From a22539aca02620ec01faf50ff50d2246ff90d857 Mon Sep 17 00:00:00 2001 From: jaymode Date: Tue, 8 Mar 2016 14:20:54 -0500 Subject: [PATCH 01/12] shield: add support for new privilege naming This commit adds support for the privilege naming defined in elastic/elasticsearch#1342 and removes the support for the privileges that were deprecated in 2.3. This change also includes updates to the documentation to account for the new roles format. Original commit: elastic/x-pack-elasticsearch@98e9afd40990e3f6fa9796e627417c82e8d162b3 --- .../messy/tests/ShieldCachePermissionIT.java | 3 +- .../qa/shield-reindex-tests/roles.yml | 14 +- .../x-pack/shield/config/xpack/roles.yml | 92 ++------ .../authz/privilege/ClusterPrivilege.java | 44 +++- .../authz/privilege/IndexPrivilege.java | 80 ++++--- .../shield/support/Automatons.java | 2 + .../DocumentLevelSecurityRandomTests.java | 3 +- .../DocumentLevelSecurityTests.java | 6 +- .../FieldLevelSecurityRandomTests.java | 6 +- .../SearchGetAndSuggestPermissionsTests.java | 199 ------------------ .../shield/authz/IndexAliasesTests.java | 22 +- .../InternalAuthorizationServiceTests.java | 2 +- .../authz/permission/PermissionTests.java | 3 +- .../authz/privilege/PrivilegeTests.java | 28 --- .../authz/store/FileRolesStoreTests.java | 9 +- .../test/ShieldSettingsSource.java | 3 +- .../shield/authz/store/default_roles.yml | 92 ++------ .../shield/authz/store/roles.yml | 3 +- 18 files changed, 167 insertions(+), 444 deletions(-) delete mode 100644 elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/ShieldCachePermissionIT.java b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/ShieldCachePermissionIT.java index 4e5c2ab6f35..ba3471e61c5 100644 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/ShieldCachePermissionIT.java +++ b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/ShieldCachePermissionIT.java @@ -53,7 +53,8 @@ public class ShieldCachePermissionIT extends ShieldIntegTestCase { return super.configRoles() + "\nread_one_idx:\n" + " indices:\n" - + " 'data': READ\n"; + + " 'data':\n" + + " - read\n"; } @Override diff --git a/elasticsearch/qa/shield-reindex-tests/roles.yml b/elasticsearch/qa/shield-reindex-tests/roles.yml index 2aaec4b9b6a..059156cd5a6 100644 --- a/elasticsearch/qa/shield-reindex-tests/roles.yml +++ b/elasticsearch/qa/shield-reindex-tests/roles.yml @@ -13,13 +13,13 @@ minimal: indices: - names: source privileges: - - search + - read - write - create_index - indices:admin/refresh - names: dest privileges: - - search + - read - write - create_index - indices:admin/refresh @@ -28,7 +28,7 @@ minimal: readonly: indices: - names: '*' - privileges: [ search ] + privileges: [ read ] # Write operations on destination index, none on source index dest_only: @@ -41,7 +41,7 @@ can_not_see_hidden_docs: indices: - names: source privileges: - - search + - read - write - create_index - indices:admin/refresh @@ -52,7 +52,7 @@ can_not_see_hidden_docs: hidden: true - names: dest privileges: - - search + - read - write - create_index - indices:admin/refresh @@ -62,7 +62,7 @@ can_not_see_hidden_fields: indices: - names: source privileges: - - search + - read - write - create_index - indices:admin/refresh @@ -71,7 +71,7 @@ can_not_see_hidden_fields: - bar - names: dest privileges: - - search + - read - write - create_index - indices:admin/refresh diff --git a/elasticsearch/x-pack/shield/config/xpack/roles.yml b/elasticsearch/x-pack/shield/config/xpack/roles.yml index b43fc06ea7b..1c36fd5ab07 100644 --- a/elasticsearch/x-pack/shield/config/xpack/roles.yml +++ b/elasticsearch/x-pack/shield/config/xpack/roles.yml @@ -26,101 +26,51 @@ user: # Defines the required permissions for transport clients transport_client: cluster: - - cluster:monitor/nodes/liveness - #uncomment the following for sniffing - #- cluster:monitor/state - -# The required permissions for kibana 4 users. -kibana4: - cluster: - - cluster:monitor/nodes/info - - cluster:monitor/health - indices: - - names: '*' - privileges: - - indices:admin/mappings/fields/get - - indices:admin/validate/query - - indices:data/read/search - - indices:data/read/msearch - - indices:data/read/field_stats - - indices:admin/get - - names: '.kibana' - privileges: - - indices:admin/exists - - indices:admin/mapping/put - - indices:admin/mappings/fields/get - - indices:admin/refresh - - indices:admin/validate/query - - indices:data/read/get - - indices:data/read/mget - - indices:data/read/search - - indices:data/write/delete - - indices:data/write/index - - indices:data/write/update + - transport_client # The required permissions for the kibana 4 server kibana4_server: cluster: - - cluster:monitor/nodes/info - - cluster:monitor/health + - monitor indices: - names: '.kibana' privileges: - - indices:admin/create - - indices:admin/exists - - indices:admin/mapping/put - - indices:admin/mappings/fields/get - - indices:admin/refresh - - indices:admin/validate/query - - indices:data/read/get - - indices:data/read/mget - - indices:data/read/search - - indices:data/write/delete - - indices:data/write/index - - indices:data/write/update + - all # The required role for logstash users logstash: cluster: - - indices:admin/template/get - - indices:admin/template/put + - manage_index_templates indices: - names: 'logstash-*' privileges: - - indices:data/write/bulk - - indices:data/write/delete - - indices:data/write/update - - indices:data/read/search - - indices:data/read/scroll + - write + - read - create_index -# Monitoring user role. Assign to monitoring users. +# Marvel user role. Assign to marvel users. monitoring_user: indices: - - names: '.monitoring-*' - privileges: - - read + - names: + - '.marvel-es-*' + - '.monitoring-*' + privileges: [ "read" ] - names: '.kibana' privileges: - - indices:admin/exists - - indices:admin/mappings/fields/get - - indices:admin/validate/query - - indices:data/read/get - - indices:data/read/mget - - indices:data/read/search + - view_index_metadata + - read -# Monitoring remote agent role. Assign to the agent user on the remote monitoring cluster -# to which the monitoring agent will export all its data +# Marvel remote agent role. Assign to the agent user on the remote marvel cluster +# to which the marvel agent will export all its data remote_monitoring_agent: - cluster: - - indices:admin/template/put - - indices:admin/template/get + cluster: [ "manage_index_templates" ] indices: - - names: '.monitoring-*' - privileges: - - all + - names: + - '.marvel-es-*' + - '.monitoring-*' + privileges: [ "all" ] # Allows all operations required to manage ingest pipelines ingest_admin: cluster: - - manage_pipeline \ No newline at end of file + - manage_pipeline diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java index 82ae689c414..9dc00dae90b 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java @@ -6,8 +6,10 @@ package org.elasticsearch.shield.authz.privilege; import dk.brics.automaton.Automaton; -import dk.brics.automaton.BasicAutomata; import org.elasticsearch.common.Strings; +import org.elasticsearch.shield.action.realm.ClearRealmCacheAction; +import org.elasticsearch.shield.action.role.ClearRolesCacheAction; +import org.elasticsearch.shield.support.Automatons; import java.util.Locale; import java.util.Set; @@ -15,16 +17,35 @@ import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.CopyOnWriteArraySet; import java.util.function.Predicate; +import static org.elasticsearch.shield.support.Automatons.minusAndDeterminize; +import static org.elasticsearch.shield.support.Automatons.patterns; + /** * */ public class ClusterPrivilege extends AbstractAutomatonPrivilege { - public static final ClusterPrivilege NONE = new ClusterPrivilege(Name.NONE, BasicAutomata.makeEmpty()); - public static final ClusterPrivilege ALL = new ClusterPrivilege(Name.ALL, "cluster:*", "indices:admin/template/*"); - public static final ClusterPrivilege MONITOR = new ClusterPrivilege("monitor", "cluster:monitor/*"); - public static final ClusterPrivilege MANAGE_SHIELD = new ClusterPrivilege("manage_shield", "cluster:admin/shield/*"); - public static final ClusterPrivilege MANAGE_PIPELINE = new ClusterPrivilege("manage_pipeline", "cluster:admin/ingest/pipeline/*"); + // shared automatons + private static final Automaton MANAGE_USER_AUTOMATON = patterns("cluster:admin/shield/user/*", ClearRolesCacheAction.NAME); + private static final Automaton MANAGE_ROLE_AUTOMATON = patterns("cluster:admin/shield/role/*", ClearRealmCacheAction.NAME); + private static final Automaton MANAGE_SECURITY_AUTOMATON = patterns("cluster:admin/shield/*"); + private static final Automaton MONITOR_AUTOMATON = patterns("cluster:monitor/*"); + private static final Automaton ALL_CLUSTER_AUTOMATON = patterns("cluster:*", "indices:admin/template/*"); + private static final Automaton MANAGE_AUTOMATON = minusAndDeterminize(ALL_CLUSTER_AUTOMATON, MANAGE_SECURITY_AUTOMATON); + private static final Automaton TRANSPORT_CLIENT_AUTOMATON = patterns("cluster:monitor/nodes/liveness", "cluster:monitor/state"); + private static final Automaton MANAGE_IDX_TEMPLATE_AUTOMATON = patterns("indices:admin/template/*"); + + public static final ClusterPrivilege NONE = new ClusterPrivilege(Name.NONE, Automatons.EMPTY); + public static final ClusterPrivilege ALL = new ClusterPrivilege(Name.ALL, ALL_CLUSTER_AUTOMATON); + public static final ClusterPrivilege MONITOR = new ClusterPrivilege("monitor", MONITOR_AUTOMATON); + public static final ClusterPrivilege MANAGE = new ClusterPrivilege("manage", MANAGE_AUTOMATON); + public static final ClusterPrivilege MANAGE_IDX_TEMPLATES = + new ClusterPrivilege("manage_index_templates", MANAGE_IDX_TEMPLATE_AUTOMATON); + public static final ClusterPrivilege TRANSPORT_CLIENT = new ClusterPrivilege("transport_client", TRANSPORT_CLIENT_AUTOMATON); + public static final ClusterPrivilege MANAGE_USERS = new ClusterPrivilege("manage_users", MANAGE_USER_AUTOMATON); + public static final ClusterPrivilege MANAGE_ROLES = new ClusterPrivilege("manage_roles", MANAGE_ROLE_AUTOMATON); + public static final ClusterPrivilege MANAGE_SECURITY = new ClusterPrivilege("manage_security", MANAGE_SECURITY_AUTOMATON); + public static final ClusterPrivilege MANAGE_PIPELINE = new ClusterPrivilege("manage_pipeline", "cluster:admin/ingest/pipeline/*"); public final static Predicate ACTION_MATCHER = ClusterPrivilege.ALL.predicate(); @@ -34,7 +55,12 @@ public class ClusterPrivilege extends AbstractAutomatonPrivilege { - public static final IndexPrivilege NONE = new IndexPrivilege(Name.NONE, BasicAutomata.makeEmpty()); - public static final IndexPrivilege ALL = new IndexPrivilege(Name.ALL, "indices:*"); - public static final IndexPrivilege MANAGE = new IndexPrivilege("manage", "indices:monitor/*", "indices:admin/*"); - public static final IndexPrivilege CREATE_INDEX = new IndexPrivilege("create_index", CreateIndexAction.NAME); - public static final IndexPrivilege MANAGE_ALIASES = new IndexPrivilege("manage_aliases", "indices:admin/aliases*"); - public static final IndexPrivilege MONITOR = new IndexPrivilege("monitor", "indices:monitor/*"); - public static final IndexPrivilege DATA_ACCESS = new IndexPrivilege("data_access", "indices:data/*", "indices:admin/mapping/put"); - public static final IndexPrivilege CRUD = - new IndexPrivilege("crud", "indices:data/write/*", "indices:data/read/*", "indices:admin/mapping/put"); - public static final IndexPrivilege READ = new IndexPrivilege("read", "indices:data/read/*"); - public static final IndexPrivilege SEARCH = - new IndexPrivilege("search", SearchAction.NAME + "*", MultiSearchAction.NAME + "*", SuggestAction.NAME + "*"); - public static final IndexPrivilege GET = new IndexPrivilege("get", GetAction.NAME + "*", MultiGetAction.NAME + "*"); - public static final IndexPrivilege SUGGEST = new IndexPrivilege("suggest", SuggestAction.NAME + "*"); - public static final IndexPrivilege INDEX = - new IndexPrivilege("index", "indices:data/write/index*", "indices:data/write/update*", "indices:admin/mapping/put"); - public static final IndexPrivilege DELETE = new IndexPrivilege("delete", "indices:data/write/delete*"); - public static final IndexPrivilege WRITE = new IndexPrivilege("write", "indices:data/write/*", "indices:admin/mapping/put"); + private static final Automaton ALL_AUTOMATON = patterns("indices:*"); + private static final Automaton READ_AUTOMATON = patterns("indices:data/read/*"); + private static final Automaton CREATE_AUTOMATON = patterns("indices:data/write/index*", PutMappingAction.NAME); + private static final Automaton INDEX_AUTOMATON = + patterns("indices:data/write/index*", "indices:data/write/update*", PutMappingAction.NAME); + private static final Automaton DELETE_AUTOMATON = patterns("indices:data/write/delete*"); + private static final Automaton WRITE_AUTOMATON = patterns("indices:data/write/*", PutMappingAction.NAME); + private static final Automaton MONITOR_AUTOMATON = patterns("indices:monitor/*"); + private static final Automaton MANAGE_AUTOMATON = unionAndDeterminize(MONITOR_AUTOMATON, patterns("indices:admin/*")); + private static final Automaton CREATE_INDEX_AUTOMATON = patterns(CreateIndexAction.NAME); + private static final Automaton DELETE_INDEX_AUTOMATON = patterns(DeleteIndexAction.NAME); + private static final Automaton VIEW_METADATA_AUTOMATON = patterns(GetAliasesAction.NAME, AliasesExistAction.NAME, + GetIndexAction.NAME, IndicesExistsAction.NAME, GetFieldMappingsAction.NAME, GetMappingsAction.NAME, + ClusterSearchShardsAction.NAME, TypesExistsAction.NAME, ValidateQueryAction.NAME, GetSettingsAction.NAME); + + public static final IndexPrivilege NONE = new IndexPrivilege(Name.NONE, Automatons.EMPTY); + public static final IndexPrivilege ALL = new IndexPrivilege(Name.ALL, ALL_AUTOMATON); + public static final IndexPrivilege READ = new IndexPrivilege("read", READ_AUTOMATON); + public static final IndexPrivilege CREATE = new IndexPrivilege("create", CREATE_AUTOMATON); + public static final IndexPrivilege INDEX = new IndexPrivilege("index", INDEX_AUTOMATON); + public static final IndexPrivilege DELETE = new IndexPrivilege("delete", DELETE_AUTOMATON); + public static final IndexPrivilege WRITE = new IndexPrivilege("write", WRITE_AUTOMATON); + public static final IndexPrivilege MONITOR = new IndexPrivilege("monitor", MONITOR_AUTOMATON); + public static final IndexPrivilege MANAGE = new IndexPrivilege("manage", MANAGE_AUTOMATON); + public static final IndexPrivilege DELETE_INDEX = new IndexPrivilege("delete_index", DELETE_INDEX_AUTOMATON); + public static final IndexPrivilege CREATE_INDEX = new IndexPrivilege("create_index", CREATE_INDEX_AUTOMATON); + public static final IndexPrivilege VIEW_METADATA = new IndexPrivilege("view_index_metadata", VIEW_METADATA_AUTOMATON); private static final Set values = new CopyOnWriteArraySet<>(); @@ -52,17 +71,14 @@ public class IndexPrivilege extends AbstractAutomatonPrivilege { values.add(ALL); values.add(MANAGE); values.add(CREATE_INDEX); - values.add(MANAGE_ALIASES); values.add(MONITOR); - values.add(DATA_ACCESS); - values.add(CRUD); values.add(READ); - values.add(SEARCH); - values.add(GET); - values.add(SUGGEST); values.add(INDEX); values.add(DELETE); values.add(WRITE); + values.add(CREATE); + values.add(DELETE_INDEX); + values.add(VIEW_METADATA); } public static final Predicate ACTION_MATCHER = ALL.predicate(); @@ -78,8 +94,8 @@ public class IndexPrivilege extends AbstractAutomatonPrivilege { super(name, patterns); } - private IndexPrivilege(Name name, String... patterns) { - super(name, patterns); + private IndexPrivilege(String name, Automaton automaton) { + super(new Name(name), automaton); } private IndexPrivilege(Name name, Automaton automaton) { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Automatons.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Automatons.java index 03ae9e41011..48280b2c599 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Automatons.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/support/Automatons.java @@ -24,6 +24,8 @@ import static dk.brics.automaton.MinimizationOperations.minimize; */ public final class Automatons { + public static final Automaton EMPTY = BasicAutomata.makeEmpty(); + static final char WILDCARD_STRING = '*'; // String equality with support for wildcards static final char WILDCARD_CHAR = '?'; // Char equality with support for wildcards static final char WILDCARD_ESCAPE = '\\'; // Escape character diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityRandomTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityRandomTests.java index 3a82a5f8706..633c3d9c77c 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityRandomTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityRandomTests.java @@ -63,7 +63,8 @@ public class DocumentLevelSecurityRandomTests extends ShieldIntegTestCase { builder.append(" cluster: [ all ]\n"); builder.append(" indices:\n"); builder.append(" - names: '*'\n"); - builder.append(" privileges: [ ALL ]\n"); + builder.append(" privileges:\n"); + builder.append(" - all\n"); builder.append(" query: \n"); builder.append(" term: \n"); builder.append(" field1: value").append(i).append('\n'); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java index 0ab2f3e34ae..48678fc9e63 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java @@ -73,10 +73,12 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase { protected String configRoles() { return super.configRoles() + "\nrole1:\n" + - " cluster: [ all ]\n" + + " cluster:\n" + + " - all\n" + " indices:\n" + " - names: '*'\n" + - " privileges: [ ALL ]\n" + + " privileges:\n" + + " - all\n" + " query: \n" + " term: \n" + " field1: value1\n" + diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java index 46cb49b1db9..f4c48692e6b 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java @@ -86,10 +86,12 @@ public class FieldLevelSecurityRandomTests extends ShieldIntegTestCase { " privileges: [ ALL ]\n" + " fields:\n" +roleFields.toString() + "role2:\n" + - " cluster: [ all ]\n" + + " cluster:\n" + + " - all\n" + " indices:\n" + " - names: test\n" + - " privileges: [ ALL ]\n" + + " privileges:\n" + + " - all\n" + " fields:\n" + " - field1\n" + "role3:\n" + diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java deleted file mode 100644 index c4208907190..00000000000 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.integration; - -import org.elasticsearch.ElasticsearchSecurityException; -import org.elasticsearch.action.get.MultiGetResponse; -import org.elasticsearch.action.index.IndexResponse; -import org.elasticsearch.action.search.MultiSearchResponse; -import org.elasticsearch.action.search.SearchResponse; -import org.elasticsearch.action.suggest.SuggestResponse; -import org.elasticsearch.client.Client; -import org.elasticsearch.search.suggest.SuggestBuilders; -import org.elasticsearch.shield.authc.support.Hasher; -import org.elasticsearch.shield.authc.support.SecuredString; -import org.elasticsearch.shield.authc.support.SecuredStringTests; -import org.elasticsearch.shield.authc.support.UsernamePasswordToken; -import org.elasticsearch.test.ShieldIntegTestCase; - -import java.util.Map; - -import static java.util.Collections.singletonMap; -import static org.elasticsearch.client.Requests.searchRequest; -import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; -import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationException; -import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures; -import static org.hamcrest.Matchers.equalTo; -import static org.hamcrest.Matchers.is; - -public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase { - protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray()))); - - @Override - protected String configRoles() { - return super.configRoles() + "\n" + - "\n" + - "search_role:\n" + - " indices:\n" + - " - names: 'a'\n" + - " privileges: [ search ]\n" + - "\n" + - "get_role:\n" + - " indices:\n" + - " - names: 'a'\n" + - " privileges: [ get ]\n" + - "\n" + - "suggest_role:\n" + - " indices:\n" + - " - names: 'a'\n" + - " privileges: [ suggest ]\n"; - } - - @Override - protected String configUsers() { - return super.configUsers() + - "search_user:" + USERS_PASSWD_HASHED + "\n" + - "get_user:" + USERS_PASSWD_HASHED + "\n" + - "suggest_user:" + USERS_PASSWD_HASHED + "\n"; - - } - - @Override - protected String configUsersRoles() { - return super.configUsersRoles() + - "search_role:search_user\n" + - "get_role:get_user\n" + - "suggest_role:suggest_user\n"; - } - - /** - * testing both "search" and "suggest" privileges can execute the suggest API - */ - public void testSuggestAPI() throws Exception { - IndexResponse indexResponse = index("a", "type", jsonBuilder() - .startObject() - .field("name", "value") - .endObject()); - assertThat(indexResponse.isCreated(), is(true)); - - refresh(); - - Client client = internalCluster().transportClient(); - - Map headers = singletonMap(UsernamePasswordToken.BASIC_AUTH_HEADER, userHeader("suggest_user", "passwd")); - SuggestResponse suggestResponse = client.filterWithHeader(headers) - .prepareSuggest("a") - .addSuggestion(randomAsciiOfLengthBetween(3,7), SuggestBuilders.termSuggestion("name").text("val")).get(); - assertNoFailures(suggestResponse); - assertThat(suggestResponse.getSuggest().size(), is(1)); - - suggestResponse = client - .filterWithHeader(singletonMap(UsernamePasswordToken.BASIC_AUTH_HEADER, userHeader("search_user", "passwd"))) - .prepareSuggest("a") - .addSuggestion(randomAsciiOfLengthBetween(3, 7), SuggestBuilders.termSuggestion("name").text("val")).get(); - assertNoFailures(suggestResponse); - assertThat(suggestResponse.getSuggest().size(), is(1)); - - try { - client.filterWithHeader(singletonMap(UsernamePasswordToken.BASIC_AUTH_HEADER, userHeader("suggest_user", "passwd"))) - .prepareSearch("a") - .get(); - fail("a user with only a suggest privilege cannot execute search"); - } catch (ElasticsearchSecurityException e) { - logger.error("failed to search", e); - // expected - } - } - - /** - * testing that "search" privilege cannot execute the get API - */ - public void testGetAPI() throws Exception { - IndexResponse indexResponse = index("a", "type", jsonBuilder() - .startObject() - .field("name", "value") - .endObject()); - assertThat(indexResponse.isCreated(), is(true)); - - refresh(); - - Client client = internalCluster().transportClient(); - - try { - client.filterWithHeader(singletonMap(UsernamePasswordToken.BASIC_AUTH_HEADER, userHeader("search_user", "passwd"))) - .prepareGet("a", "type", indexResponse.getId()) - .get(); - fail("a user with only search privilege should not be authorized for a get request"); - } catch (ElasticsearchSecurityException e) { - // expected - assertAuthorizationException(e); - logger.error("could not get document", e); - } - } - - /** - * testing that "get" privilege can execute the mget API, and "search" privilege cannot execute mget - */ - public void testMultiGetAPI() throws Exception { - IndexResponse indexResponse = index("a", "type", jsonBuilder() - .startObject() - .field("name", "value") - .endObject()); - assertThat(indexResponse.isCreated(), is(true)); - - refresh(); - - Client client = internalCluster().transportClient(); - - MultiGetResponse response = client - .filterWithHeader(singletonMap(UsernamePasswordToken.BASIC_AUTH_HEADER, userHeader("get_user", "passwd"))) - .prepareMultiGet().add("a", "type", indexResponse.getId()) - .get(); - assertNotNull(response); - assertThat(response.getResponses().length, is(1)); - assertThat(response.getResponses()[0].getId(), equalTo(indexResponse.getId())); - - try { - client.filterWithHeader(singletonMap(UsernamePasswordToken.BASIC_AUTH_HEADER, userHeader("search_user", "passwd"))) - .prepareMultiGet().add("a", "type", indexResponse.getId()) - .get(); - fail("a user with only a search privilege should not be able to execute the mget API"); - } catch (ElasticsearchSecurityException e) { - // expected - assertAuthorizationException(e); - logger.error("could not mget documents", e); - } - } - - /** - * testing that "search" privilege can execute the msearch API - */ - public void testMultiSearchAPI() throws Exception { - IndexResponse indexResponse = index("a", "type", jsonBuilder() - .startObject() - .field("name", "value") - .endObject()); - assertThat(indexResponse.isCreated(), is(true)); - - refresh(); - - Client client = internalCluster().transportClient(); - - MultiSearchResponse response = client - .filterWithHeader(singletonMap(UsernamePasswordToken.BASIC_AUTH_HEADER, userHeader("search_user", "passwd"))) - .prepareMultiSearch().add(searchRequest("a").types("type")) - .get(); - assertNotNull(response); - assertThat(response.getResponses().length, is(1)); - SearchResponse first = response.getResponses()[0].getResponse(); - assertNotNull(first); - assertNoFailures(first); - } - - private static String userHeader(String username, String password) { - return UsernamePasswordToken.basicAuthHeaderValue(username, SecuredStringTests.build(password)); - } -} diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java index 43374091036..14564560d53 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java @@ -60,30 +60,30 @@ public class IndexAliasesTests extends ShieldIntegTestCase { " indices:\n" + " - names: '*'\n" + " privileges: [ create_index ]\n" + - //role that has create index and managa aliases on test_*, not enough to manage aliases outside of test_* namespace + //role that has create index and manage_aliases on test_*, not enough to manage_aliases aliases outside of test_* namespace "create_test_aliases_test:\n" + " indices:\n" + " - names: 'test_*'\n" + - " privileges: [ create_index, manage_aliases ]\n" + - //role that has create index on test_* and manage aliases on alias_*, can't create aliases pointing to test_* though + " privileges: [ create_index, 'indices:admin/aliases*' ]\n" + + //role that has create index on test_* and manage_aliases on alias_*, can't create aliases pointing to test_* though "create_test_aliases_alias:\n" + " indices:\n" + " - names: 'test_*'\n" + " privileges: [ create_index ]\n" + " - names: 'alias_*'\n" + - " privileges: [ manage_aliases ]\n" + + " privileges: [ 'indices:admin/aliases*' ]\n" + //role that has create index on test_* and manage_aliases on both alias_* and test_* "create_test_aliases_test_alias:\n" + " indices:\n" + " - names: 'test_*'\n" + " privileges: [ create_index ]\n" + " - names: [ 'alias_*', 'test_*' ]\n" + - " privileges: [ manage_aliases ]\n" + + " privileges: [ 'indices:admin/aliases*' ]\n" + //role that has manage_aliases only on both test_* and alias_* "aliases_only:\n" + " indices:\n" + " - names: [ 'alias_*', 'test_*']\n" + - " privileges: [ manage_aliases ]\n"; + " privileges: [ 'indices:admin/aliases*' ]\n"; } @Before @@ -368,7 +368,7 @@ public class IndexAliasesTests extends ShieldIntegTestCase { assertAcked(client.admin().indices().prepareCreate("test_1")); try { - //fails: user doesn't have manage aliases on test_1 + //fails: user doesn't have manage_aliases aliases on test_1 client.admin().indices().prepareAliases().addAlias("test_1", "test_alias").get(); fail("add alias should have failed due to missing manage_aliases privileges on test_alias and test_1"); } catch(ElasticsearchSecurityException e) { @@ -377,7 +377,7 @@ public class IndexAliasesTests extends ShieldIntegTestCase { } try { - //fails: user doesn't have manage aliases on test_1 + //fails: user doesn't have manage_aliases aliases on test_1 client.admin().indices().prepareAliases().addAlias("test_1", "alias_1").get(); fail("add alias should have failed due to missing manage_aliases privileges on test_1"); } catch(ElasticsearchSecurityException e) { @@ -386,7 +386,7 @@ public class IndexAliasesTests extends ShieldIntegTestCase { } try { - //fails: user doesn't have manage aliases on test_*, no matching indices to replace wildcards + //fails: user doesn't have manage_aliases aliases on test_*, no matching indices to replace wildcards client.admin().indices().prepareAliases().addAlias("test_*", "alias_1").get(); fail("add alias should have failed due to missing manage_aliases privileges on test_1"); } catch(IndexNotFoundException e) { @@ -465,7 +465,7 @@ public class IndexAliasesTests extends ShieldIntegTestCase { assertAcked(client.admin().indices().prepareCreate("test_1")); try { - //fails: user doesn't have manage aliases on test_1, nor test_alias + //fails: user doesn't have manage_aliases aliases on test_1, nor test_alias client.admin().indices().prepareGetAliases().setAliases("test_alias").setIndices("test_1").get(); fail("get alias should have failed due to missing manage_aliases privileges on test_alias and test_1"); } catch(ElasticsearchSecurityException e) { @@ -474,7 +474,7 @@ public class IndexAliasesTests extends ShieldIntegTestCase { } try { - //fails: user doesn't have manage aliases on test_*, no matching indices to replace wildcards + //fails: user doesn't have manage_aliases aliases on test_*, no matching indices to replace wildcards client.admin().indices().prepareGetAliases().setIndices("test_*").setAliases("test_alias").get(); fail("get alias should have failed due to missing manage_aliases privileges on test_*"); } catch(IndexNotFoundException e) { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/InternalAuthorizationServiceTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/InternalAuthorizationServiceTests.java index 3e11e9dd00e..4863d157686 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/InternalAuthorizationServiceTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/InternalAuthorizationServiceTests.java @@ -302,7 +302,7 @@ public class InternalAuthorizationServiceTests extends ESTestCase { User user = new User("test user", "a_star", "b"); ClusterState state = mock(ClusterState.class); when(rolesStore.role("a_star")).thenReturn(Role.builder("a_star").add(IndexPrivilege.ALL, "a*").build()); - when(rolesStore.role("b")).thenReturn(Role.builder("a_star").add(IndexPrivilege.SEARCH, "b").build()); + when(rolesStore.role("b")).thenReturn(Role.builder("a_star").add(IndexPrivilege.READ, "b").build()); when(clusterService.state()).thenReturn(state); Settings indexSettings = Settings.builder().put("index.version.created", Version.CURRENT).build(); when(state.metaData()).thenReturn(MetaData.builder() diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/PermissionTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/PermissionTests.java index 255b8f78644..b3ae5bb80df 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/PermissionTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/permission/PermissionTests.java @@ -18,7 +18,6 @@ import java.util.function.Predicate; import static org.elasticsearch.shield.authz.privilege.IndexPrivilege.MONITOR; import static org.elasticsearch.shield.authz.privilege.IndexPrivilege.READ; -import static org.elasticsearch.shield.authz.privilege.IndexPrivilege.SEARCH; import static org.elasticsearch.shield.authz.privilege.IndexPrivilege.union; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.is; @@ -33,7 +32,7 @@ public class PermissionTests extends ESTestCase { @Before public void init() { Role.Builder builder = Role.builder("test"); - builder.add(union(SEARCH, MONITOR), "test_*", "/foo.*/"); + builder.add(union(MONITOR), "test_*", "/foo.*/"); builder.add(union(READ), "baz_*foo", "/fool.*bar/"); builder.add(union(MONITOR), "/bar.*/"); permission = builder.build(); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/privilege/PrivilegeTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/privilege/PrivilegeTests.java index 5be16799a12..11fb580ea5b 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/privilege/PrivilegeTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/privilege/PrivilegeTests.java @@ -5,15 +5,10 @@ */ package org.elasticsearch.shield.authz.privilege; -import org.elasticsearch.action.get.GetAction; -import org.elasticsearch.action.get.MultiGetAction; import org.elasticsearch.action.ingest.DeletePipelineAction; import org.elasticsearch.action.ingest.GetPipelineAction; import org.elasticsearch.action.ingest.PutPipelineAction; import org.elasticsearch.action.ingest.SimulatePipelineAction; -import org.elasticsearch.action.search.MultiSearchAction; -import org.elasticsearch.action.search.SearchAction; -import org.elasticsearch.action.suggest.SuggestAction; import org.elasticsearch.shield.support.AutomatonPredicate; import org.elasticsearch.shield.support.Automatons; import org.elasticsearch.test.ESTestCase; @@ -262,27 +257,4 @@ public class PrivilegeTests extends ESTestCase { assertThat(predicate.test("indices:admin/mapping/put"), is(false)); assertThat(predicate.test("indices:admin/mapping/whatever"), is(false)); } - - public void testSearchPrivilege() throws Exception { - Predicate predicate = IndexPrivilege.SEARCH.predicate(); - assertThat(predicate.test(SearchAction.NAME), is(true)); - assertThat(predicate.test(SearchAction.NAME + "/whatever"), is(true)); - assertThat(predicate.test(MultiSearchAction.NAME), is(true)); - assertThat(predicate.test(MultiSearchAction.NAME + "/whatever"), is(true)); - assertThat(predicate.test(SuggestAction.NAME), is(true)); - assertThat(predicate.test(SuggestAction.NAME + "/whatever"), is(true)); - - assertThat(predicate.test(GetAction.NAME), is(false)); - assertThat(predicate.test(GetAction.NAME + "/whatever"), is(false)); - assertThat(predicate.test(MultiGetAction.NAME), is(false)); - assertThat(predicate.test(MultiGetAction.NAME + "/whatever"), is(false)); - } - - public void testGetPrivilege() throws Exception { - Predicate predicate = IndexPrivilege.GET.predicate(); - assertThat(predicate.test(GetAction.NAME), is(true)); - assertThat(predicate.test(GetAction.NAME + "/whatever"), is(true)); - assertThat(predicate.test(MultiGetAction.NAME), is(true)); - assertThat(predicate.test(MultiGetAction.NAME + "/whatever"), is(true)); - } } diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java index 9aac116b137..ff724398c63 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java @@ -82,7 +82,8 @@ public class FileRolesStoreTests extends ESTestCase { assertThat(group.indices().length, is(1)); assertThat(group.indices()[0], equalTo("idx3")); assertThat(group.privilege(), notNullValue()); - assertThat(group.privilege(), is(IndexPrivilege.CRUD)); + assertThat(group.privilege().implies(IndexPrivilege.READ), is(true)); + assertThat(group.privilege().implies(IndexPrivilege.WRITE),is(true)); role = roles.get("role1.ab"); assertThat(role, notNullValue()); @@ -228,21 +229,21 @@ public class FileRolesStoreTests extends ESTestCase { * This test is mainly to make sure we can read the default roles.yml config */ public void testDefaultRolesFile() throws Exception { + // TODO we should add the config dir to the resources so we don't copy this stuff around... Path path = getDataPath("default_roles.yml"); Map roles = FileRolesStore.parseFile(path, logger, Settings.EMPTY); assertThat(roles, notNullValue()); - assertThat(roles.size(), is(10)); + assertThat(roles.size(), is(9)); assertThat(roles, hasKey("admin")); assertThat(roles, hasKey("power_user")); assertThat(roles, hasKey("user")); - assertThat(roles, hasKey("kibana4")); + assertThat(roles, hasKey("transport_client")); assertThat(roles, hasKey("kibana4_server")); assertThat(roles, hasKey("logstash")); assertThat(roles, hasKey("monitoring_user")); assertThat(roles, hasKey("remote_monitoring_agent")); assertThat(roles, hasKey("ingest_admin")); - assertThat(roles, hasKey("transport_client")); } public void testAutoReload() throws Exception { diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java index ceca8a36646..356faf4a430 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java @@ -71,8 +71,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ " privileges: [ ALL ]\n" + DEFAULT_TRANSPORT_CLIENT_ROLE + ":\n" + " cluster:\n" + - " - cluster:monitor/nodes/info\n" + - " - cluster:monitor/state"; + " - transport_client"; private final Path parentFolder; private final String subfolderPrefix; diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/default_roles.yml b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/default_roles.yml index 3413231018a..1c36fd5ab07 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/default_roles.yml +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/default_roles.yml @@ -26,101 +26,51 @@ user: # Defines the required permissions for transport clients transport_client: cluster: - - cluster:monitor/nodes/liveness - #uncomment the following for sniffing - #- cluster:monitor/state - -# The required permissions for kibana 4 users. -kibana4: - cluster: - - cluster:monitor/nodes/info - - cluster:monitor/health - indices: - - names: '*' - privileges: - - indices:admin/mappings/fields/get - - indices:admin/validate/query - - indices:data/read/search - - indices:data/read/msearch - - indices:data/read/field_stats - - indices:admin/get - - names: '.kibana' - privileges: - - indices:admin/exists - - indices:admin/mapping/put - - indices:admin/mappings/fields/get - - indices:admin/refresh - - indices:admin/validate/query - - indices:data/read/get - - indices:data/read/mget - - indices:data/read/search - - indices:data/write/delete - - indices:data/write/index - - indices:data/write/update + - transport_client # The required permissions for the kibana 4 server kibana4_server: cluster: - - cluster:monitor/nodes/info - - cluster:monitor/health + - monitor indices: - names: '.kibana' privileges: - - indices:admin/create - - indices:admin/exists - - indices:admin/mapping/put - - indices:admin/mappings/fields/get - - indices:admin/refresh - - indices:admin/validate/query - - indices:data/read/get - - indices:data/read/mget - - indices:data/read/search - - indices:data/write/delete - - indices:data/write/index - - indices:data/write/update + - all # The required role for logstash users logstash: cluster: - - indices:admin/template/get - - indices:admin/template/put + - manage_index_templates indices: - names: 'logstash-*' privileges: - - indices:data/write/bulk - - indices:data/write/delete - - indices:data/write/update - - indices:data/read/search - - indices:data/read/scroll + - write + - read - create_index -# Monitoring user role. Assign to monitoring users. +# Marvel user role. Assign to marvel users. monitoring_user: indices: - - names: '.monitoring-*' - privileges: - - read + - names: + - '.marvel-es-*' + - '.monitoring-*' + privileges: [ "read" ] - names: '.kibana' privileges: - - indices:admin/exists - - indices:admin/mappings/fields/get - - indices:admin/validate/query - - indices:data/read/get - - indices:data/read/mget - - indices:data/read/search + - view_index_metadata + - read -# Monitoring remote agent role. Assign to the agent user on the remote monitoring cluster -# to which the monitoring agent will export all its data +# Marvel remote agent role. Assign to the agent user on the remote marvel cluster +# to which the marvel agent will export all its data remote_monitoring_agent: - cluster: - - indices:admin/template/put - - indices:admin/template/get + cluster: [ "manage_index_templates" ] indices: - - names: '.monitoring-*' - privileges: - - all + - names: + - '.marvel-es-*' + - '.monitoring-*' + privileges: [ "all" ] # Allows all operations required to manage ingest pipelines ingest_admin: cluster: - - manage_pipeline \ No newline at end of file + - manage_pipeline diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/roles.yml b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/roles.yml index 766d56487aa..47eda4b6dae 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/roles.yml +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/roles.yml @@ -9,7 +9,8 @@ role1: - READ - names: idx3 privileges: - - CRUD + - READ + - WRITE role1.ab: cluster: From 5bc3c0c1f88fcc26042690a40b0b4d736c72f961 Mon Sep 17 00:00:00 2001 From: jaymode Date: Wed, 16 Mar 2016 10:28:56 -0400 Subject: [PATCH 02/12] security: rename actions to not use shield This commit renames the security actions to not use shield in their action names. This also includes updating the privileges as well. Original commit: elastic/x-pack-elasticsearch@10460dffdbbc7c8abf1d6d642af247d6d05a8e92 --- .../action/realm/ClearRealmCacheAction.java | 2 +- .../action/role/ClearRolesCacheAction.java | 2 +- .../shield/action/role/DeleteRoleAction.java | 2 +- .../shield/action/role/GetRolesAction.java | 2 +- .../shield/action/role/PutRoleAction.java | 2 +- .../shield/action/user/DeleteUserAction.java | 2 +- .../shield/action/user/GetUsersAction.java | 2 +- .../shield/action/user/PutUserAction.java | 2 +- .../authz/privilege/ClusterPrivilege.java | 6 +++--- .../org/elasticsearch/transport/actions | 16 +++++++-------- .../org/elasticsearch/transport/handlers | 20 +++++++++---------- 11 files changed, 29 insertions(+), 29 deletions(-) diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheAction.java index 218d9e84fa0..07bd31943fb 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/ClearRealmCacheAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class ClearRealmCacheAction extends Action { public static final ClearRealmCacheAction INSTANCE = new ClearRealmCacheAction(); - public static final String NAME = "cluster:admin/shield/realm/cache/clear"; + public static final String NAME = "cluster:admin/xpack/security/realm/cache/clear"; protected ClearRealmCacheAction() { super(NAME); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheAction.java index 237e174450e..f7d75cfd662 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/ClearRolesCacheAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class ClearRolesCacheAction extends Action { public static final ClearRolesCacheAction INSTANCE = new ClearRolesCacheAction(); - public static final String NAME = "cluster:admin/shield/roles/cache/clear"; + public static final String NAME = "cluster:admin/xpack/security/roles/cache/clear"; protected ClearRolesCacheAction() { super(NAME); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleAction.java index 67ad9af74e2..3d302912815 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/DeleteRoleAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class DeleteRoleAction extends Action { public static final DeleteRoleAction INSTANCE = new DeleteRoleAction(); - public static final String NAME = "cluster:admin/shield/role/delete"; + public static final String NAME = "cluster:admin/xpack/security/role/delete"; protected DeleteRoleAction() { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesAction.java index b1c36136466..e84236bf987 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/GetRolesAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class GetRolesAction extends Action { public static final GetRolesAction INSTANCE = new GetRolesAction(); - public static final String NAME = "cluster:admin/shield/role/get"; + public static final String NAME = "cluster:admin/xpack/security/role/get"; protected GetRolesAction() { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleAction.java index 9e0a844ff4b..3e8d9fdf1af 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class PutRoleAction extends Action { public static final PutRoleAction INSTANCE = new PutRoleAction(); - public static final String NAME = "cluster:admin/shield/role/put"; + public static final String NAME = "cluster:admin/xpack/security/role/put"; protected PutRoleAction() { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserAction.java index b4f3e90950a..89c91c9c148 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/DeleteUserAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class DeleteUserAction extends Action { public static final DeleteUserAction INSTANCE = new DeleteUserAction(); - public static final String NAME = "cluster:admin/shield/user/delete"; + public static final String NAME = "cluster:admin/xpack/security/user/delete"; protected DeleteUserAction() { super(NAME); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersAction.java index a2849d4d027..fff2a3569d5 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/GetUsersAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class GetUsersAction extends Action { public static final GetUsersAction INSTANCE = new GetUsersAction(); - public static final String NAME = "cluster:admin/shield/user/get"; + public static final String NAME = "cluster:admin/xpack/security/user/get"; protected GetUsersAction() { super(NAME); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserAction.java index a466f38dfd0..33ec4aa6668 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class PutUserAction extends Action { public static final PutUserAction INSTANCE = new PutUserAction(); - public static final String NAME = "cluster:admin/shield/user/put"; + public static final String NAME = "cluster:admin/xpack/security/user/put"; protected PutUserAction() { super(NAME); diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java index 9dc00dae90b..637c7db61f1 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java @@ -26,9 +26,9 @@ import static org.elasticsearch.shield.support.Automatons.patterns; public class ClusterPrivilege extends AbstractAutomatonPrivilege { // shared automatons - private static final Automaton MANAGE_USER_AUTOMATON = patterns("cluster:admin/shield/user/*", ClearRolesCacheAction.NAME); - private static final Automaton MANAGE_ROLE_AUTOMATON = patterns("cluster:admin/shield/role/*", ClearRealmCacheAction.NAME); - private static final Automaton MANAGE_SECURITY_AUTOMATON = patterns("cluster:admin/shield/*"); + private static final Automaton MANAGE_USER_AUTOMATON = patterns("cluster:admin/xpack/security/user/*", ClearRealmCacheAction.NAME); + private static final Automaton MANAGE_ROLE_AUTOMATON = patterns("cluster:admin/xpack/security/role/*", ClearRolesCacheAction.NAME); + private static final Automaton MANAGE_SECURITY_AUTOMATON = patterns("cluster:admin/xpack/security/*"); private static final Automaton MONITOR_AUTOMATON = patterns("cluster:monitor/*"); private static final Automaton ALL_CLUSTER_AUTOMATON = patterns("cluster:*", "indices:admin/template/*"); private static final Automaton MANAGE_AUTOMATON = minusAndDeterminize(ALL_CLUSTER_AUTOMATON, MANAGE_SECURITY_AUTOMATON); diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions index 579b58738a4..da8ea8cc62b 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions @@ -75,14 +75,14 @@ indices:data/write/update cluster:monitor/xpack/license/get cluster:admin/xpack/license/delete cluster:admin/xpack/license/put -cluster:admin/shield/realm/cache/clear -cluster:admin/shield/roles/cache/clear -cluster:admin/shield/user/put -cluster:admin/shield/user/delete -cluster:admin/shield/user/get -cluster:admin/shield/role/put -cluster:admin/shield/role/delete -cluster:admin/shield/role/get +cluster:admin/xpack/security/realm/cache/clear +cluster:admin/xpack/security/roles/cache/clear +cluster:admin/xpack/security/user/put +cluster:admin/xpack/security/user/delete +cluster:admin/xpack/security/user/get +cluster:admin/xpack/security/role/put +cluster:admin/xpack/security/role/delete +cluster:admin/xpack/security/role/get internal:indices/admin/upgrade cluster:admin/ingest/pipeline/delete cluster:admin/ingest/pipeline/get diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers index cd59ee501b7..f98c8371fd0 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers @@ -8,16 +8,16 @@ cluster:monitor/nodes/liveness cluster:monitor/nodes/stats[n] cluster:monitor/stats[n] cluster:monitor/tasks/lists[n] -cluster:admin/shield/realm/cache/clear -cluster:admin/shield/realm/cache/clear[n] -cluster:admin/shield/roles/cache/clear -cluster:admin/shield/roles/cache/clear[n] -cluster:admin/shield/role/put -cluster:admin/shield/role/delete -cluster:admin/shield/role/get -cluster:admin/shield/user/put -cluster:admin/shield/user/delete -cluster:admin/shield/user/get +cluster:admin/xpack/security/realm/cache/clear +cluster:admin/xpack/security/realm/cache/clear[n] +cluster:admin/xpack/security/roles/cache/clear +cluster:admin/xpack/security/roles/cache/clear[n] +cluster:admin/xpack/security/role/put +cluster:admin/xpack/security/role/delete +cluster:admin/xpack/security/role/get +cluster:admin/xpack/security/user/put +cluster:admin/xpack/security/user/delete +cluster:admin/xpack/security/user/get indices:admin/analyze[s] indices:admin/cache/clear[n] indices:admin/forcemerge[n] From 135742823e42953203d9dd20426fbfa15c93bd45 Mon Sep 17 00:00:00 2001 From: jaymode Date: Thu, 17 Mar 2016 09:41:29 -0400 Subject: [PATCH 03/12] rename watcher actions Original commit: elastic/x-pack-elasticsearch@5c6734459506d51ef68492e7cdc72afa041a923b --- .../java/org/elasticsearch/watcher/Watcher.java | 4 ++-- .../transport/actions/ack/AckWatchAction.java | 2 +- .../actions/activate/ActivateWatchAction.java | 2 +- .../actions/delete/DeleteWatchAction.java | 2 +- .../actions/execute/ExecuteWatchAction.java | 2 +- .../transport/actions/get/GetWatchAction.java | 2 +- .../transport/actions/put/PutWatchAction.java | 2 +- .../actions/service/WatcherServiceAction.java | 2 +- .../actions/stats/WatcherStatsAction.java | 2 +- .../watcher/shield/BasicShieldTests.java | 14 +++++++------- 10 files changed, 17 insertions(+), 17 deletions(-) diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/Watcher.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/Watcher.java index 1d9a203f54c..28dbd3d328b 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/Watcher.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/Watcher.java @@ -123,8 +123,8 @@ public class Watcher { // adding the watcher privileges to shield if (Shield.enabled(settings)) { - Shield.registerClusterPrivilege("manage_watcher", "cluster:admin/watcher/*", "cluster:monitor/watcher/*"); - Shield.registerClusterPrivilege("monitor_watcher", "cluster:monitor/watcher/*"); + Shield.registerClusterPrivilege("manage_watcher", "cluster:admin/xpack/watcher/*", "cluster:monitor/xpack/watcher/*"); + Shield.registerClusterPrivilege("monitor_watcher", "cluster:monitor/xpack/watcher/*"); } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/ack/AckWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/ack/AckWatchAction.java index 010872e11ee..14c983095fa 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/ack/AckWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/ack/AckWatchAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class AckWatchAction extends Action { public static final AckWatchAction INSTANCE = new AckWatchAction(); - public static final String NAME = "cluster:admin/watcher/watch/ack"; + public static final String NAME = "cluster:admin/xpack/watcher/watch/ack"; private AckWatchAction() { super(NAME); diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/activate/ActivateWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/activate/ActivateWatchAction.java index 5ea0c3833ee..b8e5dbb408b 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/activate/ActivateWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/activate/ActivateWatchAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class ActivateWatchAction extends Action { public static final ActivateWatchAction INSTANCE = new ActivateWatchAction(); - public static final String NAME = "cluster:admin/watcher/watch/activate"; + public static final String NAME = "cluster:admin/xpack/watcher/watch/activate"; private ActivateWatchAction() { super(NAME); diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/delete/DeleteWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/delete/DeleteWatchAction.java index ebe89e9b42f..2c795d9074d 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/delete/DeleteWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/delete/DeleteWatchAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class DeleteWatchAction extends Action { public static final DeleteWatchAction INSTANCE = new DeleteWatchAction(); - public static final String NAME = "cluster:admin/watcher/watch/delete"; + public static final String NAME = "cluster:admin/xpack/watcher/watch/delete"; private DeleteWatchAction() { super(NAME); diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/execute/ExecuteWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/execute/ExecuteWatchAction.java index 7652db22c38..6f0b2e03740 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/execute/ExecuteWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/execute/ExecuteWatchAction.java @@ -15,7 +15,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class ExecuteWatchAction extends Action { public static final ExecuteWatchAction INSTANCE = new ExecuteWatchAction(); - public static final String NAME = "cluster:admin/watcher/watch/execute"; + public static final String NAME = "cluster:admin/xpack/watcher/watch/execute"; private ExecuteWatchAction() { super(NAME); diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/get/GetWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/get/GetWatchAction.java index 710dbbc1eff..3b081293bab 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/get/GetWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/get/GetWatchAction.java @@ -13,7 +13,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class GetWatchAction extends org.elasticsearch.action.Action { public static final GetWatchAction INSTANCE = new GetWatchAction(); - public static final String NAME = "cluster:monitor/watcher/watch/get"; + public static final String NAME = "cluster:monitor/xpack/watcher/watch/get"; private GetWatchAction() { super(NAME); diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/put/PutWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/put/PutWatchAction.java index 2e99270a8ac..9025f6d7953 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/put/PutWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/put/PutWatchAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class PutWatchAction extends Action { public static final PutWatchAction INSTANCE = new PutWatchAction(); - public static final String NAME = "cluster:admin/watcher/watch/put"; + public static final String NAME = "cluster:admin/xpack/watcher/watch/put"; private PutWatchAction() { super(NAME); diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/service/WatcherServiceAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/service/WatcherServiceAction.java index 18db6c848e4..064d3379da4 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/service/WatcherServiceAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/service/WatcherServiceAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class WatcherServiceAction extends Action { public static final WatcherServiceAction INSTANCE = new WatcherServiceAction(); - public static final String NAME = "cluster:admin/watcher/service"; + public static final String NAME = "cluster:admin/xpack/watcher/service"; private WatcherServiceAction() { super(NAME); diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/stats/WatcherStatsAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/stats/WatcherStatsAction.java index e5339e873ca..6400f429adc 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/stats/WatcherStatsAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/stats/WatcherStatsAction.java @@ -14,7 +14,7 @@ import org.elasticsearch.client.ElasticsearchClient; public class WatcherStatsAction extends Action { public static final WatcherStatsAction INSTANCE = new WatcherStatsAction(); - public static final String NAME = "cluster:monitor/watcher/stats"; + public static final String NAME = "cluster:monitor/xpack/watcher/stats"; private WatcherStatsAction() { super(NAME); diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/shield/BasicShieldTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/shield/BasicShieldTests.java index 098cc58a92c..72920eceb8c 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/shield/BasicShieldTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/shield/BasicShieldTests.java @@ -50,7 +50,7 @@ public class BasicShieldTests extends AbstractWatcherIntegrationTestCase { fail("authentication failure should have occurred"); } catch (Exception e) { // transport_client is the default user - assertThat(e.getMessage(), equalTo("action [cluster:monitor/watcher/stats] is unauthorized for user [transport_client]")); + assertThat(e.getMessage(), equalTo("action [cluster:monitor/xpack/watcher/stats] is unauthorized for user [transport_client]")); } } @@ -62,7 +62,7 @@ public class BasicShieldTests extends AbstractWatcherIntegrationTestCase { .get(); fail("authentication failure should have occurred"); } catch (Exception e) { - assertThat(e.getMessage(), equalTo("action [cluster:monitor/watcher/stats] is unauthorized for user [test]")); + assertThat(e.getMessage(), equalTo("action [cluster:monitor/xpack/watcher/stats] is unauthorized for user [test]")); } try { @@ -70,7 +70,7 @@ public class BasicShieldTests extends AbstractWatcherIntegrationTestCase { .get(); fail("authentication failure should have occurred"); } catch (Exception e) { - assertThat(e.getMessage(), equalTo("action [cluster:monitor/watcher/watch/get] is unauthorized for user [test]")); + assertThat(e.getMessage(), equalTo("action [cluster:monitor/xpack/watcher/watch/get] is unauthorized for user [test]")); } // stats and get watch are allowed by role monitor: @@ -89,7 +89,7 @@ public class BasicShieldTests extends AbstractWatcherIntegrationTestCase { .get(); fail("authentication failure should have occurred"); } catch (Exception e) { - assertThat(e.getMessage(), equalTo("action [cluster:admin/watcher/watch/put] is unauthorized for user [monitor]")); + assertThat(e.getMessage(), equalTo("action [cluster:admin/xpack/watcher/watch/put] is unauthorized for user [monitor]")); } } @@ -102,7 +102,7 @@ public class BasicShieldTests extends AbstractWatcherIntegrationTestCase { .get(); fail("authentication failure should have occurred"); } catch (Exception e) { - assertThat(e.getMessage(), equalTo("action [cluster:admin/watcher/watch/put] is unauthorized for user [test]")); + assertThat(e.getMessage(), equalTo("action [cluster:admin/xpack/watcher/watch/put] is unauthorized for user [test]")); } TriggerEvent triggerEvent = new ScheduleTriggerEvent(new DateTime(UTC), new DateTime(UTC)); @@ -112,7 +112,7 @@ public class BasicShieldTests extends AbstractWatcherIntegrationTestCase { .get(); fail("authentication failure should have occurred"); } catch (Exception e) { - assertThat(e.getMessage(), equalTo("action [cluster:admin/watcher/watch/execute] is unauthorized for user [test]")); + assertThat(e.getMessage(), equalTo("action [cluster:admin/xpack/watcher/watch/execute] is unauthorized for user [test]")); } try { @@ -120,7 +120,7 @@ public class BasicShieldTests extends AbstractWatcherIntegrationTestCase { .get(); fail("authentication failure should have occurred"); } catch (Exception e) { - assertThat(e.getMessage(), equalTo("action [cluster:admin/watcher/watch/delete] is unauthorized for user [test]")); + assertThat(e.getMessage(), equalTo("action [cluster:admin/xpack/watcher/watch/delete] is unauthorized for user [test]")); } // put, execute and delete watch apis are allowed by role admin: From cf0fd986e117ff4b7660b197e5176eea5466b98a Mon Sep 17 00:00:00 2001 From: jaymode Date: Thu, 17 Mar 2016 09:46:05 -0400 Subject: [PATCH 04/12] rename graph actions Original commit: elastic/x-pack-elasticsearch@70a71d6bd6239d8b644eb62dc5b1d19b2ee73ea8 --- .../smoketest/GraphWithShieldInsufficientRoleIT.java | 2 +- .../java/org/elasticsearch/graph/action/GraphExploreAction.java | 2 +- .../src/test/resources/org/elasticsearch/transport/actions | 2 +- .../src/test/resources/org/elasticsearch/transport/handlers | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/elasticsearch/qa/smoke-test-graph-with-shield/src/test/java/org/elasticsearch/smoketest/GraphWithShieldInsufficientRoleIT.java b/elasticsearch/qa/smoke-test-graph-with-shield/src/test/java/org/elasticsearch/smoketest/GraphWithShieldInsufficientRoleIT.java index 795f98edbda..b85dd676a5c 100644 --- a/elasticsearch/qa/smoke-test-graph-with-shield/src/test/java/org/elasticsearch/smoketest/GraphWithShieldInsufficientRoleIT.java +++ b/elasticsearch/qa/smoke-test-graph-with-shield/src/test/java/org/elasticsearch/smoketest/GraphWithShieldInsufficientRoleIT.java @@ -24,7 +24,7 @@ public class GraphWithShieldInsufficientRoleIT extends GraphWithShieldIT { super.test(); fail(); } catch(AssertionError ae) { - assertThat(ae.getMessage(), containsString("action [indices:data/read/graph/explore")); + assertThat(ae.getMessage(), containsString("action [indices:data/read/xpack/graph/explore")); assertThat(ae.getMessage(), containsString("returned [403 Forbidden]")); assertThat(ae.getMessage(), containsString("is unauthorized for user [no_graph_explorer]")); } diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreAction.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreAction.java index 33687ac98ec..1d3537c80e6 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreAction.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreAction.java @@ -12,7 +12,7 @@ public class GraphExploreAction extends Action { public static final GraphExploreAction INSTANCE = new GraphExploreAction(); - public static final String NAME = "indices:data/read/graph/explore"; + public static final String NAME = "indices:data/read/xpack/graph/explore"; private GraphExploreAction() { super(NAME); diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions index da8ea8cc62b..0075c73310e 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions @@ -54,7 +54,7 @@ indices:monitor/upgrade indices:data/read/explain indices:data/read/field_stats indices:data/read/get -indices:data/read/graph/explore +indices:data/read/xpack/graph/explore indices:data/read/mget indices:data/read/mpercolate indices:data/read/msearch diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers index f98c8371fd0..94f93e379cb 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers @@ -36,7 +36,7 @@ indices:admin/validate/query[s] indices:data/read/explain[s] indices:data/read/field_stats[s] indices:data/read/get[s] -indices:data/read/graph/explore +indices:data/read/xpack/graph/explore indices:data/read/mget[shard][s] indices:data/read/mpercolate[shard][s] indices:data/read/mtv[shard][s] From 833bf726e659e5495859a9e98c42ad6ce9e1dabe Mon Sep 17 00:00:00 2001 From: jaymode Date: Thu, 17 Mar 2016 09:58:33 -0400 Subject: [PATCH 05/12] define graph and watcher privileges statically These privileges no longer need to be defined as a custom privilege since the code is now consolidated into a single plugin. This also changes the manage cluster privilege to be an alias to the all privilege. Original commit: elastic/x-pack-elasticsearch@a7f444c8984dee907dd054eba22f80f90b701ca9 --- .../java/org/elasticsearch/graph/Graph.java | 8 ------- .../java/org/elasticsearch/shield/Shield.java | 24 ------------------- .../authz/privilege/ClusterPrivilege.java | 11 ++++++--- .../authz/privilege/IndexPrivilege.java | 7 ++++++ .../org/elasticsearch/watcher/Watcher.java | 7 ------ 5 files changed, 15 insertions(+), 42 deletions(-) diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/Graph.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/Graph.java index 28ebf053702..a44c990ab80 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/Graph.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/Graph.java @@ -10,7 +10,6 @@ import java.util.Collection; import java.util.Collections; import org.elasticsearch.action.ActionModule; -import org.elasticsearch.action.search.SearchAction; import org.elasticsearch.common.component.LifecycleComponent; import org.elasticsearch.common.inject.Module; import org.elasticsearch.common.network.NetworkModule; @@ -23,8 +22,6 @@ import org.elasticsearch.graph.license.GraphLicensee; import org.elasticsearch.graph.license.GraphModule; import org.elasticsearch.graph.rest.action.RestGraphAction; import org.elasticsearch.plugins.Plugin; -import org.elasticsearch.search.action.SearchTransportService; -import org.elasticsearch.shield.Shield; import org.elasticsearch.xpack.XPackPlugin; public class Graph extends Plugin { @@ -37,11 +34,6 @@ public class Graph extends Plugin { public Graph(Settings settings) { this.transportClientMode = XPackPlugin.transportClientMode(settings); enabled = enabled(settings); - // adding the graph privileges to shield - if (Shield.enabled(settings)) { - Shield.registerIndexPrivilege( "graph", GraphExploreAction.NAME, SearchTransportService.QUERY_ACTION_NAME, - SearchAction.NAME, SearchTransportService.QUERY_FETCH_ACTION_NAME); - } } @Override diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Shield.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Shield.java index 4c0ce5a3c8a..f5b41c6742b 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Shield.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/Shield.java @@ -290,30 +290,6 @@ public class Shield { } } - public static void registerClusterPrivilege(String name, String... patterns) { - try { - ClusterPrivilege.addCustom(name, patterns); - } catch (Exception se) { - logger.warn("could not register cluster privilege [{}]", name); - - // we need to prevent bubbling the shield exception here for the tests. In the tests - // we create multiple nodes in the same jvm and since the custom cluster is a static binding - // multiple nodes will try to add the same privileges multiple times. - } - } - - public static void registerIndexPrivilege(String name, String... patterns) { - try { - IndexPrivilege.addCustom(name, patterns); - } catch (Exception se) { - logger.warn("could not register index privilege [{}]", name); - - // we need to prevent bubbling the shield exception here for the tests. In the tests - // we create multiple nodes in the same jvm and since the custom cluster is a static binding - // multiple nodes will try to add the same privileges multiple times. - } - } - private void addUserSettings(Settings.Builder settingsBuilder) { String authHeaderSettingName = ThreadContext.PREFIX + "." + UsernamePasswordToken.BASIC_AUTH_HEADER; if (settings.get(authHeaderSettingName) != null) { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java index 637c7db61f1..f683ca76d20 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java @@ -7,6 +7,7 @@ package org.elasticsearch.shield.authz.privilege; import dk.brics.automaton.Automaton; import org.elasticsearch.common.Strings; +import org.elasticsearch.license.plugin.action.get.GetLicenseAction; import org.elasticsearch.shield.action.realm.ClearRealmCacheAction; import org.elasticsearch.shield.action.role.ClearRolesCacheAction; import org.elasticsearch.shield.support.Automatons; @@ -17,7 +18,6 @@ import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.CopyOnWriteArraySet; import java.util.function.Predicate; -import static org.elasticsearch.shield.support.Automatons.minusAndDeterminize; import static org.elasticsearch.shield.support.Automatons.patterns; /** @@ -29,16 +29,17 @@ public class ClusterPrivilege extends AbstractAutomatonPrivilege ACTION_MATCHER = ClusterPrivilege.ALL.predicate(); @@ -62,6 +65,8 @@ public class ClusterPrivilege extends AbstractAutomatonPrivilege values() { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/IndexPrivilege.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/IndexPrivilege.java index 603be891a4e..96ebbb95478 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/IndexPrivilege.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/IndexPrivilege.java @@ -19,7 +19,10 @@ import org.elasticsearch.action.admin.indices.mapping.get.GetMappingsAction; import org.elasticsearch.action.admin.indices.mapping.put.PutMappingAction; import org.elasticsearch.action.admin.indices.settings.get.GetSettingsAction; import org.elasticsearch.action.admin.indices.validate.query.ValidateQueryAction; +import org.elasticsearch.action.search.SearchAction; import org.elasticsearch.common.Strings; +import org.elasticsearch.graph.action.GraphExploreAction; +import org.elasticsearch.search.action.SearchTransportService; import org.elasticsearch.shield.support.Automatons; import java.util.Locale; @@ -50,6 +53,8 @@ public class IndexPrivilege extends AbstractAutomatonPrivilege { private static final Automaton VIEW_METADATA_AUTOMATON = patterns(GetAliasesAction.NAME, AliasesExistAction.NAME, GetIndexAction.NAME, IndicesExistsAction.NAME, GetFieldMappingsAction.NAME, GetMappingsAction.NAME, ClusterSearchShardsAction.NAME, TypesExistsAction.NAME, ValidateQueryAction.NAME, GetSettingsAction.NAME); + private static final Automaton GRAPH_AUTOMATON = patterns(GraphExploreAction.NAME, SearchTransportService.QUERY_ACTION_NAME, + SearchAction.NAME, SearchTransportService.QUERY_FETCH_ACTION_NAME); public static final IndexPrivilege NONE = new IndexPrivilege(Name.NONE, Automatons.EMPTY); public static final IndexPrivilege ALL = new IndexPrivilege(Name.ALL, ALL_AUTOMATON); @@ -63,6 +68,7 @@ public class IndexPrivilege extends AbstractAutomatonPrivilege { public static final IndexPrivilege DELETE_INDEX = new IndexPrivilege("delete_index", DELETE_INDEX_AUTOMATON); public static final IndexPrivilege CREATE_INDEX = new IndexPrivilege("create_index", CREATE_INDEX_AUTOMATON); public static final IndexPrivilege VIEW_METADATA = new IndexPrivilege("view_index_metadata", VIEW_METADATA_AUTOMATON); + public static final IndexPrivilege GRAPH = new IndexPrivilege("graph", GRAPH_AUTOMATON); private static final Set values = new CopyOnWriteArraySet<>(); @@ -79,6 +85,7 @@ public class IndexPrivilege extends AbstractAutomatonPrivilege { values.add(CREATE); values.add(DELETE_INDEX); values.add(VIEW_METADATA); + values.add(GRAPH); } public static final Predicate ACTION_MATCHER = ALL.predicate(); diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/Watcher.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/Watcher.java index 28dbd3d328b..350abe41746 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/Watcher.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/Watcher.java @@ -21,7 +21,6 @@ import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsModule; import org.elasticsearch.script.ScriptModule; -import org.elasticsearch.shield.Shield; import org.elasticsearch.watcher.actions.WatcherActionModule; import org.elasticsearch.watcher.actions.email.service.EmailService; import org.elasticsearch.watcher.actions.email.service.InternalEmailService; @@ -120,12 +119,6 @@ public class Watcher { transportClient = "transport".equals(settings.get(Client.CLIENT_TYPE_SETTING_S.getKey())); enabled = enabled(settings); validAutoCreateIndex(settings); - - // adding the watcher privileges to shield - if (Shield.enabled(settings)) { - Shield.registerClusterPrivilege("manage_watcher", "cluster:admin/xpack/watcher/*", "cluster:monitor/xpack/watcher/*"); - Shield.registerClusterPrivilege("monitor_watcher", "cluster:monitor/xpack/watcher/*"); - } } public Collection nodeModules() { From 2872acd742f00d11d998eb40487e53e534501ae6 Mon Sep 17 00:00:00 2001 From: jaymode Date: Thu, 17 Mar 2016 12:51:03 -0400 Subject: [PATCH 06/12] remove watcher and graph privileges. manage does not include security Original commit: elastic/x-pack-elasticsearch@da250ed84224653f6fd8e0035ba6f4edeaf82d54 --- .../watcher-with-shield-roles.yml | 4 ++-- .../qa/smoke-test-graph-with-shield/roles.yml | 4 ++-- .../smoke-test-watcher-with-shield/roles.yml | 6 ++---- .../x-pack/shield/config/xpack/roles.yml | 5 ----- .../authz/privilege/ClusterPrivilege.java | 21 +++---------------- .../authz/privilege/IndexPrivilege.java | 7 ------- .../authz/privilege/PrivilegeTests.java | 10 --------- .../authz/store/FileRolesStoreTests.java | 3 +-- .../shield/authz/store/default_roles.yml | 5 ----- .../AbstractWatcherIntegrationTestCase.java | 6 +++--- 10 files changed, 13 insertions(+), 58 deletions(-) diff --git a/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/watcher-with-shield-roles.yml b/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/watcher-with-shield-roles.yml index a0c1878f919..74a86b35eb5 100644 --- a/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/watcher-with-shield-roles.yml +++ b/elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/watcher-with-shield-roles.yml @@ -4,12 +4,12 @@ admin: '*': all watcher_manager: - cluster: manage_watcher, cluster:monitor/nodes/info, cluster:monitor/health + cluster: manage indices: '.watcher-history-*': all watcher_monitor: - cluster: monitor_watcher + cluster: monitor indices: '.watcher-history-*': read diff --git a/elasticsearch/qa/smoke-test-graph-with-shield/roles.yml b/elasticsearch/qa/smoke-test-graph-with-shield/roles.yml index 69b72aaddd5..6a5b4183287 100644 --- a/elasticsearch/qa/smoke-test-graph-with-shield/roles.yml +++ b/elasticsearch/qa/smoke-test-graph-with-shield/roles.yml @@ -12,8 +12,8 @@ graph_explorer: indices: - names: '*' privileges: - - graph - - indices:data/write/index + - read + - write - indices:admin/refresh - indices:admin/create diff --git a/elasticsearch/qa/smoke-test-watcher-with-shield/roles.yml b/elasticsearch/qa/smoke-test-watcher-with-shield/roles.yml index ced242d9d3b..ba29cd6d7ae 100644 --- a/elasticsearch/qa/smoke-test-watcher-with-shield/roles.yml +++ b/elasticsearch/qa/smoke-test-watcher-with-shield/roles.yml @@ -8,9 +8,7 @@ admin: watcher_manager: cluster: - - manage_watcher - - cluster:monitor/nodes/info - - cluster:monitor/health + - manage indices: - names: '.watcher-history-*' privileges: @@ -21,7 +19,7 @@ watcher_manager: watcher_monitor: cluster: - - monitor_watcher + - monitor indices: - names: '.watcher-history-*' privileges: diff --git a/elasticsearch/x-pack/shield/config/xpack/roles.yml b/elasticsearch/x-pack/shield/config/xpack/roles.yml index 1c36fd5ab07..f998b18b427 100644 --- a/elasticsearch/x-pack/shield/config/xpack/roles.yml +++ b/elasticsearch/x-pack/shield/config/xpack/roles.yml @@ -69,8 +69,3 @@ remote_monitoring_agent: - '.marvel-es-*' - '.monitoring-*' privileges: [ "all" ] - -# Allows all operations required to manage ingest pipelines -ingest_admin: - cluster: - - manage_pipeline diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java index f683ca76d20..1df9151bb43 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java @@ -7,9 +7,6 @@ package org.elasticsearch.shield.authz.privilege; import dk.brics.automaton.Automaton; import org.elasticsearch.common.Strings; -import org.elasticsearch.license.plugin.action.get.GetLicenseAction; -import org.elasticsearch.shield.action.realm.ClearRealmCacheAction; -import org.elasticsearch.shield.action.role.ClearRolesCacheAction; import org.elasticsearch.shield.support.Automatons; import java.util.Locale; @@ -18,6 +15,7 @@ import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.CopyOnWriteArraySet; import java.util.function.Predicate; +import static org.elasticsearch.shield.support.Automatons.minusAndDeterminize; import static org.elasticsearch.shield.support.Automatons.patterns; /** @@ -26,29 +24,21 @@ import static org.elasticsearch.shield.support.Automatons.patterns; public class ClusterPrivilege extends AbstractAutomatonPrivilege { // shared automatons - private static final Automaton MANAGE_USER_AUTOMATON = patterns("cluster:admin/xpack/security/user/*", ClearRealmCacheAction.NAME); - private static final Automaton MANAGE_ROLE_AUTOMATON = patterns("cluster:admin/xpack/security/role/*", ClearRolesCacheAction.NAME); private static final Automaton MANAGE_SECURITY_AUTOMATON = patterns("cluster:admin/xpack/security/*"); - private static final Automaton MANAGE_WATCHER_AUTOMATON = patterns("cluster:admin/xpack/watcher/*", "cluster:monitor/xpack/watcher/*"); - private static final Automaton MONITOR_WATCHER_AUTOMATON = patterns("cluster:monitor/xpack/watcher/*"); private static final Automaton MONITOR_AUTOMATON = patterns("cluster:monitor/*"); private static final Automaton ALL_CLUSTER_AUTOMATON = patterns("cluster:*", "indices:admin/template/*"); + private static final Automaton MANAGE_AUTOMATON = minusAndDeterminize(ALL_CLUSTER_AUTOMATON, MANAGE_SECURITY_AUTOMATON); private static final Automaton TRANSPORT_CLIENT_AUTOMATON = patterns("cluster:monitor/nodes/liveness", "cluster:monitor/state"); private static final Automaton MANAGE_IDX_TEMPLATE_AUTOMATON = patterns("indices:admin/template/*"); public static final ClusterPrivilege NONE = new ClusterPrivilege(Name.NONE, Automatons.EMPTY); public static final ClusterPrivilege ALL = new ClusterPrivilege(Name.ALL, ALL_CLUSTER_AUTOMATON); public static final ClusterPrivilege MONITOR = new ClusterPrivilege("monitor", MONITOR_AUTOMATON); - public static final ClusterPrivilege MANAGE = new ClusterPrivilege("manage", ALL_CLUSTER_AUTOMATON); + public static final ClusterPrivilege MANAGE = new ClusterPrivilege("manage", MANAGE_AUTOMATON); public static final ClusterPrivilege MANAGE_IDX_TEMPLATES = new ClusterPrivilege("manage_index_templates", MANAGE_IDX_TEMPLATE_AUTOMATON); public static final ClusterPrivilege TRANSPORT_CLIENT = new ClusterPrivilege("transport_client", TRANSPORT_CLIENT_AUTOMATON); - public static final ClusterPrivilege MANAGE_USERS = new ClusterPrivilege("manage_users", MANAGE_USER_AUTOMATON); - public static final ClusterPrivilege MANAGE_ROLES = new ClusterPrivilege("manage_roles", MANAGE_ROLE_AUTOMATON); public static final ClusterPrivilege MANAGE_SECURITY = new ClusterPrivilege("manage_security", MANAGE_SECURITY_AUTOMATON); - public static final ClusterPrivilege MANAGE_PIPELINE = new ClusterPrivilege("manage_pipeline", "cluster:admin/ingest/pipeline/*"); - public static final ClusterPrivilege MONITOR_WATCHER = new ClusterPrivilege("monitor_watcher", MONITOR_WATCHER_AUTOMATON); - public static final ClusterPrivilege MANAGE_WATCHER = new ClusterPrivilege("manage_watcher", MANAGE_WATCHER_AUTOMATON); public final static Predicate ACTION_MATCHER = ClusterPrivilege.ALL.predicate(); @@ -61,12 +51,7 @@ public class ClusterPrivilege extends AbstractAutomatonPrivilege values() { diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/IndexPrivilege.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/IndexPrivilege.java index 96ebbb95478..603be891a4e 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/IndexPrivilege.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/IndexPrivilege.java @@ -19,10 +19,7 @@ import org.elasticsearch.action.admin.indices.mapping.get.GetMappingsAction; import org.elasticsearch.action.admin.indices.mapping.put.PutMappingAction; import org.elasticsearch.action.admin.indices.settings.get.GetSettingsAction; import org.elasticsearch.action.admin.indices.validate.query.ValidateQueryAction; -import org.elasticsearch.action.search.SearchAction; import org.elasticsearch.common.Strings; -import org.elasticsearch.graph.action.GraphExploreAction; -import org.elasticsearch.search.action.SearchTransportService; import org.elasticsearch.shield.support.Automatons; import java.util.Locale; @@ -53,8 +50,6 @@ public class IndexPrivilege extends AbstractAutomatonPrivilege { private static final Automaton VIEW_METADATA_AUTOMATON = patterns(GetAliasesAction.NAME, AliasesExistAction.NAME, GetIndexAction.NAME, IndicesExistsAction.NAME, GetFieldMappingsAction.NAME, GetMappingsAction.NAME, ClusterSearchShardsAction.NAME, TypesExistsAction.NAME, ValidateQueryAction.NAME, GetSettingsAction.NAME); - private static final Automaton GRAPH_AUTOMATON = patterns(GraphExploreAction.NAME, SearchTransportService.QUERY_ACTION_NAME, - SearchAction.NAME, SearchTransportService.QUERY_FETCH_ACTION_NAME); public static final IndexPrivilege NONE = new IndexPrivilege(Name.NONE, Automatons.EMPTY); public static final IndexPrivilege ALL = new IndexPrivilege(Name.ALL, ALL_AUTOMATON); @@ -68,7 +63,6 @@ public class IndexPrivilege extends AbstractAutomatonPrivilege { public static final IndexPrivilege DELETE_INDEX = new IndexPrivilege("delete_index", DELETE_INDEX_AUTOMATON); public static final IndexPrivilege CREATE_INDEX = new IndexPrivilege("create_index", CREATE_INDEX_AUTOMATON); public static final IndexPrivilege VIEW_METADATA = new IndexPrivilege("view_index_metadata", VIEW_METADATA_AUTOMATON); - public static final IndexPrivilege GRAPH = new IndexPrivilege("graph", GRAPH_AUTOMATON); private static final Set values = new CopyOnWriteArraySet<>(); @@ -85,7 +79,6 @@ public class IndexPrivilege extends AbstractAutomatonPrivilege { values.add(CREATE); values.add(DELETE_INDEX); values.add(VIEW_METADATA); - values.add(GRAPH); } public static final Predicate ACTION_MATCHER = ALL.predicate(); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/privilege/PrivilegeTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/privilege/PrivilegeTests.java index 11fb580ea5b..65f5a4e796f 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/privilege/PrivilegeTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/privilege/PrivilegeTests.java @@ -72,16 +72,6 @@ public class PrivilegeTests extends ESTestCase { assertThat(cluster, is(cluster2)); } - public void testIngestPrivilege() throws Exception { - Privilege.Name name = new Privilege.Name("manage_pipeline"); - ClusterPrivilege cluster = ClusterPrivilege.get(name); - assertThat(cluster, is(ClusterPrivilege.MANAGE_PIPELINE)); - assertThat(cluster.predicate().test(PutPipelineAction.NAME), is(true)); - assertThat(cluster.predicate().test(DeletePipelineAction.NAME), is(true)); - assertThat(cluster.predicate().test(GetPipelineAction.NAME), is(true)); - assertThat(cluster.predicate().test(SimulatePipelineAction.NAME), is(true)); - } - public void testClusterTemplateActions() throws Exception { Privilege.Name name = new Privilege.Name("indices:admin/template/delete"); ClusterPrivilege cluster = ClusterPrivilege.get(name); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java index ff724398c63..7a3e498b624 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java @@ -233,7 +233,7 @@ public class FileRolesStoreTests extends ESTestCase { Path path = getDataPath("default_roles.yml"); Map roles = FileRolesStore.parseFile(path, logger, Settings.EMPTY); assertThat(roles, notNullValue()); - assertThat(roles.size(), is(9)); + assertThat(roles.size(), is(8)); assertThat(roles, hasKey("admin")); assertThat(roles, hasKey("power_user")); @@ -243,7 +243,6 @@ public class FileRolesStoreTests extends ESTestCase { assertThat(roles, hasKey("logstash")); assertThat(roles, hasKey("monitoring_user")); assertThat(roles, hasKey("remote_monitoring_agent")); - assertThat(roles, hasKey("ingest_admin")); } public void testAutoReload() throws Exception { diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/default_roles.yml b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/default_roles.yml index 1c36fd5ab07..f998b18b427 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/default_roles.yml +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authz/store/default_roles.yml @@ -69,8 +69,3 @@ remote_monitoring_agent: - '.marvel-es-*' - '.monitoring-*' privileges: [ "all" ] - -# Allows all operations required to manage ingest pipelines -ingest_admin: - cluster: - - manage_pipeline diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/test/AbstractWatcherIntegrationTestCase.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/test/AbstractWatcherIntegrationTestCase.java index 2859e9ad664..0c958f27ec8 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/test/AbstractWatcherIntegrationTestCase.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/test/AbstractWatcherIntegrationTestCase.java @@ -691,12 +691,12 @@ public abstract class AbstractWatcherIntegrationTestCase extends ESIntegTestCase " privileges: [ all ]\n" + "\n" + "admin:\n" + - " cluster: [ 'manage_watcher', 'cluster:monitor/nodes/info', 'cluster:monitor/nodes/liveness' ]\n" + + " cluster: [ 'manage' ]\n" + "transport_client:\n" + - " cluster: [ 'cluster:monitor/nodes/info', 'cluster:monitor/nodes/liveness' ]\n" + + " cluster: [ 'transport_client' ]\n" + "\n" + "monitor:\n" + - " cluster: [ 'monitor_watcher', 'cluster:monitor/nodes/info', 'cluster:monitor/nodes/liveness' ]\n" + " cluster: [ 'monitor' ]\n" ; From 67c6cf405546da528024647156cef4692ac6b84c Mon Sep 17 00:00:00 2001 From: jaymode Date: Fri, 18 Mar 2016 07:33:22 -0400 Subject: [PATCH 07/12] test: add debug logging and cleanup stopping of servers Adds debug logging to try to get more information about random failures in these tests. Also cleans up some potential issues with the code that handled the stopping of random ldap servers to test failure cases. See elastic/elasticsearch#1542 Original commit: elastic/x-pack-elasticsearch@573b4161dd6ac6951dea66c0acd36203d353302f --- .../SessionFactoryLoadBalancingTests.java | 59 ++++++++++++++----- 1 file changed, 45 insertions(+), 14 deletions(-) diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/SessionFactoryLoadBalancingTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/SessionFactoryLoadBalancingTests.java index 843d6bd457f..423edb20dc7 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/SessionFactoryLoadBalancingTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/support/SessionFactoryLoadBalancingTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.shield.authc.ldap.support; +import com.unboundid.ldap.listener.InMemoryDirectoryServer; import com.unboundid.ldap.sdk.LDAPConnection; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.shield.authc.RealmConfig; @@ -12,8 +13,10 @@ import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.ssl.ClientSSLService; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; +import static org.hamcrest.Matchers.greaterThanOrEqualTo; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.not; @@ -43,6 +46,7 @@ public class SessionFactoryLoadBalancingTests extends LdapTestCase { public void testRoundRobinWithFailures() throws Exception { assumeTrue("at least one ldap server should be present for this test", ldapServers.length > 1); + logger.debug("using [{}] ldap servers, urls {}", ldapServers.length, ldapUrls()); TestSessionFactory testSessionFactory = createSessionFactory(LdapLoadBalancing.ROUND_ROBIN); // create a list of ports @@ -50,19 +54,31 @@ public class SessionFactoryLoadBalancingTests extends LdapTestCase { for (int i = 0; i < ldapServers.length; i++) { ports.add(ldapServers[i].getListenPort()); } + logger.debug("list of all ports {}", ports); - int numberToKill = randomIntBetween(1, numberOfLdapServers - 1); - for (int i = 0; i < numberToKill; i++) { - int index = randomIntBetween(0, numberOfLdapServers - 1); - ports.remove(Integer.valueOf(ldapServers[index].getListenPort())); + final int numberToKill = randomIntBetween(1, numberOfLdapServers - 1); + logger.debug("killing [{}] servers", numberToKill); + + // get a subset to kil + final List ldapServersToKill = randomSubsetOf(numberToKill, ldapServers); + final List ldapServersList = Arrays.asList(ldapServers); + for (InMemoryDirectoryServer ldapServerToKill : ldapServersToKill) { + final int index = ldapServersList.indexOf(ldapServerToKill); + assertThat(index, greaterThanOrEqualTo(0)); + final Integer port = Integer.valueOf(ldapServers[index].getListenPort()); + logger.debug("shutting down server index [{}] listening on [{}]", index, port); + assertTrue(ports.remove(port)); ldapServers[index].shutDown(true); + assertThat(ldapServers[index].getListenPort(), is(-1)); } final int numberOfIterations = randomIntBetween(1, 5); for (int iteration = 0; iteration < numberOfIterations; iteration++) { + logger.debug("iteration [{}]", iteration); for (Integer port : ports) { LDAPConnection connection = null; try { + logger.debug("attempting connection with expected port [{}]", port); connection = testSessionFactory.getServerSet().getConnection(); assertThat(connection.getConnectedPort(), is(port)); } finally { @@ -76,6 +92,7 @@ public class SessionFactoryLoadBalancingTests extends LdapTestCase { public void testFailover() throws Exception { assumeTrue("at least one ldap server should be present for this test", ldapServers.length > 1); + logger.debug("using [{}] ldap servers, urls {}", ldapServers.length, ldapUrls()); TestSessionFactory testSessionFactory = createSessionFactory(LdapLoadBalancing.FAILOVER); // first test that there is no round robin stuff going on @@ -92,32 +109,46 @@ public class SessionFactoryLoadBalancingTests extends LdapTestCase { } } - List stoppedServers = new ArrayList<>(); - // now we should kill some servers including the first one - int numberToKill = randomIntBetween(1, numberOfLdapServers - 1); - // always kill the first one, but don't add to the list + logger.debug("shutting down server index [0] listening on [{}]", ldapServers[0].getListenPort()); + // always kill the first one ldapServers[0].shutDown(true); - stoppedServers.add(0); - for (int i = 0; i < numberToKill - 1; i++) { - int index = randomIntBetween(1, numberOfLdapServers - 1); - ldapServers[index].shutDown(true); - stoppedServers.add(index); + assertThat(ldapServers[0].getListenPort(), is(-1)); + + // now randomly shutdown some others + if (ldapServers.length > 2) { + // kill at least one other server, but we need at least one good one. Hence the upper bound is number - 2 since we need at least + // one server to use! + final int numberToKill = randomIntBetween(1, numberOfLdapServers - 2); + InMemoryDirectoryServer[] allButFirstServer = Arrays.copyOfRange(ldapServers, 1, ldapServers.length); + // get a subset to kil + final List ldapServersToKill = randomSubsetOf(numberToKill, allButFirstServer); + final List ldapServersList = Arrays.asList(ldapServers); + for (InMemoryDirectoryServer ldapServerToKill : ldapServersToKill) { + final int index = ldapServersList.indexOf(ldapServerToKill); + assertThat(index, greaterThanOrEqualTo(1)); + final Integer port = Integer.valueOf(ldapServers[index].getListenPort()); + logger.debug("shutting down server index [{}] listening on [{}]", index, port); + ldapServers[index].shutDown(true); + assertThat(ldapServers[index].getListenPort(), is(-1)); + } } int firstNonStoppedPort = -1; // now we find the first that isn't stopped for (int i = 0; i < numberOfLdapServers; i++) { - if (stoppedServers.contains(i) == false) { + if (ldapServers[i].getListenPort() != -1) { firstNonStoppedPort = ldapServers[i].getListenPort(); break; } } + logger.debug("first non stopped port [{}]", firstNonStoppedPort); assertThat(firstNonStoppedPort, not(-1)); final int numberOfIterations = randomIntBetween(1, 5); for (int iteration = 0; iteration < numberOfIterations; iteration++) { LDAPConnection connection = null; try { + logger.debug("attempting connection with expected port [{}] iteration [{}]", firstNonStoppedPort, iteration); connection = testSessionFactory.getServerSet().getConnection(); assertThat(connection.getConnectedPort(), is(firstNonStoppedPort)); } finally { From fc99174b48c2ac79c7aa4c5aaf590791a9a0a962 Mon Sep 17 00:00:00 2001 From: Alexander Reelsen Date: Fri, 18 Mar 2016 15:28:50 +0100 Subject: [PATCH 08/12] Testing: Removing AwaitsFix annotation as tests pass again Tests had been muted in elastic/x-pack@0ba4d7ead880abe19b27b4d5e8f9701461916e60, but several local runs passed. Original commit: elastic/x-pack-elasticsearch@6bf0dfa4e390d14d5cb40cbce772579509d6fdaa --- .../watcher/actions/email/EmailAttachmentTests.java | 2 -- .../watcher/history/HistoryTemplateEmailMappingsTests.java | 2 -- 2 files changed, 4 deletions(-) diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/actions/email/EmailAttachmentTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/actions/email/EmailAttachmentTests.java index 7f767656c75..cef29b085bb 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/actions/email/EmailAttachmentTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/actions/email/EmailAttachmentTests.java @@ -8,7 +8,6 @@ package org.elasticsearch.watcher.actions.email; import com.squareup.okhttp.mockwebserver.MockResponse; import com.squareup.okhttp.mockwebserver.MockWebServer; import com.squareup.okhttp.mockwebserver.QueueDispatcher; -import org.apache.lucene.util.LuceneTestCase; import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.common.Strings; import org.elasticsearch.common.io.Streams; @@ -61,7 +60,6 @@ import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasItem; import static org.hamcrest.Matchers.startsWith; -@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/pull/17065") public class EmailAttachmentTests extends AbstractWatcherIntegrationTestCase { static final String USERNAME = "_user"; diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/history/HistoryTemplateEmailMappingsTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/history/HistoryTemplateEmailMappingsTests.java index f623fc843f1..92e4a5ec733 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/history/HistoryTemplateEmailMappingsTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/history/HistoryTemplateEmailMappingsTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.watcher.history; -import org.apache.lucene.util.LuceneTestCase; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.search.aggregations.Aggregations; @@ -32,7 +31,6 @@ import static org.hamcrest.Matchers.notNullValue; * This test makes sure that the email address fields in the watch_record action result are * not analyzed so they can be used in aggregations */ -@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/pull/17065") public class HistoryTemplateEmailMappingsTests extends AbstractWatcherIntegrationTestCase { static final String USERNAME = "_user"; static final String PASSWORD = "_passwd"; From d6df27a3aca729707c49e16ee826af49ecbd56a6 Mon Sep 17 00:00:00 2001 From: markharwood Date: Mon, 21 Mar 2016 09:33:19 +0000 Subject: [PATCH 09/12] Graph rest test fix - can time out waiting for green so trying with only 1 shard Original commit: elastic/x-pack-elasticsearch@0e7391eb92b7f82ca2302f518475468407a028b5 --- .../src/test/resources/rest-api-spec/test/graph/10_basic.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/elasticsearch/x-pack/graph/src/test/resources/rest-api-spec/test/graph/10_basic.yaml b/elasticsearch/x-pack/graph/src/test/resources/rest-api-spec/test/graph/10_basic.yaml index a41e4b2feaa..716c8af193d 100644 --- a/elasticsearch/x-pack/graph/src/test/resources/rest-api-spec/test/graph/10_basic.yaml +++ b/elasticsearch/x-pack/graph/src/test/resources/rest-api-spec/test/graph/10_basic.yaml @@ -7,6 +7,7 @@ settings: index: number_of_replicas: 0 + number_of_shards: 1 mappings: test: properties: From 51a69c5814649b50c126ae3f2e3ad15720c93030 Mon Sep 17 00:00:00 2001 From: Martijn van Groningen Date: Mon, 21 Mar 2016 12:37:16 +0100 Subject: [PATCH 10/12] Fixes for upstream percolator changes Original commit: elastic/x-pack-elasticsearch@b31f9ff62b37ec384fd4a8d1897b51b321a55926 --- .../authz/accesscontrol/ShieldIndexSearcherWrapper.java | 4 ++-- .../src/test/resources/org/elasticsearch/transport/handlers | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapper.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapper.java index b7fc1e6b511..c2e6a2a7863 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapper.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapper.java @@ -40,7 +40,6 @@ import org.elasticsearch.index.query.QueryShardContext; import org.elasticsearch.index.shard.IndexSearcherWrapper; import org.elasticsearch.index.shard.ShardId; import org.elasticsearch.index.shard.ShardUtils; -import org.elasticsearch.percolator.PercolatorService; import org.elasticsearch.shield.authz.InternalAuthorizationService; import org.elasticsearch.shield.authz.accesscontrol.DocumentSubsetReader.DocumentSubsetDirectoryReader; import org.elasticsearch.shield.license.ShieldLicenseState; @@ -229,9 +228,10 @@ public class ShieldIndexSearcherWrapper extends IndexSearcherWrapper { } private void resolvePercolatorFields(Set allowedFields) { - if (mapperService.hasMapping(PercolatorService.TYPE_NAME)) { + if (mapperService.hasMapping(PercolatorFieldMapper.TYPE_NAME)) { allowedFields.add(PercolatorFieldMapper.EXTRACTED_TERMS_FULL_FIELD_NAME); allowedFields.add(PercolatorFieldMapper.UNKNOWN_QUERY_FULL_FIELD_NAME); + allowedFields.add(PercolatorFieldMapper.EXTRACTED_TERMS_FULL_FIELD_NAME); } } diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers index 94f93e379cb..4f8a63074b7 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers @@ -38,9 +38,7 @@ indices:data/read/field_stats[s] indices:data/read/get[s] indices:data/read/xpack/graph/explore indices:data/read/mget[shard][s] -indices:data/read/mpercolate[shard][s] indices:data/read/mtv[shard][s] -indices:data/read/percolate[s] indices:data/read/search[clear_scroll_contexts] indices:data/read/search[free_context/scroll] indices:data/read/search[free_context] From d939289825aad5d8f47c6912932cedf9c2cfcfdb Mon Sep 17 00:00:00 2001 From: Boaz Leskes Date: Fri, 18 Mar 2016 19:36:02 +0100 Subject: [PATCH 11/12] Change ClusterService package As a result of ESelastic/elasticsearch#17183 Closes elastic/elasticsearch#1751 Original commit: elastic/x-pack-elasticsearch@1e553855f0e116f7c017434b20550e7b1dc023a1 --- .../plugin/action/delete/TransportDeleteLicenseAction.java | 2 +- .../license/plugin/action/get/TransportGetLicenseAction.java | 2 +- .../license/plugin/action/put/TransportPutLicenseAction.java | 2 +- .../org/elasticsearch/license/plugin/core/LicensesService.java | 2 +- .../license/plugin/AbstractLicensesIntegrationTestCase.java | 2 +- .../plugin/consumer/LazyLicenseRegistrationPluginService.java | 2 +- .../license/plugin/consumer/TestPluginServiceBase.java | 2 +- .../license/plugin/core/LicensesManagerServiceTests.java | 2 +- .../elasticsearch/marvel/agent/collector/AbstractCollector.java | 2 +- .../marvel/agent/collector/cluster/ClusterStateCollector.java | 2 +- .../marvel/agent/collector/cluster/ClusterStatsCollector.java | 2 +- .../marvel/agent/collector/indices/IndexRecoveryCollector.java | 2 +- .../marvel/agent/collector/indices/IndexStatsCollector.java | 2 +- .../marvel/agent/collector/indices/IndicesStatsCollector.java | 2 +- .../marvel/agent/collector/node/NodeStatsCollector.java | 2 +- .../marvel/agent/collector/shards/ShardsCollector.java | 2 +- .../java/org/elasticsearch/marvel/agent/exporter/Exporters.java | 2 +- .../marvel/agent/exporter/local/LocalExporter.java | 2 +- .../agent/collector/cluster/ClusterStateCollectorTests.java | 2 +- .../agent/collector/cluster/ClusterStatsCollectorTests.java | 2 +- .../agent/collector/indices/IndexRecoveryCollectorTests.java | 2 +- .../agent/collector/indices/IndexStatsCollectorTests.java | 2 +- .../agent/collector/indices/IndicesStatsCollectorTests.java | 2 +- .../marvel/agent/collector/node/NodeStatsCollectorTests.java | 2 +- .../marvel/agent/collector/shards/ShardsCollectorTests.java | 2 +- .../org/elasticsearch/marvel/agent/exporter/ExportersTests.java | 2 +- .../java/org/elasticsearch/shield/ShieldLifecycleService.java | 2 +- .../java/org/elasticsearch/shield/ShieldTemplateService.java | 2 +- .../shield/action/realm/TransportClearRealmCacheAction.java | 2 +- .../shield/action/role/TransportClearRolesCacheAction.java | 2 +- .../org/elasticsearch/shield/audit/index/IndexAuditTrail.java | 2 +- .../shield/authz/InternalAuthorizationService.java | 2 +- .../elasticsearch/shield/audit/index/IndexAuditTrailTests.java | 2 +- .../shield/audit/index/IndexAuditTrailUpdateMappingTests.java | 2 +- .../shield/authz/InternalAuthorizationServiceTests.java | 2 +- .../authz/indicesresolver/DefaultIndicesResolverTests.java | 2 +- .../elasticsearch/shield/transport/TransportFilterTests.java | 2 +- .../java/org/elasticsearch/watcher/WatcherLifeCycleService.java | 2 +- .../watcher/support/WatcherIndexTemplateRegistry.java | 2 +- .../watcher/transport/actions/WatcherTransportAction.java | 2 +- .../watcher/transport/actions/ack/TransportAckWatchAction.java | 2 +- .../actions/activate/TransportActivateWatchAction.java | 2 +- .../transport/actions/delete/TransportDeleteWatchAction.java | 2 +- .../transport/actions/execute/TransportExecuteWatchAction.java | 2 +- .../watcher/transport/actions/get/TransportGetWatchAction.java | 2 +- .../watcher/transport/actions/put/TransportPutWatchAction.java | 2 +- .../actions/service/TransportWatcherServiceAction.java | 2 +- .../transport/actions/stats/TransportWatcherStatsAction.java | 2 +- .../org/elasticsearch/watcher/WatcherLifeCycleServiceTests.java | 2 +- .../watcher/execution/TriggeredWatchStoreLifeCycleTests.java | 2 +- 50 files changed, 50 insertions(+), 50 deletions(-) diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/delete/TransportDeleteLicenseAction.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/delete/TransportDeleteLicenseAction.java index b901edf2066..d3b27d58012 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/delete/TransportDeleteLicenseAction.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/delete/TransportDeleteLicenseAction.java @@ -9,7 +9,7 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.action.support.master.TransportMasterNodeAction; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.ack.ClusterStateUpdateResponse; import org.elasticsearch.cluster.block.ClusterBlockException; diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/get/TransportGetLicenseAction.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/get/TransportGetLicenseAction.java index 1ea6ad4181d..421189ef4d3 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/get/TransportGetLicenseAction.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/get/TransportGetLicenseAction.java @@ -9,7 +9,7 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.action.support.master.TransportMasterNodeReadAction; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.block.ClusterBlockException; import org.elasticsearch.cluster.block.ClusterBlockLevel; diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/put/TransportPutLicenseAction.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/put/TransportPutLicenseAction.java index 53b0bcd0340..2a1063c446a 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/put/TransportPutLicenseAction.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/put/TransportPutLicenseAction.java @@ -9,7 +9,7 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.action.support.master.TransportMasterNodeAction; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.block.ClusterBlockException; import org.elasticsearch.cluster.block.ClusterBlockLevel; diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesService.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesService.java index 45b0c39e03d..f8be427dc60 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesService.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesService.java @@ -9,7 +9,7 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.cluster.AckedClusterStateUpdateTask; import org.elasticsearch.cluster.ClusterChangedEvent; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.ClusterStateListener; import org.elasticsearch.cluster.ClusterStateUpdateTask; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java index 7307dc898c2..7f9bd210f13 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.license.plugin; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.ClusterStateUpdateTask; import org.elasticsearch.cluster.metadata.MetaData; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/consumer/LazyLicenseRegistrationPluginService.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/consumer/LazyLicenseRegistrationPluginService.java index 72f2470e52b..9041d2e8a1b 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/consumer/LazyLicenseRegistrationPluginService.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/consumer/LazyLicenseRegistrationPluginService.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.license.plugin.consumer; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.inject.Singleton; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/consumer/TestPluginServiceBase.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/consumer/TestPluginServiceBase.java index 08c12e48cf9..cfff3c3c24c 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/consumer/TestPluginServiceBase.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/consumer/TestPluginServiceBase.java @@ -7,7 +7,7 @@ package org.elasticsearch.license.plugin.consumer; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.cluster.ClusterChangedEvent; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterStateListener; import org.elasticsearch.common.component.AbstractLifecycleComponent; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesManagerServiceTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesManagerServiceTests.java index 9a419aa56e3..0f62925def7 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesManagerServiceTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesManagerServiceTests.java @@ -6,7 +6,7 @@ package org.elasticsearch.license.plugin.core; import org.elasticsearch.action.ActionListener; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ack.ClusterStateUpdateResponse; import org.elasticsearch.cluster.metadata.MetaData; import org.elasticsearch.common.unit.TimeValue; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/AbstractCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/AbstractCollector.java index 86bddafa223..de0d27ed8c7 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/AbstractCollector.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/AbstractCollector.java @@ -7,7 +7,7 @@ package org.elasticsearch.marvel.agent.collector; import org.elasticsearch.ElasticsearchTimeoutException; import org.elasticsearch.Version; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.common.component.AbstractLifecycleComponent; import org.elasticsearch.common.inject.Inject; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollector.java index 40fc36aff87..d24162e9673 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollector.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollector.java @@ -7,7 +7,7 @@ package org.elasticsearch.marvel.agent.collector.cluster; import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse; import org.elasticsearch.client.Client; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.cluster.node.DiscoveryNodes; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollector.java index b7e11e05192..5ca66ce5990 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollector.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollector.java @@ -10,7 +10,7 @@ import org.elasticsearch.Version; import org.elasticsearch.action.admin.cluster.stats.ClusterStatsResponse; import org.elasticsearch.client.Client; import org.elasticsearch.cluster.ClusterName; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java index f24ea2a01a3..cd120c46ab1 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java @@ -8,7 +8,7 @@ package org.elasticsearch.marvel.agent.collector.indices; import org.elasticsearch.action.admin.indices.recovery.RecoveryResponse; import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.client.Client; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollector.java index a6140d2db5f..bbfac21c631 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollector.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollector.java @@ -9,7 +9,7 @@ import org.elasticsearch.action.admin.indices.stats.IndexStats; import org.elasticsearch.action.admin.indices.stats.IndicesStatsResponse; import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.client.Client; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.common.inject.Inject; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java index 52a9cffb91b..cbe2bdaec05 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java @@ -8,7 +8,7 @@ package org.elasticsearch.marvel.agent.collector.indices; import org.elasticsearch.action.admin.indices.stats.IndicesStatsResponse; import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.client.Client; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollector.java index fbaa7483b62..6523c03a250 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollector.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollector.java @@ -11,7 +11,7 @@ import org.elasticsearch.action.admin.cluster.node.stats.NodesStatsRequest; import org.elasticsearch.action.admin.indices.stats.CommonStatsFlags; import org.elasticsearch.bootstrap.BootstrapInfo; import org.elasticsearch.client.Client; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.cluster.routing.allocation.decider.DiskThresholdDecider; import org.elasticsearch.common.inject.Inject; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/shards/ShardsCollector.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/shards/ShardsCollector.java index 57d47be957f..5c6fef95b3c 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/shards/ShardsCollector.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/shards/ShardsCollector.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.marvel.agent.collector.shards; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.cluster.routing.RoutingTable; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/Exporters.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/Exporters.java index d3da36f35de..a01946922cc 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/Exporters.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/Exporters.java @@ -6,7 +6,7 @@ package org.elasticsearch.marvel.agent.exporter; import org.elasticsearch.ElasticsearchException; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.component.AbstractLifecycleComponent; import org.elasticsearch.common.component.Lifecycle; import org.elasticsearch.common.inject.Inject; diff --git a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/local/LocalExporter.java b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/local/LocalExporter.java index ae8f5432d93..6a351648059 100644 --- a/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/local/LocalExporter.java +++ b/elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/local/LocalExporter.java @@ -15,7 +15,7 @@ import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateReque import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateResponse; import org.elasticsearch.client.Client; import org.elasticsearch.cluster.ClusterChangedEvent; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.ClusterStateListener; import org.elasticsearch.cluster.block.ClusterBlockLevel; diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollectorTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollectorTests.java index 9d591f8f300..4a3ab63fd5d 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollectorTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollectorTests.java @@ -6,7 +6,7 @@ package org.elasticsearch.marvel.agent.collector.cluster; import org.elasticsearch.Version; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.metadata.IndexMetaData; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollectorTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollectorTests.java index e18740c5afc..fb2ec67f9d9 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollectorTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollectorTests.java @@ -8,7 +8,7 @@ package org.elasticsearch.marvel.agent.collector.cluster; import org.apache.lucene.util.LuceneTestCase.BadApple; import org.elasticsearch.Version; import org.elasticsearch.cluster.ClusterName; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.plugin.core.LicensesManagerService; import org.elasticsearch.marvel.MarvelSettings; diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollectorTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollectorTests.java index 6b8f2c453ba..0941026b89f 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollectorTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollectorTests.java @@ -7,7 +7,7 @@ package org.elasticsearch.marvel.agent.collector.indices; import org.elasticsearch.Version; import org.elasticsearch.action.admin.indices.recovery.RecoveryResponse; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.metadata.MetaData; import org.elasticsearch.common.Strings; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollectorTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollectorTests.java index 853fc54a18b..c5d2fb7b78a 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollectorTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollectorTests.java @@ -7,7 +7,7 @@ package org.elasticsearch.marvel.agent.collector.indices; import org.elasticsearch.Version; import org.elasticsearch.action.admin.indices.stats.IndexStats; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.metadata.MetaData; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.index.IndexNotFoundException; diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollectorTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollectorTests.java index ec735c6fc61..6b2b03b1b26 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollectorTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollectorTests.java @@ -8,7 +8,7 @@ package org.elasticsearch.marvel.agent.collector.indices; import org.elasticsearch.Version; import org.elasticsearch.action.admin.indices.stats.IndexStats; import org.elasticsearch.action.admin.indices.stats.IndicesStatsResponse; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.metadata.MetaData; import org.elasticsearch.common.Strings; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollectorTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollectorTests.java index 36951853163..1b84c38ad75 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollectorTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollectorTests.java @@ -7,7 +7,7 @@ package org.elasticsearch.marvel.agent.collector.node; import org.elasticsearch.Version; import org.elasticsearch.bootstrap.BootstrapInfo; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.routing.allocation.decider.DiskThresholdDecider; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.NodeEnvironment; diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/shards/ShardsCollectorTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/shards/ShardsCollectorTests.java index 7818d433df1..a333f0af184 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/shards/ShardsCollectorTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/shards/ShardsCollectorTests.java @@ -6,7 +6,7 @@ package org.elasticsearch.marvel.agent.collector.shards; import org.elasticsearch.Version; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.routing.ShardRouting; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/ExportersTests.java b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/ExportersTests.java index 4bcb75f1122..3968ab43e82 100644 --- a/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/ExportersTests.java +++ b/elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/ExportersTests.java @@ -7,7 +7,7 @@ package org.elasticsearch.marvel.agent.exporter; import org.elasticsearch.Version; import org.elasticsearch.client.Client; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldLifecycleService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldLifecycleService.java index fe8f1fa9f12..cc34a2a0c4b 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldLifecycleService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldLifecycleService.java @@ -6,7 +6,7 @@ package org.elasticsearch.shield; import org.elasticsearch.cluster.ClusterChangedEvent; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterStateListener; import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.component.LifecycleListener; diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldTemplateService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldTemplateService.java index ca9622c79e3..1324beced4e 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldTemplateService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/ShieldTemplateService.java @@ -10,7 +10,7 @@ import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateReque import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateResponse; import org.elasticsearch.client.Client; import org.elasticsearch.cluster.ClusterChangedEvent; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.ClusterStateListener; import org.elasticsearch.cluster.metadata.IndexTemplateMetaData; diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/TransportClearRealmCacheAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/TransportClearRealmCacheAction.java index 2bffcec0a8c..1c61996db8a 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/TransportClearRealmCacheAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/realm/TransportClearRealmCacheAction.java @@ -9,7 +9,7 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.action.support.nodes.TransportNodesAction; import org.elasticsearch.cluster.ClusterName; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportClearRolesCacheAction.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportClearRolesCacheAction.java index cbbf7bac9f5..017b6b0a0e1 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportClearRolesCacheAction.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/TransportClearRolesCacheAction.java @@ -8,7 +8,7 @@ package org.elasticsearch.shield.action.role; import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.action.support.nodes.TransportNodesAction; import org.elasticsearch.cluster.ClusterName; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java index 93be8e2725b..0e353dae7a7 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java @@ -19,7 +19,7 @@ import org.elasticsearch.action.index.IndexRequest; import org.elasticsearch.client.Client; import org.elasticsearch.client.transport.TransportClient; import org.elasticsearch.cluster.ClusterChangedEvent; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.ClusterStateListener; import org.elasticsearch.cluster.metadata.IndexMetaData; diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java index 638689c1c70..2f3dece0868 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java @@ -12,7 +12,7 @@ import org.elasticsearch.action.admin.indices.alias.Alias; import org.elasticsearch.action.admin.indices.create.CreateIndexRequest; import org.elasticsearch.action.search.ClearScrollAction; import org.elasticsearch.action.search.SearchScrollAction; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.metadata.AliasOrIndex; import org.elasticsearch.cluster.metadata.MetaData; diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java index 6d226741692..502b0be9e78 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java @@ -12,7 +12,7 @@ import org.elasticsearch.action.admin.indices.settings.get.GetSettingsResponse; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.client.Client; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.inject.util.Providers; import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.settings.Settings; diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailUpdateMappingTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailUpdateMappingTests.java index cac25d88acd..6f817421d88 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailUpdateMappingTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailUpdateMappingTests.java @@ -6,7 +6,7 @@ package org.elasticsearch.shield.audit.index; import org.elasticsearch.action.admin.indices.mapping.get.GetMappingsResponse; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.inject.util.Providers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.BoundTransportAddress; diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/InternalAuthorizationServiceTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/InternalAuthorizationServiceTests.java index 4863d157686..0b632ddafaa 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/InternalAuthorizationServiceTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/InternalAuthorizationServiceTests.java @@ -31,7 +31,7 @@ import org.elasticsearch.action.termvectors.TermVectorsAction; import org.elasticsearch.action.termvectors.TermVectorsRequest; import org.elasticsearch.action.update.UpdateAction; import org.elasticsearch.action.update.UpdateRequest; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.metadata.AliasMetaData; import org.elasticsearch.cluster.metadata.IndexMetaData; diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolverTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolverTests.java index fe780d71b5a..90d7bd6e436 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolverTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolverTests.java @@ -22,7 +22,7 @@ import org.elasticsearch.action.search.SearchAction; import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.client.Requests; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.metadata.AliasAction; import org.elasticsearch.cluster.metadata.AliasMetaData; diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/TransportFilterTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/TransportFilterTests.java index 7c025d70698..ec8da333296 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/TransportFilterTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/transport/TransportFilterTests.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.shield.transport; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.common.inject.AbstractModule; import org.elasticsearch.common.inject.Inject; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/WatcherLifeCycleService.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/WatcherLifeCycleService.java index b2cf8b46543..621808a68e2 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/WatcherLifeCycleService.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/WatcherLifeCycleService.java @@ -8,7 +8,7 @@ package org.elasticsearch.watcher; import org.elasticsearch.action.ActionListener; import org.elasticsearch.cluster.AckedClusterStateUpdateTask; import org.elasticsearch.cluster.ClusterChangedEvent; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.ClusterStateListener; import org.elasticsearch.cluster.ack.AckedRequest; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/support/WatcherIndexTemplateRegistry.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/support/WatcherIndexTemplateRegistry.java index 7be65707148..4c0749067be 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/support/WatcherIndexTemplateRegistry.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/support/WatcherIndexTemplateRegistry.java @@ -8,7 +8,7 @@ package org.elasticsearch.watcher.support; import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateRequest; import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateResponse; import org.elasticsearch.cluster.ClusterChangedEvent; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.ClusterStateListener; import org.elasticsearch.common.component.AbstractComponent; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/WatcherTransportAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/WatcherTransportAction.java index d771d7b143d..e7a9fc8dd3e 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/WatcherTransportAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/WatcherTransportAction.java @@ -10,7 +10,7 @@ import org.elasticsearch.action.ActionResponse; import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.action.support.master.MasterNodeRequest; import org.elasticsearch.action.support.master.TransportMasterNodeAction; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.plugin.core.LicenseUtils; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/ack/TransportAckWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/ack/TransportAckWatchAction.java index d78ba9d8628..dd81b2ca563 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/ack/TransportAckWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/ack/TransportAckWatchAction.java @@ -8,7 +8,7 @@ package org.elasticsearch.watcher.transport.actions.ack; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.block.ClusterBlockException; import org.elasticsearch.cluster.block.ClusterBlockLevel; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/activate/TransportActivateWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/activate/TransportActivateWatchAction.java index e55950421ed..854053b9c77 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/activate/TransportActivateWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/activate/TransportActivateWatchAction.java @@ -8,7 +8,7 @@ package org.elasticsearch.watcher.transport.actions.activate; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.block.ClusterBlockException; import org.elasticsearch.cluster.block.ClusterBlockLevel; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/delete/TransportDeleteWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/delete/TransportDeleteWatchAction.java index ebe28164ed3..40084fbb79f 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/delete/TransportDeleteWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/delete/TransportDeleteWatchAction.java @@ -9,7 +9,7 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.delete.DeleteResponse; import org.elasticsearch.action.support.ActionFilters; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.block.ClusterBlockException; import org.elasticsearch.cluster.block.ClusterBlockLevel; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/execute/TransportExecuteWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/execute/TransportExecuteWatchAction.java index 7bb08be325a..f69bbb71421 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/execute/TransportExecuteWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/execute/TransportExecuteWatchAction.java @@ -8,7 +8,7 @@ package org.elasticsearch.watcher.transport.actions.execute; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.block.ClusterBlockException; import org.elasticsearch.cluster.block.ClusterBlockLevel; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/get/TransportGetWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/get/TransportGetWatchAction.java index 95c70857c57..83686c5d1b8 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/get/TransportGetWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/get/TransportGetWatchAction.java @@ -8,7 +8,7 @@ package org.elasticsearch.watcher.transport.actions.get; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.block.ClusterBlockException; import org.elasticsearch.cluster.block.ClusterBlockLevel; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/put/TransportPutWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/put/TransportPutWatchAction.java index a422f96e39e..e5ffe4274ee 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/put/TransportPutWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/put/TransportPutWatchAction.java @@ -9,7 +9,7 @@ import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.index.IndexResponse; import org.elasticsearch.action.support.ActionFilters; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.block.ClusterBlockException; import org.elasticsearch.cluster.block.ClusterBlockLevel; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/service/TransportWatcherServiceAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/service/TransportWatcherServiceAction.java index 5e119dbe7cc..166e0e87e80 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/service/TransportWatcherServiceAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/service/TransportWatcherServiceAction.java @@ -8,7 +8,7 @@ package org.elasticsearch.watcher.transport.actions.service; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.block.ClusterBlockException; import org.elasticsearch.cluster.block.ClusterBlockLevel; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/stats/TransportWatcherStatsAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/stats/TransportWatcherStatsAction.java index bf691560591..fc6ac8b9ad6 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/stats/TransportWatcherStatsAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/watcher/transport/actions/stats/TransportWatcherStatsAction.java @@ -8,7 +8,7 @@ package org.elasticsearch.watcher.transport.actions.stats; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.support.ActionFilters; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.block.ClusterBlockException; import org.elasticsearch.cluster.block.ClusterBlockLevel; diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/WatcherLifeCycleServiceTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/WatcherLifeCycleServiceTests.java index ea904aed4b3..006dce9e9fa 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/WatcherLifeCycleServiceTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/WatcherLifeCycleServiceTests.java @@ -8,7 +8,7 @@ package org.elasticsearch.watcher; import org.elasticsearch.cluster.AckedClusterStateUpdateTask; import org.elasticsearch.cluster.ClusterChangedEvent; import org.elasticsearch.cluster.ClusterName; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.ClusterStateUpdateTask; import org.elasticsearch.cluster.block.ClusterBlocks; diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/execution/TriggeredWatchStoreLifeCycleTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/execution/TriggeredWatchStoreLifeCycleTests.java index 0cf8a01884a..3221e65f0f3 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/execution/TriggeredWatchStoreLifeCycleTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/execution/TriggeredWatchStoreLifeCycleTests.java @@ -6,7 +6,7 @@ package org.elasticsearch.watcher.execution; import org.elasticsearch.action.get.GetResponse; -import org.elasticsearch.cluster.ClusterService; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.watcher.condition.ExecutableCondition; import org.elasticsearch.watcher.condition.always.ExecutableAlwaysCondition; import org.elasticsearch.watcher.input.none.ExecutableNoneInput; From c5d155efe9a7492781f0ff142e237fe519937641 Mon Sep 17 00:00:00 2001 From: jaymode Date: Mon, 21 Mar 2016 06:39:38 -0400 Subject: [PATCH 12/12] security: always serialize the version with the user This change always serializes the version with the user so that we have this information for times when we need to make changes and deal with serialization changes. We do this in the authentication service because the user object is also serialized as part of the get users response and the StreamInput there will have the appropriate version set on it already and we do not need to add it in that case. Closes elastic/elasticsearch#1747 Original commit: elastic/x-pack-elasticsearch@a7ceece09c0f6ae7e37dcaf683cff54c7dc44754 --- .../shield/authc/InternalAuthenticationService.java | 4 ++++ .../authc/InternalAuthenticationServiceTests.java | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java index 5113396c60f..d747f89cbf5 100644 --- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java +++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java @@ -6,6 +6,7 @@ package org.elasticsearch.shield.authc; import org.elasticsearch.ElasticsearchSecurityException; +import org.elasticsearch.Version; import org.elasticsearch.common.Base64; import org.elasticsearch.common.Strings; import org.elasticsearch.common.component.AbstractComponent; @@ -224,6 +225,8 @@ public class InternalAuthenticationService extends AbstractComponent implements try { byte[] bytes = Base64.decode(text); StreamInput input = StreamInput.wrap(bytes); + Version version = Version.readVersion(input); + input.setVersion(version); return User.readFrom(input); } catch (IOException ioe) { throw authenticationError("could not read authenticated user", ioe); @@ -233,6 +236,7 @@ public class InternalAuthenticationService extends AbstractComponent implements static String encodeUser(User user, ESLogger logger) { try { BytesStreamOutput output = new BytesStreamOutput(); + Version.writeVersion(Version.CURRENT, output); User.writeTo(user, output); byte[] bytes = output.bytes().toBytes(); return Base64.encodeBytes(bytes); diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java index 2238f67ed75..c3e832807b3 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java @@ -7,6 +7,8 @@ package org.elasticsearch.shield.authc; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchSecurityException; +import org.elasticsearch.Version; +import org.elasticsearch.common.Base64; import org.elasticsearch.common.io.stream.BytesStreamOutput; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.settings.Settings; @@ -750,6 +752,15 @@ public class InternalAuthenticationServiceTests extends ESTestCase { } } + public void testVersionWrittenWithUser() throws Exception { + User user = new User("username", "r1", "r2", "r3"); + String text = InternalAuthenticationService.encodeUser(user, null); + + StreamInput input = StreamInput.wrap(Base64.decode(text)); + Version version = Version.readVersion(input); + assertThat(version, is(Version.CURRENT)); + } + private static class InternalMessage extends TransportMessage { } }