Fix listing of users without roles

When no users have roles, esusers will now correctly list all users.

Fixes https://github.com/elasticsearch/elasticsearch-shield/issues/315

Original commit: elastic/x-pack-elasticsearch@12f4c171d8
This commit is contained in:
c-a-m 2014-11-10 11:59:48 -07:00
parent da15a66d1e
commit 7472b50144
2 changed files with 27 additions and 5 deletions

View File

@ -385,11 +385,11 @@ public class ESUsersTool extends CliTool {
} }
// list users without roles // list users without roles
Set<String> usersWithoutRoles = Sets.newHashSet(users); Set<String> usersWithoutRoles = Sets.newHashSet(users);
if (usersWithoutRoles.removeAll(userRoles.keySet())) { usersWithoutRoles.removeAll(userRoles.keySet());
for (String user : usersWithoutRoles) { for (String user : usersWithoutRoles) {
terminal.println("%-15s: -", user); terminal.println("%-15s: -", user);
} }
}
if (unknownRolesFound) { if (unknownRolesFound) {
// at least one role is marked... so printing the legend // at least one role is marked... so printing the legend
Path rolesFile = FileRolesStore.resolveFile(settings, env).toAbsolutePath(); Path rolesFile = FileRolesStore.resolveFile(settings, env).toAbsolutePath();

View File

@ -598,7 +598,7 @@ public class ESUsersToolTests extends CliToolTestCase {
} }
@Test @Test
public void testListUsersAndRoles_Cmd_testThatUsersWithoutRolesAreListed() throws Exception { public void testListUsersAndRoles_Cmd_testThatUsersWithAndWithoutRolesAreListed() throws Exception {
File usersFile = writeFile("admin:{plain}changeme\nuser:{plain}changeme\nno-roles-user:{plain}changeme\n"); File usersFile = writeFile("admin:{plain}changeme\nuser:{plain}changeme\nno-roles-user:{plain}changeme\n");
File usersRoleFile = writeFile("admin: admin\nuser: user\nfoo:user\nbar:user\n"); File usersRoleFile = writeFile("admin: admin\nuser: user\nfoo:user\nbar:user\n");
File rolesFile = writeFile("admin:\n cluster: all\n\nuser:\n cluster: all\n\nfoo:\n cluster: all\n\nbar:\n cluster: all"); File rolesFile = writeFile("admin:\n cluster: all\n\nuser:\n cluster: all\n\nfoo:\n cluster: all\n\nbar:\n cluster: all");
@ -619,6 +619,28 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("no-roles-user"), containsString("-")))); assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("no-roles-user"), containsString("-"))));
} }
@Test
public void testListUsersAndRoles_Cmd_testThatUsersWithoutRolesAreListed() throws Exception {
File usersFile = writeFile("admin:{plain}changeme\nuser:{plain}changeme\nno-roles-user:{plain}changeme\n");
File usersRoleFile = writeFile("");
File rolesFile = writeFile("admin:\n cluster: all\n\nuser:\n cluster: all\n\nfoo:\n cluster: all\n\nbar:\n cluster: all");
Settings settings = ImmutableSettings.builder()
.put("shield.authc.esusers.files.users_roles", usersRoleFile)
.put("shield.authc.esusers.files.users", usersFile)
.put("shield.authz.store.files.roles", rolesFile)
.build();
CaptureOutputTerminal catchTerminalOutput = new CaptureOutputTerminal();
ESUsersTool.ListUsersAndRoles cmd = new ESUsersTool.ListUsersAndRoles(catchTerminalOutput, null);
CliTool.ExitStatus status = execute(cmd, settings);
assertThat(status, is(CliTool.ExitStatus.OK));
assertThat(catchTerminalOutput.getTerminalOutput(), hasSize(greaterThanOrEqualTo(3)));
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("admin"), containsString("-"))));
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("user"), containsString("-"))));
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("no-roles-user"), containsString("-"))));
}
@Test @Test
public void testListUsersAndRoles_Cmd_testThatUsersWithoutRolesAreListedForSingleUser() throws Exception { public void testListUsersAndRoles_Cmd_testThatUsersWithoutRolesAreListedForSingleUser() throws Exception {
File usersFile = writeFile("admin:{plain}changeme"); File usersFile = writeFile("admin:{plain}changeme");