Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@c8368be422
This commit is contained in:
commit
562117a7b7
|
@ -26,6 +26,17 @@ user, the bootstrap password is no longer active and you cannot use this command
|
|||
Instead, you can change passwords by using the *Management > Users* UI in {kib}
|
||||
or the <<security-api-change-password,Change Password API>>.
|
||||
|
||||
This command uses an HTTP connection to connect to the cluster and run the user
|
||||
management requests. If your cluster uses TLS/SSL on the HTTP layer, the command
|
||||
automatically attempts to establish the connection by using the HTTPS protocol.
|
||||
It configures the connection by using the `xpack.security.http.ssl` settings in
|
||||
the `elasticsearch.yml` file. If you do not use the default config directory
|
||||
location, ensure that the *ES_PATH_CONF* environment variable returns the
|
||||
correct path before you run the `setup-passwords` command. You can override
|
||||
settings in your `elasticsearch.yml` file by using the `-E` command option.
|
||||
For more information about debugging connection failures, see
|
||||
{xpack-ref}/trb-security-setup.html[Setup-passwords command fails due to connection failure].
|
||||
|
||||
[float]
|
||||
=== Parameters
|
||||
|
||||
|
@ -44,7 +55,8 @@ user.
|
|||
|
||||
`-u, --url "<URL>"`:: Specifies the URL that the tool uses to submit the user management API
|
||||
requests. The default value is determined from the settings in your
|
||||
`elasticsearch.yml` file.
|
||||
`elasticsearch.yml` file. If `xpack.security.http.ssl.enabled` is set to `true`,
|
||||
you must specify an HTTPS URL.
|
||||
|
||||
`-v, --verbose`:: Shows verbose output.
|
||||
|
||||
|
|
|
@ -25,12 +25,11 @@ include::{es-repo-dir}/reference/index-shared3.asciidoc[]
|
|||
|
||||
:edit_url!:
|
||||
include::sql/index.asciidoc[]
|
||||
include::monitoring/index.asciidoc[]
|
||||
include::rest-api/index.asciidoc[]
|
||||
|
||||
# NOCOMMIT before merging SQL we should make a index-shared4 in core and
|
||||
# put index-shared3 between sql and rest-api.
|
||||
# NOCOMMIT before merging SQL we need to fiddle with this to make sure it is right
|
||||
|
||||
:edit_url!:
|
||||
include::commands/index.asciidoc[]
|
||||
|
||||
:edit_url:
|
||||
|
|
|
@ -9,7 +9,10 @@ After you install {es}, you can optionally obtain and install {xpack}.
|
|||
For more information about how to obtain {xpack},
|
||||
see https://www.elastic.co/products/x-pack.
|
||||
|
||||
You must run the version of {xpack} that matches the version of {es} you are running.
|
||||
You must run the version of {xpack} that matches the version of {es} you are
|
||||
running. See the
|
||||
https://www.elastic.co/support/matrix#matrix_compatibility[Elastic Support Matrix]
|
||||
for more information about product compatibility.
|
||||
|
||||
IMPORTANT: If you are installing {xpack} for the first time on an existing
|
||||
cluster, you must perform a full cluster restart. Installing {xpack} enables
|
||||
|
@ -189,7 +192,7 @@ node key file.
|
|||
<2> Alternatively, specify the full path to the node certificate.
|
||||
<3> Alternatively specify the full path to the CA certificate.
|
||||
<4> This setting is optional. It enables SSL on the HTTP layer to ensure that
|
||||
communication between HTTP clients and the cluster is encrypted.
|
||||
communication between HTTP clients and the cluster is encrypted.
|
||||
--
|
||||
|
||||
.. Start {es}.
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
[role="xpack"]
|
||||
[[http-exporter]]
|
||||
== HTTP Exporter
|
||||
|
||||
When you configure
|
||||
an exporter in `elasticsearch.yml`, the default `local` exporter is disabled.
|
||||
|
||||
The `http` exporter uses the low-level {es} REST Client. This allows
|
||||
the `http` exporter to send its data to any {es} cluster it can access
|
||||
through the network.
|
||||
|
||||
The `http` exporter supports a number of settings that control how it
|
||||
communicates over HTTP to remote clusters. In most cases, it is not
|
||||
necessary to explicitly configure these settings. For detailed
|
||||
descriptions, see {ref}/monitoring-settings.html[Monitoring Settings].
|
||||
|
||||
[source,yaml]
|
||||
----------------------------------
|
||||
xpack.monitoring.exporters:
|
||||
my_local: <1>
|
||||
type: local
|
||||
my_remote: <2>
|
||||
type: http
|
||||
host: [ "10.1.2.3", ... ] <3>
|
||||
auth: <4>
|
||||
username: my_username
|
||||
password: changeme
|
||||
connection:
|
||||
timeout: 6s
|
||||
read_timeout: 60s
|
||||
ssl: ... <5>
|
||||
proxy:
|
||||
base_path: /some/base/path <6>
|
||||
headers: <7>
|
||||
My-Proxy-Header: abc123
|
||||
My-Other-Thing: [ def456, ... ]
|
||||
index.name.time_format: YYYY-MM <8>
|
||||
|
||||
----------------------------------
|
||||
<1> A `local` exporter defined explicitly whose arbitrary name is `my_local`.
|
||||
<2> An `http` exporter defined whose arbitrary name is `my_remote`.
|
||||
<3> `host` is a required setting for `http` exporters, which can take a few
|
||||
different forms as described in the table below.
|
||||
<4> User authentication for those using {security} or some other
|
||||
form of user authentication protecting the cluster.
|
||||
<5> See below for all TLS / SSL settings. If not supplied, the default
|
||||
node-level TLS / SSL settings will be used.
|
||||
<6> Optional base path to prefix any outgoing request with in order to
|
||||
work with proxies.
|
||||
<7> Arbitrary key/value pairs to define as headers to send with every request.
|
||||
The array-based key/value format sends one header per value.
|
||||
<8> A mechanism for changing the date suffix used by default.
|
|
@ -0,0 +1,23 @@
|
|||
[role="xpack"]
|
||||
[[es-monitoring]]
|
||||
= Monitoring {es}
|
||||
|
||||
[partintro]
|
||||
--
|
||||
{monitoring} enables you to easily monitor the health of your {es} cluster. The
|
||||
monitoring metrics are collected from each node and stored in {es} indices. You
|
||||
can then view the data from {kib} where it’s easy to spot issues at a glance or
|
||||
delve into the system behavior over time to diagnose operational issues. In
|
||||
addition to the built-in status warnings, you can also set up custom alerts
|
||||
based on the data in the monitoring indices.
|
||||
|
||||
This section focuses on the {es} monitoring infrastructure and setup. For an
|
||||
introduction to monitoring your Elastic stack, including Logstash and {kib}, see
|
||||
{xpack-ref}/xpack-monitoring.html[Monitoring the Elastic Stack].
|
||||
//For information about using the Monitoring UI, see Monitoring in the Kibana guide.
|
||||
|
||||
--
|
||||
|
||||
include::stats-export.asciidoc[]
|
||||
include::http-export.asciidoc[]
|
||||
include::tribe.asciidoc[]
|
|
@ -0,0 +1,18 @@
|
|||
[role="xpack"]
|
||||
[[stats-export]]
|
||||
== Collecting Data from Particular Indices
|
||||
|
||||
By default, the monitoring agent collects data from all {es} indices.
|
||||
To collect data from particular indices, configure the
|
||||
`xpack.monitoring.collection.indices` setting in `elasticsearch.yml`.
|
||||
You can specify multiple indices as a comma-separated list or
|
||||
use an index pattern to match multiple indices:
|
||||
|
||||
[source,yaml]
|
||||
----------------------------------
|
||||
xpack.monitoring.collection.indices: logstash-*, index1, test2
|
||||
----------------------------------
|
||||
|
||||
You can prepend `+` or `-` to explicitly include or exclude index
|
||||
names or patterns. For example, to include all indices that
|
||||
start with `test` except `test3`, you could specify `+test*,-test3`.
|
|
@ -0,0 +1,40 @@
|
|||
[role="xpack"]
|
||||
[[monitoring-tribe]]
|
||||
== Configuring a Tribe Node to Work with Monitoring
|
||||
|
||||
If you connect to a cluster through a <<modules-tribe,tribe node>>,
|
||||
and you want to monitor the tribe node, then you will need to install {xpack} on
|
||||
that node as well.
|
||||
|
||||
With this configuration, the tribe node is included in the node count displayed
|
||||
in the Monitoring UI, but is not included in the node list because it does not
|
||||
export any data to the monitoring cluster.
|
||||
|
||||
To include the tribe node in the monitoring data, enable Monitoring data
|
||||
collection at the tribe level:
|
||||
|
||||
[source,yaml]
|
||||
----------------------------------
|
||||
node.name: my-tribe-node1
|
||||
|
||||
tribe:
|
||||
on_conflict: prefer_cluster1
|
||||
c1:
|
||||
cluster.name: cluster1
|
||||
discovery.zen.ping.unicast.hosts: [ "cluster1-node1:9300", "cluster1-node2:9300", "cluster1-node2:9300" ]
|
||||
xpack.monitoring.enabled: true <1>
|
||||
c2:
|
||||
cluster.name: cluster2
|
||||
discovery.zen.ping.unicast.hosts: [ "cluster2-node3:9300", "cluster2-node3:9300", "cluster2-node3:9300" ]
|
||||
xpack.monitoring: <2>
|
||||
enabled: true
|
||||
exporters:
|
||||
id1:
|
||||
type: http
|
||||
host: [ "monitoring-cluster:9200" ]
|
||||
----------------------------------
|
||||
<1> Enable data collection from the tribe node using a Local Exporter.
|
||||
<2> Enable data collection from the tribe node using an HTTP Exporter.
|
||||
|
||||
When you enable data collection from the tribe node, it is included in both the
|
||||
node count and node list.
|
|
@ -1,8 +1,12 @@
|
|||
[role="xpack"]
|
||||
[[settings-xpack]]
|
||||
== Configuring X-Pack
|
||||
== {xpack} Settings in {es}
|
||||
++++
|
||||
<titleabbrev>{xpack} Settings</titleabbrev>
|
||||
++++
|
||||
|
||||
include::x-pack-settings.asciidoc[]
|
||||
include::{asciidoc-dir}/../../shared/settings.asciidoc[]
|
||||
include::license-settings.asciidoc[]
|
||||
include::ml-settings.asciidoc[]
|
||||
include::monitoring-settings.asciidoc[]
|
||||
include::security-settings.asciidoc[]
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
[role="xpack"]
|
||||
[[license-settings]]
|
||||
=== {xpack} License Settings
|
||||
++++
|
||||
<titleabbrev>License Settings</titleabbrev>
|
||||
++++
|
||||
|
||||
You can configure this licensing setting in the `elasticsearch.yml` file.
|
||||
For more information, see
|
||||
{xpack-ref}/license-management.html[{xpack} License Management].
|
||||
|
||||
`xpack.license.self_generated.type`::
|
||||
Set to `trial` (default) to enable all {xpack} features. +
|
||||
+
|
||||
--
|
||||
If set to `basic`, the self-generated license gives access only to the features
|
||||
of a standard basic license. You can later upgrade the cluster to a trial
|
||||
license.
|
||||
--
|
|
@ -1,14 +0,0 @@
|
|||
You configure settings for X-Pack features in the `elasticsearch.yml`,
|
||||
`kibana.yml`, and `logstash.yml` configuration files.
|
||||
|
||||
[options="header,footer"]
|
||||
|=======================
|
||||
|{xpack} Feature |{es} Settings |{kib} Settings |Logstash Settings
|
||||
|Development Tools |No |{kibana-ref}/dev-settings-kb.html[Yes] |No
|
||||
|Graph |No |{kibana-ref}/graph-settings-kb.html[Yes] |No
|
||||
|Machine learning |{ref}/ml-settings.html[Yes] |{kibana-ref}/ml-settings-kb.html[Yes] |No
|
||||
|Monitoring |{ref}/monitoring-settings.html[Yes] |{kibana-ref}/monitoring-settings-kb.html[Yes] |{logstash-ref}/settings-xpack.html#monitoring-settings[Yes]
|
||||
|Reporting |No |{kibana-ref}/reporting-settings-kb.html[Yes] |No
|
||||
|Security |{ref}/security-settings.html[Yes] |{kibana-ref}/security-settings-kb.html[Yes] |No
|
||||
|Watcher |{ref}/notification-settings.html[Yes] |No |No
|
||||
|=======================
|
|
@ -67,7 +67,7 @@ killed by firewalls or load balancers inbetween.
|
|||
"actions" : {
|
||||
"email_admin" : {
|
||||
"email": {
|
||||
"to": "'John Doe <john.doe@example.com>'",
|
||||
"to": "John Doe <john.doe@example.com>",
|
||||
"attachments" : {
|
||||
"my_image.png" : { <1>
|
||||
"http" : { <2>
|
||||
|
@ -151,7 +151,7 @@ killed by firewalls or load balancers inbetween.
|
|||
[[email-action-reports]]
|
||||
===== Attaching Reports to an Email
|
||||
|
||||
You can use the `http` attachment type in an `email` action to automatically
|
||||
You can use the `reporting` attachment type in an `email` action to automatically
|
||||
generate a Kibana report and distribute it via email.
|
||||
|
||||
include::{xkb-repo-dir}/reporting/watch-example.asciidoc[]
|
||||
|
|
|
@ -632,7 +632,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
|
|||
@Override
|
||||
public List<BootstrapCheck> getBootstrapChecks() {
|
||||
return Collections.unmodifiableList(
|
||||
Stream.of(security.getBootstrapChecks(), watcher.getBootstrapChecks())
|
||||
Stream.of(security.getBootstrapChecks(), watcher.getBootstrapChecks(env))
|
||||
.flatMap(Collection::stream)
|
||||
.collect(Collectors.toList()));
|
||||
}
|
||||
|
|
|
@ -313,7 +313,7 @@ public class MachineLearning implements ActionPlugin {
|
|||
NormalizerProcessFactory normalizerProcessFactory;
|
||||
if (AUTODETECT_PROCESS.get(settings) && MachineLearningFeatureSet.isRunningOnMlPlatform(true)) {
|
||||
try {
|
||||
NativeController nativeController = NativeControllerHolder.getNativeController(settings);
|
||||
NativeController nativeController = NativeControllerHolder.getNativeController(env);
|
||||
if (nativeController == null) {
|
||||
// This will only only happen when path.home is not set, which is disallowed in production
|
||||
throw new ElasticsearchException("Failed to create native process controller for Machine Learning");
|
||||
|
@ -341,7 +341,7 @@ public class MachineLearning implements ActionPlugin {
|
|||
DatafeedJobBuilder datafeedJobBuilder = new DatafeedJobBuilder(internalClient, jobProvider, auditor, System::currentTimeMillis);
|
||||
DatafeedManager datafeedManager = new DatafeedManager(threadPool, internalClient, clusterService, datafeedJobBuilder,
|
||||
System::currentTimeMillis, auditor, persistentTasksService);
|
||||
MlLifeCycleService mlLifeCycleService = new MlLifeCycleService(settings, clusterService, datafeedManager, autodetectProcessManager);
|
||||
MlLifeCycleService mlLifeCycleService = new MlLifeCycleService(env, clusterService, datafeedManager, autodetectProcessManager);
|
||||
InvalidLicenseEnforcer invalidLicenseEnforcer =
|
||||
new InvalidLicenseEnforcer(settings, licenseState, threadPool, datafeedManager, autodetectProcessManager);
|
||||
PersistentTasksExecutorRegistry persistentTasksExecutorRegistry = new PersistentTasksExecutorRegistry(Settings.EMPTY, Arrays.asList(
|
||||
|
|
|
@ -20,6 +20,7 @@ import org.elasticsearch.common.io.stream.StreamOutput;
|
|||
import org.elasticsearch.common.logging.Loggers;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.license.XPackLicenseState;
|
||||
import org.elasticsearch.plugins.Platforms;
|
||||
import org.elasticsearch.xpack.XPackFeatureSet;
|
||||
|
@ -64,9 +65,9 @@ public class MachineLearningFeatureSet implements XPackFeatureSet {
|
|||
private final Map<String, Object> nativeCodeInfo;
|
||||
|
||||
@Inject
|
||||
public MachineLearningFeatureSet(Settings settings, ClusterService clusterService, Client client,
|
||||
public MachineLearningFeatureSet(Environment environment, ClusterService clusterService, Client client,
|
||||
@Nullable XPackLicenseState licenseState) {
|
||||
this.enabled = XPackSettings.MACHINE_LEARNING_ENABLED.get(settings);
|
||||
this.enabled = XPackSettings.MACHINE_LEARNING_ENABLED.get(environment.settings());
|
||||
this.clusterService = Objects.requireNonNull(clusterService);
|
||||
this.client = Objects.requireNonNull(client);
|
||||
this.licenseState = licenseState;
|
||||
|
@ -74,10 +75,11 @@ public class MachineLearningFeatureSet implements XPackFeatureSet {
|
|||
// Don't try to get the native code version if ML is disabled - it causes too much controversy
|
||||
// if ML has been disabled because of some OS incompatibility. Also don't try to get the native
|
||||
// code version in the transport or tribe client - the controller process won't be running.
|
||||
if (enabled && XPackPlugin.transportClientMode(settings) == false && XPackPlugin.isTribeClientNode(settings) == false) {
|
||||
if (enabled && XPackPlugin.transportClientMode(environment.settings()) == false
|
||||
&& XPackPlugin.isTribeClientNode(environment.settings()) == false) {
|
||||
try {
|
||||
if (isRunningOnMlPlatform(true)) {
|
||||
NativeController nativeController = NativeControllerHolder.getNativeController(settings);
|
||||
NativeController nativeController = NativeControllerHolder.getNativeController(environment);
|
||||
if (nativeController != null) {
|
||||
nativeCodeInfo = nativeController.getNativeCodeInfo();
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ package org.elasticsearch.xpack.ml;
|
|||
import org.elasticsearch.cluster.service.ClusterService;
|
||||
import org.elasticsearch.common.component.AbstractComponent;
|
||||
import org.elasticsearch.common.component.LifecycleListener;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.xpack.ml.datafeed.DatafeedManager;
|
||||
import org.elasticsearch.xpack.ml.job.process.NativeController;
|
||||
import org.elasticsearch.xpack.ml.job.process.NativeControllerHolder;
|
||||
|
@ -18,16 +18,18 @@ import java.io.IOException;
|
|||
|
||||
public class MlLifeCycleService extends AbstractComponent {
|
||||
|
||||
private final Environment environment;
|
||||
private final DatafeedManager datafeedManager;
|
||||
private final AutodetectProcessManager autodetectProcessManager;
|
||||
|
||||
public MlLifeCycleService(Settings settings, ClusterService clusterService) {
|
||||
this(settings, clusterService, null, null);
|
||||
public MlLifeCycleService(Environment environment, ClusterService clusterService) {
|
||||
this(environment, clusterService, null, null);
|
||||
}
|
||||
|
||||
public MlLifeCycleService(Settings settings, ClusterService clusterService, DatafeedManager datafeedManager,
|
||||
public MlLifeCycleService(Environment environment, ClusterService clusterService, DatafeedManager datafeedManager,
|
||||
AutodetectProcessManager autodetectProcessManager) {
|
||||
super(settings);
|
||||
super(environment.settings());
|
||||
this.environment = environment;
|
||||
this.datafeedManager = datafeedManager;
|
||||
this.autodetectProcessManager = autodetectProcessManager;
|
||||
clusterService.addLifecycleListener(new LifecycleListener() {
|
||||
|
@ -47,7 +49,7 @@ public class MlLifeCycleService extends AbstractComponent {
|
|||
if (datafeedManager != null) {
|
||||
datafeedManager.isolateAllDatafeedsOnThisNode();
|
||||
}
|
||||
NativeController nativeController = NativeControllerHolder.getNativeController(settings);
|
||||
NativeController nativeController = NativeControllerHolder.getNativeController(environment);
|
||||
if (nativeController != null) {
|
||||
// This kills autodetect processes WITHOUT closing the jobs, so they get reallocated.
|
||||
if (autodetectProcessManager != null) {
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.ml.job.process;
|
||||
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.xpack.ml.MachineLearning;
|
||||
import org.elasticsearch.xpack.ml.utils.NamedPipeHelper;
|
||||
|
@ -29,16 +28,16 @@ public class NativeControllerHolder {
|
|||
*
|
||||
* The NativeController is created lazily to allow time for the C++ process to be started before connection is attempted.
|
||||
*
|
||||
* null is returned to tests that haven't bothered to set up path.home and all runs where xpack.ml.autodetect_process=false.
|
||||
* <code>null</code> is returned to tests where xpack.ml.autodetect_process=false.
|
||||
*
|
||||
* Calls may throw an exception if initial connection to the C++ process fails.
|
||||
*/
|
||||
public static NativeController getNativeController(Settings settings) throws IOException {
|
||||
public static NativeController getNativeController(Environment environment) throws IOException {
|
||||
|
||||
if (Environment.PATH_HOME_SETTING.exists(settings) && MachineLearning.AUTODETECT_PROCESS.get(settings)) {
|
||||
if (MachineLearning.AUTODETECT_PROCESS.get(environment.settings())) {
|
||||
synchronized (lock) {
|
||||
if (nativeController == null) {
|
||||
nativeController = new NativeController(new Environment(settings), new NamedPipeHelper());
|
||||
nativeController = new NativeController(environment, new NamedPipeHelper());
|
||||
nativeController.tailLogsInThread();
|
||||
}
|
||||
}
|
||||
|
@ -51,7 +50,7 @@ public class NativeControllerHolder {
|
|||
* Get a reference to the singleton native process controller.
|
||||
*
|
||||
* Assumes that if it is possible for a native controller to exist that it will already have been created.
|
||||
* Designed for use by objects that don't have access to settings but know a native controller must exist
|
||||
* Designed for use by objects that don't have access to the environment but know a native controller must exist
|
||||
* for the object calling this method to exist.
|
||||
*/
|
||||
public static NativeController getNativeController() {
|
||||
|
|
|
@ -30,6 +30,9 @@ import java.util.Collection;
|
|||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import static org.elasticsearch.xpack.XPackSettings.SECURITY_ENABLED;
|
||||
import static org.elasticsearch.xpack.XPackSettings.TRANSPORT_SSL_ENABLED;
|
||||
|
||||
/**
|
||||
* Collector for cluster stats.
|
||||
* <p>
|
||||
|
@ -80,11 +83,15 @@ public class ClusterStatsCollector extends Collector {
|
|||
final ClusterState clusterState = clusterService.state();
|
||||
final License license = licenseService.getLicense();
|
||||
final List<XPackFeatureSet.Usage> usage = collect(usageSupplier);
|
||||
// if they have any other type of license, then they are either okay or already know
|
||||
final boolean clusterNeedsTLSEnabled = license.operationMode() == License.OperationMode.TRIAL &&
|
||||
SECURITY_ENABLED.get(settings) &&
|
||||
TRANSPORT_SSL_ENABLED.get(settings) == false;
|
||||
|
||||
// Adds a cluster stats document
|
||||
return Collections.singleton(
|
||||
new ClusterStatsMonitoringDoc(clusterUUID(), timestamp(), interval, node, clusterName, version, clusterStats.getStatus(),
|
||||
license, usage, clusterStats, clusterState));
|
||||
license, usage, clusterStats, clusterState, clusterNeedsTLSEnabled));
|
||||
}
|
||||
|
||||
@Nullable
|
||||
|
|
|
@ -55,6 +55,7 @@ public class ClusterStatsMonitoringDoc extends MonitoringDoc {
|
|||
private final ClusterStatsResponse clusterStats;
|
||||
private final ClusterState clusterState;
|
||||
private final ClusterHealthStatus status;
|
||||
private final boolean clusterNeedsTLSEnabled;
|
||||
|
||||
ClusterStatsMonitoringDoc(final String cluster,
|
||||
final long timestamp,
|
||||
|
@ -66,7 +67,8 @@ public class ClusterStatsMonitoringDoc extends MonitoringDoc {
|
|||
@Nullable final License license,
|
||||
@Nullable final List<XPackFeatureSet.Usage> usages,
|
||||
@Nullable final ClusterStatsResponse clusterStats,
|
||||
@Nullable final ClusterState clusterState) {
|
||||
@Nullable final ClusterState clusterState,
|
||||
final boolean clusterNeedsTLSEnabled) {
|
||||
|
||||
super(cluster, timestamp, intervalMillis, node, MonitoredSystem.ES, TYPE, null);
|
||||
this.clusterName = Objects.requireNonNull(clusterName);
|
||||
|
@ -76,6 +78,7 @@ public class ClusterStatsMonitoringDoc extends MonitoringDoc {
|
|||
this.usages = usages;
|
||||
this.clusterStats = clusterStats;
|
||||
this.clusterState = clusterState;
|
||||
this.clusterNeedsTLSEnabled = clusterNeedsTLSEnabled;
|
||||
}
|
||||
|
||||
String getClusterName() {
|
||||
|
@ -106,6 +109,10 @@ public class ClusterStatsMonitoringDoc extends MonitoringDoc {
|
|||
return status;
|
||||
}
|
||||
|
||||
boolean getClusterNeedsTLSEnabled() {
|
||||
return clusterNeedsTLSEnabled;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void innerToXContent(XContentBuilder builder, Params params) throws IOException {
|
||||
builder.field("cluster_name", clusterName);
|
||||
|
@ -119,6 +126,9 @@ public class ClusterStatsMonitoringDoc extends MonitoringDoc {
|
|||
params = new ToXContent.DelegatingMapParams(extraParams, params);
|
||||
license.toInnerXContent(builder, params);
|
||||
builder.field("hkey", hash(license, getCluster()));
|
||||
if (clusterNeedsTLSEnabled) {
|
||||
builder.field("cluster_needs_tls", true);
|
||||
}
|
||||
builder.endObject();
|
||||
}
|
||||
|
||||
|
|
|
@ -254,7 +254,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin, Clus
|
|||
new TokenSSLBootstrapCheck(),
|
||||
new PkiRealmBootstrapCheck(sslService),
|
||||
new TLSLicenseBootstrapCheck()));
|
||||
checks.addAll(InternalRealms.getBootstrapChecks(settings));
|
||||
checks.addAll(InternalRealms.getBootstrapChecks(settings, env));
|
||||
this.bootstrapChecks = Collections.unmodifiableList(checks);
|
||||
} else {
|
||||
this.bootstrapChecks = Collections.emptyList();
|
||||
|
|
|
@ -17,6 +17,7 @@ import java.util.Set;
|
|||
import org.elasticsearch.bootstrap.BootstrapCheck;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.elasticsearch.xpack.security.SecurityLifecycleService;
|
||||
|
@ -101,11 +102,11 @@ public class InternalRealms {
|
|||
private InternalRealms() {
|
||||
}
|
||||
|
||||
public static List<BootstrapCheck> getBootstrapChecks(final Settings globalSettings) {
|
||||
public static List<BootstrapCheck> getBootstrapChecks(final Settings globalSettings, final Environment env) {
|
||||
final List<BootstrapCheck> checks = new ArrayList<>();
|
||||
final Map<String, Settings> settingsByRealm = RealmSettings.getRealmSettings(globalSettings);
|
||||
settingsByRealm.forEach((name, settings) -> {
|
||||
final RealmConfig realmConfig = new RealmConfig(name, settings, globalSettings, null);
|
||||
final RealmConfig realmConfig = new RealmConfig(name, settings, globalSettings, env, null);
|
||||
switch (realmConfig.type()) {
|
||||
case LdapRealm.AD_TYPE:
|
||||
case LdapRealm.LDAP_TYPE:
|
||||
|
|
|
@ -23,11 +23,6 @@ public class RealmConfig {
|
|||
private final Settings globalSettings;
|
||||
private final ThreadContext threadContext;
|
||||
|
||||
public RealmConfig(String name, Settings settings, Settings globalSettings,
|
||||
ThreadContext threadContext) {
|
||||
this(name, settings, globalSettings, new Environment(globalSettings), threadContext);
|
||||
}
|
||||
|
||||
public RealmConfig(String name, Settings settings, Settings globalSettings, Environment env,
|
||||
ThreadContext threadContext) {
|
||||
this.name = name;
|
||||
|
|
|
@ -517,7 +517,7 @@ public class Watcher implements ActionPlugin {
|
|||
};
|
||||
}
|
||||
|
||||
public List<BootstrapCheck> getBootstrapChecks() {
|
||||
return Collections.singletonList(new EncryptSensitiveDataBootstrapCheck(new Environment(settings)));
|
||||
public List<BootstrapCheck> getBootstrapChecks(Environment env) {
|
||||
return Collections.singletonList(new EncryptSensitiveDataBootstrapCheck(env));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,6 +17,7 @@ import org.elasticsearch.common.settings.Settings;
|
|||
import org.elasticsearch.common.xcontent.ToXContent;
|
||||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||
import org.elasticsearch.common.xcontent.XContentFactory;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.license.XPackLicenseState;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.xpack.XPackFeatureSet;
|
||||
|
@ -53,12 +54,17 @@ import static org.mockito.Mockito.when;
|
|||
|
||||
public class MachineLearningFeatureSetTests extends ESTestCase {
|
||||
|
||||
private Settings commonSettings;
|
||||
private ClusterService clusterService;
|
||||
private Client client;
|
||||
private XPackLicenseState licenseState;
|
||||
|
||||
@Before
|
||||
public void init() throws Exception {
|
||||
commonSettings = Settings.builder()
|
||||
.put(Environment.PATH_HOME_SETTING.getKey(), createTempDir().toAbsolutePath())
|
||||
.put(MachineLearning.AUTODETECT_PROCESS.getKey(), false)
|
||||
.build();
|
||||
clusterService = mock(ClusterService.class);
|
||||
client = mock(Client.class);
|
||||
licenseState = mock(XPackLicenseState.class);
|
||||
|
@ -82,7 +88,8 @@ public class MachineLearningFeatureSetTests extends ESTestCase {
|
|||
}
|
||||
|
||||
public void testAvailable() throws Exception {
|
||||
MachineLearningFeatureSet featureSet = new MachineLearningFeatureSet(Settings.EMPTY, clusterService, client, licenseState);
|
||||
MachineLearningFeatureSet featureSet = new MachineLearningFeatureSet(new Environment(commonSettings), clusterService, client,
|
||||
licenseState);
|
||||
boolean available = randomBoolean();
|
||||
when(licenseState.isMachineLearningAllowed()).thenReturn(available);
|
||||
assertThat(featureSet.available(), is(available));
|
||||
|
@ -100,13 +107,14 @@ public class MachineLearningFeatureSetTests extends ESTestCase {
|
|||
public void testEnabled() throws Exception {
|
||||
boolean useDefault = randomBoolean();
|
||||
boolean enabled = true;
|
||||
Settings.Builder settings = Settings.builder();
|
||||
Settings.Builder settings = Settings.builder().put(commonSettings);
|
||||
if (useDefault == false) {
|
||||
enabled = randomBoolean();
|
||||
settings.put("xpack.ml.enabled", enabled);
|
||||
}
|
||||
boolean expected = enabled || useDefault;
|
||||
MachineLearningFeatureSet featureSet = new MachineLearningFeatureSet(settings.build(), clusterService, client, licenseState);
|
||||
MachineLearningFeatureSet featureSet = new MachineLearningFeatureSet(new Environment(settings.build()), clusterService, client,
|
||||
licenseState);
|
||||
assertThat(featureSet.enabled(), is(expected));
|
||||
PlainActionFuture<Usage> future = new PlainActionFuture<>();
|
||||
featureSet.usage(future);
|
||||
|
@ -121,7 +129,7 @@ public class MachineLearningFeatureSetTests extends ESTestCase {
|
|||
|
||||
public void testUsage() throws Exception {
|
||||
when(licenseState.isMachineLearningAllowed()).thenReturn(true);
|
||||
Settings.Builder settings = Settings.builder();
|
||||
Settings.Builder settings = Settings.builder().put(commonSettings);
|
||||
settings.put("xpack.ml.enabled", true);
|
||||
|
||||
Job opened1 = buildJob("opened1", Arrays.asList(buildMinDetector("foo")));
|
||||
|
@ -139,7 +147,8 @@ public class MachineLearningFeatureSetTests extends ESTestCase {
|
|||
buildDatafeedStats(DatafeedState.STOPPED)
|
||||
));
|
||||
|
||||
MachineLearningFeatureSet featureSet = new MachineLearningFeatureSet(settings.build(), clusterService, client, licenseState);
|
||||
MachineLearningFeatureSet featureSet = new MachineLearningFeatureSet(new Environment(settings.build()), clusterService, client,
|
||||
licenseState);
|
||||
PlainActionFuture<Usage> future = new PlainActionFuture<>();
|
||||
featureSet.usage(future);
|
||||
XPackFeatureSet.Usage mlUsage = future.get();
|
||||
|
@ -201,11 +210,11 @@ public class MachineLearningFeatureSetTests extends ESTestCase {
|
|||
|
||||
public void testUsageGivenMlMetadataNotInstalled() throws Exception {
|
||||
when(licenseState.isMachineLearningAllowed()).thenReturn(true);
|
||||
Settings.Builder settings = Settings.builder();
|
||||
Settings.Builder settings = Settings.builder().put(commonSettings);
|
||||
settings.put("xpack.ml.enabled", true);
|
||||
when(clusterService.state()).thenReturn(ClusterState.EMPTY_STATE);
|
||||
|
||||
MachineLearningFeatureSet featureSet = new MachineLearningFeatureSet(settings.build(),
|
||||
MachineLearningFeatureSet featureSet = new MachineLearningFeatureSet(new Environment(settings.build()),
|
||||
clusterService, client, licenseState);
|
||||
PlainActionFuture<Usage> future = new PlainActionFuture<>();
|
||||
featureSet.usage(future);
|
||||
|
|
|
@ -29,9 +29,12 @@ import org.elasticsearch.xpack.monitoring.collector.BaseCollectorTestCase;
|
|||
import org.elasticsearch.xpack.monitoring.exporter.MonitoringDoc;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Locale;
|
||||
import java.util.UUID;
|
||||
|
||||
import static java.util.Collections.singletonList;
|
||||
import static org.elasticsearch.xpack.XPackSettings.SECURITY_ENABLED;
|
||||
import static org.elasticsearch.xpack.XPackSettings.TRANSPORT_SSL_ENABLED;
|
||||
import static org.elasticsearch.xpack.monitoring.MonitoringTestUtils.randomMonitoringNode;
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
|
@ -80,6 +83,36 @@ public class ClusterStatsCollectorTests extends BaseCollectorTestCase {
|
|||
}
|
||||
|
||||
public void testDoCollect() throws Exception {
|
||||
final Settings.Builder settings = Settings.builder();
|
||||
final License.OperationMode mode =
|
||||
randomValueOtherThan(License.OperationMode.MISSING, () -> randomFrom(License.OperationMode.values()));
|
||||
final boolean securityEnabled = randomBoolean();
|
||||
final boolean transportTLSEnabled;
|
||||
|
||||
if (securityEnabled) {
|
||||
switch (mode) {
|
||||
case TRIAL:
|
||||
transportTLSEnabled = randomBoolean();
|
||||
break;
|
||||
case BASIC:
|
||||
transportTLSEnabled = false;
|
||||
break;
|
||||
case STANDARD:
|
||||
case GOLD:
|
||||
case PLATINUM:
|
||||
transportTLSEnabled = true;
|
||||
break;
|
||||
default:
|
||||
throw new AssertionError("Unknown mode [" + mode + "]");
|
||||
}
|
||||
|
||||
settings.put(TRANSPORT_SSL_ENABLED.getKey(), transportTLSEnabled);
|
||||
} else {
|
||||
transportTLSEnabled = false;
|
||||
|
||||
settings.put(SECURITY_ENABLED.getKey(), false);
|
||||
}
|
||||
|
||||
final TimeValue timeout = TimeValue.timeValueSeconds(randomIntBetween(1, 120));
|
||||
withCollectionTimeout(ClusterStatsCollector.CLUSTER_STATS_TIMEOUT, timeout);
|
||||
|
||||
|
@ -95,7 +128,7 @@ public class ClusterStatsCollectorTests extends BaseCollectorTestCase {
|
|||
|
||||
final License license = License.builder()
|
||||
.uid(UUID.randomUUID().toString())
|
||||
.type("trial")
|
||||
.type(mode.name().toLowerCase(Locale.ROOT))
|
||||
.issuer("elasticsearch")
|
||||
.issuedTo("elastic")
|
||||
.issueDate(System.currentTimeMillis())
|
||||
|
@ -161,6 +194,9 @@ public class ClusterStatsCollectorTests extends BaseCollectorTestCase {
|
|||
assertThat(document.getLicense(), equalTo(license));
|
||||
assertThat(document.getStatus(), equalTo(clusterStatus));
|
||||
|
||||
assertThat(document.getClusterNeedsTLSEnabled(),
|
||||
equalTo(mode == License.OperationMode.TRIAL && securityEnabled && transportTLSEnabled == false));
|
||||
|
||||
assertThat(document.getClusterStats(), notNullValue());
|
||||
assertThat(document.getClusterStats().getStatus(), equalTo(clusterStatus));
|
||||
assertThat(document.getClusterStats().getIndicesStats().getIndexCount(), equalTo(nbIndices));
|
||||
|
|
|
@ -76,6 +76,7 @@ public class ClusterStatsMonitoringDocTests extends BaseMonitoringDocTestCase<Cl
|
|||
private ClusterStatsResponse clusterStats;
|
||||
private ClusterState clusterState;
|
||||
private License license;
|
||||
private final boolean needToEnableTLS = randomBoolean();
|
||||
|
||||
@Override
|
||||
@Before
|
||||
|
@ -111,7 +112,8 @@ public class ClusterStatsMonitoringDocTests extends BaseMonitoringDocTestCase<Cl
|
|||
protected ClusterStatsMonitoringDoc createMonitoringDoc(String cluster, long timestamp, long interval, MonitoringDoc.Node node,
|
||||
MonitoredSystem system, String type, String id) {
|
||||
return new ClusterStatsMonitoringDoc(cluster, timestamp, interval, node,
|
||||
clusterName, version, clusterStatus, license, usages, clusterStats, clusterState);
|
||||
clusterName, version, clusterStatus, license, usages, clusterStats, clusterState,
|
||||
needToEnableTLS);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -132,19 +134,22 @@ public class ClusterStatsMonitoringDocTests extends BaseMonitoringDocTestCase<Cl
|
|||
public void testConstructorClusterNameMustNotBeNull() {
|
||||
expectThrows(NullPointerException.class,
|
||||
() -> new ClusterStatsMonitoringDoc(cluster, timestamp, interval, node,
|
||||
null, version, clusterStatus, license, usages, clusterStats, clusterState));
|
||||
null, version, clusterStatus, license, usages, clusterStats, clusterState,
|
||||
needToEnableTLS));
|
||||
}
|
||||
|
||||
public void testConstructorVersionMustNotBeNull() {
|
||||
expectThrows(NullPointerException.class,
|
||||
() -> new ClusterStatsMonitoringDoc(cluster, timestamp, interval, node,
|
||||
clusterName, null, clusterStatus, license, usages, clusterStats, clusterState));
|
||||
clusterName, null, clusterStatus, license, usages, clusterStats, clusterState,
|
||||
needToEnableTLS));
|
||||
}
|
||||
|
||||
public void testConstructorClusterHealthStatusMustNotBeNull() {
|
||||
expectThrows(NullPointerException.class,
|
||||
() -> new ClusterStatsMonitoringDoc(cluster, timestamp, interval, node,
|
||||
clusterName, version, null, license, usages, clusterStats, clusterState));
|
||||
clusterName, version, null, license, usages, clusterStats, clusterState,
|
||||
needToEnableTLS));
|
||||
}
|
||||
|
||||
public void testNodesHash() {
|
||||
|
@ -339,7 +344,8 @@ public class ClusterStatsMonitoringDocTests extends BaseMonitoringDocTestCase<Cl
|
|||
license,
|
||||
usages,
|
||||
clusterStats,
|
||||
clusterState);
|
||||
clusterState,
|
||||
needToEnableTLS);
|
||||
|
||||
final BytesReference xContent = XContentHelper.toXContent(doc, XContentType.JSON, false);
|
||||
assertEquals("{"
|
||||
|
@ -370,6 +376,7 @@ public class ClusterStatsMonitoringDocTests extends BaseMonitoringDocTestCase<Cl
|
|||
+ "\"issuer\":\"elasticsearch\","
|
||||
+ "\"start_date_in_millis\":-1,"
|
||||
+ "\"hkey\":\"e05627254d639cf36346bf99934dc4a4ac9f37bdc9100cee450c10fa6322a6dd\""
|
||||
+ (needToEnableTLS ? ",\"cluster_needs_tls\":true" : "")
|
||||
+ "},"
|
||||
+ "\"cluster_stats\":{"
|
||||
+ "\"timestamp\":1451606400000,"
|
||||
|
|
|
@ -60,6 +60,7 @@ import static org.hamcrest.Matchers.greaterThanOrEqualTo;
|
|||
import static org.hamcrest.Matchers.hasSize;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.isEmptyOrNullString;
|
||||
import static org.hamcrest.Matchers.isOneOf;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.hamcrest.Matchers.notNullValue;
|
||||
import static org.hamcrest.Matchers.nullValue;
|
||||
|
@ -321,6 +322,9 @@ public class MonitoringIT extends ESRestTestCase {
|
|||
Long expiryDate = (Long) license.get(License.Fields.EXPIRY_DATE_IN_MILLIS);
|
||||
assertThat(expiryDate, greaterThan(0L));
|
||||
|
||||
Boolean clusterNeedsTLS = (Boolean) license.get("cluster_needs_tls");
|
||||
assertThat(clusterNeedsTLS, isOneOf(true, null));
|
||||
|
||||
// We basically recompute the hash here
|
||||
assertThat("Hash key should be the same",
|
||||
license.get("hkey"), equalTo(hash(status, uid, type, String.valueOf(expiryDate), (String) source.get("cluster_uuid"))));
|
||||
|
|
|
@ -7,6 +7,7 @@ package org.elasticsearch.xpack.security.authc;
|
|||
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
|
@ -38,10 +39,12 @@ public class InternalRealmsTests extends ESTestCase {
|
|||
verifyZeroInteractions(lifecycleService);
|
||||
|
||||
Settings settings = Settings.builder().put("path.home", createTempDir()).build();
|
||||
factories.get(NativeRealm.TYPE).create(new RealmConfig("test", Settings.EMPTY, settings, new ThreadContext(settings)));
|
||||
factories.get(NativeRealm.TYPE).create(new RealmConfig("test", Settings.EMPTY, settings, new Environment(settings),
|
||||
new ThreadContext(settings)));
|
||||
verify(lifecycleService).addSecurityIndexHealthChangeListener(isA(BiConsumer.class));
|
||||
|
||||
factories.get(NativeRealm.TYPE).create(new RealmConfig("test", Settings.EMPTY, settings, new ThreadContext(settings)));
|
||||
factories.get(NativeRealm.TYPE).create(new RealmConfig("test", Settings.EMPTY, settings, new Environment(settings),
|
||||
new ThreadContext(settings)));
|
||||
verify(lifecycleService, times(2)).addSecurityIndexHealthChangeListener(isA(BiConsumer.class));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -9,6 +9,7 @@ import org.elasticsearch.cluster.health.ClusterHealthStatus;
|
|||
import org.elasticsearch.cluster.health.ClusterIndexHealth;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.xpack.security.authc.RealmConfig;
|
||||
|
||||
|
@ -23,7 +24,7 @@ public class NativeRealmTests extends ESTestCase {
|
|||
final AtomicInteger numInvalidation = new AtomicInteger(0);
|
||||
int expectedInvalidation = 0;
|
||||
Settings settings = Settings.builder().put("path.home", createTempDir()).build();
|
||||
RealmConfig config = new RealmConfig("native", Settings.EMPTY, settings, new ThreadContext(settings));
|
||||
RealmConfig config = new RealmConfig("native", Settings.EMPTY, settings, new Environment(settings), new ThreadContext(settings));
|
||||
final NativeRealm nativeRealm = new NativeRealm(config, mock(NativeUsersStore.class)) {
|
||||
@Override
|
||||
void clearCache() {
|
||||
|
|
|
@ -62,7 +62,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
|
|||
public void testAdAuth() throws Exception {
|
||||
RealmConfig config = new RealmConfig("ad-test",
|
||||
buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false),
|
||||
globalSettings, new ThreadContext(Settings.EMPTY));
|
||||
globalSettings, new Environment(globalSettings), new ThreadContext(Settings.EMPTY));
|
||||
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
|
||||
|
||||
String userName = "ironman";
|
||||
|
@ -410,7 +410,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
|
|||
public void testADLookup() throws Exception {
|
||||
RealmConfig config = new RealmConfig("ad-test",
|
||||
buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false, true),
|
||||
globalSettings, new ThreadContext(Settings.EMPTY));
|
||||
globalSettings, new Environment(globalSettings), new ThreadContext(Settings.EMPTY));
|
||||
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
|
||||
|
||||
List<String> users = randomSubsetOf(Arrays.asList("cap", "hawkeye", "hulk", "ironman", "thor", "blackwidow",
|
||||
|
|
|
@ -15,6 +15,7 @@ import org.elasticsearch.common.settings.SecureString;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.xpack.security.authc.RealmConfig;
|
||||
import org.elasticsearch.xpack.security.authc.ldap.LdapSessionFactory;
|
||||
import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
|
||||
|
@ -135,7 +136,7 @@ public abstract class LdapTestCase extends ESTestCase {
|
|||
.put(DnRoleMapper.USE_UNMAPPED_GROUPS_AS_ROLES_SETTING.getKey(), true)
|
||||
.build();
|
||||
Settings global = Settings.builder().put("path.home", createTempDir()).build();
|
||||
RealmConfig config = new RealmConfig("ldap1", settings, global, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("ldap1", settings, global, new Environment(global), new ThreadContext(Settings.EMPTY));
|
||||
|
||||
return new DnRoleMapper(config, resourceWatcherService);
|
||||
}
|
||||
|
|
|
@ -222,8 +222,9 @@ public class SessionFactoryLoadBalancingTests extends LdapTestCase {
|
|||
String userTemplate = "cn={0},ou=people,o=sevenSeas";
|
||||
Settings settings = buildLdapSettings(ldapUrls(), new String[] { userTemplate }, groupSearchBase,
|
||||
LdapSearchScope.SUB_TREE, loadBalancing);
|
||||
RealmConfig config = new RealmConfig("test-session-factory", settings, Settings.builder().put("path.home",
|
||||
createTempDir()).build(), new ThreadContext(Settings.EMPTY));
|
||||
Settings globalSettings = Settings.builder().put("path.home", createTempDir()).build();
|
||||
RealmConfig config = new RealmConfig("test-session-factory", settings, globalSettings, new Environment(globalSettings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
return new TestSessionFactory(config, new SSLService(Settings.EMPTY, new Environment(config.globalSettings())), threadPool);
|
||||
}
|
||||
|
||||
|
|
|
@ -107,7 +107,7 @@ public class SessionFactoryTests extends ESTestCase {
|
|||
private SessionFactory createSessionFactory() {
|
||||
Settings global = Settings.builder().put("path.home", createTempDir()).build();
|
||||
final RealmConfig realmConfig = new RealmConfig("_name", Settings.builder().put("url", "ldap://localhost:389").build(),
|
||||
global, new ThreadContext(Settings.EMPTY));
|
||||
global, new Environment(global), new ThreadContext(Settings.EMPTY));
|
||||
return new SessionFactory(realmConfig, null, threadPool) {
|
||||
|
||||
@Override
|
||||
|
|
|
@ -11,6 +11,7 @@ import org.elasticsearch.common.settings.SecureString;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.test.SecuritySettingsSource;
|
||||
import org.elasticsearch.xpack.security.authc.AuthenticationResult;
|
||||
|
@ -55,7 +56,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
|||
.put(CachingUsernamePasswordRealm.CACHE_TTL_SETTING.getKey(), ttl)
|
||||
.build();
|
||||
|
||||
RealmConfig config = new RealmConfig("test_realm", settings, globalSettings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("test_realm", settings, globalSettings, new Environment(globalSettings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
CachingUsernamePasswordRealm realm = new CachingUsernamePasswordRealm("test", config) {
|
||||
@Override
|
||||
protected void doAuthenticate(UsernamePasswordToken token, ActionListener<AuthenticationResult> listener) {
|
||||
|
@ -226,7 +228,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
|||
Settings settings = Settings.builder()
|
||||
.put(CachingUsernamePasswordRealm.CACHE_TTL_SETTING.getKey(), ttl)
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig("test_cache_ttl", settings, globalSettings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("test_cache_ttl", settings, globalSettings, new Environment(globalSettings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
AlwaysAuthenticateCachingRealm realm = new AlwaysAuthenticateCachingRealm(config);
|
||||
|
||||
final UsernamePasswordToken authToken = new UsernamePasswordToken("the-user", new SecureString("the-password"));
|
||||
|
@ -254,7 +257,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
|||
Settings settings = Settings.builder()
|
||||
.put(CachingUsernamePasswordRealm.CACHE_TTL_SETTING.getKey(), ttl)
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig("test_cache_ttl", settings, globalSettings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("test_cache_ttl", settings, globalSettings, new Environment(globalSettings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
AlwaysAuthenticateCachingRealm realm = new AlwaysAuthenticateCachingRealm(config);
|
||||
|
||||
final UsernamePasswordToken authToken = new UsernamePasswordToken("the-user", new SecureString("the-password"));
|
||||
|
@ -330,7 +334,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
|||
final SecureString randomPassword = new SecureString(randomAlphaOfLength(password.length()).toCharArray());
|
||||
|
||||
final String passwordHash = new String(Hasher.BCRYPT.hash(password));
|
||||
RealmConfig config = new RealmConfig("test_realm", Settings.EMPTY, globalSettings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("test_realm", Settings.EMPTY, globalSettings, new Environment(globalSettings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
final CachingUsernamePasswordRealm realm = new CachingUsernamePasswordRealm("test", config) {
|
||||
@Override
|
||||
protected void doAuthenticate(UsernamePasswordToken token, ActionListener<AuthenticationResult> listener) {
|
||||
|
@ -393,7 +398,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
|||
public void testUserLookupConcurrency() throws Exception {
|
||||
final String username = "username";
|
||||
|
||||
RealmConfig config = new RealmConfig("test_realm", Settings.EMPTY, globalSettings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("test_realm", Settings.EMPTY, globalSettings, new Environment(globalSettings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
final CachingUsernamePasswordRealm realm = new CachingUsernamePasswordRealm("test", config) {
|
||||
@Override
|
||||
protected void doAuthenticate(UsernamePasswordToken token, ActionListener<AuthenticationResult> listener) {
|
||||
|
@ -446,7 +452,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
|||
static class FailingAuthenticationRealm extends CachingUsernamePasswordRealm {
|
||||
|
||||
FailingAuthenticationRealm(Settings settings, Settings global) {
|
||||
super("failing", new RealmConfig("failing-test", settings, global, new ThreadContext(Settings.EMPTY)));
|
||||
super("failing", new RealmConfig("failing-test", settings, global, new Environment(global),
|
||||
new ThreadContext(Settings.EMPTY)));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -463,7 +470,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
|||
static class ThrowingAuthenticationRealm extends CachingUsernamePasswordRealm {
|
||||
|
||||
ThrowingAuthenticationRealm(Settings settings, Settings globalSettings) {
|
||||
super("throwing", new RealmConfig("throwing-test", settings, globalSettings, new ThreadContext(Settings.EMPTY)));
|
||||
super("throwing", new RealmConfig("throwing-test", settings, globalSettings, new Environment(globalSettings),
|
||||
new ThreadContext(Settings.EMPTY)));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -485,7 +493,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
|||
private boolean usersEnabled = true;
|
||||
|
||||
AlwaysAuthenticateCachingRealm(Settings globalSettings) {
|
||||
this(new RealmConfig("always-test", Settings.EMPTY, globalSettings, new ThreadContext(Settings.EMPTY)));
|
||||
this(new RealmConfig("always-test", Settings.EMPTY, globalSettings, new Environment(globalSettings),
|
||||
new ThreadContext(Settings.EMPTY)));
|
||||
}
|
||||
|
||||
AlwaysAuthenticateCachingRealm(RealmConfig config) {
|
||||
|
@ -516,7 +525,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
|||
public final AtomicInteger lookupInvocationCounter = new AtomicInteger(0);
|
||||
|
||||
LookupNotSupportedRealm(Settings globalSettings) {
|
||||
super("lookup", new RealmConfig("lookup-notsupported-test", Settings.EMPTY, globalSettings, new ThreadContext(Settings.EMPTY)));
|
||||
super("lookup", new RealmConfig("lookup-notsupported-test", Settings.EMPTY, globalSettings, new Environment(globalSettings),
|
||||
new ThreadContext(Settings.EMPTY)));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -283,7 +283,7 @@ public class DnRoleMapperTests extends ESTestCase {
|
|||
Settings ldapSettings = Settings.builder()
|
||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new Environment(settings), new ThreadContext(Settings.EMPTY));
|
||||
|
||||
DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool));
|
||||
|
||||
|
@ -297,7 +297,7 @@ public class DnRoleMapperTests extends ESTestCase {
|
|||
Settings ldapSettings = Settings.builder()
|
||||
.put(USE_UNMAPPED_GROUPS_AS_ROLES_SETTING_KEY, true)
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new Environment(settings), new ThreadContext(Settings.EMPTY));
|
||||
|
||||
DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool));
|
||||
|
||||
|
@ -311,7 +311,8 @@ public class DnRoleMapperTests extends ESTestCase {
|
|||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||
.put(USE_UNMAPPED_GROUPS_AS_ROLES_SETTING_KEY, false)
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig("ldap-userdn-role", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("ldap-userdn-role", ldapSettings, settings, new Environment(settings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
|
||||
DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool));
|
||||
|
||||
|
|
|
@ -15,6 +15,7 @@ import org.elasticsearch.bootstrap.BootstrapCheck;
|
|||
import org.elasticsearch.bootstrap.BootstrapContext;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.xpack.security.authc.RealmConfig;
|
||||
import org.junit.Before;
|
||||
|
@ -42,7 +43,8 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
|||
Settings ldapSettings = Settings.builder()
|
||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new Environment(settings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
||||
assertThat(check, notNullValue());
|
||||
assertThat(check.alwaysEnforce(), equalTo(true));
|
||||
|
@ -55,7 +57,8 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
|||
Settings ldapSettings = Settings.builder()
|
||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig("the-realm-name", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("the-realm-name", ldapSettings, settings, new Environment(settings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
||||
assertThat(check, notNullValue());
|
||||
assertThat(check.alwaysEnforce(), equalTo(true));
|
||||
|
@ -74,7 +77,8 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
|||
Settings ldapSettings = Settings.builder()
|
||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig("the-realm-name", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("the-realm-name", ldapSettings, settings, new Environment(settings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
||||
assertThat(check, notNullValue());
|
||||
assertThat(check.alwaysEnforce(), equalTo(true));
|
||||
|
@ -93,7 +97,8 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
|||
Settings ldapSettings = Settings.builder()
|
||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig("the-realm-name", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("the-realm-name", ldapSettings, settings, new Environment(settings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
||||
assertThat(check, notNullValue());
|
||||
assertThat(check.alwaysEnforce(), equalTo(true));
|
||||
|
|
|
@ -108,7 +108,7 @@ public class OpenLdapTests extends ESTestCase {
|
|||
String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
|
||||
String userTemplate = "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
|
||||
RealmConfig config = new RealmConfig("oldap-test", buildLdapSettings(OPEN_LDAP_URL, userTemplate, groupSearchBase,
|
||||
LdapSearchScope.ONE_LEVEL), globalSettings, new ThreadContext(Settings.EMPTY));
|
||||
LdapSearchScope.ONE_LEVEL), globalSettings, new Environment(globalSettings), new ThreadContext(Settings.EMPTY));
|
||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||
|
||||
String[] users = new String[] { "blackwidow", "cap", "hawkeye", "hulk", "ironman", "thor" };
|
||||
|
@ -126,7 +126,7 @@ public class OpenLdapTests extends ESTestCase {
|
|||
String groupSearchBase = "cn=Avengers,ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
|
||||
String userTemplate = "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
|
||||
RealmConfig config = new RealmConfig("oldap-test", buildLdapSettings(OPEN_LDAP_URL, userTemplate, groupSearchBase,
|
||||
LdapSearchScope.BASE), globalSettings, new ThreadContext(Settings.EMPTY));
|
||||
LdapSearchScope.BASE), globalSettings, new Environment(globalSettings), new ThreadContext(Settings.EMPTY));
|
||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||
|
||||
String[] users = new String[] { "blackwidow", "cap", "hawkeye", "hulk", "ironman", "thor" };
|
||||
|
@ -145,7 +145,8 @@ public class OpenLdapTests extends ESTestCase {
|
|||
.put("group_search.filter", "(&(objectclass=posixGroup)(memberUid={0}))")
|
||||
.put("group_search.user_attribute", "uid")
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new Environment(globalSettings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||
|
||||
try (LdapSession ldap = session(sessionFactory, "selvig", PASSWORD_SECURE_STRING)){
|
||||
|
@ -163,7 +164,8 @@ public class OpenLdapTests extends ESTestCase {
|
|||
.put("ssl.verification_mode", VerificationMode.CERTIFICATE)
|
||||
.put(SessionFactory.TIMEOUT_TCP_READ_SETTING, "1ms") //1 millisecond
|
||||
.build();
|
||||
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new Environment(globalSettings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||
|
||||
LDAPException expected = expectThrows(LDAPException.class,
|
||||
|
@ -180,7 +182,8 @@ public class OpenLdapTests extends ESTestCase {
|
|||
.put("ssl.verification_mode", VerificationMode.FULL)
|
||||
.build();
|
||||
|
||||
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new ThreadContext(Settings.EMPTY));
|
||||
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new Environment(globalSettings),
|
||||
new ThreadContext(Settings.EMPTY));
|
||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||
|
||||
String user = "blackwidow";
|
||||
|
|
Loading…
Reference in New Issue