diff --git a/marvel/src/main/java/org/elasticsearch/marvel/agent/support/AgentUtils.java b/marvel/src/main/java/org/elasticsearch/marvel/agent/support/AgentUtils.java index 6da93ca512e..a4e65c04ec7 100644 --- a/marvel/src/main/java/org/elasticsearch/marvel/agent/support/AgentUtils.java +++ b/marvel/src/main/java/org/elasticsearch/marvel/agent/support/AgentUtils.java @@ -7,6 +7,7 @@ package org.elasticsearch.marvel.agent.support; import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.common.logging.ESLogger; +import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.transport.BoundTransportAddress; import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -34,9 +35,9 @@ public class AgentUtils { InetSocketAddress inetSocketAddress = address.address(); InetAddress inetAddress = inetSocketAddress.getAddress(); if (inetAddress != null) { - builder.field("ip", inetAddress.getHostAddress()); - builder.field("host", inetAddress.getHostName()); - builder.field("ip_port", inetAddress.getHostAddress() + ":" + inetSocketAddress.getPort()); + builder.field("ip", NetworkAddress.formatAddress(inetAddress)); + builder.field("host", inetSocketAddress.getHostString()); + builder.field("ip_port", NetworkAddress.formatAddress(inetSocketAddress)); } } else if (node.address().uniqueAddressTypeId() == 2) { // local transport builder.field("ip_port", "_" + node.address()); // will end up being "_local[ID]" @@ -58,19 +59,6 @@ public class AgentUtils { return builder; } - public static String nodeDescription(DiscoveryNode node) { - StringBuilder builder = new StringBuilder().append("[").append(node.name()).append("]"); - if (node.address().uniqueAddressTypeId() == 1) { // InetSocket - InetSocketTransportAddress address = (InetSocketTransportAddress) node.address(); - InetSocketAddress inetSocketAddress = address.address(); - InetAddress inetAddress = inetSocketAddress.getAddress(); - if (inetAddress != null) { - builder.append("[").append(inetAddress.getHostAddress()).append(":").append(inetSocketAddress.getPort()).append("]"); - } - } - return builder.toString(); - } - public static String[] extractHostsFromAddress(BoundTransportAddress boundAddress, ESLogger logger) { if (boundAddress == null || boundAddress.boundAddress() == null) { logger.debug("local http server is not yet started. can't connect"); @@ -89,13 +77,7 @@ public class AgentUtils { return null; } - String host = inetAddress.getHostAddress(); - if (host.indexOf(":") >= 0) { - // ipv6 - host = "[" + host + "]"; - } - - return new String[]{host + ":" + inetSocketAddress.getPort()}; + return new String[]{ NetworkAddress.formatAddress(inetSocketAddress) }; } public static URL parseHostWithPath(String host, String path) throws URISyntaxException, MalformedURLException { diff --git a/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/HttpESExporterTests.java b/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/HttpESExporterTests.java index 594b8c9dc36..4d943af10b2 100644 --- a/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/HttpESExporterTests.java +++ b/marvel/src/test/java/org/elasticsearch/marvel/agent/exporter/HttpESExporterTests.java @@ -33,6 +33,7 @@ import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcke // Transport Client instantiation also calls the marvel plugin, which then fails to find modules @ClusterScope(transportClientRatio = 0.0, scope = ESIntegTestCase.Scope.TEST, numDataNodes = 0, numClientNodes = 0) +@ESIntegTestCase.SuppressLocalMode public class HttpESExporterTests extends ESIntegTestCase { final static AtomicLong timeStampGenerator = new AtomicLong(); diff --git a/qa/smoke-test-watcher-with-shield/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java b/qa/smoke-test-watcher-with-shield/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java index 0274b8fd38f..c8363c3f70e 100644 --- a/qa/smoke-test-watcher-with-shield/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java +++ b/qa/smoke-test-watcher-with-shield/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java @@ -12,6 +12,7 @@ import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.BasicHttpClientConnectionManager; import org.elasticsearch.client.support.Headers; +import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.plugin.LicensePlugin; import org.elasticsearch.shield.ShieldPlugin; @@ -48,7 +49,7 @@ public class WatcherWithShieldIT extends ESRestTestCase { public void startWatcher() throws Exception { try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) { InetSocketAddress address = cluster().httpAddresses()[0]; - HttpPut request = new HttpPut(new URI("http", null, address.getAddress().getHostAddress(), address.getPort(), "/_watcher/_start", null, null)); + HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_start", null, null)); String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray())); request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token); client.execute(request); @@ -59,7 +60,7 @@ public class WatcherWithShieldIT extends ESRestTestCase { public void stopWatcher() throws Exception { try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) { InetSocketAddress address = cluster().httpAddresses()[0]; - HttpPut request = new HttpPut(new URI("http", null, address.getAddress().getHostAddress(), address.getPort(), "/_watcher/_stop", null, null)); + HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_stop", null, null)); String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray())); request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token); client.execute(request); diff --git a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java index a6f90bd6abe..9f7b054b337 100644 --- a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java +++ b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java @@ -27,6 +27,8 @@ import org.elasticsearch.common.collect.Tuple; import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.inject.Provider; +import org.elasticsearch.common.network.NetworkAddress; +import org.elasticsearch.common.network.NetworkUtils; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.common.transport.TransportAddress; @@ -505,9 +507,9 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail { msg.builder.field(Field.ORIGIN_TYPE, "rest"); SocketAddress address = request.getRemoteAddress(); if (address instanceof InetSocketAddress) { - msg.builder.field(Field.ORIGIN_ADDRESS, ((InetSocketAddress)request.getRemoteAddress()).getAddress().getHostAddress()); + msg.builder.field(Field.ORIGIN_ADDRESS, NetworkAddress.formatAddress(((InetSocketAddress) request.getRemoteAddress()).getAddress())); } else { - msg.builder.field(Field.ORIGIN_ADDRESS, request.getRemoteAddress()); + msg.builder.field(Field.ORIGIN_ADDRESS, address); } msg.builder.field(Field.URI, request.uri()); @@ -520,7 +522,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail { Message msg = new Message().start(); common(layer, type, msg.builder); - msg.builder.field(Field.ORIGIN_ADDRESS, originAddress.getHostAddress()); + msg.builder.field(Field.ORIGIN_ADDRESS, NetworkAddress.formatAddress(originAddress)); msg.builder.field(Field.TRANSPORT_PROFILE, profile); msg.builder.field(Field.RULE, rule); @@ -542,7 +544,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail { InetSocketAddress restAddress = RemoteHostHeader.restRemoteAddress(message); if (restAddress != null) { builder.field(Field.ORIGIN_TYPE, "rest"); - builder.field(Field.ORIGIN_ADDRESS, restAddress.getAddress().getHostAddress()); + builder.field(Field.ORIGIN_ADDRESS, NetworkAddress.formatAddress(restAddress.getAddress())); return builder; } @@ -551,7 +553,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail { if (address != null) { builder.field(Field.ORIGIN_TYPE, "transport"); if (address instanceof InetSocketTransportAddress) { - builder.field(Field.ORIGIN_ADDRESS, ((InetSocketTransportAddress) address).address().getAddress().getHostAddress()); + builder.field(Field.ORIGIN_ADDRESS, NetworkAddress.formatAddress(((InetSocketTransportAddress) address).address().getAddress())); } else { builder.field(Field.ORIGIN_ADDRESS, address); } @@ -613,7 +615,11 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail { .put(clientSettings)) .build(); for (Tuple pair : hostPortPairs) { - transportClient.addTransportAddress(new InetSocketTransportAddress(pair.v1(), pair.v2())); + try { + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName(pair.v1()), pair.v2())); + } catch (UnknownHostException e) { + throw new ElasticsearchException("could not find host {}", e, pair.v1()); + } } this.client = transportClient; diff --git a/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java b/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java index e4245f5be9a..651f7c6f0ce 100644 --- a/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java +++ b/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java @@ -8,6 +8,7 @@ package org.elasticsearch.shield.audit.logfile; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; +import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.network.NetworkUtils; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.InetSocketTransportAddress; @@ -25,6 +26,7 @@ import org.elasticsearch.transport.TransportRequest; import java.net.InetAddress; import java.net.InetSocketAddress; +import java.net.SocketAddress; import static org.elasticsearch.common.Strings.arrayToCommaDelimitedString; import static org.elasticsearch.shield.audit.AuditUtil.indices; @@ -231,17 +233,24 @@ public class LoggingAuditTrail implements AuditTrail { @Override public void connectionGranted(InetAddress inetAddress, String profile, ShieldIpFilterRule rule) { if (logger.isTraceEnabled()) { - logger.trace("{}[ip_filter] [connection_granted]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", prefix, inetAddress.getHostAddress(), profile, rule); + logger.trace("{}[ip_filter] [connection_granted]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", prefix, NetworkAddress.formatAddress(inetAddress), profile, rule); } } @Override public void connectionDenied(InetAddress inetAddress, String profile, ShieldIpFilterRule rule) { - logger.error("{}[ip_filter] [connection_denied]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", prefix, inetAddress.getHostAddress(), profile, rule); + logger.error("{}[ip_filter] [connection_denied]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", prefix, NetworkAddress.formatAddress(inetAddress), profile, rule); } private static String hostAttributes(RestRequest request) { - return "origin_address=[" + request.getRemoteAddress() + "]"; + String formattedAddress; + SocketAddress socketAddress = request.getRemoteAddress(); + if (socketAddress instanceof InetSocketAddress) { + formattedAddress = NetworkAddress.formatAddress(((InetSocketAddress) socketAddress).getAddress()); + } else { + formattedAddress = socketAddress.toString(); + } + return "origin_address=[" + formattedAddress + "]"; } static String originAttributes(TransportMessage message, Transport transport) { @@ -250,7 +259,7 @@ public class LoggingAuditTrail implements AuditTrail { // first checking if the message originated in a rest call InetSocketAddress restAddress = RemoteHostHeader.restRemoteAddress(message); if (restAddress != null) { - builder.append("origin_type=[rest], origin_address=[").append(restAddress).append("]"); + builder.append("origin_type=[rest], origin_address=[").append(NetworkAddress.formatAddress(restAddress.getAddress())).append("]"); return builder.toString(); } @@ -259,7 +268,7 @@ public class LoggingAuditTrail implements AuditTrail { if (address != null) { builder.append("origin_type=[transport], "); if (address instanceof InetSocketTransportAddress) { - builder.append("origin_address=[").append(((InetSocketTransportAddress) address).address()).append("]"); + builder.append("origin_address=[").append(NetworkAddress.formatAddress(((InetSocketTransportAddress) address).address().getAddress())).append("]"); } else { builder.append("origin_address=[").append(address).append("]"); } diff --git a/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java b/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java index bba2363f6f0..576b811ba52 100644 --- a/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java +++ b/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java @@ -24,6 +24,7 @@ import org.elasticsearch.shield.audit.AuditTrail; import org.elasticsearch.transport.Transport; import java.net.InetAddress; +import java.net.UnknownHostException; import java.util.*; public class IPFilter extends AbstractLifecycleComponent { @@ -188,9 +189,17 @@ public class IPFilter extends AbstractLifecycleComponent { return rules.toArray(new ShieldIpFilterRule[]{}); } + /** + * Checks if a user provided address is the same address that we are bound to. This is to prevent denying + * connections from the machine we are running on + * + * @param localAddress the InetAddress that this node is bound to. This should come from the transport + * @param address the address that is being evaluated to be blocked + * @return true if the address is not the same as the localAddress + */ private boolean isLocalAddress(InetAddress localAddress, String address) { - return address.equals("127.0.0.1") || address.equals("localhost") || address.equals("::1") || address.startsWith("fe80::1") || - address.equals(localAddress.getHostAddress()) || address.equals(localAddress.getHostName()); + // FIXME add the correct behavior, see https://github.com/elastic/x-plugins/issues/487 + return false; } private class ApplySettings implements NodeSettingsService.Listener { diff --git a/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java b/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java index d680bd32a67..c09c9dd1e78 100644 --- a/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java +++ b/shield/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java @@ -6,6 +6,7 @@ package org.elasticsearch.shield.transport.netty; import org.elasticsearch.Version; +import org.elasticsearch.common.SuppressForbidden; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.inject.internal.Nullable; import org.elasticsearch.common.io.stream.NamedWriteableRegistry; @@ -178,6 +179,7 @@ public class ShieldNettyTransport extends NettyTransport { ctx.sendDownstream(e); } + @SuppressForbidden(reason = "need to use getHostName to resolve DNS name for SSL connections and hostname verification") private String getHostname(InetSocketAddress inetSocketAddress) { String hostname; if (settings.getAsBoolean(HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING, true)) { diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java index 906b0483fb1..655324b0a20 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java @@ -14,6 +14,7 @@ import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.client.Client; import org.elasticsearch.common.inject.util.Providers; +import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.BoundTransportAddress; import org.elasticsearch.common.transport.DummyTransportAddress; @@ -149,7 +150,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { .build(); } }; - cluster2 = new InternalTestCluster(randomLong(), createTempDir(), numNodes, numNodes, cluster2Name, cluster2SettingsSource, 0, false, SECOND_CLUSTER_NODE_PREFIX); + cluster2 = new InternalTestCluster("network", randomLong(), createTempDir(), numNodes, numNodes, cluster2Name, cluster2SettingsSource, 0, false, SECOND_CLUSTER_NODE_PREFIX); cluster2.beforeTest(getRandom(), 0.5); remoteClient = cluster2.client(); @@ -160,7 +161,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { Settings.Builder builder = Settings.builder() .put(settings) .put(ShieldPlugin.ENABLED_SETTING_NAME, useShield) - .put(remoteSettings(inet.address().getAddress().getHostAddress(), inet.address().getPort(), cluster2Name)) + .put(remoteSettings(NetworkAddress.format(inet.address().getAddress()), inet.address().getPort(), cluster2Name)) .put("shield.audit.index.client.shield.user", ShieldSettingsSource.DEFAULT_USER_NAME + ":" + ShieldSettingsSource.DEFAULT_PASSWORD); if (useSSL) { @@ -243,7 +244,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { SearchHit hit = getIndexedAuditMessage(); assertAuditMessage(hit, "rest", "anonymous_access_denied"); - assertThat("127.0.0.1", equalTo(hit.field("origin_address").getValue())); + assertThat(NetworkAddress.formatAddress(InetAddress.getLoopbackAddress()), equalTo(hit.field("origin_address").getValue())); assertThat("_uri", equalTo(hit.field("uri").getValue())); assertThat((String) hit.field("origin_type").getValue(), is("rest")); assertThat(hit.field("request_body").getValue(), notNullValue()); @@ -651,7 +652,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { private RestRequest mockRestRequest() { RestRequest request = mock(RestRequest.class); - when(request.getRemoteAddress()).thenReturn(new InetSocketAddress("127.0.0.1", 9200)); + when(request.getRemoteAddress()).thenReturn(new InetSocketAddress(InetAddress.getLoopbackAddress(), 9200)); when(request.uri()).thenReturn("_uri"); return request; } diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java index 7817382601a..047ccf4cbef 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java @@ -88,7 +88,7 @@ public class RemoteIndexAuditTrailStartingTests extends ShieldIntegTestCase { return builder.build(); } }; - remoteCluster = new InternalTestCluster(randomLong(), createTempDir(), numNodes, numNodes, cluster2Name, cluster2SettingsSource, 0, false, SECOND_CLUSTER_NODE_PREFIX); + remoteCluster = new InternalTestCluster("network", randomLong(), createTempDir(), numNodes, numNodes, cluster2Name, cluster2SettingsSource, 0, false, SECOND_CLUSTER_NODE_PREFIX); remoteCluster.beforeTest(getRandom(), 0.5); } diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java index 9cf11e852f0..18628e7b0fd 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java @@ -9,7 +9,7 @@ import org.elasticsearch.action.IndicesRequest; import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.common.bytes.BytesArray; import org.elasticsearch.common.bytes.BytesReference; -import org.elasticsearch.common.network.NetworkUtils; +import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.*; import org.elasticsearch.rest.RestRequest; @@ -24,6 +24,7 @@ import org.elasticsearch.transport.TransportMessage; import org.junit.Before; import org.junit.Test; +import java.io.IOException; import java.net.InetAddress; import java.net.InetSocketAddress; import java.util.List; @@ -146,7 +147,8 @@ public class LoggingAuditTrailTests extends ESTestCase { @Test public void testAnonymousAccessDenied_Rest() throws Exception { RestRequest request = mock(RestRequest.class); - when(request.getRemoteAddress()).thenReturn(new InetSocketAddress("_hostname", 9200)); + InetAddress address = forge("_hostname", randomBoolean() ? "127.0.0.1" : "::1"); + when(request.getRemoteAddress()).thenReturn(new InetSocketAddress(address, 9200)); when(request.uri()).thenReturn("_uri"); String expectedMessage = prepareRestContent(request); @@ -160,11 +162,11 @@ public class LoggingAuditTrailTests extends ESTestCase { break; case WARN: case INFO: - assertMsg(logger, Level.WARN, prefix + "[rest] [anonymous_access_denied]\torigin_address=[_hostname:9200], uri=[_uri]"); + assertMsg(logger, Level.WARN, prefix + "[rest] [anonymous_access_denied]\torigin_address=[" + NetworkAddress.formatAddress(address) + "], uri=[_uri]"); break; case DEBUG: case TRACE: - assertMsg(logger, Level.DEBUG, prefix + "[rest] [anonymous_access_denied]\torigin_address=[_hostname:9200], uri=[_uri], request_body=[" + expectedMessage + "]"); + assertMsg(logger, Level.DEBUG, prefix + "[rest] [anonymous_access_denied]\torigin_address=[" + NetworkAddress.formatAddress(address) + "], uri=[_uri], request_body=[" + expectedMessage + "]"); } } } @@ -231,7 +233,8 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testAuthenticationFailed_Rest() throws Exception { for (Level level : Level.values()) { RestRequest request = mock(RestRequest.class); - when(request.getRemoteAddress()).thenReturn(new InetSocketAddress("_hostname", 9200)); + InetAddress address = forge("_hostname", randomBoolean() ? "127.0.0.1" : "::1"); + when(request.getRemoteAddress()).thenReturn(new InetSocketAddress(address, 9200)); when(request.uri()).thenReturn("_uri"); String expectedMessage = prepareRestContent(request); CapturingLogger logger = new CapturingLogger(level); @@ -241,11 +244,11 @@ public class LoggingAuditTrailTests extends ESTestCase { case ERROR: case WARN: case INFO: - assertMsg(logger, Level.ERROR, prefix + "[rest] [authentication_failed]\torigin_address=[_hostname:9200], principal=[_principal], uri=[_uri]"); + assertMsg(logger, Level.ERROR, prefix + "[rest] [authentication_failed]\torigin_address=[" + NetworkAddress.formatAddress(address) + "], principal=[_principal], uri=[_uri]"); break; case DEBUG: case TRACE: - assertMsg(logger, Level.DEBUG, prefix + "[rest] [authentication_failed]\torigin_address=[_hostname:9200], principal=[_principal], uri=[_uri], request_body=[" + expectedMessage + "]"); + assertMsg(logger, Level.DEBUG, prefix + "[rest] [authentication_failed]\torigin_address=[" + NetworkAddress.formatAddress(address) + "], principal=[_principal], uri=[_uri], request_body=[" + expectedMessage + "]"); } } } @@ -254,7 +257,8 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testAuthenticationFailed_Rest_NoToken() throws Exception { for (Level level : Level.values()) { RestRequest request = mock(RestRequest.class); - when(request.getRemoteAddress()).thenReturn(new InetSocketAddress("_hostname", 9200)); + InetAddress address = forge("_hostname", randomBoolean() ? "127.0.0.1" : "::1"); + when(request.getRemoteAddress()).thenReturn(new InetSocketAddress(address, 9200)); when(request.uri()).thenReturn("_uri"); String expectedMessage = prepareRestContent(request); CapturingLogger logger = new CapturingLogger(level); @@ -264,11 +268,11 @@ public class LoggingAuditTrailTests extends ESTestCase { case ERROR: case WARN: case INFO: - assertMsg(logger, Level.ERROR, prefix + "[rest] [authentication_failed]\torigin_address=[_hostname:9200], uri=[_uri]"); + assertMsg(logger, Level.ERROR, prefix + "[rest] [authentication_failed]\torigin_address=[" + NetworkAddress.formatAddress(address) + "], uri=[_uri]"); break; case DEBUG: case TRACE: - assertMsg(logger, Level.DEBUG, prefix + "[rest] [authentication_failed]\torigin_address=[_hostname:9200], uri=[_uri], request_body=[" + expectedMessage + "]"); + assertMsg(logger, Level.DEBUG, prefix + "[rest] [authentication_failed]\torigin_address=[" + NetworkAddress.formatAddress(address) + "], uri=[_uri], request_body=[" + expectedMessage + "]"); } } } @@ -302,7 +306,8 @@ public class LoggingAuditTrailTests extends ESTestCase { public void testAuthenticationFailed_Realm_Rest() throws Exception { for (Level level : Level.values()) { RestRequest request = mock(RestRequest.class); - when(request.getRemoteAddress()).thenReturn(new InetSocketAddress("_hostname", 9200)); + InetAddress address = forge("_hostname", randomBoolean() ? "127.0.0.1" : "::1"); + when(request.getRemoteAddress()).thenReturn(new InetSocketAddress(address, 9200)); when(request.uri()).thenReturn("_uri"); String expectedMessage = prepareRestContent(request); CapturingLogger logger = new CapturingLogger(level); @@ -316,7 +321,7 @@ public class LoggingAuditTrailTests extends ESTestCase { assertEmptyLog(logger); break; case TRACE: - assertMsg(logger, Level.TRACE, prefix + "[rest] [authentication_failed]\trealm=[_realm], origin_address=[_hostname:9200], principal=[_principal], uri=[_uri], request_body=[" + expectedMessage + "]"); + assertMsg(logger, Level.TRACE, prefix + "[rest] [authentication_failed]\trealm=[_realm], origin_address=[" + NetworkAddress.formatAddress(address) + "], principal=[_principal], uri=[_uri], request_body=[" + expectedMessage + "]"); } } } @@ -448,7 +453,7 @@ public class LoggingAuditTrailTests extends ESTestCase { switch (level) { case ERROR: assertMsg(logger, Level.ERROR, String.format(Locale.ROOT, prefix + "[ip_filter] [connection_denied]\torigin_address=[%s], transport_profile=[%s], rule=[deny %s]", - inetAddress.getHostAddress(), "default", "_all")); + NetworkAddress.formatAddress(inetAddress), "default", "_all")); break; case WARN: case INFO: @@ -476,7 +481,7 @@ public class LoggingAuditTrailTests extends ESTestCase { case TRACE: assertMsg(logger, Level.TRACE, String.format(Locale.ROOT, prefix + "[ip_filter] [connection_granted]\torigin_address=[%s], transport_profile=[default], rule=[allow default:accept_all]", - inetAddress.getHostAddress())); + NetworkAddress.formatAddress(inetAddress))); } } } @@ -487,7 +492,7 @@ public class LoggingAuditTrailTests extends ESTestCase { String text = LoggingAuditTrail.originAttributes(message, transport);; InetSocketAddress restAddress = RemoteHostHeader.restRemoteAddress(message); if (restAddress != null) { - assertThat(text, equalTo("origin_type=[rest], origin_address=[" + restAddress + "]")); + assertThat(text, equalTo("origin_type=[rest], origin_address=[" + NetworkAddress.formatAddress(restAddress.getAddress()) + "]")); return; } TransportAddress address = message.remoteAddress(); @@ -497,7 +502,7 @@ public class LoggingAuditTrailTests extends ESTestCase { } if (address instanceof InetSocketTransportAddress) { - assertThat(text, equalTo("origin_type=[transport], origin_address=[" + ((InetSocketTransportAddress) address).address() + "]")); + assertThat(text, equalTo("origin_type=[transport], origin_address=[" + NetworkAddress.formatAddress(((InetSocketTransportAddress) address).address().getAddress()) + "]")); } else { assertThat(text, equalTo("origin_type=[transport], origin_address=[" + address + "]")); } @@ -522,30 +527,36 @@ public class LoggingAuditTrailTests extends ESTestCase { return content.expectedMessage(); } + /** creates address without any lookups. hostname can be null, for missing */ + private static InetAddress forge(String hostname, String address) throws IOException { + byte bytes[] = InetAddress.getByName(address).getAddress(); + return InetAddress.getByAddress(hostname, bytes); + } + private static class MockMessage extends TransportMessage { - private MockMessage() { + private MockMessage() throws IOException { if (randomBoolean()) { if (randomBoolean()) { remoteAddress(new LocalTransportAddress("local_host")); } else { - remoteAddress(new InetSocketTransportAddress("remote_host", 1234)); + remoteAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), 1234)); } } if (randomBoolean()) { - RemoteHostHeader.putRestRemoteAddress(this, InetSocketAddress.createUnresolved("localhost", 1234)); + RemoteHostHeader.putRestRemoteAddress(this, new InetSocketAddress(forge("localhost", "127.0.0.1"), 1234)); } } } private static class MockIndicesRequest extends TransportMessage implements IndicesRequest { - private MockIndicesRequest() { + private MockIndicesRequest() throws IOException { if (randomBoolean()) { remoteAddress(new LocalTransportAddress("_host")); } if (randomBoolean()) { - RemoteHostHeader.putRestRemoteAddress(this, InetSocketAddress.createUnresolved("localhost", 1234)); + RemoteHostHeader.putRestRemoteAddress(this, new InetSocketAddress(forge("localhost", "127.0.0.1"), 1234)); } } diff --git a/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiOptionalClientAuthTests.java b/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiOptionalClientAuthTests.java index 7a0fca9faac..1d85442bb5f 100644 --- a/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiOptionalClientAuthTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiOptionalClientAuthTests.java @@ -28,6 +28,7 @@ import org.junit.Test; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; import java.io.InputStream; +import java.net.InetAddress; import java.nio.file.Files; import java.nio.file.Path; import java.security.KeyStore; @@ -109,7 +110,7 @@ public class PkiOptionalClientAuthTests extends ShieldIntegTestCase { try (TransportClient client = TransportClient.builder().settings(settings).build()) { - client.addTransportAddress(new InetSocketTransportAddress("localhost", port)); + client.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), port)); assertGreenClusterState(client); } } diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java index b645f9569aa..7b3f6eca4a0 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java @@ -7,6 +7,7 @@ package org.elasticsearch.shield.transport; import com.google.common.collect.ImmutableMap; +import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.common.transport.TransportAddress; @@ -86,7 +87,7 @@ public class ServerTransportFilterIntegrationTests extends ShieldIntegTestCase { TransportAddress transportAddress = transport.boundAddress().publishAddress(); assertThat(transportAddress, instanceOf(InetSocketTransportAddress.class)); InetSocketAddress inetSocketAddress = ((InetSocketTransportAddress) transportAddress).address(); - String unicastHost = inetSocketAddress.getHostName() + ":" + inetSocketAddress.getPort(); + String unicastHost = NetworkAddress.formatAddress(inetSocketAddress); // test that starting up a node works Settings nodeSettings = settingsBuilder() diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/filter/IPFilterTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/filter/IPFilterTests.java index 9536f5da53a..068fb8fc574 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/filter/IPFilterTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/filter/IPFilterTests.java @@ -44,12 +44,12 @@ public class IPFilterTests extends ESTestCase { nodeSettingsService = mock(NodeSettingsService.class); httpTransport = mock(HttpServerTransport.class); - InetSocketTransportAddress httpAddress = new InetSocketTransportAddress(InetAddress.getLoopbackAddress().getHostAddress(), 9200); + InetSocketTransportAddress httpAddress = new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), 9200); when(httpTransport.boundAddress()).thenReturn(new BoundTransportAddress(httpAddress, httpAddress)); when(httpTransport.lifecycleState()).thenReturn(Lifecycle.State.STARTED); transport = mock(Transport.class); - InetSocketTransportAddress address = new InetSocketTransportAddress(InetAddress.getLoopbackAddress().getHostAddress(), 9300); + InetSocketTransportAddress address = new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), 9300); when(transport.boundAddress()).thenReturn(new BoundTransportAddress(address, address)); when(transport.lifecycleState()).thenReturn(Lifecycle.State.STARTED); } @@ -171,6 +171,7 @@ public class IPFilterTests extends ESTestCase { } @Test + @AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/487") public void testThatLocalhostIsNeverRejected() throws Exception { Settings settings = settingsBuilder() .put("shield.transport.filter.deny", "127.0.0.1") diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java index 7c3d15116e4..7b25e8503f8 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java @@ -19,6 +19,7 @@ import org.junit.Test; import java.io.IOException; import java.io.OutputStream; +import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.Socket; @@ -70,7 +71,7 @@ public class IpFilteringIntegrationTests extends ShieldIntegTestCase { @Test public void testThatIpFilteringIsAppliedForProfile() throws Exception { try (Socket socket = new Socket()){ - trySocketConnection(socket, new InetSocketAddress("localhost", getProfilePort("client"))); + trySocketConnection(socket, new InetSocketAddress(InetAddress.getLoopbackAddress(), getProfilePort("client"))); assertThat(socket.isClosed(), is(true)); } } diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java index 3c8b7718f2f..5fbc27b0cda 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/netty/HandshakeWaitingHandlerTests.java @@ -30,6 +30,7 @@ import javax.net.ssl.SSLException; import java.io.PrintWriter; import java.io.StringWriter; import java.net.BindException; +import java.net.InetAddress; import java.net.InetSocketAddress; import java.security.SecureRandom; import java.util.ArrayList; @@ -187,7 +188,7 @@ public class HandshakeWaitingHandlerTests extends ESTestCase { int maxTries = 10; while (tries <= maxTries) { try { - serverBootstrap.bind(new InetSocketAddress("localhost", randomPort)); + serverBootstrap.bind(new InetSocketAddress(InetAddress.getLoopbackAddress(), randomPort)); break; } catch (Throwable t) { if (t.getCause() instanceof BindException) { @@ -245,7 +246,7 @@ public class HandshakeWaitingHandlerTests extends ESTestCase { buffer.writeLong(SecureRandom.getInstance("SHA1PRNG").nextLong()); // Connect and wait, then immediately start writing - ChannelFuture future = bootstrap.connect(new InetSocketAddress("localhost", port)); + ChannelFuture future = bootstrap.connect(new InetSocketAddress(InetAddress.getLoopbackAddress(), port)); future.awaitUninterruptibly(); Channel channel = future.getChannel(); diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java index 84f4db0fd60..63e445ca2f8 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java @@ -78,7 +78,7 @@ public class SslHostnameVerificationTests extends ShieldIntegTestCase { .build(); try (TransportClient client = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { - client.addTransportAddress(new InetSocketTransportAddress(inetSocketAddress.getHostName(), inetSocketAddress.getPort())); + client.addTransportAddress(new InetSocketTransportAddress(inetSocketAddress.getAddress(), inetSocketAddress.getPort())); client.admin().cluster().prepareHealth().get(); fail("Expected a NoNodeAvailableException due to hostname verification failures"); } diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java index 11a2bd68794..2cd04c15a17 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java @@ -17,6 +17,7 @@ import org.elasticsearch.transport.Transport; import org.junit.BeforeClass; import org.junit.Test; +import java.net.InetAddress; import java.nio.file.Files; import java.nio.file.Path; @@ -111,7 +112,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { @Test public void testThatStandardTransportClientCanConnectToNoClientAuthProfile() throws Exception { try(TransportClient transportClient = createTransportClient(Settings.EMPTY)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_client_auth"))); assertGreenClusterState(transportClient); } } @@ -126,7 +127,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { @Test(expected = NoNodeAvailableException.class) public void testThatStandardTransportClientCannotConnectToClientProfile() throws Exception { try(TransportClient transportClient = createTransportClient(Settings.EMPTY)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("client"))); transportClient.admin().cluster().prepareHealth().get(); } } @@ -139,7 +140,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { @Test(expected = NoNodeAvailableException.class) public void testThatStandardTransportClientCannotConnectToNoSslProfile() throws Exception { try (TransportClient transportClient = createTransportClient(Settings.EMPTY)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_ssl"))); assertGreenClusterState(transportClient); } } @@ -153,7 +154,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatProfileTransportClientCanConnectToClientProfile() throws Exception { Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile"); try (TransportClient transportClient = createTransportClient(settings)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("client"))); assertGreenClusterState(transportClient); } } @@ -168,7 +169,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatProfileTransportClientCanConnectToNoClientAuthProfile() throws Exception { Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile"); try (TransportClient transportClient = createTransportClient(settings)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_client_auth"))); assertGreenClusterState(transportClient); } } @@ -198,7 +199,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatProfileTransportClientCannotConnectToNoSslProfile() throws Exception { Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile"); try (TransportClient transportClient = createTransportClient(settings)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_ssl"))); transportClient.admin().cluster().prepareHealth().get(); } } @@ -215,7 +216,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { .put("plugin.types", ShieldPlugin.class.getName()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_ssl"))); assertGreenClusterState(transportClient); } } @@ -251,7 +252,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { .put("plugin.types", ShieldPlugin.class.getName()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("client"))); assertGreenClusterState(transportClient); } } @@ -269,7 +270,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { .put("plugin.types", ShieldPlugin.class.getName()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_client_auth"))); assertGreenClusterState(transportClient); } } @@ -291,7 +292,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { .put("plugin.types", ShieldPlugin.class.getName()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_client_auth"))); assertGreenClusterState(transportClient); } } @@ -314,7 +315,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { .put("plugin.types", ShieldPlugin.class.getName()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("client"))); assertGreenClusterState(transportClient); } } @@ -359,7 +360,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { .put("plugin.types", ShieldPlugin.class.getName()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_ssl"))); assertGreenClusterState(transportClient); } } @@ -399,7 +400,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { .put("plugin.types", ShieldPlugin.class.getName()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("client"))); assertGreenClusterState(transportClient); } } @@ -419,7 +420,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { .put("plugin.types", ShieldPlugin.class.getName()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_client_auth"))); assertGreenClusterState(transportClient); } } @@ -439,7 +440,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { .put("plugin.types", ShieldPlugin.class.getName()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl"))); + transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_ssl"))); assertGreenClusterState(transportClient); } } diff --git a/shield/src/test/java/org/elasticsearch/shield/tribe/TribeTests.java b/shield/src/test/java/org/elasticsearch/shield/tribe/TribeTests.java index af8d70c01cf..9279035570f 100644 --- a/shield/src/test/java/org/elasticsearch/shield/tribe/TribeTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/tribe/TribeTests.java @@ -62,7 +62,7 @@ public class TribeTests extends ShieldIntegTestCase { String cluster2Name = clusterName(Scope.SUITE.name(), randomLong()); //no port conflicts as this test uses the global cluster and a suite cluster that gets manually created ShieldSettingsSource cluster2SettingsSource = new ShieldSettingsSource(2, sslTransportEnabled, systemKey(), createTempDir(), Scope.SUITE); - cluster2 = new InternalTestCluster(randomLong(), createTempDir(), 2, 2, cluster2Name, cluster2SettingsSource, 0, false, SECOND_CLUSTER_NODE_PREFIX); + cluster2 = new InternalTestCluster("network", randomLong(), createTempDir(), 2, 2, cluster2Name, cluster2SettingsSource, 0, false, SECOND_CLUSTER_NODE_PREFIX); assert tribeSettingsSource == null; //given the low (2 and 1) number of nodes that the 2 SUITE clusters will have, we are not going to have port conflicts @@ -140,7 +140,7 @@ public class TribeTests extends ShieldIntegTestCase { //we need to recreate the tribe node after each test otherwise ensureClusterSizeConsistency barfs String tribeClusterName = clusterName(Scope.SUITE.name(), randomLong()); - tribeNodeCluster = new InternalTestCluster(randomLong(), createTempDir(), 1, 1, tribeClusterName, tribeSettingsSource, 0, false, TRIBE_CLUSTER_NODE_PREFIX); + tribeNodeCluster = new InternalTestCluster("network", randomLong(), createTempDir(), 1, 1, tribeClusterName, tribeSettingsSource, 0, false, TRIBE_CLUSTER_NODE_PREFIX); tribeNodeCluster.beforeTest(getRandom(), 0.5); awaitSameNodeCounts(); } diff --git a/watcher/src/test/java/org/elasticsearch/cluster/routing/TestShardRouting.java b/watcher/src/test/java/org/elasticsearch/cluster/routing/TestShardRouting.java index 8b331b1d771..ea24cb2ecdb 100644 --- a/watcher/src/test/java/org/elasticsearch/cluster/routing/TestShardRouting.java +++ b/watcher/src/test/java/org/elasticsearch/cluster/routing/TestShardRouting.java @@ -12,20 +12,20 @@ package org.elasticsearch.cluster.routing; public class TestShardRouting { public static ShardRouting newShardRouting(String index, int shardId, String currentNodeId, boolean primary, ShardRoutingState state, long version) { - return new ShardRouting(index, shardId, currentNodeId, null, null, primary, state, version, null, AllocationId.newInitializing(), true); + return new ShardRouting(index, shardId, currentNodeId, null, null, primary, state, version, null, AllocationId.newInitializing(), true, ShardRouting.UNAVAILABLE_EXPECTED_SHARD_SIZE); } public static ShardRouting newShardRouting(String index, int shardId, String currentNodeId, String relocatingNodeId, boolean primary, ShardRoutingState state, long version) { - return new ShardRouting(index, shardId, currentNodeId, relocatingNodeId, null, primary, state, version, null, AllocationId.newInitializing(), true); + return new ShardRouting(index, shardId, currentNodeId, relocatingNodeId, null, primary, state, version, null, AllocationId.newInitializing(), true, ShardRouting.UNAVAILABLE_EXPECTED_SHARD_SIZE); } public static ShardRouting newShardRouting(String index, int shardId, String currentNodeId, String relocatingNodeId, RestoreSource restoreSource, boolean primary, ShardRoutingState state, long version) { - return new ShardRouting(index, shardId, currentNodeId, relocatingNodeId, restoreSource, primary, state, version, null, AllocationId.newInitializing(), true); + return new ShardRouting(index, shardId, currentNodeId, relocatingNodeId, restoreSource, primary, state, version, null, AllocationId.newInitializing(), true, ShardRouting.UNAVAILABLE_EXPECTED_SHARD_SIZE); } public static ShardRouting newShardRouting(String index, int shardId, String currentNodeId, String relocatingNodeId, RestoreSource restoreSource, boolean primary, ShardRoutingState state, long version, UnassignedInfo unassignedInfo) { - return new ShardRouting(index, shardId, currentNodeId, relocatingNodeId, restoreSource, primary, state, version, unassignedInfo, AllocationId.newInitializing(), true); + return new ShardRouting(index, shardId, currentNodeId, relocatingNodeId, restoreSource, primary, state, version, unassignedInfo, AllocationId.newInitializing(), true, ShardRouting.UNAVAILABLE_EXPECTED_SHARD_SIZE); } } diff --git a/watcher/src/test/java/org/elasticsearch/watcher/input/http/HttpInputIntegrationTests.java b/watcher/src/test/java/org/elasticsearch/watcher/input/http/HttpInputIntegrationTests.java index a0cab9c7884..036595e6f74 100644 --- a/watcher/src/test/java/org/elasticsearch/watcher/input/http/HttpInputIntegrationTests.java +++ b/watcher/src/test/java/org/elasticsearch/watcher/input/http/HttpInputIntegrationTests.java @@ -57,7 +57,7 @@ public class HttpInputIntegrationTests extends AbstractWatcherIntegrationTests { watcherClient().preparePutWatch("_name") .setSource(watchBuilder() .trigger(schedule(interval("5s"))) - .input(httpInput(HttpRequestTemplate.builder(address.getHostName(), address.getPort()) + .input(httpInput(HttpRequestTemplate.builder(address.getHostString(), address.getPort()) .path("/index/_search") .body(jsonBuilder().startObject().field("size", 1).endObject()) .auth(shieldEnabled() ? new BasicAuth("test", "changeme".toCharArray()) : null))) @@ -78,7 +78,7 @@ public class HttpInputIntegrationTests extends AbstractWatcherIntegrationTests { PutWatchResponse putWatchResponse = watcherClient().preparePutWatch("_name") .setSource(watchBuilder() .trigger(schedule(interval("1s"))) - .input(httpInput(HttpRequestTemplate.builder(address.getHostName(), address.getPort()) + .input(httpInput(HttpRequestTemplate.builder(address.getHostString(), address.getPort()) .path("/_cluster/stats") .auth(shieldEnabled() ? new BasicAuth("test", "changeme".toCharArray()) : null))) .condition(scriptCondition("ctx.payload.nodes.count.total >= 1")) @@ -106,7 +106,7 @@ public class HttpInputIntegrationTests extends AbstractWatcherIntegrationTests { XContentBuilder body = jsonBuilder().prettyPrint().startObject() .field("query").value(termQuery("field", "value")) .endObject(); - HttpRequestTemplate.Builder requestBuilder = HttpRequestTemplate.builder(address.getHostName(), address.getPort()) + HttpRequestTemplate.Builder requestBuilder = HttpRequestTemplate.builder(address.getHostString(), address.getPort()) .path(Template.inline("/idx/_search")) .body(body); if (shieldEnabled()) { diff --git a/watcher/src/test/java/org/elasticsearch/watcher/test/integration/NoMasterNodeTests.java b/watcher/src/test/java/org/elasticsearch/watcher/test/integration/NoMasterNodeTests.java index 28664f13fa5..b24ad3615e0 100644 --- a/watcher/src/test/java/org/elasticsearch/watcher/test/integration/NoMasterNodeTests.java +++ b/watcher/src/test/java/org/elasticsearch/watcher/test/integration/NoMasterNodeTests.java @@ -17,6 +17,7 @@ import org.elasticsearch.discovery.zen.elect.ElectMasterService; import org.elasticsearch.discovery.zen.ping.ZenPing; import org.elasticsearch.discovery.zen.ping.ZenPingService; import org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing; +import org.elasticsearch.test.ESIntegTestCase.SuppressLocalMode; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.discovery.ClusterDiscoveryConfiguration; import org.elasticsearch.test.junit.annotations.TestLogging; @@ -51,6 +52,7 @@ import static org.hamcrest.core.Is.is; @TestLogging("discovery:TRACE,watcher:TRACE") @ClusterScope(scope = TEST, numClientNodes = 0, transportClientRatio = 0, randomDynamicTemplates = false, numDataNodes = 0) +@SuppressLocalMode public class NoMasterNodeTests extends AbstractWatcherIntegrationTests { private ClusterDiscoveryConfiguration.UnicastZen config; @@ -79,7 +81,8 @@ public class NoMasterNodeTests extends AbstractWatcherIntegrationTests { @Test public void testSimpleFailure() throws Exception { - config = new ClusterDiscoveryConfiguration.UnicastZen(2); + // we need 3 hosts here because we stop the master and start another - it doesn't restart the pre-existing node... + config = new ClusterDiscoveryConfiguration.UnicastZen(3, Settings.EMPTY); internalCluster().startNodesAsync(2).get(); createIndex("my-index"); ensureWatcherStarted(false); @@ -132,7 +135,7 @@ public class NoMasterNodeTests extends AbstractWatcherIntegrationTests { @Test public void testDedicatedMasterNodeLayout() throws Exception { // Only the master nodes are in the unicast nodes list: - config = new ClusterDiscoveryConfiguration.UnicastZen(3); + config = new ClusterDiscoveryConfiguration.UnicastZen(11, 3, Settings.EMPTY); Settings settings = Settings.builder() .put("node.data", false) .put("node.master", true) @@ -187,7 +190,7 @@ public class NoMasterNodeTests extends AbstractWatcherIntegrationTests { int numberOfFailures = scaledRandomIntBetween(2, 9); int numberOfWatches = scaledRandomIntBetween(numberOfFailures, 12); logger.info("number of failures [{}], number of watches [{}]", numberOfFailures, numberOfWatches); - config = new ClusterDiscoveryConfiguration.UnicastZen(2 + numberOfFailures); + config = new ClusterDiscoveryConfiguration.UnicastZen(2 + numberOfFailures, Settings.EMPTY); internalCluster().startNodesAsync(2).get(); createIndex("my-index"); client().prepareIndex("my-index", "my-type").setSource("field", "value").get(); diff --git a/watcher/src/test/java/org/elasticsearch/watcher/test/rest/WatcherRestTestCase.java b/watcher/src/test/java/org/elasticsearch/watcher/test/rest/WatcherRestTestCase.java index 9731152e887..f1170a306a7 100644 --- a/watcher/src/test/java/org/elasticsearch/watcher/test/rest/WatcherRestTestCase.java +++ b/watcher/src/test/java/org/elasticsearch/watcher/test/rest/WatcherRestTestCase.java @@ -11,6 +11,7 @@ import org.apache.http.client.methods.HttpPut; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.BasicHttpClientConnectionManager; +import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.plugin.LicensePlugin; import org.elasticsearch.node.Node; @@ -48,7 +49,7 @@ public abstract class WatcherRestTestCase extends ESRestTestCase { public void startWatcher() throws Exception { try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) { InetSocketAddress address = cluster().httpAddresses()[0]; - HttpPut request = new HttpPut(new URI("http", null, address.getAddress().getHostAddress(), address.getPort(), "/_watcher/_start", null, null)); + HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_start", null, null)); client.execute(request); } } @@ -57,7 +58,7 @@ public abstract class WatcherRestTestCase extends ESRestTestCase { public void stopWatcher() throws Exception { try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) { InetSocketAddress address = cluster().httpAddresses()[0]; - HttpPut request = new HttpPut(new URI("http", null, address.getAddress().getHostAddress(), address.getPort(), "/_watcher/_stop", null, null)); + HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.formatAddress(address.getAddress()), address.getPort(), "/_watcher/_stop", null, null)); client.execute(request); } }