Wipe security index using its concrete name (elastic/x-pack-elasticsearch#2011)
We were catching IndexNotFoundException, which was hiding the fact that delete index and update aliases APIs don't accept aliases anymore. Now that the exception changed this problem popped up. We now rather call get index providing .security as index name, then delete the concrete indices returned in the response. Original commit: elastic/x-pack-elasticsearch@18f64f9a41
This commit is contained in:
Luca Cavanna
GitHub
parent
8200b18e9f
commit
7c58130eb2
|
|
@ -10,9 +10,11 @@ import org.elasticsearch.action.ActionListener;
|
|||
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
|
||||
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
|
||||
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
|
||||
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
|
||||
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest.AliasActions;
|
||||
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequestBuilder;
|
||||
import org.elasticsearch.action.admin.indices.delete.DeleteIndexRequest;
|
||||
import org.elasticsearch.action.admin.indices.get.GetIndexRequest;
|
||||
import org.elasticsearch.action.admin.indices.get.GetIndexResponse;
|
||||
import org.elasticsearch.action.support.IndicesOptions;
|
||||
import org.elasticsearch.client.Client;
|
||||
import org.elasticsearch.client.node.NodeClient;
|
||||
import org.elasticsearch.cluster.ClusterState;
|
||||
|
|
@ -28,7 +30,6 @@ import org.elasticsearch.common.settings.Settings;
|
|||
import org.elasticsearch.common.transport.TransportAddress;
|
||||
import org.elasticsearch.gateway.GatewayService;
|
||||
import org.elasticsearch.index.Index;
|
||||
import org.elasticsearch.index.IndexNotFoundException;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.xpack.XPackClient;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
|
|
@ -509,14 +510,14 @@ public abstract class SecurityIntegTestCase extends ESIntegTestCase {
|
|||
}
|
||||
|
||||
protected void deleteSecurityIndex() {
|
||||
try {
|
||||
GetIndexRequest getIndexRequest = new GetIndexRequest();
|
||||
getIndexRequest.indices(SECURITY_INDEX_NAME);
|
||||
getIndexRequest.indicesOptions(IndicesOptions.lenientExpandOpen());
|
||||
GetIndexResponse getIndexResponse = internalClient().admin().indices().getIndex(getIndexRequest).actionGet();
|
||||
if (getIndexResponse.getIndices().length > 0) {
|
||||
// this is a hack to clean up the .security index since only the XPack user can delete it
|
||||
final IndicesAliasesRequest request = new IndicesAliasesRequest();
|
||||
final AliasActions aliasActions = AliasActions.removeIndex().index(SECURITY_INDEX_NAME);
|
||||
request.addAliasAction(aliasActions);
|
||||
internalClient().admin().indices().aliases(request).actionGet();
|
||||
} catch (IndexNotFoundException e) {
|
||||
// ignore it since not all tests create this index...
|
||||
DeleteIndexRequest deleteIndexRequest = new DeleteIndexRequest(getIndexResponse.getIndices());
|
||||
internalClient().admin().indices().delete(deleteIndexRequest).actionGet();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ import org.elasticsearch.client.Client;
|
|||
import org.elasticsearch.common.settings.SecureString;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.index.IndexNotFoundException;
|
||||
import org.elasticsearch.index.query.QueryBuilders;
|
||||
import org.elasticsearch.search.builder.SearchSourceBuilder;
|
||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||
|
|
@ -120,13 +119,5 @@ public class TokenAuthIntegTests extends SecurityIntegTestCase {
|
|||
final boolean done = awaitBusy(() -> tokenService.isExpirationInProgress() == false);
|
||||
assertTrue(done);
|
||||
}
|
||||
|
||||
try {
|
||||
// this is a hack to clean up the .security index since only superusers can delete it and the default test user is not a
|
||||
// superuser since the role used there is a file based role since we cannot guarantee the superuser role is always available
|
||||
internalClient().admin().indices().prepareDelete(SecurityLifecycleService.SECURITY_INDEX_NAME).get();
|
||||
} catch (IndexNotFoundException e) {
|
||||
logger.warn("security index does not exist", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,13 +12,10 @@ import org.elasticsearch.action.search.SearchResponse;
|
|||
import org.elasticsearch.action.search.ShardSearchFailure;
|
||||
import org.elasticsearch.common.settings.SecureString;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.index.IndexNotFoundException;
|
||||
import org.elasticsearch.search.SearchContextMissingException;
|
||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||
import org.elasticsearch.test.SecuritySettingsSource;
|
||||
import org.elasticsearch.xpack.security.SecurityLifecycleService;
|
||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||
import org.junit.After;
|
||||
|
||||
import java.util.Collections;
|
||||
|
||||
|
|
@ -95,17 +92,6 @@ public class SecurityScrollTests extends SecurityIntegTestCase {
|
|||
}
|
||||
}
|
||||
|
||||
@After
|
||||
public void wipeSecurityIndex() {
|
||||
try {
|
||||
// this is a hack to clean up the .security index since only superusers can delete it and the default test user is not a
|
||||
// superuser since the role used there is a file based role since we cannot guarantee the superuser role is always available
|
||||
internalClient().admin().indices().prepareDelete(SecurityLifecycleService.SECURITY_INDEX_NAME).get();
|
||||
} catch (IndexNotFoundException e) {
|
||||
logger.warn("security index does not exist", e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String transportClientUsername() {
|
||||
return this.nodeClientUsername();
|
||||
|
|
|
|||
Loading…
Reference in New Issue