From 787a415c27881cd1a59ea34079c90bce32377d07 Mon Sep 17 00:00:00 2001
From: Alexander Reelsen <alexander@reelsen.net>
Date: Wed, 10 Sep 2014 12:06:12 +0200
Subject: [PATCH] FileRolesStore: Make sure default path is loaded correctly on
 startup

The wrong path was used as default path. Also added logging information
for all files, so one can at least check the paths.

Original commit: elastic/x-pack-elasticsearch@893493fd1754dd0a3485a95627d758ab9eb0aabe
---
 .../authc/esusers/FileUserPasswdStore.java       |  3 +++
 .../shield/authc/esusers/FileUserRolesStore.java |  4 ++++
 .../shield/authz/store/FileRolesStore.java       | 16 ++++++++++++----
 .../shield/authz/store/FileRolesStoreTests.java  |  6 +++---
 4 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java
index 0d5f2c797d0..85b7e7f38f3 100644
--- a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java
+++ b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java
@@ -86,6 +86,9 @@ public class FileUserPasswdStore extends AbstractComponent implements UserPasswd
      * empty map is returned
      */
     public static ImmutableMap<String, char[]> parseFile(Path path, @Nullable ESLogger logger) {
+        if (logger != null) {
+            logger.trace("Reading users file located at [{}]", path);
+        }
         if (!Files.exists(path)) {
             return ImmutableMap.of();
         }
diff --git a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java
index 4e784a5266e..ea08e509fc8 100644
--- a/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java
+++ b/src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java
@@ -79,6 +79,10 @@ public class FileUserRolesStore extends AbstractComponent implements UserRolesSt
      * an empty map is returned
      */
     public static ImmutableMap<String, String[]> parseFile(Path path, @Nullable ESLogger logger) {
+        if (logger != null) {
+            logger.trace("Reading users roles file located at [{}]", path);
+        }
+
         if (!Files.exists(path)) {
             return ImmutableMap.of();
         }
diff --git a/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java b/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java
index 26e066feefc..1aa8d4d9b58 100644
--- a/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java
+++ b/src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java
@@ -12,6 +12,7 @@ import org.elasticsearch.common.collect.ImmutableSet;
 import org.elasticsearch.common.component.AbstractComponent;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.jackson.dataformat.yaml.snakeyaml.error.YAMLException;
+import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.xcontent.XContentBuilder;
 import org.elasticsearch.common.xcontent.XContentFactory;
@@ -20,6 +21,7 @@ import org.elasticsearch.common.xcontent.yaml.YamlXContent;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.shield.authz.Permission;
 import org.elasticsearch.shield.authz.Privilege;
+import org.elasticsearch.shield.plugin.SecurityPlugin;
 import org.elasticsearch.watcher.FileChangesListener;
 import org.elasticsearch.watcher.FileWatcher;
 import org.elasticsearch.watcher.ResourceWatcherService;
@@ -57,7 +59,7 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
     public FileRolesStore(Settings settings, Environment env, ResourceWatcherService watcherService, Listener listener) {
         super(settings);
         file = resolveFile(componentSettings, env);
-        permissions = parseFile(file);
+        permissions = parseFile(file, logger);
         FileWatcher watcher = new FileWatcher(file.getParent().toFile());
         watcher.addListener(new FileListener());
         watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH);
@@ -72,12 +74,18 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
     public static Path resolveFile(Settings settings, Environment env) {
         String location = settings.get("files.roles");
         if (location == null) {
-            return env.configFile().toPath().resolve(".roles.yml");
+            File shieldDirectory = new File(env.configFile(), SecurityPlugin.NAME);
+            return shieldDirectory.toPath().resolve(".roles.yml");
         }
+
         return Paths.get(location);
     }
 
-    public static ImmutableMap<String, Permission.Global> parseFile(Path path) {
+    public static ImmutableMap<String, Permission.Global> parseFile(Path path, ESLogger logger) {
+        if (logger != null) {
+            logger.trace("Reading roles file located at [{}]", path);
+        }
+
         if (!Files.exists(path)) {
             return ImmutableMap.of();
         }
@@ -218,7 +226,7 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
         @Override
         public void onFileChanged(File file) {
             if (file.equals(FileRolesStore.this.file.toFile())) {
-                permissions = parseFile(file.toPath());
+                permissions = parseFile(file.toPath(), logger);
                 listener.onRefresh();
             }
         }
diff --git a/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java b/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java
index 09c7c7bc92f..961a3d0456a 100644
--- a/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java
+++ b/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java
@@ -42,7 +42,7 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
     @Test
     public void testParseFile() throws Exception {
         Path path = Paths.get(getClass().getResource("roles.yml").toURI());
-        Map<String, Permission.Global> roles = FileRolesStore.parseFile(path);
+        Map<String, Permission.Global> roles = FileRolesStore.parseFile(path, logger);
         assertThat(roles, notNullValue());
         assertThat(roles.size(), is(3));
 
@@ -155,7 +155,7 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
     public void testThatEmptyFileDoesNotResultInLoop() throws Exception {
         File file = tempFolder.newFile();
         com.google.common.io.Files.write("#".getBytes(Charsets.UTF_8), file);
-        Map<String, Permission.Global> roles = FileRolesStore.parseFile(file.toPath());
+        Map<String, Permission.Global> roles = FileRolesStore.parseFile(file.toPath(), logger);
         assertThat(roles.keySet(), is(empty()));
     }
 
@@ -163,6 +163,6 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
     public void testThatInvalidYAMLThrowsElasticsearchException() throws Exception {
         File file = tempFolder.newFile();
         com.google.common.io.Files.write("user: cluster: ALL indices: '.*': ALL".getBytes(Charsets.UTF_8), file);
-        FileRolesStore.parseFile(file.toPath());
+        FileRolesStore.parseFile(file.toPath(), logger);
     }
 }