honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-20 03:45:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add FIPS 140 mode to XPack Usage API (#47278) (#47976)

Browse Source 
This change adds support for the FIPS 140 mode feature to be
retrieved via the XPack Usage API.
This commit is contained in:
Ioannis Kakavas 2019-10-14 10:40:24 +03:00 committed by GitHub
parent 8180cf1e68
commit 9ee7b3743e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java
View File

@ -27,6 +27,7 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage {
private static final String AUDIT_XFIELD = "audit"; private static final String AUDIT_XFIELD = "audit";
private static final String IP_FILTER_XFIELD = "ipfilter"; private static final String IP_FILTER_XFIELD = "ipfilter";
private static final String ANONYMOUS_XFIELD = "anonymous"; private static final String ANONYMOUS_XFIELD = "anonymous";
private static final String FIPS_140_XFIELD = "fips_140";
private Map<String, Object> realmsUsage; private Map<String, Object> realmsUsage;
private Map<String, Object> rolesStoreUsage; private Map<String, Object> rolesStoreUsage;
@ -37,6 +38,7 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage {
private Map<String, Object> ipFilterUsage; private Map<String, Object> ipFilterUsage;
private Map<String, Object> anonymousUsage; private Map<String, Object> anonymousUsage;
private Map<String, Object> roleMappingStoreUsage; private Map<String, Object> roleMappingStoreUsage;
private Map<String, Object> fips140Usage;
public SecurityFeatureSetUsage(StreamInput in) throws IOException { public SecurityFeatureSetUsage(StreamInput in) throws IOException {
super(in); super(in);
@ -55,13 +57,17 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage {
} }
anonymousUsage = in.readMap(); anonymousUsage = in.readMap();
roleMappingStoreUsage = in.readMap(); roleMappingStoreUsage = in.readMap();
if (in.getVersion().onOrAfter(Version.V_7_5_0)) {
fips140Usage = in.readMap();
}
} }
public SecurityFeatureSetUsage(boolean available, boolean enabled, Map<String, Object> realmsUsage, public SecurityFeatureSetUsage(boolean available, boolean enabled, Map<String, Object> realmsUsage,
Map<String, Object> rolesStoreUsage, Map<String, Object> roleMappingStoreUsage, Map<String, Object> rolesStoreUsage, Map<String, Object> roleMappingStoreUsage,
Map<String, Object> sslUsage, Map<String, Object> auditUsage, Map<String, Object> sslUsage, Map<String, Object> auditUsage,
Map<String, Object> ipFilterUsage, Map<String, Object> anonymousUsage, Map<String, Object> ipFilterUsage, Map<String, Object> anonymousUsage,
Map<String, Object> tokenServiceUsage, Map<String, Object> apiKeyServiceUsage) { Map<String, Object> tokenServiceUsage, Map<String, Object> apiKeyServiceUsage,
Map<String, Object> fips140Usage) {
super(XPackField.SECURITY, available, enabled); super(XPackField.SECURITY, available, enabled);
this.realmsUsage = realmsUsage; this.realmsUsage = realmsUsage;
this.rolesStoreUsage = rolesStoreUsage; this.rolesStoreUsage = rolesStoreUsage;
@ -72,6 +78,7 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage {
this.auditUsage = auditUsage; this.auditUsage = auditUsage;
this.ipFilterUsage = ipFilterUsage; this.ipFilterUsage = ipFilterUsage;
this.anonymousUsage = anonymousUsage; this.anonymousUsage = anonymousUsage;
this.fips140Usage = fips140Usage;
} }
@Override @Override
@ -92,6 +99,9 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage {
} }
out.writeMap(anonymousUsage); out.writeMap(anonymousUsage);
out.writeMap(roleMappingStoreUsage); out.writeMap(roleMappingStoreUsage);
if (out.getVersion().onOrAfter(Version.V_7_5_0)) {
out.writeMap(fips140Usage);
}
} }
@Override @Override
@ -107,6 +117,7 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage {
builder.field(AUDIT_XFIELD, auditUsage); builder.field(AUDIT_XFIELD, auditUsage);
builder.field(IP_FILTER_XFIELD, ipFilterUsage); builder.field(IP_FILTER_XFIELD, ipFilterUsage);
builder.field(ANONYMOUS_XFIELD, anonymousUsage); builder.field(ANONYMOUS_XFIELD, anonymousUsage);
builder.field(FIPS_140_XFIELD, fips140Usage);
} else if (sslUsage.isEmpty() == false) { } else if (sslUsage.isEmpty() == false) {
// A trial (or basic) license can have SSL without security. // A trial (or basic) license can have SSL without security.
// This is because security defaults to disabled on that license, but that dynamic-default does not disable SSL. // This is because security defaults to disabled on that license, but that dynamic-default does not disable SSL.

7
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java
View File

@ -30,6 +30,7 @@ import java.util.concurrent.atomic.AtomicReference;
import static java.util.Collections.singletonMap; import static java.util.Collections.singletonMap;
import static org.elasticsearch.xpack.core.XPackSettings.API_KEY_SERVICE_ENABLED_SETTING; import static org.elasticsearch.xpack.core.XPackSettings.API_KEY_SERVICE_ENABLED_SETTING;
import static org.elasticsearch.xpack.core.XPackSettings.FIPS_MODE_ENABLED;
import static org.elasticsearch.xpack.core.XPackSettings.HTTP_SSL_ENABLED; import static org.elasticsearch.xpack.core.XPackSettings.HTTP_SSL_ENABLED;
import static org.elasticsearch.xpack.core.XPackSettings.TOKEN_SERVICE_ENABLED_SETTING; import static org.elasticsearch.xpack.core.XPackSettings.TOKEN_SERVICE_ENABLED_SETTING;
import static org.elasticsearch.xpack.core.XPackSettings.TRANSPORT_SSL_ENABLED; import static org.elasticsearch.xpack.core.XPackSettings.TRANSPORT_SSL_ENABLED;
@ -95,6 +96,7 @@ public class SecurityFeatureSet implements XPackFeatureSet {
Map<String, Object> auditUsage = auditUsage(settings); Map<String, Object> auditUsage = auditUsage(settings);
Map<String, Object> ipFilterUsage = ipFilterUsage(ipFilter); Map<String, Object> ipFilterUsage = ipFilterUsage(ipFilter);
Map<String, Object> anonymousUsage = singletonMap("enabled", AnonymousUser.isAnonymousEnabled(settings)); Map<String, Object> anonymousUsage = singletonMap("enabled", AnonymousUser.isAnonymousEnabled(settings));
Map<String, Object> fips140Usage = fips140Usage(settings);
final AtomicReference<Map<String, Object>> rolesUsageRef = new AtomicReference<>(); final AtomicReference<Map<String, Object>> rolesUsageRef = new AtomicReference<>();
final AtomicReference<Map<String, Object>> roleMappingUsageRef = new AtomicReference<>(); final AtomicReference<Map<String, Object>> roleMappingUsageRef = new AtomicReference<>();
@ -104,7 +106,7 @@ public class SecurityFeatureSet implements XPackFeatureSet {
if (countDown.countDown()) { if (countDown.countDown()) {
listener.onResponse(new SecurityFeatureSetUsage(available(), enabled(), realmsUsageRef.get(), rolesUsageRef.get(), listener.onResponse(new SecurityFeatureSetUsage(available(), enabled(), realmsUsageRef.get(), rolesUsageRef.get(),
roleMappingUsageRef.get(), sslUsage, auditUsage, ipFilterUsage, anonymousUsage, tokenServiceUsage, roleMappingUsageRef.get(), sslUsage, auditUsage, ipFilterUsage, anonymousUsage, tokenServiceUsage,
apiKeyServiceUsage)); apiKeyServiceUsage, fips140Usage));
} }
}; };
@ -184,4 +186,7 @@ public class SecurityFeatureSet implements XPackFeatureSet {
return ipFilter.usageStats(); return ipFilter.usageStats();
} }
static Map<String, Object> fips140Usage(Settings settings) {
return singletonMap("enabled", FIPS_MODE_ENABLED.get(settings));
}
} }

7
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java
View File

@ -149,6 +149,10 @@ public class SecurityFeatureSetTests extends ESTestCase {
if (anonymousEnabled) { if (anonymousEnabled) {
settings.put(AnonymousUser.ROLES_SETTING.getKey(), "foo"); settings.put(AnonymousUser.ROLES_SETTING.getKey(), "foo");
} }
final boolean fips140Enabled = randomBoolean();
if (fips140Enabled) {
settings.put("xpack.security.fips_mode.enabled", true);
}
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings.build(), licenseState, SecurityFeatureSet featureSet = new SecurityFeatureSet(settings.build(), licenseState,
realms, rolesStore, roleMappingStore, ipFilter); realms, rolesStore, roleMappingStore, ipFilter);
@ -216,6 +220,9 @@ public class SecurityFeatureSetTests extends ESTestCase {
// anonymous // anonymous
assertThat(source.getValue("anonymous.enabled"), is(anonymousEnabled)); assertThat(source.getValue("anonymous.enabled"), is(anonymousEnabled));
// FIPS 140
assertThat(source.getValue("fips_140.enabled"), is(fips140Enabled));
} else { } else {
assertThat(source.getValue("realms"), is(nullValue())); assertThat(source.getValue("realms"), is(nullValue()));
assertThat(source.getValue("ssl"), is(nullValue())); assertThat(source.getValue("ssl"), is(nullValue()));