honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ensure the transport type is a security transport 

Original commit: elastic/x-pack-elasticsearch@6c7e46e103
This commit is contained in:
jaymode 2016-08-03 07:23:55 -04:00
parent dd181e3e13
commit 55ccd27acf
5 changed files with 68 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/test/MonitoringIntegTestCase.java
View File

@ -125,6 +125,8 @@ public abstract class MonitoringIntegTestCase extends ESIntegTestCase {
.put(super.transportClientSettings())
.put("client.transport.sniff", false)
.put(Security.USER_SETTING.getKey(), "test:changeme")
.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME4)
.put(NetworkModule.HTTP_TYPE_KEY, Security.NAME4)
.build();
}
return Settings.builder().put(super.transportClientSettings())
@ -541,7 +543,9 @@ public abstract class MonitoringIntegTestCase extends ESIntegTestCase {
.put(FileRolesStore.ROLES_FILE_SETTING.getKey(), writeFile(folder, "roles.yml", ROLES))
.put(CryptoService.FILE_SETTING.getKey(), writeFile(folder, "system_key.yml", systemKey))
.put("xpack.security.authc.sign_user_header", false)
.put("xpack.security.audit.enabled", auditLogsEnabled);
.put("xpack.security.audit.enabled", auditLogsEnabled)
.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME4)
.put(NetworkModule.HTTP_TYPE_KEY, Security.NAME4);
} catch (IOException ex) {
throw new RuntimeException("failed to build settings for security", ex);
}

10
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java
View File

@ -347,13 +347,16 @@ public class Security implements ActionPlugin, IngestPlugin {
return additionalSettings(settings);
}
@SuppressWarnings("StatementWithEmptyBody")
// visible for tests
static Settings additionalSettings(Settings settings) {
final Settings.Builder settingsBuilder = Settings.builder();
if (NetworkModule.TRANSPORT_TYPE_SETTING.exists(settings)) {
// for symmetry with http.type
final String transportType = NetworkModule.TRANSPORT_TYPE_SETTING.get(settings);
if (NAME3.equals(transportType) == false && NAME4.equals(transportType) == false) {
throw new IllegalArgumentException("transport type setting [" + NetworkModule.TRANSPORT_TYPE_KEY + "] must be one of [" +
NAME3 + "," + NAME4 + "]");
}
} else {
// default to security4
settingsBuilder.put(NetworkModule.TRANSPORT_TYPE_KEY, NAME4);
@ -365,6 +368,9 @@ public class Security implements ActionPlugin, IngestPlugin {
SecurityNetty3HttpServerTransport.overrideSettings(settingsBuilder, settings);
} else if (httpType.equals(NAME4)) {
SecurityNetty4HttpServerTransport.overrideSettings(settingsBuilder, settings);
} else {
throw new IllegalArgumentException("http type setting [" + NetworkModule.HTTP_TYPE_KEY + "] must be one of [" +
NAME3 + "," + NAME4 + "]");
}
} else {
// default to security4

47
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java
View File

@ -12,6 +12,7 @@ import java.util.Collections;
import java.util.Map;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.license.XPackLicenseState;
@ -25,6 +26,7 @@ import org.elasticsearch.xpack.security.authc.Realm;
import org.elasticsearch.xpack.security.authc.Realms;
import org.elasticsearch.xpack.security.authc.file.FileRealm;
import static org.hamcrest.Matchers.containsString;
import static org.mockito.Mockito.mock;
public class SecurityTests extends ESTestCase {
@ -126,4 +128,49 @@ public class SecurityTests extends ESTestCase {
IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> createComponents(settings));
assertEquals("Unknown audit trail output [foo]", e.getMessage());
}
public void testTransportTypeSetting() throws Exception {
Settings defaultSettings = Security.additionalSettings(Settings.EMPTY);
assertEquals(Security.NAME4, NetworkModule.TRANSPORT_TYPE_SETTING.get(defaultSettings));
assertEquals(Security.NAME4, NetworkModule.HTTP_TYPE_SETTING.get(defaultSettings));
// set transport back to security3
Settings transport3 = Security.additionalSettings(Settings.builder().put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME3).build());
assertFalse(NetworkModule.TRANSPORT_TYPE_SETTING.exists(transport3));
assertEquals(Security.NAME4, NetworkModule.HTTP_TYPE_SETTING.get(transport3));
// set http back to security3
Settings http3 = Security.additionalSettings(Settings.builder().put(NetworkModule.HTTP_TYPE_KEY, Security.NAME3).build());
assertEquals(Security.NAME4, NetworkModule.TRANSPORT_TYPE_SETTING.get(http3));
assertFalse(NetworkModule.HTTP_TYPE_SETTING.exists(http3));
// set both to security3
Settings both3 = Security.additionalSettings(Settings.builder()
.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME3)
.put(NetworkModule.HTTP_TYPE_KEY, Security.NAME3)
.build());
assertFalse(NetworkModule.TRANSPORT_TYPE_SETTING.exists(both3));
assertFalse(NetworkModule.HTTP_TYPE_SETTING.exists(both3));
// set both to 4
Settings both4 = Security.additionalSettings(Settings.builder()
.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME4)
.put(NetworkModule.HTTP_TYPE_KEY, Security.NAME4)
.build());
assertFalse(NetworkModule.TRANSPORT_TYPE_SETTING.exists(both4));
assertFalse(NetworkModule.HTTP_TYPE_SETTING.exists(both4));
final String badType = randomFrom("netty3", "netty4", "other", "security1");
IllegalArgumentException badTransport = expectThrows(IllegalArgumentException.class,
() -> Security.additionalSettings(Settings.builder().put(NetworkModule.TRANSPORT_TYPE_KEY, badType).build()));
assertThat(badTransport.getMessage(), containsString(Security.NAME3));
assertThat(badTransport.getMessage(), containsString(Security.NAME4));
assertThat(badTransport.getMessage(), containsString(NetworkModule.TRANSPORT_TYPE_KEY));
IllegalArgumentException badHttp = expectThrows(IllegalArgumentException.class,
() -> Security.additionalSettings(Settings.builder().put(NetworkModule.HTTP_TYPE_KEY, badType).build()));
assertThat(badHttp.getMessage(), containsString(Security.NAME3));
assertThat(badHttp.getMessage(), containsString(Security.NAME4));
assertThat(badHttp.getMessage(), containsString(NetworkModule.HTTP_TYPE_KEY));
}
}

2
elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/security/BasicSecurityTests.java
View File

@ -39,7 +39,7 @@ public class BasicSecurityTests extends AbstractWatcherIntegrationTestCase {
@Override
protected Settings transportClientSettings() {
return Settings.builder()
.put("client.transport.sniff", false)
.put(super.transportClientSettings())
// Use just the transport user here, so we can test Watcher roles specifically
.put(Security.USER_SETTING.getKey(), "transport_client:changeme")
.build();

7
elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/AbstractWatcherIntegrationTestCase.java
View File

@ -273,6 +273,8 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
return Settings.builder()
.put("client.transport.sniff", false)
.put(Security.USER_SETTING.getKey(), "admin:changeme")
.put(NetworkModule.TRANSPORT_TYPE_KEY, useSecurity3 ? Security.NAME3 : Security.NAME4)
.put(NetworkModule.HTTP_TYPE_KEY, useSecurity3 ? Security.NAME3 : Security.NAME4)
.build();
}
@ -707,6 +709,11 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
if (useSecurity3) {
builder.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME3);
builder.put(NetworkModule.HTTP_TYPE_KEY, Security.NAME3);
} else {
// security should always use one of its transports so if it is enabled explicitly declare one otherwise a local
// transport could be used
builder.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME4);
builder.put(NetworkModule.HTTP_TYPE_KEY, Security.NAME4);
}
return builder.build();
} catch (IOException ex) {