Merge pull request elastic/elasticsearch#2857 from rjernst/deguice9

Remove guice from audit trail construction

Original commit: elastic/x-pack-elasticsearch@a7bf223893
This commit is contained in:
Ryan Ernst 2016-07-18 15:14:00 -07:00 committed by GitHub
commit 7bb4c613eb
13 changed files with 196 additions and 219 deletions

View File

@ -11,14 +11,19 @@ import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionResponse;
import org.elasticsearch.action.support.ActionFilter;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.Booleans;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.component.LifecycleComponent;
@ -63,12 +68,12 @@ import org.elasticsearch.xpack.security.action.user.TransportChangePasswordActio
import org.elasticsearch.xpack.security.action.user.TransportDeleteUserAction;
import org.elasticsearch.xpack.security.action.user.TransportGetUsersAction;
import org.elasticsearch.xpack.security.action.user.TransportPutUserAction;
import org.elasticsearch.xpack.security.audit.AuditTrailModule;
import org.elasticsearch.xpack.security.audit.AuditTrail;
import org.elasticsearch.xpack.security.audit.AuditTrailService;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
import org.elasticsearch.xpack.security.audit.index.IndexNameResolver;
import org.elasticsearch.xpack.security.authc.AuthenticationFailureHandler;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
import org.elasticsearch.xpack.security.authc.AuthenticationModule;
import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler;
import org.elasticsearch.xpack.security.authc.InternalAuthenticationService;
import org.elasticsearch.xpack.security.authc.Realm;
import org.elasticsearch.xpack.security.authc.Realms;
@ -128,6 +133,14 @@ public class Security implements ActionPlugin {
public static final String DLS_FLS_FEATURE = "security.dls_fls";
public static final Setting<Optional<String>> USER_SETTING = OptionalSettings.createString(setting("user"), Property.NodeScope);
public static final Setting<Boolean> AUDIT_ENABLED_SETTING =
Setting.boolSetting(featureEnabledSetting("audit"), false, Property.NodeScope);
public static final Setting<List<String>> AUDIT_OUTPUTS_SETTING =
Setting.listSetting(setting("audit.outputs"),
s -> s.getAsMap().containsKey(setting("audit.outputs")) ?
Collections.emptyList() : Collections.singletonList(LoggingAuditTrail.NAME),
Function.identity(), Property.NodeScope);
private final Settings settings;
private final Environment env;
private final boolean enabled;
@ -182,10 +195,17 @@ public class Security implements ActionPlugin {
modules.add(new AuthenticationModule(settings));
modules.add(new AuthorizationModule(settings));
if (enabled == false || auditingEnabled(settings) == false) {
modules.add(b -> {
b.bind(AuditTrailService.class).toProvider(Providers.of(null));
b.bind(AuditTrail.class).toInstance(AuditTrail.NOOP);
});
}
if (enabled == false) {
modules.add(b -> b.bind(CryptoService.class).toProvider(Providers.of(null)));
modules.add(b -> {
b.bind(CryptoService.class).toProvider(Providers.of(null));
});
modules.add(new SecurityModule(settings));
modules.add(new AuditTrailModule(settings));
modules.add(new SecurityTransportModule(settings));
return modules;
}
@ -193,10 +213,17 @@ public class Security implements ActionPlugin {
// we can't load that at construction time since the license plugin might not have been loaded at that point
// which might not be the case during Plugin class instantiation. Once nodeModules are pulled
// everything should have been loaded
modules.add(b -> b.bind(CryptoService.class).toInstance(cryptoService));
modules.add(b -> {
b.bind(CryptoService.class).toInstance(cryptoService);
if (auditingEnabled(settings)) {
b.bind(AuditTrail.class).to(AuditTrailService.class); // interface used by some actions...
}
if (indexAuditLoggingEnabled(settings) == false) {
// TODO: remove this once we can construct SecurityLifecycleService without guice
b.bind(IndexAuditTrail.class).toProvider(Providers.of(null));
}
});
modules.add(new SecurityModule(settings));
modules.add(new AuditTrailModule(settings));
modules.add(new SecurityRestModule(settings));
modules.add(new SecurityActionModule(settings));
modules.add(new SecurityTransportModule(settings));
@ -212,15 +239,18 @@ public class Security implements ActionPlugin {
return list;
}
public Collection<Object> createComponents(InternalClient client, ThreadPool threadPool,
public Collection<Object> createComponents(InternalClient client, ThreadPool threadPool, ClusterService clusterService,
ResourceWatcherService resourceWatcherService, List<XPackExtension> extensions) {
if (enabled == false) {
return Collections.emptyList();
}
List<Object> components = new ArrayList<>();
final SSLConfiguration.Global globalSslConfig = new SSLConfiguration.Global(settings);
final ClientSSLService clientSSLService = new ClientSSLService(settings, env, globalSslConfig, resourceWatcherService);
final ServerSSLService serverSSLService = new ServerSSLService(settings, env, globalSslConfig, resourceWatcherService);
components.add(clientSSLService);
components.add(serverSSLService);
// realms construction
final NativeUsersStore nativeUsersStore = new NativeUsersStore(settings, client, threadPool);
@ -241,8 +271,35 @@ public class Security implements ActionPlugin {
}
}
final Realms realms = new Realms(settings, env, realmFactories, securityLicenseState, reservedRealm);
components.add(nativeUsersStore);
components.add(realms);
return Arrays.asList(clientSSLService, serverSSLService, nativeUsersStore, realms);
// audit trails construction
if (AUDIT_ENABLED_SETTING.get(settings)) {
List<String> outputs = AUDIT_OUTPUTS_SETTING.get(settings);
if (outputs.isEmpty()) {
throw new IllegalArgumentException("Audit logging is enabled but there are zero output types in "
+ AUDIT_ENABLED_SETTING.getKey());
}
Set<AuditTrail> auditTrails = new LinkedHashSet<>();
for (String output : outputs) {
switch (output) {
case LoggingAuditTrail.NAME:
auditTrails.add(new LoggingAuditTrail(settings, clusterService, threadPool));
break;
case IndexAuditTrail.NAME:
IndexAuditTrail indexAuditTrail = new IndexAuditTrail(settings, client, threadPool, clusterService);
auditTrails.add(indexAuditTrail);
components.add(indexAuditTrail); // SecurityLifecycleService needs this....
break;
default:
throw new IllegalArgumentException("Unknown audit trail output [" + output + "]");
}
}
components.add(new AuditTrailService(settings, auditTrails.stream().collect(Collectors.toList()), securityLicenseState));
}
return components;
}
public Settings additionalSettings() {
@ -288,7 +345,10 @@ public class Security implements ActionPlugin {
IPFilter.addSettings(settingsList);
// audit settings
AuditTrailModule.addSettings(settingsList);
settingsList.add(AUDIT_ENABLED_SETTING);
settingsList.add(AUDIT_OUTPUTS_SETTING);
LoggingAuditTrail.registerSettings(settingsList);
IndexAuditTrail.registerSettings(settingsList);
// authentication settings
FileRolesStore.addSettings(settingsList);
@ -515,13 +575,29 @@ public class Security implements ActionPlugin {
return XPackPlugin.featureEnabledSetting("security." + feature);
}
public static boolean auditingEnabled(Settings settings) {
return AUDIT_ENABLED_SETTING.get(settings);
}
public static boolean indexAuditLoggingEnabled(Settings settings) {
if (auditingEnabled(settings)) {
List<String> outputs = AUDIT_OUTPUTS_SETTING.get(settings);
for (String output : outputs) {
if (output.equals(IndexAuditTrail.NAME)) {
return true;
}
}
}
return false;
}
static void validateAutoCreateIndex(Settings settings) {
String value = settings.get("action.auto_create_index");
if (value == null) {
return;
}
final boolean indexAuditingEnabled = AuditTrailModule.indexAuditLoggingEnabled(settings);
final boolean indexAuditingEnabled = Security.indexAuditLoggingEnabled(settings);
final String auditIndex = indexAuditingEnabled ? "," + IndexAuditTrail.INDEX_NAME_PREFIX + "*" : "";
String errorMessage = LoggerMessageFormat.format("the [action.auto_create_index] setting value [{}] is too" +
" restrictive. disable [action.auto_create_index] or set it to " +

View File

@ -11,10 +11,9 @@ import org.elasticsearch.cluster.ClusterStateListener;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.component.LifecycleListener;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.Provider;
import org.elasticsearch.common.inject.internal.Nullable;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
import org.elasticsearch.xpack.security.audit.AuditTrailModule;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
@ -41,7 +40,7 @@ public class SecurityLifecycleService extends AbstractComponent implements Clust
@Inject
public SecurityLifecycleService(Settings settings, ClusterService clusterService, ThreadPool threadPool,
IndexAuditTrail indexAuditTrail, NativeUsersStore nativeUserStore,
@Nullable IndexAuditTrail indexAuditTrail, NativeUsersStore nativeUserStore,
NativeRolesStore nativeRolesStore, InternalClient client) {
super(settings);
this.settings = settings;
@ -111,7 +110,7 @@ public class SecurityLifecycleService extends AbstractComponent implements Clust
}
try {
if (AuditTrailModule.indexAuditLoggingEnabled(settings) &&
if (Security.indexAuditLoggingEnabled(settings) &&
indexAuditTrail.state() == IndexAuditTrail.State.INITIALIZED) {
if (indexAuditTrail.canStart(event, master)) {
threadPool.generic().execute(new AbstractRunnable() {
@ -146,19 +145,23 @@ public class SecurityLifecycleService extends AbstractComponent implements Clust
} catch (Exception e) {
logger.error("failed to stop native roles module", e);
}
try {
indexAuditTrail.stop();
} catch (Exception e) {
logger.error("failed to stop audit trail module", e);
if (indexAuditTrail != null) {
try {
indexAuditTrail.stop();
} catch (Exception e) {
logger.error("failed to stop audit trail module", e);
}
}
}
public void close() {
// There is no .close() method for the roles module
try {
indexAuditTrail.close();
} catch (Exception e) {
logger.error("failed to close audit trail module", e);
if (indexAuditTrail != null) {
try {
indexAuditTrail.close();
} catch (Exception e) {
logger.error("failed to close audit trail module", e);
}
}
}
}

View File

@ -1,108 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.audit;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.inject.multibindings.Multibinder;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Setting.Property;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import static org.elasticsearch.xpack.security.Security.featureEnabledSetting;
import static org.elasticsearch.xpack.security.Security.setting;
/**
*
*/
public class AuditTrailModule extends AbstractSecurityModule.Node {
public static final Setting<Boolean> ENABLED_SETTING =
Setting.boolSetting(featureEnabledSetting("audit"), false, Property.NodeScope);
public static final Setting<List<String>> OUTPUTS_SETTING =
Setting.listSetting(setting("audit.outputs"),
s -> s.getAsMap().containsKey(setting("audit.outputs")) ?
Collections.emptyList() : Collections.singletonList(LoggingAuditTrail.NAME),
Function.identity(), Property.NodeScope);
private final boolean enabled;
public AuditTrailModule(Settings settings) {
super(settings);
enabled = ENABLED_SETTING.get(settings);
}
@Override
protected void configureNode() {
List<String> outputs = OUTPUTS_SETTING.get(settings);
if (securityEnabled == false || enabled == false || outputs.isEmpty()) {
bind(AuditTrailService.class).toProvider(Providers.of(null));
bind(AuditTrail.class).toInstance(AuditTrail.NOOP);
return;
}
bind(AuditTrailService.class).asEagerSingleton();
bind(AuditTrail.class).to(AuditTrailService.class);
Multibinder<AuditTrail> binder = Multibinder.newSetBinder(binder(), AuditTrail.class);
for (String output : outputs) {
switch (output) {
case LoggingAuditTrail.NAME:
binder.addBinding().to(LoggingAuditTrail.class);
bind(LoggingAuditTrail.class).asEagerSingleton();
break;
case IndexAuditTrail.NAME:
binder.addBinding().to(IndexAuditTrail.class);
bind(IndexAuditTrail.class).asEagerSingleton();
break;
default:
throw new IllegalArgumentException("unknown audit trail output [" + output + "]");
}
}
}
public static boolean auditingEnabled(Settings settings) {
return ENABLED_SETTING.get(settings);
}
public static boolean indexAuditLoggingEnabled(Settings settings) {
if (auditingEnabled(settings)) {
List<String> outputs = OUTPUTS_SETTING.get(settings);
for (String output : outputs) {
if (output.equals(IndexAuditTrail.NAME)) {
return true;
}
}
}
return false;
}
public static boolean fileAuditLoggingEnabled(Settings settings) {
if (auditingEnabled(settings)) {
List<String> outputs = OUTPUTS_SETTING.get(settings);
for (String output : outputs) {
if (output.equals(LoggingAuditTrail.NAME)) {
return true;
}
}
}
return false;
}
public static void addSettings(List<Setting<?>> settings) {
settings.add(ENABLED_SETTING);
settings.add(OUTPUTS_SETTING);
LoggingAuditTrail.registerSettings(settings);
IndexAuditTrail.registerSettings(settings);
}
}

View File

@ -5,20 +5,23 @@
*/
package org.elasticsearch.xpack.security.audit;
import java.net.InetAddress;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.SecurityLicenseState;
import org.elasticsearch.xpack.security.user.User;
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
import org.elasticsearch.transport.TransportMessage;
import java.net.InetAddress;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.elasticsearch.xpack.security.user.User;
/**
*
@ -26,20 +29,24 @@ import java.util.Set;
public class AuditTrailService extends AbstractComponent implements AuditTrail {
private final SecurityLicenseState securityLicenseState;
final AuditTrail[] auditTrails;
final List<AuditTrail> auditTrails;
@Override
public String name() {
return "service";
}
@Inject
public AuditTrailService(Settings settings, Set<AuditTrail> auditTrails, SecurityLicenseState licenseState) {
public AuditTrailService(Settings settings, List<AuditTrail> auditTrails, SecurityLicenseState licenseState) {
super(settings);
this.auditTrails = auditTrails.toArray(new AuditTrail[auditTrails.size()]);
this.auditTrails = Collections.unmodifiableList(auditTrails);
this.securityLicenseState = licenseState;
}
/** Returns the audit trail implementations that this service delegates to. */
public List<AuditTrail> getAuditTrails() {
return auditTrails;
}
@Override
public void anonymousAccessDenied(String action, TransportMessage message) {
if (securityLicenseState.auditingEnabled()) {
@ -202,8 +209,8 @@ public class AuditTrailService extends AbstractComponent implements AuditTrail {
public Map<String, Object> usageStats() {
Map<String, Object> map = new HashMap<>(2);
map.put("enabled", AuditTrailModule.ENABLED_SETTING.get(settings));
map.put("outputs", AuditTrailModule.OUTPUTS_SETTING.get(settings));
map.put("enabled", Security.AUDIT_ENABLED_SETTING.get(settings));
map.put("outputs", Security.AUDIT_OUTPUTS_SETTING.get(settings));
return map;
}
}

View File

@ -169,9 +169,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
return NAME;
}
@Inject
public IndexAuditTrail(Settings settings, InternalClient client, ThreadPool threadPool,
ClusterService clusterService) {
public IndexAuditTrail(Settings settings, InternalClient client, ThreadPool threadPool, ClusterService clusterService) {
super(settings);
this.threadPool = threadPool;
this.clusterService = clusterService;

View File

@ -68,7 +68,6 @@ public class LoggingAuditTrail extends AbstractComponent implements AuditTrail {
return NAME;
}
@Inject
public LoggingAuditTrail(Settings settings, ClusterService clusterService, ThreadPool threadPool) {
this(settings, clusterService, Loggers.getLogger(LoggingAuditTrail.class), threadPool.getThreadContext());
}

View File

@ -18,7 +18,6 @@ import org.elasticsearch.test.ESIntegTestCase.Scope;
import org.elasticsearch.xpack.security.authc.file.FileRealm;
import org.elasticsearch.xpack.security.authc.esnative.NativeRealm;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.audit.AuditTrailModule;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
import org.elasticsearch.xpack.security.authc.support.Hasher;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
@ -129,7 +128,7 @@ public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.Unicas
//TODO: for now isolate security tests from watcher & monitoring (randomize this later)
.put(XPackPlugin.featureEnabledSetting(Watcher.NAME), false)
.put(XPackPlugin.featureEnabledSetting(Monitoring.NAME), false)
.put(AuditTrailModule.ENABLED_SETTING.getKey(), randomBoolean())
.put(Security.AUDIT_ENABLED_SETTING.getKey(), randomBoolean())
.put(LoggingAuditTrail.HOST_ADDRESS_SETTING.getKey(), randomBoolean())
.put(LoggingAuditTrail.HOST_NAME_SETTING.getKey(), randomBoolean())
.put(LoggingAuditTrail.NODE_NAME_SETTING.getKey(), randomBoolean())

View File

@ -9,8 +9,6 @@ import java.io.IOException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.audit.AuditTrailModule;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.xpack.XPackPlugin;
@ -159,14 +157,14 @@ public class SecuritySettingsTests extends ESTestCase {
Security.validateAutoCreateIndex(Settings.builder()
.put("action.auto_create_index", ".security")
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put(Security.AUDIT_ENABLED_SETTING.getKey(), true)
.build());
try {
Security.validateAutoCreateIndex(Settings.builder()
.put("action.auto_create_index", ".security")
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put(AuditTrailModule.OUTPUTS_SETTING.getKey(), randomFrom("index", "logfile,index"))
.put(Security.AUDIT_ENABLED_SETTING.getKey(), true)
.put(Security.AUDIT_OUTPUTS_SETTING.getKey(), randomFrom("index", "logfile,index"))
.build());
fail("IllegalArgumentException expected");
} catch (IllegalArgumentException e) {
@ -176,8 +174,8 @@ public class SecuritySettingsTests extends ESTestCase {
Security.validateAutoCreateIndex(Settings.builder()
.put("action.auto_create_index", ".security_audit_log*,.security")
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put(AuditTrailModule.OUTPUTS_SETTING.getKey(), randomFrom("index", "logfile,index"))
.put(Security.AUDIT_ENABLED_SETTING.getKey(), true)
.put(Security.AUDIT_OUTPUTS_SETTING.getKey(), randomFrom("index", "logfile,index"))
.build());
}
}

View File

@ -9,6 +9,7 @@ import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.elasticsearch.common.settings.Settings;
@ -16,6 +17,10 @@ import org.elasticsearch.env.Environment;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xpack.extensions.XPackExtension;
import org.elasticsearch.xpack.security.audit.AuditTrail;
import org.elasticsearch.xpack.security.audit.AuditTrailService;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
import org.elasticsearch.xpack.security.authc.Realm;
import org.elasticsearch.xpack.security.authc.Realms;
import org.elasticsearch.xpack.security.authc.file.FileRealm;
@ -49,7 +54,7 @@ public class SecurityTests extends ESTestCase {
Environment env = new Environment(settings);
Security security = new Security(settings, env);
ThreadPool threadPool = mock(ThreadPool.class);
return security.createComponents(null, threadPool, null, Arrays.asList(extensions));
return security.createComponents(null, threadPool, null, null, Arrays.asList(extensions));
}
private <T> T findComponent(Class<T> type, Collection<Object> components) {
@ -58,12 +63,13 @@ public class SecurityTests extends ESTestCase {
return type.cast(obj);
}
}
throw new AssertionError("Could not find component of type " + type + " in components");
return null;
}
public void testCustomRealmExtension() throws Exception {
Collection<Object> components = createComponents(Settings.EMPTY, new DummyExtension("myrealm"));
Realms realms = findComponent(Realms.class, components);
assertNotNull(realms);
assertNotNull(realms.realmFactory("myrealm"));
}
@ -72,4 +78,50 @@ public class SecurityTests extends ESTestCase {
() -> createComponents(Settings.EMPTY, new DummyExtension(FileRealm.TYPE)));
assertEquals("Realm type [" + FileRealm.TYPE + "] is already registered", e.getMessage());
}
public void testAuditEnabled() throws Exception {
Settings settings = Settings.builder().put(Security.AUDIT_ENABLED_SETTING.getKey(), true).build();
Collection<Object> components = createComponents(settings);
AuditTrailService service = findComponent(AuditTrailService.class, components);
assertNotNull(service);
assertEquals(1, service.getAuditTrails().size());
assertEquals(LoggingAuditTrail.NAME, service.getAuditTrails().get(0).name());
}
public void testDisabledByDefault() throws Exception {
Collection<Object> components = createComponents(Settings.EMPTY);
assertNull(findComponent(AuditTrailService.class, components));
}
public void testIndexAuditTrail() throws Exception {
Settings settings = Settings.builder()
.put(Security.AUDIT_ENABLED_SETTING.getKey(), true)
.put(Security.AUDIT_OUTPUTS_SETTING.getKey(), "index").build();
Collection<Object> components = createComponents(settings);
AuditTrailService service = findComponent(AuditTrailService.class, components);
assertNotNull(service);
assertEquals(1, service.getAuditTrails().size());
assertEquals(IndexAuditTrail.NAME, service.getAuditTrails().get(0).name());
}
public void testIndexAndLoggingAuditTrail() throws Exception {
Settings settings = Settings.builder()
.put(Security.AUDIT_ENABLED_SETTING.getKey(), true)
.put(Security.AUDIT_OUTPUTS_SETTING.getKey(), "index,logfile").build();
Collection<Object> components = createComponents(settings);
AuditTrailService service = findComponent(AuditTrailService.class, components);
assertNotNull(service);
assertEquals(2, service.getAuditTrails().size());
assertEquals(IndexAuditTrail.NAME, service.getAuditTrails().get(0).name());
assertEquals(LoggingAuditTrail.NAME, service.getAuditTrails().get(1).name());
}
public void testUnknownOutput() throws Exception {
Settings settings = Settings.builder()
.put(Security.AUDIT_ENABLED_SETTING.getKey(), true)
.put(Security.AUDIT_OUTPUTS_SETTING.getKey(), "foo").build();
IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> createComponents(settings));
assertEquals("Unknown audit trail output [foo]", e.getMessage());
}
}

View File

@ -1,50 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.audit;
import org.elasticsearch.common.inject.ModuleTestCase;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
public class AuditTrailModuleTests extends ModuleTestCase {
public void testEnabled() throws Exception {
Settings settings = Settings.builder().put(AuditTrailModule.ENABLED_SETTING.getKey(), true).build();
AuditTrailModule module = new AuditTrailModule(settings);
assertBinding(module, AuditTrail.class, AuditTrailService.class);
assertSetMultiBinding(module, AuditTrail.class, LoggingAuditTrail.class);
}
public void testDisabledByDefault() throws Exception {
AuditTrailModule module = new AuditTrailModule(Settings.EMPTY);
assertInstanceBinding(module, AuditTrail.class, x -> x == AuditTrail.NOOP);
}
public void testIndexAuditTrail() throws Exception {
Settings settings = Settings.builder()
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put(AuditTrailModule.OUTPUTS_SETTING.getKey(), "index").build();
AuditTrailModule module = new AuditTrailModule(settings);
assertSetMultiBinding(module, AuditTrail.class, IndexAuditTrail.class);
}
public void testIndexAndLoggingAuditTrail() throws Exception {
Settings settings = Settings.builder()
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put(AuditTrailModule.OUTPUTS_SETTING.getKey(), "index,logfile").build();
AuditTrailModule module = new AuditTrailModule(settings);
assertSetMultiBinding(module, AuditTrail.class, IndexAuditTrail.class, LoggingAuditTrail.class);
}
public void testUnknownOutput() throws Exception {
Settings settings = Settings.builder()
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put(AuditTrailModule.OUTPUTS_SETTING.getKey(), "foo").build();
AuditTrailModule module = new AuditTrailModule(settings);
assertBindingFailure(module, "unknown audit trail output [foo]");
}
}

View File

@ -17,10 +17,12 @@ import org.elasticsearch.transport.TransportMessage;
import org.junit.Before;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import static java.util.Collections.unmodifiableSet;
import static java.util.Collections.unmodifiableList;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyZeroInteractions;
@ -30,7 +32,7 @@ import static org.mockito.Mockito.when;
*
*/
public class AuditTrailServiceTests extends ESTestCase {
private Set<AuditTrail> auditTrails;
private List<AuditTrail> auditTrails;
private AuditTrailService service;
private AuthenticationToken token;
@ -41,11 +43,11 @@ public class AuditTrailServiceTests extends ESTestCase {
@Before
public void init() throws Exception {
Set<AuditTrail> auditTrailsBuilder = new HashSet<>();
List<AuditTrail> auditTrailsBuilder = new ArrayList<>();
for (int i = 0; i < randomIntBetween(1, 4); i++) {
auditTrailsBuilder.add(mock(AuditTrail.class));
}
auditTrails = unmodifiableSet(auditTrailsBuilder);
auditTrails = unmodifiableList(auditTrailsBuilder);
securityLicenseState = mock(SecurityLicenseState.class);
service = new AuditTrailService(Settings.EMPTY, auditTrails, securityLicenseState);
auditingEnabled = randomBoolean();

View File

@ -114,10 +114,10 @@ public class RemoteIndexAuditTrailStartingTests extends SecurityIntegTestCase {
@After
public void stopRemoteCluster() throws Exception {
if (remoteCluster != null) {
Iterable<IndexAuditTrail> auditTrails = internalCluster().getInstances(IndexAuditTrail.class);
/*Iterable<IndexAuditTrail> auditTrails = internalCluster().getInstances(IndexAuditTrail.class);
for (IndexAuditTrail auditTrail : auditTrails) {
auditTrail.close();
}
}*/
try {
remoteCluster.wipe(Collections.<String>emptySet());
@ -128,12 +128,12 @@ public class RemoteIndexAuditTrailStartingTests extends SecurityIntegTestCase {
}
// stop the index audit trail so that the shards aren't locked causing the test to fail
if (outputs.contains("index")) {
/*if (outputs.contains("index")) {
Iterable<IndexAuditTrail> auditTrails = internalCluster().getInstances(IndexAuditTrail.class);
for (IndexAuditTrail auditTrail : auditTrails) {
auditTrail.close();
}
}
}*/
}
public void testThatRemoteAuditInstancesAreStarted() throws Exception {

View File

@ -192,7 +192,8 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin {
components.addAll(licensing.createComponents(clusterService, getClock(), env, resourceWatcherService,
security.getSecurityLicenseState()));
components.addAll(security.createComponents(internalClient, threadPool, resourceWatcherService, extensionsService.getExtensions()));
components.addAll(security.createComponents(internalClient, threadPool, clusterService, resourceWatcherService,
extensionsService.getExtensions()));
// watcher http stuff
Map<String, HttpAuthFactory> httpAuthFactories = new HashMap<>();