honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not add a disabled realm to the list of realms 

The realm documentation has a 'enabled' parameter to indicate whether the realm
should be used or not. This value is now being honored so that a realm can be disabled.

Closes elastic/elasticsearch#474

Original commit: elastic/x-pack-elasticsearch@3638a14c22
This commit is contained in:
jaymode 2014-12-11 13:40:37 -05:00
parent 2902ccb5f0
commit 9bfab4d8d5
2 changed files with 52 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/org/elasticsearch/shield/authc/Realms.java
View File

@ -58,7 +58,13 @@ public class Realms extends AbstractComponent implements Iterable<Realm> {
}
Realm.Factory factory = factories.get(type);
if (factory == null) {
throw new ShieldSettingsException("Unknown reaml type [" + type + "] set for realm [" + name + "]");
throw new ShieldSettingsException("Unknown realm type [" + type + "] set for realm [" + name + "]");
}
if (!realmSettings.getAsBoolean("enabled", true)) {
if (logger.isDebugEnabled()) {
logger.debug("realm [{}] type [{}] is disabled", name, type);
}
continue;
}
if (factory.internal()) {
// this is an internal realm factory, let's make sure we didn't already registered one

46
src/test/java/org/elasticsearch/shield/authc/RealmsTests.java
View File

@ -47,7 +47,7 @@ public class RealmsTests extends ElasticsearchTestCase {
for (int i = 0; i < factories.size() - 1; i++) {
orders.add(i);
}
Collections.shuffle(orders);
Collections.shuffle(orders, getRandom());
Map<Integer, Integer> orderToIndex = new HashMap<>();
for (int i = 0; i < factories.size() - 1; i++) {
builder.put("shield.authc.realms.realm_" + i + ".type", "type_" + i);
@ -87,6 +87,50 @@ public class RealmsTests extends ElasticsearchTestCase {
assertThat(iter.hasNext(), is(false));
}
@Test
public void testDisabledRealmsAreNotAdded() throws Exception {
ImmutableSettings.Builder builder = ImmutableSettings.builder();
List<Integer> orders = new ArrayList<>(factories.size() - 1);
for (int i = 0; i < factories.size() - 1; i++) {
orders.add(i);
}
Collections.shuffle(orders, getRandom());
Map<Integer, Integer> orderToIndex = new HashMap<>();
for (int i = 0; i < factories.size() - 1; i++) {
builder.put("shield.authc.realms.realm_" + i + ".type", "type_" + i);
builder.put("shield.authc.realms.realm_" + i + ".order", orders.get(i));
boolean enabled = randomBoolean();
builder.put("shield.authc.realms.realm_" + i + ".enabled", enabled);
if (enabled) {
orderToIndex.put(orders.get(i), i);
logger.error("put [{}] -> [{}]", orders.get(i), i);
}
}
Settings settings = builder.build();
Realms realms = new Realms(settings, factories);
Iterator<Realm> iterator = realms.iterator();
int count = 0;
while (iterator.hasNext()) {
Realm realm = iterator.next();
Integer index = orderToIndex.get(realm.order());
if (index == null) {
// Default realm is inserted when factories size is 1 and enabled is false
assertThat(realm.type(), equalTo(ESUsersRealm.TYPE));
assertThat(realm.name(), equalTo("default_" + ESUsersRealm.TYPE));
assertThat(iterator.hasNext(), is(false));
} else {
assertThat(realm.type(), equalTo("type_" + index));
assertThat(realm.name(), equalTo("realm_" + index));
assertThat(settings.getAsBoolean("shield.authc.realms.realm_" + index + ".enabled", true), equalTo(Boolean.TRUE));
count++;
}
}
assertThat(count, equalTo(orderToIndex.size()));
}
static class DummyRealm extends Realm {
public DummyRealm(String type, String name, Settings settings) {