diff --git a/marvel/src/main/java/org/elasticsearch/marvel/shield/SecuredClient.java b/marvel/src/main/java/org/elasticsearch/marvel/shield/SecuredClient.java index b42bc518a1a..8ac4ddd3980 100644 --- a/marvel/src/main/java/org/elasticsearch/marvel/shield/SecuredClient.java +++ b/marvel/src/main/java/org/elasticsearch/marvel/shield/SecuredClient.java @@ -218,10 +218,6 @@ import org.elasticsearch.action.delete.DeleteAction; import org.elasticsearch.action.delete.DeleteRequest; import org.elasticsearch.action.delete.DeleteRequestBuilder; import org.elasticsearch.action.delete.DeleteResponse; -import org.elasticsearch.action.exists.ExistsAction; -import org.elasticsearch.action.exists.ExistsRequest; -import org.elasticsearch.action.exists.ExistsRequestBuilder; -import org.elasticsearch.action.exists.ExistsResponse; import org.elasticsearch.action.explain.ExplainAction; import org.elasticsearch.action.explain.ExplainRequest; import org.elasticsearch.action.explain.ExplainRequestBuilder; @@ -500,18 +496,6 @@ public class SecuredClient implements Client { return new MultiSearchRequestBuilder(this, MultiSearchAction.INSTANCE); } - public ActionFuture exists(ExistsRequest request) { - return this.execute(ExistsAction.INSTANCE, request); - } - - public void exists(ExistsRequest request, ActionListener listener) { - this.execute(ExistsAction.INSTANCE, request, listener); - } - - public ExistsRequestBuilder prepareExists(String... indices) { - return new ExistsRequestBuilder(this, ExistsAction.INSTANCE).setIndices(indices); - } - public ActionFuture suggest(SuggestRequest request) { return this.execute(SuggestAction.INSTANCE, request); } diff --git a/shield/docs/public/reference.asciidoc b/shield/docs/public/reference.asciidoc index 8fd0c021666..f6431b48c5d 100644 --- a/shield/docs/public/reference.asciidoc +++ b/shield/docs/public/reference.asciidoc @@ -29,7 +29,7 @@ flush, mapping, open, force merge, refresh, settings, search shards, templates, `monitor`:: All actions, that are required for monitoring and read-only (recovery, segments info, index stats & status) `data_access`:: A shortcut of all of the below privileges `crud`:: A shortcut of `read` and `write` privileges -`read`:: Read only access to actions (count, explain, get, exists, mget, get indexed scripts, more like this, multi +`read`:: Read only access to actions (count, explain, get, mget, get indexed scripts, more like this, multi percolate/search/termvector), percolate, scroll, clear_scroll, search, suggest, tv) `search`:: All of `suggest` and executing an arbitrary search request (including multi-search API) `get`:: Allow to execute a GET request for a single document or multiple documents via the multi-get API @@ -136,7 +136,6 @@ NOTE: While indices template actions typically relate to indices, they are categ * `indices:monitor/shard_stores` * `indices:monitor/stats` * `indices:monitor/upgrade` -* `indices:data/read/exists` * `indices:data/read/explain` * `indices:data/read/field_stats` * `indices:data/read/get` diff --git a/shield/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java b/shield/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java index fcfc296eda7..716101eabdf 100644 --- a/shield/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java +++ b/shield/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java @@ -409,7 +409,6 @@ public class IndexPrivilegeTests extends AbstractPrivilegeTestCase { // admin refresh before executing assertAccessIsAllowed("admin", "GET", "/" + index + "/_refresh"); assertAccessIsAllowed(user, "GET", "/" + index + "/_count"); - assertAccessIsAllowed(user, "GET", "/" + index + "/_search/exists", "{ \"query\" : { \"match_all\" : {} } }"); assertAccessIsAllowed("admin", "GET", "/" + index + "/_search"); assertAccessIsAllowed("admin", "GET", "/" + index + "/foo/1"); assertAccessIsAllowed(user, "GET", "/" + index + "/foo/1/_explain", "{ \"query\" : { \"match_all\" : {} } }"); @@ -428,7 +427,7 @@ public class IndexPrivilegeTests extends AbstractPrivilegeTestCase { assertUserIsAllowed(user, "search", index); } else { assertAccessIsDenied(user, "GET", "/" + index + "/_count"); - assertAccessIsDenied(user, "GET", "/" + index + "/_search/exists"); + assertAccessIsDenied(user, "GET", "/" + index + "/_search"); assertAccessIsDenied(user, "GET", "/" + index + "/foo/1/_explain", "{ \"query\" : { \"match_all\" : {} } }"); assertAccessIsDenied(user, "GET", "/" + index + "/foo/1/_termvector"); assertAccessIsDenied(user, "GET", "/" + index + "/foo/_percolate", "{ \"doc\" : { \"foo\" : \"bar\" } }"); diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java index 2aa54061d7a..c4ae5f2261d 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java @@ -7,7 +7,7 @@ package org.elasticsearch.shield.audit.index; import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateResponse; import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesResponse; -import org.elasticsearch.action.exists.ExistsResponse; +import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.cluster.metadata.IndexTemplateMetaData; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail; @@ -57,7 +57,7 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase { awaitIndexTemplateCreation(); // Wait for the index to be created since we have our own startup - awaitIndexCreation(); + awaitAuditDocumentCreation(); } public void testAuditTrailTemplateIsRecreatedAfterDelete() throws Exception { @@ -70,21 +70,18 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase { awaitIndexTemplateCreation(); } - void awaitIndexCreation() throws Exception { + void awaitAuditDocumentCreation() throws Exception { final String indexName = IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, DateTime.now(DateTimeZone.UTC), rollover); boolean success = awaitBusy(() -> { try { - ExistsResponse response = - client().prepareExists(indexName).execute().actionGet(); - return response.exists(); + SearchResponse searchResponse = client().prepareSearch(indexName).setSize(0).setTerminateAfter(1).execute().actionGet(); + return searchResponse.getHits().totalHits() > 0; } catch (Exception e) { return false; } }); - if (!success) { - fail("index [" + indexName + "] was not created"); - } + assertThat("no audit document exists!", success, is(true)); } void awaitIndexTemplateCreation() throws InterruptedException { @@ -100,8 +97,6 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase { return false; }); - if (!found) { - fail("index template [" + IndexAuditTrail.INDEX_TEMPLATE_NAME + "] was not created"); - } + assertThat("index template [" + IndexAuditTrail.INDEX_TEMPLATE_NAME + "] was not created", found, is(true)); } } diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java index 78cba50580f..e70e12a8bba 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java @@ -8,7 +8,6 @@ package org.elasticsearch.shield.audit.index; import org.elasticsearch.action.IndicesRequest; import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse; import org.elasticsearch.action.admin.indices.settings.get.GetSettingsResponse; -import org.elasticsearch.action.exists.ExistsResponse; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.client.Client; @@ -16,11 +15,7 @@ import org.elasticsearch.cluster.ClusterService; import org.elasticsearch.common.inject.util.Providers; import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.transport.BoundTransportAddress; -import org.elasticsearch.common.transport.DummyTransportAddress; -import org.elasticsearch.common.transport.InetSocketTransportAddress; -import org.elasticsearch.common.transport.LocalTransportAddress; -import org.elasticsearch.common.transport.TransportAddress; +import org.elasticsearch.common.transport.*; import org.elasticsearch.env.Environment; import org.elasticsearch.index.IndexNotFoundException; import org.elasticsearch.index.cache.IndexCacheModule; @@ -49,28 +44,16 @@ import org.junit.After; import java.io.IOException; import java.net.InetAddress; import java.net.InetSocketAddress; -import java.util.Collections; -import java.util.List; -import java.util.Locale; -import java.util.Map; -import java.util.Set; +import java.util.*; -import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.DAILY; -import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.HOURLY; -import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.MONTHLY; -import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.WEEKLY; +import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.*; import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE; import static org.elasticsearch.test.InternalTestCluster.clusterName; import static org.hamcrest.Matchers.contains; -import static org.hamcrest.Matchers.equalTo; -import static org.hamcrest.Matchers.is; -import static org.hamcrest.Matchers.notNullValue; -import static org.hamcrest.Matchers.nullValue; +import static org.hamcrest.Matchers.*; import static org.mockito.Matchers.any; import static org.mockito.Matchers.eq; -import static org.mockito.Mockito.doThrow; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; +import static org.mockito.Mockito.*; /** * @@ -229,7 +212,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { initialize(); TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage()); auditor.anonymousAccessDenied("_action", message); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); assertAuditMessage(hit, "transport", "anonymous_access_denied"); @@ -254,7 +237,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage()); auditor.anonymousAccessDenied("_action", message); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -265,14 +248,14 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { initialize(); RestRequest request = mockRestRequest(); auditor.anonymousAccessDenied(request); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); assertAuditMessage(hit, "rest", "anonymous_access_denied"); assertThat(NetworkAddress.formatAddress(InetAddress.getLoopbackAddress()), equalTo(hit.field("origin_address").getValue())); assertThat("_uri", equalTo(hit.field("uri").getValue())); - assertThat((String) hit.field("origin_type").getValue(), is("rest")); + assertThat(hit.field("origin_type").getValue(), is("rest")); assertThat(hit.field("request_body").getValue(), notNullValue()); } @@ -281,7 +264,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { RestRequest request = mockRestRequest(); auditor.anonymousAccessDenied(request); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -292,7 +275,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { initialize(); TransportMessage message = randomBoolean() ? new RemoteHostMockMessage() : new LocalHostMockMessage(); auditor.authenticationFailed(new MockToken(), "_action", message); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); @@ -314,7 +297,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { initialize(); TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage()); auditor.authenticationFailed("_action", message); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); @@ -341,7 +324,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage()); auditor.authenticationFailed(new MockToken(), "_action", message); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -353,7 +336,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage()); auditor.authenticationFailed("_action", message); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -364,7 +347,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { initialize(); RestRequest request = mockRestRequest(); auditor.authenticationFailed(new MockToken(), request); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); @@ -372,7 +355,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { assertThat(hit.field("principal").getValue(), is((Object) "_principal")); assertThat("127.0.0.1", equalTo(hit.field("origin_address").getValue())); assertThat("_uri", equalTo(hit.field("uri").getValue())); - assertThat((String) hit.field("origin_type").getValue(), is("rest")); + assertThat(hit.field("origin_type").getValue(), is("rest")); assertThat(hit.field("request_body").getValue(), notNullValue()); } @@ -380,7 +363,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { initialize(); RestRequest request = mockRestRequest(); auditor.authenticationFailed(request); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); @@ -388,7 +371,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { assertThat(hit.field("principal"), nullValue()); assertThat("127.0.0.1", equalTo(hit.field("origin_address").getValue())); assertThat("_uri", equalTo(hit.field("uri").getValue())); - assertThat((String) hit.field("origin_type").getValue(), is("rest")); + assertThat(hit.field("origin_type").getValue(), is("rest")); assertThat(hit.field("request_body").getValue(), notNullValue()); } @@ -397,7 +380,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { RestRequest request = mockRestRequest(); auditor.authenticationFailed(new MockToken(), request); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -409,7 +392,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { RestRequest request = mockRestRequest(); auditor.authenticationFailed(request); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -420,7 +403,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { initialize(); TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage()); auditor.authenticationFailed("_realm", new MockToken(), "_action", message); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); @@ -448,7 +431,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage()); auditor.authenticationFailed("_realm", new MockToken(), "_action", message); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -459,7 +442,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { initialize(); RestRequest request = mockRestRequest(); auditor.authenticationFailed("_realm", new MockToken(), request); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); @@ -467,7 +450,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { assertThat("127.0.0.1", equalTo(hit.field("origin_address").getValue())); assertThat("_uri", equalTo(hit.field("uri").getValue())); assertEquals("_realm", hit.field("realm").getValue()); - assertThat((String) hit.field("origin_type").getValue(), is("rest")); + assertThat(hit.field("origin_type").getValue(), is("rest")); assertThat(hit.field("request_body").getValue(), notNullValue()); } @@ -476,7 +459,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { RestRequest request = mockRestRequest(); auditor.authenticationFailed("_realm", new MockToken(), request); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -494,14 +477,14 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { user = new User.Simple("_username", new String[]{"r1"}); } auditor.accessGranted(user, "_action", message); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); assertAuditMessage(hit, "transport", "access_granted"); assertEquals("transport", hit.field("origin_type").getValue()); if (runAs) { - assertThat((String) hit.field("principal").getValue(), is("running as")); - assertThat((String) hit.field("run_by_principal").getValue(), is("_username")); + assertThat(hit.field("principal").getValue(), is("running as")); + assertThat(hit.field("run_by_principal").getValue(), is("_username")); } else { assertEquals("_username", hit.field("principal").getValue()); } @@ -518,18 +501,17 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage()); auditor.accessGranted(new User.Simple("_username", new String[]{"r1"}), "_action", message); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); } } - public void testSystemAccessGranted() throws Exception { initialize(new String[] { "system_access_granted" }, null); TransportMessage message = randomBoolean() ? new RemoteHostMockMessage() : new LocalHostMockMessage(); auditor.accessGranted(User.SYSTEM, "internal:_action", message); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); assertAuditMessage(hit, "transport", "access_granted"); @@ -544,7 +526,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { TransportMessage message = randomBoolean() ? new RemoteHostMockMessage() : new LocalHostMockMessage(); auditor.accessGranted(User.SYSTEM, "internal:_action", message); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -562,14 +544,14 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { user = new User.Simple("_username", new String[]{"r1"}); } auditor.accessDenied(user, "_action", message); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); assertAuditMessage(hit, "transport", "access_denied"); assertEquals("transport", hit.field("origin_type").getValue()); if (runAs) { - assertThat((String) hit.field("principal").getValue(), is("running as")); - assertThat((String) hit.field("run_by_principal").getValue(), is("_username")); + assertThat(hit.field("principal").getValue(), is("running as")); + assertThat(hit.field("run_by_principal").getValue(), is("_username")); } else { assertEquals("_username", hit.field("principal").getValue()); } @@ -586,7 +568,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage()); auditor.accessDenied(new User.Simple("_username", new String[]{"r1"}), "_action", message); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -597,7 +579,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { initialize(); TransportRequest message = new RemoteHostMockTransportRequest(); auditor.tamperedRequest("_action", message); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); @@ -619,15 +601,15 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { user = new User.Simple("_username", new String[]{"r1"}); } auditor.tamperedRequest(user, "_action", message); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); assertAuditMessage(hit, "transport", "tampered_request"); assertEquals("transport", hit.field("origin_type").getValue()); if (runAs) { - assertThat((String) hit.field("principal").getValue(), is("running as")); - assertThat((String) hit.field("run_by_principal").getValue(), is("_username")); + assertThat(hit.field("principal").getValue(), is("running as")); + assertThat(hit.field("run_by_principal").getValue(), is("_username")); } else { assertEquals("_username", hit.field("principal").getValue()); } @@ -644,7 +626,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { auditor.tamperedRequest("_action", message); } try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -656,7 +638,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { InetAddress inetAddress = InetAddress.getLoopbackAddress(); ShieldIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL; auditor.connectionGranted(inetAddress, "default", rule); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); @@ -671,7 +653,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { ShieldIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL; auditor.connectionGranted(inetAddress, "default", rule); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -683,7 +665,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { InetAddress inetAddress = InetAddress.getLoopbackAddress(); ShieldIpFilterRule rule = new ShieldIpFilterRule(false, "_all"); auditor.connectionDenied(inetAddress, "default", rule); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); @@ -698,7 +680,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { ShieldIpFilterRule rule = new ShieldIpFilterRule(false, "_all"); auditor.connectionDenied(inetAddress, "default", rule); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -710,13 +692,13 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage()); User user = new User.Simple("_username", new String[]{"r1"}, new User.Simple("running as", new String[] {"r2"})); auditor.runAsGranted(user, "_action", message); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); assertAuditMessage(hit, "transport", "run_as_granted"); assertEquals("transport", hit.field("origin_type").getValue()); - assertThat((String) hit.field("principal").getValue(), is("_username")); - assertThat((String) hit.field("run_as_principal").getValue(), is("running as")); + assertThat(hit.field("principal").getValue(), is("_username")); + assertThat(hit.field("run_as_principal").getValue(), is("running as")); assertEquals("_action", hit.field("action").getValue()); assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName()); } @@ -726,7 +708,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage()); auditor.runAsGranted(new User.Simple("_username", new String[]{"r1"}, new User.Simple("running as", new String[]{"r2"})), "_action", message); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -738,13 +720,13 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage()); User user = new User.Simple("_username", new String[]{"r1"}, new User.Simple("running as", new String[] {"r2"})); auditor.runAsDenied(user, "_action", message); - awaitIndexCreation(resolveIndexName()); + awaitAuditDocumentCreation(resolveIndexName()); SearchHit hit = getIndexedAuditMessage(); assertAuditMessage(hit, "transport", "run_as_denied"); assertEquals("transport", hit.field("origin_type").getValue()); - assertThat((String) hit.field("principal").getValue(), is("_username")); - assertThat((String) hit.field("run_as_principal").getValue(), is("running as")); + assertThat(hit.field("principal").getValue(), is("_username")); + assertThat(hit.field("run_as_principal").getValue(), is("running as")); assertEquals("_action", hit.field("action").getValue()); assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName()); } @@ -754,7 +736,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage()); auditor.runAsDenied(new User.Simple("_username", new String[]{"r1"}, new User.Simple("running as", new String[]{"r2"})), "_action", message); try { - getClient().prepareExists(resolveIndexName()).execute().actionGet(); + getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet(); fail("Expected IndexNotFoundException"); } catch (IndexNotFoundException e) { assertThat(e.getMessage(), is("no such index")); @@ -763,7 +745,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { private void assertAuditMessage(SearchHit hit, String layer, String type) { assertThat(hit.field("@timestamp").getValue(), notNullValue()); - DateTime dateTime = ISODateTimeFormat.dateTimeParser().withZoneUTC().parseDateTime((String) hit.field("@timestamp").getValue()); + DateTime dateTime = ISODateTimeFormat.dateTimeParser().withZoneUTC().parseDateTime(hit.field("@timestamp").getValue()); assertThat(dateTime.isBefore(DateTime.now(DateTimeZone.UTC)), is(true)); assertThat(DummyTransportAddress.INSTANCE.getHost(), equalTo(hit.field("node_host_name").getValue())); @@ -866,17 +848,16 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { }; } - private void awaitIndexCreation(final String indexName) throws InterruptedException { + private void awaitAuditDocumentCreation(final String indexName) throws InterruptedException { boolean found = awaitBusy(() -> { try { - ExistsResponse response = - getClient().prepareExists(indexName).execute().actionGet(); - return response.exists(); + SearchResponse searchResponse = getClient().prepareSearch(indexName).setSize(0).setTerminateAfter(1).execute().actionGet(); + return searchResponse.getHits().totalHits() > 0; } catch (Exception e) { return false; } }); - assertThat("[" + indexName + "] does not exist!", found, is(true)); + assertThat("no audit document exists!", found, is(true)); GetSettingsResponse response = getClient().admin().indices().prepareGetSettings(indexName).execute().actionGet(); assertThat(response.getSetting(indexName, "index.number_of_shards"), is(Integer.toString(numShards))); diff --git a/shield/src/test/resources/org/elasticsearch/transport/actions b/shield/src/test/resources/org/elasticsearch/transport/actions index ec821b3a1c2..497a82ba8b3 100644 --- a/shield/src/test/resources/org/elasticsearch/transport/actions +++ b/shield/src/test/resources/org/elasticsearch/transport/actions @@ -51,7 +51,6 @@ indices:monitor/settings/get indices:monitor/shard_stores indices:monitor/stats indices:monitor/upgrade -indices:data/read/exists indices:data/read/explain indices:data/read/field_stats indices:data/read/get diff --git a/shield/src/test/resources/org/elasticsearch/transport/handlers b/shield/src/test/resources/org/elasticsearch/transport/handlers index a5210e9e9c3..653da202847 100644 --- a/shield/src/test/resources/org/elasticsearch/transport/handlers +++ b/shield/src/test/resources/org/elasticsearch/transport/handlers @@ -20,7 +20,6 @@ indices:admin/refresh[s][r] indices:admin/upgrade indices:admin/upgrade[n] indices:admin/validate/query[s] -indices:data/read/exists[s] indices:data/read/explain[s] indices:data/read/field_stats[s] indices:data/read/get[s]