Merge pull request elastic/elasticsearch#1440 from s1monw/migrate_to_strict_settings
Converte to strict settings infrastructure elastic/elasticsearchelastic/elasticsearch#16365 Original commit: elastic/x-pack-elasticsearch@e3b37de4f4
This commit is contained in:
commit
5abc2f836e
|
@ -13,7 +13,9 @@ import org.elasticsearch.common.component.LifecycleComponent;
|
|||
import org.elasticsearch.common.inject.Inject;
|
||||
import org.elasticsearch.common.inject.Module;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
import org.elasticsearch.license.plugin.action.delete.DeleteLicenseAction;
|
||||
import org.elasticsearch.license.plugin.action.delete.TransportDeleteLicenseAction;
|
||||
import org.elasticsearch.license.plugin.action.get.GetLicenseAction;
|
||||
|
@ -93,4 +95,9 @@ public class LicensePlugin extends Plugin {
|
|||
}
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
public void onModule(SettingsModule module) {
|
||||
// TODO convert this wildcard to a real setting
|
||||
module.registerSetting(Setting.groupSetting("license.", false, Setting.Scope.CLUSTER));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -60,7 +60,6 @@ public class LicensesServiceClusterTests extends AbstractLicensesIntegrationTest
|
|||
.put(super.nodeSettings(nodeOrdinal))
|
||||
.put("plugins.load_classpath_plugins", false)
|
||||
.put("node.data", true)
|
||||
.put("format", "json")
|
||||
// this setting is only used in tests
|
||||
.put("_trial_license_duration_in_seconds", 9)
|
||||
// this setting is only used in tests
|
||||
|
|
|
@ -8,7 +8,9 @@ package org.elasticsearch.license.plugin.consumer;
|
|||
import org.elasticsearch.client.Client;
|
||||
import org.elasticsearch.cluster.node.DiscoveryNode;
|
||||
import org.elasticsearch.common.component.LifecycleComponent;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
@ -47,6 +49,15 @@ public abstract class TestConsumerPluginBase extends Plugin {
|
|||
return services;
|
||||
}
|
||||
|
||||
public void onModule(SettingsModule module) {
|
||||
try {
|
||||
module.registerSetting(Setting.simpleString("_trial_license_duration_in_seconds", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("_grace_duration_in_seconds", false, Setting.Scope.CLUSTER));
|
||||
} catch (IllegalArgumentException ex) {
|
||||
// already loaded
|
||||
}
|
||||
}
|
||||
|
||||
public abstract Class<? extends TestPluginServiceBase> service();
|
||||
|
||||
protected abstract String pluginName();
|
||||
|
|
|
@ -137,5 +137,9 @@ public class MarvelPlugin extends Plugin {
|
|||
module.registerSetting(CleanerService.HISTORY_SETTING);
|
||||
module.registerSetting(INDEX_MARVEL_VERSION_SETTING);
|
||||
module.registerSetting(INDEX_MARVEL_TEMPLATE_VERSION_SETTING);
|
||||
// TODO convert these settings to where they belong
|
||||
module.registerSetting(Setting.simpleString("marvel.agent.exporter.es.ssl.truststore.password", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("marvel.agent.exporter.es.ssl.truststore.path", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.boolSetting("marvel.enabled", false, false, Setting.Scope.CLUSTER));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -10,6 +10,7 @@ import org.elasticsearch.client.Client;
|
|||
import org.elasticsearch.common.component.LifecycleComponent;
|
||||
import org.elasticsearch.common.inject.Module;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
|
@ -168,7 +169,7 @@ public class ShieldPlugin extends Plugin {
|
|||
Settings.Builder settingsBuilder = Settings.settingsBuilder();
|
||||
settingsBuilder.put(NetworkModule.TRANSPORT_TYPE_KEY, ShieldPlugin.NAME);
|
||||
settingsBuilder.put(NetworkModule.TRANSPORT_SERVICE_TYPE_KEY, ShieldPlugin.NAME);
|
||||
settingsBuilder.put(NetworkModule.HTTP_TYPE_KEY, ShieldPlugin.NAME);
|
||||
settingsBuilder.put(NetworkModule.HTTP_TYPE_SETTING.getKey(), ShieldPlugin.NAME);
|
||||
addUserSettings(settingsBuilder);
|
||||
addTribeSettings(settingsBuilder);
|
||||
addQueryCacheSettings(settingsBuilder);
|
||||
|
@ -182,6 +183,9 @@ public class ShieldPlugin extends Plugin {
|
|||
settingsModule.registerSetting(IPFilter.HTTP_FILTER_DENY_SETTING);
|
||||
settingsModule.registerSetting(IPFilter.TRANSPORT_FILTER_ALLOW_SETTING);
|
||||
settingsModule.registerSetting(IPFilter.TRANSPORT_FILTER_DENY_SETTING);
|
||||
settingsModule.registerSetting(Setting.boolSetting("plugins.load_classpath_plugins", true, false, Setting.Scope.CLUSTER));
|
||||
// TODO add real settings for this wildcard here
|
||||
settingsModule.registerSetting(Setting.groupSetting("shield.", false, Setting.Scope.CLUSTER));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -42,6 +42,7 @@ import org.elasticsearch.common.xcontent.XContentBuilder;
|
|||
import org.elasticsearch.common.xcontent.XContentBuilderString;
|
||||
import org.elasticsearch.common.xcontent.XContentFactory;
|
||||
import org.elasticsearch.gateway.GatewayService;
|
||||
import org.elasticsearch.node.Node;
|
||||
import org.elasticsearch.rest.RestRequest;
|
||||
import org.elasticsearch.shield.InternalClient;
|
||||
import org.elasticsearch.shield.SystemUser;
|
||||
|
@ -703,11 +704,11 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
|
|||
if (hostPortPairs.size() == 0) {
|
||||
throw new ElasticsearchException("no valid host:port pairs specified for setting [shield.audit.index.client.hosts]");
|
||||
}
|
||||
|
||||
final Settings theClientSetting = clientSettings.filter((s) -> s.startsWith("hosts") == false); // hosts is not a valid setting
|
||||
final TransportClient transportClient = TransportClient.builder()
|
||||
.settings(Settings.builder()
|
||||
.put("name", DEFAULT_CLIENT_NAME + "-" + settings.get("name"))
|
||||
.put(clientSettings))
|
||||
.put("node.name", DEFAULT_CLIENT_NAME + "-" + Node.NODE_NAME_SETTING.get(settings))
|
||||
.put(theClientSetting))
|
||||
.addPlugin(XPackPlugin.class)
|
||||
.build();
|
||||
for (Tuple<String, Integer> pair : hostPortPairs) {
|
||||
|
|
|
@ -63,7 +63,6 @@ public class ClusterPrivilegeTests extends AbstractPrivilegeTestCase {
|
|||
protected Settings nodeSettings(int nodeOrdinal) {
|
||||
return Settings.builder().put(super.nodeSettings(nodeOrdinal))
|
||||
.put(NetworkModule.HTTP_ENABLED.getKey(), true)
|
||||
.put("action.disable_shutdown", true)
|
||||
.put("path.repo", repositoryLocation)
|
||||
.build();
|
||||
}
|
||||
|
|
|
@ -8,12 +8,15 @@ package org.elasticsearch.integration;
|
|||
import org.apache.http.impl.client.CloseableHttpClient;
|
||||
import org.apache.http.impl.client.HttpClients;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||
import org.elasticsearch.common.xcontent.XContentParser;
|
||||
import org.elasticsearch.common.xcontent.json.JsonXContent;
|
||||
import org.elasticsearch.http.HttpServerTransport;
|
||||
import org.elasticsearch.node.Node;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.shield.ssl.AbstractSSLService;
|
||||
|
@ -25,8 +28,10 @@ import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|||
import org.junit.After;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.lang.reflect.Array;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
@ -45,6 +50,36 @@ public class SettingsFilterTests extends ShieldIntegTestCase {
|
|||
httpClient.close();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Collection<Class<? extends Plugin>> nodePlugins() {
|
||||
Collection<Class<? extends Plugin>> classes = super.nodePlugins();
|
||||
ArrayList<Class<? extends Plugin>> newClasses = new ArrayList<>(classes);
|
||||
newClasses.add(TestPlugin.class);
|
||||
return newClasses;
|
||||
}
|
||||
|
||||
public static class TestPlugin extends Plugin {
|
||||
|
||||
public TestPlugin() {}
|
||||
|
||||
@Override
|
||||
public String name() {
|
||||
return "test_settings_adder";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String description() {
|
||||
return "adds some settings this test uses";
|
||||
}
|
||||
|
||||
public void onModule(SettingsModule module) {
|
||||
module.registerSetting(Setting.simpleString("foo.bar", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("foo.baz", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("bar.baz", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("baz.foo", false, Setting.Scope.CLUSTER));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Settings nodeSettings(int nodeOrdinal) {
|
||||
int clientProfilePort = randomIntBetween(49000, 65400);
|
||||
|
|
|
@ -10,6 +10,7 @@ import org.elasticsearch.common.inject.Guice;
|
|||
import org.elasticsearch.common.inject.Injector;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.network.NetworkService;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.SettingsFilter;
|
||||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
|
@ -34,7 +35,9 @@ public class AuditTrailModuleTests extends ESTestCase {
|
|||
.put("client.type", "node")
|
||||
.put("shield.audit.enabled", false)
|
||||
.build();
|
||||
Injector injector = Guice.createInjector(new SettingsModule(settings, new SettingsFilter(settings)), new AuditTrailModule(settings));
|
||||
SettingsModule settingsModule = new SettingsModule(settings, new SettingsFilter(settings));
|
||||
settingsModule.registerSetting(Setting.boolSetting("shield.audit.enabled", true, false, Setting.Scope.CLUSTER));
|
||||
Injector injector = Guice.createInjector(settingsModule, new AuditTrailModule(settings));
|
||||
AuditTrail auditTrail = injector.getInstance(AuditTrail.class);
|
||||
assertThat(auditTrail, is(AuditTrail.NOOP));
|
||||
}
|
||||
|
@ -54,8 +57,10 @@ public class AuditTrailModuleTests extends ESTestCase {
|
|||
.build();
|
||||
ThreadPool pool = new ThreadPool("testLogFile");
|
||||
try {
|
||||
SettingsModule settingsModule = new SettingsModule(settings, new SettingsFilter(settings));
|
||||
settingsModule.registerSetting(Setting.boolSetting("shield.audit.enabled", true, false, Setting.Scope.CLUSTER));
|
||||
Injector injector = Guice.createInjector(
|
||||
new SettingsModule(settings, new SettingsFilter(settings)),
|
||||
settingsModule,
|
||||
new NetworkModule(new NetworkService(settings), settings, false, null) {
|
||||
@Override
|
||||
protected void configure() {
|
||||
|
@ -84,8 +89,11 @@ public class AuditTrailModuleTests extends ESTestCase {
|
|||
.put("shield.audit.outputs" , "foo")
|
||||
.put("client.type", "node")
|
||||
.build();
|
||||
SettingsModule settingsModule = new SettingsModule(settings, new SettingsFilter(settings));
|
||||
settingsModule.registerSetting(Setting.boolSetting("shield.audit.enabled", true, false, Setting.Scope.CLUSTER));
|
||||
settingsModule.registerSetting(Setting.simpleString("shield.audit.outputs", false, Setting.Scope.CLUSTER));
|
||||
try {
|
||||
Guice.createInjector(new SettingsModule(settings, new SettingsFilter(settings)), new AuditTrailModule(settings));
|
||||
Guice.createInjector(settingsModule, new AuditTrailModule(settings));
|
||||
fail("Expect initialization to fail when an unknown audit trail output is configured");
|
||||
} catch (Throwable t) {
|
||||
// expected
|
||||
|
|
|
@ -13,6 +13,7 @@ import org.elasticsearch.common.transport.InetSocketTransportAddress;
|
|||
import org.elasticsearch.common.transport.TransportAddress;
|
||||
import org.elasticsearch.test.ShieldIntegTestCase;
|
||||
import org.elasticsearch.transport.Transport;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
|
||||
import java.net.InetSocketAddress;
|
||||
import java.nio.file.Files;
|
||||
|
@ -74,7 +75,7 @@ public class SslHostnameVerificationTests extends ShieldIntegTestCase {
|
|||
.put(ShieldNettyTransport.HOSTNAME_VERIFICATION_SETTING, true)
|
||||
.build();
|
||||
|
||||
try (TransportClient client = TransportClient.builder().settings(settings).build()) {
|
||||
try (TransportClient client = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
|
||||
client.addTransportAddress(new InetSocketTransportAddress(inetSocketAddress.getAddress(), inetSocketAddress.getPort()));
|
||||
client.admin().cluster().prepareHealth().get();
|
||||
fail("Expected a NoNodeAvailableException due to hostname verification failures");
|
||||
|
|
|
@ -28,6 +28,7 @@ import org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport;
|
|||
import org.elasticsearch.test.ShieldIntegTestCase;
|
||||
import org.elasticsearch.test.ShieldSettingsSource;
|
||||
import org.elasticsearch.transport.Transport;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLHandshakeException;
|
||||
|
@ -58,9 +59,9 @@ public class SslIntegrationTests extends ShieldIntegTestCase {
|
|||
|
||||
// no SSL exception as this is the exception is returned when connecting
|
||||
public void testThatUnconfiguredCiphersAreRejected() {
|
||||
try (TransportClient transportClient = TransportClient.builder().settings(settingsBuilder()
|
||||
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settingsBuilder()
|
||||
.put(transportClientSettings())
|
||||
.put("name", "programmatic_transport_client")
|
||||
.put("node.name", "programmatic_transport_client")
|
||||
.put("cluster.name", internalCluster().getClusterName())
|
||||
.putArray("shield.ssl.ciphers", new String[]{"TLS_ECDH_anon_WITH_RC4_128_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA"})
|
||||
.build()).build()) {
|
||||
|
@ -77,9 +78,9 @@ public class SslIntegrationTests extends ShieldIntegTestCase {
|
|||
|
||||
// no SSL exception as this is the exception is returned when connecting
|
||||
public void testThatTransportClientUsingSSLv3ProtocolIsRejected() {
|
||||
try(TransportClient transportClient = TransportClient.builder().settings(settingsBuilder()
|
||||
try(TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settingsBuilder()
|
||||
.put(transportClientSettings())
|
||||
.put("name", "programmatic_transport_client")
|
||||
.put("node.name", "programmatic_transport_client")
|
||||
.put("cluster.name", internalCluster().getClusterName())
|
||||
.putArray("shield.ssl.supported_protocols", new String[]{"SSLv3"})
|
||||
.build()).build()) {
|
||||
|
|
|
@ -85,7 +85,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
|
|||
|
||||
private TransportClient createTransportClient(Settings additionalSettings) {
|
||||
Settings settings = settingsBuilder().put(transportClientSettings())
|
||||
.put("name", "programmatic_transport_client")
|
||||
.put("node.name", "programmatic_transport_client")
|
||||
.put("cluster.name", internalCluster().getClusterName())
|
||||
.put(additionalSettings)
|
||||
.build();
|
||||
|
@ -232,7 +232,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
|
|||
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
|
||||
.put("cluster.name", internalCluster().getClusterName())
|
||||
.build();
|
||||
try (TransportClient transportClient = TransportClient.builder().settings(settings).build()) {
|
||||
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
|
||||
transportClient.addTransportAddress(randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses()));
|
||||
assertGreenClusterState(transportClient);
|
||||
fail("Expected NoNodeAvailableException");
|
||||
|
@ -250,7 +250,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
|
|||
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
|
||||
.put("cluster.name", internalCluster().getClusterName())
|
||||
.build();
|
||||
try (TransportClient transportClient = TransportClient.builder().settings(settings).build()) {
|
||||
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
|
||||
transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("client")));
|
||||
assertGreenClusterState(transportClient);
|
||||
fail("Expected NoNodeAvailableException");
|
||||
|
@ -268,7 +268,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
|
|||
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
|
||||
.put("cluster.name", internalCluster().getClusterName())
|
||||
.build();
|
||||
try (TransportClient transportClient = TransportClient.builder().settings(settings).build()) {
|
||||
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
|
||||
transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_client_auth")));
|
||||
assertGreenClusterState(transportClient);
|
||||
fail("Expected NoNodeAvailableException");
|
||||
|
@ -310,7 +310,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
|
|||
.put("shield.ssl.truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks"))
|
||||
.put("shield.ssl.truststore.password", "truststore-testnode-only")
|
||||
.build();
|
||||
try (TransportClient transportClient = TransportClient.builder().settings(settings).build()) {
|
||||
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
|
||||
transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("client")));
|
||||
assertGreenClusterState(transportClient);
|
||||
fail("Expected NoNodeAvailableException");
|
||||
|
@ -333,7 +333,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
|
|||
.put("shield.ssl.truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks"))
|
||||
.put("shield.ssl.truststore.password", "truststore-testnode-only")
|
||||
.build();
|
||||
try (TransportClient transportClient = TransportClient.builder().settings(settings).build()) {
|
||||
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
|
||||
transportClient.addTransportAddress(randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses()));
|
||||
assertGreenClusterState(transportClient);
|
||||
fail("Expected NoNodeAvailableException");
|
||||
|
@ -355,7 +355,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
|
|||
.put("shield.ssl.truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks"))
|
||||
.put("shield.ssl.truststore.password", "truststore-testnode-only")
|
||||
.build();
|
||||
try (TransportClient transportClient = TransportClient.builder().settings(settings).build()) {
|
||||
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
|
||||
transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_ssl")));
|
||||
assertGreenClusterState(transportClient);
|
||||
fail("Expected NoNodeAvailableException");
|
||||
|
@ -375,7 +375,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
|
|||
.put("cluster.name", internalCluster().getClusterName())
|
||||
.put("shield.transport.ssl", true)
|
||||
.build();
|
||||
try (TransportClient transportClient = TransportClient.builder().settings(settings).build()) {
|
||||
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
|
||||
transportClient.addTransportAddress(randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses()));
|
||||
assertGreenClusterState(transportClient);
|
||||
fail("Expected NoNodeAvailableException");
|
||||
|
@ -395,7 +395,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
|
|||
.put("cluster.name", internalCluster().getClusterName())
|
||||
.put("shield.transport.ssl", true)
|
||||
.build();
|
||||
try (TransportClient transportClient = TransportClient.builder().settings(settings).build()) {
|
||||
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
|
||||
transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("client")));
|
||||
assertGreenClusterState(transportClient);
|
||||
fail("Expected NoNodeAvailableException");
|
||||
|
@ -415,7 +415,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
|
|||
.put("cluster.name", internalCluster().getClusterName())
|
||||
.put("shield.transport.ssl", true)
|
||||
.build();
|
||||
try (TransportClient transportClient = TransportClient.builder().settings(settings).build()) {
|
||||
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
|
||||
transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_client_auth")));
|
||||
assertGreenClusterState(transportClient);
|
||||
fail("Expected NoNodeAvailableException");
|
||||
|
@ -435,7 +435,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
|
|||
.put("cluster.name", internalCluster().getClusterName())
|
||||
.put("shield.transport.ssl", true)
|
||||
.build();
|
||||
try (TransportClient transportClient = TransportClient.builder().settings(settings).build()) {
|
||||
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
|
||||
transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_ssl")));
|
||||
assertGreenClusterState(transportClient);
|
||||
fail("Expected NoNodeAvailableException");
|
||||
|
|
|
@ -123,6 +123,7 @@ public class XPackPlugin extends Plugin {
|
|||
shieldPlugin.onModule(module);
|
||||
marvelPlugin.onModule(module);
|
||||
watcherPlugin.onModule(module);
|
||||
licensePlugin.onModule(module);
|
||||
}
|
||||
|
||||
public void onModule(NetworkModule module) {
|
||||
|
|
|
@ -17,10 +17,10 @@ import org.elasticsearch.common.logging.Loggers;
|
|||
import org.elasticsearch.common.logging.support.LoggerMessageFormat;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.regex.Regex;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.script.ScriptEngineRegistry;
|
||||
import org.elasticsearch.script.ScriptModule;
|
||||
import org.elasticsearch.watcher.actions.WatcherActionModule;
|
||||
import org.elasticsearch.watcher.actions.email.service.EmailService;
|
||||
|
@ -49,6 +49,7 @@ import org.elasticsearch.watcher.rest.action.RestPutWatchAction;
|
|||
import org.elasticsearch.watcher.rest.action.RestWatchServiceAction;
|
||||
import org.elasticsearch.watcher.rest.action.RestWatcherInfoAction;
|
||||
import org.elasticsearch.watcher.rest.action.RestWatcherStatsAction;
|
||||
import org.elasticsearch.watcher.shield.ShieldSecretService;
|
||||
import org.elasticsearch.watcher.shield.WatcherShieldModule;
|
||||
import org.elasticsearch.watcher.support.WatcherIndexTemplateRegistry.TemplateConfig;
|
||||
import org.elasticsearch.watcher.support.clock.ClockModule;
|
||||
|
@ -191,6 +192,31 @@ public class WatcherPlugin extends Plugin {
|
|||
module.registerSetting(InternalEmailService.EMAIL_ACCOUNT_SETTING);
|
||||
module.registerSetting(InternalHipChatService.HIPCHAT_ACCOUNT_SETTING);
|
||||
module.registerSetting(InternalPagerDutyService.PAGERDUTY_ACCOUNT_SETTING);
|
||||
module.registerSetting(Setting.intSetting("watcher.execution.scroll.size", 0, false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.intSetting("watcher.watch.scroll.size", 0, false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.boolSetting("watcher.enabled", false, false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(ShieldSecretService.ENCRYPT_SENSITIVE_DATA_SETTING);
|
||||
// TODO add real settings for these
|
||||
module.registerSetting(Setting.simpleString("resource.reload.interval", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("resource.reload.enabled", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("resource.reload.interval.low", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("resource.reload.interval.medium", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.internal.ops.search.default_timeout", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.internal.ops.bulk.default_timeout", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.internal.ops.index.default_timeout", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.execution.default_throttle_period", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.http.default_read_timeout", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.groupSetting("watcher.http.ssl.", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.groupSetting("watcher.http.proxy.", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.actions.index.default_timeout", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.index.rest.direct_access", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.trigger.schedule.engine", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.input.search.default_timeout", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.transform.search.default_timeout", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.trigger.schedule.ticker.tick_interval", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.execution.scroll.timeout", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.start_immediately", false, Setting.Scope.CLUSTER));
|
||||
module.registerSetting(Setting.simpleString("watcher.http.default_connection_timeout", false, Setting.Scope.CLUSTER));
|
||||
}
|
||||
|
||||
public void onModule(NetworkModule module) {
|
||||
|
|
|
@ -7,6 +7,7 @@ package org.elasticsearch.watcher.shield;
|
|||
|
||||
import org.elasticsearch.common.component.AbstractComponent;
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.shield.crypto.CryptoService;
|
||||
import org.elasticsearch.watcher.support.secret.SecretService;
|
||||
|
@ -18,11 +19,11 @@ public class ShieldSecretService extends AbstractComponent implements SecretServ
|
|||
|
||||
private final CryptoService cryptoService;
|
||||
private final boolean encryptSensitiveData;
|
||||
|
||||
public static final Setting<Boolean> ENCRYPT_SENSITIVE_DATA_SETTING = Setting.boolSetting("watcher.shield.encrypt_sensitive_data", false, false, Setting.Scope.CLUSTER);
|
||||
@Inject
|
||||
public ShieldSecretService(Settings settings, CryptoService cryptoService) {
|
||||
super(settings);
|
||||
this.encryptSensitiveData = settings.getAsBoolean("watcher.shield.encrypt_sensitive_data", false);
|
||||
this.encryptSensitiveData = ENCRYPT_SENSITIVE_DATA_SETTING.get(settings);
|
||||
this.cryptoService = cryptoService;
|
||||
}
|
||||
|
||||
|
|
|
@ -127,12 +127,12 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase
|
|||
logger.info("using schedule engine [" + scheduleImplName + "]");
|
||||
return Settings.builder()
|
||||
.put(super.nodeSettings(nodeOrdinal))
|
||||
|
||||
//TODO: for now lets isolate watcher tests from marvel (randomize this later)
|
||||
.put("marvel.enabled", false)
|
||||
// we do this by default in core, but for watcher this isn't needed and only adds noise.
|
||||
.put("index.store.mock.check_index_on_close", false)
|
||||
.put("scroll.size", randomIntBetween(1, 100))
|
||||
.put("watcher.execution.scroll.size", randomIntBetween(1, 100))
|
||||
.put("watcher.watch.scroll.size", randomIntBetween(1, 100))
|
||||
.put(ShieldSettings.settings(shieldEnabled))
|
||||
.put("watcher.trigger.schedule.engine", scheduleImplName)
|
||||
.build();
|
||||
|
|
|
@ -86,11 +86,14 @@ public class HttpSecretsIntegrationTests extends AbstractWatcherIntegrationTestC
|
|||
if (encryptSensitiveData == null) {
|
||||
encryptSensitiveData = shieldEnabled() && randomBoolean();
|
||||
}
|
||||
if (encryptSensitiveData) {
|
||||
return Settings.builder()
|
||||
.put(super.nodeSettings(nodeOrdinal))
|
||||
.put("watcher.shield.encrypt_sensitive_data", encryptSensitiveData)
|
||||
.build();
|
||||
}
|
||||
return super.nodeSettings(nodeOrdinal);
|
||||
}
|
||||
|
||||
public void testHttpInput() throws Exception {
|
||||
WatcherClient watcherClient = watcherClient();
|
||||
|
|
Loading…
Reference in New Issue