mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-17 18:35:25 +00:00
Merge branch 'master' into feature/sql
Original commit: elastic/x-pack-elasticsearch@141332d3fc
This commit is contained in:
Nik Everett
commit
5806b620c5
@ -49,7 +49,7 @@ public class ClusterAlertsUtil {
|
||||
* The last time that all watches were updated. For now, all watches have been updated in the same version and should all be replaced
|
||||
* together.
|
||||
*/
|
||||
public static final int LAST_UPDATED_VERSION = Version.V_6_0_0_beta1.id;
|
||||
public static final int LAST_UPDATED_VERSION = Version.V_7_0_0_alpha1.id;
|
||||
|
||||
/**
|
||||
* An unsorted list of Watch IDs representing resource files for Monitoring Cluster Alerts.
|
||||
|
||||
@ -32,6 +32,7 @@ import org.elasticsearch.xpack.security.user.AnonymousUser;
|
||||
|
||||
import static java.util.Collections.singletonMap;
|
||||
import static org.elasticsearch.xpack.XPackSettings.HTTP_SSL_ENABLED;
|
||||
import static org.elasticsearch.xpack.XPackSettings.TRANSPORT_SSL_ENABLED;
|
||||
|
||||
/**
|
||||
* Indicates whether the features of Security are currently in use
|
||||
@ -141,7 +142,10 @@ public class SecurityFeatureSet implements XPackFeatureSet {
|
||||
}
|
||||
|
||||
static Map<String, Object> sslUsage(Settings settings) {
|
||||
return singletonMap("http", singletonMap("enabled", HTTP_SSL_ENABLED.get(settings)));
|
||||
Map<String, Object> map = new HashMap<>(2);
|
||||
map.put("http", singletonMap("enabled", HTTP_SSL_ENABLED.get(settings)));
|
||||
map.put("transport", singletonMap("enabled", TRANSPORT_SSL_ENABLED.get(settings)));
|
||||
return map;
|
||||
}
|
||||
|
||||
static Map<String, Object> auditUsage(Settings settings) {
|
||||
|
||||
@ -38,6 +38,11 @@ public class ExpressionRoleMapping implements ToXContentObject, Writeable {
|
||||
|
||||
private static final ObjectParser<Builder, String> PARSER = new ObjectParser<>("role-mapping", Builder::new);
|
||||
|
||||
/**
|
||||
* The Upgrade API added a 'type' field when converting from 5 to 6.
|
||||
* We don't use it, but we need to skip it if it exists.
|
||||
*/
|
||||
private static final String UPGRADE_API_TYPE_FIELD = "type";
|
||||
|
||||
static {
|
||||
PARSER.declareStringArray(Builder::roles, Fields.ROLES);
|
||||
@ -46,8 +51,9 @@ public class ExpressionRoleMapping implements ToXContentObject, Writeable {
|
||||
PARSER.declareBoolean(Builder::enabled, Fields.ENABLED);
|
||||
BiConsumer<Builder, String> ignored = (b, v) -> {
|
||||
};
|
||||
// skip the doc_type field in case we're parsing directly from the index
|
||||
// skip the doc_type and type fields in case we're parsing directly from the index
|
||||
PARSER.declareString(ignored, new ParseField(NativeRoleMappingStore.DOC_TYPE_FIELD));
|
||||
PARSER.declareString(ignored, new ParseField(UPGRADE_API_TYPE_FIELD));
|
||||
}
|
||||
|
||||
private final String name;
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
"link": "elasticsearch/indices",
|
||||
"severity": 2100,
|
||||
"type": "monitoring",
|
||||
"version_created": 6000026,
|
||||
"version_created": 7000001,
|
||||
"watch": "${monitoring.watch.id}"
|
||||
}
|
||||
},
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
"link": "elasticsearch/nodes",
|
||||
"severity": 1000,
|
||||
"type": "monitoring",
|
||||
"version_created": 6000026,
|
||||
"version_created": 7000001,
|
||||
"watch": "${monitoring.watch.id}"
|
||||
}
|
||||
},
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
"link": "kibana/instances",
|
||||
"severity": 1000,
|
||||
"type": "monitoring",
|
||||
"version_created": 6000026,
|
||||
"version_created": 7000001,
|
||||
"watch": "${monitoring.watch.id}"
|
||||
}
|
||||
},
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
"link": "logstash/instances",
|
||||
"severity": 1000,
|
||||
"type": "monitoring",
|
||||
"version_created": 6000026,
|
||||
"version_created": 7000001,
|
||||
"watch": "${monitoring.watch.id}"
|
||||
}
|
||||
},
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
"alert_index": ".monitoring-alerts-6",
|
||||
"cluster_uuid": "${monitoring.watch.cluster_uuid}",
|
||||
"type": "monitoring",
|
||||
"version_created": 6000026,
|
||||
"version_created": 7000001,
|
||||
"watch": "${monitoring.watch.id}"
|
||||
}
|
||||
},
|
||||
|
||||
@ -5,7 +5,6 @@
|
||||
*/
|
||||
package org.elasticsearch.xpack.monitoring.exporter.http;
|
||||
|
||||
import org.apache.lucene.util.LuceneTestCase.AwaitsFix;
|
||||
import org.elasticsearch.Version;
|
||||
import org.elasticsearch.action.ActionListener;
|
||||
import org.elasticsearch.action.DocWriteRequest;
|
||||
@ -73,7 +72,6 @@ import static org.hamcrest.Matchers.notNullValue;
|
||||
|
||||
@ESIntegTestCase.ClusterScope(scope = Scope.TEST,
|
||||
numDataNodes = 1, numClientNodes = 0, transportClientRatio = 0.0, supportsDedicatedMasters = false)
|
||||
@AwaitsFix(bugUrl = "https://github.com/elastic/x-pack-elasticsearch/issues/2671")
|
||||
public class HttpExporterIT extends MonitoringIntegTestCase {
|
||||
|
||||
private final boolean templatesExistsAlready = randomBoolean();
|
||||
@ -139,7 +137,7 @@ public class HttpExporterIT extends MonitoringIntegTestCase {
|
||||
|
||||
public void testExportWithHeaders() throws Exception {
|
||||
final String headerValue = randomAlphaOfLengthBetween(3, 9);
|
||||
final String[] array = generateRandomStringArray(2, 4, false);
|
||||
final String[] array = generateRandomStringArray(2, 4, false, false);
|
||||
|
||||
final Map<String, String[]> headers = new HashMap<>();
|
||||
|
||||
@ -176,7 +174,7 @@ public class HttpExporterIT extends MonitoringIntegTestCase {
|
||||
final boolean useHeaders = randomBoolean();
|
||||
|
||||
final String headerValue = randomAlphaOfLengthBetween(3, 9);
|
||||
final String[] array = generateRandomStringArray(2, 4, false);
|
||||
final String[] array = generateRandomStringArray(2, 4, false, false);
|
||||
|
||||
final Map<String, String[]> headers = new HashMap<>();
|
||||
|
||||
@ -779,7 +777,7 @@ public class HttpExporterIT extends MonitoringIntegTestCase {
|
||||
if (randomBoolean()) {
|
||||
enqueueResponse(webServer, 404, "watch [" + watchId + "] does not exist");
|
||||
} else if (randomBoolean()) {
|
||||
final int version = LAST_UPDATED_VERSION - randomIntBetween(1, 1000000);
|
||||
final int version = ClusterAlertsUtil.LAST_UPDATED_VERSION - randomIntBetween(1, 1000000);
|
||||
|
||||
// it DOES exist, but it's an older version
|
||||
enqueueResponse(webServer, 200, "{\"metadata\":{\"xpack\":{\"version_created\":" + version + "}}}");
|
||||
|
||||
@ -97,6 +97,8 @@ public class SecurityFeatureSetTests extends ESTestCase {
|
||||
|
||||
final boolean httpSSLEnabled = randomBoolean();
|
||||
settings.put("xpack.security.http.ssl.enabled", httpSSLEnabled);
|
||||
final boolean transportSSLEnabled = randomBoolean();
|
||||
settings.put("xpack.security.transport.ssl.enabled", transportSSLEnabled);
|
||||
final boolean auditingEnabled = randomBoolean();
|
||||
settings.put(XPackSettings.AUDIT_ENABLED.getKey(), auditingEnabled);
|
||||
final String[] auditOutputs = randomFrom(
|
||||
@ -184,8 +186,9 @@ public class SecurityFeatureSetTests extends ESTestCase {
|
||||
assertThat(source.getValue("realms"), is(notNullValue()));
|
||||
}
|
||||
|
||||
// check http SSL
|
||||
// check SSL
|
||||
assertThat(source.getValue("ssl.http.enabled"), is(httpSSLEnabled));
|
||||
assertThat(source.getValue("ssl.transport.enabled"), is(transportSSLEnabled));
|
||||
|
||||
// auditing
|
||||
assertThat(source.getValue("audit.enabled"), is(auditingEnabled));
|
||||
|
||||
@ -40,6 +40,7 @@ import org.hamcrest.Matchers;
|
||||
import org.junit.Before;
|
||||
import org.mockito.Mockito;
|
||||
|
||||
import static org.hamcrest.Matchers.containsInAnyOrder;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.hamcrest.Matchers.instanceOf;
|
||||
@ -118,6 +119,20 @@ public class ExpressionRoleMappingTests extends ESTestCase {
|
||||
assertThat(ex.getMessage(), containsString("disabled"));
|
||||
}
|
||||
|
||||
public void testParsingIgnoresTypeFields() throws Exception {
|
||||
String json = "{"
|
||||
+ "\"enabled\": true, "
|
||||
+ "\"roles\": [ \"kibana_user\", \"sales\" ], "
|
||||
+ "\"rules\": "
|
||||
+ " { \"field\": { \"dn\" : \"*,ou=sales,dc=example,dc=com\" } }, "
|
||||
+ "\"doc_type\": \"role-mapping\", "
|
||||
+ "\"type\": \"doc\""
|
||||
+ "}";
|
||||
final ExpressionRoleMapping mapping = parse(json, "from_index");
|
||||
assertThat(mapping.isEnabled(), equalTo(true));
|
||||
assertThat(mapping.getRoles(), containsInAnyOrder("kibana_user", "sales"));
|
||||
}
|
||||
|
||||
private ExpressionRoleMapping parse(String json, String name) throws IOException {
|
||||
final NamedXContentRegistry registry = NamedXContentRegistry.EMPTY;
|
||||
final XContentParser parser = XContentType.JSON.xContent().createParser(registry, json);
|
||||
|
||||
@ -364,11 +364,12 @@ DATA_SETTINGS
|
||||
masterSettings=$(sudo curl -u "elastic:changeme" \
|
||||
-H "Content-Type: application/json" \
|
||||
--cacert "$ESCONFIG/x-pack/certs/ca/ca.crt" \
|
||||
-XGET "https://127.0.0.1:9200/_nodes/node-master?filter_path=nodes.*.settings.xpack")
|
||||
-XGET "https://127.0.0.1:9200/_nodes/node-master?filter_path=nodes.*.settings.xpack,nodes.*.settings.http.type,nodes.*.settings.transport.type")
|
||||
|
||||
echo "$masterSettings" | grep '"http":{"ssl":{"enabled":"true"}'
|
||||
echo "$masterSettings" | grep '"http":{"type":"security4"}'
|
||||
echo "$masterSettings" | grep '"transport":{"ssl":{"enabled":"true"}'
|
||||
echo "$masterSettings" | grep "\"certificate_authorities\":\[\"$ESCONFIG/x-pack/certs/ca/ca.crt\"\]"
|
||||
echo "$masterSettings" | grep '"transport":{"type":"security4"}'
|
||||
|
||||
load $DATA_UTILS
|
||||
export ESHOME="$DATA_HOME"
|
||||
@ -377,11 +378,12 @@ DATA_SETTINGS
|
||||
dataSettings=$(curl -u "elastic:changeme" \
|
||||
-H "Content-Type: application/json" \
|
||||
--cacert "$ESCONFIG/x-pack/certs/ca/ca.crt" \
|
||||
-XGET "https://127.0.0.1:9200/_nodes/node-data?filter_path=nodes.*.settings.xpack")
|
||||
|
||||
-XGET "https://127.0.0.1:9200/_nodes/node-data?filter_path=nodes.*.settings.xpack,nodes.*.settings.http.type,nodes.*.settings.transport.type")
|
||||
|
||||
echo "$dataSettings" | grep '"http":{"ssl":{"enabled":"true"}'
|
||||
echo "$dataSettings" | grep '"http":{"type":"security4"}'
|
||||
echo "$dataSettings" | grep '"transport":{"ssl":{"enabled":"true"}'
|
||||
echo "$dataSettings" | grep "\"certificate_authorities\":\[\"$ESCONFIG/x-pack/certs/ca/ca.crt\"\]"
|
||||
echo "$dataSettings" | grep '"transport":{"type":"security4"}'
|
||||
|
||||
testSearch=$(curl -u "elastic:changeme" \
|
||||
-H "Content-Type: application/json" \
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user