Fix listing of users without roles
When no users have roles, esusers will now correctly list all users. Fixes https://github.com/elasticsearch/elasticsearch-shield/issues/315 Original commit: elastic/x-pack-elasticsearch@12f4c171d8
This commit is contained in:
parent
da15a66d1e
commit
7472b50144
|
@ -385,11 +385,11 @@ public class ESUsersTool extends CliTool {
|
|||
}
|
||||
// list users without roles
|
||||
Set<String> usersWithoutRoles = Sets.newHashSet(users);
|
||||
if (usersWithoutRoles.removeAll(userRoles.keySet())) {
|
||||
usersWithoutRoles.removeAll(userRoles.keySet());
|
||||
for (String user : usersWithoutRoles) {
|
||||
terminal.println("%-15s: -", user);
|
||||
}
|
||||
}
|
||||
|
||||
if (unknownRolesFound) {
|
||||
// at least one role is marked... so printing the legend
|
||||
Path rolesFile = FileRolesStore.resolveFile(settings, env).toAbsolutePath();
|
||||
|
|
|
@ -598,7 +598,7 @@ public class ESUsersToolTests extends CliToolTestCase {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testListUsersAndRoles_Cmd_testThatUsersWithoutRolesAreListed() throws Exception {
|
||||
public void testListUsersAndRoles_Cmd_testThatUsersWithAndWithoutRolesAreListed() throws Exception {
|
||||
File usersFile = writeFile("admin:{plain}changeme\nuser:{plain}changeme\nno-roles-user:{plain}changeme\n");
|
||||
File usersRoleFile = writeFile("admin: admin\nuser: user\nfoo:user\nbar:user\n");
|
||||
File rolesFile = writeFile("admin:\n cluster: all\n\nuser:\n cluster: all\n\nfoo:\n cluster: all\n\nbar:\n cluster: all");
|
||||
|
@ -619,6 +619,28 @@ public class ESUsersToolTests extends CliToolTestCase {
|
|||
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("no-roles-user"), containsString("-"))));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testListUsersAndRoles_Cmd_testThatUsersWithoutRolesAreListed() throws Exception {
|
||||
File usersFile = writeFile("admin:{plain}changeme\nuser:{plain}changeme\nno-roles-user:{plain}changeme\n");
|
||||
File usersRoleFile = writeFile("");
|
||||
File rolesFile = writeFile("admin:\n cluster: all\n\nuser:\n cluster: all\n\nfoo:\n cluster: all\n\nbar:\n cluster: all");
|
||||
Settings settings = ImmutableSettings.builder()
|
||||
.put("shield.authc.esusers.files.users_roles", usersRoleFile)
|
||||
.put("shield.authc.esusers.files.users", usersFile)
|
||||
.put("shield.authz.store.files.roles", rolesFile)
|
||||
.build();
|
||||
|
||||
CaptureOutputTerminal catchTerminalOutput = new CaptureOutputTerminal();
|
||||
ESUsersTool.ListUsersAndRoles cmd = new ESUsersTool.ListUsersAndRoles(catchTerminalOutput, null);
|
||||
CliTool.ExitStatus status = execute(cmd, settings);
|
||||
|
||||
assertThat(status, is(CliTool.ExitStatus.OK));
|
||||
assertThat(catchTerminalOutput.getTerminalOutput(), hasSize(greaterThanOrEqualTo(3)));
|
||||
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("admin"), containsString("-"))));
|
||||
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("user"), containsString("-"))));
|
||||
assertThat(catchTerminalOutput.getTerminalOutput(), hasItem(allOf(containsString("no-roles-user"), containsString("-"))));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testListUsersAndRoles_Cmd_testThatUsersWithoutRolesAreListedForSingleUser() throws Exception {
|
||||
File usersFile = writeFile("admin:{plain}changeme");
|
||||
|
|
Loading…
Reference in New Issue