honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Restricted trust config delegates files to monitor to wrapped trust configuration (elastic/x-pack-elasticsearch#2017) 

This change makes the restricted trust configuration delegate the list of files to monitor to the
trust configuration that it wraps so that all files that should be monitored for changes are
monitored for changes.

Relates elastic/x-pack-elasticsearch#1919

Original commit: elastic/x-pack-elasticsearch@227db92ac0
This commit is contained in:
Jay Modi 2017-07-18 08:52:04 -06:00 committed by GitHub
parent 7c58130eb2
commit 8b608ef23b
3 changed files with 74 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
plugin/src/main/java/org/elasticsearch/xpack/ssl/RestrictedTrustConfig.java
View File

@ -10,6 +10,7 @@ import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
@ -17,7 +18,6 @@ import java.util.Objects;
import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.io.PathUtils;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment; import org.elasticsearch.env.Environment;
@ -28,12 +28,12 @@ import org.elasticsearch.env.Environment;
*/ */
public final class RestrictedTrustConfig extends TrustConfig { public final class RestrictedTrustConfig extends TrustConfig {
public static final String RESTRICTIONS_KEY_SUBJECT_NAME = "trust.subject_name"; private static final String RESTRICTIONS_KEY_SUBJECT_NAME = "trust.subject_name";
private final Settings settings; private final Settings settings;
private final String groupConfigPath; private final String groupConfigPath;
private final TrustConfig delegate; private final TrustConfig delegate;
public RestrictedTrustConfig(Settings settings, String groupConfigPath, TrustConfig delegate) { RestrictedTrustConfig(Settings settings, String groupConfigPath, TrustConfig delegate) {
this.settings = settings; this.settings = settings;
this.groupConfigPath = Objects.requireNonNull(groupConfigPath); this.groupConfigPath = Objects.requireNonNull(groupConfigPath);
this.delegate = Objects.requireNonNull(delegate); this.delegate = Objects.requireNonNull(delegate);
@ -52,7 +52,9 @@ public final class RestrictedTrustConfig extends TrustConfig {
@Override @Override
List<Path> filesToMonitor(@Nullable Environment environment) { List<Path> filesToMonitor(@Nullable Environment environment) {
return Collections.singletonList(resolveGroupConfigPath(environment)); List<Path> files = new ArrayList<>(delegate.filesToMonitor(environment));
files.add(resolveGroupConfigPath(environment));
return Collections.unmodifiableList(files);
} }
@Override @Override

2
plugin/src/main/java/org/elasticsearch/xpack/ssl/SSLConfiguration.java
View File

@ -5,9 +5,7 @@
*/ */
package org.elasticsearch.xpack.ssl; package org.elasticsearch.xpack.ssl;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;

68
plugin/src/test/java/org/elasticsearch/xpack/ssl/RestrictedTrustConfigTests.java Normal file
View File

@ -0,0 +1,68 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.ssl;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.test.ESTestCase;
import org.hamcrest.Matchers;
import javax.net.ssl.X509ExtendedTrustManager;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.List;
public class RestrictedTrustConfigTests extends ESTestCase {
public void testDelegationOfFilesToMonitor() throws Exception {
Path homeDir = createTempDir();
Settings settings = Settings.builder().put("path.home", homeDir).build();
Environment environment = new Environment(settings);
final int numOtherFiles = randomIntBetween(0, 4);
List<Path> otherFiles = new ArrayList<>(numOtherFiles);
for (int i = 0; i < numOtherFiles; i++) {
otherFiles.add(Files.createFile(homeDir.resolve("otherFile" + i)));
}
Path groupConfigPath = Files.createFile(homeDir.resolve("groupConfig"));
TrustConfig delegate = new TrustConfig() {
@Override
X509ExtendedTrustManager createTrustManager(Environment environment) {
return null;
}
@Override
List<Path> filesToMonitor(Environment environment) {
return otherFiles;
}
@Override
public String toString() {
return null;
}
@Override
public boolean equals(Object o) {
return false;
}
@Override
public int hashCode() {
return 0;
}
};
final RestrictedTrustConfig restrictedTrustConfig = new RestrictedTrustConfig(settings, groupConfigPath.toString(), delegate);
List<Path> filesToMonitor = restrictedTrustConfig.filesToMonitor(environment);
List<Path> expectedPathList = new ArrayList<>(otherFiles);
expectedPathList.add(groupConfigPath);
assertEquals(numOtherFiles + 1, filesToMonitor.size());
assertThat(filesToMonitor, Matchers.contains(expectedPathList.toArray(new Path[0])));
}
}