Refactored & improved LicensesTransportTests

Ensure that invalid licenses never make it to clusterState

Original commit: elastic/x-pack-elasticsearch@c6dfb6226d
This commit is contained in:
Areek Zillur 2014-10-28 23:11:36 -04:00
parent d431c8b532
commit 9a64f00802
4 changed files with 145 additions and 136 deletions

View File

@ -96,35 +96,35 @@ public class LicensesService extends AbstractLifecycleComponent<LicensesService>
LicensesStatus status = checkLicenses(newLicenses); LicensesStatus status = checkLicenses(newLicenses);
switch (status) { switch (status) {
case VALID: case VALID:
clusterService.submitStateUpdateTask(requestHolder.source, new AckedClusterStateUpdateTask<LicensesUpdateResponse>(request, listener) {
@Override
protected LicensesUpdateResponse newResponse(boolean acknowledged) {
return new LicensesUpdateResponse(acknowledged, LicensesStatus.VALID);
}
@Override
public ClusterState execute(ClusterState currentState) throws Exception {
MetaData metaData = currentState.metaData();
MetaData.Builder mdBuilder = MetaData.builder(currentState.metaData());
LicensesMetaData currentLicenses = metaData.custom(LicensesMetaData.TYPE);
final LicensesWrapper licensesWrapper = LicensesWrapper.wrap(currentLicenses);
Set<String> newSignatures = licenseManager.toSignatures(newLicenses);
if (newSignatures.size() > 0) {
Set<String> newLicenseSignatures = Sets.union(licensesWrapper.signatures, newSignatures);
LicensesMetaData newLicensesMetaData = new LicensesMetaData(newLicenseSignatures, licensesWrapper.encodedTrialLicenses);
mdBuilder.putCustom(LicensesMetaData.TYPE, newLicensesMetaData);
} else {
mdBuilder.putCustom(LicensesMetaData.TYPE, currentLicenses);
}
return ClusterState.builder(currentState).metaData(mdBuilder).build();
}
});
break; break;
case INVALID: case INVALID:
case EXPIRED: case EXPIRED:
listener.onResponse(new LicensesUpdateResponse(true, status)); listener.onResponse(new LicensesUpdateResponse(true, status));
break;
} }
clusterService.submitStateUpdateTask(requestHolder.source, new AckedClusterStateUpdateTask<LicensesUpdateResponse>(request, listener) {
@Override
protected LicensesUpdateResponse newResponse(boolean acknowledged) {
return new LicensesUpdateResponse(acknowledged, LicensesStatus.VALID);
}
@Override
public ClusterState execute(ClusterState currentState) throws Exception {
MetaData metaData = currentState.metaData();
MetaData.Builder mdBuilder = MetaData.builder(currentState.metaData());
LicensesMetaData currentLicenses = metaData.custom(LicensesMetaData.TYPE);
final LicensesWrapper licensesWrapper = LicensesWrapper.wrap(currentLicenses);
Set<String> newSignatures = licenseManager.toSignatures(newLicenses);
if (newSignatures.size() > 0) {
Set<String> newLicenseSignatures = Sets.union(licensesWrapper.signatures, newSignatures);
LicensesMetaData newLicensesMetaData = new LicensesMetaData(newLicenseSignatures, licensesWrapper.encodedTrialLicenses);
mdBuilder.putCustom(LicensesMetaData.TYPE, newLicensesMetaData);
} else {
mdBuilder.putCustom(LicensesMetaData.TYPE, currentLicenses);
}
return ClusterState.builder(currentState).metaData(mdBuilder).build();
}
});
} }
public static class LicensesUpdateResponse extends ClusterStateUpdateResponse { public static class LicensesUpdateResponse extends ClusterStateUpdateResponse {

View File

@ -12,11 +12,18 @@ import org.elasticsearch.cluster.metadata.MetaData;
import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.settings.ImmutableSettings; import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.license.core.ESLicense;
import org.elasticsearch.license.licensor.ESLicenseSigner;
import org.elasticsearch.license.plugin.core.LicensesMetaData; import org.elasticsearch.license.plugin.core.LicensesMetaData;
import org.elasticsearch.test.ElasticsearchIntegrationTest; import org.elasticsearch.test.ElasticsearchIntegrationTest;
import java.util.UUID;
import java.util.concurrent.CountDownLatch; import java.util.concurrent.CountDownLatch;
import static org.elasticsearch.license.AbstractLicensingTestBase.getTestPriKeyPath;
import static org.elasticsearch.license.AbstractLicensingTestBase.getTestPubKeyPath;
/** /**
*/ */
public abstract class AbstractLicensesIntegrationTests extends ElasticsearchIntegrationTest { public abstract class AbstractLicensesIntegrationTests extends ElasticsearchIntegrationTest {
@ -59,4 +66,20 @@ public abstract class AbstractLicensesIntegrationTests extends ElasticsearchInte
latch.await(); latch.await();
} }
public static ESLicense generateSignedLicense(String feature, TimeValue expiryDate) throws Exception {
final ESLicense licenseSpec = ESLicense.builder()
.uid(UUID.randomUUID().toString())
.feature(feature)
.expiryDate(System.currentTimeMillis() + expiryDate.getMillis())
.issueDate(System.currentTimeMillis())
.type("subscription")
.subscriptionType("gold")
.issuedTo("customer")
.issuer("elasticsearch")
.maxNodes(randomIntBetween(5, 100))
.build();
ESLicenseSigner signer = new ESLicenseSigner(getTestPriKeyPath(), getTestPubKeyPath());
return signer.sign(licenseSpec);
}
} }

View File

@ -6,26 +6,21 @@
package org.elasticsearch.license.plugin; package org.elasticsearch.license.plugin;
import org.elasticsearch.action.ActionFuture; import org.elasticsearch.action.ActionFuture;
import org.elasticsearch.action.ListenableActionFuture; import org.elasticsearch.common.collect.Lists;
import org.elasticsearch.common.collect.ImmutableSet; import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.license.TestUtils; import org.elasticsearch.license.TestUtils;
import org.elasticsearch.license.core.ESLicense; import org.elasticsearch.license.core.ESLicense;
import org.elasticsearch.license.core.ESLicenses;
import org.elasticsearch.license.plugin.action.delete.DeleteLicenseRequestBuilder;
import org.elasticsearch.license.plugin.action.delete.DeleteLicenseResponse;
import org.elasticsearch.license.plugin.action.get.GetLicenseRequestBuilder; import org.elasticsearch.license.plugin.action.get.GetLicenseRequestBuilder;
import org.elasticsearch.license.plugin.action.get.GetLicenseResponse; import org.elasticsearch.license.plugin.action.get.GetLicenseResponse;
import org.elasticsearch.license.plugin.action.put.PutLicenseRequestBuilder; import org.elasticsearch.license.plugin.action.put.PutLicenseRequestBuilder;
import org.elasticsearch.license.plugin.action.put.PutLicenseResponse; import org.elasticsearch.license.plugin.action.put.PutLicenseResponse;
import org.junit.BeforeClass; import org.elasticsearch.license.plugin.core.LicensesStatus;
import org.junit.After;
import org.junit.Test; import org.junit.Test;
import java.io.IOException; import java.util.Arrays;
import java.net.URISyntaxException; import java.util.Collections;
import java.nio.file.Paths; import java.util.List;
import java.text.ParseException;
import java.util.*;
import java.util.concurrent.ExecutionException;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.TEST; import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.TEST;
@ -35,111 +30,124 @@ import static org.hamcrest.CoreMatchers.notNullValue;
@ClusterScope(scope = TEST, numDataNodes = 10) @ClusterScope(scope = TEST, numDataNodes = 10)
public class LicenseTransportTests extends AbstractLicensesIntegrationTests { public class LicenseTransportTests extends AbstractLicensesIntegrationTests {
private static String pubKeyPath = null; @After
private static String priKeyPath = null; public void beforeTest() throws Exception {
wipeAllLicenses();
@BeforeClass
public static void setup() throws IOException, URISyntaxException {
priKeyPath = Paths.get(LicenseTransportTests.class.getResource("/private.key").toURI()).toAbsolutePath().toString();
pubKeyPath = Paths.get(LicenseTransportTests.class.getResource("/public.key").toURI()).toAbsolutePath().toString();
} }
/*
* TODO:
* - add more delete tests
* - add put invalid licenses tests
* - add multiple licenses of the same feature tests
*/
@Test @Test
public void testEmptyGetLicense() throws Exception { public void testEmptyGetLicense() throws Exception {
DeleteLicenseRequestBuilder deleteLicenseRequestBuilder = new DeleteLicenseRequestBuilder(client().admin().cluster()).setFeatures(ImmutableSet.of("marvel", "shield"));
final ActionFuture<DeleteLicenseResponse> deleteFuture = deleteLicenseRequestBuilder.execute();
final DeleteLicenseResponse deleteLicenseResponse = deleteFuture.get();
assertTrue(deleteLicenseResponse.isAcknowledged());
final ActionFuture<GetLicenseResponse> getLicenseFuture = new GetLicenseRequestBuilder(client().admin().cluster()).execute(); final ActionFuture<GetLicenseResponse> getLicenseFuture = new GetLicenseRequestBuilder(client().admin().cluster()).execute();
final GetLicenseResponse getLicenseResponse = getLicenseFuture.get(); final GetLicenseResponse getLicenseResponse = getLicenseFuture.get();
assertThat("expected 0 licenses; but got: " + getLicenseResponse.licenses().size(), getLicenseResponse.licenses().size(), equalTo(0)); assertThat("expected 0 licenses; but got: " + getLicenseResponse.licenses().size(), getLicenseResponse.licenses().size(), equalTo(0));
} }
@Test @Test
public void testPutLicense() throws ParseException, ExecutionException, InterruptedException, IOException { public void testPutLicense() throws Exception {
ESLicense signedLicense = generateSignedLicense(TestUtils.SHIELD, TimeValue.timeValueMinutes(2));
Map<String, TestUtils.FeatureAttributes> map = new HashMap<>(); List<ESLicense> actualLicenses = Collections.singletonList(signedLicense);
TestUtils.FeatureAttributes featureAttributes =
new TestUtils.FeatureAttributes("shield", "subscription", "platinum", "foo bar Inc.", "elasticsearch", 2, "2014-12-13", "2015-12-13");
map.put(TestUtils.SHIELD, featureAttributes);
String licenseString = TestUtils.generateESLicenses(map);
String licenseOutput = TestUtils.runLicenseGenerationTool(licenseString, pubKeyPath, priKeyPath);
PutLicenseRequestBuilder putLicenseRequestBuilder = new PutLicenseRequestBuilder(client().admin().cluster());
//putLicenseRequest.license(licenseString);
final List<ESLicense> putLicenses = ESLicenses.fromSource(licenseOutput);
putLicenseRequestBuilder.setLicense(putLicenses);
//LicenseUtils.printLicense(putLicenses);
ensureGreen();
final ActionFuture<PutLicenseResponse> putLicenseFuture = putLicenseRequestBuilder.execute();
final PutLicenseResponse putLicenseResponse = putLicenseFuture.get();
// put license
PutLicenseRequestBuilder putLicenseRequestBuilder = new PutLicenseRequestBuilder(client().admin().cluster())
.setLicense(actualLicenses);
PutLicenseResponse putLicenseResponse = putLicenseRequestBuilder.execute().get();
assertThat(putLicenseResponse.isAcknowledged(), equalTo(true)); assertThat(putLicenseResponse.isAcknowledged(), equalTo(true));
assertThat(putLicenseResponse.status(), equalTo(LicensesStatus.VALID));
ActionFuture<GetLicenseResponse> getLicenseFuture = new GetLicenseRequestBuilder(client().admin().cluster()).execute(); // get license
GetLicenseResponse getLicenseResponse = new GetLicenseRequestBuilder(client().admin().cluster()).get();
GetLicenseResponse getLicenseResponse = getLicenseFuture.get();
assertThat(getLicenseResponse.licenses(), notNullValue()); assertThat(getLicenseResponse.licenses(), notNullValue());
//LicenseUtils.printLicense(getLicenseResponse.licenses()); // check license
TestUtils.isSame(new HashSet<>(putLicenses), new HashSet<>(getLicenseResponse.licenses())); TestUtils.isSame(actualLicenses, getLicenseResponse.licenses());
final ActionFuture<DeleteLicenseResponse> deleteFuture = new DeleteLicenseRequestBuilder(client().admin().cluster())
.setFeatures(ImmutableSet.of("marvel", "shield")).execute();
final DeleteLicenseResponse deleteLicenseResponse = deleteFuture.get();
assertTrue(deleteLicenseResponse.isAcknowledged());
//getLicenseResponse = new GetLicenseRequestBuilder(client().admin().cluster()).execute().get();
//TestUtils.isSame(getLicenseResponse.licenses(), LicenseBuilders.licensesBuilder().verifyAndBuild());
} }
@Test @Test
public void testPutInvalidLicense() throws Exception { public void testPutInvalidLicense() throws Exception {
Map<String, TestUtils.FeatureAttributes> map = new HashMap<>(); ESLicense signedLicense = generateSignedLicense(TestUtils.SHIELD, TimeValue.timeValueMinutes(2));
TestUtils.FeatureAttributes featureAttributes =
new TestUtils.FeatureAttributes("shield", "subscription", "platinum", "foo bar Inc.", "elasticsearch", 2, "2014-12-13", "2015-12-13");
map.put(TestUtils.SHIELD, featureAttributes);
String licenseString = TestUtils.generateESLicenses(map);
String licenseOutput = TestUtils.runLicenseGenerationTool(licenseString, pubKeyPath, priKeyPath);
Set<ESLicense> esLicenses = new HashSet<>(ESLicenses.fromSource(licenseOutput)); // modify content of signed license
ESLicense tamperedLicense = ESLicense.builder()
ESLicense esLicense = ESLicenses.reduceAndMap(esLicenses).get(TestUtils.SHIELD); .fromLicenseSpec(signedLicense, signedLicense.signature())
.expiryDate(signedLicense.expiryDate() + 10 * 24 * 60 * 60 * 1000l)
final ESLicense tamperedLicense = ESLicense.builder()
.fromLicenseSpec(esLicense, esLicense.signature())
.expiryDate(esLicense.expiryDate() + 10 * 24 * 60 * 60 * 1000l)
.verify() .verify()
.build(); .build();
PutLicenseRequestBuilder builder = new PutLicenseRequestBuilder(client().admin().cluster()); PutLicenseRequestBuilder builder = new PutLicenseRequestBuilder(client().admin().cluster());
builder.setLicense(Collections.singletonList(tamperedLicense)); builder.setLicense(Collections.singletonList(tamperedLicense));
final ListenableActionFuture<PutLicenseResponse> execute = builder.execute(); // try to put license (should be invalid)
final PutLicenseResponse putLicenseResponse = builder.execute().get();
assertThat(putLicenseResponse.status(), equalTo(LicensesStatus.INVALID));
try {
execute.get(); // try to get invalid license
fail("Invalid License should throw exception"); GetLicenseResponse getLicenseResponse = new GetLicenseRequestBuilder(client().admin().cluster()).get();
} catch (Throwable e) { assertThat(getLicenseResponse.licenses().size(), equalTo(0));
/* TODO: figure out error handling }
String msg =e.getCause().getCause().getCause().getMessage();//e.getCause().getCause().getMessage();// e.getCause().getCause().getCause().getMessage();
assertTrue("Error message: " + msg, msg.contains("Invalid License(s)")); @Test
*/ public void testPutLicensesForSameFeature() throws Exception {
} ESLicense shortedSignedLicense = generateSignedLicense(TestUtils.SHIELD, TimeValue.timeValueMinutes(2));
ESLicense longerSignedLicense = generateSignedLicense(TestUtils.SHIELD, TimeValue.timeValueMinutes(5));
List<ESLicense> actualLicenses = Arrays.asList(longerSignedLicense, shortedSignedLicense);
// put license
PutLicenseRequestBuilder putLicenseRequestBuilder = new PutLicenseRequestBuilder(client().admin().cluster())
.setLicense(actualLicenses);
PutLicenseResponse putLicenseResponse = putLicenseRequestBuilder.execute().get();
assertThat(putLicenseResponse.isAcknowledged(), equalTo(true));
assertThat(putLicenseResponse.status(), equalTo(LicensesStatus.VALID));
// get should return only one license (with longer expiry date)
GetLicenseResponse getLicenseResponse = new GetLicenseRequestBuilder(client().admin().cluster()).get();
assertThat(getLicenseResponse.licenses(), notNullValue());
// check license
TestUtils.isSame(Collections.singletonList(longerSignedLicense), getLicenseResponse.licenses());
}
@Test
public void testPutLicensesForMultipleFeatures() throws Exception {
ESLicense shieldLicense = generateSignedLicense(TestUtils.SHIELD, TimeValue.timeValueMinutes(2));
ESLicense marvelLicense = generateSignedLicense(TestUtils.MARVEL, TimeValue.timeValueMinutes(5));
List<ESLicense> actualLicenses = Arrays.asList(marvelLicense, shieldLicense);
// put license
PutLicenseRequestBuilder putLicenseRequestBuilder = new PutLicenseRequestBuilder(client().admin().cluster())
.setLicense(actualLicenses);
PutLicenseResponse putLicenseResponse = putLicenseRequestBuilder.execute().get();
assertThat(putLicenseResponse.isAcknowledged(), equalTo(true));
assertThat(putLicenseResponse.status(), equalTo(LicensesStatus.VALID));
// get should return both the licenses
GetLicenseResponse getLicenseResponse = new GetLicenseRequestBuilder(client().admin().cluster()).get();
assertThat(getLicenseResponse.licenses(), notNullValue());
// check license
TestUtils.isSame(actualLicenses, getLicenseResponse.licenses());
}
@Test
public void testPutMultipleLicensesForMultipleFeatures() throws Exception {
ESLicense shortedSignedLicense = generateSignedLicense(TestUtils.SHIELD, TimeValue.timeValueMinutes(2));
ESLicense longerSignedLicense = generateSignedLicense(TestUtils.SHIELD, TimeValue.timeValueMinutes(5));
ESLicense marvelLicense = generateSignedLicense(TestUtils.MARVEL, TimeValue.timeValueMinutes(5));
List<ESLicense> actualLicenses = Arrays.asList(marvelLicense, shortedSignedLicense, longerSignedLicense);
// put license
PutLicenseRequestBuilder putLicenseRequestBuilder = new PutLicenseRequestBuilder(client().admin().cluster())
.setLicense(actualLicenses);
PutLicenseResponse putLicenseResponse = putLicenseRequestBuilder.execute().get();
assertThat(putLicenseResponse.isAcknowledged(), equalTo(true));
assertThat(putLicenseResponse.status(), equalTo(LicensesStatus.VALID));
// get should return both the licenses
GetLicenseResponse getLicenseResponse = new GetLicenseRequestBuilder(client().admin().cluster()).get();
assertThat(getLicenseResponse.licenses(), notNullValue());
// check license (should get the longest expiry time for all unique features)
TestUtils.isSame(Arrays.asList(marvelLicense, longerSignedLicense), getLicenseResponse.licenses());
} }
} }

View File

@ -11,21 +11,16 @@ import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.license.core.ESLicense; import org.elasticsearch.license.core.ESLicense;
import org.elasticsearch.license.licensor.ESLicenseSigner;
import org.elasticsearch.license.plugin.core.LicensesManagerService; import org.elasticsearch.license.plugin.core.LicensesManagerService;
import org.elasticsearch.license.plugin.action.put.PutLicenseRequestBuilder; import org.elasticsearch.license.plugin.action.put.PutLicenseRequestBuilder;
import org.elasticsearch.license.plugin.action.put.PutLicenseResponse; import org.elasticsearch.license.plugin.action.put.PutLicenseResponse;
import org.elasticsearch.license.plugin.core.LicensesStatus; import org.elasticsearch.license.plugin.core.LicensesStatus;
import org.elasticsearch.test.InternalTestCluster; import org.elasticsearch.test.InternalTestCluster;
import org.junit.After; import org.junit.After;
import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import java.util.UUID;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import static org.elasticsearch.license.AbstractLicensingTestBase.getTestPriKeyPath;
import static org.elasticsearch.license.AbstractLicensingTestBase.getTestPubKeyPath;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.TEST; import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.TEST;
import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.equalTo;
@ -172,23 +167,6 @@ public class LicensesPluginIntegrationTests extends AbstractLicensesIntegrationT
}, timeoutInSec, TimeUnit.SECONDS), equalTo(true)); }, timeoutInSec, TimeUnit.SECONDS), equalTo(true));
} }
private ESLicense generateSignedLicense(String feature, TimeValue expiryDate) throws Exception {
final ESLicense licenseSpec = ESLicense.builder()
.uid(UUID.randomUUID().toString())
.feature(feature)
.expiryDate(System.currentTimeMillis() + expiryDate.getMillis())
.issueDate(System.currentTimeMillis())
.type("subscription")
.subscriptionType("gold")
.issuedTo("customer")
.issuer("elasticsearch")
.maxNodes(10)
.build();
ESLicenseSigner signer = new ESLicenseSigner(getTestPriKeyPath(), getTestPubKeyPath());
return signer.sign(licenseSpec);
}
private Iterable<TestPluginService> consumerPluginServices() { private Iterable<TestPluginService> consumerPluginServices() {
final InternalTestCluster clients = internalCluster(); final InternalTestCluster clients = internalCluster();
return clients.getDataNodeInstances(TestPluginService.class); return clients.getDataNodeInstances(TestPluginService.class);