diff --git a/src/main/java/org/elasticsearch/shield/authc/Realms.java b/src/main/java/org/elasticsearch/shield/authc/Realms.java index ab2bf6a4457..b4449ddb8f4 100644 --- a/src/main/java/org/elasticsearch/shield/authc/Realms.java +++ b/src/main/java/org/elasticsearch/shield/authc/Realms.java @@ -58,7 +58,13 @@ public class Realms extends AbstractComponent implements Iterable { } Realm.Factory factory = factories.get(type); if (factory == null) { - throw new ShieldSettingsException("Unknown reaml type [" + type + "] set for realm [" + name + "]"); + throw new ShieldSettingsException("Unknown realm type [" + type + "] set for realm [" + name + "]"); + } + if (!realmSettings.getAsBoolean("enabled", true)) { + if (logger.isDebugEnabled()) { + logger.debug("realm [{}] type [{}] is disabled", name, type); + } + continue; } if (factory.internal()) { // this is an internal realm factory, let's make sure we didn't already registered one diff --git a/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java b/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java index 6f5e0780a0e..de839a03564 100644 --- a/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java +++ b/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java @@ -47,7 +47,7 @@ public class RealmsTests extends ElasticsearchTestCase { for (int i = 0; i < factories.size() - 1; i++) { orders.add(i); } - Collections.shuffle(orders); + Collections.shuffle(orders, getRandom()); Map orderToIndex = new HashMap<>(); for (int i = 0; i < factories.size() - 1; i++) { builder.put("shield.authc.realms.realm_" + i + ".type", "type_" + i); @@ -87,6 +87,50 @@ public class RealmsTests extends ElasticsearchTestCase { assertThat(iter.hasNext(), is(false)); } + @Test + public void testDisabledRealmsAreNotAdded() throws Exception { + ImmutableSettings.Builder builder = ImmutableSettings.builder(); + List orders = new ArrayList<>(factories.size() - 1); + for (int i = 0; i < factories.size() - 1; i++) { + orders.add(i); + } + Collections.shuffle(orders, getRandom()); + Map orderToIndex = new HashMap<>(); + for (int i = 0; i < factories.size() - 1; i++) { + builder.put("shield.authc.realms.realm_" + i + ".type", "type_" + i); + builder.put("shield.authc.realms.realm_" + i + ".order", orders.get(i)); + boolean enabled = randomBoolean(); + builder.put("shield.authc.realms.realm_" + i + ".enabled", enabled); + if (enabled) { + orderToIndex.put(orders.get(i), i); + logger.error("put [{}] -> [{}]", orders.get(i), i); + } + } + + Settings settings = builder.build(); + Realms realms = new Realms(settings, factories); + Iterator iterator = realms.iterator(); + + int count = 0; + while (iterator.hasNext()) { + Realm realm = iterator.next(); + Integer index = orderToIndex.get(realm.order()); + if (index == null) { + // Default realm is inserted when factories size is 1 and enabled is false + assertThat(realm.type(), equalTo(ESUsersRealm.TYPE)); + assertThat(realm.name(), equalTo("default_" + ESUsersRealm.TYPE)); + assertThat(iterator.hasNext(), is(false)); + } else { + assertThat(realm.type(), equalTo("type_" + index)); + assertThat(realm.name(), equalTo("realm_" + index)); + assertThat(settings.getAsBoolean("shield.authc.realms.realm_" + index + ".enabled", true), equalTo(Boolean.TRUE)); + count++; + } + } + + assertThat(count, equalTo(orderToIndex.size())); + } + static class DummyRealm extends Realm { public DummyRealm(String type, String name, Settings settings) {