhost") .put("smtp.host", "localhost")
.put("smtp.port", server.port()) .put("smtp.port", server.port())
.put("smtp.user", EmailServer.USERNAME) .put("smtp.user", EmailServer.USERNAME)
.put("smtp.password", EmailServer.PASSWORD) .setSecureSettings(secureSettings)
.build()), null, logger); .build()), null, logger);
Email email = Email.builder() Email email = Email.builder()
@ -293,29 +298,4 @@ public class AccountTests extends ESTestCase {
}); });
} }
public void testEnsurePasswordSetAsSecureSetting() {
String password = "password";
MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("smtp.secure_password", password);
Settings settings = Settings.builder()
.put("smtp.host", "localhost")
.put("smtp.port", server.port())
.put("smtp.connection_timeout", TimeValue.timeValueMinutes(4))
.setSecureSettings(secureSettings)
.build();
Account.Config config = new Account.Config("default", settings);
assertThat(config.smtp.password.getChars(), equalTo(password.toCharArray()));
settings = Settings.builder()
.put("smtp.host", "localhost")
.put("smtp.port", server.port())
.put("smtp.connection_timeout", TimeValue.timeValueMinutes(4))
.put("smtp.password", password)
.build();
config = new Account.Config("default", settings);
assertThat(config.smtp.password.getChars(), equalTo(password.toCharArray()));
}
} }

5
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccountsTests.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.xpack.watcher.notification.hipchat; package org.elasticsearch.xpack.watcher.notification.hipchat;
import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.xpack.watcher.common.http.HttpClient; import org.elasticsearch.xpack.watcher.common.http.HttpClient;
@ -50,9 +51,11 @@ public class HipChatAccountsTests extends ESTestCase {
} }
private void addAccountSettings(String name, Settings.Builder builder) { private void addAccountSettings(String name, Settings.Builder builder) {
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("xpack.notification.hipchat.account." + name + ".secure_auth_token", randomAlphaOfLength(50));
HipChatAccount.Profile profile = randomFrom(HipChatAccount.Profile.values()); HipChatAccount.Profile profile = randomFrom(HipChatAccount.Profile.values());
builder.put("xpack.notification.hipchat.account." + name + ".profile", profile.value()); builder.put("xpack.notification.hipchat.account." + name + ".profile", profile.value());
builder.put("xpack.notification.hipchat.account." + name + ".auth_token", randomAlphaOfLength(50)); builder.setSecureSettings(secureSettings);
if (profile == HipChatAccount.Profile.INTEGRATION) { if (profile == HipChatAccount.Profile.INTEGRATION) {
builder.put("xpack.notification.hipchat.account." + name + ".room", randomAlphaOfLength(10)); builder.put("xpack.notification.hipchat.account." + name + ".room", randomAlphaOfLength(10));
} }

22
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatServiceTests.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.xpack.watcher.notification.hipchat; package org.elasticsearch.xpack.watcher.notification.hipchat;
import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.settings.SettingsException;
import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.ESTestCase;
@ -40,9 +41,11 @@ public class HipChatServiceTests extends ESTestCase {
HipChatMessage.Color defaultColor = randomBoolean() ? null : randomFrom(HipChatMessage.Color.values()); HipChatMessage.Color defaultColor = randomBoolean() ? null : randomFrom(HipChatMessage.Color.values());
HipChatMessage.Format defaultFormat = randomBoolean() ? null : randomFrom(HipChatMessage.Format.values()); HipChatMessage.Format defaultFormat = randomBoolean() ? null : randomFrom(HipChatMessage.Format.values());
Boolean defaultNotify = randomBoolean() ? null : (Boolean) randomBoolean(); Boolean defaultNotify = randomBoolean() ? null : (Boolean) randomBoolean();
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("xpack.notification.hipchat.account." + accountName + ".secure_auth_token", "_token");
Settings.Builder settingsBuilder = Settings.builder() Settings.Builder settingsBuilder = Settings.builder()
.put("xpack.notification.hipchat.account." + accountName + ".profile", HipChatAccount.Profile.V1.value()) .put("xpack.notification.hipchat.account." + accountName + ".profile", HipChatAccount.Profile.V1.value())
.put("xpack.notification.hipchat.account." + accountName + ".auth_token", "_token"); .setSecureSettings(secureSettings);
if (host != null) { if (host != null) {
settingsBuilder.put("xpack.notification.hipchat.account." + accountName + ".host", host); settingsBuilder.put("xpack.notification.hipchat.account." + accountName + ".host", host);
} }
@ -86,10 +89,12 @@ public class HipChatServiceTests extends ESTestCase {
HipChatMessage.Color defaultColor = randomBoolean() ? null : randomFrom(HipChatMessage.Color.values()); HipChatMessage.Color defaultColor = randomBoolean() ? null : randomFrom(HipChatMessage.Color.values());
HipChatMessage.Format defaultFormat = randomBoolean() ? null : randomFrom(HipChatMessage.Format.values()); HipChatMessage.Format defaultFormat = randomBoolean() ? null : randomFrom(HipChatMessage.Format.values());
Boolean defaultNotify = randomBoolean() ? null : (Boolean) randomBoolean(); Boolean defaultNotify = randomBoolean() ? null : (Boolean) randomBoolean();
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("xpack.notification.hipchat.account." + accountName + ".secure_auth_token", "_token");
Settings.Builder settingsBuilder = Settings.builder() Settings.Builder settingsBuilder = Settings.builder()
.put("xpack.notification.hipchat.account." + accountName + ".profile", .put("xpack.notification.hipchat.account." + accountName + ".profile",
HipChatAccount.Profile.INTEGRATION.value()) HipChatAccount.Profile.INTEGRATION.value())
.put("xpack.notification.hipchat.account." + accountName + ".auth_token", "_token") .setSecureSettings(secureSettings)
.put("xpack.notification.hipchat.account." + accountName + ".room", room); .put("xpack.notification.hipchat.account." + accountName + ".room", room);
if (host != null) { if (host != null) {
settingsBuilder.put("xpack.notification.hipchat.account." + accountName + ".host", host); settingsBuilder.put("xpack.notification.hipchat.account." + accountName + ".host", host);
@ -122,10 +127,12 @@ public class HipChatServiceTests extends ESTestCase {
public void testSingleAccountIntegrationNoRoomSetting() throws Exception { public void testSingleAccountIntegrationNoRoomSetting() throws Exception {
String accountName = randomAlphaOfLength(10); String accountName = randomAlphaOfLength(10);
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("xpack.notification.hipchat.account." + accountName + ".secure_auth_token", "_token");
Settings.Builder settingsBuilder = Settings.builder() Settings.Builder settingsBuilder = Settings.builder()
.put("xpack.notification.hipchat.account." + accountName + ".profile", .put("xpack.notification.hipchat.account." + accountName + ".profile",
HipChatAccount.Profile.INTEGRATION.value()) HipChatAccount.Profile.INTEGRATION.value())
.put("xpack.notification.hipchat.account." + accountName + ".auth_token", "_token"); .setSecureSettings(secureSettings);
SettingsException e = expectThrows(SettingsException.class, () -> SettingsException e = expectThrows(SettingsException.class, () ->
new HipChatService(settingsBuilder.build(), httpClient, new HipChatService(settingsBuilder.build(), httpClient,
new ClusterSettings(settingsBuilder.build(), new HashSet<>(HipChatService.getSettings()))).getAccount(null)); new ClusterSettings(settingsBuilder.build(), new HashSet<>(HipChatService.getSettings()))).getAccount(null));
@ -141,9 +148,12 @@ public class HipChatServiceTests extends ESTestCase {
HipChatMessage.Color defaultColor = randomBoolean() ? null : randomFrom(HipChatMessage.Color.values()); HipChatMessage.Color defaultColor = randomBoolean() ? null : randomFrom(HipChatMessage.Color.values());
HipChatMessage.Format defaultFormat = randomBoolean() ? null : randomFrom(HipChatMessage.Format.values()); HipChatMessage.Format defaultFormat = randomBoolean() ? null : randomFrom(HipChatMessage.Format.values());
Boolean defaultNotify = randomBoolean() ? null : (Boolean) randomBoolean(); Boolean defaultNotify = randomBoolean() ? null : (Boolean) randomBoolean();
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("xpack.notification.hipchat.account." + accountName + ".secure_auth_token", "_token");
Settings.Builder settingsBuilder = Settings.builder() Settings.Builder settingsBuilder = Settings.builder()
.put("xpack.notification.hipchat.account." + accountName + ".profile", HipChatAccount.Profile.USER.value()) .put("xpack.notification.hipchat.account." + accountName + ".profile", HipChatAccount.Profile.USER.value())
.put("xpack.notification.hipchat.account." + accountName + ".auth_token", "_token"); .setSecureSettings(secureSettings);
if (host != null) { if (host != null) {
settingsBuilder.put("xpack.notification.hipchat.account." + accountName + ".host", host); settingsBuilder.put("xpack.notification.hipchat.account." + accountName + ".host", host);
} }
@ -189,6 +199,8 @@ public class HipChatServiceTests extends ESTestCase {
Settings.Builder settingsBuilder = Settings.builder(); Settings.Builder settingsBuilder = Settings.builder();
String defaultAccount = "_a" + randomIntBetween(0, 4); String defaultAccount = "_a" + randomIntBetween(0, 4);
settingsBuilder.put("xpack.notification.hipchat.default_account", defaultAccount); settingsBuilder.put("xpack.notification.hipchat.default_account", defaultAccount);
final MockSecureSettings secureSettings = new MockSecureSettings();
settingsBuilder.setSecureSettings(secureSettings);
final boolean customGlobalServer = randomBoolean(); final boolean customGlobalServer = randomBoolean();
if (customGlobalServer) { if (customGlobalServer) {
@ -201,7 +213,7 @@ public class HipChatServiceTests extends ESTestCase {
String prefix = "xpack.notification.hipchat.account." + name; String prefix = "xpack.notification.hipchat.account." + name;
HipChatAccount.Profile profile = randomFrom(HipChatAccount.Profile.values()); HipChatAccount.Profile profile = randomFrom(HipChatAccount.Profile.values());
settingsBuilder.put(prefix + ".profile", profile); settingsBuilder.put(prefix + ".profile", profile);
settingsBuilder.put(prefix + ".auth_token", "_token" + i); secureSettings.setString(prefix + ".secure_auth_token", "_token" + i);
if (profile == HipChatAccount.Profile.INTEGRATION) { if (profile == HipChatAccount.Profile.INTEGRATION) {
settingsBuilder.put(prefix + ".room", "_room" + i); settingsBuilder.put(prefix + ".room", "_room" + i);
} }

21
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/IntegrationAccountTests.java
View File

@ -7,6 +7,7 @@ package org.elasticsearch.xpack.watcher.notification.hipchat;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.Strings; import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.settings.SettingsException;
import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.ToXContent;
@ -36,7 +37,9 @@ public class IntegrationAccountTests extends ESTestCase {
Settings.Builder sb = Settings.builder(); Settings.Builder sb = Settings.builder();
String authToken = randomAlphaOfLength(50); String authToken = randomAlphaOfLength(50);
sb.put(IntegrationAccount.AUTH_TOKEN_SETTING, authToken); final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), authToken);
sb.setSecureSettings(secureSettings);
String host = HipChatServer.DEFAULT.host(); String host = HipChatServer.DEFAULT.host();
if (randomBoolean()) { if (randomBoolean()) {
@ -90,13 +93,16 @@ public class IntegrationAccountTests extends ESTestCase {
new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class));
fail("Expected SettingsException"); fail("Expected SettingsException");
} catch (SettingsException e) { } catch (SettingsException e) {
assertThat(e.getMessage(), is("hipchat account [_name] missing required [auth_token] setting")); assertThat(e.getMessage(), is("hipchat account [_name] missing required [secure_auth_token] secure setting"));
} }
} }
public void testSettingsWithoutRoom() throws Exception { public void testSettingsWithoutRoom() throws Exception {
Settings.Builder sb = Settings.builder(); Settings.Builder sb = Settings.builder();
sb.put(IntegrationAccount.AUTH_TOKEN_SETTING, randomAlphaOfLength(50)); String authToken = randomAlphaOfLength(50);
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), authToken);
sb.setSecureSettings(secureSettings);
try { try {
new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class));
fail("Expected SettingsException"); fail("Expected SettingsException");
@ -107,7 +113,10 @@ public class IntegrationAccountTests extends ESTestCase {
public void testSettingsWithoutMultipleRooms() throws Exception { public void testSettingsWithoutMultipleRooms() throws Exception {
Settings.Builder sb = Settings.builder(); Settings.Builder sb = Settings.builder();
sb.put(IntegrationAccount.AUTH_TOKEN_SETTING, randomAlphaOfLength(50)); String authToken = randomAlphaOfLength(50);
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), authToken);
sb.setSecureSettings(secureSettings);
sb.put(IntegrationAccount.ROOM_SETTING, "_r1,_r2"); sb.put(IntegrationAccount.ROOM_SETTING, "_r1,_r2");
try { try {
new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class));
@ -121,10 +130,12 @@ public class IntegrationAccountTests extends ESTestCase {
String token = randomAlphaOfLength(10); String token = randomAlphaOfLength(10);
HttpClient httpClient = mock(HttpClient.class); HttpClient httpClient = mock(HttpClient.class);
String room = "Room with Spaces"; String room = "Room with Spaces";
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), token);
IntegrationAccount account = new IntegrationAccount("_name", Settings.builder() IntegrationAccount account = new IntegrationAccount("_name", Settings.builder()
.put("host", "_host") .put("host", "_host")
.put("port", "443") .put("port", "443")
.put("auth_token", token) .setSecureSettings(secureSettings)
.put("room", room) .put("room", room)
.build(), HipChatServer.DEFAULT, httpClient, mock(Logger.class)); .build(), HipChatServer.DEFAULT, httpClient, mock(Logger.class));

23
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/UserAccountTests.java
View File

@ -8,6 +8,7 @@ package org.elasticsearch.xpack.watcher.notification.hipchat;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.Strings; import org.elasticsearch.common.Strings;
import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.settings.SettingsException;
import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.ESTestCase;
@ -43,7 +44,9 @@ public class UserAccountTests extends ESTestCase {
Settings.Builder sb = Settings.builder(); Settings.Builder sb = Settings.builder();
String authToken = randomAlphaOfLength(50); String authToken = randomAlphaOfLength(50);
sb.put(UserAccount.AUTH_TOKEN_SETTING, authToken); final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(UserAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), authToken);
sb.setSecureSettings(secureSettings);
String host = HipChatServer.DEFAULT.host(); String host = HipChatServer.DEFAULT.host();
if (randomBoolean()) { if (randomBoolean()) {
@ -111,16 +114,18 @@ public class UserAccountTests extends ESTestCase {
new UserAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); new UserAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class));
fail("Expected SettingsException"); fail("Expected SettingsException");
} catch (SettingsException e) { } catch (SettingsException e) {
assertThat(e.getMessage(), is("hipchat account [_name] missing required [auth_token] setting")); assertThat(e.getMessage(), is("hipchat account [_name] missing required [secure_auth_token] secure setting"));
} }
} }
public void testSend() throws Exception { public void testSend() throws Exception {
HttpClient httpClient = mock(HttpClient.class); HttpClient httpClient = mock(HttpClient.class);
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), "_token");
UserAccount account = new UserAccount("_name", Settings.builder() UserAccount account = new UserAccount("_name", Settings.builder()
.put("host", "_host") .put("host", "_host")
.put("port", "443") .put("port", "443")
.put("auth_token", "_token") .setSecureSettings(secureSettings)
.build(), HipChatServer.DEFAULT, httpClient, mock(Logger.class)); .build(), HipChatServer.DEFAULT, httpClient, mock(Logger.class));
HipChatMessage.Format format = randomFrom(HipChatMessage.Format.values()); HipChatMessage.Format format = randomFrom(HipChatMessage.Format.values());
@ -240,9 +245,11 @@ public class UserAccountTests extends ESTestCase {
} }
public void testColorIsOptional() throws Exception { public void testColorIsOptional() throws Exception {
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), "awesome-auth-token");
Settings settings = Settings.builder() Settings settings = Settings.builder()
.put("user", "testuser") .put("user", "testuser")
.put("auth_token", "awesome-auth-token") .setSecureSettings(secureSettings)
.build(); .build();
UserAccount userAccount = createUserAccount(settings); UserAccount userAccount = createUserAccount(settings);
@ -256,9 +263,11 @@ public class UserAccountTests extends ESTestCase {
} }
public void testFormatIsOptional() throws Exception { public void testFormatIsOptional() throws Exception {
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), "awesome-auth-token");
Settings settings = Settings.builder() Settings settings = Settings.builder()
.put("user", "testuser") .put("user", "testuser")
.put("auth_token", "awesome-auth-token") .setSecureSettings(secureSettings)
.build(); .build();
UserAccount userAccount = createUserAccount(settings); UserAccount userAccount = createUserAccount(settings);
@ -272,9 +281,11 @@ public class UserAccountTests extends ESTestCase {
} }
public void testRoomNameIsUrlEncoded() throws Exception { public void testRoomNameIsUrlEncoded() throws Exception {
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), "awesome-auth-token");
Settings settings = Settings.builder() Settings settings = Settings.builder()
.put("user", "testuser") .put("user", "testuser")
.put("auth_token", "awesome-auth-token") .setSecureSettings(secureSettings)
.build(); .build();
HipChatServer hipChatServer = mock(HipChatServer.class); HipChatServer hipChatServer = mock(HipChatServer.class);
HttpClient httpClient = mock(HttpClient.class); HttpClient httpClient = mock(HttpClient.class);

12
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/V1AccountTests.java
View File

@ -7,6 +7,7 @@ package org.elasticsearch.xpack.watcher.notification.hipchat;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.settings.SettingsException;
import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.ESTestCase;
@ -32,7 +33,9 @@ public class V1AccountTests extends ESTestCase {
Settings.Builder sb = Settings.builder(); Settings.Builder sb = Settings.builder();
String authToken = randomAlphaOfLength(50); String authToken = randomAlphaOfLength(50);
sb.put(V1Account.AUTH_TOKEN_SETTING, authToken); final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(V1Account.SECURE_AUTH_TOKEN_SETTING.getKey(), authToken);
sb.setSecureSettings(secureSettings);
String host = HipChatServer.DEFAULT.host(); String host = HipChatServer.DEFAULT.host();
if (randomBoolean()) { if (randomBoolean()) {
@ -96,16 +99,19 @@ public class V1AccountTests extends ESTestCase {
new V1Account("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); new V1Account("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class));
fail("Expected SettingsException"); fail("Expected SettingsException");
} catch (SettingsException e) { } catch (SettingsException e) {
assertThat(e.getMessage(), is("hipchat account [_name] missing required [auth_token] setting")); assertThat(e.getMessage(), is("hipchat account [_name] missing required [secure_auth_token] secure setting"));
} }
} }
public void testSend() throws Exception { public void testSend() throws Exception {
HttpClient httpClient = mock(HttpClient.class); HttpClient httpClient = mock(HttpClient.class);
String authToken = randomAlphaOfLength(50);
final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), "_token");
V1Account account = new V1Account("_name", Settings.builder() V1Account account = new V1Account("_name", Settings.builder()
.put("host", "_host") .put("host", "_host")
.put("port", "443") .put("port", "443")
.put("auth_token", "_token") .setSecureSettings(secureSettings)
.build(), HipChatServer.DEFAULT, httpClient, mock(Logger.class)); .build(), HipChatServer.DEFAULT, httpClient, mock(Logger.class));
HipChatMessage.Format format = randomFrom(HipChatMessage.Format.values()); HipChatMessage.Format format = randomFrom(HipChatMessage.Format.values());

57
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccountTests.java
View File

@ -9,6 +9,7 @@ import org.apache.http.HttpStatus;
import org.elasticsearch.common.collect.MapBuilder; import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.common.collect.Tuple; import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.settings.SettingsException;
import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.ESTestCase;
@ -53,29 +54,38 @@ public class JiraAccountTests extends ESTestCase {
public void testJiraAccountSettings() { public void testJiraAccountSettings() {
final String url = "https://internal-jira.elastic.co:443"; final String url = "https://internal-jira.elastic.co:443";
final MockSecureSettings secureSettings = new MockSecureSettings();
SettingsException e = expectThrows(SettingsException.class, () -> new JiraAccount(null, Settings.EMPTY, null)); SettingsException e = expectThrows(SettingsException.class, () -> new JiraAccount(null, Settings.EMPTY, null));
assertThat(e.getMessage(), containsString("invalid jira [null] account settings. missing required [url] setting")); assertThat(e.getMessage(), containsString("invalid jira [null] account settings. missing required [secure_url] setting"));
Settings settings1 = Settings.builder().put("url", url).build(); secureSettings.setString("secure_url", url);
Settings settings1 = Settings.builder().setSecureSettings(secureSettings).build();
e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings1, null)); e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings1, null));
assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [user] setting")); assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [secure_user] setting"));
Settings settings2 = Settings.builder().put("url", url).put("user", "").build(); secureSettings.setString("secure_user", "");
Settings settings2 = Settings.builder().setSecureSettings(secureSettings).build();
e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings2, null)); e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings2, null));
assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [user] setting")); assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [secure_user] setting"));
Settings settings3 = Settings.builder().put("url", url).put("user", "foo").build(); secureSettings.setString("secure_user", "foo");
Settings settings3 = Settings.builder().setSecureSettings(secureSettings).build();
e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings3, null)); e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings3, null));
assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [password] setting")); assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [secure_password] setting"));
Settings settings4 = Settings.builder().put("url", url).put("user", "foo").put("password", "").build(); secureSettings.setString("secure_password", "");
Settings settings4 = Settings.builder().setSecureSettings(secureSettings).build();
e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings4, null)); e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings4, null));
assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [password] setting")); assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [secure_password] setting"));
} }
public void testUnsecureAccountUrl() throws Exception { public void testUnsecureAccountUrl() throws Exception {
Settings settings = Settings.builder().put("url", "http://localhost").put("user", "foo").put("password", "bar").build(); final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(JiraAccount.SECURE_USER_SETTING.getKey(), "foo");
secureSettings.setString(JiraAccount.SECURE_PASSWORD_SETTING.getKey(), "password");
secureSettings.setString(JiraAccount.SECURE_URL_SETTING.getKey(), "http://localhost");
Settings settings = Settings.builder().setSecureSettings(secureSettings).build();
SettingsException e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings, null)); SettingsException e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings, null));
assertThat(e.getMessage(), containsString("invalid jira [test] account settings. unsecure scheme [HTTP]")); assertThat(e.getMessage(), containsString("invalid jira [test] account settings. unsecure scheme [HTTP]"));
@ -128,15 +138,19 @@ public class JiraAccountTests extends ESTestCase {
} }
public void testCustomUrls() throws Exception { public void testCustomUrls() throws Exception {
assertCustomUrl(Settings.builder().put("url", "https://localhost/foo").build(), "/foo"); assertCustomUrl("https://localhost/foo", "/foo");
assertCustomUrl(Settings.builder().put("url", "https://localhost/foo/").build(), "/foo/"); assertCustomUrl("https://localhost/foo/", "/foo/");
// this ensures we retain backwards compatibility // this ensures we retain backwards compatibility
assertCustomUrl(Settings.builder().put("url", "https://localhost/").build(), JiraAccount.DEFAULT_PATH); assertCustomUrl("https://localhost/", JiraAccount.DEFAULT_PATH);
assertCustomUrl(Settings.builder().put("url", "https://localhost").build(), JiraAccount.DEFAULT_PATH); assertCustomUrl("https://localhost", JiraAccount.DEFAULT_PATH);
} }
private void assertCustomUrl(Settings urlSettings, String expectedPath) throws IOException { private void assertCustomUrl(String urlSettings, String expectedPath) throws IOException {
Settings settings = Settings.builder().put(urlSettings).put("user", "foo").put("password", "bar").build(); final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("secure_url", urlSettings);
secureSettings.setString("secure_user", "foo");
secureSettings.setString("secure_password", "bar");
Settings settings = Settings.builder().setSecureSettings(secureSettings).build();
HttpClient client = mock(HttpClient.class); HttpClient client = mock(HttpClient.class);
HttpResponse response = new HttpResponse(200); HttpResponse response = new HttpResponse(200);
@ -153,9 +167,14 @@ public class JiraAccountTests extends ESTestCase {
} }
private void addAccountSettings(String name, Settings.Builder builder) { private void addAccountSettings(String name, Settings.Builder builder) {
builder.put("xpack.notification.jira.account." + name + "." + JiraAccount.URL_SETTING, "https://internal-jira.elastic.co:443"); final MockSecureSettings secureSettings = new MockSecureSettings();
builder.put("xpack.notification.jira.account." + name + "." + JiraAccount.USER_SETTING, randomAlphaOfLength(10)); secureSettings.setString("xpack.notification.jira.account." + name + "." + JiraAccount.SECURE_URL_SETTING.getKey(),
builder.put("xpack.notification.jira.account." + name + "." + JiraAccount.PASSWORD_SETTING, randomAlphaOfLength(10)); "https://internal-jira.elastic.co:443");
secureSettings.setString("xpack.notification.jira.account." + name + "." + JiraAccount.SECURE_USER_SETTING.getKey(),
randomAlphaOfLength(10));
secureSettings.setString("xpack.notification.jira.account." + name + "." + JiraAccount.SECURE_PASSWORD_SETTING.getKey(),
randomAlphaOfLength(10));
builder.setSecureSettings(secureSettings);
Map<String, Object> defaults = randomIssueDefaults(); Map<String, Object> defaults = randomIssueDefaults();
for (Map.Entry<String, Object> setting : defaults.entrySet()) { for (Map.Entry<String, Object> setting : defaults.entrySet()) {

7
x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccountsTests.java
View File

@ -7,6 +7,7 @@ package org.elasticsearch.xpack.watcher.notification.pagerduty;
import org.elasticsearch.common.bytes.BytesArray; import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.ESTestCase;
@ -83,7 +84,11 @@ public class PagerDutyAccountsTests extends ESTestCase {
} }
private void addAccountSettings(String name, Settings.Builder builder) { private void addAccountSettings(String name, Settings.Builder builder) {
builder.put("xpack.notification.pagerduty.account." + name + ".service_api_key", randomAlphaOfLength(50)); final MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString(
"xpack.notification.pagerduty.account." + name + "." + PagerDutyAccount.SECURE_SERVICE_API_KEY_SETTING.getKey(),
randomAlphaOfLength(50));
builder.setSecureSettings(secureSettings);
Settings defaults = SlackMessageDefaultsTests.randomSettings(); Settings defaults = SlackMessageDefaultsTests.randomSettings();
for (String setting : defaults.keySet()) { for (String setting : defaults.keySet()) {
builder.copy("xpack.notification.pagerduty.message_defaults." + setting, setting, defaults); builder.copy("xpack.notification.pagerduty.message_defaults." + setting, setting, defaults);

2
x-pack/qa/smoke-test-watcher-with-security/build.gradle
View File

@ -22,7 +22,7 @@ integTestCluster {
setting 'xpack.notification.email.account._email.smtp.host', 'host.domain' setting 'xpack.notification.email.account._email.smtp.host', 'host.domain'
setting 'xpack.notification.email.account._email.smtp.port', '587' setting 'xpack.notification.email.account._email.smtp.port', '587'
setting 'xpack.notification.email.account._email.smtp.user', '_user' setting 'xpack.notification.email.account._email.smtp.user', '_user'
setting 'xpack.notification.email.account._email.smtp.password', '_passwd' keystoreSetting 'xpack.notification.email.account._email.smtp.secure_password', '_passwd'
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
extraConfigFile 'roles.yml', 'roles.yml' extraConfigFile 'roles.yml', 'roles.yml'
setupCommand 'setupTestAdminUser', setupCommand 'setupTestAdminUser',