diff --git a/docs/en/watcher/actions/hipchat.asciidoc b/docs/en/watcher/actions/hipchat.asciidoc index 380b0901d2b..7e91e9c0d56 100644 --- a/docs/en/watcher/actions/hipchat.asciidoc +++ b/docs/en/watcher/actions/hipchat.asciidoc @@ -165,6 +165,10 @@ If you configure multiple HipChat accounts, you either need to set a default HipChat account or specify which account the notification should be sent with in the <> action. +deprecated[Storing the `auth_token` in the configuration file or using via updating the +settings now is deprecated, as you should use the keystore for this, see +<>] + [source,yaml] -------------------------------------------------- xpack.notification.hipchat: @@ -222,13 +226,17 @@ To configure a HipChat account that uses the `integration` profile: For example, the following snippet configures an account called `notify-monitoring` that sends messages to the `monitoring` room: +[source,shell] +-------------------------------------------------- +bin/elasticsearch-keystore add xpack.notification.hipchat.account.notify-monitoring.secure_auth_token +-------------------------------------------------- + [source,yaml] -------------------------------------------------- xpack.notification.hipchat: account: notify-monitoring: profile: integration - auth_token: 3eLB803Nyp7UBmegJwP1rMdUmzk5HqnzJCgflrhv room: monitoring -------------------------------------------------- @@ -241,7 +249,6 @@ xpack.notification.hipchat: account: notify-monitoring: profile: integration - auth_token: 3eLB803Nyp7UBmegJwP1rMdUmzk5HqnzJCgflrhv room: monitoring message: format: text @@ -285,25 +292,33 @@ To configure a HipChat account that uses the `user` profile: For example, the following configuration creates an account called `notify-monitoring` that sends messages to the `monitoring` room: +[source,shell] +-------------------------------------------------- +bin/elasticsearch-keystore add xpack.notification.hipchat.account.notify-monitoring.secure_auth_token +-------------------------------------------------- + [source,yaml] -------------------------------------------------- xpack.notification.hipchat: account: notify-monitoring: profile: user - auth_token: 3eLB803Nyp7UBmegJwP1rMdUmzk5HqnzJCgflrhv -------------------------------------------------- You can also specify defaults for the <{ref}/notification-settings.html#hipchat-account-attributes[ message attributes]: +[source,shell] +-------------------------------------------------- +bin/elasticsearch-keystore add xpack.notification.hipchat.account.notify-monitoring.secure_auth_token +-------------------------------------------------- + [source,yaml] -------------------------------------------------- xpack.notification.hipchat: account: notify-monitoring: profile: user - auth_token: 3eLB803Nyp7UBmegJwP1rMdUmzk5HqnzJCgflrhv message: format: text color: blue @@ -349,13 +364,17 @@ To configure a HipChat account that uses the `v1` profile: For example, the following configuration creates an account called `notify-monitoring`: +[source,shell] +-------------------------------------------------- +bin/elasticsearch-keystore add xpack.notification.hipchat.account.notify-monitoring.secure_auth_token +-------------------------------------------------- + [source,yaml] -------------------------------------------------- xpack.notification.hipchat: account: notify-monitoring: profile: v1 - auth_token: 3eLB803Nyp7UBmegJwP1rMdUmzk5HqnzJCgflrhv -------------------------------------------------- You can also specify defaults for the {ref}/notification-settings.html#hipchat-account-attributes[ @@ -367,7 +386,6 @@ xpack.notification.hipchat: account: notify-monitoring: profile: v1 - auth_token: 3eLB803Nyp7UBmegJwP1rMdUmzk5HqnzJCgflrhv message: format: text color: blue diff --git a/docs/en/watcher/actions/jira.asciidoc b/docs/en/watcher/actions/jira.asciidoc index 38c95fe71cb..64e670f60f8 100644 --- a/docs/en/watcher/actions/jira.asciidoc +++ b/docs/en/watcher/actions/jira.asciidoc @@ -106,22 +106,22 @@ You configure the accounts {watcher} can use to communicate with Jira in the `xpack.notification.jira` namespace in `elasticsearch.yml`. {watcher} supports Basic Authentication for Jira Software. To configure a -Jira account you need to specify: +Jira account you need to specify (see <>): [source,yaml] -------------------------------------------------- -xpack.notification.jira: - account: - monitoring: - url: https://internal-jira.elastic.co:443 - user: B0A6D1PRD - password: mslNSCnJR +bin/elasticsearch-keystore xpack.notification.jira.account.monitoring.secure_url +bin/elasticsearch-keystore xpack.notification.jira.account.monitoring.secure_user +bin/elasticsearch-keystore xpack.notification.jira.account.monitoring.secure_password -------------------------------------------------- +deprecated[The insecure way of storing sensitive data (`url`, `user` and `password`) +in the configuration file or the cluster settings is deprecated] + To avoid credentials that transit in clear text over the network, {watcher} will reject `url` settings like `http://internal-jira.elastic.co` that are based on plain text HTTP protocol. This default behavior can be disabled with the explicit - `allow_http setting`: + `allow_http` setting: NOTE: The `url` field can also contain a path, that is used to create an issue. By default this is `/rest/api/2/issue`. If you set this as well, make sure that this @@ -132,10 +132,7 @@ path is the full path to the endpoint to create an issue. xpack.notification.jira: account: monitoring: - url: http://unsecure-jira.elastic.co/ allow_http: true - user: B0A6D1PRD - password: mslNSCnJR -------------------------------------------------- WARNING: It is strongly advised to use Basic Authentication with secured HTTPS @@ -149,9 +146,6 @@ You can also specify defaults for the xpack.notification.jira: account: monitoring: - url: https://internal-jira.elastic.co:443 - user: B0A6D1PRD - password: mslNSCnJR issue_defaults: project: key: proj diff --git a/docs/en/watcher/actions/pagerduty.asciidoc b/docs/en/watcher/actions/pagerduty.asciidoc index ce19020ce4a..dd4045c0c08 100644 --- a/docs/en/watcher/actions/pagerduty.asciidoc +++ b/docs/en/watcher/actions/pagerduty.asciidoc @@ -145,17 +145,17 @@ image::images/pagerduty-services.jpg[] + image::images/pagerduty-integrations.jpg[] -To configure a PagerDuty account in `elasticsearch.yml`, at a minimum you -must specify an account name and integration key: +To configure a PagerDuty account in the keystore, you +must specify an account name and integration key, (see <>): [source,yaml] -------------------------------------------------- -xpack.notification.pagerduty: - account: - my_pagerduty_account: - service_api_key: d3b07384d113edec49eaa6238ad5ff0 +bin/elasticsearch-keystore add xpack.notification.pagerduty.account.my_pagerduty_account.secure_service_api_key -------------------------------------------------- +deprecated[Storing the service api key in the YAML file or via cluster +update settings is still supported, but the keystore setting should be used] + You can also specify defaults for the <>: . @@ -165,7 +165,6 @@ PagerDuty event attributes>>: xpack.notification.pagerduty: account: my_pagerduty_account: - service_api_key: d3b07384d113edec49eaa6238ad5ff0 event_defaults: description: "Watch notification" incident_key: "my_incident_key" diff --git a/docs/en/watcher/actions/slack.asciidoc b/docs/en/watcher/actions/slack.asciidoc index 13bf7d204dc..3ba5593bd7d 100644 --- a/docs/en/watcher/actions/slack.asciidoc +++ b/docs/en/watcher/actions/slack.asciidoc @@ -193,16 +193,16 @@ image::images/slack-add-webhook-integration.jpg[] image::images/slack-copy-webhook-url.jpg[] To configure a Slack account, at a minimum you need to specify the account -name and webhook URL: +name and webhook URL in the elasticsearch keystore (<>): -[source,yaml] +[source,shell] -------------------------------------------------- -xpack.notification.slack: - account: - monitoring: - url: https://hooks.slack.com/services/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 +bin/elasticsearch-keystore add xpack.notification.slack.account.monitoring.secure_url -------------------------------------------------- +deprecated[You can also configure this via settings in the `elasticsearch.yml` file, +using the keystore is the preferred and secure way of doign this] + You can also specify defaults for the {ref}/notification-settings.html#slack-account-attributes[Slack notification attributes]: @@ -211,7 +211,6 @@ notification attributes]: xpack.notification.slack: account: monitoring: - url: https://hooks.slack.com/services/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 message_defaults: from: x-pack to: notifications diff --git a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccount.java b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccount.java index e6e195081de..53f8c1533a1 100644 --- a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccount.java +++ b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccount.java @@ -7,6 +7,9 @@ package org.elasticsearch.xpack.watcher.notification.hipchat; import org.apache.logging.log4j.Logger; import org.elasticsearch.common.Nullable; +import org.elasticsearch.common.settings.SecureSetting; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.xcontent.XContentParser; @@ -29,6 +32,8 @@ public abstract class HipChatAccount { public static final String DEFAULT_COLOR_SETTING = "message_defaults." + HipChatMessage.Field.COLOR.getPreferredName(); public static final String DEFAULT_NOTIFY_SETTING = "message_defaults." + HipChatMessage.Field.NOTIFY.getPreferredName(); + private static final Setting SECURE_AUTH_TOKEN_SETTING = SecureSetting.secureString("secure_" + AUTH_TOKEN_SETTING, null); + protected final Logger logger; protected final String name; protected final Profile profile; @@ -42,13 +47,23 @@ public abstract class HipChatAccount { this.profile = profile; this.server = new HipChatServer(settings, defaultServer); this.httpClient = httpClient; - this.authToken = settings.get(AUTH_TOKEN_SETTING); - if (this.authToken == null || this.authToken.length() == 0) { - throw new SettingsException("hipchat account [" + name + "] missing required [" + AUTH_TOKEN_SETTING + "] setting"); - } + this.authToken = getAuthToken(name, settings); this.logger = logger; } + private static String getAuthToken(String name, Settings settings) { + String authToken = settings.get(AUTH_TOKEN_SETTING); + if (authToken == null || authToken.length() == 0) { + SecureString secureString = SECURE_AUTH_TOKEN_SETTING.get(settings); + if (secureString == null || secureString.length() < 1) { + throw new SettingsException("hipchat account [" + name + "] missing required [" + AUTH_TOKEN_SETTING + "] setting"); + } + authToken = secureString.toString(); + } + + return authToken; + } + public abstract String type(); public abstract void validateParsedTemplate(String watchId, String actionId, HipChatMessage.Template message) throws SettingsException; diff --git a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatService.java b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatService.java index 1bc2a1da36c..477b4545294 100644 --- a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatService.java +++ b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatService.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.watcher.notification.hipchat; import org.elasticsearch.common.settings.ClusterSettings; +import org.elasticsearch.common.settings.SecureSetting; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; @@ -31,7 +32,13 @@ public class HipChatService extends NotificationService { private static final Setting.AffixSetting SETTING_AUTH_TOKEN = Setting.affixKeySetting("xpack.notification.hipchat.account.", "auth_token", - (key) -> Setting.simpleString(key, Setting.Property.Dynamic, Setting.Property.NodeScope, Setting.Property.Filtered)); + (key) -> Setting.simpleString(key, Setting.Property.Dynamic, Setting.Property.NodeScope, Setting.Property.Filtered, + Setting.Property.Deprecated)); + + private static final Setting.AffixSetting SETTING_AUTH_TOKEN_SECURE = + Setting.affixKeySetting("xpack.notification.hipchat.account.", "secure_auth_token", + (key) -> SecureSetting.simpleString(key, Setting.Property.Dynamic, Setting.Property.NodeScope, + Setting.Property.Filtered)); private static final Setting.AffixSetting SETTING_PROFILE = Setting.affixKeySetting("xpack.notification.hipchat.account.", "profile", @@ -66,6 +73,7 @@ public class HipChatService extends NotificationService { clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_HOST, (s) -> {}); clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_PORT, (s) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_AUTH_TOKEN, (s, o) -> {}, (s, o) -> {}); + clusterSettings.addAffixUpdateConsumer(SETTING_AUTH_TOKEN_SECURE, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_PROFILE, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_ROOM, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_HOST, (s, o) -> {}, (s, o) -> {}); @@ -91,7 +99,7 @@ public class HipChatService extends NotificationService { } public static List> getSettings() { - return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_AUTH_TOKEN, SETTING_PROFILE, SETTING_ROOM, SETTING_MESSAGE_DEFAULTS, - SETTING_DEFAULT_HOST, SETTING_DEFAULT_PORT, SETTING_HOST, SETTING_PORT); + return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_AUTH_TOKEN, SETTING_AUTH_TOKEN_SECURE, SETTING_PROFILE, SETTING_ROOM, + SETTING_MESSAGE_DEFAULTS, SETTING_DEFAULT_HOST, SETTING_DEFAULT_PORT, SETTING_HOST, SETTING_PORT); } } diff --git a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccount.java b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccount.java index 3e9910640ef..5efe09c5759 100644 --- a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccount.java +++ b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccount.java @@ -8,6 +8,10 @@ package org.elasticsearch.xpack.watcher.notification.jira; import org.elasticsearch.common.Booleans; import org.elasticsearch.common.Strings; import org.elasticsearch.common.bytes.BytesReference; +import org.elasticsearch.common.logging.ESLoggerFactory; +import org.elasticsearch.common.settings.SecureSetting; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.xcontent.LoggingDeprecationHandler; @@ -45,6 +49,10 @@ public class JiraAccount { static final String ISSUE_DEFAULTS_SETTING = "issue_defaults"; static final String ALLOW_HTTP_SETTING = "allow_http"; + private static final Setting SECURE_USER_SETTING = SecureSetting.secureString("secure_" + USER_SETTING, null); + private static final Setting SECURE_PASSWORD_SETTING = SecureSetting.secureString("secure_" + PASSWORD_SETTING, null); + private static final Setting SECURE_URL_SETTING = SecureSetting.secureString("secure_" + URL_SETTING, null); + private final HttpClient httpClient; private final String name; private final String user; @@ -55,10 +63,8 @@ public class JiraAccount { public JiraAccount(String name, Settings settings, HttpClient httpClient) { this.httpClient = httpClient; this.name = name; - String url = settings.get(URL_SETTING); - if (url == null) { - throw requiredSettingException(name, URL_SETTING); - } + String url = getSetting(name, URL_SETTING, settings, SECURE_URL_SETTING); + ESLoggerFactory.getLogger(getClass()).error("THE URL WAS [{}]", url); try { URI uri = new URI(url); Scheme protocol = Scheme.parse(uri.getScheme()); @@ -69,11 +75,11 @@ public class JiraAccount { } catch (URISyntaxException | IllegalArgumentException e) { throw new SettingsException("invalid jira [" + name + "] account settings. invalid [" + URL_SETTING + "] setting", e); } - this.user = settings.get(USER_SETTING); + this.user = getSetting(name, USER_SETTING, settings, SECURE_USER_SETTING); if (Strings.isEmpty(this.user)) { throw requiredSettingException(name, USER_SETTING); } - this.password = settings.get(PASSWORD_SETTING); + this.password = getSetting(name, PASSWORD_SETTING, settings, SECURE_PASSWORD_SETTING); if (Strings.isEmpty(this.password)) { throw requiredSettingException(name, PASSWORD_SETTING); } @@ -91,6 +97,19 @@ public class JiraAccount { } } + private static String getSetting(String accountName, String settingName, Settings settings, Setting secureSetting) { + String value = settings.get(settingName); + if (value == null) { + SecureString secureString = secureSetting.get(settings); + if (secureString == null || secureString.length() < 1) { + throw requiredSettingException(accountName, settingName); + } + value = secureString.toString(); + } + + return value; + } + public String getName() { return name; } diff --git a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraService.java b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraService.java index c762a41fadb..297531cbe81 100644 --- a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraService.java +++ b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraService.java @@ -31,7 +31,7 @@ public class JiraService extends NotificationService { private static final Setting.AffixSetting SETTING_URL = Setting.affixKeySetting("xpack.notification.jira.account.", "url", - (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope)); + (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered)); private static final Setting.AffixSetting SETTING_USER = Setting.affixKeySetting("xpack.notification.jira.account.", "user", @@ -39,6 +39,18 @@ public class JiraService extends NotificationService { private static final Setting.AffixSetting SETTING_PASSWORD = Setting.affixKeySetting("xpack.notification.jira.account.", "password", + (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered, Property.Deprecated)); + + private static final Setting.AffixSetting SETTING_SECURE_USER = + Setting.affixKeySetting("xpack.notification.jira.account.", "secure_user", + (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered)); + + private static final Setting.AffixSetting SETTING_SECURE_URL = + Setting.affixKeySetting("xpack.notification.jira.account.", "secure_url", + (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered)); + + private static final Setting.AffixSetting SETTING_SECURE_PASSWORD = + Setting.affixKeySetting("xpack.notification.jira.account.", "secure_password", (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered)); private static final Setting.AffixSetting SETTING_DEFAULTS = @@ -57,6 +69,9 @@ public class JiraService extends NotificationService { clusterSettings.addAffixUpdateConsumer(SETTING_URL, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_USER, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_PASSWORD, (s, o) -> {}, (s, o) -> {}); + clusterSettings.addAffixUpdateConsumer(SETTING_SECURE_USER, (s, o) -> {}, (s, o) -> {}); + clusterSettings.addAffixUpdateConsumer(SETTING_SECURE_URL, (s, o) -> {}, (s, o) -> {}); + clusterSettings.addAffixUpdateConsumer(SETTING_SECURE_PASSWORD, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_DEFAULTS, (s, o) -> {}, (s, o) -> {}); // do an initial load setAccountSetting(settings); @@ -68,6 +83,7 @@ public class JiraService extends NotificationService { } public static List> getSettings() { - return Arrays.asList(SETTING_ALLOW_HTTP, SETTING_URL, SETTING_USER, SETTING_PASSWORD, SETTING_DEFAULTS, SETTING_DEFAULT_ACCOUNT); + return Arrays.asList(SETTING_ALLOW_HTTP, SETTING_URL, SETTING_USER, SETTING_PASSWORD, SETTING_SECURE_USER, + SETTING_SECURE_PASSWORD, SETTING_SECURE_URL, SETTING_DEFAULTS, SETTING_DEFAULT_ACCOUNT); } } diff --git a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccount.java b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccount.java index b59457e2646..5cf1a77f971 100644 --- a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccount.java +++ b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccount.java @@ -6,6 +6,9 @@ package org.elasticsearch.xpack.watcher.notification.pagerduty; import org.apache.logging.log4j.Logger; +import org.elasticsearch.common.settings.SecureSetting; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.xpack.core.watcher.watch.Payload; @@ -17,21 +20,20 @@ import java.io.IOException; public class PagerDutyAccount { - public static final String SERVICE_KEY_SETTING = "service_api_key"; - public static final String TRIGGER_DEFAULTS_SETTING = "event_defaults"; + private static final String SERVICE_KEY_SETTING = "service_api_key"; + private static final String TRIGGER_DEFAULTS_SETTING = "event_defaults"; + private static final Setting SECURE_SERVICE_API_KEY_SETTING = + SecureSetting.secureString("secure_" + SERVICE_KEY_SETTING, null); - final String name; - final String serviceKey; - final HttpClient httpClient; - final IncidentEventDefaults eventDefaults; - final Logger logger; + private final String name; + private final String serviceKey; + private final HttpClient httpClient; + private final IncidentEventDefaults eventDefaults; + private final Logger logger; - public PagerDutyAccount(String name, Settings accountSettings, Settings serviceSettings, HttpClient httpClient, Logger logger) { + PagerDutyAccount(String name, Settings accountSettings, Settings serviceSettings, HttpClient httpClient, Logger logger) { this.name = name; - this.serviceKey = accountSettings.get(SERVICE_KEY_SETTING, serviceSettings.get(SERVICE_KEY_SETTING, null)); - if (this.serviceKey == null) { - throw new SettingsException("invalid pagerduty account [" + name + "]. missing required [" + SERVICE_KEY_SETTING + "] setting"); - } + this.serviceKey = getServiceKey(name, accountSettings, serviceSettings); this.httpClient = httpClient; this.eventDefaults = new IncidentEventDefaults(accountSettings.getAsSettings(TRIGGER_DEFAULTS_SETTING)); @@ -51,4 +53,18 @@ public class PagerDutyAccount { HttpResponse response = httpClient.execute(request); return SentEvent.responded(event, request, response); } + + private static String getServiceKey(String name, Settings accountSettings, Settings serviceSettings) { + String serviceKey = accountSettings.get(SERVICE_KEY_SETTING, serviceSettings.get(SERVICE_KEY_SETTING, null)); + if (serviceKey == null) { + SecureString secureString = SECURE_SERVICE_API_KEY_SETTING.get(accountSettings); + if (secureString == null || secureString.length() < 1) { + throw new SettingsException("invalid pagerduty account [" + name + "]. missing required [" + SERVICE_KEY_SETTING + + "] setting"); + } + serviceKey = secureString.toString(); + } + + return serviceKey; + } } diff --git a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyService.java b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyService.java index d1fea19c5d1..e74e78707be 100644 --- a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyService.java +++ b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyService.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.watcher.notification.pagerduty; import org.elasticsearch.common.settings.ClusterSettings; +import org.elasticsearch.common.settings.SecureSetting; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Setting.Property; import org.elasticsearch.common.settings.Settings; @@ -25,7 +26,11 @@ public class PagerDutyService extends NotificationService { private static final Setting.AffixSetting SETTING_SERVICE_API_KEY = Setting.affixKeySetting("xpack.notification.pagerduty.account.", "service_api_key", - (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered)); + (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered, Property.Deprecated)); + + private static final Setting.AffixSetting SETTING_SECURE_SERVICE_API_KEY = + Setting.affixKeySetting("xpack.notification.pagerduty.account.", "secure_service_api_key", + (key) -> SecureSetting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered)); private static final Setting.AffixSetting SETTING_DEFAULTS = Setting.affixKeySetting("xpack.notification.pagerduty.account.", "event_defaults", @@ -38,6 +43,7 @@ public class PagerDutyService extends NotificationService { this.httpClient = httpClient; clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_SERVICE_API_KEY, (s, o) -> {}, (s, o) -> {}); + clusterSettings.addAffixUpdateConsumer(SETTING_SECURE_SERVICE_API_KEY, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_DEFAULTS, (s, o) -> {}, (s, o) -> {}); setAccountSetting(settings); } @@ -48,6 +54,6 @@ public class PagerDutyService extends NotificationService { } public static List> getSettings() { - return Arrays.asList(SETTING_SERVICE_API_KEY, SETTING_DEFAULTS, SETTING_DEFAULT_ACCOUNT); + return Arrays.asList(SETTING_SERVICE_API_KEY, SETTING_SECURE_SERVICE_API_KEY, SETTING_DEFAULTS, SETTING_DEFAULT_ACCOUNT); } } diff --git a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackAccount.java b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackAccount.java index 9d5d6611e61..98857cc4cb2 100644 --- a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackAccount.java +++ b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackAccount.java @@ -6,6 +6,9 @@ package org.elasticsearch.xpack.watcher.notification.slack; import org.apache.logging.log4j.Logger; +import org.elasticsearch.common.settings.SecureSetting; +import org.elasticsearch.common.settings.SecureString; +import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.xcontent.ToXContent; @@ -29,9 +32,12 @@ import java.util.List; public class SlackAccount { + public static final String URL_SETTING = "url"; public static final String MESSAGE_DEFAULTS_SETTING = "message_defaults"; + private static final Setting SECURE_URL_SETTING = SecureSetting.secureString("secure_" + URL_SETTING, null); + final String name; final URI url; final HttpClient httpClient; @@ -116,6 +122,12 @@ public class SlackAccount { static URI url(String name, Settings settings, Settings defaultSettings) { String url = settings.get(URL_SETTING, defaultSettings.get(URL_SETTING, null)); + if (url == null) { + SecureString secureStringUrl = SECURE_URL_SETTING.get(settings); + if (secureStringUrl != null && secureStringUrl.length() > 0) { + url = secureStringUrl.toString(); + } + } if (url == null) { throw new SettingsException("invalid slack [" + name + "] account settings. missing required [" + URL_SETTING + "] setting"); } diff --git a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackService.java b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackService.java index 8b9cd1acb6b..92f44bfcbe3 100644 --- a/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackService.java +++ b/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackService.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.watcher.notification.slack; import org.elasticsearch.common.settings.ClusterSettings; +import org.elasticsearch.common.settings.SecureSetting; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Setting.Property; import org.elasticsearch.common.settings.Settings; @@ -25,7 +26,11 @@ public class SlackService extends NotificationService { private static final Setting.AffixSetting SETTING_URL = Setting.affixKeySetting("xpack.notification.slack.account.", "url", - (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered)); + (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered, Property.Deprecated)); + + private static final Setting.AffixSetting SETTING_URL_SECURE = + Setting.affixKeySetting("xpack.notification.slack.account.", "secure_url", + (key) -> SecureSetting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered)); private static final Setting.AffixSetting SETTING_DEFAULTS = Setting.affixKeySetting("xpack.notification.slack.account.", "message_defaults", @@ -39,6 +44,7 @@ public class SlackService extends NotificationService { clusterSettings.addSettingsUpdateConsumer(this::setAccountSetting, getSettings()); clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_URL, (s, o) -> {}, (s, o) -> {}); + clusterSettings.addAffixUpdateConsumer(SETTING_URL_SECURE, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_DEFAULTS, (s, o) -> {}, (s, o) -> {}); setAccountSetting(settings); } @@ -49,6 +55,6 @@ public class SlackService extends NotificationService { } public static List> getSettings() { - return Arrays.asList(SETTING_URL, SETTING_DEFAULT_ACCOUNT, SETTING_DEFAULTS); + return Arrays.asList(SETTING_URL, SETTING_URL_SECURE, SETTING_DEFAULT_ACCOUNT, SETTING_DEFAULTS); } } diff --git a/qa/third-party/active-directory/src/test/java/org/elasticsearch/xpack/security/authc/ldap/ActiveDirectorySessionFactoryTests.java b/qa/third-party/active-directory/src/test/java/org/elasticsearch/xpack/security/authc/ldap/ActiveDirectorySessionFactoryTests.java index 71ebaacbb84..2f1aa0f5eb5 100644 --- a/qa/third-party/active-directory/src/test/java/org/elasticsearch/xpack/security/authc/ldap/ActiveDirectorySessionFactoryTests.java +++ b/qa/third-party/active-directory/src/test/java/org/elasticsearch/xpack/security/authc/ldap/ActiveDirectorySessionFactoryTests.java @@ -108,25 +108,6 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryT } } - @AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2849") - public void testTcpReadTimeout() throws Exception { - Settings settings = Settings.builder() - .put(buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false)) - .put("group_search.filter", "(objectClass=*)") - .put("ssl.verification_mode", VerificationMode.CERTIFICATE) - .put(SessionFactorySettings.TIMEOUT_TCP_READ_SETTING, "1ms") - .build(); - RealmConfig config = new RealmConfig("ad-test", settings, globalSettings, TestEnvironment.newEnvironment(globalSettings), - new ThreadContext(globalSettings)); - try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) { - - PlainActionFuture> groups = new PlainActionFuture<>(); - session(sessionFactory, "ironman", SECURED_PASSWORD).groups(groups); - LDAPException expected = expectThrows(LDAPException.class, groups::actionGet); - assertThat(expected.getMessage(), containsString("A client-side timeout was encountered while waiting")); - } - } - public void testAdAuthAvengers() throws Exception { RealmConfig config = new RealmConfig("ad-test", buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false), globalSettings, TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)); diff --git a/qa/third-party/hipchat/build.gradle b/qa/third-party/hipchat/build.gradle index e700efe8e85..f391ddbca5d 100644 --- a/qa/third-party/hipchat/build.gradle +++ b/qa/third-party/hipchat/build.gradle @@ -1,3 +1,5 @@ +import org.elasticsearch.gradle.LoggedExec + apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.rest-test' @@ -6,12 +8,9 @@ dependencies { testCompile project(path: xpackModule('watcher'), configuration: 'runtime') } -String integrationAccountPropertyName = 'xpack.notification.hipchat.auth_token_integration' -System.setProperty(integrationAccountPropertyName, 'huuS9v7ccuOy3ZBWWWr1vt8Lqu3sQnLUE81nrLZU') -String userAccountPropertyName = 'xpack.notification.hipchat.auth_token_user' -System.setProperty(userAccountPropertyName, '4UefsFLvKRw01EMN5vo3oyoY6BLiz7IQBQbGug8K') -String v1AccountPropertyName = 'xpack.notification.hipchat.auth_token_v1' -System.setProperty(v1AccountPropertyName, 'a734baf62df618b96dda55b323fc30') +String integrationAccount = System.getenv('hipchat_auth_token_integration') +String userAccount = System.getenv('hipchat_auth_token_user') +String v1Account = System.getenv('hipchat_auth_token_v1') integTestCluster { plugin xpackProject('plugin').path @@ -20,19 +19,15 @@ integTestCluster { setting 'xpack.ml.enabled', 'false' setting 'xpack.license.self_generated.type', 'trial' setting 'logger.org.elasticsearch.xpack.watcher', 'DEBUG' - - // hipchat setting 'xpack.notification.hipchat.account.integration_account.profile', 'integration' setting 'xpack.notification.hipchat.account.integration_account.room', 'test-watcher' - setting 'xpack.notification.hipchat.account.integration_account.auth_token', System.getProperty(integrationAccountPropertyName) setting 'xpack.notification.hipchat.account.user_account.profile', 'user' - setting 'xpack.notification.hipchat.account.user_account.auth_token', System.getProperty(userAccountPropertyName) setting 'xpack.notification.hipchat.account.v1_account.profile', 'v1' - setting 'xpack.notification.hipchat.account.v1_account.auth_token', System.getProperty(v1AccountPropertyName) + keystoreSetting 'xpack.notification.hipchat.account.integration_account.secure_auth_token', integrationAccount + keystoreSetting 'xpack.notification.hipchat.account.user_account.secure_auth_token', userAccount + keystoreSetting 'xpack.notification.hipchat.account.v1_account.secure_auth_token', v1Account } -if (!System.getProperty(integrationAccountPropertyName) || !System.getProperty(userAccountPropertyName) || - !System.getProperty(v1AccountPropertyName) || !System.getProperty('tests.network')) { - - integTest.enabled = false +if (!integrationAccount && !userAccount && !v1Account) { + integTest.enabled = false } diff --git a/qa/third-party/hipchat/src/test/java/org/elasticsearch/smoketest/SmokeTestWatcherClientYamlTestSuiteIT.java b/qa/third-party/hipchat/src/test/java/org/elasticsearch/smoketest/WatcherHipchatYamlTestSuiteIT.java similarity index 89% rename from qa/third-party/hipchat/src/test/java/org/elasticsearch/smoketest/SmokeTestWatcherClientYamlTestSuiteIT.java rename to qa/third-party/hipchat/src/test/java/org/elasticsearch/smoketest/WatcherHipchatYamlTestSuiteIT.java index 30e5654e475..785b9d3a892 100644 --- a/qa/third-party/hipchat/src/test/java/org/elasticsearch/smoketest/SmokeTestWatcherClientYamlTestSuiteIT.java +++ b/qa/third-party/hipchat/src/test/java/org/elasticsearch/smoketest/WatcherHipchatYamlTestSuiteIT.java @@ -7,8 +7,6 @@ package org.elasticsearch.smoketest; import com.carrotsearch.randomizedtesting.annotations.Name; import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import org.elasticsearch.test.junit.annotations.Network; -import org.elasticsearch.test.junit.annotations.TestLogging; import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ClientYamlTestResponse; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; @@ -26,10 +24,9 @@ import static java.util.Collections.singletonMap; import static org.hamcrest.Matchers.is; /** Runs rest tests against external cluster */ -@Network // Needed to access to an external Jira server -public class SmokeTestWatcherClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { +public class WatcherHipchatYamlTestSuiteIT extends ESClientYamlSuiteTestCase { - public SmokeTestWatcherClientYamlTestSuiteIT(@Name("yaml") ClientYamlTestCandidate testCandidate) { + public WatcherHipchatYamlTestSuiteIT(@Name("yaml") ClientYamlTestCandidate testCandidate) { super(testCandidate); } diff --git a/qa/third-party/jira/build.gradle b/qa/third-party/jira/build.gradle index 0cc6709c58d..ca5a7773a16 100644 --- a/qa/third-party/jira/build.gradle +++ b/qa/third-party/jira/build.gradle @@ -12,17 +12,12 @@ dependencies { } ext { - jiraUrlPropertyName = 'xpack.notification.jira.url' - jiraUserPropertyName = 'xpack.notification.jira.user' - jiraPasswordPropertyName = 'xpack.notification.jira.password' - jiraProjectPropertyName = 'xpack.notification.jira.project' + jiraUrl = System.getenv('jira_url') + jiraUser = System.getenv('jira_user') + jiraPassword = System.getenv('jira_password') + jiraProject = System.getenv('jira_project') } -System.setProperty(jiraUrlPropertyName, 'https://elasticsearch.atlassian.net/') -System.setProperty(jiraUserPropertyName, 'xpack-user@elastic.co') -System.setProperty(jiraPasswordPropertyName, 'N9M4ea9rfy') -System.setProperty(jiraProjectPropertyName, 'XWT') - integTestCluster { plugin xpackProject('plugin').path setting 'xpack.security.enabled', 'false' @@ -30,25 +25,17 @@ integTestCluster { setting 'xpack.ml.enabled', 'false' setting 'xpack.license.self_generated.type', 'trial' setting 'logger.org.elasticsearch.xpack.watcher', 'DEBUG' - - // - // JIRA integration test settings - // - // The integration tests use a JIRA account on elasticsearch.atlassian.net. This account - // has been created by Edward Sy [edward@elastic.co]. It uses the "XPACK WATCHER TEST" - // Jira project available at https://elasticsearch.atlassian.net/projects/XWT/issues/?filter=allopenissues - // and the "xpack-user@elastic.co" username which is also an internal Google Group. - setting 'xpack.notification.jira.account.test.url', System.getProperty(jiraUrlPropertyName) - setting 'xpack.notification.jira.account.test.user', System.getProperty(jiraUserPropertyName) - setting 'xpack.notification.jira.account.test.password', System.getProperty(jiraPasswordPropertyName) - setting 'xpack.notification.jira.account.test.issue_defaults.project.key', System.getProperty(jiraProjectPropertyName) - setting 'xpack.notification.jira.account.test.issue_defaults.labels', ['integration-tests', project.version] + keystoreSetting 'xpack.notification.jira.account.test.secure_url', jiraUrl + keystoreSetting 'xpack.notification.jira.account.test.secure_user', jiraUser + keystoreSetting 'xpack.notification.jira.account.test.secure_password', jiraPassword + setting 'xpack.notification.jira.account.test.issue_defaults.project.key', jiraProject + setting 'xpack.notification.jira.account.test.issue_defaults.issuetype.name', 'Bug' + setting 'xpack.notification.jira.account.test.issue_defaults.labels.0', 'integration-tests' } -/** Clean up JIRA after tests: delete all created issues **/ task cleanJira(type: DefaultTask) { doLast { - def issues = jiraIssues(System.getProperty(jiraProjectPropertyName)) + List issues = jiraIssues(jiraProject) assert issues instanceof List issues.forEach { // See https://docs.atlassian.com/jira/REST/cloud/#api/2/issue-deleteIssue @@ -59,9 +46,7 @@ task cleanJira(type: DefaultTask) { } // require network access for this one, exit early instead of starting up the cluster if we dont have network -if (!System.getProperty(jiraUrlPropertyName) || !System.getProperty(jiraUserPropertyName) || - !System.getProperty(jiraPasswordPropertyName) || !System.getProperty(jiraProjectPropertyName) || - !System.getProperty('tests.network')) { +if (!jiraUrl && !jiraUser && !jiraPassword && !jiraProject) { integTest.enabled = false } else { integTestRunner.finalizedBy cleanJira @@ -79,9 +64,6 @@ def jiraIssues(projectKey) { def jiraHttpRequest(String endpoint, String method, int successCode) { HttpsURLConnection connection = null; try { - def jiraUser = System.getProperty(jiraUserPropertyName) - def jiraPassword = System.getProperty(jiraPasswordPropertyName) - def jiraUrl = System.getProperty(jiraUrlPropertyName) byte[] credentials = "${jiraUser}:${jiraPassword}".getBytes(StandardCharsets.UTF_8); connection = (HttpsURLConnection) new URL("${jiraUrl}/rest/api/2/${endpoint}").openConnection(); connection.setRequestProperty("Authorization", "Basic " + Base64.getEncoder().encodeToString(credentials)); diff --git a/qa/third-party/jira/src/test/java/org/elasticsearch/smoketest/SmokeTestWatcherClientYamlTestSuiteIT.java b/qa/third-party/jira/src/test/java/org/elasticsearch/smoketest/WatcherJiraYamlTestSuiteIT.java similarity index 89% rename from qa/third-party/jira/src/test/java/org/elasticsearch/smoketest/SmokeTestWatcherClientYamlTestSuiteIT.java rename to qa/third-party/jira/src/test/java/org/elasticsearch/smoketest/WatcherJiraYamlTestSuiteIT.java index 30e5654e475..8218d0e18f6 100644 --- a/qa/third-party/jira/src/test/java/org/elasticsearch/smoketest/SmokeTestWatcherClientYamlTestSuiteIT.java +++ b/qa/third-party/jira/src/test/java/org/elasticsearch/smoketest/WatcherJiraYamlTestSuiteIT.java @@ -7,8 +7,6 @@ package org.elasticsearch.smoketest; import com.carrotsearch.randomizedtesting.annotations.Name; import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import org.elasticsearch.test.junit.annotations.Network; -import org.elasticsearch.test.junit.annotations.TestLogging; import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ClientYamlTestResponse; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; @@ -26,10 +24,9 @@ import static java.util.Collections.singletonMap; import static org.hamcrest.Matchers.is; /** Runs rest tests against external cluster */ -@Network // Needed to access to an external Jira server -public class SmokeTestWatcherClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { +public class WatcherJiraYamlTestSuiteIT extends ESClientYamlSuiteTestCase { - public SmokeTestWatcherClientYamlTestSuiteIT(@Name("yaml") ClientYamlTestCandidate testCandidate) { + public WatcherJiraYamlTestSuiteIT(@Name("yaml") ClientYamlTestCandidate testCandidate) { super(testCandidate); } diff --git a/qa/third-party/jira/src/test/resources/rest-api-spec/test/jira/10_jira.yml b/qa/third-party/jira/src/test/resources/rest-api-spec/test/jira/10_jira.yml index 225a91cc0a6..6fb3edd79b9 100644 --- a/qa/third-party/jira/src/test/resources/rest-api-spec/test/jira/10_jira.yml +++ b/qa/third-party/jira/src/test/resources/rest-api-spec/test/jira/10_jira.yml @@ -210,7 +210,7 @@ - match: { hits.hits.0._source.result.actions.0.jira.reason: "Bad Request - ThrottlerField [issuetype] has error [issue type is required]\n" } - match: { hits.hits.0._source.result.actions.0.jira.request.method: "post" } - match: { hits.hits.0._source.result.actions.0.jira.request.path: "/rest/api/2/issue" } - - match: { hits.hits.0._source.result.actions.0.jira.request.auth.basic.username: "xpack-user@elastic.co" } + - is_true: hits.hits.0._source.result.actions.0.jira.request.auth.basic.username - match: { hits.hits.0._source.result.actions.0.jira.request.auth.basic.password: "::es_redacted::" } - match: { hits.hits.0._source.result.actions.0.jira.response.body: "{\"errorMessages\":[],\"errors\":{\"issuetype\":\"issue type is required\"}}" } diff --git a/qa/third-party/pagerduty/build.gradle b/qa/third-party/pagerduty/build.gradle index 60606b32a01..97e3f5b2a28 100644 --- a/qa/third-party/pagerduty/build.gradle +++ b/qa/third-party/pagerduty/build.gradle @@ -6,20 +6,7 @@ dependencies { testCompile project(path: xpackModule('watcher'), configuration: 'runtime') } -String pagerDutyPropertyName = 'xpack.notification.pagerduty.service_api_key' -System.setProperty(pagerDutyPropertyName, 'fc082467005d4072a914e0bb041882d0') - -ext { - jiraUrl = 'https://elasticsearch.atlassian.net/' - jiraUser = 'xpack-user@elastic.co' - jiraPassword = 'N9M4ea9rfy' - jiraProject = 'XWT' - slackUrl = 'https://hooks.slack.com/services/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' - pagerDutyUrl = 'fc082467005d4072a914e0bb041882d0' - hipchatUserAuthToken = '4UefsFLvKRw01EMN5vo3oyoY6BLiz7IQBQbGug8K' - hipchatIntegrationAuthToken = 'huuS9v7ccuOy3ZBWWWr1vt8Lqu3sQnLUE81nrLZU' - hipchatV1AuthToken = 'a734baf62df618b96dda55b323fc30' -} +String pagerDutyServiceKey = System.getenv('pagerduty_service_api_key') integTestCluster { plugin xpackProject('plugin').path @@ -28,12 +15,9 @@ integTestCluster { setting 'xpack.ml.enabled', 'false' setting 'xpack.license.self_generated.type', 'trial' setting 'logger.org.elasticsearch.xpack.watcher', 'DEBUG' - - // pagerduty - setting 'xpack.notification.pagerduty.account.test_account.service_api_key', System.getProperty(pagerDutyPropertyName) + keystoreSetting 'xpack.notification.pagerduty.account.test_account.secure_service_api_key', pagerDutyServiceKey } -// require network access for this one, exit early instead of starting up the cluster if we dont have network -if (!System.getProperty(pagerDutyPropertyName) || !System.getProperty('tests.network')) { +if (!pagerDutyServiceKey) { integTest.enabled = false } diff --git a/qa/third-party/pagerduty/src/test/java/org/elasticsearch/smoketest/SmokeTestWatcherClientYamlTestSuiteIT.java b/qa/third-party/pagerduty/src/test/java/org/elasticsearch/smoketest/WatcherPagerDutyYamlTestSuiteIT.java similarity index 89% rename from qa/third-party/pagerduty/src/test/java/org/elasticsearch/smoketest/SmokeTestWatcherClientYamlTestSuiteIT.java rename to qa/third-party/pagerduty/src/test/java/org/elasticsearch/smoketest/WatcherPagerDutyYamlTestSuiteIT.java index 30e5654e475..019609793e3 100644 --- a/qa/third-party/pagerduty/src/test/java/org/elasticsearch/smoketest/SmokeTestWatcherClientYamlTestSuiteIT.java +++ b/qa/third-party/pagerduty/src/test/java/org/elasticsearch/smoketest/WatcherPagerDutyYamlTestSuiteIT.java @@ -7,8 +7,6 @@ package org.elasticsearch.smoketest; import com.carrotsearch.randomizedtesting.annotations.Name; import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import org.elasticsearch.test.junit.annotations.Network; -import org.elasticsearch.test.junit.annotations.TestLogging; import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ClientYamlTestResponse; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; @@ -26,10 +24,9 @@ import static java.util.Collections.singletonMap; import static org.hamcrest.Matchers.is; /** Runs rest tests against external cluster */ -@Network // Needed to access to an external Jira server -public class SmokeTestWatcherClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { +public class WatcherPagerDutyYamlTestSuiteIT extends ESClientYamlSuiteTestCase { - public SmokeTestWatcherClientYamlTestSuiteIT(@Name("yaml") ClientYamlTestCandidate testCandidate) { + public WatcherPagerDutyYamlTestSuiteIT(@Name("yaml") ClientYamlTestCandidate testCandidate) { super(testCandidate); } diff --git a/qa/third-party/slack/build.gradle b/qa/third-party/slack/build.gradle index 6522c5a1f06..1e1b9ff1dcb 100644 --- a/qa/third-party/slack/build.gradle +++ b/qa/third-party/slack/build.gradle @@ -1,3 +1,6 @@ +import org.elasticsearch.gradle.test.NodeInfo +import org.elasticsearch.gradle.LoggedExec + apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.rest-test' @@ -6,8 +9,7 @@ dependencies { testCompile project(path: xpackModule('watcher'), configuration: 'runtime') } -String slackPropertyName = 'xpack.notification.slack.url' -System.setProperty(slackPropertyName, 'https://hooks.slack.com/services/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') +String slackUrl = System.getenv('slack_url') integTestCluster { plugin xpackProject('plugin').path @@ -16,11 +18,9 @@ integTestCluster { setting 'xpack.ml.enabled', 'false' setting 'xpack.license.self_generated.type', 'trial' setting 'logger.org.elasticsearch.xpack.watcher', 'DEBUG' - - setting 'xpack.notification.slack.account.test_account.url', System.getProperty(slackPropertyName) + keystoreSetting 'xpack.notification.slack.account.test_account.secure_url', slackUrl } -// require network access for this one, exit early instead of starting up the cluster if we dont have network -if (!System.getProperty(slackPropertyName) || !System.getProperty('tests.network')) { - integTest.enabled = false +if (!slackUrl) { + integTest.enabled = false } diff --git a/qa/third-party/slack/src/test/java/org/elasticsearch/smoketest/SmokeTestWatcherClientYamlTestSuiteIT.java b/qa/third-party/slack/src/test/java/org/elasticsearch/smoketest/WatcherSlackYamlTestSuiteIT.java similarity index 89% rename from qa/third-party/slack/src/test/java/org/elasticsearch/smoketest/SmokeTestWatcherClientYamlTestSuiteIT.java rename to qa/third-party/slack/src/test/java/org/elasticsearch/smoketest/WatcherSlackYamlTestSuiteIT.java index 30e5654e475..f6e8222ea73 100644 --- a/qa/third-party/slack/src/test/java/org/elasticsearch/smoketest/SmokeTestWatcherClientYamlTestSuiteIT.java +++ b/qa/third-party/slack/src/test/java/org/elasticsearch/smoketest/WatcherSlackYamlTestSuiteIT.java @@ -7,8 +7,6 @@ package org.elasticsearch.smoketest; import com.carrotsearch.randomizedtesting.annotations.Name; import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; -import org.elasticsearch.test.junit.annotations.Network; -import org.elasticsearch.test.junit.annotations.TestLogging; import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ClientYamlTestResponse; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; @@ -26,10 +24,9 @@ import static java.util.Collections.singletonMap; import static org.hamcrest.Matchers.is; /** Runs rest tests against external cluster */ -@Network // Needed to access to an external Jira server -public class SmokeTestWatcherClientYamlTestSuiteIT extends ESClientYamlSuiteTestCase { +public class WatcherSlackYamlTestSuiteIT extends ESClientYamlSuiteTestCase { - public SmokeTestWatcherClientYamlTestSuiteIT(@Name("yaml") ClientYamlTestCandidate testCandidate) { + public WatcherSlackYamlTestSuiteIT(@Name("yaml") ClientYamlTestCandidate testCandidate) { super(testCandidate); }