honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-17 18:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove references to search/exists that was deleted in core

Browse Source 
Original commit: elastic/x-pack-elasticsearch@f1da798028
This commit is contained in:
javanna 2015-10-21 18:29:44 +02:00 committed by Luca Cavanna
parent ea032cd3a9
commit 93065acf59
7 changed files with 66 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
marvel/src/main/java/org/elasticsearch/marvel/shield/SecuredClient.java
View File

@ -218,10 +218,6 @@ import org.elasticsearch.action.delete.DeleteAction;
import org.elasticsearch.action.delete.DeleteRequest;
import org.elasticsearch.action.delete.DeleteRequestBuilder;
import org.elasticsearch.action.delete.DeleteResponse;
import org.elasticsearch.action.exists.ExistsAction;
import org.elasticsearch.action.exists.ExistsRequest;
import org.elasticsearch.action.exists.ExistsRequestBuilder;
import org.elasticsearch.action.exists.ExistsResponse;
import org.elasticsearch.action.explain.ExplainAction;
import org.elasticsearch.action.explain.ExplainRequest;
import org.elasticsearch.action.explain.ExplainRequestBuilder;
@ -500,18 +496,6 @@ public class SecuredClient implements Client {
return new MultiSearchRequestBuilder(this, MultiSearchAction.INSTANCE);
}
public ActionFuture<ExistsResponse> exists(ExistsRequest request) {
return this.execute(ExistsAction.INSTANCE, request);
}
public void exists(ExistsRequest request, ActionListener<ExistsResponse> listener) {
this.execute(ExistsAction.INSTANCE, request, listener);
}
public ExistsRequestBuilder prepareExists(String... indices) {
return new ExistsRequestBuilder(this, ExistsAction.INSTANCE).setIndices(indices);
}
public ActionFuture<SuggestResponse> suggest(SuggestRequest request) {
return this.execute(SuggestAction.INSTANCE, request);
}

3
shield/docs/public/reference.asciidoc
View File

@ -29,7 +29,7 @@ flush, mapping, open, force merge, refresh, settings, search shards, templates,
`monitor`:: All actions, that are required for monitoring and read-only (recovery, segments info, index stats & status)
`data_access`:: A shortcut of all of the below privileges
`crud`:: A shortcut of `read` and `write` privileges
`read`:: Read only access to actions (count, explain, get, exists, mget, get indexed scripts, more like this, multi
`read`:: Read only access to actions (count, explain, get, mget, get indexed scripts, more like this, multi
percolate/search/termvector), percolate, scroll, clear_scroll, search, suggest, tv)
`search`:: All of `suggest` and executing an arbitrary search request (including multi-search API)
`get`:: Allow to execute a GET request for a single document or multiple documents via the multi-get API
@ -136,7 +136,6 @@ NOTE: While indices template actions typically relate to indices, they are categ
* `indices:monitor/shard_stores`
* `indices:monitor/stats`
* `indices:monitor/upgrade`
* `indices:data/read/exists`
* `indices:data/read/explain`
* `indices:data/read/field_stats`
* `indices:data/read/get`

3
shield/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java
View File

@ -409,7 +409,6 @@ public class IndexPrivilegeTests extends AbstractPrivilegeTestCase {
// admin refresh before executing
assertAccessIsAllowed("admin", "GET", "/" + index + "/_refresh");
assertAccessIsAllowed(user, "GET", "/" + index + "/_count");
assertAccessIsAllowed(user, "GET", "/" + index + "/_search/exists", "{ \"query\" : { \"match_all\" : {} } }");
assertAccessIsAllowed("admin", "GET", "/" + index + "/_search");
assertAccessIsAllowed("admin", "GET", "/" + index + "/foo/1");
assertAccessIsAllowed(user, "GET", "/" + index + "/foo/1/_explain", "{ \"query\" : { \"match_all\" : {} } }");
@ -428,7 +427,7 @@ public class IndexPrivilegeTests extends AbstractPrivilegeTestCase {
assertUserIsAllowed(user, "search", index);
} else {
assertAccessIsDenied(user, "GET", "/" + index + "/_count");
assertAccessIsDenied(user, "GET", "/" + index + "/_search/exists");
assertAccessIsDenied(user, "GET", "/" + index + "/_search");
assertAccessIsDenied(user, "GET", "/" + index + "/foo/1/_explain", "{ \"query\" : { \"match_all\" : {} } }");
assertAccessIsDenied(user, "GET", "/" + index + "/foo/1/_termvector");
assertAccessIsDenied(user, "GET", "/" + index + "/foo/_percolate", "{ \"doc\" : { \"foo\" : \"bar\" } }");

19
shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java
View File

@ -7,7 +7,7 @@ package org.elasticsearch.shield.audit.index;
import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateResponse;
import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesResponse;
import org.elasticsearch.action.exists.ExistsResponse;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.cluster.metadata.IndexTemplateMetaData;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail;
@ -57,7 +57,7 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
awaitIndexTemplateCreation();
// Wait for the index to be created since we have our own startup
awaitIndexCreation();
awaitAuditDocumentCreation();
}
public void testAuditTrailTemplateIsRecreatedAfterDelete() throws Exception {
@ -70,21 +70,18 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
awaitIndexTemplateCreation();
}
void awaitIndexCreation() throws Exception {
void awaitAuditDocumentCreation() throws Exception {
final String indexName = IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, DateTime.now(DateTimeZone.UTC), rollover);
boolean success = awaitBusy(() -> {
try {
ExistsResponse response =
client().prepareExists(indexName).execute().actionGet();
return response.exists();
SearchResponse searchResponse = client().prepareSearch(indexName).setSize(0).setTerminateAfter(1).execute().actionGet();
return searchResponse.getHits().totalHits() > 0;
} catch (Exception e) {
return false;
}
});
if (!success) {
fail("index [" + indexName + "] was not created");
}
assertThat("no audit document exists!", success, is(true));
}
void awaitIndexTemplateCreation() throws InterruptedException {
@ -100,8 +97,6 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
return false;
});
if (!found) {
fail("index template [" + IndexAuditTrail.INDEX_TEMPLATE_NAME + "] was not created");
}
assertThat("index template [" + IndexAuditTrail.INDEX_TEMPLATE_NAME + "] was not created", found, is(true));
}
}

133
shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java
View File

@ -8,7 +8,6 @@ package org.elasticsearch.shield.audit.index;
import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.action.admin.indices.settings.get.GetSettingsResponse;
import org.elasticsearch.action.exists.ExistsResponse;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.action.support.IndicesOptions;
import org.elasticsearch.client.Client;
@ -16,11 +15,7 @@ import org.elasticsearch.cluster.ClusterService;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.BoundTransportAddress;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.common.transport.*;
import org.elasticsearch.env.Environment;
import org.elasticsearch.index.IndexNotFoundException;
import org.elasticsearch.index.cache.IndexCacheModule;
@ -49,28 +44,16 @@ import org.junit.After;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.*;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.DAILY;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.HOURLY;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.MONTHLY;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.WEEKLY;
import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.*;
import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
import static org.elasticsearch.test.InternalTestCluster.clusterName;
import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
import static org.hamcrest.Matchers.*;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static org.mockito.Mockito.*;
/**
*
@ -229,7 +212,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
initialize();
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.anonymousAccessDenied("_action", message);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "anonymous_access_denied");
@ -254,7 +237,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.anonymousAccessDenied("_action", message);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -265,14 +248,14 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
initialize();
RestRequest request = mockRestRequest();
auditor.anonymousAccessDenied(request);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "rest", "anonymous_access_denied");
assertThat(NetworkAddress.formatAddress(InetAddress.getLoopbackAddress()), equalTo(hit.field("origin_address").getValue()));
assertThat("_uri", equalTo(hit.field("uri").getValue()));
assertThat((String) hit.field("origin_type").getValue(), is("rest"));
assertThat(hit.field("origin_type").getValue(), is("rest"));
assertThat(hit.field("request_body").getValue(), notNullValue());
}
@ -281,7 +264,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
RestRequest request = mockRestRequest();
auditor.anonymousAccessDenied(request);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -292,7 +275,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
initialize();
TransportMessage message = randomBoolean() ? new RemoteHostMockMessage() : new LocalHostMockMessage();
auditor.authenticationFailed(new MockToken(), "_action", message);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
@ -314,7 +297,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
initialize();
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.authenticationFailed("_action", message);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
@ -341,7 +324,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.authenticationFailed(new MockToken(), "_action", message);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -353,7 +336,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.authenticationFailed("_action", message);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -364,7 +347,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
initialize();
RestRequest request = mockRestRequest();
auditor.authenticationFailed(new MockToken(), request);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
@ -372,7 +355,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertThat(hit.field("principal").getValue(), is((Object) "_principal"));
assertThat("127.0.0.1", equalTo(hit.field("origin_address").getValue()));
assertThat("_uri", equalTo(hit.field("uri").getValue()));
assertThat((String) hit.field("origin_type").getValue(), is("rest"));
assertThat(hit.field("origin_type").getValue(), is("rest"));
assertThat(hit.field("request_body").getValue(), notNullValue());
}
@ -380,7 +363,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
initialize();
RestRequest request = mockRestRequest();
auditor.authenticationFailed(request);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
@ -388,7 +371,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertThat(hit.field("principal"), nullValue());
assertThat("127.0.0.1", equalTo(hit.field("origin_address").getValue()));
assertThat("_uri", equalTo(hit.field("uri").getValue()));
assertThat((String) hit.field("origin_type").getValue(), is("rest"));
assertThat(hit.field("origin_type").getValue(), is("rest"));
assertThat(hit.field("request_body").getValue(), notNullValue());
}
@ -397,7 +380,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
RestRequest request = mockRestRequest();
auditor.authenticationFailed(new MockToken(), request);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -409,7 +392,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
RestRequest request = mockRestRequest();
auditor.authenticationFailed(request);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -420,7 +403,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
initialize();
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.authenticationFailed("_realm", new MockToken(), "_action", message);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
@ -448,7 +431,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.authenticationFailed("_realm", new MockToken(), "_action", message);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -459,7 +442,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
initialize();
RestRequest request = mockRestRequest();
auditor.authenticationFailed("_realm", new MockToken(), request);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
@ -467,7 +450,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
assertThat("127.0.0.1", equalTo(hit.field("origin_address").getValue()));
assertThat("_uri", equalTo(hit.field("uri").getValue()));
assertEquals("_realm", hit.field("realm").getValue());
assertThat((String) hit.field("origin_type").getValue(), is("rest"));
assertThat(hit.field("origin_type").getValue(), is("rest"));
assertThat(hit.field("request_body").getValue(), notNullValue());
}
@ -476,7 +459,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
RestRequest request = mockRestRequest();
auditor.authenticationFailed("_realm", new MockToken(), request);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -494,14 +477,14 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
user = new User.Simple("_username", new String[]{"r1"});
}
auditor.accessGranted(user, "_action", message);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "access_granted");
assertEquals("transport", hit.field("origin_type").getValue());
if (runAs) {
assertThat((String) hit.field("principal").getValue(), is("running as"));
assertThat((String) hit.field("run_by_principal").getValue(), is("_username"));
assertThat(hit.field("principal").getValue(), is("running as"));
assertThat(hit.field("run_by_principal").getValue(), is("_username"));
} else {
assertEquals("_username", hit.field("principal").getValue());
}
@ -518,18 +501,17 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.accessGranted(new User.Simple("_username", new String[]{"r1"}), "_action", message);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
}
}
public void testSystemAccessGranted() throws Exception {
initialize(new String[] { "system_access_granted" }, null);
TransportMessage message = randomBoolean() ? new RemoteHostMockMessage() : new LocalHostMockMessage();
auditor.accessGranted(User.SYSTEM, "internal:_action", message);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "access_granted");
@ -544,7 +526,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
TransportMessage message = randomBoolean() ? new RemoteHostMockMessage() : new LocalHostMockMessage();
auditor.accessGranted(User.SYSTEM, "internal:_action", message);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -562,14 +544,14 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
user = new User.Simple("_username", new String[]{"r1"});
}
auditor.accessDenied(user, "_action", message);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "access_denied");
assertEquals("transport", hit.field("origin_type").getValue());
if (runAs) {
assertThat((String) hit.field("principal").getValue(), is("running as"));
assertThat((String) hit.field("run_by_principal").getValue(), is("_username"));
assertThat(hit.field("principal").getValue(), is("running as"));
assertThat(hit.field("run_by_principal").getValue(), is("_username"));
} else {
assertEquals("_username", hit.field("principal").getValue());
}
@ -586,7 +568,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.accessDenied(new User.Simple("_username", new String[]{"r1"}), "_action", message);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -597,7 +579,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
initialize();
TransportRequest message = new RemoteHostMockTransportRequest();
auditor.tamperedRequest("_action", message);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
@ -619,15 +601,15 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
user = new User.Simple("_username", new String[]{"r1"});
}
auditor.tamperedRequest(user, "_action", message);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "tampered_request");
assertEquals("transport", hit.field("origin_type").getValue());
if (runAs) {
assertThat((String) hit.field("principal").getValue(), is("running as"));
assertThat((String) hit.field("run_by_principal").getValue(), is("_username"));
assertThat(hit.field("principal").getValue(), is("running as"));
assertThat(hit.field("run_by_principal").getValue(), is("_username"));
} else {
assertEquals("_username", hit.field("principal").getValue());
}
@ -644,7 +626,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
auditor.tamperedRequest("_action", message);
}
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -656,7 +638,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
InetAddress inetAddress = InetAddress.getLoopbackAddress();
ShieldIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
auditor.connectionGranted(inetAddress, "default", rule);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
@ -671,7 +653,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
ShieldIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
auditor.connectionGranted(inetAddress, "default", rule);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -683,7 +665,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
InetAddress inetAddress = InetAddress.getLoopbackAddress();
ShieldIpFilterRule rule = new ShieldIpFilterRule(false, "_all");
auditor.connectionDenied(inetAddress, "default", rule);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
@ -698,7 +680,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
ShieldIpFilterRule rule = new ShieldIpFilterRule(false, "_all");
auditor.connectionDenied(inetAddress, "default", rule);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -710,13 +692,13 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
User user = new User.Simple("_username", new String[]{"r1"}, new User.Simple("running as", new String[] {"r2"}));
auditor.runAsGranted(user, "_action", message);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "run_as_granted");
assertEquals("transport", hit.field("origin_type").getValue());
assertThat((String) hit.field("principal").getValue(), is("_username"));
assertThat((String) hit.field("run_as_principal").getValue(), is("running as"));
assertThat(hit.field("principal").getValue(), is("_username"));
assertThat(hit.field("run_as_principal").getValue(), is("running as"));
assertEquals("_action", hit.field("action").getValue());
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName());
}
@ -726,7 +708,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.runAsGranted(new User.Simple("_username", new String[]{"r1"}, new User.Simple("running as", new String[]{"r2"})), "_action", message);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -738,13 +720,13 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
User user = new User.Simple("_username", new String[]{"r1"}, new User.Simple("running as", new String[] {"r2"}));
auditor.runAsDenied(user, "_action", message);
awaitIndexCreation(resolveIndexName());
awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "run_as_denied");
assertEquals("transport", hit.field("origin_type").getValue());
assertThat((String) hit.field("principal").getValue(), is("_username"));
assertThat((String) hit.field("run_as_principal").getValue(), is("running as"));
assertThat(hit.field("principal").getValue(), is("_username"));
assertThat(hit.field("run_as_principal").getValue(), is("running as"));
assertEquals("_action", hit.field("action").getValue());
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName());
}
@ -754,7 +736,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
TransportMessage message = randomFrom(new RemoteHostMockMessage(), new LocalHostMockMessage(), new MockIndicesTransportMessage());
auditor.runAsDenied(new User.Simple("_username", new String[]{"r1"}, new User.Simple("running as", new String[]{"r2"})), "_action", message);
try {
getClient().prepareExists(resolveIndexName()).execute().actionGet();
getClient().prepareSearch(resolveIndexName()).setSize(0).setTerminateAfter(1).execute().actionGet();
fail("Expected IndexNotFoundException");
} catch (IndexNotFoundException e) {
assertThat(e.getMessage(), is("no such index"));
@ -763,7 +745,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
private void assertAuditMessage(SearchHit hit, String layer, String type) {
assertThat(hit.field("@timestamp").getValue(), notNullValue());
DateTime dateTime = ISODateTimeFormat.dateTimeParser().withZoneUTC().parseDateTime((String) hit.field("@timestamp").getValue());
DateTime dateTime = ISODateTimeFormat.dateTimeParser().withZoneUTC().parseDateTime(hit.field("@timestamp").getValue());
assertThat(dateTime.isBefore(DateTime.now(DateTimeZone.UTC)), is(true));
assertThat(DummyTransportAddress.INSTANCE.getHost(), equalTo(hit.field("node_host_name").getValue()));
@ -866,17 +848,16 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
};
}
private void awaitIndexCreation(final String indexName) throws InterruptedException {
private void awaitAuditDocumentCreation(final String indexName) throws InterruptedException {
boolean found = awaitBusy(() -> {
try {
ExistsResponse response =
getClient().prepareExists(indexName).execute().actionGet();
return response.exists();
SearchResponse searchResponse = getClient().prepareSearch(indexName).setSize(0).setTerminateAfter(1).execute().actionGet();
return searchResponse.getHits().totalHits() > 0;
} catch (Exception e) {
return false;
}
});
assertThat("[" + indexName + "] does not exist!", found, is(true));
assertThat("no audit document exists!", found, is(true));
GetSettingsResponse response = getClient().admin().indices().prepareGetSettings(indexName).execute().actionGet();
assertThat(response.getSetting(indexName, "index.number_of_shards"), is(Integer.toString(numShards)));

1
shield/src/test/resources/org/elasticsearch/transport/actions
View File

@ -51,7 +51,6 @@ indices:monitor/settings/get
indices:monitor/shard_stores
indices:monitor/stats
indices:monitor/upgrade
indices:data/read/exists
indices:data/read/explain
indices:data/read/field_stats
indices:data/read/get

1
shield/src/test/resources/org/elasticsearch/transport/handlers
View File

@ -20,7 +20,6 @@ indices:admin/refresh[s][r]
indices:admin/upgrade
indices:admin/upgrade[n]
indices:admin/validate/query[s]
indices:data/read/exists[s]
indices:data/read/explain[s]
indices:data/read/field_stats[s]
indices:data/read/get[s]