FileRolesStore: Make sure default path is loaded correctly on startup
The wrong path was used as default path. Also added logging information for all files, so one can at least check the paths. Original commit: elastic/x-pack-elasticsearch@893493fd17
This commit is contained in:
parent
f15d5c4aa3
commit
787a415c27
|
@ -86,6 +86,9 @@ public class FileUserPasswdStore extends AbstractComponent implements UserPasswd
|
||||||
* empty map is returned
|
* empty map is returned
|
||||||
*/
|
*/
|
||||||
public static ImmutableMap<String, char[]> parseFile(Path path, @Nullable ESLogger logger) {
|
public static ImmutableMap<String, char[]> parseFile(Path path, @Nullable ESLogger logger) {
|
||||||
|
if (logger != null) {
|
||||||
|
logger.trace("Reading users file located at [{}]", path);
|
||||||
|
}
|
||||||
if (!Files.exists(path)) {
|
if (!Files.exists(path)) {
|
||||||
return ImmutableMap.of();
|
return ImmutableMap.of();
|
||||||
}
|
}
|
||||||
|
|
|
@ -79,6 +79,10 @@ public class FileUserRolesStore extends AbstractComponent implements UserRolesSt
|
||||||
* an empty map is returned
|
* an empty map is returned
|
||||||
*/
|
*/
|
||||||
public static ImmutableMap<String, String[]> parseFile(Path path, @Nullable ESLogger logger) {
|
public static ImmutableMap<String, String[]> parseFile(Path path, @Nullable ESLogger logger) {
|
||||||
|
if (logger != null) {
|
||||||
|
logger.trace("Reading users roles file located at [{}]", path);
|
||||||
|
}
|
||||||
|
|
||||||
if (!Files.exists(path)) {
|
if (!Files.exists(path)) {
|
||||||
return ImmutableMap.of();
|
return ImmutableMap.of();
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,6 +12,7 @@ import org.elasticsearch.common.collect.ImmutableSet;
|
||||||
import org.elasticsearch.common.component.AbstractComponent;
|
import org.elasticsearch.common.component.AbstractComponent;
|
||||||
import org.elasticsearch.common.inject.Inject;
|
import org.elasticsearch.common.inject.Inject;
|
||||||
import org.elasticsearch.common.jackson.dataformat.yaml.snakeyaml.error.YAMLException;
|
import org.elasticsearch.common.jackson.dataformat.yaml.snakeyaml.error.YAMLException;
|
||||||
|
import org.elasticsearch.common.logging.ESLogger;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||||
import org.elasticsearch.common.xcontent.XContentFactory;
|
import org.elasticsearch.common.xcontent.XContentFactory;
|
||||||
|
@ -20,6 +21,7 @@ import org.elasticsearch.common.xcontent.yaml.YamlXContent;
|
||||||
import org.elasticsearch.env.Environment;
|
import org.elasticsearch.env.Environment;
|
||||||
import org.elasticsearch.shield.authz.Permission;
|
import org.elasticsearch.shield.authz.Permission;
|
||||||
import org.elasticsearch.shield.authz.Privilege;
|
import org.elasticsearch.shield.authz.Privilege;
|
||||||
|
import org.elasticsearch.shield.plugin.SecurityPlugin;
|
||||||
import org.elasticsearch.watcher.FileChangesListener;
|
import org.elasticsearch.watcher.FileChangesListener;
|
||||||
import org.elasticsearch.watcher.FileWatcher;
|
import org.elasticsearch.watcher.FileWatcher;
|
||||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||||
|
@ -57,7 +59,7 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
|
||||||
public FileRolesStore(Settings settings, Environment env, ResourceWatcherService watcherService, Listener listener) {
|
public FileRolesStore(Settings settings, Environment env, ResourceWatcherService watcherService, Listener listener) {
|
||||||
super(settings);
|
super(settings);
|
||||||
file = resolveFile(componentSettings, env);
|
file = resolveFile(componentSettings, env);
|
||||||
permissions = parseFile(file);
|
permissions = parseFile(file, logger);
|
||||||
FileWatcher watcher = new FileWatcher(file.getParent().toFile());
|
FileWatcher watcher = new FileWatcher(file.getParent().toFile());
|
||||||
watcher.addListener(new FileListener());
|
watcher.addListener(new FileListener());
|
||||||
watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH);
|
watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH);
|
||||||
|
@ -72,12 +74,18 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
|
||||||
public static Path resolveFile(Settings settings, Environment env) {
|
public static Path resolveFile(Settings settings, Environment env) {
|
||||||
String location = settings.get("files.roles");
|
String location = settings.get("files.roles");
|
||||||
if (location == null) {
|
if (location == null) {
|
||||||
return env.configFile().toPath().resolve(".roles.yml");
|
File shieldDirectory = new File(env.configFile(), SecurityPlugin.NAME);
|
||||||
|
return shieldDirectory.toPath().resolve(".roles.yml");
|
||||||
}
|
}
|
||||||
|
|
||||||
return Paths.get(location);
|
return Paths.get(location);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static ImmutableMap<String, Permission.Global> parseFile(Path path) {
|
public static ImmutableMap<String, Permission.Global> parseFile(Path path, ESLogger logger) {
|
||||||
|
if (logger != null) {
|
||||||
|
logger.trace("Reading roles file located at [{}]", path);
|
||||||
|
}
|
||||||
|
|
||||||
if (!Files.exists(path)) {
|
if (!Files.exists(path)) {
|
||||||
return ImmutableMap.of();
|
return ImmutableMap.of();
|
||||||
}
|
}
|
||||||
|
@ -218,7 +226,7 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
|
||||||
@Override
|
@Override
|
||||||
public void onFileChanged(File file) {
|
public void onFileChanged(File file) {
|
||||||
if (file.equals(FileRolesStore.this.file.toFile())) {
|
if (file.equals(FileRolesStore.this.file.toFile())) {
|
||||||
permissions = parseFile(file.toPath());
|
permissions = parseFile(file.toPath(), logger);
|
||||||
listener.onRefresh();
|
listener.onRefresh();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,7 +42,7 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
|
||||||
@Test
|
@Test
|
||||||
public void testParseFile() throws Exception {
|
public void testParseFile() throws Exception {
|
||||||
Path path = Paths.get(getClass().getResource("roles.yml").toURI());
|
Path path = Paths.get(getClass().getResource("roles.yml").toURI());
|
||||||
Map<String, Permission.Global> roles = FileRolesStore.parseFile(path);
|
Map<String, Permission.Global> roles = FileRolesStore.parseFile(path, logger);
|
||||||
assertThat(roles, notNullValue());
|
assertThat(roles, notNullValue());
|
||||||
assertThat(roles.size(), is(3));
|
assertThat(roles.size(), is(3));
|
||||||
|
|
||||||
|
@ -155,7 +155,7 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
|
||||||
public void testThatEmptyFileDoesNotResultInLoop() throws Exception {
|
public void testThatEmptyFileDoesNotResultInLoop() throws Exception {
|
||||||
File file = tempFolder.newFile();
|
File file = tempFolder.newFile();
|
||||||
com.google.common.io.Files.write("#".getBytes(Charsets.UTF_8), file);
|
com.google.common.io.Files.write("#".getBytes(Charsets.UTF_8), file);
|
||||||
Map<String, Permission.Global> roles = FileRolesStore.parseFile(file.toPath());
|
Map<String, Permission.Global> roles = FileRolesStore.parseFile(file.toPath(), logger);
|
||||||
assertThat(roles.keySet(), is(empty()));
|
assertThat(roles.keySet(), is(empty()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -163,6 +163,6 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
|
||||||
public void testThatInvalidYAMLThrowsElasticsearchException() throws Exception {
|
public void testThatInvalidYAMLThrowsElasticsearchException() throws Exception {
|
||||||
File file = tempFolder.newFile();
|
File file = tempFolder.newFile();
|
||||||
com.google.common.io.Files.write("user: cluster: ALL indices: '.*': ALL".getBytes(Charsets.UTF_8), file);
|
com.google.common.io.Files.write("user: cluster: ALL indices: '.*': ALL".getBytes(Charsets.UTF_8), file);
|
||||||
FileRolesStore.parseFile(file.toPath());
|
FileRolesStore.parseFile(file.toPath(), logger);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue