Merge pull request elastic/elasticsearch#2433 from javanna/feature/http_client
Low level RestClient Original commit: elastic/x-pack-elasticsearch@7a0c0eb9e6
This commit is contained in:
Luca Cavanna
GitHub
commit
694a91cd2f
|
|
@ -6,9 +6,11 @@
|
||||||
package org.elasticsearch.xpack.security.audit;
|
package org.elasticsearch.xpack.security.audit;
|
||||||
|
|
||||||
import com.carrotsearch.hppc.cursors.ObjectCursor;
|
import com.carrotsearch.hppc.cursors.ObjectCursor;
|
||||||
|
import org.apache.http.message.BasicHeader;
|
||||||
import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateResponse;
|
import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateResponse;
|
||||||
import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesResponse;
|
import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesResponse;
|
||||||
import org.elasticsearch.action.search.SearchResponse;
|
import org.elasticsearch.action.search.SearchResponse;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
import org.elasticsearch.cluster.ClusterState;
|
import org.elasticsearch.cluster.ClusterState;
|
||||||
import org.elasticsearch.cluster.metadata.IndexTemplateMetaData;
|
import org.elasticsearch.cluster.metadata.IndexTemplateMetaData;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
|
|
@ -19,7 +21,6 @@ import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||||
import org.elasticsearch.test.ESIntegTestCase;
|
import org.elasticsearch.test.ESIntegTestCase;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
import org.elasticsearch.xpack.XPackPlugin;
|
import org.elasticsearch.xpack.XPackPlugin;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
@ -35,12 +36,12 @@ public class IndexAuditIT extends ESIntegTestCase {
|
||||||
private static final String USER = "test_user";
|
private static final String USER = "test_user";
|
||||||
private static final String PASS = "changeme";
|
private static final String PASS = "changeme";
|
||||||
|
|
||||||
public void testIndexAuditTrailWorking() throws Exception {
|
public void testShieldIndexAuditTrailWorking() throws Exception {
|
||||||
HttpResponse response = httpClient().path("/")
|
try (Response response = getRestClient().performRequest("GET", "/", Collections.emptyMap(), null,
|
||||||
.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray())))
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
.execute();
|
UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray()))))) {
|
||||||
assertThat(response.getStatusCode(), is(200));
|
assertThat(response.getStatusLine().getStatusCode(), is(200));
|
||||||
|
}
|
||||||
final AtomicReference<ClusterState> lastClusterState = new AtomicReference<>();
|
final AtomicReference<ClusterState> lastClusterState = new AtomicReference<>();
|
||||||
final AtomicBoolean indexExists = new AtomicBoolean(false);
|
final AtomicBoolean indexExists = new AtomicBoolean(false);
|
||||||
boolean found = awaitBusy(() -> {
|
boolean found = awaitBusy(() -> {
|
||||||
|
|
|
||||||
|
|
@ -5,9 +5,12 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.example.realm;
|
package org.elasticsearch.example.realm;
|
||||||
|
|
||||||
|
import org.apache.http.message.BasicHeader;
|
||||||
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
|
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
|
||||||
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
|
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
|
||||||
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
|
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
|
import org.elasticsearch.client.ResponseException;
|
||||||
import org.elasticsearch.client.transport.NoNodeAvailableException;
|
import org.elasticsearch.client.transport.NoNodeAvailableException;
|
||||||
import org.elasticsearch.client.transport.TransportClient;
|
import org.elasticsearch.client.transport.TransportClient;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
|
|
@ -16,7 +19,6 @@ import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||||
import org.elasticsearch.env.Environment;
|
import org.elasticsearch.env.Environment;
|
||||||
import org.elasticsearch.plugins.Plugin;
|
import org.elasticsearch.plugins.Plugin;
|
||||||
import org.elasticsearch.test.ESIntegTestCase;
|
import org.elasticsearch.test.ESIntegTestCase;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
import org.elasticsearch.xpack.XPackPlugin;
|
import org.elasticsearch.xpack.XPackPlugin;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
@ -29,6 +31,7 @@ import static org.hamcrest.Matchers.is;
|
||||||
* Integration test to test authentication with the custom realm
|
* Integration test to test authentication with the custom realm
|
||||||
*/
|
*/
|
||||||
public class CustomRealmIT extends ESIntegTestCase {
|
public class CustomRealmIT extends ESIntegTestCase {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Settings externalClusterClientSettings() {
|
protected Settings externalClusterClientSettings() {
|
||||||
return Settings.builder()
|
return Settings.builder()
|
||||||
|
|
@ -43,18 +46,23 @@ public class CustomRealmIT extends ESIntegTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testHttpConnectionWithNoAuthentication() throws Exception {
|
public void testHttpConnectionWithNoAuthentication() throws Exception {
|
||||||
HttpResponse response = httpClient().path("/").execute();
|
try {
|
||||||
assertThat(response.getStatusCode(), is(401));
|
getRestClient().performRequest("GET", "/", Collections.emptyMap(), null);
|
||||||
String value = response.getHeaders().get("WWW-Authenticate");
|
fail("request should have failed");
|
||||||
|
} catch(ResponseException e) {
|
||||||
|
Response response = e.getResponse();
|
||||||
|
assertThat(response.getStatusLine().getStatusCode(), is(401));
|
||||||
|
String value = response.getHeader("WWW-Authenticate");
|
||||||
assertThat(value, is("custom-challenge"));
|
assertThat(value, is("custom-challenge"));
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public void testHttpAuthentication() throws Exception {
|
public void testHttpAuthentication() throws Exception {
|
||||||
HttpResponse response = httpClient().path("/")
|
try (Response response = getRestClient().performRequest("GET", "/", Collections.emptyMap(), null,
|
||||||
.addHeader(CustomRealm.USER_HEADER, CustomRealm.KNOWN_USER)
|
new BasicHeader(CustomRealm.USER_HEADER, CustomRealm.KNOWN_USER),
|
||||||
.addHeader(CustomRealm.PW_HEADER, CustomRealm.KNOWN_PW)
|
new BasicHeader(CustomRealm.PW_HEADER, CustomRealm.KNOWN_PW))) {
|
||||||
.execute();
|
assertThat(response.getStatusLine().getStatusCode(), is(200));
|
||||||
assertThat(response.getStatusCode(), is(200));
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testTransportClient() throws Exception {
|
public void testTransportClient() throws Exception {
|
||||||
|
|
|
||||||
|
|
@ -7,9 +7,9 @@ package org.elasticsearch.smoketest;
|
||||||
|
|
||||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||||
|
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||||
|
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
|
|
@ -19,6 +19,7 @@ import java.io.IOException;
|
||||||
|
|
||||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
|
|
||||||
|
|
||||||
public class GraphWithSecurityIT extends ESRestTestCase {
|
public class GraphWithSecurityIT extends ESRestTestCase {
|
||||||
|
|
||||||
private final static String TEST_ADMIN_USERNAME = "test_admin";
|
private final static String TEST_ADMIN_USERNAME = "test_admin";
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
import org.elasticsearch.test.rest.client.RestClient;
|
import org.elasticsearch.test.rest.client.RestTestClient;
|
||||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||||
import org.junit.AfterClass;
|
import org.junit.AfterClass;
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
|
|
@ -65,9 +65,9 @@ public class SmokeTestPluginsSslIT extends ESRestTestCase {
|
||||||
String token = basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray()));
|
String token = basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray()));
|
||||||
return Settings.builder()
|
return Settings.builder()
|
||||||
.put(ThreadContext.PREFIX + ".Authorization", token)
|
.put(ThreadContext.PREFIX + ".Authorization", token)
|
||||||
.put(RestClient.PROTOCOL, "https")
|
.put(RestTestClient.PROTOCOL, "https")
|
||||||
.put(RestClient.TRUSTSTORE_PATH, keyStore)
|
.put(RestTestClient.TRUSTSTORE_PATH, keyStore)
|
||||||
.put(RestClient.TRUSTSTORE_PASSWORD, KEYSTORE_PASS)
|
.put(RestTestClient.TRUSTSTORE_PASSWORD, KEYSTORE_PASS)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,22 +5,19 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.smoketest;
|
package org.elasticsearch.smoketest;
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.net.URI;
|
|
||||||
import java.net.URL;
|
|
||||||
|
|
||||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||||
import org.apache.http.client.methods.HttpPut;
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
|
||||||
import org.apache.http.impl.client.HttpClients;
|
|
||||||
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
|
|
||||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import static java.util.Collections.emptyList;
|
||||||
|
import static java.util.Collections.emptyMap;
|
||||||
|
|
||||||
public abstract class WatcherRestTestCase extends ESRestTestCase {
|
public abstract class WatcherRestTestCase extends ESRestTestCase {
|
||||||
|
|
||||||
public WatcherRestTestCase(@Name("yaml") RestTestCandidate testCandidate) {
|
public WatcherRestTestCase(@Name("yaml") RestTestCandidate testCandidate) {
|
||||||
|
|
@ -34,19 +31,11 @@ public abstract class WatcherRestTestCase extends ESRestTestCase {
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void startWatcher() throws Exception {
|
public void startWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
getAdminExecutionContext().callApi("xpack.watcher.start", emptyMap(), emptyList(), emptyMap());
|
||||||
URL url = getClusterUrls()[0];
|
|
||||||
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_start", null, null));
|
|
||||||
client.execute(request);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@After
|
@After
|
||||||
public void stopWatcher() throws Exception {
|
public void stopWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
getAdminExecutionContext().callApi("xpack.watcher.stop", emptyMap(), emptyList(), emptyMap());
|
||||||
URL url = getClusterUrls()[0];
|
|
||||||
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_stop", null, null));
|
|
||||||
client.execute(request);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -7,10 +7,6 @@ package org.elasticsearch.smoketest;
|
||||||
|
|
||||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||||
import org.apache.http.client.methods.HttpPut;
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
|
||||||
import org.apache.http.impl.client.HttpClients;
|
|
||||||
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
|
|
||||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||||
|
|
@ -18,8 +14,9 @@ import org.junit.After;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.URI;
|
|
||||||
import java.net.URL;
|
import static java.util.Collections.emptyList;
|
||||||
|
import static java.util.Collections.emptyMap;
|
||||||
|
|
||||||
public abstract class WatcherRestTestCase extends ESRestTestCase {
|
public abstract class WatcherRestTestCase extends ESRestTestCase {
|
||||||
|
|
||||||
|
|
@ -34,19 +31,11 @@ public abstract class WatcherRestTestCase extends ESRestTestCase {
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void startWatcher() throws Exception {
|
public void startWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
getAdminExecutionContext().callApi("xpack.watcher.start", emptyMap(), emptyList(), emptyMap());
|
||||||
URL url = getClusterUrls()[0];
|
|
||||||
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_start", null, null));
|
|
||||||
client.execute(request);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@After
|
@After
|
||||||
public void stopWatcher() throws Exception {
|
public void stopWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
getAdminExecutionContext().callApi("xpack.watcher.stop", emptyMap(), emptyList(), emptyMap());
|
||||||
URL url = getClusterUrls()[0];
|
|
||||||
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_stop", null, null));
|
|
||||||
client.execute(request);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -55,7 +55,7 @@
|
||||||
catch: request_timeout
|
catch: request_timeout
|
||||||
cluster.health:
|
cluster.health:
|
||||||
wait_for_nodes: 99
|
wait_for_nodes: 99
|
||||||
timeout: 10s
|
timeout: 5s
|
||||||
- match: { "timed_out": true }
|
- match: { "timed_out": true }
|
||||||
|
|
||||||
- do:
|
- do:
|
||||||
|
|
|
||||||
|
|
@ -53,7 +53,7 @@
|
||||||
catch: request_timeout
|
catch: request_timeout
|
||||||
cluster.health:
|
cluster.health:
|
||||||
wait_for_nodes: 99
|
wait_for_nodes: 99
|
||||||
timeout: 10s
|
timeout: 5s
|
||||||
- match: { "timed_out": true }
|
- match: { "timed_out": true }
|
||||||
|
|
||||||
- do:
|
- do:
|
||||||
|
|
|
||||||
|
|
@ -5,22 +5,19 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.smoketest;
|
package org.elasticsearch.smoketest;
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.net.URI;
|
|
||||||
import java.net.URL;
|
|
||||||
|
|
||||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||||
import org.apache.http.client.methods.HttpPut;
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
|
||||||
import org.apache.http.impl.client.HttpClients;
|
|
||||||
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
|
|
||||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import static java.util.Collections.emptyList;
|
||||||
|
import static java.util.Collections.emptyMap;
|
||||||
|
|
||||||
public abstract class WatcherRestTestCase extends ESRestTestCase {
|
public abstract class WatcherRestTestCase extends ESRestTestCase {
|
||||||
|
|
||||||
public WatcherRestTestCase(@Name("yaml") RestTestCandidate testCandidate) {
|
public WatcherRestTestCase(@Name("yaml") RestTestCandidate testCandidate) {
|
||||||
|
|
@ -34,19 +31,11 @@ public abstract class WatcherRestTestCase extends ESRestTestCase {
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void startWatcher() throws Exception {
|
public void startWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
getAdminExecutionContext().callApi("xpack.watcher.start", emptyMap(), emptyList(), emptyMap());
|
||||||
URL url = getClusterUrls()[0];
|
|
||||||
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_start", null, null));
|
|
||||||
client.execute(request);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@After
|
@After
|
||||||
public void stopWatcher() throws Exception {
|
public void stopWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
getAdminExecutionContext().callApi("xpack.watcher.stop", emptyMap(), emptyList(), emptyMap());
|
||||||
URL url = getClusterUrls()[0];
|
|
||||||
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_stop", null, null));
|
|
||||||
client.execute(request);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,28 +5,26 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.smoketest;
|
package org.elasticsearch.smoketest;
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.net.URI;
|
|
||||||
import java.net.URL;
|
|
||||||
|
|
||||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||||
import org.apache.http.client.methods.HttpPut;
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
|
||||||
import org.apache.http.impl.client.HttpClients;
|
|
||||||
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
|
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
|
||||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import static java.util.Collections.emptyList;
|
||||||
|
import static java.util.Collections.emptyMap;
|
||||||
|
|
||||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
|
|
||||||
|
|
||||||
public class WatcherWithSecurityIT extends ESRestTestCase {
|
public class WatcherWithSecurityIT extends ESRestTestCase {
|
||||||
|
|
||||||
private final static String TEST_ADMIN_USERNAME = "test_admin";
|
private final static String TEST_ADMIN_USERNAME = "test_admin";
|
||||||
|
|
@ -43,24 +41,12 @@ public class WatcherWithSecurityIT extends ESRestTestCase {
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void startWatcher() throws Exception {
|
public void startWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
getAdminExecutionContext().callApi("xpack.watcher.start", emptyMap(), emptyList(), emptyMap());
|
||||||
URL url = getClusterUrls()[0];
|
|
||||||
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_start", null, null));
|
|
||||||
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
|
|
||||||
request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
|
|
||||||
client.execute(request);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@After
|
@After
|
||||||
public void stopWatcher() throws Exception {
|
public void stopWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
getAdminExecutionContext().callApi("xpack.watcher.stop", emptyMap(), emptyList(), emptyMap());
|
||||||
URL url = getClusterUrls()[0];
|
|
||||||
HttpPut request = new HttpPut(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/watcher/_stop", null, null));
|
|
||||||
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
|
|
||||||
request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
|
|
||||||
client.execute(request);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -5,21 +5,18 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.marvel.security;
|
package org.elasticsearch.marvel.security;
|
||||||
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.Header;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.message.BasicHeader;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.xcontent.json.JsonXContent;
|
import org.elasticsearch.common.xcontent.json.JsonXContent;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
|
||||||
import org.elasticsearch.marvel.MonitoringSettings;
|
import org.elasticsearch.marvel.MonitoringSettings;
|
||||||
import org.elasticsearch.marvel.test.MarvelIntegTestCase;
|
import org.elasticsearch.marvel.test.MarvelIntegTestCase;
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
|
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
import org.hamcrest.Matchers;
|
import org.hamcrest.Matchers;
|
||||||
import org.junit.After;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.util.Collections;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import static org.elasticsearch.common.xcontent.support.XContentMapValues.extractValue;
|
import static org.elasticsearch.common.xcontent.support.XContentMapValues.extractValue;
|
||||||
|
|
@ -29,13 +26,6 @@ import static org.hamcrest.CoreMatchers.nullValue;
|
||||||
|
|
||||||
public class MarvelSettingsFilterTests extends MarvelIntegTestCase {
|
public class MarvelSettingsFilterTests extends MarvelIntegTestCase {
|
||||||
|
|
||||||
private CloseableHttpClient httpClient = HttpClients.createDefault();
|
|
||||||
|
|
||||||
@After
|
|
||||||
public void cleanup() throws IOException {
|
|
||||||
httpClient.close();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Settings nodeSettings(int nodeOrdinal) {
|
protected Settings nodeSettings(int nodeOrdinal) {
|
||||||
return Settings.builder()
|
return Settings.builder()
|
||||||
|
|
@ -53,12 +43,23 @@ public class MarvelSettingsFilterTests extends MarvelIntegTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testGetSettingsFiltered() throws Exception {
|
public void testGetSettingsFiltered() throws Exception {
|
||||||
String body = executeRequest("GET", "/_nodes/settings", null, null).getBody();
|
Header[] headers;
|
||||||
Map<String, Object> response = JsonXContent.jsonXContent.createParser(body).map();
|
if (securityEnabled) {
|
||||||
Map<String, Object> nodes = (Map<String, Object>) response.get("nodes");
|
headers = new Header[] {
|
||||||
|
new BasicHeader(BASIC_AUTH_HEADER,
|
||||||
|
basicAuthHeaderValue(SecuritySettings.TEST_USERNAME,
|
||||||
|
new SecuredString(SecuritySettings.TEST_PASSWORD.toCharArray())))};
|
||||||
|
} else {
|
||||||
|
headers = new Header[0];
|
||||||
|
}
|
||||||
|
try (Response response = getRestClient().performRequest("GET", "/_nodes/settings",
|
||||||
|
Collections.emptyMap(), null, headers)) {
|
||||||
|
Map<String, Object> responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map();
|
||||||
|
@SuppressWarnings("unchecked")
|
||||||
|
Map<String, Object> nodes = (Map<String, Object>) responseMap.get("nodes");
|
||||||
for (Object node : nodes.values()) {
|
for (Object node : nodes.values()) {
|
||||||
|
@SuppressWarnings("unchecked")
|
||||||
Map<String, Object> settings = (Map<String, Object>) ((Map<String, Object>) node).get("settings");
|
Map<String, Object> settings = (Map<String, Object>) ((Map<String, Object>) node).get("settings");
|
||||||
|
|
||||||
assertThat(extractValue("xpack.monitoring.agent.exporters._http.type", settings), Matchers.<Object>equalTo("http"));
|
assertThat(extractValue("xpack.monitoring.agent.exporters._http.type", settings), Matchers.<Object>equalTo("http"));
|
||||||
assertThat(extractValue("xpack.monitoring.agent.exporters._http.enabled", settings), Matchers.<Object>equalTo("false"));
|
assertThat(extractValue("xpack.monitoring.agent.exporters._http.enabled", settings), Matchers.<Object>equalTo("false"));
|
||||||
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.auth.username");
|
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.auth.username");
|
||||||
|
|
@ -68,31 +69,9 @@ public class MarvelSettingsFilterTests extends MarvelIntegTestCase {
|
||||||
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.ssl.hostname_verification");
|
assertNullSetting(settings, "xpack.monitoring.agent.exporters._http.ssl.hostname_verification");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private void assertNullSetting(Map<String, Object> settings, String setting) {
|
private void assertNullSetting(Map<String, Object> settings, String setting) {
|
||||||
assertThat(extractValue(setting, settings), nullValue());
|
assertThat(extractValue(setting, settings), nullValue());
|
||||||
}
|
}
|
||||||
|
|
||||||
protected HttpResponse executeRequest(String method, String path, String body, Map<String, String> params) throws IOException {
|
|
||||||
HttpServerTransport httpServerTransport = internalCluster().getInstance(HttpServerTransport.class,
|
|
||||||
internalCluster().getMasterName());
|
|
||||||
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
|
|
||||||
.httpTransport(httpServerTransport)
|
|
||||||
.method(method)
|
|
||||||
.path(path);
|
|
||||||
|
|
||||||
if (params != null) {
|
|
||||||
for (Map.Entry<String, String> entry : params.entrySet()) {
|
|
||||||
requestBuilder.addParam(entry.getKey(), entry.getValue());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (body != null) {
|
|
||||||
requestBuilder.body(body);
|
|
||||||
}
|
|
||||||
if (securityEnabled) {
|
|
||||||
requestBuilder.addHeader(BASIC_AUTH_HEADER,
|
|
||||||
basicAuthHeaderValue(SecuritySettings.TEST_USERNAME, new SecuredString(SecuritySettings.TEST_PASSWORD.toCharArray())));
|
|
||||||
}
|
|
||||||
return requestBuilder.execute();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,16 +5,18 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.integration;
|
package org.elasticsearch.integration;
|
||||||
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.HttpEntity;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.StatusLine;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
import org.apache.http.entity.StringEntity;
|
||||||
|
import org.apache.http.message.BasicHeader;
|
||||||
|
import org.apache.http.util.EntityUtils;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
|
import org.elasticsearch.client.ResponseException;
|
||||||
|
import org.elasticsearch.client.RestClient;
|
||||||
|
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||||
import org.elasticsearch.xpack.security.authc.support.Hasher;
|
import org.elasticsearch.xpack.security.authc.support.Hasher;
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
|
||||||
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
|
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
import org.junit.After;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
|
@ -32,19 +34,16 @@ public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase {
|
||||||
|
|
||||||
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray())));
|
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray())));
|
||||||
|
|
||||||
private CloseableHttpClient httpClient = HttpClients.createDefault();
|
|
||||||
|
|
||||||
@After
|
|
||||||
public void cleanup() throws IOException {
|
|
||||||
httpClient.close();
|
|
||||||
}
|
|
||||||
|
|
||||||
protected void assertAccessIsAllowed(String user, String method, String uri, String body,
|
protected void assertAccessIsAllowed(String user, String method, String uri, String body,
|
||||||
Map<String, String> params) throws IOException {
|
Map<String, String> params) throws IOException {
|
||||||
HttpResponse response = executeRequest(user, method, uri, body, params);
|
try (Response response = getRestClient().performRequest(method, uri, params, entityOrNull(body),
|
||||||
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
|
UsernamePasswordToken.basicAuthHeaderValue(user, new SecuredString("passwd".toCharArray()))))) {
|
||||||
|
StatusLine statusLine = response.getStatusLine();
|
||||||
String message = String.format(Locale.ROOT, "%s %s: Expected no error got %s %s with body %s", method, uri,
|
String message = String.format(Locale.ROOT, "%s %s: Expected no error got %s %s with body %s", method, uri,
|
||||||
response.getStatusCode(), response.getReasonPhrase(), response.getBody());
|
statusLine.getStatusCode(), statusLine.getReasonPhrase(), EntityUtils.toString(response.getEntity()));
|
||||||
assertThat(message, response.getStatusCode(), is(not(greaterThanOrEqualTo(400))));
|
assertThat(message, statusLine.getStatusCode(), is(not(greaterThanOrEqualTo(400))));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void assertAccessIsAllowed(String user, String method, String uri, String body) throws IOException {
|
protected void assertAccessIsAllowed(String user, String method, String uri, String body) throws IOException {
|
||||||
|
|
@ -65,28 +64,24 @@ public abstract class AbstractPrivilegeTestCase extends SecurityIntegTestCase {
|
||||||
|
|
||||||
protected void assertAccessIsDenied(String user, String method, String uri, String body,
|
protected void assertAccessIsDenied(String user, String method, String uri, String body,
|
||||||
Map<String, String> params) throws IOException {
|
Map<String, String> params) throws IOException {
|
||||||
HttpResponse response = executeRequest(user, method, uri, body, params);
|
try {
|
||||||
|
getRestClient().performRequest(method, uri, params, entityOrNull(body),
|
||||||
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
|
UsernamePasswordToken.basicAuthHeaderValue(user, new SecuredString("passwd".toCharArray()))));
|
||||||
|
fail("request should have failed");
|
||||||
|
} catch(ResponseException e) {
|
||||||
|
StatusLine statusLine = e.getResponse().getStatusLine();
|
||||||
String message = String.format(Locale.ROOT, "%s %s body %s: Expected 403, got %s %s with body %s", method, uri, body,
|
String message = String.format(Locale.ROOT, "%s %s body %s: Expected 403, got %s %s with body %s", method, uri, body,
|
||||||
response.getStatusCode(), response.getReasonPhrase(), response.getBody());
|
statusLine.getStatusCode(), statusLine.getReasonPhrase(), e.getResponseBody());
|
||||||
assertThat(message, response.getStatusCode(), is(403));
|
assertThat(message, statusLine.getStatusCode(), is(403));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected HttpResponse executeRequest(String user, String method, String uri, String body,
|
private static HttpEntity entityOrNull(String body) {
|
||||||
Map<String, String> params) throws IOException {
|
HttpEntity entity = null;
|
||||||
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
|
||||||
|
|
||||||
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport);
|
|
||||||
requestBuilder.path(uri);
|
|
||||||
requestBuilder.method(method);
|
|
||||||
for (Map.Entry<String, String> entry : params.entrySet()) {
|
|
||||||
requestBuilder.addParam(entry.getKey(), entry.getValue());
|
|
||||||
}
|
|
||||||
if (body != null) {
|
if (body != null) {
|
||||||
requestBuilder.body(body);
|
entity = new StringEntity(body, RestClient.JSON_CONTENT_TYPE);
|
||||||
}
|
}
|
||||||
requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(user,
|
return entity;
|
||||||
new SecuredString("passwd".toCharArray())));
|
|
||||||
return requestBuilder.execute();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,9 +5,15 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.integration;
|
package org.elasticsearch.integration;
|
||||||
|
|
||||||
|
import org.apache.http.Header;
|
||||||
|
import org.apache.http.entity.StringEntity;
|
||||||
|
import org.apache.http.message.BasicHeader;
|
||||||
|
import org.apache.http.util.EntityUtils;
|
||||||
import org.elasticsearch.action.bulk.BulkResponse;
|
import org.elasticsearch.action.bulk.BulkResponse;
|
||||||
import org.elasticsearch.action.get.GetResponse;
|
import org.elasticsearch.action.get.GetResponse;
|
||||||
import org.elasticsearch.action.update.UpdateResponse;
|
import org.elasticsearch.action.update.UpdateResponse;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
|
import org.elasticsearch.client.RestClient;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.xpack.security.Security;
|
import org.elasticsearch.xpack.security.Security;
|
||||||
|
|
@ -15,10 +21,10 @@ import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||||
import org.elasticsearch.test.SecuritySettingsSource;
|
import org.elasticsearch.test.SecuritySettingsSource;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
import org.elasticsearch.xpack.XPackPlugin;
|
import org.elasticsearch.xpack.XPackPlugin;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.util.Collections;
|
||||||
|
|
||||||
import static org.hamcrest.Matchers.containsString;
|
import static org.hamcrest.Matchers.containsString;
|
||||||
import static org.hamcrest.Matchers.equalTo;
|
import static org.hamcrest.Matchers.equalTo;
|
||||||
|
|
@ -49,8 +55,8 @@ public class BulkUpdateTests extends SecurityIntegTestCase {
|
||||||
.get().isCreated();
|
.get().isCreated();
|
||||||
assertThat(created, is(false));
|
assertThat(created, is(false));
|
||||||
getResponse = internalCluster().transportClient().prepareGet("index1", "type", "1").setFields("test", "not test").get();
|
getResponse = internalCluster().transportClient().prepareGet("index1", "type", "1").setFields("test", "not test").get();
|
||||||
assertThat((String) getResponse.getField("test").getValue(), equalTo("test"));
|
assertThat(getResponse.getField("test").getValue(), equalTo("test"));
|
||||||
assertThat((String) getResponse.getField("not test").getValue(), equalTo("not test"));
|
assertThat(getResponse.getField("not test").getValue(), equalTo("not test"));
|
||||||
|
|
||||||
// this part is important. Without this, the document may be read from the translog which would bypass the bug where
|
// this part is important. Without this, the document may be read from the translog which would bypass the bug where
|
||||||
// FLS kicks in because the request can't be found and only returns meta fields
|
// FLS kicks in because the request can't be found and only returns meta fields
|
||||||
|
|
@ -62,43 +68,61 @@ public class BulkUpdateTests extends SecurityIntegTestCase {
|
||||||
assertThat(((UpdateResponse)response.getItems()[0].getResponse()).isCreated(), is(false));
|
assertThat(((UpdateResponse)response.getItems()[0].getResponse()).isCreated(), is(false));
|
||||||
getResponse = internalCluster().transportClient().prepareGet("index1", "type", "1").
|
getResponse = internalCluster().transportClient().prepareGet("index1", "type", "1").
|
||||||
setFields("test", "not test", "bulk updated").get();
|
setFields("test", "not test", "bulk updated").get();
|
||||||
assertThat((String) getResponse.getField("test").getValue(), equalTo("test"));
|
assertThat(getResponse.getField("test").getValue(), equalTo("test"));
|
||||||
assertThat((String) getResponse.getField("not test").getValue(), equalTo("not test"));
|
assertThat(getResponse.getField("not test").getValue(), equalTo("not test"));
|
||||||
assertThat((String) getResponse.getField("bulk updated").getValue(), equalTo("bulk updated"));
|
assertThat(getResponse.getField("bulk updated").getValue(), equalTo("bulk updated"));
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testThatBulkUpdateDoesNotLoseFieldsHttp() throws IOException {
|
public void testThatBulkUpdateDoesNotLoseFieldsHttp() throws IOException {
|
||||||
final String path = "/index1/type/1";
|
final String path = "/index1/type/1";
|
||||||
final String basicAuthHeader = UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
final Header basicAuthHeader = new BasicHeader("Authorization",
|
||||||
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()));
|
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
||||||
|
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
|
||||||
|
|
||||||
httpClient().path(path).addHeader("Authorization", basicAuthHeader).method("PUT").body("{\"test\":\"test\"}").execute();
|
StringEntity body = new StringEntity("{\"test\":\"test\"}", RestClient.JSON_CONTENT_TYPE);
|
||||||
HttpResponse response = httpClient().path(path).addHeader("Authorization", basicAuthHeader).method("GET").execute();
|
try (Response response = getRestClient().performRequest("PUT", path, Collections.emptyMap(), body, basicAuthHeader)) {
|
||||||
assertThat(response.getBody(), containsString("\"test\":\"test\""));
|
assertThat(response.getStatusLine().getStatusCode(), equalTo(201));
|
||||||
|
}
|
||||||
|
|
||||||
|
try (Response response = getRestClient().performRequest("GET", path, Collections.emptyMap(), null, basicAuthHeader)) {
|
||||||
|
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
|
||||||
|
assertThat(EntityUtils.toString(response.getEntity()), containsString("\"test\":\"test\""));
|
||||||
|
}
|
||||||
|
|
||||||
if (randomBoolean()) {
|
if (randomBoolean()) {
|
||||||
flushAndRefresh();
|
flushAndRefresh();
|
||||||
}
|
}
|
||||||
|
|
||||||
//update with new field
|
//update with new field
|
||||||
httpClient().path(path + "/_update").addHeader("Authorization", basicAuthHeader).method("POST").
|
body = new StringEntity("{\"doc\": {\"not test\": \"not test\"}}", RestClient.JSON_CONTENT_TYPE);
|
||||||
body("{\"doc\": {\"not test\": \"not test\"}}").execute();
|
try (Response response = getRestClient().performRequest("POST", path + "/_update",
|
||||||
response = httpClient().path(path).addHeader("Authorization", basicAuthHeader).method("GET").execute();
|
Collections.emptyMap(), body, basicAuthHeader)) {
|
||||||
assertThat(response.getBody(), containsString("\"test\":\"test\""));
|
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
|
||||||
assertThat(response.getBody(), containsString("\"not test\":\"not test\""));
|
}
|
||||||
|
|
||||||
|
try (Response response = getRestClient().performRequest("GET", path, Collections.emptyMap(), null, basicAuthHeader)) {
|
||||||
|
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
|
||||||
|
String responseBody = EntityUtils.toString(response.getEntity());
|
||||||
|
assertThat(responseBody, containsString("\"test\":\"test\""));
|
||||||
|
assertThat(responseBody, containsString("\"not test\":\"not test\""));
|
||||||
|
}
|
||||||
|
|
||||||
// this part is important. Without this, the document may be read from the translog which would bypass the bug where
|
// this part is important. Without this, the document may be read from the translog which would bypass the bug where
|
||||||
// FLS kicks in because the request can't be found and only returns meta fields
|
// FLS kicks in because the request can't be found and only returns meta fields
|
||||||
flushAndRefresh();
|
flushAndRefresh();
|
||||||
|
|
||||||
// update with bulk
|
body = new StringEntity("{\"update\": {\"_index\": \"index1\", \"_type\": \"type\", \"_id\": \"1\"}}\n" +
|
||||||
httpClient().path("/_bulk").addHeader("Authorization", basicAuthHeader).method("POST")
|
"{\"doc\": {\"bulk updated\":\"bulk updated\"}}\n", RestClient.JSON_CONTENT_TYPE);
|
||||||
.body("{\"update\": {\"_index\": \"index1\", \"_type\": \"type\", \"_id\": \"1\"}}\n{\"doc\": {\"bulk updated\":\"bulk " +
|
try (Response response = getRestClient().performRequest("POST", "/_bulk",
|
||||||
"updated\"}}\n")
|
Collections.emptyMap(), body, basicAuthHeader)) {
|
||||||
.execute();
|
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
|
||||||
response = httpClient().path(path).addHeader("Authorization", basicAuthHeader).method("GET").execute();
|
}
|
||||||
assertThat(response.getBody(), containsString("\"test\":\"test\""));
|
|
||||||
assertThat(response.getBody(), containsString("\"not test\":\"not test\""));
|
try (Response response = getRestClient().performRequest("GET", path, Collections.emptyMap(), null, basicAuthHeader)) {
|
||||||
assertThat(response.getBody(), containsString("\"bulk updated\":\"bulk updated\""));
|
String responseBody = EntityUtils.toString(response.getEntity());
|
||||||
|
assertThat(responseBody, containsString("\"test\":\"test\""));
|
||||||
|
assertThat(responseBody, containsString("\"not test\":\"not test\""));
|
||||||
|
assertThat(responseBody, containsString("\"bulk updated\":\"bulk updated\""));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,14 +5,15 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.integration;
|
package org.elasticsearch.integration;
|
||||||
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.message.BasicHeader;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.util.EntityUtils;
|
||||||
import org.elasticsearch.action.ActionListener;
|
import org.elasticsearch.action.ActionListener;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
import org.elasticsearch.common.Strings;
|
import org.elasticsearch.common.Strings;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||||
import org.elasticsearch.xpack.security.user.User;
|
import org.elasticsearch.test.SecuritySettingsSource;
|
||||||
import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheRequest;
|
import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheRequest;
|
||||||
import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheResponse;
|
import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheResponse;
|
||||||
import org.elasticsearch.xpack.security.authc.Realm;
|
import org.elasticsearch.xpack.security.authc.Realm;
|
||||||
|
|
@ -22,10 +23,7 @@ import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
|
import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
|
||||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||||
import org.elasticsearch.xpack.security.client.SecurityClient;
|
import org.elasticsearch.xpack.security.client.SecurityClient;
|
||||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
import org.elasticsearch.xpack.security.user.User;
|
||||||
import org.elasticsearch.test.SecuritySettingsSource;
|
|
||||||
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
|
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
|
@ -39,14 +37,10 @@ import java.util.concurrent.TimeUnit;
|
||||||
import java.util.concurrent.atomic.AtomicReference;
|
import java.util.concurrent.atomic.AtomicReference;
|
||||||
|
|
||||||
import static org.hamcrest.Matchers.equalTo;
|
import static org.hamcrest.Matchers.equalTo;
|
||||||
import static org.hamcrest.Matchers.is;
|
|
||||||
import static org.hamcrest.Matchers.not;
|
import static org.hamcrest.Matchers.not;
|
||||||
import static org.hamcrest.Matchers.notNullValue;
|
import static org.hamcrest.Matchers.notNullValue;
|
||||||
import static org.hamcrest.Matchers.sameInstance;
|
import static org.hamcrest.Matchers.sameInstance;
|
||||||
|
|
||||||
/**
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public class ClearRealmsCacheTests extends SecurityIntegTestCase {
|
public class ClearRealmsCacheTests extends SecurityIntegTestCase {
|
||||||
private static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray())));
|
private static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray())));
|
||||||
|
|
||||||
|
|
@ -168,21 +162,12 @@ public class ClearRealmsCacheTests extends SecurityIntegTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void executeHttpRequest(String path, Map<String, String> params) throws Exception {
|
static void executeHttpRequest(String path, Map<String, String> params) throws Exception {
|
||||||
try (CloseableHttpClient client = HttpClients.createDefault()) {
|
try (Response response = getRestClient().performRequest("POST", path, params, null,
|
||||||
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(client)
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
.httpTransport(internalCluster().getDataNodeInstance(HttpServerTransport.class))
|
|
||||||
.method("POST")
|
|
||||||
.path(path);
|
|
||||||
for (Map.Entry<String, String> entry : params.entrySet()) {
|
|
||||||
requestBuilder.addParam(entry.getKey(), entry.getValue());
|
|
||||||
}
|
|
||||||
requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
|
||||||
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
||||||
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
|
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
|
||||||
HttpResponse response = requestBuilder.execute();
|
assertNotNull(response.getEntity());
|
||||||
assertThat(response.hasBody(), is(true));
|
assertTrue(EntityUtils.toString(response.getEntity()).contains("cluster_name"));
|
||||||
String body = response.getBody();
|
|
||||||
assertThat(body.contains("cluster_name"), is(true));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,9 +5,11 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.integration;
|
package org.elasticsearch.integration;
|
||||||
|
|
||||||
|
import org.apache.http.message.BasicHeader;
|
||||||
import org.elasticsearch.action.delete.DeleteResponse;
|
import org.elasticsearch.action.delete.DeleteResponse;
|
||||||
import org.elasticsearch.action.update.UpdateResponse;
|
import org.elasticsearch.action.update.UpdateResponse;
|
||||||
import org.elasticsearch.client.Client;
|
import org.elasticsearch.client.Client;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
import org.elasticsearch.common.Strings;
|
import org.elasticsearch.common.Strings;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
|
|
@ -23,11 +25,11 @@ import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
|
||||||
import org.elasticsearch.xpack.security.client.SecurityClient;
|
import org.elasticsearch.xpack.security.client.SecurityClient;
|
||||||
import org.elasticsearch.test.NativeRealmIntegTestCase;
|
import org.elasticsearch.test.NativeRealmIntegTestCase;
|
||||||
import org.elasticsearch.test.SecuritySettingsSource;
|
import org.elasticsearch.test.SecuritySettingsSource;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
|
||||||
|
|
@ -128,7 +130,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
|
||||||
final boolean useHttp = randomBoolean();
|
final boolean useHttp = randomBoolean();
|
||||||
final boolean clearAll = randomBoolean();
|
final boolean clearAll = randomBoolean();
|
||||||
logger.debug("--> starting to clear roles. using http [{}] clearing all [{}]", useHttp, clearAll);
|
logger.debug("--> starting to clear roles. using http [{}] clearing all [{}]", useHttp, clearAll);
|
||||||
String[] rolesToClear = clearAll ? (randomBoolean() ? roles : null) : toModify.toArray(Strings.EMPTY_ARRAY);
|
String[] rolesToClear = clearAll ? (randomBoolean() ? roles : null) : toModify.toArray(new String[toModify.size()]);
|
||||||
if (useHttp) {
|
if (useHttp) {
|
||||||
String path;
|
String path;
|
||||||
if (rolesToClear == null) {
|
if (rolesToClear == null) {
|
||||||
|
|
@ -136,12 +138,12 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
|
||||||
} else {
|
} else {
|
||||||
path = "/_xpack/security/role/" + Strings.arrayToCommaDelimitedString(rolesToClear) + "/_clear_cache";
|
path = "/_xpack/security/role/" + Strings.arrayToCommaDelimitedString(rolesToClear) + "/_clear_cache";
|
||||||
}
|
}
|
||||||
HttpResponse response = httpClient().path(path).method("POST")
|
try (Response response = getRestClient().performRequest("POST", path, Collections.emptyMap(), null,
|
||||||
.addHeader("Authorization",
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
||||||
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))
|
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
|
||||||
.execute();
|
assertThat(response.getStatusLine().getStatusCode(), is(RestStatus.OK.getStatus()));
|
||||||
assertThat(response.getStatusCode(), is(RestStatus.OK.getStatus()));
|
}
|
||||||
} else {
|
} else {
|
||||||
securityClient.prepareClearRolesCache().names(rolesToClear).get();
|
securityClient.prepareClearRolesCache().names(rolesToClear).get();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,20 +5,21 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.integration;
|
package org.elasticsearch.integration;
|
||||||
|
|
||||||
import org.apache.lucene.util.LuceneTestCase.BadApple;
|
import org.apache.http.message.BasicHeader;
|
||||||
|
import org.elasticsearch.client.ResponseException;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.test.ESIntegTestCase;
|
import org.elasticsearch.test.ESIntegTestCase;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
|
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.Locale;
|
import java.util.Locale;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import static java.util.Collections.singletonMap;
|
import static java.util.Collections.singletonMap;
|
||||||
import static org.hamcrest.Matchers.containsString;
|
import static org.apache.lucene.util.LuceneTestCase.BadApple;
|
||||||
import static org.hamcrest.Matchers.is;
|
import static org.hamcrest.Matchers.is;
|
||||||
|
|
||||||
//test is just too slow, please fix it to not be sleep-based
|
//test is just too slow, please fix it to not be sleep-based
|
||||||
|
|
@ -303,8 +304,14 @@ public class IndexPrivilegeTests extends AbstractPrivilegeTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testThatUnknownUserIsRejectedProperly() throws Exception {
|
public void testThatUnknownUserIsRejectedProperly() throws Exception {
|
||||||
HttpResponse response = executeRequest("idonotexist", "GET", "/", null, new HashMap<>());
|
try {
|
||||||
assertThat(response.getStatusCode(), is(401));
|
getRestClient().performRequest("GET", "/", Collections.emptyMap(), null,
|
||||||
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
|
UsernamePasswordToken.basicAuthHeaderValue("idonotexist", new SecuredString("passwd".toCharArray()))));
|
||||||
|
fail("request should have failed");
|
||||||
|
} catch(ResponseException e) {
|
||||||
|
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void assertUserExecutes(String user, String action, String index, boolean userIsAllowed) throws Exception {
|
private void assertUserExecutes(String user, String action, String index, boolean userIsAllowed) throws Exception {
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,8 @@ import org.elasticsearch.action.admin.cluster.stats.ClusterStatsResponse;
|
||||||
import org.elasticsearch.action.admin.indices.stats.IndicesStatsResponse;
|
import org.elasticsearch.action.admin.indices.stats.IndicesStatsResponse;
|
||||||
import org.elasticsearch.action.index.IndexResponse;
|
import org.elasticsearch.action.index.IndexResponse;
|
||||||
import org.elasticsearch.client.Client;
|
import org.elasticsearch.client.Client;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
|
import org.elasticsearch.client.ResponseException;
|
||||||
import org.elasticsearch.client.transport.NoNodeAvailableException;
|
import org.elasticsearch.client.transport.NoNodeAvailableException;
|
||||||
import org.elasticsearch.client.transport.TransportClient;
|
import org.elasticsearch.client.transport.TransportClient;
|
||||||
import org.elasticsearch.common.component.AbstractComponent;
|
import org.elasticsearch.common.component.AbstractComponent;
|
||||||
|
|
@ -194,13 +196,20 @@ public class LicensingTests extends SecurityIntegTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testRestAuthenticationByLicenseType() throws Exception {
|
public void testRestAuthenticationByLicenseType() throws Exception {
|
||||||
|
try (Response response = getRestClient().performRequest("GET", "/", Collections.emptyMap(), null)) {
|
||||||
// the default of the licensing tests is basic
|
// the default of the licensing tests is basic
|
||||||
assertThat(httpClient().path("/").execute().getStatusCode(), is(200));
|
assertThat(response.getStatusLine().getStatusCode(), is(200));
|
||||||
|
}
|
||||||
|
|
||||||
// generate a new license with a mode that enables auth
|
// generate a new license with a mode that enables auth
|
||||||
OperationMode mode = randomFrom(OperationMode.GOLD, OperationMode.TRIAL, OperationMode.PLATINUM, OperationMode.STANDARD);
|
OperationMode mode = randomFrom(OperationMode.GOLD, OperationMode.TRIAL, OperationMode.PLATINUM, OperationMode.STANDARD);
|
||||||
enableLicensing(mode);
|
enableLicensing(mode);
|
||||||
assertThat(httpClient().path("/").execute().getStatusCode(), is(401));
|
try {
|
||||||
|
getRestClient().performRequest("GET", "/", Collections.emptyMap(), null);
|
||||||
|
fail("request should have failed");
|
||||||
|
} catch(ResponseException e) {
|
||||||
|
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testTransportClientAuthenticationByLicenseType() throws Exception {
|
public void testTransportClientAuthenticationByLicenseType() throws Exception {
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,6 @@ import org.junit.After;
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
|
|
||||||
import static org.hamcrest.Matchers.instanceOf;
|
import static org.hamcrest.Matchers.instanceOf;
|
||||||
import static org.hamcrest.Matchers.is;
|
|
||||||
import static org.hamcrest.Matchers.not;
|
import static org.hamcrest.Matchers.not;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -5,23 +5,21 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.xpack.security;
|
package org.elasticsearch.xpack.security;
|
||||||
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.message.BasicHeader;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.elasticsearch.client.Response;
|
||||||
|
import org.elasticsearch.client.ResponseException;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||||
import org.elasticsearch.test.SecuritySettingsSource;
|
import org.elasticsearch.test.SecuritySettingsSource;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
|
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.util.Collections;
|
||||||
|
|
||||||
import static org.elasticsearch.rest.RestStatus.OK;
|
import static org.elasticsearch.rest.RestStatus.OK;
|
||||||
import static org.elasticsearch.rest.RestStatus.UNAUTHORIZED;
|
import static org.elasticsearch.rest.RestStatus.UNAUTHORIZED;
|
||||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
import static org.hamcrest.Matchers.allOf;
|
|
||||||
import static org.hamcrest.Matchers.is;
|
import static org.hamcrest.Matchers.is;
|
||||||
|
|
||||||
public class SecurityPluginTests extends SecurityIntegTestCase {
|
public class SecurityPluginTests extends SecurityIntegTestCase {
|
||||||
|
|
@ -35,24 +33,20 @@ public class SecurityPluginTests extends SecurityIntegTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testThatPluginIsLoaded() throws IOException {
|
public void testThatPluginIsLoaded() throws IOException {
|
||||||
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
try {
|
||||||
try (CloseableHttpClient httpClient = HttpClients.createDefault()) {
|
|
||||||
logger.info("executing unauthorized request to /_xpack info");
|
logger.info("executing unauthorized request to /_xpack info");
|
||||||
HttpResponse response = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport)
|
getRestClient().performRequest("GET", "/_xpack", Collections.emptyMap(), null);
|
||||||
.method("GET")
|
fail("request should have failed");
|
||||||
.path("/_xpack")
|
} catch(ResponseException e) {
|
||||||
.execute();
|
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(UNAUTHORIZED.getStatus()));
|
||||||
assertThat(response.getStatusCode(), is(UNAUTHORIZED.getStatus()));
|
}
|
||||||
|
|
||||||
logger.info("executing authorized request to /_xpack infos");
|
logger.info("executing authorized request to /_xpack infos");
|
||||||
response = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport)
|
try (Response response = getRestClient().performRequest("GET", "/_xpack", Collections.emptyMap(), null,
|
||||||
.method("GET")
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
.path("/_xpack")
|
|
||||||
.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
|
||||||
basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
||||||
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))
|
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
|
||||||
.execute();
|
assertThat(response.getStatusLine().getStatusCode(), is(OK.getStatus()));
|
||||||
assertThat(response.getStatusCode(), is(OK.getStatus()));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,10 +5,13 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.xpack.security.authc;
|
package org.elasticsearch.xpack.security.authc;
|
||||||
|
|
||||||
|
import org.apache.http.message.BasicHeader;
|
||||||
import org.elasticsearch.ElasticsearchSecurityException;
|
import org.elasticsearch.ElasticsearchSecurityException;
|
||||||
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
|
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
|
||||||
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
|
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
|
||||||
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
|
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
|
import org.elasticsearch.client.ResponseException;
|
||||||
import org.elasticsearch.client.transport.TransportClient;
|
import org.elasticsearch.client.transport.TransportClient;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
|
|
@ -20,7 +23,6 @@ import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||||
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
|
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
|
||||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||||
import org.elasticsearch.test.SecuritySettingsSource;
|
import org.elasticsearch.test.SecuritySettingsSource;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
import org.elasticsearch.xpack.XPackPlugin;
|
import org.elasticsearch.xpack.XPackPlugin;
|
||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
|
@ -115,30 +117,36 @@ public class RunAsIntegTests extends SecurityIntegTestCase {
|
||||||
|
|
||||||
public void testUserImpersonationUsingHttp() throws Exception {
|
public void testUserImpersonationUsingHttp() throws Exception {
|
||||||
// use the transport client user and try to run as
|
// use the transport client user and try to run as
|
||||||
HttpResponse response = httpClient().method("GET")
|
try {
|
||||||
.path("/_nodes")
|
getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null,
|
||||||
.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(TRANSPORT_CLIENT_USER,
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
|
UsernamePasswordToken.basicAuthHeaderValue(TRANSPORT_CLIENT_USER,
|
||||||
.addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME)
|
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))),
|
||||||
.execute();
|
new BasicHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME));
|
||||||
assertThat(response.getStatusCode(), is(403));
|
fail("request should have failed");
|
||||||
|
} catch(ResponseException e) {
|
||||||
|
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(403));
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
//the run as user shouldn't have access to the nodes api
|
//the run as user shouldn't have access to the nodes api
|
||||||
response = httpClient().method("GET")
|
getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null,
|
||||||
.path("/_nodes")
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
|
UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
|
||||||
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
|
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))));
|
||||||
.execute();
|
fail("request should have failed");
|
||||||
assertThat(response.getStatusCode(), is(403));
|
} catch(ResponseException e) {
|
||||||
|
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(403));
|
||||||
|
}
|
||||||
|
|
||||||
// but when running as a different user it should work
|
// but when running as a different user it should work
|
||||||
response = httpClient().method("GET")
|
try (Response response = getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null,
|
||||||
.path("/_nodes")
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
|
UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
|
||||||
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
|
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))),
|
||||||
.addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME)
|
new BasicHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, SecuritySettingsSource.DEFAULT_USER_NAME))) {
|
||||||
.execute();
|
assertThat(response.getStatusLine().getStatusCode(), is(200));
|
||||||
assertThat(response.getStatusCode(), is(200));
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testEmptyUserImpersonationHeader() throws Exception {
|
public void testEmptyUserImpersonationHeader() throws Exception {
|
||||||
|
|
@ -164,13 +172,16 @@ public class RunAsIntegTests extends SecurityIntegTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testEmptyHeaderUsingHttp() throws Exception {
|
public void testEmptyHeaderUsingHttp() throws Exception {
|
||||||
HttpResponse response = httpClient().method("GET")
|
try {
|
||||||
.path("/_nodes")
|
getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null,
|
||||||
.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
|
UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
|
||||||
.addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, "")
|
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))),
|
||||||
.execute();
|
new BasicHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, ""));
|
||||||
assertThat(response.getStatusCode(), is(401));
|
fail("request should have failed");
|
||||||
|
} catch(ResponseException e) {
|
||||||
|
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testNonExistentRunAsUser() throws Exception {
|
public void testNonExistentRunAsUser() throws Exception {
|
||||||
|
|
@ -196,13 +207,16 @@ public class RunAsIntegTests extends SecurityIntegTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testNonExistentRunAsUserUsingHttp() throws Exception {
|
public void testNonExistentRunAsUserUsingHttp() throws Exception {
|
||||||
HttpResponse response = httpClient().method("GET")
|
try {
|
||||||
.path("/_nodes")
|
getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null,
|
||||||
.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD)))
|
UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
|
||||||
.addHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, "idontexist")
|
SecuredStringTests.build(SecuritySettingsSource.DEFAULT_PASSWORD))),
|
||||||
.execute();
|
new BasicHeader(InternalAuthenticationService.RUN_AS_USER_HEADER, "idontexist"));
|
||||||
assertThat(response.getStatusCode(), is(403));
|
fail("request should have failed");
|
||||||
|
} catch (ResponseException e) {
|
||||||
|
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(403));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// build our own here to better mimic an actual client...
|
// build our own here to better mimic an actual client...
|
||||||
|
|
|
||||||
|
|
@ -7,11 +7,14 @@ package org.elasticsearch.xpack.security.authc.pki;
|
||||||
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.impl.client.HttpClients;
|
||||||
|
import org.apache.http.message.BasicHeader;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
|
import org.elasticsearch.client.ResponseException;
|
||||||
|
import org.elasticsearch.client.RestClient;
|
||||||
import org.elasticsearch.client.transport.TransportClient;
|
import org.elasticsearch.client.transport.TransportClient;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.transport.InetSocketTransportAddress;
|
import org.elasticsearch.common.transport.InetSocketTransportAddress;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
|
||||||
import org.elasticsearch.xpack.security.Security;
|
import org.elasticsearch.xpack.security.Security;
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||||
|
|
@ -20,8 +23,6 @@ import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerT
|
||||||
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
|
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
|
||||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||||
import org.elasticsearch.test.SecuritySettingsSource;
|
import org.elasticsearch.test.SecuritySettingsSource;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
|
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
import org.elasticsearch.transport.Transport;
|
import org.elasticsearch.transport.Transport;
|
||||||
import org.elasticsearch.xpack.XPackPlugin;
|
import org.elasticsearch.xpack.XPackPlugin;
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
|
|
@ -34,6 +35,7 @@ import java.nio.file.Files;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
|
import java.util.Collections;
|
||||||
|
|
||||||
import static org.elasticsearch.test.SecuritySettingsSource.DEFAULT_PASSWORD;
|
import static org.elasticsearch.test.SecuritySettingsSource.DEFAULT_PASSWORD;
|
||||||
import static org.elasticsearch.test.SecuritySettingsSource.DEFAULT_USER_NAME;
|
import static org.elasticsearch.test.SecuritySettingsSource.DEFAULT_USER_NAME;
|
||||||
|
|
@ -78,23 +80,21 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testRestClientWithoutClientCertificate() throws Exception {
|
public void testRestClientWithoutClientCertificate() throws Exception {
|
||||||
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
CloseableHttpClient httpClient = HttpClients.custom().setSSLContext(getSSLContext()).build();
|
||||||
|
try (RestClient restClient = createRestClient(httpClient, "https")) {
|
||||||
|
try {
|
||||||
|
restClient.performRequest("GET", "_nodes", Collections.emptyMap(), null);
|
||||||
|
fail("request should have failed");
|
||||||
|
} catch(ResponseException e) {
|
||||||
|
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
|
||||||
|
}
|
||||||
|
|
||||||
try (CloseableHttpClient httpClient = HttpClients.custom().setSslcontext(getSSLContext()).build()) {
|
try (Response response = restClient.performRequest("GET", "_nodes", Collections.emptyMap(), null,
|
||||||
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
.host("localhost")
|
|
||||||
.port(((InetSocketTransportAddress)httpServerTransport.boundAddress().publishAddress()).address().getPort())
|
|
||||||
.protocol("https")
|
|
||||||
.method("GET")
|
|
||||||
.path("/_nodes");
|
|
||||||
HttpResponse response = requestBuilder.execute();
|
|
||||||
assertThat(response.getStatusCode(), is(401));
|
|
||||||
|
|
||||||
requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
|
||||||
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
||||||
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
|
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
|
||||||
response = requestBuilder.execute();
|
assertThat(response.getStatusLine().getStatusCode(), is(200));
|
||||||
assertThat(response.getStatusCode(), is(200));
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,27 +8,27 @@ package org.elasticsearch.xpack.security.authc.pki;
|
||||||
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.impl.client.HttpClients;
|
||||||
|
import org.apache.http.message.BasicHeader;
|
||||||
import org.elasticsearch.client.Client;
|
import org.elasticsearch.client.Client;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
|
import org.elasticsearch.client.RestClient;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.transport.InetSocketTransportAddress;
|
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||||
|
import org.elasticsearch.test.SecuritySettingsSource;
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||||
import org.elasticsearch.xpack.security.transport.SSLClientAuth;
|
import org.elasticsearch.xpack.security.transport.SSLClientAuth;
|
||||||
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
|
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
|
||||||
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
|
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
|
||||||
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
|
||||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
|
||||||
import org.elasticsearch.test.SecuritySettingsSource;
|
|
||||||
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
|
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
|
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
import javax.net.ssl.TrustManager;
|
import javax.net.ssl.TrustManager;
|
||||||
import javax.net.ssl.X509TrustManager;
|
import javax.net.ssl.X509TrustManager;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.Locale;
|
import java.util.Locale;
|
||||||
|
|
||||||
import static org.hamcrest.Matchers.is;
|
import static org.hamcrest.Matchers.is;
|
||||||
|
|
@ -77,21 +77,16 @@ public class PkiWithoutClientAuthenticationTests extends SecurityIntegTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testThatHttpWorks() throws Exception {
|
public void testThatHttpWorks() throws Exception {
|
||||||
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
|
||||||
SSLContext sc = SSLContext.getInstance("SSL");
|
SSLContext sc = SSLContext.getInstance("SSL");
|
||||||
sc.init(null, trustAllCerts, new SecureRandom());
|
sc.init(null, trustAllCerts, new SecureRandom());
|
||||||
try (CloseableHttpClient httpClient = HttpClients.custom().setSslcontext(sc).build()) {
|
CloseableHttpClient httpClient = HttpClients.custom().setSSLContext(sc).build();
|
||||||
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
|
try (RestClient restClient = createRestClient(httpClient, "https")) {
|
||||||
.host("localhost")
|
try (Response response = restClient.performRequest("GET", "/_nodes", Collections.emptyMap(), null,
|
||||||
.port(((InetSocketTransportAddress)httpServerTransport.boundAddress().publishAddress()).address().getPort())
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
.protocol("https")
|
|
||||||
.method("GET")
|
|
||||||
.path("/_nodes");
|
|
||||||
requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
|
||||||
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
||||||
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
|
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
|
||||||
HttpResponse response = requestBuilder.execute();
|
assertThat(response.getStatusLine().getStatusCode(), is(200));
|
||||||
assertThat(response.getStatusCode(), is(200));
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,19 +5,18 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.xpack.security.authc.pki;
|
package org.elasticsearch.xpack.security.authc.pki;
|
||||||
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.message.BasicHeader;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
|
||||||
import org.elasticsearch.client.Client;
|
import org.elasticsearch.client.Client;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
|
||||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
|
||||||
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
||||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||||
import org.elasticsearch.test.SecuritySettingsSource;
|
import org.elasticsearch.test.SecuritySettingsSource;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||||
|
|
||||||
|
import java.util.Collections;
|
||||||
|
|
||||||
import static org.hamcrest.Matchers.is;
|
import static org.hamcrest.Matchers.is;
|
||||||
|
|
||||||
|
|
@ -44,17 +43,11 @@ public class PkiWithoutSSLTests extends SecurityIntegTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testThatHttpWorks() throws Exception {
|
public void testThatHttpWorks() throws Exception {
|
||||||
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
try (Response response = getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null,
|
||||||
try (CloseableHttpClient httpClient = HttpClients.createDefault()) {
|
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||||
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
|
|
||||||
.httpTransport(httpServerTransport)
|
|
||||||
.method("GET")
|
|
||||||
.path("/_nodes");
|
|
||||||
requestBuilder.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
|
||||||
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
||||||
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())));
|
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
|
||||||
HttpResponse response = requestBuilder.execute();
|
assertThat(response.getStatusLine().getStatusCode(), is(200));
|
||||||
assertThat(response.getStatusCode(), is(200));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,10 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.xpack.security.rest.action;
|
package org.elasticsearch.xpack.security.rest.action;
|
||||||
|
|
||||||
|
import org.apache.http.message.BasicHeader;
|
||||||
|
import org.apache.http.util.EntityUtils;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
|
import org.elasticsearch.client.ResponseException;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
|
|
@ -12,10 +16,10 @@ import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
|
||||||
import org.elasticsearch.xpack.security.user.AnonymousUser;
|
import org.elasticsearch.xpack.security.user.AnonymousUser;
|
||||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||||
import org.elasticsearch.test.SecuritySettingsSource;
|
import org.elasticsearch.test.SecuritySettingsSource;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
import org.elasticsearch.test.rest.json.JsonPath;
|
import org.elasticsearch.test.rest.json.JsonPath;
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
|
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
|
|
@ -47,32 +51,40 @@ public class RestAuthenticateActionTests extends SecurityIntegTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testAuthenticateApi() throws Exception {
|
public void testAuthenticateApi() throws Exception {
|
||||||
HttpResponse response = httpClient().method("GET").path("/_xpack/security/_authenticate")
|
try (Response response = getRestClient().performRequest(
|
||||||
.addHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
"GET", "/_xpack/security/_authenticate", Collections.emptyMap(), null,
|
||||||
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray())))
|
new BasicHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
||||||
.execute();
|
new SecuredString(SecuritySettingsSource.DEFAULT_PASSWORD.toCharArray()))))) {
|
||||||
|
assertThat(response.getStatusLine().getStatusCode(), is(200));
|
||||||
assertThat(response.getStatusCode(), is(200));
|
JsonPath jsonPath = new JsonPath(EntityUtils.toString(response.getEntity()));
|
||||||
JsonPath jsonPath = new JsonPath(response.getBody());
|
|
||||||
assertThat(jsonPath.evaluate("username").toString(), equalTo(SecuritySettingsSource.DEFAULT_USER_NAME));
|
assertThat(jsonPath.evaluate("username").toString(), equalTo(SecuritySettingsSource.DEFAULT_USER_NAME));
|
||||||
|
@SuppressWarnings("unchecked")
|
||||||
List<String> roles = (List<String>) jsonPath.evaluate("roles");
|
List<String> roles = (List<String>) jsonPath.evaluate("roles");
|
||||||
assertThat(roles.size(), is(1));
|
assertThat(roles.size(), is(1));
|
||||||
assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE));
|
assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE));
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public void testAuthenticateApiWithoutAuthentication() throws Exception {
|
public void testAuthenticateApiWithoutAuthentication() throws Exception {
|
||||||
HttpResponse response = httpClient().method("GET").path("/_xpack/security/_authenticate")
|
try (Response response = getRestClient().performRequest("GET", "/_xpack/security/_authenticate",
|
||||||
.execute();
|
Collections.emptyMap(), null)) {
|
||||||
|
|
||||||
if (anonymousEnabled) {
|
if (anonymousEnabled) {
|
||||||
assertThat(response.getStatusCode(), is(200));
|
assertThat(response.getStatusLine().getStatusCode(), is(200));
|
||||||
JsonPath jsonPath = new JsonPath(response.getBody());
|
JsonPath jsonPath = new JsonPath(EntityUtils.toString(response.getEntity()));
|
||||||
assertThat(jsonPath.evaluate("username").toString(), equalTo("anon"));
|
assertThat(jsonPath.evaluate("username").toString(), equalTo("anon"));
|
||||||
|
@SuppressWarnings("unchecked")
|
||||||
List<String> roles = (List<String>) jsonPath.evaluate("roles");
|
List<String> roles = (List<String>) jsonPath.evaluate("roles");
|
||||||
assertThat(roles.size(), is(2));
|
assertThat(roles.size(), is(2));
|
||||||
assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE, "foo"));
|
assertThat(roles, contains(SecuritySettingsSource.DEFAULT_ROLE, "foo"));
|
||||||
} else {
|
} else {
|
||||||
assertThat(response.getStatusCode(), is(401));
|
fail("request should have failed");
|
||||||
|
}
|
||||||
|
} catch(ResponseException e) {
|
||||||
|
if (anonymousEnabled) {
|
||||||
|
fail("request should have succeeded");
|
||||||
|
} else {
|
||||||
|
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,20 +9,21 @@ import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
|
||||||
import org.apache.http.conn.ssl.SSLContexts;
|
import org.apache.http.conn.ssl.SSLContexts;
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.impl.client.HttpClients;
|
||||||
|
import org.apache.http.message.BasicHeader;
|
||||||
|
import org.apache.http.util.EntityUtils;
|
||||||
import org.elasticsearch.ElasticsearchException;
|
import org.elasticsearch.ElasticsearchException;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
|
import org.elasticsearch.client.RestClient;
|
||||||
import org.elasticsearch.client.transport.TransportClient;
|
import org.elasticsearch.client.transport.TransportClient;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.transport.TransportAddress;
|
import org.elasticsearch.common.transport.TransportAddress;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
|
||||||
import org.elasticsearch.xpack.security.Security;
|
import org.elasticsearch.xpack.security.Security;
|
||||||
import org.elasticsearch.xpack.security.ssl.ClientSSLService;
|
import org.elasticsearch.xpack.security.ssl.ClientSSLService;
|
||||||
import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
|
import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
|
||||||
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
|
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
|
||||||
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
|
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
|
||||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
|
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
import org.elasticsearch.transport.Transport;
|
import org.elasticsearch.transport.Transport;
|
||||||
import org.elasticsearch.xpack.XPackPlugin;
|
import org.elasticsearch.xpack.XPackPlugin;
|
||||||
|
|
||||||
|
|
@ -30,10 +31,12 @@ import javax.net.ssl.SSLHandshakeException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.nio.file.Files;
|
import java.nio.file.Files;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
|
import java.util.Collections;
|
||||||
|
|
||||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore;
|
import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore;
|
||||||
import static org.hamcrest.Matchers.containsString;
|
import static org.hamcrest.Matchers.containsString;
|
||||||
|
import static org.hamcrest.Matchers.equalTo;
|
||||||
|
|
||||||
public class SslClientAuthTests extends SecurityIntegTestCase {
|
public class SslClientAuthTests extends SecurityIntegTestCase {
|
||||||
@Override
|
@Override
|
||||||
|
|
@ -59,14 +62,8 @@ public class SslClientAuthTests extends SecurityIntegTestCase {
|
||||||
SSLContexts.createDefault(),
|
SSLContexts.createDefault(),
|
||||||
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
|
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
|
||||||
|
|
||||||
CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
|
try (RestClient restClient = createRestClient(HttpClients.custom().setSSLSocketFactory(socketFactory).build(), "https")) {
|
||||||
|
restClient.performRequest("GET", "/", Collections.emptyMap(), null);
|
||||||
try {
|
|
||||||
new HttpRequestBuilder(client)
|
|
||||||
.httpTransport(internalCluster().getInstance(HttpServerTransport.class))
|
|
||||||
.method("GET").path("/")
|
|
||||||
.protocol("https")
|
|
||||||
.execute();
|
|
||||||
fail("Expected SSLHandshakeException");
|
fail("Expected SSLHandshakeException");
|
||||||
} catch (SSLHandshakeException e) {
|
} catch (SSLHandshakeException e) {
|
||||||
assertThat(e.getMessage(), containsString("unable to find valid certification path to requested target"));
|
assertThat(e.getMessage(), containsString("unable to find valid certification path to requested target"));
|
||||||
|
|
@ -85,13 +82,13 @@ public class SslClientAuthTests extends SecurityIntegTestCase {
|
||||||
|
|
||||||
CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
|
CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
|
||||||
|
|
||||||
HttpResponse response = new HttpRequestBuilder(client)
|
try (RestClient restClient = createRestClient(client, "https")) {
|
||||||
.httpTransport(internalCluster().getInstance(HttpServerTransport.class))
|
try (Response response = restClient.performRequest("GET", "/", Collections.emptyMap(), null,
|
||||||
.method("GET").path("/")
|
new BasicHeader("Authorization", basicAuthHeaderValue(transportClientUsername(), transportClientPassword())))) {
|
||||||
.protocol("https")
|
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
|
||||||
.addHeader("Authorization", basicAuthHeaderValue(transportClientUsername(), transportClientPassword()))
|
assertThat(EntityUtils.toString(response.getEntity()), containsString("You Know, for Search"));
|
||||||
.execute();
|
}
|
||||||
assertThat(response.getBody(), containsString("You Know, for Search"));
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testThatTransportWorksWithoutSslClientAuth() throws Exception {
|
public void testThatTransportWorksWithoutSslClientAuth() throws Exception {
|
||||||
|
|
|
||||||
|
|
@ -5,25 +5,16 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.xpack.security.user;
|
package org.elasticsearch.xpack.security.user;
|
||||||
|
|
||||||
import org.apache.http.client.methods.CloseableHttpResponse;
|
import org.elasticsearch.client.Response;
|
||||||
import org.apache.http.client.methods.HttpGet;
|
import org.elasticsearch.client.ResponseException;
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
|
||||||
import org.apache.http.impl.client.HttpClients;
|
|
||||||
import org.elasticsearch.common.io.Streams;
|
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.transport.InetSocketTransportAddress;
|
|
||||||
import org.elasticsearch.common.transport.TransportAddress;
|
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
|
||||||
import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
|
import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
|
||||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||||
|
|
||||||
import java.io.InputStreamReader;
|
import java.util.Collections;
|
||||||
import java.nio.charset.StandardCharsets;
|
|
||||||
import java.util.Locale;
|
|
||||||
|
|
||||||
import static org.hamcrest.Matchers.containsString;
|
import static org.hamcrest.Matchers.containsString;
|
||||||
import static org.hamcrest.Matchers.instanceOf;
|
|
||||||
import static org.hamcrest.Matchers.is;
|
import static org.hamcrest.Matchers.is;
|
||||||
import static org.hamcrest.Matchers.notNullValue;
|
import static org.hamcrest.Matchers.notNullValue;
|
||||||
import static org.hamcrest.Matchers.nullValue;
|
import static org.hamcrest.Matchers.nullValue;
|
||||||
|
|
@ -51,28 +42,22 @@ public class AnonymousUserIntegTests extends SecurityIntegTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testAnonymousViaHttp() throws Exception {
|
public void testAnonymousViaHttp() throws Exception {
|
||||||
try (CloseableHttpClient client = HttpClients.createDefault();
|
try {
|
||||||
CloseableHttpResponse response = client.execute(new HttpGet(getNodeUrl() + "_nodes"))) {
|
getRestClient().performRequest("GET", "/_nodes", Collections.emptyMap(), null);
|
||||||
int statusCode = response.getStatusLine().getStatusCode();
|
fail("request should have failed");
|
||||||
String data = Streams.copyToString(new InputStreamReader(response.getEntity().getContent(), StandardCharsets.UTF_8));
|
} catch(ResponseException e) {
|
||||||
|
int statusCode = e.getResponse().getStatusLine().getStatusCode();
|
||||||
|
Response response = e.getResponse();
|
||||||
if (authorizationExceptionsEnabled) {
|
if (authorizationExceptionsEnabled) {
|
||||||
assertThat(statusCode, is(403));
|
assertThat(statusCode, is(403));
|
||||||
assertThat(response.getFirstHeader("WWW-Authenticate"), nullValue());
|
assertThat(response.getHeader("WWW-Authenticate"), nullValue());
|
||||||
assertThat(data, containsString("security_exception"));
|
assertThat(e.getResponseBody(), containsString("security_exception"));
|
||||||
} else {
|
} else {
|
||||||
assertThat(statusCode, is(401));
|
assertThat(statusCode, is(401));
|
||||||
assertThat(response.getFirstHeader("WWW-Authenticate"), notNullValue());
|
assertThat(response.getHeader("WWW-Authenticate"), notNullValue());
|
||||||
assertThat(response.getFirstHeader("WWW-Authenticate").getValue(), containsString("Basic"));
|
assertThat(response.getHeader("WWW-Authenticate"), containsString("Basic"));
|
||||||
assertThat(data, containsString("security_exception"));
|
assertThat(e.getResponseBody(), containsString("security_exception"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private String getNodeUrl() {
|
|
||||||
TransportAddress transportAddress =
|
|
||||||
randomFrom(internalCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddresses());
|
|
||||||
assertThat(transportAddress, is(instanceOf(InetSocketTransportAddress.class)));
|
|
||||||
InetSocketTransportAddress inetSocketTransportAddress = (InetSocketTransportAddress) transportAddress;
|
|
||||||
return String.format(Locale.ROOT, "http://%s:%s/", "localhost", inetSocketTransportAddress.address().getPort());
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,26 +5,11 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.xpack.test.rest;
|
package org.elasticsearch.xpack.test.rest;
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.InputStreamReader;
|
|
||||||
import java.net.URI;
|
|
||||||
import java.net.URL;
|
|
||||||
import java.nio.charset.StandardCharsets;
|
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||||
import org.apache.http.client.methods.CloseableHttpResponse;
|
import org.elasticsearch.client.ResponseException;
|
||||||
import org.apache.http.client.methods.HttpDelete;
|
|
||||||
import org.apache.http.client.methods.HttpGet;
|
|
||||||
import org.apache.http.client.methods.HttpPut;
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
|
||||||
import org.apache.http.impl.client.HttpClients;
|
|
||||||
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
|
|
||||||
import org.elasticsearch.common.bytes.BytesReference;
|
import org.elasticsearch.common.bytes.BytesReference;
|
||||||
import org.elasticsearch.common.io.Streams;
|
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.unit.TimeValue;
|
import org.elasticsearch.common.unit.TimeValue;
|
||||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||||
|
|
@ -33,15 +18,25 @@ import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||||
import org.elasticsearch.common.xcontent.XContentFactory;
|
import org.elasticsearch.common.xcontent.XContentFactory;
|
||||||
import org.elasticsearch.common.xcontent.XContentParser;
|
import org.elasticsearch.common.xcontent.XContentParser;
|
||||||
import org.elasticsearch.license.plugin.TestUtils;
|
import org.elasticsearch.license.plugin.TestUtils;
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
|
||||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||||
|
import org.elasticsearch.test.rest.client.RestTestResponse;
|
||||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||||
|
import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
|
||||||
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
|
import org.elasticsearch.xpack.security.authz.store.ReservedRolesStore;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import static java.util.Collections.emptyList;
|
||||||
|
import static java.util.Collections.emptyMap;
|
||||||
|
import static java.util.Collections.singletonList;
|
||||||
|
import static java.util.Collections.singletonMap;
|
||||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
import static org.hamcrest.Matchers.is;
|
|
||||||
|
|
||||||
public abstract class XPackRestTestCase extends ESRestTestCase {
|
public abstract class XPackRestTestCase extends ESRestTestCase {
|
||||||
|
|
||||||
|
|
@ -58,31 +53,19 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void startWatcher() throws Exception {
|
public void startWatcher() throws Exception {
|
||||||
try (CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
try {
|
||||||
URL url = getClusterUrls()[0];
|
getAdminExecutionContext().callApi("xpack.watcher.start", emptyMap(), emptyList(), emptyMap());
|
||||||
HttpPut request = new HttpPut(new URI("http",
|
} catch(ResponseException e) {
|
||||||
null,
|
//TODO ignore for now, needs to be fixed though
|
||||||
url.getHost(),
|
|
||||||
url.getPort(),
|
|
||||||
"/_xpack/watcher/_start", null, null));
|
|
||||||
request.addHeader("Authorization", BASIC_AUTH_VALUE);
|
|
||||||
try (CloseableHttpResponse response = client.execute(request)) {
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@After
|
@After
|
||||||
public void stopWatcher() throws Exception {
|
public void stopWatcher() throws Exception {
|
||||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
try {
|
||||||
URL url = getClusterUrls()[0];
|
getAdminExecutionContext().callApi("xpack.watcher.stop", emptyMap(), emptyList(), emptyMap());
|
||||||
HttpPut request = new HttpPut(new URI("http",
|
} catch(ResponseException e) {
|
||||||
null,
|
//TODO ignore for now, needs to be fixed though
|
||||||
url.getHost(),
|
|
||||||
url.getPort(),
|
|
||||||
"/_xpack/watcher/_stop", null, null));
|
|
||||||
request.addHeader("Authorization", BASIC_AUTH_VALUE);
|
|
||||||
try (CloseableHttpResponse response = client.execute(request)) {
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -92,10 +75,10 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
|
||||||
TestUtils.generateSignedLicense("trial", TimeValue.timeValueHours(2)).toXContent(builder, ToXContent.EMPTY_PARAMS);
|
TestUtils.generateSignedLicense("trial", TimeValue.timeValueHours(2)).toXContent(builder, ToXContent.EMPTY_PARAMS);
|
||||||
final BytesReference bytes = builder.bytes();
|
final BytesReference bytes = builder.bytes();
|
||||||
try (XContentParser parser = XContentFactory.xContent(bytes).createParser(bytes)) {
|
try (XContentParser parser = XContentFactory.xContent(bytes).createParser(bytes)) {
|
||||||
final List<Map<String, Object>> bodies = Collections.singletonList(Collections.singletonMap("license",
|
final List<Map<String, Object>> bodies = singletonList(singletonMap("license",
|
||||||
parser.map()));
|
parser.map()));
|
||||||
getAdminExecutionContext().callApi("license.post", Collections.singletonMap("acknowledge", "true"),
|
getAdminExecutionContext().callApi("license.post", singletonMap("acknowledge", "true"),
|
||||||
bodies, Collections.singletonMap("Authorization", BASIC_AUTH_VALUE));
|
bodies, singletonMap("Authorization", BASIC_AUTH_VALUE));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -103,43 +86,21 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
|
||||||
public void clearUsersAndRoles() throws Exception {
|
public void clearUsersAndRoles() throws Exception {
|
||||||
// we cannot delete the .security index from a rest test since we aren't the internal user, lets wipe the data
|
// we cannot delete the .security index from a rest test since we aren't the internal user, lets wipe the data
|
||||||
// TODO remove this once the built-in SUPERUSER role is added that can delete the index and we use the built in admin user here
|
// TODO remove this once the built-in SUPERUSER role is added that can delete the index and we use the built in admin user here
|
||||||
try (CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
RestTestResponse response = getAdminExecutionContext().callApi("xpack.security.get_user", emptyMap(), emptyList(), emptyMap());
|
||||||
final URL url = getClusterUrls()[0];
|
@SuppressWarnings("unchecked")
|
||||||
HttpGet getUsersRequest = new HttpGet(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/security/user", null, null));
|
Map<String, Object> users = (Map<String, Object>) response.getBody();
|
||||||
getUsersRequest.addHeader("Authorization", BASIC_AUTH_VALUE);
|
for (String user: users.keySet()) {
|
||||||
try (CloseableHttpResponse closeableHttpResponse = client.execute(getUsersRequest)) {
|
if (ReservedRealm.isReserved(user) == false) {
|
||||||
assertThat(closeableHttpResponse.getStatusLine().getStatusCode(), is(200));
|
getAdminExecutionContext().callApi("xpack.security.delete_user", singletonMap("username", user), emptyList(), emptyMap());
|
||||||
String response = Streams.copyToString(
|
|
||||||
new InputStreamReader(closeableHttpResponse.getEntity().getContent(), StandardCharsets.UTF_8));
|
|
||||||
Map<String, Object> responseMap = XContentFactory.xContent(response).createParser(response).map();
|
|
||||||
|
|
||||||
// in the structure of this API, the users are the keyset
|
|
||||||
for (String user : responseMap.keySet()) {
|
|
||||||
HttpDelete delete = new HttpDelete(new URI("http", null, url.getHost(), url.getPort(),
|
|
||||||
"/_xpack/security/user/" + user, null, null));
|
|
||||||
delete.addHeader("Authorization", BASIC_AUTH_VALUE);
|
|
||||||
try (CloseableHttpResponse deleteResponse = client.execute(delete)) {
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
HttpGet getRolesRequest = new HttpGet(new URI("http", null, url.getHost(), url.getPort(), "/_xpack/security/role",
|
response = getAdminExecutionContext().callApi("xpack.security.get_role", emptyMap(), emptyList(), emptyMap());
|
||||||
null, null));
|
@SuppressWarnings("unchecked")
|
||||||
getRolesRequest.addHeader("Authorization", BASIC_AUTH_VALUE);
|
Map<String, Object> roles = (Map<String, Object>) response.getBody();
|
||||||
try (CloseableHttpResponse closeableHttpResponse = client.execute(getRolesRequest)) {
|
for (String role: roles.keySet()) {
|
||||||
assertThat(closeableHttpResponse.getStatusLine().getStatusCode(), is(200));
|
if (ReservedRolesStore.isReserved(role) == false) {
|
||||||
String response = Streams.copyToString(
|
getAdminExecutionContext().callApi("xpack.security.delete_role", singletonMap("name", role), emptyList(), emptyMap());
|
||||||
new InputStreamReader(closeableHttpResponse.getEntity().getContent(), StandardCharsets.UTF_8));
|
|
||||||
Map<String, Object> responseMap = XContentFactory.xContent(response).createParser(response).map();
|
|
||||||
|
|
||||||
// in the structure of this API, the users are the keyset
|
|
||||||
for (String role : responseMap.keySet()) {
|
|
||||||
HttpDelete delete = new HttpDelete(new URI("http", null, url.getHost(), url.getPort(),
|
|
||||||
"/_xpack/security/role/" + role, null, null));
|
|
||||||
delete.addHeader("Authorization", BASIC_AUTH_VALUE);
|
|
||||||
try (CloseableHttpResponse deleteResponse = client.execute(delete)) {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,10 +6,9 @@
|
||||||
package org.elasticsearch.xpack.watcher;
|
package org.elasticsearch.xpack.watcher;
|
||||||
|
|
||||||
import org.apache.http.HttpStatus;
|
import org.apache.http.HttpStatus;
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
|
||||||
import org.apache.http.impl.client.HttpClients;
|
|
||||||
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
|
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
|
||||||
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
|
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
|
||||||
|
import org.elasticsearch.client.ResponseException;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
import org.elasticsearch.http.HttpServerTransport;
|
||||||
|
|
@ -18,12 +17,10 @@ import org.elasticsearch.plugins.Plugin;
|
||||||
import org.elasticsearch.xpack.security.Security;
|
import org.elasticsearch.xpack.security.Security;
|
||||||
import org.elasticsearch.test.ESIntegTestCase;
|
import org.elasticsearch.test.ESIntegTestCase;
|
||||||
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
|
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
import org.elasticsearch.threadpool.ThreadPool;
|
import org.elasticsearch.threadpool.ThreadPool;
|
||||||
import org.elasticsearch.threadpool.ThreadPoolInfo;
|
import org.elasticsearch.threadpool.ThreadPoolInfo;
|
||||||
import org.elasticsearch.xpack.watcher.execution.InternalWatchExecutor;
|
|
||||||
import org.elasticsearch.xpack.XPackPlugin;
|
import org.elasticsearch.xpack.XPackPlugin;
|
||||||
|
import org.elasticsearch.xpack.watcher.execution.InternalWatchExecutor;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
|
@ -70,12 +67,11 @@ public class WatcherPluginDisableTests extends ESIntegTestCase {
|
||||||
|
|
||||||
public void testRestEndpoints() throws Exception {
|
public void testRestEndpoints() throws Exception {
|
||||||
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
||||||
try (CloseableHttpClient httpClient = HttpClients.createDefault()) {
|
try {
|
||||||
HttpRequestBuilder request = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport)
|
getRestClient().performRequest("GET", "/_xpack/watcher", Collections.emptyMap(), null);
|
||||||
.method("GET")
|
fail("request should have failed");
|
||||||
.path("/_xpack/watcher");
|
} catch(ResponseException e) {
|
||||||
HttpResponse response = request.execute();
|
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(HttpStatus.SC_BAD_REQUEST));
|
||||||
assertThat(response.getStatusCode(), is(HttpStatus.SC_BAD_REQUEST));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,32 +5,29 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.xpack.watcher.test.integration;
|
package org.elasticsearch.xpack.watcher.test.integration;
|
||||||
|
|
||||||
|
import org.apache.http.Header;
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.impl.client.HttpClients;
|
||||||
|
import org.apache.http.message.BasicHeader;
|
||||||
|
import org.elasticsearch.client.Response;
|
||||||
import org.elasticsearch.common.network.NetworkModule;
|
import org.elasticsearch.common.network.NetworkModule;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.xcontent.json.JsonXContent;
|
import org.elasticsearch.common.xcontent.json.JsonXContent;
|
||||||
import org.elasticsearch.common.xcontent.support.XContentMapValues;
|
import org.elasticsearch.common.xcontent.support.XContentMapValues;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
import org.elasticsearch.marvel.test.MarvelIntegTestCase;
|
||||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
|
|
||||||
import org.elasticsearch.test.rest.client.http.HttpResponse;
|
|
||||||
import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase;
|
import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
||||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
import static org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase.SecuritySettings.TEST_PASSWORD;
|
|
||||||
import static org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase.SecuritySettings.TEST_USERNAME;
|
|
||||||
import static org.hamcrest.CoreMatchers.nullValue;
|
import static org.hamcrest.CoreMatchers.nullValue;
|
||||||
import static org.hamcrest.Matchers.is;
|
import static org.hamcrest.Matchers.is;
|
||||||
|
|
||||||
/**
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public class WatcherSettingsFilterTests extends AbstractWatcherIntegrationTestCase {
|
public class WatcherSettingsFilterTests extends AbstractWatcherIntegrationTestCase {
|
||||||
private CloseableHttpClient httpClient = HttpClients.createDefault();
|
private CloseableHttpClient httpClient = HttpClients.createDefault();
|
||||||
|
|
||||||
|
|
@ -52,9 +49,19 @@ public class WatcherSettingsFilterTests extends AbstractWatcherIntegrationTestCa
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testGetSettingsSmtpPassword() throws Exception {
|
public void testGetSettingsSmtpPassword() throws Exception {
|
||||||
String body = executeRequest("GET", "/_nodes/settings", null, null).getBody();
|
Header[] headers;
|
||||||
Map<String, Object> response = JsonXContent.jsonXContent.createParser(body).map();
|
if (securityEnabled()) {
|
||||||
Map<String, Object> nodes = (Map<String, Object>) response.get("nodes");
|
headers = new Header[] {
|
||||||
|
new BasicHeader(BASIC_AUTH_HEADER,
|
||||||
|
basicAuthHeaderValue(MarvelIntegTestCase.SecuritySettings.TEST_USERNAME,
|
||||||
|
new SecuredString(MarvelIntegTestCase.SecuritySettings.TEST_PASSWORD.toCharArray())))};
|
||||||
|
} else {
|
||||||
|
headers = new Header[0];
|
||||||
|
}
|
||||||
|
try (Response response = getRestClient().performRequest("GET", "/_nodes/settings",
|
||||||
|
Collections.emptyMap(), null, headers)) {
|
||||||
|
Map<String, Object> responseMap = JsonXContent.jsonXContent.createParser(response.getEntity().getContent()).map();
|
||||||
|
Map<String, Object> nodes = (Map<String, Object>) responseMap.get("nodes");
|
||||||
for (Object node : nodes.values()) {
|
for (Object node : nodes.values()) {
|
||||||
Map<String, Object> settings = (Map<String, Object>) ((Map<String, Object>) node).get("settings");
|
Map<String, Object> settings = (Map<String, Object>) ((Map<String, Object>) node).get("settings");
|
||||||
assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.user", settings),
|
assertThat(XContentMapValues.extractValue("xpack.notification.email.account._email.smtp.user", settings),
|
||||||
|
|
@ -63,26 +70,5 @@ public class WatcherSettingsFilterTests extends AbstractWatcherIntegrationTestCa
|
||||||
nullValue());
|
nullValue());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected HttpResponse executeRequest(String method, String path, String body, Map<String, String> params) throws IOException {
|
|
||||||
HttpServerTransport httpServerTransport = getInstanceFromMaster(HttpServerTransport.class);
|
|
||||||
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
|
|
||||||
.httpTransport(httpServerTransport)
|
|
||||||
.method(method)
|
|
||||||
.path(path);
|
|
||||||
|
|
||||||
if (params != null) {
|
|
||||||
for (Map.Entry<String, String> entry : params.entrySet()) {
|
|
||||||
requestBuilder.addParam(entry.getKey(), entry.getValue());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (body != null) {
|
|
||||||
requestBuilder.body(body);
|
|
||||||
}
|
|
||||||
if (securityEnabled()) {
|
|
||||||
requestBuilder.addHeader(BASIC_AUTH_HEADER,
|
|
||||||
basicAuthHeaderValue(TEST_USERNAME, new SecuredString(TEST_PASSWORD.toCharArray())));
|
|
||||||
}
|
|
||||||
return requestBuilder.execute();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue