honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-03-25 01:19:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into fix/empty-fields

Browse Source 
Original commit: elastic/x-pack-elasticsearch@fb6720a9a4
This commit is contained in:
Lukas Olson 2016-06-14 13:45:20 -07:00
commit 9c8173b5ec
103 changed files with 943 additions and 333 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
build.gradle
View File

@ -14,6 +14,7 @@ subprojects {
}
task bundlePack(type: Zip) {
onlyIf { project('kibana').bundlePlugin.enabled }
dependsOn 'elasticsearch:x-pack:bundlePlugin'
dependsOn 'kibana:bundlePlugin'
from { zipTree(project('elasticsearch:x-pack').bundlePlugin.outputs.files.singleFile) }

3
elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyScriptConditionIT.java
View File

@ -11,6 +11,7 @@ import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.script.groovy.GroovyPlugin;
import org.elasticsearch.search.aggregations.AggregationBuilders;
import org.elasticsearch.search.aggregations.bucket.histogram.Histogram;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xpack.watcher.condition.script.ExecutableScriptCondition;
import org.elasticsearch.xpack.watcher.condition.script.ScriptCondition;
@ -49,7 +50,7 @@ public class GroovyScriptConditionIT extends AbstractWatcherIntegrationTestCase
@BeforeClass
public static void startThreadPool() {
THREAD_POOL = new ThreadPool(GroovyScriptConditionIT.class.getSimpleName());
THREAD_POOL = new TestThreadPool(GroovyScriptConditionIT.class.getSimpleName());
}
@Before

3
elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/ScriptConditionSearchIT.java
View File

@ -18,6 +18,7 @@ import org.elasticsearch.search.aggregations.bucket.histogram.Histogram;
import org.elasticsearch.search.internal.InternalSearchHit;
import org.elasticsearch.search.internal.InternalSearchHits;
import org.elasticsearch.search.internal.InternalSearchResponse;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xpack.watcher.condition.script.ExecutableScriptCondition;
import org.elasticsearch.xpack.watcher.condition.script.ScriptCondition;
@ -50,7 +51,7 @@ public class ScriptConditionSearchIT extends AbstractWatcherIntegrationTestCase
@Before
public void init() throws Exception {
tp = new ThreadPool(ThreadPool.Names.SAME);
tp = new TestThreadPool(ThreadPool.Names.SAME);
scriptService = MessyTestUtils.getScriptServiceProxy(tp);
}

3
elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/ScriptConditionTests.java
View File

@ -17,6 +17,7 @@ import org.elasticsearch.script.GeneralScriptException;
import org.elasticsearch.script.ScriptService.ScriptType;
import org.elasticsearch.search.internal.InternalSearchResponse;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xpack.watcher.condition.Condition;
import org.elasticsearch.xpack.watcher.condition.script.ExecutableScriptCondition;
@ -49,7 +50,7 @@ public class ScriptConditionTests extends ESTestCase {
@Before
public void init() {
tp = new ThreadPool(ThreadPool.Names.SAME);
tp = new TestThreadPool(ThreadPool.Names.SAME);
}
@After

1
elasticsearch/qa/shield-example-realm/build.gradle
View File

@ -37,6 +37,7 @@ processResources {
task buildZip(type:Zip, dependsOn: [jar]) {
from 'build/resources/main/x-pack-extension-descriptor.properties'
from 'build/resources/main/x-pack-extension-security.policy'
from project.jar
}

8
elasticsearch/qa/shield-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java
View File

@ -11,6 +11,9 @@ import org.elasticsearch.example.realm.CustomRealmFactory;
import org.elasticsearch.shield.authc.AuthenticationModule;
import org.elasticsearch.xpack.extensions.XPackExtension;
import java.security.AccessController;
import java.security.PrivilegedAction;
public class ExampleRealmExtension extends XPackExtension {
@Override
public String name() {
@ -25,5 +28,10 @@ public class ExampleRealmExtension extends XPackExtension {
public void onModule(AuthenticationModule authenticationModule) {
authenticationModule.addCustomRealm(CustomRealm.TYPE, CustomRealmFactory.class);
authenticationModule.setAuthenticationFailureHandler(CustomAuthenticationFailureHandler.class);
// check that the extension's policy works.
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
System.getSecurityManager().checkPrintJobAccess();
return null;
});
}
}

3
elasticsearch/qa/shield-example-realm/src/main/resources/x-pack-extension-security.policy Normal file
View File

@ -0,0 +1,3 @@
grant {
permission java.lang.RuntimePermission "queuePrintJob";
};

8
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/Graph.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/Graph.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph;
package org.elasticsearch.xpack.graph;
import org.elasticsearch.action.ActionModule;
import org.elasticsearch.common.component.LifecycleComponent;
@ -12,11 +12,11 @@ import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsModule;
import org.elasticsearch.graph.action.GraphExploreAction;
import org.elasticsearch.graph.action.TransportGraphExploreAction;
import org.elasticsearch.graph.rest.action.RestGraphAction;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.graph.action.GraphExploreAction;
import org.elasticsearch.xpack.graph.action.TransportGraphExploreAction;
import org.elasticsearch.xpack.graph.rest.action.RestGraphAction;
import java.util.Collection;
import java.util.Collections;

2
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/GraphFeatureSet.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/GraphFeatureSet.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph;
package org.elasticsearch.xpack.graph;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.inject.Inject;

2
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/GraphLicensee.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/GraphLicensee.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph;
package org.elasticsearch.xpack.graph;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.inject.Inject;

2
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/GraphModule.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/GraphModule.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph;
package org.elasticsearch.xpack.graph;
import org.elasticsearch.common.inject.AbstractModule;
import org.elasticsearch.common.inject.util.Providers;

4
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/Connection.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/Connection.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph.action;
package org.elasticsearch.xpack.graph.action;
import com.carrotsearch.hppc.ObjectIntHashMap;
@ -11,7 +11,7 @@ import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.ToXContent.Params;
import org.elasticsearch.graph.action.Vertex.VertexId;
import org.elasticsearch.xpack.graph.action.Vertex.VertexId;
import java.io.IOException;
import java.util.Map;

2
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreAction.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreAction.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph.action;
package org.elasticsearch.xpack.graph.action;
import org.elasticsearch.action.Action;
import org.elasticsearch.client.ElasticsearchClient;

8
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreRequest.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreRequest.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph.action;
package org.elasticsearch.xpack.graph.action;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionRequestValidationException;
@ -149,9 +149,7 @@ public class GraphExploreRequest extends ActionRequest<GraphExploreRequest> impl
indicesOptions = IndicesOptions.readIndicesOptions(in);
types = in.readStringArray();
routing = in.readOptionalString();
if (in.readBoolean()) {
timeout = TimeValue.readTimeValue(in);
}
timeout = in.readOptionalWriteable(TimeValue::new);
sampleSize = in.readInt();
sampleDiversityField = in.readOptionalString();
maxDocsPerDiversityValue = in.readInt();
@ -177,7 +175,7 @@ public class GraphExploreRequest extends ActionRequest<GraphExploreRequest> impl
indicesOptions.writeIndicesOptions(out);
out.writeStringArray(types);
out.writeOptionalString(routing);
out.writeOptionalStreamable(timeout);
out.writeOptionalWriteable(timeout);
out.writeInt(sampleSize);
out.writeOptionalString(sampleDiversityField);

2
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreRequestBuilder.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreRequestBuilder.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph.action;
package org.elasticsearch.xpack.graph.action;
import org.elasticsearch.action.ActionRequestBuilder;
import org.elasticsearch.action.support.IndicesOptions;

6
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/GraphExploreResponse.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/GraphExploreResponse.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph.action;
package org.elasticsearch.xpack.graph.action;
import com.carrotsearch.hppc.ObjectIntHashMap;
@ -15,8 +15,8 @@ import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.graph.action.Connection.ConnectionId;
import org.elasticsearch.graph.action.Vertex.VertexId;
import org.elasticsearch.xpack.graph.action.Connection.ConnectionId;
import org.elasticsearch.xpack.graph.action.Vertex.VertexId;
import java.io.IOException;
import java.util.Collection;

2
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/Hop.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/Hop.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph.action;
package org.elasticsearch.xpack.graph.action;
import org.elasticsearch.action.ActionRequestValidationException;
import org.elasticsearch.action.ValidateActions;

10
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/TransportGraphExploreAction.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/TransportGraphExploreAction.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph.action;
package org.elasticsearch.xpack.graph.action;
import org.apache.lucene.search.BooleanQuery;
import org.apache.lucene.util.PriorityQueue;
@ -21,10 +21,6 @@ import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.CollectionUtils;
import org.elasticsearch.graph.action.Connection.ConnectionId;
import org.elasticsearch.graph.action.GraphExploreRequest.TermBoost;
import org.elasticsearch.graph.action.Vertex.VertexId;
import org.elasticsearch.graph.GraphLicensee;
import org.elasticsearch.index.query.BoolQueryBuilder;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.license.plugin.core.LicenseUtils;
@ -41,6 +37,10 @@ import org.elasticsearch.search.aggregations.bucket.terms.support.IncludeExclude
import org.elasticsearch.search.builder.SearchSourceBuilder;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.graph.GraphLicensee;
import org.elasticsearch.xpack.graph.action.Connection.ConnectionId;
import org.elasticsearch.xpack.graph.action.GraphExploreRequest.TermBoost;
import org.elasticsearch.xpack.graph.action.Vertex.VertexId;
import java.util.ArrayList;
import java.util.HashMap;

2
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/Vertex.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/Vertex.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph.action;
package org.elasticsearch.xpack.graph.action;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;

4
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/action/VertexRequest.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/VertexRequest.java
View File

@ -3,11 +3,11 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph.action;
package org.elasticsearch.xpack.graph.action;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.graph.action.GraphExploreRequest.TermBoost;
import org.elasticsearch.xpack.graph.action.GraphExploreRequest.TermBoost;
import java.io.IOException;
import java.util.HashMap;

29
elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/graph/rest/action/RestGraphAction.java → elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/rest/action/RestGraphAction.java
View File

@ -3,7 +3,16 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph.rest.action;
package org.elasticsearch.xpack.graph.rest.action;
import static org.elasticsearch.rest.RestRequest.Method.GET;
import static org.elasticsearch.rest.RestRequest.Method.POST;
import static org.elasticsearch.xpack.graph.action.GraphExploreAction.INSTANCE;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import org.elasticsearch.ElasticsearchParseException;
import org.elasticsearch.action.support.IndicesOptions;
@ -16,11 +25,6 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.graph.action.GraphExploreRequest;
import org.elasticsearch.graph.action.GraphExploreRequest.TermBoost;
import org.elasticsearch.graph.action.GraphExploreResponse;
import org.elasticsearch.graph.action.Hop;
import org.elasticsearch.graph.action.VertexRequest;
import org.elasticsearch.index.query.QueryParseContext;
import org.elasticsearch.indices.query.IndicesQueriesRegistry;
import org.elasticsearch.rest.BaseRestHandler;
@ -29,15 +33,12 @@ import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.action.support.RestActions;
import org.elasticsearch.rest.action.support.RestToXContentListener;
import org.elasticsearch.xpack.graph.action.GraphExploreRequest;
import org.elasticsearch.xpack.graph.action.GraphExploreResponse;
import org.elasticsearch.xpack.graph.action.Hop;
import org.elasticsearch.xpack.graph.action.VertexRequest;
import org.elasticsearch.xpack.graph.action.GraphExploreRequest.TermBoost;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import static org.elasticsearch.graph.action.GraphExploreAction.INSTANCE;
import static org.elasticsearch.rest.RestRequest.Method.GET;
import static org.elasticsearch.rest.RestRequest.Method.POST;
/**
* @see GraphExploreRequest

4
elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/graph/GraphFeatureSetTests.java → elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/GraphFeatureSetTests.java
View File

@ -3,11 +3,13 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph;
package org.elasticsearch.xpack.graph;
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.xpack.graph.GraphFeatureSet;
import org.elasticsearch.xpack.graph.GraphLicensee;
import org.junit.Before;
import static org.hamcrest.core.Is.is;

4
elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/graph/license/LicenseTests.java → elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/license/LicenseTests.java
View File

@ -3,12 +3,12 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph.license;
package org.elasticsearch.xpack.graph.license;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.graph.GraphLicensee;
import org.elasticsearch.license.core.License.OperationMode;
import org.elasticsearch.license.plugin.core.AbstractLicenseeTestCase;
import org.elasticsearch.xpack.graph.GraphLicensee;
import static org.hamcrest.Matchers.is;

16
elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/graph/test/GraphTests.java → elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/test/GraphTests.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.graph.test;
package org.elasticsearch.xpack.graph.test;
import org.apache.lucene.search.BooleanQuery;
import org.elasticsearch.action.ActionRequestValidationException;
@ -11,13 +11,6 @@ import org.elasticsearch.action.search.ShardSearchFailure;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.Settings.Builder;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.graph.action.GraphExploreAction;
import org.elasticsearch.graph.action.GraphExploreRequest;
import org.elasticsearch.graph.action.GraphExploreRequestBuilder;
import org.elasticsearch.graph.action.GraphExploreResponse;
import org.elasticsearch.graph.action.Hop;
import org.elasticsearch.graph.action.Vertex;
import org.elasticsearch.graph.action.VertexRequest;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.index.query.ScriptQueryBuilder;
import org.elasticsearch.marvel.Monitoring;
@ -32,6 +25,13 @@ import org.elasticsearch.shield.Security;
import org.elasticsearch.test.ESSingleNodeTestCase;
import org.elasticsearch.xpack.watcher.Watcher;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.graph.action.GraphExploreAction;
import org.elasticsearch.xpack.graph.action.GraphExploreRequest;
import org.elasticsearch.xpack.graph.action.GraphExploreRequestBuilder;
import org.elasticsearch.xpack.graph.action.GraphExploreResponse;
import org.elasticsearch.xpack.graph.action.Hop;
import org.elasticsearch.xpack.graph.action.Vertex;
import org.elasticsearch.xpack.graph.action.VertexRequest;
import java.util.Collection;
import java.util.Map;

2
elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java
View File

@ -12,7 +12,6 @@ import org.elasticsearch.cluster.metadata.MetaData;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.graph.Graph;
import org.elasticsearch.license.core.License;
import org.elasticsearch.license.plugin.action.put.PutLicenseAction;
import org.elasticsearch.license.plugin.action.put.PutLicenseRequestBuilder;
@ -31,6 +30,7 @@ import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.InternalTestCluster;
import org.elasticsearch.xpack.watcher.Watcher;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.graph.Graph;
import java.util.ArrayList;
import java.util.Collection;

2
elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/xpack/TribeTransportTestCase.java
View File

@ -20,7 +20,6 @@ import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing;
import org.elasticsearch.graph.Graph;
import org.elasticsearch.marvel.Monitoring;
import org.elasticsearch.node.Node;
import org.elasticsearch.plugins.Plugin;
@ -31,6 +30,7 @@ import org.elasticsearch.test.ESIntegTestCase.Scope;
import org.elasticsearch.test.InternalTestCluster;
import org.elasticsearch.test.NodeConfigurationSource;
import org.elasticsearch.test.TestCluster;
import org.elasticsearch.xpack.graph.Graph;
import org.elasticsearch.xpack.watcher.Watcher;
import java.util.ArrayList;

3
elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/action/TransportMonitoringBulkActionTests.java
View File

@ -30,6 +30,7 @@ import org.elasticsearch.marvel.agent.exporter.Exporters;
import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.test.transport.CapturingTransport;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.TransportService;
import org.junit.After;
@ -74,7 +75,7 @@ public class TransportMonitoringBulkActionTests extends ESTestCase {
@BeforeClass
public static void beforeClass() {
threadPool = new ThreadPool(TransportMonitoringBulkActionTests.class.getSimpleName());
threadPool = new TestThreadPool(TransportMonitoringBulkActionTests.class.getSimpleName());
}
@AfterClass

3
elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/resolver/shards/ShardsTests.java
View File

@ -25,6 +25,7 @@ import org.junit.After;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
@ -58,7 +59,7 @@ public class ShardsTests extends MarvelIntegTestCase {
public void testShards() throws Exception {
logger.debug("--> creating some indices so that shards collector reports data");
for (int i = 0; i < randomIntBetween(1, 5); i++) {
client().prepareIndex(INDEX_PREFIX + i, "foo").setRefresh(true).setSource("field1", "value1").get();
client().prepareIndex(INDEX_PREFIX + i, "foo").setRefreshPolicy(IMMEDIATE).setSource("field1", "value1").get();
}
securedFlush();

3
elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/cleaner/CleanerServiceTests.java
View File

@ -11,6 +11,7 @@ import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.marvel.MonitoringSettings;
import org.elasticsearch.marvel.MonitoringLicensee;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
@ -40,7 +41,7 @@ public class CleanerServiceTests extends ESTestCase {
@Before
public void start() {
clusterSettings = new ClusterSettings(Settings.EMPTY, Collections.singleton(MonitoringSettings.HISTORY_DURATION));
threadPool = new ThreadPool("CleanerServiceTests");
threadPool = new TestThreadPool("CleanerServiceTests");
}
@After

29
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequest.java
View File

@ -7,6 +7,8 @@ package org.elasticsearch.shield.action.role;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionRequestValidationException;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.action.support.WriteRequest.RefreshPolicy;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.bytes.BytesReference;
@ -24,13 +26,13 @@ import static org.elasticsearch.action.ValidateActions.addValidationError;
/**
* Request object for adding a role to the shield index
*/
public class PutRoleRequest extends ActionRequest<PutRoleRequest> {
public class PutRoleRequest extends ActionRequest<PutRoleRequest> implements WriteRequest<PutRoleRequest> {
private String name;
private String[] clusterPrivileges = Strings.EMPTY_ARRAY;
private List<RoleDescriptor.IndicesPrivileges> indicesPrivileges = new ArrayList<>();
private String[] runAs = Strings.EMPTY_ARRAY;
private boolean refresh = true;
private RefreshPolicy refreshPolicy = RefreshPolicy.IMMEDIATE;
public PutRoleRequest() {
}
@ -69,8 +71,19 @@ public class PutRoleRequest extends ActionRequest<PutRoleRequest> {
this.runAs = usernames;
}
public void refresh(boolean refresh) {
this.refresh = refresh;
@Override
public PutRoleRequest setRefreshPolicy(RefreshPolicy refreshPolicy) {
this.refreshPolicy = refreshPolicy;
return this;
}
/**
* Should this request trigger a refresh ({@linkplain RefreshPolicy#IMMEDIATE}, the default), wait for a refresh (
* {@linkplain RefreshPolicy#WAIT_UNTIL}), or proceed ignore refreshes entirely ({@linkplain RefreshPolicy#NONE}).
*/
@Override
public WriteRequest.RefreshPolicy getRefreshPolicy() {
return refreshPolicy;
}
public String name() {
@ -89,10 +102,6 @@ public class PutRoleRequest extends ActionRequest<PutRoleRequest> {
return runAs;
}
public boolean refresh() {
return refresh;
}
@Override
public void readFrom(StreamInput in) throws IOException {
super.readFrom(in);
@ -104,7 +113,7 @@ public class PutRoleRequest extends ActionRequest<PutRoleRequest> {
indicesPrivileges.add(RoleDescriptor.IndicesPrivileges.createFrom(in));
}
runAs = in.readStringArray();
refresh = in.readBoolean();
refreshPolicy = RefreshPolicy.readFrom(in);
}
@Override
@ -117,7 +126,7 @@ public class PutRoleRequest extends ActionRequest<PutRoleRequest> {
index.writeTo(out);
}
out.writeStringArray(runAs);
out.writeBoolean(refresh);
refreshPolicy.writeTo(out);
}
RoleDescriptor roleDescriptor() {

9
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/role/PutRoleRequestBuilder.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.shield.action.role;
import org.elasticsearch.action.ActionRequestBuilder;
import org.elasticsearch.action.support.WriteRequestBuilder;
import org.elasticsearch.client.ElasticsearchClient;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.bytes.BytesReference;
@ -14,7 +15,8 @@ import org.elasticsearch.shield.authz.RoleDescriptor;
/**
* Builder for requests to add a role to the administrative index
*/
public class PutRoleRequestBuilder extends ActionRequestBuilder<PutRoleRequest, PutRoleResponse, PutRoleRequestBuilder> {
public class PutRoleRequestBuilder extends ActionRequestBuilder<PutRoleRequest, PutRoleResponse, PutRoleRequestBuilder>
implements WriteRequestBuilder<PutRoleRequestBuilder> {
public PutRoleRequestBuilder(ElasticsearchClient client) {
this(client, PutRoleAction.INSTANCE);
@ -54,9 +56,4 @@ public class PutRoleRequestBuilder extends ActionRequestBuilder<PutRoleRequest,
request.addIndex(indices, privileges, fields, query);
return this;
}
public PutRoleRequestBuilder refresh(boolean refresh) {
request.refresh(refresh);
return this;
}
}

25
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordRequest.java
View File

@ -7,6 +7,8 @@ package org.elasticsearch.shield.action.user;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionRequestValidationException;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.action.support.WriteRequest.RefreshPolicy;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
@ -17,12 +19,14 @@ import java.io.IOException;
import static org.elasticsearch.action.ValidateActions.addValidationError;
/**
* Request to change a user's password.
*/
public class ChangePasswordRequest extends ActionRequest<ChangePasswordRequest> implements UserRequest {
public class ChangePasswordRequest extends ActionRequest<ChangePasswordRequest>
implements UserRequest, WriteRequest<ChangePasswordRequest> {
private String username;
private char[] passwordHash;
private boolean refresh = true;
private RefreshPolicy refreshPolicy = RefreshPolicy.IMMEDIATE;
@Override
public ActionRequestValidationException validate() {
@ -52,12 +56,19 @@ public class ChangePasswordRequest extends ActionRequest<ChangePasswordRequest>
this.passwordHash = passwordHash;
}
public boolean refresh() {
return refresh;
/**
* Should this request trigger a refresh ({@linkplain RefreshPolicy#IMMEDIATE}, the default), wait for a refresh (
* {@linkplain RefreshPolicy#WAIT_UNTIL}), or proceed ignore refreshes entirely ({@linkplain RefreshPolicy#NONE}).
*/
@Override
public RefreshPolicy getRefreshPolicy() {
return refreshPolicy;
}
public void refresh(boolean refresh) {
this.refresh = refresh;
@Override
public ChangePasswordRequest setRefreshPolicy(RefreshPolicy refreshPolicy) {
this.refreshPolicy = refreshPolicy;
return this;
}
@Override
@ -70,6 +81,7 @@ public class ChangePasswordRequest extends ActionRequest<ChangePasswordRequest>
super.readFrom(in);
username = in.readString();
passwordHash = CharArrays.utf8BytesToChars(in.readBytesReference().array());
refreshPolicy = RefreshPolicy.readFrom(in);
}
@Override
@ -77,5 +89,6 @@ public class ChangePasswordRequest extends ActionRequest<ChangePasswordRequest>
super.writeTo(out);
out.writeString(username);
out.writeBytesReference(new BytesArray(CharArrays.toUtf8Bytes(passwordHash)));
refreshPolicy.writeTo(out);
}
}

12
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/ChangePasswordRequestBuilder.java
View File

@ -7,25 +7,28 @@ package org.elasticsearch.shield.action.user;
import org.elasticsearch.ElasticsearchParseException;
import org.elasticsearch.action.ActionRequestBuilder;
import org.elasticsearch.action.support.WriteRequestBuilder;
import org.elasticsearch.client.ElasticsearchClient;
import org.elasticsearch.common.ParseFieldMatcher;
import org.elasticsearch.common.ValidationException;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.shield.user.User;
import org.elasticsearch.shield.authc.support.Hasher;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.support.Validation;
import org.elasticsearch.shield.user.User;
import org.elasticsearch.xpack.common.xcontent.XContentUtils;
import java.io.IOException;
import java.util.Arrays;
/**
* Request to change a user's password.
*/
public class ChangePasswordRequestBuilder
extends ActionRequestBuilder<ChangePasswordRequest, ChangePasswordResponse, ChangePasswordRequestBuilder> {
extends ActionRequestBuilder<ChangePasswordRequest, ChangePasswordResponse, ChangePasswordRequestBuilder>
implements WriteRequestBuilder<ChangePasswordRequestBuilder> {
public ChangePasswordRequestBuilder(ElasticsearchClient client) {
this(client, ChangePasswordAction.INSTANCE);
@ -81,9 +84,4 @@ public class ChangePasswordRequestBuilder
}
return this;
}
public ChangePasswordRequestBuilder refresh(boolean refresh) {
request.refresh(refresh);
return this;
}
}

29
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequest.java
View File

@ -7,6 +7,8 @@ package org.elasticsearch.shield.action.user;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionRequestValidationException;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.action.support.WriteRequest.RefreshPolicy;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.bytes.BytesReference;
@ -22,7 +24,7 @@ import static org.elasticsearch.action.ValidateActions.addValidationError;
/**
* Request object to put a native user.
*/
public class PutUserRequest extends ActionRequest<PutUserRequest> implements UserRequest {
public class PutUserRequest extends ActionRequest<PutUserRequest> implements UserRequest, WriteRequest<PutUserRequest> {
private String username;
private String[] roles;
@ -30,7 +32,7 @@ public class PutUserRequest extends ActionRequest<PutUserRequest> implements Use
private String email;
private Map<String, Object> metadata;
private char[] passwordHash;
private boolean refresh = true;
private RefreshPolicy refreshPolicy = RefreshPolicy.IMMEDIATE;
public PutUserRequest() {
}
@ -72,8 +74,19 @@ public class PutUserRequest extends ActionRequest<PutUserRequest> implements Use
this.passwordHash = passwordHash;
}
public void refresh(boolean refresh) {
this.refresh = refresh;
/**
* Should this request trigger a refresh ({@linkplain RefreshPolicy#IMMEDIATE}, the default), wait for a refresh (
* {@linkplain RefreshPolicy#WAIT_UNTIL}), or proceed ignore refreshes entirely ({@linkplain RefreshPolicy#NONE}).
*/
@Override
public RefreshPolicy getRefreshPolicy() {
return refreshPolicy;
}
@Override
public PutUserRequest setRefreshPolicy(RefreshPolicy refreshPolicy) {
this.refreshPolicy = refreshPolicy;
return this;
}
public String username() {
@ -101,10 +114,6 @@ public class PutUserRequest extends ActionRequest<PutUserRequest> implements Use
return passwordHash;
}
public boolean refresh() {
return refresh;
}
@Override
public String[] usernames() {
return new String[] { username };
@ -124,7 +133,7 @@ public class PutUserRequest extends ActionRequest<PutUserRequest> implements Use
fullName = in.readOptionalString();
email = in.readOptionalString();
metadata = in.readBoolean() ? in.readMap() : null;
refresh = in.readBoolean();
refreshPolicy = RefreshPolicy.readFrom(in);
}
@Override
@ -147,6 +156,6 @@ public class PutUserRequest extends ActionRequest<PutUserRequest> implements Use
out.writeBoolean(true);
out.writeMap(metadata);
}
out.writeBoolean(refresh);
refreshPolicy.writeTo(out);
}
}

11
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/action/user/PutUserRequestBuilder.java
View File

@ -7,6 +7,7 @@ package org.elasticsearch.shield.action.user;
import org.elasticsearch.ElasticsearchParseException;
import org.elasticsearch.action.ActionRequestBuilder;
import org.elasticsearch.action.support.WriteRequestBuilder;
import org.elasticsearch.client.ElasticsearchClient;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.ParseFieldMatcher;
@ -15,17 +16,18 @@ import org.elasticsearch.common.ValidationException;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.shield.user.User;
import org.elasticsearch.shield.authc.support.Hasher;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.support.Validation;
import org.elasticsearch.shield.user.User;
import org.elasticsearch.xpack.common.xcontent.XContentUtils;
import java.io.IOException;
import java.util.Arrays;
import java.util.Map;
public class PutUserRequestBuilder extends ActionRequestBuilder<PutUserRequest, PutUserResponse, PutUserRequestBuilder> {
public class PutUserRequestBuilder extends ActionRequestBuilder<PutUserRequest, PutUserResponse, PutUserRequestBuilder>
implements WriteRequestBuilder<PutUserRequestBuilder> {
private final Hasher hasher = Hasher.BCRYPT;
@ -77,11 +79,6 @@ public class PutUserRequestBuilder extends ActionRequestBuilder<PutUserRequest,
return this;
}
public PutUserRequestBuilder refresh(boolean refresh) {
request.refresh(refresh);
return this;
}
public PutUserRequestBuilder source(String username, BytesReference source) throws IOException {
username(username);
try (XContentParser parser = XContentHelper.createParser(source)) {

5
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/Realms.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.shield.authc;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.collect.Iterators;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Setting;
@ -101,6 +102,10 @@ public class Realms extends AbstractLifecycleComponent<Realms> implements Iterab
@Override
public Iterator<Realm> iterator() {
if (shieldLicenseState.authenticationAndAuthorizationEnabled() == false) {
return Collections.emptyIterator();
}
EnabledRealmType enabledRealmType = shieldLicenseState.enabledRealmType();
switch (enabledRealmType) {
case ALL:

22
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/esnative/NativeUsersStore.java
View File

@ -9,6 +9,7 @@ import com.carrotsearch.hppc.ObjectHashSet;
import com.carrotsearch.hppc.ObjectLongHashMap;
import com.carrotsearch.hppc.ObjectLongMap;
import com.carrotsearch.hppc.cursors.ObjectCursor;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.action.ActionListener;
@ -23,6 +24,7 @@ import org.elasticsearch.action.search.ClearScrollResponse;
import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.action.search.SearchScrollRequest;
import org.elasticsearch.action.support.WriteRequest.RefreshPolicy;
import org.elasticsearch.action.update.UpdateResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.ClusterChangedEvent;
@ -49,9 +51,6 @@ import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.search.SearchHit;
import org.elasticsearch.shield.InternalClient;
import org.elasticsearch.shield.ShieldTemplateService;
import org.elasticsearch.shield.user.SystemUser;
import org.elasticsearch.shield.user.User;
import org.elasticsearch.shield.user.User.Fields;
import org.elasticsearch.shield.action.realm.ClearRealmCacheRequest;
import org.elasticsearch.shield.action.realm.ClearRealmCacheResponse;
import org.elasticsearch.shield.action.user.ChangePasswordRequest;
@ -61,6 +60,9 @@ import org.elasticsearch.shield.authc.support.Hasher;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.client.SecurityClient;
import org.elasticsearch.shield.support.SelfReschedulingRunnable;
import org.elasticsearch.shield.user.SystemUser;
import org.elasticsearch.shield.user.User;
import org.elasticsearch.shield.user.User.Fields;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.threadpool.ThreadPool.Names;
@ -324,7 +326,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
client.prepareUpdate(ShieldTemplateService.SECURITY_INDEX_NAME, docType, username)
.setDoc(Fields.PASSWORD.getPreferredName(), String.valueOf(request.passwordHash()))
.setRefresh(request.refresh())
.setRefreshPolicy(request.getRefreshPolicy())
.execute(new ActionListener<UpdateResponse>() {
@Override
public void onResponse(UpdateResponse updateResponse) {
@ -345,7 +347,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
if (docType.equals(RESERVED_USER_DOC_TYPE)) {
createReservedUser(username, request.passwordHash(), request.refresh(), listener);
createReservedUser(username, request.passwordHash(), request.getRefreshPolicy(), listener);
} else {
logger.debug("failed to change password for user [{}]", cause, request.username());
ValidationException validationException = new ValidationException();
@ -356,10 +358,10 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
});
}
private void createReservedUser(String username, char[] passwordHash, boolean refresh, ActionListener<Void> listener) {
private void createReservedUser(String username, char[] passwordHash, RefreshPolicy refresh, ActionListener<Void> listener) {
client.prepareIndex(ShieldTemplateService.SECURITY_INDEX_NAME, RESERVED_USER_DOC_TYPE, username)
.setSource(Fields.PASSWORD.getPreferredName(), String.valueOf(passwordHash))
.setRefresh(refresh)
.setRefreshPolicy(refresh)
.execute(new ActionListener<IndexResponse>() {
@Override
public void onResponse(IndexResponse indexResponse) {
@ -400,7 +402,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
User.Fields.FULL_NAME.getPreferredName(), putUserRequest.fullName(),
User.Fields.EMAIL.getPreferredName(), putUserRequest.email(),
User.Fields.METADATA.getPreferredName(), putUserRequest.metadata())
.setRefresh(putUserRequest.refresh())
.setRefreshPolicy(putUserRequest.getRefreshPolicy())
.execute(new ActionListener<UpdateResponse>() {
@Override
public void onResponse(UpdateResponse updateResponse) {
@ -440,7 +442,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
User.Fields.FULL_NAME.getPreferredName(), putUserRequest.fullName(),
User.Fields.EMAIL.getPreferredName(), putUserRequest.email(),
User.Fields.METADATA.getPreferredName(), putUserRequest.metadata())
.setRefresh(putUserRequest.refresh())
.setRefreshPolicy(putUserRequest.getRefreshPolicy())
.execute(new ActionListener<IndexResponse>() {
@Override
public void onResponse(IndexResponse indexResponse) {
@ -470,7 +472,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
DeleteRequest request = client.prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME,
USER_DOC_TYPE, deleteUserRequest.username()).request();
request.indicesOptions().ignoreUnavailable();
request.refresh(deleteUserRequest.refresh());
request.setRefreshPolicy(deleteUserRequest.refresh() ? RefreshPolicy.IMMEDIATE : RefreshPolicy.WAIT_UNTIL);
client.delete(request, new ActionListener<DeleteResponse>() {
@Override
public void onResponse(DeleteResponse deleteResponse) {

2
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapper.java
View File

@ -35,6 +35,7 @@ import org.elasticsearch.index.cache.bitset.BitsetFilterCache;
import org.elasticsearch.index.engine.EngineException;
import org.elasticsearch.index.mapper.DocumentMapper;
import org.elasticsearch.index.mapper.MapperService;
import org.elasticsearch.index.mapper.internal.FieldNamesFieldMapper;
import org.elasticsearch.index.mapper.internal.ParentFieldMapper;
import org.elasticsearch.index.query.ParsedQuery;
import org.elasticsearch.index.query.QueryBuilder;
@ -90,6 +91,7 @@ public class ShieldIndexSearcherWrapper extends IndexSearcherWrapper {
Set<String> allowedMetaFields = new HashSet<>();
allowedMetaFields.addAll(Arrays.asList(MapperService.getAllMetaFields()));
allowedMetaFields.add(FieldNamesFieldMapper.NAME); // TODO: add _field_names to MapperService#META_FIELDS?
allowedMetaFields.add("_source"); // TODO: add _source to MapperService#META_FIELDS?
allowedMetaFields.add("_version"); // TODO: add _version to MapperService#META_FIELDS?
allowedMetaFields.remove("_all"); // The _all field contains actual data and we can't include that by default.

5
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/store/NativeRolesStore.java
View File

@ -18,6 +18,7 @@ import org.elasticsearch.action.search.ClearScrollResponse;
import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.action.search.SearchScrollRequest;
import org.elasticsearch.action.support.WriteRequest.RefreshPolicy;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.ClusterState;
@ -269,7 +270,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
try {
DeleteRequest request = client.prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME,
ROLE_DOC_TYPE, deleteRoleRequest.name()).request();
request.refresh(deleteRoleRequest.refresh());
request.setRefreshPolicy(deleteRoleRequest.refresh() ? RefreshPolicy.IMMEDIATE : RefreshPolicy.WAIT_UNTIL);
client.delete(request, new ActionListener<DeleteResponse>() {
@Override
public void onResponse(DeleteResponse deleteResponse) {
@ -299,7 +300,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
try {
client.prepareIndex(ShieldTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, role.getName())
.setSource(role.toXContent(jsonBuilder(), ToXContent.EMPTY_PARAMS))
.setRefresh(request.refresh())
.setRefreshPolicy(request.getRefreshPolicy())
.execute(new ActionListener<IndexResponse>() {
@Override
public void onResponse(IndexResponse indexResponse) {

4
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/role/RestPutRoleAction.java
View File

@ -36,9 +36,7 @@ public class RestPutRoleAction extends BaseRestHandler {
@Override
protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception {
PutRoleRequestBuilder requestBuilder = new SecurityClient(client).preparePutRole(request.param("name"), request.content());
if (request.hasParam("refresh")) {
requestBuilder.refresh(request.paramAsBoolean("refresh", true));
}
requestBuilder.setRefreshPolicy(request.param("refresh"));
requestBuilder.execute(new RestBuilderListener<PutRoleResponse>(channel) {
@Override
public RestResponse buildResponse(PutRoleResponse putRoleResponse, XContentBuilder builder) throws Exception {

2
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestChangePasswordAction.java
View File

@ -47,7 +47,7 @@ public class RestChangePasswordAction extends BaseRestHandler {
}
new SecurityClient(client).prepareChangePassword(username, request.content())
.refresh(request.paramAsBoolean("refresh", true))
.setRefreshPolicy(request.param("refresh"))
.execute(new RestBuilderListener<ChangePasswordResponse>(channel) {
@Override
public RestResponse buildResponse(ChangePasswordResponse changePasswordResponse, XContentBuilder builder) throws

2
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/rest/action/user/RestPutUserAction.java
View File

@ -37,7 +37,7 @@ public class RestPutUserAction extends BaseRestHandler {
protected void handleRequest(RestRequest request, final RestChannel channel, Client client) throws Exception {
PutUserRequestBuilder requestBuilder = new SecurityClient(client).preparePutUser(request.param("username"), request.content());
if (request.hasParam("refresh")) {
requestBuilder.refresh(request.paramAsBoolean("refresh", true));
requestBuilder.setRefreshPolicy(request.param("refresh"));
}
requestBuilder.execute(new RestBuilderListener<PutUserResponse>(channel) {
@Override

15
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java
View File

@ -13,10 +13,9 @@ import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.shield.action.role.PutRoleResponse;
import org.elasticsearch.shield.action.role.GetRolesResponse;
import org.elasticsearch.shield.ShieldTemplateService;
import org.elasticsearch.shield.authc.esnative.NativeRealm;
import org.elasticsearch.shield.action.role.GetRolesResponse;
import org.elasticsearch.shield.action.role.PutRoleResponse;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.shield.authz.RoleDescriptor;
@ -31,10 +30,13 @@ import org.junit.BeforeClass;
import java.util.Arrays;
import java.util.List;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.NONE;
import static org.hamcrest.Matchers.arrayWithSize;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
/**
* Test for the Shield clear roles API that changes the polling aspect of shield to only run once an hour in order to
* test the cache clearing APIs.
@ -91,13 +93,12 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
int modifiedRolesCount = randomIntBetween(1, roles.length);
List<String> toModify = randomSubsetOf(modifiedRolesCount, roles);
logger.debug("--> modifying roles {} to have run_as", toModify);
final boolean refresh = randomBoolean();
for (String role : toModify) {
PutRoleResponse response = securityClient.preparePutRole(role)
.cluster("none")
.addIndices(new String[] { "*" }, new String[] { "ALL" }, null, null)
.runAs(role)
.refresh(refresh)
.setRefreshPolicy(randomBoolean() ? IMMEDIATE : NONE)
.get();
assertThat(response.isCreated(), is(false));
logger.debug("--> updated role [{}] with run_as", role);
@ -115,7 +116,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
UpdateResponse response = internalClient().prepareUpdate().setId(role).setIndex(ShieldTemplateService.SECURITY_INDEX_NAME)
.setType(NativeRolesStore.ROLE_DOC_TYPE)
.setDoc("run_as", new String[] { role })
.setRefresh(refresh)
.setRefreshPolicy(refresh ? IMMEDIATE : NONE)
.get();
assertThat(response.isCreated(), is(false));
logger.debug("--> updated role [{}] with run_as", role);
@ -158,7 +159,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase {
final boolean refresh = randomBoolean();
DeleteResponse response = internalClient()
.prepareDelete(ShieldTemplateService.SECURITY_INDEX_NAME, NativeRolesStore.ROLE_DOC_TYPE, role)
.setRefresh(refresh)
.setRefreshPolicy(refresh ? IMMEDIATE : NONE)
.get();
assertThat(response.isFound(), is(true));

7
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java
View File

@ -23,6 +23,8 @@ import org.elasticsearch.test.ShieldIntegTestCase;
import java.util.Collections;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.NONE;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
@ -64,7 +66,8 @@ public class DateMathExpressionIntegTests extends ShieldIntegTestCase {
CreateIndexResponse response = client.admin().indices().prepareCreate(expression).get();
assertThat(response.isAcknowledged(), is(true));
}
IndexResponse response = client.prepareIndex(expression, "type").setSource("foo", "bar").setRefresh(refeshOnOperation).get();
IndexResponse response = client.prepareIndex(expression, "type").setSource("foo", "bar")
.setRefreshPolicy(refeshOnOperation ? IMMEDIATE : NONE).get();
assertThat(response.isCreated(), is(true));
assertThat(response.getIndex(), containsString(expectedIndexName));
@ -84,7 +87,7 @@ public class DateMathExpressionIntegTests extends ShieldIntegTestCase {
UpdateResponse updateResponse = client.prepareUpdate(expression, "type", response.getId())
.setDoc("new", "field")
.setRefresh(refeshOnOperation)
.setRefreshPolicy(refeshOnOperation ? IMMEDIATE : NONE)
.get();
assertThat(updateResponse.isCreated(), is(false));

9
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentAndFieldLevelSecurityTests.java
View File

@ -17,6 +17,7 @@ import org.elasticsearch.xpack.XPackPlugin;
import java.util.Collections;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
@ -94,10 +95,10 @@ public class DocumentAndFieldLevelSecurityTests extends ShieldIntegTestCase {
.addMapping("type1", "field1", "type=text", "field2", "type=text")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
client().prepareIndex("test", "type1", "2").setSource("field2", "value2")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
SearchResponse response = client().filterWithHeader(
@ -133,10 +134,10 @@ public class DocumentAndFieldLevelSecurityTests extends ShieldIntegTestCase {
.addMapping("type1", "field1", "type=text", "field2", "type=text")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
client().prepareIndex("test", "type1", "2").setSource("field2", "value2")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
// Both users have the same role query, but user3 has access to field2 and not field1, which should result in zero hits:

31
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/DocumentLevelSecurityTests.java
View File

@ -33,6 +33,7 @@ import org.elasticsearch.xpack.XPackPlugin;
import java.util.Collections;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.index.query.QueryBuilders.hasChildQuery;
import static org.elasticsearch.index.query.QueryBuilders.hasParentQuery;
import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery;
@ -108,13 +109,13 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase {
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
client().prepareIndex("test", "type1", "2").setSource("field2", "value2")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
client().prepareIndex("test", "type1", "3").setSource("field3", "value3")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
SearchResponse response = client()
@ -289,13 +290,13 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase {
"field3", "type=text,term_vector=with_positions_offsets_payloads")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
client().prepareIndex("test", "type1", "2").setSource("field2", "value2")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
client().prepareIndex("test", "type1", "3").setSource("field3", "value3")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
boolean realtime = randomBoolean();
@ -354,13 +355,13 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase {
"field3", "type=text,term_vector=with_positions_offsets_payloads")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
client().prepareIndex("test", "type1", "2").setSource("field2", "value2")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
client().prepareIndex("test", "type1", "3").setSource("field3", "value3")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
boolean realtime = randomBoolean();
@ -419,13 +420,13 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase {
.addMapping("type1", "field1", "type=text", "field2", "type=text,fielddata=true", "field3", "type=text")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
client().prepareIndex("test", "type1", "2").setSource("field2", "value2")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
client().prepareIndex("test", "type1", "3").setSource("field3", "value3")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
SearchResponse response = client().prepareSearch("test")
@ -483,11 +484,11 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase {
.addMapping("type2", "_parent", "type=type1", "field3", "type=text,fielddata=true")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
client().prepareIndex("test", "type2", "2").setSource("field3", "value3")
.setParent("1")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
SearchResponse response = client().prepareSearch("test")
@ -705,7 +706,7 @@ public class DocumentLevelSecurityTests extends ShieldIntegTestCase {
.addMapping("type", "field1", "type=text", "field2", "type=text")
);
client().prepareIndex("test", "type", "1").setSource("field1", "value1")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
// With document level security enabled the update is not allowed:

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityRandomTests.java
View File

@ -24,6 +24,7 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.index.query.QueryBuilders.matchQuery;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
@ -141,7 +142,7 @@ public class FieldLevelSecurityRandomTests extends ShieldIntegTestCase {
assertAcked(client().admin().indices().prepareCreate("test")
.addMapping("type1", (Object[])fieldMappers)
);
client().prepareIndex("test", "type1", "1").setSource(doc).setRefresh(true).get();
client().prepareIndex("test", "type1", "1").setSource(doc).setRefreshPolicy(IMMEDIATE).get();
for (String allowedField : allowedFields) {
logger.info("Checking allowed field [{}]", allowedField);

96
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java
View File

@ -32,7 +32,9 @@ import org.elasticsearch.xpack.XPackPlugin;
import java.util.Collections;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.index.query.QueryBuilders.constantScoreQuery;
import static org.elasticsearch.index.query.QueryBuilders.existsQuery;
import static org.elasticsearch.index.query.QueryBuilders.hasChildQuery;
import static org.elasticsearch.index.query.QueryBuilders.matchQuery;
import static org.elasticsearch.index.query.QueryBuilders.termQuery;
@ -136,7 +138,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
// user1 has access to field1, so the query should match with the document:
@ -481,14 +483,12 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
assertThat(response.getResponses()[0].getResponse().getSource().get("field2").toString(), equalTo("value2"));
}
// norelease - we need to fix the issue so that only fields a user can see are returned
@AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2120")
public void testFieldStatsApi() throws Exception {
assertAcked(client().admin().indices().prepareCreate("test")
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
// user1 is granted access to field1 only:
@ -622,7 +622,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
int max = scaledRandomIntBetween(4, 32);
@ -660,7 +660,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
int max = scaledRandomIntBetween(4, 32);
@ -702,7 +702,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
"field3", "type=text,store=true")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
// user1 is granted access to field1 only:
@ -799,7 +799,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
// user1 is granted access to field1 only:
@ -873,7 +873,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
);
client().prepareIndex("test", "type1", "1").setSource("field1", 1d, "field2", 2d)
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
// user1 is granted to use field1, so it is included in the sort_values
@ -882,28 +882,28 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
.prepareSearch("test")
.addSort("field1", SortOrder.ASC)
.get();
assertThat((Long) response.getHits().getAt(0).sortValues()[0], equalTo(1L));
assertThat(response.getHits().getAt(0).sortValues()[0], equalTo(1L));
// user2 is not granted to use field1, so the default missing sort value is included
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD)))
.prepareSearch("test")
.addSort("field1", SortOrder.ASC)
.get();
assertThat((Long) response.getHits().getAt(0).sortValues()[0], equalTo(Long.MAX_VALUE));
assertThat(response.getHits().getAt(0).sortValues()[0], equalTo(Long.MAX_VALUE));
// user1 is not granted to use field2, so the default missing sort value is included
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD)))
.prepareSearch("test")
.addSort("field2", SortOrder.ASC)
.get();
assertThat((Long) response.getHits().getAt(0).sortValues()[0], equalTo(Long.MAX_VALUE));
assertThat(response.getHits().getAt(0).sortValues()[0], equalTo(Long.MAX_VALUE));
// user2 is granted to use field2, so it is included in the sort_values
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD)))
.prepareSearch("test")
.addSort("field2", SortOrder.ASC)
.get();
assertThat((Long) response.getHits().getAt(0).sortValues()[0], equalTo(2L));
assertThat(response.getHits().getAt(0).sortValues()[0], equalTo(2L));
}
public void testAggs() throws Exception {
@ -911,7 +911,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
.addMapping("type1", "field1", "type=text,fielddata=true", "field2", "type=text,fielddata=true")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
// user1 is authorized to use field1, so buckets are include for a term agg on field1
@ -951,7 +951,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
"field3", "type=text,term_vector=with_positions_offsets_payloads")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
boolean realtime = randomBoolean();
@ -1035,7 +1035,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
"field3", "type=text,term_vector=with_positions_offsets_payloads")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
boolean realtime = randomBoolean();
@ -1155,7 +1155,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
);
client().prepareIndex("test", "type", "1")
.setSource("field1", "value1", "field2", "value1")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
// With field level security enabled the update is not allowed:
@ -1200,7 +1200,7 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
.addMapping("type1", "field1", "type=text", "field2", "type=text")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
// user6 has access to all fields, so the query should match with the document:
@ -1224,4 +1224,64 @@ public class FieldLevelSecurityTests extends ShieldIntegTestCase {
assertThat(response.getHits().getAt(0).sourceAsMap().get("field2").toString(), equalTo("value2"));
}
public void testExistQuery() {
assertAcked(client().admin().indices().prepareCreate("test")
.addMapping("type1", "field1", "type=text", "field2", "type=text", "field3", "type=text")
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
.setRefreshPolicy(IMMEDIATE)
.get();
// user1 has access to field1, so the query should match with the document:
SearchResponse response = client()
.filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD)))
.prepareSearch("test")
.setQuery(existsQuery("field1"))
.get();
assertHitCount(response, 1);
// user1 has no access to field2, so the query should not match with the document:
response = client()
.filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD)))
.prepareSearch("test")
.setQuery(existsQuery("field2"))
.get();
assertHitCount(response, 0);
// user2 has no access to field1, so the query should not match with the document:
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD)))
.prepareSearch("test")
.setQuery(existsQuery("field1"))
.get();
assertHitCount(response, 0);
// user2 has access to field2, so the query should match with the document:
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD)))
.prepareSearch("test")
.setQuery(existsQuery("field2"))
.get();
assertHitCount(response, 1);
// user3 has access to field1 and field2, so the query should match with the document:
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user3", USERS_PASSWD)))
.prepareSearch("test")
.setQuery(existsQuery("field1"))
.get();
assertHitCount(response, 1);
// user3 has access to field1 and field2, so the query should match with the document:
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user3", USERS_PASSWD)))
.prepareSearch("test")
.setQuery(existsQuery("field2"))
.get();
assertHitCount(response, 1);
// user4 has access to no fields, so the query should not match with the document:
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user4", USERS_PASSWD)))
.prepareSearch("test")
.setQuery(existsQuery("field1"))
.get();
assertHitCount(response, 0);
// user4 has access to no fields, so the query should not match with the document:
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user4", USERS_PASSWD)))
.prepareSearch("test")
.setQuery(existsQuery("field2"))
.get();
assertHitCount(response, 0);
}
}

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/IndicesPermissionsWithAliasesWildcardsAndRegexsTests.java
View File

@ -16,6 +16,7 @@ import org.elasticsearch.xpack.XPackPlugin;
import java.util.Collections;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
@ -72,7 +73,7 @@ public class IndicesPermissionsWithAliasesWildcardsAndRegexsTests extends Shield
.addAlias(new Alias("an_alias"))
);
client().prepareIndex("test", "type1", "1").setSource("field1", "value1", "field2", "value2", "field3", "value3")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
GetResponse getResponse = client()

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java
View File

@ -25,6 +25,7 @@ import org.elasticsearch.test.ShieldIntegTestCase;
import java.util.Locale;
import static java.util.Collections.singletonMap;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.hamcrest.Matchers.arrayContaining;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
@ -183,7 +184,7 @@ public class KibanaUserRoleIntegTests extends ShieldIntegTestCase {
.setIndex(index)
.setType("dashboard")
.setSource("foo", "bar")
.setRefresh(true)
.setRefreshPolicy(IMMEDIATE)
.get();
assertThat(response.isCreated(), is(true));

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java
View File

@ -24,6 +24,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertThrows;
@ -63,7 +64,7 @@ public class ShieldClearScrollTests extends ShieldIntegTestCase {
@Before
public void indexRandomDocuments() {
BulkRequestBuilder bulkRequestBuilder = client().prepareBulk().setRefresh(true);
BulkRequestBuilder bulkRequestBuilder = client().prepareBulk().setRefreshPolicy(IMMEDIATE);
for (int i = 0; i < randomIntBetween(10, 50); i++) {
bulkRequestBuilder.add(client().prepareIndex("index", "type", String.valueOf(i)).setSource("{ \"foo\" : \"bar\" }"));
}

7
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/SecurityFeatureSetTests.java
View File

@ -15,6 +15,7 @@ import org.elasticsearch.xpack.watcher.support.xcontent.XContentSource;
import org.junit.Before;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -92,7 +93,7 @@ public class SecurityFeatureSetTests extends ESTestCase {
realmUsage.put("key3", i % 2 == 0);
when(realm.usageStats()).thenReturn(realmUsage);
}
when(realms.iterator()).thenReturn(realmsList.iterator());
when(realms.iterator()).thenReturn(available ? realmsList.iterator() : Collections.<Realm>emptyIterator());
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings.build(), licenseState, realms, namedWriteableRegistry);
XPackFeatureSet.Usage usage = featureSet.usage();
@ -102,12 +103,14 @@ public class SecurityFeatureSetTests extends ESTestCase {
assertThat(usage.available(), is(available));
XContentSource source = new XContentSource(usage);
if (enabled) {
if (enabled && available) {
for (int i = 0; i < 5; i++) {
assertThat(source.getValue("enabled_realms." + i + ".key1"), is("value" + i));
assertThat(source.getValue("enabled_realms." + i + ".key2"), is(i));
assertThat(source.getValue("enabled_realms." + i + ".key3"), is(i % 2 == 0));
}
} else if (enabled) {
assertThat(source.getValue("enabled_realms"), is(notNullValue()));
} else {
assertThat(source.getValue("enabled_realms"), is(nullValue()));
}

2
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java
View File

@ -37,6 +37,6 @@ public class VersionCompatibilityTests extends ESTestCase {
*
*/
assertThat("Remove workaround in LicenseService class when es core supports merging cluster level custom metadata",
Version.CURRENT.equals(Version.V_5_0_0), is(true));
Version.CURRENT.equals(Version.V_5_0_0_alpha4), is(true));
}
}

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/AuditTrailModuleTests.java
View File

@ -17,6 +17,7 @@ import org.elasticsearch.common.settings.SettingsModule;
import org.elasticsearch.indices.breaker.CircuitBreakerModule;
import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.threadpool.ThreadPoolModule;
import org.elasticsearch.transport.Transport;
@ -55,7 +56,7 @@ public class AuditTrailModuleTests extends ESTestCase {
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put("client.type", "node")
.build();
ThreadPool pool = new ThreadPool("testLogFile");
ThreadPool pool = new TestThreadPool("testLogFile");
try {
SettingsModule settingsModule = new SettingsModule(settings);
settingsModule.registerSetting(AuditTrailModule.ENABLED_SETTING);

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailMutedTests.java
View File

@ -25,6 +25,7 @@ import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
import org.elasticsearch.shield.user.SystemUser;
import org.elasticsearch.shield.user.User;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportMessage;
@ -58,7 +59,7 @@ public class IndexAuditTrailMutedTests extends ESTestCase {
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { DummyTransportAddress.INSTANCE },
DummyTransportAddress.INSTANCE));
threadPool = new ThreadPool("index audit trail tests");
threadPool = new TestThreadPool("index audit trail tests");
transportClient = TransportClient.builder().settings(Settings.EMPTY).build();
clientCalled = new AtomicBoolean(false);
client = new InternalClient(transportClient) {

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java
View File

@ -43,6 +43,7 @@ import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.InternalTestCluster;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.ShieldSettingsSource;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportInfo;
@ -260,7 +261,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
BoundTransportAddress boundTransportAddress = new BoundTransportAddress(new TransportAddress[]{DummyTransportAddress.INSTANCE},
DummyTransportAddress.INSTANCE);
when(transport.boundAddress()).thenReturn(boundTransportAddress);
threadPool = new ThreadPool("index audit trail tests");
threadPool = new TestThreadPool("index audit trail tests");
enqueuedMessage = new SetOnce<>();
auditor = new IndexAuditTrail(settings, transport, Providers.of(internalClient()), threadPool, mock(ClusterService.class)) {
@Override

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailUpdateMappingTests.java
View File

@ -14,6 +14,7 @@ import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.rest.FakeRestRequest;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.junit.After;
@ -39,7 +40,7 @@ public class IndexAuditTrailUpdateMappingTests extends ShieldIntegTestCase {
@Before
public void setup() {
threadPool = new ThreadPool("index audit trail update mapping tests");
threadPool = new TestThreadPool("index audit trail update mapping tests");
}
public void testMappingIsUpdated() throws Exception {

1
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
View File

@ -94,6 +94,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
Settings settings = Settings.builder().put("path.home", createTempDir()).build();
SecurityLicenseState shieldLicenseState = mock(SecurityLicenseState.class);
when(shieldLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.ALL);
when(shieldLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(true);
realms = new Realms(Settings.EMPTY, new Environment(settings), Collections.<String, Realm.Factory>emptyMap(), shieldLicenseState,
mock(ReservedRealm.class)) {

16
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/RealmsTests.java
View File

@ -52,6 +52,7 @@ public class RealmsTests extends ESTestCase {
}
shieldLicenseState = mock(SecurityLicenseState.class);
reservedRealm = mock(ReservedRealm.class);
when(shieldLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(true);
when(shieldLicenseState.enabledRealmType()).thenReturn(EnabledRealmType.ALL);
}
@ -338,6 +339,21 @@ public class RealmsTests extends ESTestCase {
assertThat(count, equalTo(orderToIndex.size()));
}
public void testAuthcAuthzDisabled() {
Settings settings = Settings.builder()
.put("path.home", createTempDir())
.put("xpack.security.authc.realms.realm_1.type", FileRealm.TYPE)
.put("xpack.security.authc.realms.realm_1.order", 0)
.build();
Environment env = new Environment(settings);
Realms realms = new Realms(settings, env, factories, shieldLicenseState, reservedRealm).start();
assertThat(realms.iterator().hasNext(), is(true));
when(shieldLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(false);
assertThat(realms.iterator().hasNext(), is(false));
}
static class DummyRealm extends Realm {
public DummyRealm(String type, RealmConfig config) {

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryRealmTests.java
View File

@ -22,6 +22,7 @@ import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.SecuredStringTests;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.junit.After;
@ -92,7 +93,7 @@ public class ActiveDirectoryRealmTests extends ESTestCase {
directoryServer.startListening();
directoryServers[i] = directoryServer;
}
threadPool = new ThreadPool("active directory realm tests");
threadPool = new TestThreadPool("active directory realm tests");
resourceWatcherService = new ResourceWatcherService(Settings.EMPTY, threadPool);
globalSettings = Settings.builder().put("path.home", createTempDir()).build();
}

7
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/NativeRealmIntegTests.java
View File

@ -44,6 +44,7 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.hamcrest.Matchers.arrayContaining;
import static org.hamcrest.Matchers.containsString;
@ -205,7 +206,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
createIndex("idx");
ensureGreen("idx");
// Index a document with the default test user
client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefresh(true).get();
client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefreshPolicy(IMMEDIATE).get();
String token = basicAuthHeaderValue("joe", new SecuredString("s3krit".toCharArray()));
SearchResponse searchResp = client().filterWithHeader(Collections.singletonMap("Authorization", token)).prepareSearch("idx").get();
@ -227,7 +228,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
createIndex("idx");
ensureGreen("idx");
// Index a document with the default test user
client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefresh(true).get();
client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefreshPolicy(IMMEDIATE).get();
String token = basicAuthHeaderValue("joe", new SecuredString("s3krit".toCharArray()));
SearchResponse searchResp = client().filterWithHeader(Collections.singletonMap("Authorization", token)).prepareSearch("idx").get();
@ -262,7 +263,7 @@ public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
createIndex("idx");
ensureGreen("idx");
// Index a document with the default test user
client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefresh(true).get();
client().prepareIndex("idx", "doc", "1").setSource("body", "foo").setRefreshPolicy(IMMEDIATE).get();
String token = basicAuthHeaderValue("joe", new SecuredString("s3krit".toCharArray()));
SearchResponse searchResp = client().filterWithHeader(Collections.singletonMap("Authorization", token)).prepareSearch("idx").get();

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserPasswdStoreTests.java
View File

@ -16,6 +16,7 @@ import org.elasticsearch.shield.authc.support.Hasher;
import org.elasticsearch.shield.authc.support.RefreshListener;
import org.elasticsearch.shield.authc.support.SecuredStringTests;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.junit.After;
@ -62,7 +63,7 @@ public class FileUserPasswdStoreTests extends ESTestCase {
.put("path.home", createTempDir())
.build();
env = new Environment(settings);
threadPool = new ThreadPool("test");
threadPool = new TestThreadPool("test");
}
@After

5
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/file/FileUserRolesStoreTests.java
View File

@ -15,6 +15,7 @@ import org.elasticsearch.shield.audit.logfile.CapturingLogger;
import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.shield.authc.support.RefreshListener;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.elasticsearch.xpack.XPackPlugin;
@ -63,7 +64,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
.put("path.home", createTempDir())
.build();
env = new Environment(settings);
threadPool = new ThreadPool("test");
threadPool = new TestThreadPool("test");
}
@After
@ -224,7 +225,7 @@ public class FileUserRolesStoreTests extends ESTestCase {
public void testParseFileEmptyRolesDoesNotCauseNPE() throws Exception {
ThreadPool threadPool = null;
try {
threadPool = new ThreadPool("test");
threadPool = new TestThreadPool("test");
Path usersRoles = writeUsersRoles("role1:admin");
Settings settings = Settings.builder()

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTests.java
View File

@ -15,6 +15,7 @@ import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.SecuredStringTests;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.shield.user.User;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.junit.After;
@ -49,7 +50,7 @@ public class LdapRealmTests extends LdapTestCase {
@Before
public void init() throws Exception {
threadPool = new ThreadPool("ldap realm tests");
threadPool = new TestThreadPool("ldap realm tests");
resourceWatcherService = new ResourceWatcherService(Settings.EMPTY, threadPool);
globalSettings = Settings.builder().put("path.home", createTempDir()).build();
}

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/support/DnRoleMapperTests.java
View File

@ -13,6 +13,7 @@ import org.elasticsearch.shield.authc.RealmConfig;
import org.elasticsearch.shield.authc.activedirectory.ActiveDirectoryRealm;
import org.elasticsearch.shield.authc.ldap.LdapRealm;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.junit.After;
@ -69,7 +70,7 @@ public class DnRoleMapperTests extends ESTestCase {
.put("path.home", createTempDir())
.build();
env = new Environment(settings);
threadPool = new ThreadPool("test");
threadPool = new TestThreadPool("test");
}
@After

13
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/accesscontrol/ShieldIndexSearcherWrapperUnitTests.java
View File

@ -133,7 +133,7 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
FieldSubsetReader.FieldSubsetDirectoryReader result =
(FieldSubsetReader.FieldSubsetDirectoryReader) shieldIndexSearcherWrapper.wrap(esIn);
assertThat(result.getFieldNames().size(), equalTo(11));
assertThat(result.getFieldNames().size(), equalTo(12));
assertThat(result.getFieldNames().contains("_uid"), is(true));
assertThat(result.getFieldNames().contains("_id"), is(true));
assertThat(result.getFieldNames().contains("_version"), is(true));
@ -145,6 +145,7 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
assertThat(result.getFieldNames().contains("_ttl"), is(true));
assertThat(result.getFieldNames().contains("_size"), is(true));
assertThat(result.getFieldNames().contains("_index"), is(true));
assertThat(result.getFieldNames().contains("_field_names"), is(true));
// _all contains actual user data and therefor can't be included by default
assertThat(result.getFieldNames().contains("_all"), is(false));
}
@ -468,6 +469,16 @@ public class ShieldIndexSearcherWrapperUnitTests extends ESTestCase {
public Weight createWeight(IndexSearcher searcher, boolean needsScores) throws IOException {
return new CreateScorerOnceWeight(query.createWeight(searcher, needsScores));
}
@Override
public boolean equals(Object obj) {
return sameClassAs(obj) && query.equals(((CreateScorerOnceQuery) obj).query);
}
@Override
public int hashCode() {
return 31 * classHash() + query.hashCode();
}
}
public void doTestIndexSearcherWrapper(boolean sparse, boolean deletions) throws IOException {

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java
View File

@ -17,6 +17,7 @@ import org.elasticsearch.shield.authz.permission.RunAsPermission;
import org.elasticsearch.shield.authz.privilege.ClusterPrivilege;
import org.elasticsearch.shield.authz.privilege.IndexPrivilege;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.elasticsearch.xpack.XPackPlugin;
@ -257,7 +258,7 @@ public class FileRolesStoreTests extends ESTestCase {
.build();
Environment env = new Environment(settings);
threadPool = new ThreadPool("test");
threadPool = new TestThreadPool("test");
watcherService = new ResourceWatcherService(settings, threadPool);
final CountDownLatch latch = new CountDownLatch(1);
FileRolesStore store = new FileRolesStore(settings, env, watcherService, new RefreshListener() {

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/crypto/InternalCryptoServiceTests.java
View File

@ -10,6 +10,7 @@ import org.elasticsearch.common.io.Streams;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.junit.After;
@ -53,7 +54,7 @@ public class InternalCryptoServiceTests extends ESTestCase {
.put("path.home", createTempDir())
.build();
env = new Environment(settings);
threadPool = new ThreadPool("test");
threadPool = new TestThreadPool("test");
watcherService = new ResourceWatcherService(settings, threadPool);
watcherService.start();
}

17
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ssl/SSLConfigurationTests.java
View File

@ -15,6 +15,7 @@ import org.elasticsearch.shield.ssl.SSLConfiguration.Custom;
import org.elasticsearch.shield.ssl.SSLConfiguration.Global;
import org.elasticsearch.shield.ssl.TrustConfig.Reloadable.Listener;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.watcher.ResourceWatcherService;
@ -321,7 +322,7 @@ public class SSLConfigurationTests extends ESTestCase {
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
Listener listener = createRefreshListener(latch, exceptionRef);
ThreadPool threadPool = new ThreadPool("reload");
ThreadPool threadPool = new TestThreadPool("reload");
try {
ResourceWatcherService resourceWatcherService =
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
@ -384,7 +385,7 @@ public class SSLConfigurationTests extends ESTestCase {
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
Listener listener = createRefreshListener(latch, exceptionRef);
ThreadPool threadPool = new ThreadPool("reload pem");
ThreadPool threadPool = new TestThreadPool("reload pem");
try {
ResourceWatcherService resourceWatcherService =
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
@ -460,7 +461,7 @@ public class SSLConfigurationTests extends ESTestCase {
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
Listener listener = createRefreshListener(latch, exceptionRef);
ThreadPool threadPool = new ThreadPool("reload");
ThreadPool threadPool = new TestThreadPool("reload");
try {
ResourceWatcherService resourceWatcherService =
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
@ -506,7 +507,7 @@ public class SSLConfigurationTests extends ESTestCase {
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
Listener listener = createRefreshListener(latch, exceptionRef);
ThreadPool threadPool = new ThreadPool("reload");
ThreadPool threadPool = new TestThreadPool("reload");
try {
ResourceWatcherService resourceWatcherService =
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
@ -554,7 +555,7 @@ public class SSLConfigurationTests extends ESTestCase {
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
Listener listener = createRefreshListener(latch, exceptionRef);
ThreadPool threadPool = new ThreadPool("reload");
ThreadPool threadPool = new TestThreadPool("reload");
try {
ResourceWatcherService resourceWatcherService =
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
@ -603,7 +604,7 @@ public class SSLConfigurationTests extends ESTestCase {
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
Listener listener = createRefreshListener(latch, exceptionRef);
ThreadPool threadPool = new ThreadPool("reload pem");
ThreadPool threadPool = new TestThreadPool("reload pem");
try {
ResourceWatcherService resourceWatcherService =
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
@ -654,7 +655,7 @@ public class SSLConfigurationTests extends ESTestCase {
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
Listener listener = createRefreshListener(latch, exceptionRef);
ThreadPool threadPool = new ThreadPool("reload");
ThreadPool threadPool = new TestThreadPool("reload");
try {
ResourceWatcherService resourceWatcherService =
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();
@ -693,7 +694,7 @@ public class SSLConfigurationTests extends ESTestCase {
AtomicReference<Exception> exceptionRef = new AtomicReference<>();
Listener listener = createRefreshListener(latch, exceptionRef);
ThreadPool threadPool = new ThreadPool("reload");
ThreadPool threadPool = new TestThreadPool("reload");
try {
ResourceWatcherService resourceWatcherService =
new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool).start();

5
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/support/SelfReschedulingRunnableTests.java
View File

@ -10,6 +10,7 @@ import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.threadpool.ThreadPool.Names;
@ -189,7 +190,7 @@ public class SelfReschedulingRunnableTests extends ESTestCase {
}
public void testStopPreventsRunning() throws Exception {
final ThreadPool threadPool = new ThreadPool("test-stop-self-schedule");
final ThreadPool threadPool = new TestThreadPool("test-stop-self-schedule");
final AtomicInteger failureCounter = new AtomicInteger(0);
final AtomicInteger runCounter = new AtomicInteger(0);
final AbstractRunnable runnable = new AbstractRunnable() {
@ -232,7 +233,7 @@ public class SelfReschedulingRunnableTests extends ESTestCase {
}
public void testStopPreventsRescheduling() throws Exception {
final ThreadPool threadPool = new ThreadPool("test-stop-self-schedule");
final ThreadPool threadPool = new TestThreadPool("test-stop-self-schedule");
final CountDownLatch threadRunningLatch = new CountDownLatch(randomIntBetween(1, 16));
final CountDownLatch stopCalledLatch = new CountDownLatch(1);
final AbstractRunnable runnable = new AbstractRunnable() {

2
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java
View File

@ -217,7 +217,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
return getSSLSettingsForPEMFiles("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.pem", "testnode",
Collections.singletonList("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"),
Arrays.asList("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.crt",
"/org/elasticsearch/shield/transport/ssl/certs/simple/activedir.crt",
"/org/elasticsearch/shield/transport/ssl/certs/simple/active-directory-ca.crt",
"/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt",
"/org/elasticsearch/shield/transport/ssl/certs/simple/openldap.crt",
"/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"),

2
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java
View File

@ -9,12 +9,12 @@ import org.apache.lucene.util.IOUtils;
import org.elasticsearch.action.Action;
import org.elasticsearch.common.io.PathUtils;
import org.elasticsearch.common.io.Streams;
import org.elasticsearch.graph.Graph;
import org.elasticsearch.license.plugin.Licensing;
import org.elasticsearch.shield.action.ShieldActionModule;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.graph.Graph;
import org.junit.BeforeClass;
import java.io.IOException;

BIN
elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/ldaptrust.jks
View File

Binary file not shown.

BIN
elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/active-directory-ca.crt Normal file
View File

Binary file not shown.

BIN
elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/activedir.crt
View File

Binary file not shown.

BIN
elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-no-subjaltname.jks
View File

Binary file not shown.

BIN
elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks
View File

Binary file not shown.

1
elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions
View File

@ -20,6 +20,7 @@ cluster:monitor/nodes/stats
cluster:monitor/state
cluster:monitor/stats
cluster:monitor/task
cluster:monitor/task/get
cluster:monitor/tasks/lists
cluster:monitor/xpack/watcher/stats
indices:admin/aliases

10
elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
View File

@ -18,7 +18,6 @@ import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsModule;
import org.elasticsearch.env.Environment;
import org.elasticsearch.graph.Graph;
import org.elasticsearch.index.IndexModule;
import org.elasticsearch.license.plugin.Licensing;
import org.elasticsearch.marvel.Monitoring;
@ -26,6 +25,8 @@ import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.script.ScriptModule;
import org.elasticsearch.shield.Security;
import org.elasticsearch.shield.authc.AuthenticationModule;
import org.elasticsearch.threadpool.ExecutorBuilder;
import org.elasticsearch.threadpool.ThreadPoolModule;
import org.elasticsearch.xpack.action.TransportXPackInfoAction;
import org.elasticsearch.xpack.action.TransportXPackUsageAction;
import org.elasticsearch.xpack.action.XPackInfoAction;
@ -36,6 +37,7 @@ import org.elasticsearch.xpack.common.init.LazyInitializationService;
import org.elasticsearch.xpack.common.secret.SecretModule;
import org.elasticsearch.xpack.extensions.XPackExtension;
import org.elasticsearch.xpack.extensions.XPackExtensionsService;
import org.elasticsearch.xpack.graph.Graph;
import org.elasticsearch.xpack.notification.Notification;
import org.elasticsearch.xpack.notification.email.Account;
import org.elasticsearch.xpack.notification.email.support.BodyPartSource;
@ -51,6 +53,7 @@ import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
public class XPackPlugin extends Plugin {
@ -201,6 +204,11 @@ public class XPackPlugin extends Plugin {
licensing.onModule(module);
}
@Override
public List<ExecutorBuilder<?>> getExecutorBuilders(final Settings settings) {
return watcher.getExecutorBuilders(settings);
}
public void onModule(NetworkModule module) {
if (!transportClientMode) {
module.registerRestHandler(RestXPackInfoAction.class);

2
elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/action/TransportXPackUsageAction.java
View File

@ -29,7 +29,7 @@ public class TransportXPackUsageAction extends HandledTransportAction<XPackUsage
public TransportXPackUsageAction(Settings settings, ThreadPool threadPool, TransportService transportService,
ActionFilters actionFilters, IndexNameExpressionResolver indexNameExpressionResolver,
Set<XPackFeatureSet> featureSets) {
super(settings, XPackInfoAction.NAME, threadPool, transportService, actionFilters, indexNameExpressionResolver,
super(settings, XPackUsageAction.NAME, threadPool, transportService, actionFilters, indexNameExpressionResolver,
XPackUsageRequest::new);
this.featureSets = featureSets;
}

187
elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommand.java
View File

@ -8,6 +8,7 @@ package org.elasticsearch.xpack.extensions;
import joptsimple.OptionSet;
import joptsimple.OptionSpec;
import org.apache.lucene.util.IOUtils;
import org.elasticsearch.SpecialPermission;
import org.elasticsearch.bootstrap.JarHell;
import org.elasticsearch.cli.ExitCodes;
import org.elasticsearch.cli.SettingCommand;
@ -26,13 +27,26 @@ import java.net.URLDecoder;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.List;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Collections;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import java.security.Policy;
import java.security.PermissionCollection;
import java.security.Permission;
import java.security.NoSuchAlgorithmException;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.AccessController;
import java.security.UnresolvedPermission;
import java.security.URIParameter;
import static org.elasticsearch.cli.Terminal.Verbosity.VERBOSE;
import static org.elasticsearch.xpack.XPackPlugin.resolveXPackExtensionsFile;
@ -49,18 +63,19 @@ import static org.elasticsearch.xpack.XPackPlugin.resolveXPackExtensionsFile;
* <ul>
* <li>The property file exists and contains valid metadata. See {@link XPackExtensionInfo#readFromProperties(Path)}</li>
* <li>Jar hell does not exist, either between the extension's own jars or with the parent classloader (elasticsearch + x-pack)</li>
* <li>If the extension contains extra security permissions, the policy file is validated</li>
* </ul>
*/
class InstallXPackExtensionCommand extends SettingCommand {
final class InstallXPackExtensionCommand extends SettingCommand {
private final OptionSpec<Void> batchOption;
private final OptionSpec<String> arguments;
InstallXPackExtensionCommand() {
super("Install a plugin");
super("Install an extension");
this.batchOption = parser.acceptsAll(Arrays.asList("b", "batch"),
"Enable batch mode explicitly, automatic confirmation of security permission");
this.arguments = parser.nonOptions("plugin id");
this.arguments = parser.nonOptions("extension id");
}
@Override
@ -86,7 +101,7 @@ class InstallXPackExtensionCommand extends SettingCommand {
Path extensionZip = download(terminal, extensionId, env.tmpFile());
Path extractedZip = unzip(extensionZip, resolveXPackExtensionsFile(env));
install(terminal, extractedZip, env);
install(terminal, extractedZip, env, isBatch);
}
/** Downloads the extension and returns the file it was downloaded to. */
@ -133,13 +148,21 @@ class InstallXPackExtensionCommand extends SettingCommand {
}
/** Load information about the extension, and verify it can be installed with no errors. */
private XPackExtensionInfo verify(Terminal terminal, Path extensionRoot, Environment env) throws Exception {
private XPackExtensionInfo verify(Terminal terminal, Path extensionRoot, Environment env, boolean isBatch) throws Exception {
// read and validate the extension descriptor
XPackExtensionInfo info = XPackExtensionInfo.readFromProperties(extensionRoot);
terminal.println(VERBOSE, info.toString());
// check for jar hell before any copying
jarHellCheck(extensionRoot);
// read optional security policy (extra permissions)
// if it exists, confirm or warn the user
Path policy = extensionRoot.resolve(XPackExtensionInfo.XPACK_EXTENSION_POLICY);
if (Files.exists(policy)) {
readPolicy(policy, terminal, env, isBatch);
}
return info;
}
@ -165,11 +188,11 @@ class InstallXPackExtensionCommand extends SettingCommand {
/**
* Installs the extension from {@code tmpRoot} into the extensions dir.
*/
private void install(Terminal terminal, Path tmpRoot, Environment env) throws Exception {
private void install(Terminal terminal, Path tmpRoot, Environment env, boolean isBatch) throws Exception {
List<Path> deleteOnFailure = new ArrayList<>();
deleteOnFailure.add(tmpRoot);
try {
XPackExtensionInfo info = verify(terminal, tmpRoot, env);
XPackExtensionInfo info = verify(terminal, tmpRoot, env, isBatch);
final Path destination = resolveXPackExtensionsFile(env).resolve(info.getName());
if (Files.exists(destination)) {
throw new UserError(ExitCodes.USAGE,
@ -188,4 +211,150 @@ class InstallXPackExtensionCommand extends SettingCommand {
throw installProblem;
}
}
/** Format permission type, name, and actions into a string */
static String formatPermission(Permission permission) {
StringBuilder sb = new StringBuilder();
String clazz = null;
if (permission instanceof UnresolvedPermission) {
clazz = ((UnresolvedPermission) permission).getUnresolvedType();
} else {
clazz = permission.getClass().getName();
}
sb.append(clazz);
String name = null;
if (permission instanceof UnresolvedPermission) {
name = ((UnresolvedPermission) permission).getUnresolvedName();
} else {
name = permission.getName();
}
if (name != null && name.length() > 0) {
sb.append(' ');
sb.append(name);
}
String actions = null;
if (permission instanceof UnresolvedPermission) {
actions = ((UnresolvedPermission) permission).getUnresolvedActions();
} else {
actions = permission.getActions();
}
if (actions != null && actions.length() > 0) {
sb.append(' ');
sb.append(actions);
}
return sb.toString();
}
/**
* Parses extension policy into a set of permissions
*/
static PermissionCollection parsePermissions(Path file, Path tmpDir) throws IOException {
// create a zero byte file for "comparison"
// this is necessary because the default policy impl automatically grants two permissions:
// 1. permission to exitVM (which we ignore)
// 2. read permission to the code itself (e.g. jar file of the code)
Path emptyPolicyFile = Files.createTempFile(tmpDir, "empty", "tmp");
final Policy emptyPolicy;
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
emptyPolicy =
AccessController.doPrivileged((PrivilegedAction<Policy>) () -> {
try {
return Policy.getInstance("JavaPolicy", new URIParameter(emptyPolicyFile.toUri()));
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
});
IOUtils.rm(emptyPolicyFile);
// parse the extension's policy file into a set of permissions
final Policy policy =
AccessController.doPrivileged((PrivilegedAction<Policy>) () -> {
try {
return Policy.getInstance("JavaPolicy", new URIParameter(file.toUri()));
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
});
PermissionCollection permissions = policy.getPermissions(XPackExtensionSecurity.class.getProtectionDomain());
// this method is supported with the specific implementation we use, but just check for safety.
if (permissions == Policy.UNSUPPORTED_EMPTY_COLLECTION) {
throw new UnsupportedOperationException("JavaPolicy implementation does not support retrieving permissions");
}
PermissionCollection actualPermissions = new Permissions();
for (Permission permission : Collections.list(permissions.elements())) {
if (!emptyPolicy.implies(XPackExtensionSecurity.class.getProtectionDomain(), permission)) {
actualPermissions.add(permission);
}
}
actualPermissions.setReadOnly();
return actualPermissions;
}
/**
* Reads extension policy, prints/confirms exceptions
*/
static void readPolicy(Path file, Terminal terminal, Environment environment, boolean batch) throws IOException {
PermissionCollection permissions = parsePermissions(file, environment.tmpFile());
List<Permission> requested = Collections.list(permissions.elements());
if (requested.isEmpty()) {
terminal.println(Terminal.Verbosity.VERBOSE, "extension has a policy file with no additional permissions");
return;
}
// sort permissions in a reasonable order
Collections.sort(requested, new Comparator<Permission>() {
@Override
public int compare(Permission o1, Permission o2) {
int cmp = o1.getClass().getName().compareTo(o2.getClass().getName());
if (cmp == 0) {
String name1 = o1.getName();
String name2 = o2.getName();
if (name1 == null) {
name1 = "";
}
if (name2 == null) {
name2 = "";
}
cmp = name1.compareTo(name2);
if (cmp == 0) {
String actions1 = o1.getActions();
String actions2 = o2.getActions();
if (actions1 == null) {
actions1 = "";
}
if (actions2 == null) {
actions2 = "";
}
cmp = actions1.compareTo(actions2);
}
}
return cmp;
}
});
terminal.println(Terminal.Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
terminal.println(Terminal.Verbosity.NORMAL, "@ WARNING: x-pack extension requires additional permissions @");
terminal.println(Terminal.Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
// print all permissions:
for (Permission permission : requested) {
terminal.println(Terminal.Verbosity.NORMAL, "* " + formatPermission(permission));
}
terminal.println(Terminal.Verbosity.NORMAL, "See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html");
terminal.println(Terminal.Verbosity.NORMAL, "for descriptions of what these permissions allow and the associated risks.");
if (!batch) {
terminal.println(Terminal.Verbosity.NORMAL, "");
String text = terminal.readText("Continue with installation? [y/N]");
if (!text.equalsIgnoreCase("y")) {
throw new RuntimeException("installation aborted by user");
}
}
}
}

1
elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionInfo.java
View File

@ -16,6 +16,7 @@ import java.util.Properties;
public class XPackExtensionInfo {
public static final String XPACK_EXTENSION_PROPERTIES = "x-pack-extension-descriptor.properties";
public static final String XPACK_EXTENSION_POLICY = "x-pack-extension-security.policy";
private String name;
private String description;

67
elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionPolicy.java Normal file
View File

@ -0,0 +1,67 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.extensions;
import org.elasticsearch.common.SuppressForbidden;
import java.net.URL;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.security.CodeSource;
import java.security.Permission;
import java.security.SecurityPermission;
import java.util.Map;
final class XPackExtensionPolicy extends Policy {
static final Permission SET_POLICY_PERMISSION = new SecurityPermission("setPolicy");
static final Permission GET_POLICY_PERMISSION = new SecurityPermission("getPolicy");
static final Permission CREATE_POLICY_PERMISSION = new SecurityPermission("createPolicy.JavaPolicy");
// the base policy (es + plugins)
final Policy basePolicy;
// policy extensions
final Map<String, Policy> extensions;
// xpack code source location
final URL xpackURL;
/**
*
* @param basePolicy The base policy
* @param extensions Extra code source extension's policy
*/
public XPackExtensionPolicy(Policy basePolicy, Map<String, Policy> extensions) {
this.basePolicy = basePolicy;
this.extensions = extensions;
xpackURL = XPackExtensionPolicy.class.getProtectionDomain().getCodeSource().getLocation();
}
private boolean isPolicyPermission(Permission permission) {
return GET_POLICY_PERMISSION.equals(permission) ||
CREATE_POLICY_PERMISSION.equals(permission) ||
SET_POLICY_PERMISSION.equals(permission);
}
@Override @SuppressForbidden(reason = "fast equals check is desired")
public boolean implies(ProtectionDomain domain, Permission permission) {
CodeSource codeSource = domain.getCodeSource();
if (codeSource != null && codeSource.getLocation() != null) {
if (codeSource.getLocation().equals(xpackURL) &&
isPolicyPermission(permission)) {
// forbid to get, create and set java policy in xpack codesource
// it is only granted at startup in order to let xpack add the extensions policy
// and make this policy the default.
return false;
}
// check for an additional extension permission: extension policy is
// only consulted for its codesources.
Policy extension = extensions.get(codeSource.getLocation().getFile());
if (extension != null && extension.implies(domain, permission)) {
return true;
}
}
return basePolicy.implies(domain, permission);
}
}

144
elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionSecurity.java Normal file
View File

@ -0,0 +1,144 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.extensions;
import org.elasticsearch.SpecialPermission;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Map;
import java.util.HashMap;
import java.util.List;
import java.util.ArrayList;
import java.util.Collections;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.AccessController;
import java.security.URIParameter;
import java.security.NoSuchAlgorithmException;
final class XPackExtensionSecurity {
private XPackExtensionSecurity() {}
/**
* Initializes the XPackExtensionPolicy
* Can only happen once!
*
* @param extsDirectory the directory where the extensions are installed
*/
static void configure(Path extsDirectory) throws IOException {
Map<String, Policy> map = getExtensionsPermissions(extsDirectory);
if (map.size() > 0) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
Policy newPolicy = new XPackExtensionPolicy(Policy.getPolicy(), map);
Policy.setPolicy(newPolicy);
return null;
});
}
}
/**
* Sets properties (codebase URLs) for policy files.
* we look for matching extensions and set URLs to fit
*/
@SuppressForbidden(reason = "proper use of URL")
static Map<String, Policy> getExtensionsPermissions(Path extsDirectory) throws IOException {
Map<String, Policy> map = new HashMap<>();
// collect up lists of extensions
List<Path> extensionPaths = new ArrayList<>();
if (Files.exists(extsDirectory)) {
try (DirectoryStream<Path> stream = Files.newDirectoryStream(extsDirectory)) {
for (Path extension : stream) {
extensionPaths.add(extension);
}
}
}
// now process each one
for (Path extension : extensionPaths) {
Path policyFile = extension.resolve(XPackExtensionInfo.XPACK_EXTENSION_POLICY);
if (Files.exists(policyFile)) {
// first get a list of URLs for the extension's jars:
// we resolve symlinks so map is keyed on the normalize codebase name
List<URL> codebases = new ArrayList<>();
try (DirectoryStream<Path> jarStream = Files.newDirectoryStream(extension, "*.jar")) {
for (Path jar : jarStream) {
codebases.add(jar.toRealPath().toUri().toURL());
}
}
// parse the extension's policy file into a set of permissions
Policy policy = readPolicy(policyFile.toUri().toURL(), codebases.toArray(new URL[codebases.size()]));
// consult this policy for each of the extension's jars:
for (URL url : codebases) {
if (map.put(url.getFile(), policy) != null) {
// just be paranoid ok?
throw new IllegalStateException("per-extension permissions already granted for jar file: " + url);
}
}
}
}
return Collections.unmodifiableMap(map);
}
/**
* Reads and returns the specified {@code policyFile}.
* <p>
* Resources (e.g. jar files and directories) listed in {@code codebases} location
* will be provided to the policy file via a system property of the short name:
* e.g. <code>${codebase.joda-convert-1.2.jar}</code> would map to full URL.
*/
@SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
static Policy readPolicy(URL policyFile, URL codebases[]) throws IOException {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
try {
// set codebase properties
for (URL url : codebases) {
String shortName = PathUtils.get(url.toURI()).getFileName().toString();
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
System.setProperty("codebase." + shortName, url.toString());
return null;
});
}
URIParameter uri = new URIParameter(policyFile.toURI());
return AccessController.doPrivileged((PrivilegedAction<Policy>) () -> {
try {
return Policy.getInstance("JavaPolicy", uri);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
});
} finally {
// clear codebase properties
for (URL url : codebases) {
String shortName = PathUtils.get(url.toURI()).getFileName().toString();
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
System.clearProperty("codebase." + shortName);
return null;
});
}
}
} catch (URISyntaxException e) {
throw new IllegalArgumentException("unable to parse policy file `" + policyFile + "`", e);
}
}
}

25
elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/extensions/XPackExtensionsService.java
View File

@ -20,10 +20,10 @@ import java.net.URLClassLoader;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.List;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.ArrayList;
import java.util.Arrays;
import static org.elasticsearch.common.io.FileSystemUtils.isAccessibleDirectory;
@ -37,18 +37,25 @@ public class XPackExtensionsService {
/**
* We keep around a list of extensions
*/
private final List<Tuple<XPackExtensionInfo, XPackExtension> > extensions;
private final List<Tuple<XPackExtensionInfo, XPackExtension>> extensions;
/**
* Constructs a new XPackExtensionsService
* @param settings The settings of the system
* @param extsDirectory The directory extensions exist in, or null if extensions should not be loaded from the filesystem
*
* @param settings The settings of the system
* @param extsDirectory The directory extensions exist in, or null if extensions should not be loaded from the filesystem
* @param classpathExtensions Extensions that exist in the classpath which should be loaded
*/
public XPackExtensionsService(Settings settings, Path extsDirectory, Collection<Class<? extends XPackExtension>> classpathExtensions) {
public XPackExtensionsService(Settings settings, Path extsDirectory,
Collection<Class<? extends XPackExtension>> classpathExtensions) {
try {
XPackExtensionSecurity.configure(extsDirectory);
} catch (Exception e) {
throw new IllegalStateException("Unable to configure extension policy", e);
}
this.settings = settings;
List<Tuple<XPackExtensionInfo, XPackExtension>> extensionsLoaded = new ArrayList<>();
// first we load extensions that are on the classpath. this is for tests
for (Class<? extends XPackExtension> extClass : classpathExtensions) {
XPackExtension ext = loadExtension(extClass, settings);
@ -123,7 +130,7 @@ public class XPackExtensionsService {
return bundles;
}
private List<Tuple<XPackExtensionInfo, XPackExtension> > loadBundles(List<Bundle> bundles) {
private List<Tuple<XPackExtensionInfo, XPackExtension>> loadBundles(List<Bundle> bundles) {
List<Tuple<XPackExtensionInfo, XPackExtension>> exts = new ArrayList<>();
for (Bundle bundle : bundles) {
@ -183,4 +190,4 @@ public class XPackExtensionsService {
throw new ElasticsearchException("Failed to load extension class [" + extClass.getName() + "]", e);
}
}
}
}

5
elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy
View File

@ -16,4 +16,9 @@ grant {
// bouncy castle
permission java.security.SecurityPermission "putProviderProperty.BC";
// needed for x-pack security extension
permission java.security.SecurityPermission "createPolicy.JavaPolicy";
permission java.security.SecurityPermission "getPolicy";
permission java.security.SecurityPermission "setPolicy";
};

12
elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommandTests.java
View File

@ -95,7 +95,7 @@ public class InstallXPackExtensionCommandTests extends ESTestCase {
return terminal;
}
void assertExtension(String name, Path original, Environment env) throws IOException {
void assertExtension(String name, Environment env) throws IOException {
Path got = env.pluginsFile().resolve("x-pack").resolve("extensions").resolve(name);
assertTrue("dir " + name + " exists", Files.exists(got));
assertTrue("jar was copied", Files.exists(got.resolve("extension.jar")));
@ -116,7 +116,7 @@ public class InstallXPackExtensionCommandTests extends ESTestCase {
Path extDir = createTempDir();
String extZip = createExtension("fake", extDir);
installExtension(extZip, home);
assertExtension("fake", extDir, env);
assertExtension("fake", env);
}
public void testSpaceInUrl() throws Exception {
@ -127,7 +127,7 @@ public class InstallXPackExtensionCommandTests extends ESTestCase {
Files.copy(in, extZipWithSpaces, StandardCopyOption.REPLACE_EXISTING);
}
installExtension(extZipWithSpaces.toUri().toURL().toString(), home);
assertExtension("fake", extDir, env);
assertExtension("fake", env);
}
public void testMalformedUrlNotMaven() throws Exception {
@ -155,8 +155,8 @@ public class InstallXPackExtensionCommandTests extends ESTestCase {
Path extDir2 = createTempDir();
String extZip2 = createExtension("fake2", extDir2);
installExtension(extZip2, home);
assertExtension("fake1", extDir1, env);
assertExtension("fake2", extDir2, env);
assertExtension("fake1", env);
assertExtension("fake2", env);
}
public void testExistingExtension() throws Exception {
@ -175,4 +175,4 @@ public class InstallXPackExtensionCommandTests extends ESTestCase {
assertTrue(e.getMessage(), e.getMessage().contains("x-pack-extension-descriptor.properties"));
assertInstallCleaned(env);
}
}
}

59
elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/extensions/XPackExtensionSecurityTests.java Normal file
View File

@ -0,0 +1,59 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.extensions;
import org.elasticsearch.test.ESTestCase;
import java.nio.file.Path;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.util.Collections;
import java.util.List;
public class XPackExtensionSecurityTests extends ESTestCase {
/** Test that we can parse the set of permissions correctly for a simple policy */
public void testParsePermissions() throws Exception {
Path scratch = createTempDir();
Path testFile = this.getDataPath("security/simple-x-pack-extension-security.policy");
Permissions expected = new Permissions();
expected.add(new RuntimePermission("queuePrintJob"));
PermissionCollection actual = InstallXPackExtensionCommand.parsePermissions(testFile, scratch);
assertEquals(expected, actual);
}
/** Test that we can parse the set of permissions correctly for a complex policy */
public void testParseTwoPermissions() throws Exception {
Path scratch = createTempDir();
Path testFile = this.getDataPath("security/complex-x-pack-extension-security.policy");
Permissions expected = new Permissions();
expected.add(new RuntimePermission("getClassLoader"));
expected.add(new RuntimePermission("closeClassLoader"));
PermissionCollection actual = InstallXPackExtensionCommand.parsePermissions(testFile, scratch);
assertEquals(expected, actual);
}
/** Test that we can format some simple permissions properly */
public void testFormatSimplePermission() throws Exception {
assertEquals("java.lang.RuntimePermission queuePrintJob",
InstallXPackExtensionCommand.formatPermission(new RuntimePermission("queuePrintJob")));
}
/** Test that we can format an unresolved permission properly */
public void testFormatUnresolvedPermission() throws Exception {
Path scratch = createTempDir();
Path testFile = this.getDataPath("security/unresolved-x-pack-extension-security.policy");
PermissionCollection actual = InstallXPackExtensionCommand.parsePermissions(testFile, scratch);
List<Permission> permissions = Collections.list(actual.elements());
assertEquals(1, permissions.size());
assertEquals("org.fake.FakePermission fakeName", InstallXPackExtensionCommand.formatPermission(permissions.get(0)));
}
/** no guaranteed equals on these classes, we assert they contain the same set */
private void assertEquals(PermissionCollection expected, PermissionCollection actual) {
assertEquals(asSet(Collections.list(expected.elements())), asSet(Collections.list(actual.elements())));
}
}

5
elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/extensions/security/complex-x-pack-extension-security.policy Normal file
View File

@ -0,0 +1,5 @@
grant {
// needed to cause problems
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "closeClassLoader";
};

4
elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/extensions/security/simple-x-pack-extension-security.policy Normal file
View File

@ -0,0 +1,4 @@
grant {
// needed to waste paper
permission java.lang.RuntimePermission "queuePrintJob";
};

4
elasticsearch/x-pack/src/test/resources/org/elasticsearch/xpack/extensions/security/unresolved-x-pack-extension-security.policy Normal file
View File

@ -0,0 +1,4 @@
grant {
// an unresolved permission
permission org.fake.FakePermission "fakeName";
};

28
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java
View File

@ -20,13 +20,18 @@ import org.elasticsearch.common.regex.Regex;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsModule;
import org.elasticsearch.common.util.concurrent.EsExecutors;
import org.elasticsearch.script.ScriptModule;
import org.elasticsearch.threadpool.ExecutorBuilder;
import org.elasticsearch.threadpool.FixedExecutorBuilder;
import org.elasticsearch.threadpool.ThreadPoolModule;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.common.init.LazyInitializationModule;
import org.elasticsearch.xpack.watcher.actions.WatcherActionModule;
import org.elasticsearch.xpack.watcher.client.WatcherClientModule;
import org.elasticsearch.xpack.watcher.condition.ConditionModule;
import org.elasticsearch.xpack.watcher.execution.ExecutionModule;
import org.elasticsearch.xpack.watcher.execution.InternalWatchExecutor;
import org.elasticsearch.xpack.watcher.history.HistoryModule;
import org.elasticsearch.xpack.watcher.history.HistoryStore;
import org.elasticsearch.xpack.watcher.input.InputModule;
@ -132,14 +137,7 @@ public class Watcher {
}
public Settings additionalSettings() {
if (enabled == false || transportClient) {
return Settings.EMPTY;
}
Settings additionalSettings = Settings.builder()
.put(HistoryModule.additionalSettings(settings))
.build();
return additionalSettings;
return Settings.EMPTY;
}
public void onModule(ScriptModule module) {
@ -171,6 +169,20 @@ public class Watcher {
module.registerSetting(Setting.simpleString("xpack.watcher.start_immediately", Setting.Property.NodeScope));
}
public List<ExecutorBuilder<?>> getExecutorBuilders(final Settings settings) {
if (XPackPlugin.featureEnabled(settings, Watcher.NAME, true)) {
final FixedExecutorBuilder builder =
new FixedExecutorBuilder(
settings,
InternalWatchExecutor.THREAD_POOL_NAME,
5 * EsExecutors.boundedNumberOfProcessors(settings),
1000,
"xpack.watcher.thread_pool");
return Collections.singletonList(builder);
}
return Collections.emptyList();
}
public void onModule(NetworkModule module) {
if (enabled && transportClient == false) {
module.registerRestHandler(RestPutWatchAction.class);

21
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/execution/InternalWatchExecutor.java
View File

@ -6,37 +6,17 @@
package org.elasticsearch.xpack.watcher.execution;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.EsExecutors;
import org.elasticsearch.common.util.concurrent.EsThreadPoolExecutor;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xpack.watcher.Watcher;
import org.elasticsearch.xpack.watcher.support.ThreadPoolSettingsBuilder;
import java.util.concurrent.BlockingQueue;
import java.util.stream.Stream;
/**
*
*/
public class InternalWatchExecutor implements WatchExecutor {
public static final String THREAD_POOL_NAME = Watcher.NAME;
public static Settings additionalSettings(Settings nodeSettings) {
Settings settings = nodeSettings.getAsSettings("threadpool." + THREAD_POOL_NAME);
if (!settings.names().isEmpty()) {
// the TP is already configured in the node settings
// no need for additional settings
return Settings.EMPTY;
}
int availableProcessors = EsExecutors.boundedNumberOfProcessors(nodeSettings);
return new ThreadPoolSettingsBuilder.Fixed(THREAD_POOL_NAME)
.size(5 * availableProcessors)
.queueSize(1000)
.build();
}
private final ThreadPool threadPool;
@Inject
@ -67,4 +47,5 @@ public class InternalWatchExecutor implements WatchExecutor {
private EsThreadPoolExecutor executor() {
return (EsThreadPoolExecutor) threadPool.executor(THREAD_POOL_NAME);
}
}

3
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/history/HistoryModule.java
View File

@ -21,7 +21,4 @@ public class HistoryModule extends AbstractModule {
bind(HistoryStore.class).asEagerSingleton();
}
public static Settings additionalSettings(Settings nodeSettings) {
return InternalWatchExecutor.additionalSettings(nodeSettings);
}
}

62
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/support/ThreadPoolSettingsBuilder.java
View File

@ -1,62 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.watcher.support;
import org.elasticsearch.common.settings.Settings;
/**
*
*/
public abstract class ThreadPoolSettingsBuilder<B extends ThreadPoolSettingsBuilder> {
public static Same same(String name) {
return new Same(name);
}
protected final String name;
private final Settings.Builder builder = Settings.builder();
protected ThreadPoolSettingsBuilder(String name, String type) {
this.name = name;
put("type", type);
}
public Settings build() {
return builder.build();
}
protected B put(String setting, Object value) {
builder.put("threadpool." + name + "." + setting, value);
return (B) this;
}
protected B put(String setting, int value) {
builder.put("threadpool." + name + "." + setting, value);
return (B) this;
}
public static class Same extends ThreadPoolSettingsBuilder<Same> {
public Same(String name) {
super(name, "same");
}
}
public static class Fixed extends ThreadPoolSettingsBuilder<Fixed> {
public Fixed(String name) {
super(name, "fixed");
}
public Fixed size(int size) {
return put("size", size);
}
public Fixed queueSize(int queueSize) {
return put("queue_size", queueSize);
}
}
}

2
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/put/PutWatchRequest.java
View File

@ -114,6 +114,7 @@ public class PutWatchRequest extends MasterNodeRequest<PutWatchRequest> {
super.readFrom(in);
id = in.readString();
source = in.readBytesReference();
active = in.readBoolean();
}
@Override
@ -121,6 +122,7 @@ public class PutWatchRequest extends MasterNodeRequest<PutWatchRequest> {
super.writeTo(out);
out.writeString(id);
out.writeBytesReference(source);
out.writeBoolean(active);
}
}

3
elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/script/ScriptConditionSearchTests.java
View File

@ -17,6 +17,7 @@ import org.elasticsearch.search.aggregations.bucket.histogram.Histogram;
import org.elasticsearch.search.internal.InternalSearchHit;
import org.elasticsearch.search.internal.InternalSearchHits;
import org.elasticsearch.search.internal.InternalSearchResponse;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext;
import org.elasticsearch.xpack.watcher.support.Script;
@ -40,7 +41,7 @@ public class ScriptConditionSearchTests extends AbstractWatcherIntegrationTestCa
@Before
public void init() throws Exception {
tp = new ThreadPool(ThreadPool.Names.SAME);
tp = new TestThreadPool(ThreadPool.Names.SAME);
scriptService = WatcherTestUtils.getScriptServiceProxy(tp);
}

3
elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/condition/script/ScriptConditionTests.java
View File

@ -18,6 +18,7 @@ import org.elasticsearch.script.GeneralScriptException;
import org.elasticsearch.script.ScriptService.ScriptType;
import org.elasticsearch.search.internal.InternalSearchResponse;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xpack.watcher.condition.Condition;
import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext;
@ -48,7 +49,7 @@ public class ScriptConditionTests extends ESTestCase {
@Before
public void init() {
tp = new ThreadPool(ThreadPool.Names.SAME);
tp = new TestThreadPool(ThreadPool.Names.SAME);
}
@After

3
elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainIntegrationTests.java
View File

@ -17,6 +17,7 @@ import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase;
import java.net.InetSocketAddress;
import java.util.concurrent.TimeUnit;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
import static org.elasticsearch.xpack.watcher.actions.ActionBuilders.indexAction;
@ -42,7 +43,7 @@ public class ChainIntegrationTests extends AbstractWatcherIntegrationTestCase {
public void testChainedInputsAreWorking() throws Exception {
String index = "the-most-awesome-index-ever";
createIndex(index);
client().prepareIndex(index, "type", "id").setSource("{}").setRefresh(true).get();
client().prepareIndex(index, "type", "id").setSource("{}").setRefreshPolicy(IMMEDIATE).get();
InetSocketAddress address = internalCluster().httpAddresses()[0];
HttpInput.Builder httpInputBuilder = httpInput(HttpRequestTemplate.builder(address.getHostString(), address.getPort())

3
elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/http/HttpInputIntegrationTests.java
View File

@ -24,6 +24,7 @@ import org.elasticsearch.xpack.watcher.trigger.schedule.IntervalSchedule;
import java.net.InetSocketAddress;
import static org.elasticsearch.action.support.WriteRequest.RefreshPolicy.IMMEDIATE;
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
import static org.elasticsearch.index.query.QueryBuilders.matchQuery;
import static org.elasticsearch.index.query.QueryBuilders.termQuery;
@ -49,7 +50,7 @@ public class HttpInputIntegrationTests extends AbstractWatcherIntegrationTestCas
@TestLogging("watcher.support.http:TRACE")
public void testHttpInput() throws Exception {
createIndex("index");
client().prepareIndex("index", "type", "id").setSource("{}").setRefresh(true).get();
client().prepareIndex("index", "type", "id").setSource("{}").setRefreshPolicy(IMMEDIATE).get();
InetSocketAddress address = internalCluster().httpAddresses()[0];
watcherClient().preparePutWatch("_name")

Some files were not shown because too many files have changed in this diff Show More