From 7ed501b230312f0d1ce74d4748bed6feb01522fb Mon Sep 17 00:00:00 2001
From: Ryan Ernst <ryan@iernst.net>
Date: Tue, 15 Aug 2017 10:15:55 -0700
Subject: [PATCH] Settings: Add keystore creation to add commands (#26126)

This commits changes the keystore cli add commands to prompt for
creating the keystore if it does not exist. This will make it easier on
users starting out, not having to run a separate command for creation.
---
 .../settings/AddFileKeyStoreCommand.java      | 13 ++++++++---
 .../settings/AddStringKeyStoreCommand.java    | 13 ++++++++---
 .../settings/AddFileKeyStoreCommandTests.java | 22 +++++++++++++++----
 .../AddStringKeyStoreCommandTests.java        | 21 ++++++++++++++----
 4 files changed, 55 insertions(+), 14 deletions(-)

diff --git a/core/src/main/java/org/elasticsearch/common/settings/AddFileKeyStoreCommand.java b/core/src/main/java/org/elasticsearch/common/settings/AddFileKeyStoreCommand.java
index 5ccac9a2ac3..a488d238859 100644
--- a/core/src/main/java/org/elasticsearch/common/settings/AddFileKeyStoreCommand.java
+++ b/core/src/main/java/org/elasticsearch/common/settings/AddFileKeyStoreCommand.java
@@ -61,11 +61,18 @@ class AddFileKeyStoreCommand extends EnvironmentAwareCommand {
     protected void execute(Terminal terminal, OptionSet options, Environment env) throws Exception {
         KeyStoreWrapper keystore = KeyStoreWrapper.load(env.configFile());
         if (keystore == null) {
-            throw new UserException(ExitCodes.DATA_ERROR, "Elasticsearch keystore not found. Use 'create' command to create one.");
+            if (options.has(forceOption) == false &&
+                terminal.promptYesNo("The elasticsearch keystore does not exist. Do you want to create it?", false) == false) {
+                terminal.println("Exiting without creating keystore.");
+                return;
+            }
+            keystore = KeyStoreWrapper.create(new char[0] /* always use empty passphrase for auto created keystore */);
+            keystore.save(env.configFile());
+            terminal.println("Created elasticsearch keystore in " + env.configFile());
+        } else {
+            keystore.decrypt(new char[0] /* TODO: prompt for password when they are supported */);
         }
 
-        keystore.decrypt(new char[0] /* TODO: prompt for password when they are supported */);
-
         List<String> argumentValues = arguments.values(options);
         if (argumentValues.size() == 0) {
             throw new UserException(ExitCodes.USAGE, "Missing setting name");
diff --git a/core/src/main/java/org/elasticsearch/common/settings/AddStringKeyStoreCommand.java b/core/src/main/java/org/elasticsearch/common/settings/AddStringKeyStoreCommand.java
index 599fac8c376..69a76f0f18f 100644
--- a/core/src/main/java/org/elasticsearch/common/settings/AddStringKeyStoreCommand.java
+++ b/core/src/main/java/org/elasticsearch/common/settings/AddStringKeyStoreCommand.java
@@ -58,11 +58,18 @@ class AddStringKeyStoreCommand extends EnvironmentAwareCommand {
     protected void execute(Terminal terminal, OptionSet options, Environment env) throws Exception {
         KeyStoreWrapper keystore = KeyStoreWrapper.load(env.configFile());
         if (keystore == null) {
-            throw new UserException(ExitCodes.DATA_ERROR, "Elasticsearch keystore not found. Use 'create' command to create one.");
+            if (options.has(forceOption) == false &&
+                terminal.promptYesNo("The elasticsearch keystore does not exist. Do you want to create it?", false) == false) {
+                terminal.println("Exiting without creating keystore.");
+                return;
+            }
+            keystore = KeyStoreWrapper.create(new char[0] /* always use empty passphrase for auto created keystore */);
+            keystore.save(env.configFile());
+            terminal.println("Created elasticsearch keystore in " + env.configFile());
+        } else {
+            keystore.decrypt(new char[0] /* TODO: prompt for password when they are supported */);
         }
 
-        keystore.decrypt(new char[0] /* TODO: prompt for password when they are supported */);
-
         String setting = arguments.value(options);
         if (setting == null) {
             throw new UserException(ExitCodes.USAGE, "The setting name can not be null");
diff --git a/core/src/test/java/org/elasticsearch/common/settings/AddFileKeyStoreCommandTests.java b/core/src/test/java/org/elasticsearch/common/settings/AddFileKeyStoreCommandTests.java
index 91f08e8c0a0..071d394eb1e 100644
--- a/core/src/test/java/org/elasticsearch/common/settings/AddFileKeyStoreCommandTests.java
+++ b/core/src/test/java/org/elasticsearch/common/settings/AddFileKeyStoreCommandTests.java
@@ -59,10 +59,24 @@ public class AddFileKeyStoreCommandTests extends KeyStoreCommandTestCase {
         keystore.save(env.configFile());
     }
 
-    public void testMissing() throws Exception {
-        UserException e = expectThrows(UserException.class, this::execute);
-        assertEquals(ExitCodes.DATA_ERROR, e.exitCode);
-        assertThat(e.getMessage(), containsString("keystore not found"));
+    public void testMissingPromptCreate() throws Exception {
+        Path file1 = createRandomFile();
+        terminal.addTextInput("y");
+        execute("foo", file1.toString());
+        assertSecureFile("foo", file1);
+    }
+
+    public void testMissingForceCreate() throws Exception {
+        Path file1 = createRandomFile();
+        terminal.addSecretInput("bar");
+        execute("-f", "foo", file1.toString());
+        assertSecureFile("foo", file1);
+    }
+
+    public void testMissingNoCreate() throws Exception {
+        terminal.addTextInput("n"); // explicit no
+        execute("foo");
+        assertNull(KeyStoreWrapper.load(env.configFile()));
     }
 
     public void testOverwritePromptDefault() throws Exception {
diff --git a/core/src/test/java/org/elasticsearch/common/settings/AddStringKeyStoreCommandTests.java b/core/src/test/java/org/elasticsearch/common/settings/AddStringKeyStoreCommandTests.java
index a83349d28fa..d0d8fdb500d 100644
--- a/core/src/test/java/org/elasticsearch/common/settings/AddStringKeyStoreCommandTests.java
+++ b/core/src/test/java/org/elasticsearch/common/settings/AddStringKeyStoreCommandTests.java
@@ -49,10 +49,23 @@ public class AddStringKeyStoreCommandTests extends KeyStoreCommandTestCase {
         };
     }
 
-    public void testMissing() throws Exception {
-        UserException e = expectThrows(UserException.class, this::execute);
-        assertEquals(ExitCodes.DATA_ERROR, e.exitCode);
-        assertThat(e.getMessage(), containsString("keystore not found"));
+    public void testMissingPromptCreate() throws Exception {
+        terminal.addTextInput("y");
+        terminal.addSecretInput("bar");
+        execute("foo");
+        assertSecureString("foo", "bar");
+    }
+
+    public void testMissingForceCreate() throws Exception {
+        terminal.addSecretInput("bar");
+        execute("-f", "foo");
+        assertSecureString("foo", "bar");
+    }
+
+    public void testMissingNoCreate() throws Exception {
+        terminal.addTextInput("n"); // explicit no
+        execute("foo");
+        assertNull(KeyStoreWrapper.load(env.configFile()));
     }
 
     public void testOverwritePromptDefault() throws Exception {