Merge branch 'master' into feature/http_client
Original commit: elastic/x-pack-elasticsearch@6437c6572d
This commit is contained in:
javanna
Luca Cavanna
commit
a030239c9e
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield.audit;
|
||||
package org.elasticsearch.xpack.security.audit;
|
||||
|
||||
import com.carrotsearch.hppc.cursors.ObjectCursor;
|
||||
import org.apache.http.message.BasicHeader;
|
||||
|
|
@ -16,10 +16,10 @@ import org.elasticsearch.cluster.metadata.IndexTemplateMetaData;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.index.query.QueryBuilders;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.shield.Security;
|
||||
import org.elasticsearch.shield.audit.index.IndexAuditTrail;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.xpack.security.Security;
|
||||
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.test.ESIntegTestCase;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
|
||||
|
|
@ -37,12 +37,11 @@ public class IndexAuditIT extends ESIntegTestCase {
|
|||
private static final String PASS = "changeme";
|
||||
|
||||
public void testShieldIndexAuditTrailWorking() throws Exception {
|
||||
try (Response response = getRestClient().performRequest("GET", "/_cluster/health", Collections.emptyMap(), null,
|
||||
try (Response response = getRestClient().performRequest("GET", "/", Collections.emptyMap(), null,
|
||||
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||
UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray()))))) {
|
||||
assertThat(response.getStatusLine().getStatusCode(), is(200));
|
||||
}
|
||||
|
||||
final AtomicReference<ClusterState> lastClusterState = new AtomicReference<>();
|
||||
final AtomicBoolean indexExists = new AtomicBoolean(false);
|
||||
boolean found = awaitBusy(() -> {
|
||||
|
|
@ -50,7 +49,7 @@ public class IndexAuditIT extends ESIntegTestCase {
|
|||
ClusterState state = client().admin().cluster().prepareState().get().getState();
|
||||
lastClusterState.set(state);
|
||||
for (ObjectCursor<String> cursor : state.getMetaData().getIndices().keys()) {
|
||||
if (cursor.value.startsWith(".shield_audit_log")) {
|
||||
if (cursor.value.startsWith(".security_audit_log")) {
|
||||
logger.info("found audit index [{}]", cursor.value);
|
||||
indexExists.set(true);
|
||||
break;
|
||||
|
|
@ -62,11 +61,11 @@ public class IndexAuditIT extends ESIntegTestCase {
|
|||
}
|
||||
}
|
||||
|
||||
ensureYellow(".shield_audit_log*");
|
||||
ensureYellow(".security_audit_log*");
|
||||
ClusterState state = client().admin().cluster().prepareState().get().getState();
|
||||
lastClusterState.set(state);
|
||||
client().admin().indices().prepareRefresh().get();
|
||||
return client().prepareSearch(".shield_audit_log*").setQuery(QueryBuilders.matchQuery("principal", USER))
|
||||
return client().prepareSearch(".security_audit_log*").setQuery(QueryBuilders.matchQuery("principal", USER))
|
||||
.get().getHits().totalHits() > 0;
|
||||
}, 10L, TimeUnit.SECONDS);
|
||||
|
||||
|
|
@ -75,7 +74,7 @@ public class IndexAuditIT extends ESIntegTestCase {
|
|||
}
|
||||
assertThat(found, is(true));
|
||||
|
||||
SearchResponse searchResponse = client().prepareSearch(".shield_audit_log*").setQuery(
|
||||
SearchResponse searchResponse = client().prepareSearch(".security_audit_log*").setQuery(
|
||||
QueryBuilders.matchQuery("principal", USER)).get();
|
||||
assertThat(searchResponse.getHits().getHits().length, greaterThan(0));
|
||||
assertThat((String) searchResponse.getHits().getAt(0).sourceAsMap().get("principal"), is(USER));
|
||||
|
|
@ -3,20 +3,20 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield;
|
||||
package org.elasticsearch.xpack.security;
|
||||
|
||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
|
||||
public class RestIT extends ESRestTestCase {
|
||||
|
||||
|
|
@ -57,7 +57,7 @@ public class GroovyManualExecutionIT extends AbstractWatcherIntegrationTestCase
|
|||
}
|
||||
|
||||
@Override
|
||||
protected boolean enableShield() {
|
||||
protected boolean enableSecurity() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ public class GroovyScriptConditionIT extends AbstractWatcherIntegrationTestCase
|
|||
}
|
||||
|
||||
@Override
|
||||
protected boolean enableShield() {
|
||||
protected boolean enableSecurity() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -41,8 +41,8 @@ public class HistoryTemplateTransformMappingsIT extends AbstractWatcherIntegrati
|
|||
}
|
||||
|
||||
@Override
|
||||
protected boolean enableShield() {
|
||||
return false; // remove shield noise from this test
|
||||
protected boolean enableSecurity() {
|
||||
return false; // remove security noise from this test
|
||||
}
|
||||
|
||||
public void testTransformFields() throws Exception {
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ public class HipChatServiceIT extends AbstractWatcherIntegrationTestCase {
|
|||
}
|
||||
|
||||
@Override
|
||||
protected boolean enableShield() {
|
||||
protected boolean enableSecurity() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ public class NoMasterNodeIT extends AbstractWatcherIntegrationTestCase {
|
|||
}
|
||||
|
||||
@Override
|
||||
protected boolean enableShield() {
|
||||
protected boolean enableSecurity() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ public class PagerDutyServiceIT extends AbstractWatcherIntegrationTestCase {
|
|||
}
|
||||
|
||||
@Override
|
||||
protected boolean enableShield() {
|
||||
protected boolean enableSecurity() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@
|
|||
package org.elasticsearch.messy.tests;
|
||||
|
||||
import org.elasticsearch.Version;
|
||||
import org.elasticsearch.action.index.IndexRequest;
|
||||
import org.elasticsearch.action.search.SearchPhaseExecutionException;
|
||||
import org.elasticsearch.action.search.SearchResponse;
|
||||
import org.elasticsearch.common.bytes.BytesArray;
|
||||
|
|
@ -17,9 +16,9 @@ import org.elasticsearch.script.ScriptService;
|
|||
import org.elasticsearch.script.Template;
|
||||
import org.elasticsearch.script.mustache.MustachePlugin;
|
||||
import org.elasticsearch.script.mustache.MustacheScriptEngineService;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.test.ShieldIntegTestCase;
|
||||
import org.elasticsearch.test.ShieldSettingsSource;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||
import org.elasticsearch.test.SecuritySettingsSource;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
|
||||
|
|
@ -27,12 +26,12 @@ import java.util.ArrayList;
|
|||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
|
||||
@ShieldIntegTestCase.AwaitsFix(bugUrl = "clean up test to not use mustache templates, otherwise needs many resources here")
|
||||
public class ShieldCachePermissionIT extends ShieldIntegTestCase {
|
||||
@SecurityIntegTestCase.AwaitsFix(bugUrl = "clean up test to not use mustache templates, otherwise needs many resources here")
|
||||
public class SecurityCachePermissionIT extends SecurityIntegTestCase {
|
||||
static final String READ_ONE_IDX_USER = "read_user";
|
||||
|
||||
@Override
|
||||
|
|
@ -46,7 +45,7 @@ public class ShieldCachePermissionIT extends ShieldIntegTestCase {
|
|||
@Override
|
||||
public String configUsers() {
|
||||
return super.configUsers()
|
||||
+ READ_ONE_IDX_USER + ":" + ShieldSettingsSource.DEFAULT_PASSWORD_HASHED + "\n";
|
||||
+ READ_ONE_IDX_USER + ":" + SecuritySettingsSource.DEFAULT_PASSWORD_HASHED + "\n";
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -47,7 +47,7 @@ public class SlackServiceIT extends AbstractWatcherIntegrationTestCase {
|
|||
}
|
||||
|
||||
@Override
|
||||
protected boolean enableShield() {
|
||||
protected boolean enableSecurity() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,12 +20,4 @@
|
|||
* </ul>
|
||||
*/
|
||||
|
||||
// renames that took place:
|
||||
// renamed: x-pack/watcher/src/test/java/org/elasticsearch/watcher/input/search/SearchInputTests.java ->
|
||||
// qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchInputTests.java
|
||||
// renamed: x-pack/watcher/src/test/java/org/elasticsearch/watcher/transform/search/SearchTransformTests.java ->
|
||||
// qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformTests.java
|
||||
// renamed: x-pack/shield/src/test/java/org/elasticsearch/integration/ShieldCachePermissionTests.java ->
|
||||
// qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/ShieldCachePermissionTests.java
|
||||
|
||||
package org.elasticsearch.messy.tests;
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ admin:
|
|||
- '*'
|
||||
|
||||
# Search and write on both source and destination indices. It should work if you could just search on the source and
|
||||
# write to the destination but that isn't how shield works.
|
||||
# write to the destination but that isn't how security works.
|
||||
minimal:
|
||||
indices:
|
||||
- names: source
|
||||
|
|
@ -3,20 +3,20 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield;
|
||||
package org.elasticsearch.xpack.security;
|
||||
|
||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
|
||||
public class RestIT extends ESRestTestCase {
|
||||
private static final String USER = "test_admin";
|
||||
|
|
@ -32,7 +32,7 @@ public class RestIT extends ESRestTestCase {
|
|||
}
|
||||
|
||||
/**
|
||||
* All tests run as a an administrative user but use <code>es-shield-runas-user</code> to become a less privileged user.
|
||||
* All tests run as a an administrative user but use <code>es-security-runas-user</code> to become a less privileged user.
|
||||
*/
|
||||
@Override
|
||||
protected Settings restClientSettings() {
|
||||
|
|
@ -32,7 +32,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: powerful_user}
|
||||
headers: {es-security-runas-user: powerful_user}
|
||||
reindex:
|
||||
refresh: true
|
||||
body:
|
||||
|
|
@ -65,7 +65,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: minimal_user}
|
||||
headers: {es-security-runas-user: minimal_user}
|
||||
reindex:
|
||||
refresh: true
|
||||
body:
|
||||
|
|
@ -98,7 +98,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: readonly_user}
|
||||
headers: {es-security-runas-user: readonly_user}
|
||||
catch: forbidden
|
||||
reindex:
|
||||
body:
|
||||
|
|
@ -120,7 +120,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: dest_only_user}
|
||||
headers: {es-security-runas-user: dest_only_user}
|
||||
catch: forbidden
|
||||
reindex:
|
||||
body:
|
||||
|
|
@ -147,7 +147,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: dest_only_user}
|
||||
headers: {es-security-runas-user: dest_only_user}
|
||||
catch: forbidden
|
||||
reindex:
|
||||
refresh: true
|
||||
|
|
@ -194,7 +194,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: can_not_see_hidden_docs_user}
|
||||
headers: {es-security-runas-user: can_not_see_hidden_docs_user}
|
||||
reindex:
|
||||
refresh: true
|
||||
body:
|
||||
|
|
@ -237,7 +237,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: can_not_see_hidden_fields_user}
|
||||
headers: {es-security-runas-user: can_not_see_hidden_fields_user}
|
||||
reindex:
|
||||
refresh: true
|
||||
body:
|
||||
|
|
@ -287,7 +287,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: can_not_see_hidden_docs_user}
|
||||
headers: {es-security-runas-user: can_not_see_hidden_docs_user}
|
||||
reindex:
|
||||
body:
|
||||
source:
|
||||
|
|
@ -308,7 +308,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: can_not_see_hidden_fields_user}
|
||||
headers: {es-security-runas-user: can_not_see_hidden_fields_user}
|
||||
reindex:
|
||||
body:
|
||||
source:
|
||||
|
|
@ -41,7 +41,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: powerful_user}
|
||||
headers: {es-security-runas-user: powerful_user}
|
||||
update_by_query:
|
||||
refresh: true
|
||||
index: source
|
||||
|
|
@ -72,7 +72,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: minimal_user}
|
||||
headers: {es-security-runas-user: minimal_user}
|
||||
update_by_query:
|
||||
refresh: true
|
||||
index: source
|
||||
|
|
@ -103,7 +103,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: readonly_user}
|
||||
headers: {es-security-runas-user: readonly_user}
|
||||
catch: forbidden
|
||||
update_by_query:
|
||||
index: source
|
||||
|
|
@ -121,7 +121,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: dest_only_user}
|
||||
headers: {es-security-runas-user: dest_only_user}
|
||||
catch: forbidden
|
||||
update_by_query:
|
||||
index: source
|
||||
|
|
@ -145,7 +145,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: can_not_see_hidden_docs_user}
|
||||
headers: {es-security-runas-user: can_not_see_hidden_docs_user}
|
||||
update_by_query:
|
||||
refresh: true
|
||||
index: source
|
||||
|
|
@ -191,7 +191,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: can_not_see_hidden_fields_user}
|
||||
headers: {es-security-runas-user: can_not_see_hidden_fields_user}
|
||||
update_by_query:
|
||||
index: source
|
||||
body:
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: powerful_user}
|
||||
headers: {es-security-runas-user: powerful_user}
|
||||
delete_by_query:
|
||||
refresh: true
|
||||
index: source
|
||||
|
|
@ -64,7 +64,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: minimal_user}
|
||||
headers: {es-security-runas-user: minimal_user}
|
||||
delete_by_query:
|
||||
refresh: true
|
||||
index: source
|
||||
|
|
@ -91,7 +91,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: readonly_user}
|
||||
headers: {es-security-runas-user: readonly_user}
|
||||
catch: forbidden
|
||||
delete_by_query:
|
||||
refresh: true
|
||||
|
|
@ -118,7 +118,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: dest_only_user}
|
||||
headers: {es-security-runas-user: dest_only_user}
|
||||
catch: forbidden
|
||||
delete_by_query:
|
||||
refresh: true
|
||||
|
|
@ -151,7 +151,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: can_not_see_hidden_docs_user}
|
||||
headers: {es-security-runas-user: can_not_see_hidden_docs_user}
|
||||
delete_by_query:
|
||||
refresh: true
|
||||
index: source
|
||||
|
|
@ -212,7 +212,7 @@
|
|||
indices.refresh: {}
|
||||
|
||||
- do:
|
||||
headers: {es-shield-runas-user: can_not_see_hidden_fields_user}
|
||||
headers: {es-security-runas-user: can_not_see_hidden_fields_user}
|
||||
delete_by_query:
|
||||
refresh: true
|
||||
index: source
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield.qa;
|
||||
package org.elasticsearch.xpack.security.qa;
|
||||
|
||||
import org.elasticsearch.ElasticsearchSecurityException;
|
||||
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
|
||||
|
|
@ -13,8 +13,8 @@ import org.elasticsearch.client.transport.TransportClient;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.transport.TransportAddress;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.shield.Security;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.Security;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.test.ESIntegTestCase;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
|
||||
|
|
@ -23,14 +23,14 @@ import java.util.Collections;
|
|||
import java.util.List;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
|
||||
/**
|
||||
* Integration tests that test a transport client with Shield being loaded that connect to an external cluster
|
||||
* Integration tests that test a transport client with security being loaded that connect to an external cluster
|
||||
*/
|
||||
public class ShieldTransportClientIT extends ESIntegTestCase {
|
||||
public class SecurityTransportClientIT extends ESIntegTestCase {
|
||||
static final String ADMIN_USER_PW = "test_user:changeme";
|
||||
static final String TRANSPORT_USER_PW = "transport:changeme";
|
||||
|
||||
|
|
@ -8,7 +8,7 @@ package org.elasticsearch.example;
|
|||
import org.elasticsearch.example.realm.CustomAuthenticationFailureHandler;
|
||||
import org.elasticsearch.example.realm.CustomRealm;
|
||||
import org.elasticsearch.example.realm.CustomRealmFactory;
|
||||
import org.elasticsearch.shield.authc.AuthenticationModule;
|
||||
import org.elasticsearch.xpack.security.authc.AuthenticationModule;
|
||||
import org.elasticsearch.xpack.extensions.XPackExtension;
|
||||
|
||||
import java.security.AccessController;
|
||||
|
|
@ -8,8 +8,8 @@ package org.elasticsearch.example.realm;
|
|||
import org.elasticsearch.ElasticsearchSecurityException;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.rest.RestRequest;
|
||||
import org.elasticsearch.shield.authc.AuthenticationToken;
|
||||
import org.elasticsearch.shield.authc.DefaultAuthenticationFailureHandler;
|
||||
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
|
||||
import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler;
|
||||
import org.elasticsearch.transport.TransportMessage;
|
||||
|
||||
public class CustomAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler {
|
||||
|
|
@ -6,12 +6,12 @@
|
|||
package org.elasticsearch.example.realm;
|
||||
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.shield.user.User;
|
||||
import org.elasticsearch.shield.authc.AuthenticationToken;
|
||||
import org.elasticsearch.shield.authc.Realm;
|
||||
import org.elasticsearch.shield.authc.RealmConfig;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.xpack.security.user.User;
|
||||
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
|
||||
import org.elasticsearch.xpack.security.authc.Realm;
|
||||
import org.elasticsearch.xpack.security.authc.RealmConfig;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||
|
||||
public class CustomRealm extends Realm<UsernamePasswordToken> {
|
||||
|
||||
|
|
@ -7,8 +7,8 @@ package org.elasticsearch.example.realm;
|
|||
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
import org.elasticsearch.rest.RestController;
|
||||
import org.elasticsearch.shield.authc.Realm;
|
||||
import org.elasticsearch.shield.authc.RealmConfig;
|
||||
import org.elasticsearch.xpack.security.authc.Realm;
|
||||
import org.elasticsearch.xpack.security.authc.RealmConfig;
|
||||
|
||||
public class CustomRealmFactory extends Realm.Factory<CustomRealm> {
|
||||
|
||||
|
|
@ -6,10 +6,10 @@
|
|||
package org.elasticsearch.example.realm;
|
||||
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.shield.user.User;
|
||||
import org.elasticsearch.shield.authc.RealmConfig;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.xpack.security.user.User;
|
||||
import org.elasticsearch.xpack.security.authc.RealmConfig;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
|
|
@ -1,114 +0,0 @@
|
|||
<?xml version="1.0"?>
|
||||
<!--
|
||||
~ ELASTICSEARCH CONFIDENTIAL
|
||||
~ __________________
|
||||
~
|
||||
~ [2014] Elasticsearch Incorporated. All Rights Reserved.
|
||||
~
|
||||
~ NOTICE: All information contained herein is, and remains
|
||||
~ the property of Elasticsearch Incorporated and its suppliers,
|
||||
~ if any. The intellectual and technical concepts contained
|
||||
~ herein are proprietary to Elasticsearch Incorporated
|
||||
~ and its suppliers and may be covered by U.S. and Foreign Patents,
|
||||
~ patents in process, and are protected by trade secret or copyright law.
|
||||
~ Dissemination of this information or reproduction of this material
|
||||
~ is strictly forbidden unless prior written permission is obtained
|
||||
~ from Elasticsearch Incorporated.
|
||||
-->
|
||||
|
||||
<project name="smoke-test-watcher-and-shield"
|
||||
xmlns:ac="antlib:net.sf.antcontrib">
|
||||
|
||||
<import file="${elasticsearch.integ.antfile.default}"/>
|
||||
|
||||
<!-- redefined to work with auth -->
|
||||
<macrodef name="waitfor-elasticsearch">
|
||||
<attribute name="port"/>
|
||||
<attribute name="timeoutproperty"/>
|
||||
<sequential>
|
||||
<echo>Waiting for elasticsearch to become available on port @{port}...</echo>
|
||||
<waitfor maxwait="30" maxwaitunit="second"
|
||||
checkevery="500" checkeveryunit="millisecond"
|
||||
timeoutproperty="@{timeoutproperty}">
|
||||
<socket server="127.0.0.1" port="@{port}"/>
|
||||
</waitfor>
|
||||
</sequential>
|
||||
</macrodef>
|
||||
|
||||
<target name="start-external-cluster-with-found-license-and-shield" depends="setup-workspace">
|
||||
<ac:for list="${xplugins.list}" param="xplugin.name">
|
||||
<sequential>
|
||||
<fail message="Expected @{xplugin.name}-${version}.zip as a dependency, but could not be found in ${integ.deps}/plugins}">
|
||||
<condition>
|
||||
<not>
|
||||
<available file="${integ.deps}/plugins/@{xplugin.name}-${elasticsearch.version}.zip" />
|
||||
</not>
|
||||
</condition>
|
||||
</fail>
|
||||
</sequential>
|
||||
</ac:for>
|
||||
|
||||
<ac:for param="file">
|
||||
<path>
|
||||
<fileset dir="${integ.deps}/plugins"/>
|
||||
</path>
|
||||
<sequential>
|
||||
<local name="plugin.name"/>
|
||||
<convert-plugin-name file="@{file}" outputproperty="plugin.name"/>
|
||||
<install-plugin name="${plugin.name}" file="@{file}"/>
|
||||
</sequential>
|
||||
</ac:for>
|
||||
|
||||
<local name="home"/>
|
||||
<property name="home" location="${integ.scratch}/elasticsearch-${elasticsearch.version}"/>
|
||||
|
||||
<echo>Adding roles.yml with watcher roles</echo>
|
||||
<copy file="watcher-with-shield-roles.yml" tofile="${home}/config/x-pack/roles.yml" overwrite="true"/>
|
||||
|
||||
<echo>Adding shield users...</echo>
|
||||
<run-script script="${home}/bin/x-pack/esusers">
|
||||
<nested>
|
||||
<arg value="useradd"/>
|
||||
<arg value="test_admin"/>
|
||||
<arg value="-p"/>
|
||||
<arg value="changeme"/>
|
||||
<arg value="-r"/>
|
||||
<arg value="admin"/>
|
||||
</nested>
|
||||
</run-script>
|
||||
<run-script script="${home}/bin/x-pack/esusers">
|
||||
<nested>
|
||||
<arg value="useradd"/>
|
||||
<arg value="watcher_manager"/>
|
||||
<arg value="-p"/>
|
||||
<arg value="changeme"/>
|
||||
<arg value="-r"/>
|
||||
<arg value="watcher_manager"/>
|
||||
</nested>
|
||||
</run-script>
|
||||
<run-script script="${home}/bin/x-pack/esusers">
|
||||
<nested>
|
||||
<arg value="useradd"/>
|
||||
<arg value="powerless_user"/>
|
||||
<arg value="-p"/>
|
||||
<arg value="changeme"/>
|
||||
<arg value="-r"/>
|
||||
<arg value="crapy_role"/>
|
||||
</nested>
|
||||
</run-script>
|
||||
|
||||
<startup-elasticsearch>
|
||||
<!-- Useful for when debugging -->
|
||||
<!--<additional-args>-->
|
||||
<!--<arg value="-Des.http.cors.enabled=true"/>-->
|
||||
<!--<arg value="-Des.http.cors.allow-origin=*"/>-->
|
||||
<!--</additional-args>-->
|
||||
</startup-elasticsearch>
|
||||
|
||||
<echo>Checking we can connect with basic auth on port ${integ.http.port}...</echo>
|
||||
<local name="temp.file"/>
|
||||
<tempfile property="temp.file" destdir="${java.io.tmpdir}"/>
|
||||
<get src="http://127.0.0.1:${integ.http.port}" dest="${temp.file}"
|
||||
username="test_admin" password="changeme" verbose="true" retries="10"/>
|
||||
</target>
|
||||
</project>
|
||||
|
|
@ -1,95 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.smoketest;
|
||||
|
||||
import org.elasticsearch.Version;
|
||||
import org.elasticsearch.action.get.GetResponse;
|
||||
import org.elasticsearch.common.Strings;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.index.IndexNotFoundException;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.test.ESIntegTestCase;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.elasticsearch.shield.Shield;
|
||||
import org.hamcrest.Matcher;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.nullValue;
|
||||
|
||||
public class MarvelClusterInfoIT extends ESIntegTestCase {
|
||||
|
||||
static final String ADMIN_USER_PW = "test_admin:changeme";
|
||||
|
||||
@Override
|
||||
protected Settings externalClusterClientSettings() {
|
||||
return Settings.builder()
|
||||
.put(Shield.USER_SETTING.getKey(), ADMIN_USER_PW)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Collection<Class<? extends Plugin>> transportClientPlugins() {
|
||||
return Collections.singletonList(XPackPlugin.class);
|
||||
}
|
||||
|
||||
public void testMarvelClusterInfoCollectorWorks() throws Exception {
|
||||
final String clusterUUID = client().admin().cluster().prepareState().setMetaData(true).get().getState().metaData().clusterUUID();
|
||||
assertTrue(Strings.hasText(clusterUUID));
|
||||
awaitIndexExists(".monitoring-es-data");
|
||||
ensureYellow(".monitoring-es-data");
|
||||
awaitMarvelDocsCount(equalTo(1L), "cluster_info");
|
||||
GetResponse response = client().prepareGet(".monitoring-es-data", "cluster_info", clusterUUID).get();
|
||||
assertTrue(".monitoring-es-data" + " document does not exist", response.isExists());
|
||||
Map<String, Object> source = response.getSource();
|
||||
assertThat((String) source.get("cluster_name"), equalTo(cluster().getClusterName()));
|
||||
assertThat((String) source.get("version"), equalTo(Version.CURRENT.toString()));
|
||||
|
||||
Object licenseObj = source.get("license");
|
||||
assertThat(licenseObj, nullValue());
|
||||
}
|
||||
|
||||
protected void awaitMarvelDocsCount(Matcher<Long> matcher, String... types) throws Exception {
|
||||
flush();
|
||||
refresh();
|
||||
assertBusy(new Runnable() {
|
||||
@Override
|
||||
public void run() {
|
||||
assertMarvelDocsCount(matcher, types);
|
||||
}
|
||||
}, 30, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
protected void assertMarvelDocsCount(Matcher<Long> matcher, String... types) {
|
||||
try {
|
||||
long count = client().prepareSearch(".monitoring-es-data").setSize(0)
|
||||
.setTypes(types).get().getHits().totalHits();
|
||||
logger.trace("--> searched for [{}] documents, found [{}]", Strings.arrayToCommaDelimitedString(types), count);
|
||||
assertThat(count, matcher);
|
||||
} catch (IndexNotFoundException e) {
|
||||
assertThat(0L, matcher);
|
||||
}
|
||||
}
|
||||
|
||||
protected void awaitIndexExists(final String... indices) throws Exception {
|
||||
assertBusy(new Runnable() {
|
||||
@Override
|
||||
public void run() {
|
||||
assertIndicesExists(indices);
|
||||
}
|
||||
}, 30, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
protected void assertIndicesExists(String... indices) {
|
||||
logger.trace("checking if index exists [{}]", Strings.arrayToCommaDelimitedString(indices));
|
||||
assertThat(client().admin().indices().prepareExists(indices).get().isExists(), is(true));
|
||||
}
|
||||
}
|
||||
|
|
@ -1,98 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.smoketest;
|
||||
|
||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||
import org.apache.http.client.methods.HttpPut;
|
||||
import org.apache.http.impl.client.CloseableHttpClient;
|
||||
import org.apache.http.impl.client.HttpClients;
|
||||
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
|
||||
import org.elasticsearch.client.support.Headers;
|
||||
import org.elasticsearch.common.network.NetworkAddress;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.shield.Shield;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.InetSocketAddress;
|
||||
import java.net.URI;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
|
||||
public class WatcherWithShieldIT extends ESRestTestCase {
|
||||
|
||||
private final static String TEST_ADMIN_USERNAME = "test_admin";
|
||||
private final static String TEST_ADMIN_PASSWORD = "changeme";
|
||||
|
||||
public WatcherWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||
super(testCandidate);
|
||||
}
|
||||
|
||||
@ParametersFactory
|
||||
public static Iterable<Object[]> parameters() throws IOException, RestTestParseException {
|
||||
return ESRestTestCase.createParameters(0, 1);
|
||||
}
|
||||
|
||||
@Before
|
||||
public void startWatcher() throws Exception {
|
||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
||||
InetSocketAddress address = cluster().httpAddresses()[0];
|
||||
HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.format(address.getAddress()), address.getPort(), "/_xpack/watcher/_start", null, null));
|
||||
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
|
||||
request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
|
||||
client.execute(request);
|
||||
}
|
||||
}
|
||||
|
||||
@After
|
||||
public void stopWatcher() throws Exception {
|
||||
try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
|
||||
InetSocketAddress address = cluster().httpAddresses()[0];
|
||||
HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.format(address.getAddress()), address.getPort(), "/_xpack/watcher/_stop", null, null));
|
||||
String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
|
||||
request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
|
||||
client.execute(request);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Settings restClientSettings() {
|
||||
String[] credentials = getCredentials();
|
||||
String token = basicAuthHeaderValue(credentials[0], new SecuredString(credentials[1].toCharArray()));
|
||||
return Settings.builder()
|
||||
.put(Headers.PREFIX + ".Authorization", token)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Settings externalClusterClientSettings() {
|
||||
return Settings.builder()
|
||||
.put(Shield.USER_SETTING.getKey(), TEST_ADMIN_USERNAME + ":" + TEST_ADMIN_PASSWORD)
|
||||
.build();
|
||||
}
|
||||
|
||||
protected String[] getCredentials() {
|
||||
return new String[]{"watcher_manager", "changeme"};
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Collection<Class<? extends Plugin>> transportClientPlugins() {
|
||||
return Collections.<Class<? extends Plugin>>singleton(XPackPlugin.class);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.smoketest;
|
||||
|
||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.hamcrest.Matchers.anyOf;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
|
||||
public class WatcherWithShieldInsufficientRoleIT extends WatcherWithShieldIT {
|
||||
public WatcherWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||
super(testCandidate);
|
||||
}
|
||||
|
||||
public void test() throws IOException {
|
||||
try {
|
||||
super.test();
|
||||
fail();
|
||||
} catch(AssertionError ae) {
|
||||
assertThat(ae.getMessage(), anyOf(containsString("action [cluster:monitor/watcher/"), containsString("action [cluster:admin/watcher/")));
|
||||
assertThat(ae.getMessage(), containsString("returned [403 Forbidden]"));
|
||||
assertThat(ae.getMessage(), containsString("is unauthorized for user [powerless_user]"));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String[] getCredentials() {
|
||||
return new String[]{"powerless_user", "changeme"};
|
||||
}
|
||||
}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
admin:
|
||||
cluster: all
|
||||
indices:
|
||||
'*': all
|
||||
|
||||
watcher_manager:
|
||||
cluster: manage
|
||||
indices:
|
||||
'.watcher-history-*': all
|
||||
|
||||
watcher_monitor:
|
||||
cluster: monitor
|
||||
indices:
|
||||
'.watcher-history-*': read
|
||||
|
||||
crapy_role:
|
||||
cluster:
|
||||
- cluster:monitor/nodes/info
|
||||
- cluster:monitor/health
|
||||
- cluster:monitor/nodes/liveness
|
||||
|
|
@ -9,22 +9,23 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
|
|||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
|
||||
|
||||
public class GraphWithShieldIT extends ESRestTestCase {
|
||||
public class GraphWithSecurityIT extends ESRestTestCase {
|
||||
|
||||
private final static String TEST_ADMIN_USERNAME = "test_admin";
|
||||
private final static String TEST_ADMIN_PASSWORD = "changeme";
|
||||
|
||||
public GraphWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||
public GraphWithSecurityIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||
super(testCandidate);
|
||||
}
|
||||
|
||||
|
|
@ -7,15 +7,14 @@ package org.elasticsearch.smoketest;
|
|||
|
||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
|
||||
public class GraphWithShieldInsufficientRoleIT extends GraphWithShieldIT {
|
||||
public class GraphWithSecurityInsufficientRoleIT extends GraphWithSecurityIT {
|
||||
|
||||
public GraphWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||
public GraphWithSecurityInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||
super(testCandidate);
|
||||
}
|
||||
|
||||
|
|
@ -9,19 +9,19 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
|
|||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
|
||||
public class MonitoringWithShieldInsufficientRoleIT extends ESRestTestCase {
|
||||
public class MonitoringWithSecurityInsufficientRoleIT extends ESRestTestCase {
|
||||
|
||||
public MonitoringWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||
public MonitoringWithSecurityInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||
super(testCandidate);
|
||||
}
|
||||
|
||||
|
|
@ -9,18 +9,18 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
|
|||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
|
||||
public class MonitoringWithShieldIT extends ESRestTestCase {
|
||||
public class MonitoringWithSecurityIT extends ESRestTestCase {
|
||||
|
||||
public MonitoringWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||
public MonitoringWithSecurityIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||
super(testCandidate);
|
||||
}
|
||||
|
||||
|
|
@ -12,8 +12,8 @@ import org.elasticsearch.common.io.PathUtils;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.transport.InetSocketTransportAddress;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.shield.Security;
|
||||
import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
|
||||
import org.elasticsearch.xpack.security.Security;
|
||||
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
|
||||
import org.elasticsearch.test.ESIntegTestCase;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.junit.After;
|
||||
|
|
@ -37,14 +37,14 @@ import static org.hamcrest.Matchers.greaterThanOrEqualTo;
|
|||
|
||||
/**
|
||||
* This test checks that a Monitoring's HTTP exporter correctly exports to a monitoring cluster
|
||||
* protected by Shield with HTTPS/SSL.
|
||||
* protected by security with HTTPS/SSL.
|
||||
*
|
||||
* It sets up a cluster with Monitoring and Shield configured with SSL. Once started,
|
||||
* It sets up a cluster with Monitoring and Security configured with SSL. Once started,
|
||||
* an HTTP exporter is activated and it exports data locally over HTTPS/SSL. The test
|
||||
* then uses a transport client to check that the data have been correctly received and
|
||||
* indexed in the cluster.
|
||||
*/
|
||||
public class SmokeTestMonitoringWithShieldIT extends ESIntegTestCase {
|
||||
public class SmokeTestMonitoringWithSecurityIT extends ESIntegTestCase {
|
||||
|
||||
private static final String USER = "test_user";
|
||||
private static final String PASS = "changeme";
|
||||
|
|
@ -61,7 +61,7 @@ public class SmokeTestMonitoringWithShieldIT extends ESIntegTestCase {
|
|||
protected Settings externalClusterClientSettings() {
|
||||
return Settings.builder()
|
||||
.put(Security.USER_SETTING.getKey(), USER + ":" + PASS)
|
||||
.put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
|
||||
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
|
||||
.put("xpack.security.ssl.keystore.path", clientKeyStore)
|
||||
.put("xpack.security.ssl.keystore.password", KEYSTORE_PASS)
|
||||
.build();
|
||||
|
|
@ -133,7 +133,7 @@ public class SmokeTestMonitoringWithShieldIT extends ESIntegTestCase {
|
|||
@BeforeClass
|
||||
public static void loadKeyStore() {
|
||||
try {
|
||||
clientKeyStore = PathUtils.get(SmokeTestMonitoringWithShieldIT.class.getResource("/test-client.jks").toURI());
|
||||
clientKeyStore = PathUtils.get(SmokeTestMonitoringWithSecurityIT.class.getResource("/test-client.jks").toURI());
|
||||
} catch (URISyntaxException e) {
|
||||
throw new ElasticsearchException("exception while reading the store", e);
|
||||
}
|
||||
|
|
@ -11,7 +11,7 @@ import org.elasticsearch.ElasticsearchException;
|
|||
import org.elasticsearch.common.io.PathUtils;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||
import org.elasticsearch.test.rest.client.RestTestClient;
|
||||
|
|
@ -24,7 +24,7 @@ import java.net.URISyntaxException;
|
|||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
|
||||
public class SmokeTestPluginsSslIT extends ESRestTestCase {
|
||||
|
||||
|
|
|
|||
|
|
@ -9,14 +9,14 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
|
|||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
|
||||
public class SmokeTestPluginsIT extends ESRestTestCase {
|
||||
|
||||
|
|
|
|||
|
|
@ -9,25 +9,28 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
|
|||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static java.util.Collections.emptyList;
|
||||
import static java.util.Collections.emptyMap;
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
|
||||
public class WatcherWithShieldIT extends ESRestTestCase {
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
|
||||
|
||||
public class WatcherWithSecurityIT extends ESRestTestCase {
|
||||
|
||||
private final static String TEST_ADMIN_USERNAME = "test_admin";
|
||||
private final static String TEST_ADMIN_PASSWORD = "changeme";
|
||||
|
||||
public WatcherWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||
public WatcherWithSecurityIT(@Name("yaml") RestTestCandidate testCandidate) {
|
||||
super(testCandidate);
|
||||
}
|
||||
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
"Test watcher is protected by shield":
|
||||
"Test watcher is protected by security":
|
||||
- do:
|
||||
headers: { es-shield-runas-user: powerless_user }
|
||||
headers: { es-security-runas-user: powerless_user }
|
||||
catch: forbidden
|
||||
xpack.watcher.stats: {}
|
||||
# there seems to be a bug in the yaml parser we use, where a single element list
|
||||
|
|
@ -16,14 +16,14 @@
|
|||
~ from Elasticsearch Incorporated.
|
||||
-->
|
||||
|
||||
<project name="smoke-test-tribe-node-with-shield"
|
||||
<project name="smoke-test-tribe-node-with-security"
|
||||
xmlns:ac="antlib:net.sf.antcontrib">
|
||||
|
||||
<taskdef name="xhttp" classname="org.elasticsearch.ant.HttpTask" classpath="${test_classpath}" />
|
||||
<typedef name="xhttp" classname="org.elasticsearch.ant.HttpCondition" classpath="${test_classpath}"/>
|
||||
|
||||
<import file="${elasticsearch.integ.antfile.default}"/>
|
||||
<import file="${elasticsearch.tools.directory}/ant/shield-overrides.xml"/>
|
||||
<import file="${elasticsearch.tools.directory}/ant/security-overrides.xml"/>
|
||||
|
||||
<property name="tribe_node.pidfile" location="${integ.scratch}/tribe-node.pid"/>
|
||||
<available property="tribe_node.pidfile.exists" file="${tribe_node.pidfile}"/>
|
||||
|
|
@ -47,7 +47,7 @@
|
|||
</sequential>
|
||||
</macrodef>
|
||||
|
||||
<target name="start-tribe-node-and-2-clusters-with-shield" depends="setup-workspace">
|
||||
<target name="start-tribe-node-and-2-clusters-with-security" depends="setup-workspace">
|
||||
<ac:for list="${xplugins.list}" param="xplugin.name">
|
||||
<sequential>
|
||||
<fail message="Expected @{xplugin.name}-${version}.zip as a dependency, but could not be found in ${integ.deps}/plugins}">
|
||||
|
|
@ -75,9 +75,9 @@
|
|||
<property name="home" location="${integ.scratch}/elasticsearch-${elasticsearch.version}"/>
|
||||
|
||||
<echo>Adding roles.yml</echo>
|
||||
<copy file="shield-roles.yml" tofile="${home}/config/x-pack/roles.yml" overwrite="true"/>
|
||||
<copy file="roles.yml" tofile="${home}/config/x-pack/roles.yml" overwrite="true"/>
|
||||
|
||||
<echo>Adding shield users...</echo>
|
||||
<echo>Adding security users...</echo>
|
||||
<run-script script="${home}/bin/x-pack/esusers">
|
||||
<nested>
|
||||
<arg value="useradd"/>
|
||||
|
|
@ -3,20 +3,20 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield;
|
||||
package org.elasticsearch.xpack.security;
|
||||
|
||||
import com.carrotsearch.randomizedtesting.annotations.Name;
|
||||
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
|
||||
import org.elasticsearch.client.support.Headers;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.test.rest.ESRestTestCase;
|
||||
import org.elasticsearch.test.rest.RestTestCandidate;
|
||||
import org.elasticsearch.test.rest.parser.RestTestParseException;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
|
||||
public class RestIT extends TribeRestTestCase {
|
||||
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield;
|
||||
package org.elasticsearch.xpack.security;
|
||||
|
||||
import com.carrotsearch.randomizedtesting.RandomizedTest;
|
||||
import com.carrotsearch.randomizedtesting.annotations.TestGroup;
|
||||
|
|
@ -24,7 +24,7 @@ dependencies {
|
|||
compile project(':x-plugins:elasticsearch:license:base')
|
||||
testCompile project(':x-plugins:elasticsearch:license:licensor')
|
||||
|
||||
// shield deps
|
||||
// security deps
|
||||
compile 'dk.brics.automaton:automaton:1.11-8'
|
||||
compile 'com.unboundid:unboundid-ldapsdk:2.3.8'
|
||||
compile 'org.bouncycastle:bcprov-jdk15on:1.54'
|
||||
|
|
@ -33,7 +33,7 @@ dependencies {
|
|||
|
||||
// watcher deps
|
||||
compile 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:r239'
|
||||
compile 'com.google.guava:guava:16.0.1' // needed by watcher for the html sanitizer and shield tests for jimfs
|
||||
compile 'com.google.guava:guava:16.0.1' // needed by watcher for the html sanitizer and security tests for jimfs
|
||||
compile 'com.sun.mail:javax.mail:1.5.3'
|
||||
// HACK: java 9 removed javax.activation from the default modules, so instead of trying to add modules, which would have
|
||||
// to be conditionalized for java 8/9, we pull in the classes directly
|
||||
|
|
@ -57,7 +57,7 @@ dependencies {
|
|||
|
||||
// we keep the source directories in the original structure of split plugins,
|
||||
// in order to facilitate backports to 2.x. TODO: remove after 5.0 release
|
||||
for (String module : ['', 'license-plugin/', 'shield/', 'watcher/', 'marvel/', 'graph/']) {
|
||||
for (String module : ['', 'license-plugin/', 'security/', 'watcher/', 'marvel/', 'graph/']) {
|
||||
sourceSets {
|
||||
main {
|
||||
java.srcDir("${module}src/main/java")
|
||||
|
|
@ -116,10 +116,10 @@ bundlePlugin {
|
|||
from('bin/x-pack') {
|
||||
into 'bin'
|
||||
}
|
||||
from('shield/bin/x-pack') {
|
||||
from('security/bin/x-pack') {
|
||||
into 'bin'
|
||||
}
|
||||
from('shield/config/x-pack') {
|
||||
from('security/config/x-pack') {
|
||||
into 'config'
|
||||
}
|
||||
from('watcher/bin/x-pack') {
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ import org.elasticsearch.script.NativeScriptFactory;
|
|||
import org.elasticsearch.script.Script;
|
||||
import org.elasticsearch.script.ScriptModule;
|
||||
import org.elasticsearch.script.ScriptService.ScriptType;
|
||||
import org.elasticsearch.shield.Security;
|
||||
import org.elasticsearch.xpack.security.Security;
|
||||
import org.elasticsearch.test.ESSingleNodeTestCase;
|
||||
import org.elasticsearch.xpack.watcher.Watcher;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
|
|
@ -127,7 +127,7 @@ public class GraphTests extends ESSingleNodeTestCase {
|
|||
|
||||
@Override
|
||||
public Settings nodeSettings() {
|
||||
// Disable Shield otherwise authentication failures happen creating indices.
|
||||
// Disable security otherwise authentication failures happen creating indices.
|
||||
Builder newSettings = Settings.builder();
|
||||
newSettings.put(XPackPlugin.featureEnabledSetting(Security.NAME), false);
|
||||
newSettings.put(XPackPlugin.featureEnabledSetting(Monitoring.NAME), false);
|
||||
|
|
|
|||
|
|
@ -415,7 +415,7 @@ public class LicensesService extends AbstractLifecycleComponent<LicensesService>
|
|||
long issueDate = System.currentTimeMillis();
|
||||
License.Builder specBuilder = License.builder()
|
||||
.uid(UUID.randomUUID().toString())
|
||||
.issuedTo(clusterService.state().getClusterName().value())
|
||||
.issuedTo(clusterService.getClusterName().value())
|
||||
.maxNodes(trialLicenseMaxNodes)
|
||||
.issueDate(issueDate)
|
||||
.expiryDate(issueDate + trialLicenseDuration.getMillis());
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ import org.elasticsearch.license.plugin.core.LicensesMetaData;
|
|||
import org.elasticsearch.license.plugin.core.LicensesStatus;
|
||||
import org.elasticsearch.marvel.Monitoring;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.shield.Security;
|
||||
import org.elasticsearch.xpack.security.Security;
|
||||
import org.elasticsearch.test.ESIntegTestCase;
|
||||
import org.elasticsearch.test.InternalTestCluster;
|
||||
import org.elasticsearch.xpack.watcher.Watcher;
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ import org.elasticsearch.license.plugin.core.LicensesStatus;
|
|||
import org.elasticsearch.marvel.Monitoring;
|
||||
import org.elasticsearch.node.Node;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.shield.Security;
|
||||
import org.elasticsearch.xpack.security.Security;
|
||||
import org.elasticsearch.test.ESSingleNodeTestCase;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.elasticsearch.xpack.watcher.Watcher;
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ import org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing;
|
|||
import org.elasticsearch.marvel.Monitoring;
|
||||
import org.elasticsearch.node.Node;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.shield.Security;
|
||||
import org.elasticsearch.xpack.security.Security;
|
||||
import org.elasticsearch.test.ESIntegTestCase;
|
||||
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
||||
import org.elasticsearch.test.ESIntegTestCase.Scope;
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import org.elasticsearch.action.ActionModule;
|
|||
import org.elasticsearch.common.component.LifecycleComponent;
|
||||
import org.elasticsearch.common.inject.Module;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.settings.Setting;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.settings.SettingsModule;
|
||||
import org.elasticsearch.marvel.action.MonitoringBulkAction;
|
||||
|
|
@ -20,9 +19,7 @@ import org.elasticsearch.marvel.agent.exporter.ExporterModule;
|
|||
import org.elasticsearch.marvel.cleaner.CleanerService;
|
||||
import org.elasticsearch.marvel.client.MonitoringClientModule;
|
||||
import org.elasticsearch.marvel.rest.action.RestMonitoringBulkAction;
|
||||
import org.elasticsearch.marvel.support.init.proxy.MonitoringClientProxy;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.elasticsearch.xpack.common.init.LazyInitializationModule;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
|
|
@ -80,9 +77,6 @@ public class Monitoring {
|
|||
CleanerService.class);
|
||||
}
|
||||
|
||||
public void onModule(SettingsModule module) {
|
||||
}
|
||||
|
||||
public void onModule(ActionModule module) {
|
||||
if (enabled && tribeNode == false) {
|
||||
module.registerAction(MonitoringBulkAction.INSTANCE, TransportMonitoringBulkAction.class);
|
||||
|
|
@ -95,12 +89,6 @@ public class Monitoring {
|
|||
}
|
||||
}
|
||||
|
||||
public void onModule(LazyInitializationModule module) {
|
||||
if (enabled && tribeNode == false) {
|
||||
module.registerLazyInitializable(MonitoringClientProxy.class);
|
||||
}
|
||||
}
|
||||
|
||||
public static boolean enabled(Settings settings) {
|
||||
return MonitoringSettings.ENABLED.get(settings);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ import org.elasticsearch.marvel.MonitoringSettings;
|
|||
import org.elasticsearch.marvel.agent.collector.AbstractCollector;
|
||||
import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
|
||||
import org.elasticsearch.marvel.MonitoringLicensee;
|
||||
import org.elasticsearch.shield.InternalClient;
|
||||
import org.elasticsearch.xpack.security.InternalClient;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ import org.elasticsearch.marvel.MonitoringSettings;
|
|||
import org.elasticsearch.marvel.agent.collector.AbstractCollector;
|
||||
import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
|
||||
import org.elasticsearch.marvel.MonitoringLicensee;
|
||||
import org.elasticsearch.shield.InternalClient;
|
||||
import org.elasticsearch.xpack.security.InternalClient;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
|
|
@ -41,17 +41,15 @@ public class ClusterStatsCollector extends AbstractCollector<ClusterStatsCollect
|
|||
|
||||
public static final String NAME = "cluster-stats-collector";
|
||||
|
||||
private final ClusterName clusterName;
|
||||
private final LicensesManagerService licensesManagerService;
|
||||
private final Client client;
|
||||
|
||||
@Inject
|
||||
public ClusterStatsCollector(Settings settings, ClusterService clusterService,
|
||||
MonitoringSettings monitoringSettings, MonitoringLicensee licensee, InternalClient client,
|
||||
LicensesManagerService licensesManagerService, ClusterName clusterName) {
|
||||
LicensesManagerService licensesManagerService) {
|
||||
super(settings, NAME, clusterService, monitoringSettings, licensee);
|
||||
this.client = client;
|
||||
this.clusterName = clusterName;
|
||||
this.licensesManagerService = licensesManagerService;
|
||||
}
|
||||
|
||||
|
|
@ -86,7 +84,7 @@ public class ClusterStatsCollector extends AbstractCollector<ClusterStatsCollect
|
|||
clusterInfoDoc.setClusterUUID(clusterUUID);
|
||||
clusterInfoDoc.setTimestamp(timestamp);
|
||||
clusterInfoDoc.setSourceNode(sourceNode);
|
||||
clusterInfoDoc.setClusterName(clusterName.value());
|
||||
clusterInfoDoc.setClusterName(clusterService.getClusterName().value());
|
||||
clusterInfoDoc.setVersion(Version.CURRENT.toString());
|
||||
clusterInfoDoc.setLicense(licensesManagerService.getLicense());
|
||||
clusterInfoDoc.setClusterStats(clusterStats);
|
||||
|
|
|
|||
|
|
@ -17,8 +17,8 @@ import org.elasticsearch.marvel.MonitoringSettings;
|
|||
import org.elasticsearch.marvel.agent.collector.AbstractCollector;
|
||||
import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
|
||||
import org.elasticsearch.marvel.MonitoringLicensee;
|
||||
import org.elasticsearch.shield.InternalClient;
|
||||
import org.elasticsearch.shield.Security;
|
||||
import org.elasticsearch.xpack.security.InternalClient;
|
||||
import org.elasticsearch.xpack.security.Security;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
|
|
|
|||
|
|
@ -19,8 +19,8 @@ import org.elasticsearch.marvel.MonitoringSettings;
|
|||
import org.elasticsearch.marvel.agent.collector.AbstractCollector;
|
||||
import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
|
||||
import org.elasticsearch.marvel.MonitoringLicensee;
|
||||
import org.elasticsearch.shield.InternalClient;
|
||||
import org.elasticsearch.shield.Security;
|
||||
import org.elasticsearch.xpack.security.InternalClient;
|
||||
import org.elasticsearch.xpack.security.Security;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
|
|
|
|||
|
|
@ -17,8 +17,8 @@ import org.elasticsearch.marvel.MonitoringSettings;
|
|||
import org.elasticsearch.marvel.agent.collector.AbstractCollector;
|
||||
import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
|
||||
import org.elasticsearch.marvel.MonitoringLicensee;
|
||||
import org.elasticsearch.shield.InternalClient;
|
||||
import org.elasticsearch.shield.Security;
|
||||
import org.elasticsearch.xpack.security.InternalClient;
|
||||
import org.elasticsearch.xpack.security.Security;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ import org.elasticsearch.marvel.MonitoringSettings;
|
|||
import org.elasticsearch.marvel.agent.collector.AbstractCollector;
|
||||
import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
|
||||
import org.elasticsearch.marvel.MonitoringLicensee;
|
||||
import org.elasticsearch.shield.InternalClient;
|
||||
import org.elasticsearch.xpack.security.InternalClient;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ import org.elasticsearch.marvel.agent.exporter.ExportException;
|
|||
import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
|
||||
import org.elasticsearch.marvel.agent.resolver.MonitoringIndexNameResolver;
|
||||
import org.elasticsearch.marvel.agent.resolver.ResolversRegistry;
|
||||
import org.elasticsearch.marvel.support.init.proxy.MonitoringClientProxy;
|
||||
import org.elasticsearch.xpack.common.init.proxy.ClientProxy;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
|
|
@ -28,13 +28,13 @@ import java.util.Collection;
|
|||
public class LocalBulk extends ExportBulk {
|
||||
|
||||
private final ESLogger logger;
|
||||
private final MonitoringClientProxy client;
|
||||
private final ClientProxy client;
|
||||
private final ResolversRegistry resolvers;
|
||||
|
||||
private BulkRequestBuilder requestBuilder;
|
||||
|
||||
|
||||
public LocalBulk(String name, ESLogger logger, MonitoringClientProxy client, ResolversRegistry resolvers) {
|
||||
public LocalBulk(String name, ESLogger logger, ClientProxy client, ResolversRegistry resolvers) {
|
||||
super(name);
|
||||
this.logger = logger;
|
||||
this.client = client;
|
||||
|
|
|
|||
|
|
@ -30,7 +30,8 @@ import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
|
|||
import org.elasticsearch.marvel.agent.resolver.MonitoringIndexNameResolver;
|
||||
import org.elasticsearch.marvel.agent.resolver.ResolversRegistry;
|
||||
import org.elasticsearch.marvel.cleaner.CleanerService;
|
||||
import org.elasticsearch.marvel.support.init.proxy.MonitoringClientProxy;
|
||||
import org.elasticsearch.xpack.common.init.proxy.ClientProxy;
|
||||
import org.elasticsearch.xpack.security.InternalClient;
|
||||
import org.joda.time.DateTime;
|
||||
import org.joda.time.DateTimeZone;
|
||||
|
||||
|
|
@ -50,14 +51,14 @@ public class LocalExporter extends Exporter implements ClusterStateListener, Cle
|
|||
|
||||
public static final String TYPE = "local";
|
||||
|
||||
private final MonitoringClientProxy client;
|
||||
private final ClientProxy client;
|
||||
private final ClusterService clusterService;
|
||||
private final ResolversRegistry resolvers;
|
||||
private final CleanerService cleanerService;
|
||||
|
||||
private final AtomicReference<State> state = new AtomicReference<>(State.INITIALIZED);
|
||||
|
||||
public LocalExporter(Exporter.Config config, MonitoringClientProxy client,
|
||||
public LocalExporter(Exporter.Config config, ClientProxy client,
|
||||
ClusterService clusterService, CleanerService cleanerService) {
|
||||
super(TYPE, config);
|
||||
this.client = client;
|
||||
|
|
@ -303,14 +304,14 @@ public class LocalExporter extends Exporter implements ClusterStateListener, Cle
|
|||
|
||||
public static class Factory extends Exporter.Factory<LocalExporter> {
|
||||
|
||||
private final MonitoringClientProxy client;
|
||||
private final ClientProxy client;
|
||||
private final ClusterService clusterService;
|
||||
private final CleanerService cleanerService;
|
||||
|
||||
@Inject
|
||||
public Factory(MonitoringClientProxy client, ClusterService clusterService, CleanerService cleanerService) {
|
||||
public Factory(InternalClient client, ClusterService clusterService, CleanerService cleanerService) {
|
||||
super(TYPE, true);
|
||||
this.client = client;
|
||||
this.client = new ClientProxy(client);
|
||||
this.clusterService = clusterService;
|
||||
this.cleanerService = cleanerService;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,22 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.marvel.support.init.proxy;
|
||||
|
||||
import org.elasticsearch.client.Client;
|
||||
import org.elasticsearch.shield.InternalClient;
|
||||
import org.elasticsearch.xpack.common.init.proxy.ClientProxy;
|
||||
|
||||
public class MonitoringClientProxy extends ClientProxy {
|
||||
|
||||
/**
|
||||
* Creates a proxy to the given internal client (can be used for testing)
|
||||
*/
|
||||
public static MonitoringClientProxy of(Client client) {
|
||||
MonitoringClientProxy proxy = new MonitoringClientProxy();
|
||||
proxy.client = client instanceof InternalClient ? (InternalClient) client : new InternalClient.Insecure(client);
|
||||
return proxy;
|
||||
}
|
||||
}
|
||||
|
|
@ -20,4 +20,4 @@
|
|||
"enabled": false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -136,6 +136,9 @@
|
|||
},
|
||||
"used_in_bytes": {
|
||||
"type": "float"
|
||||
},
|
||||
"size_limit": {
|
||||
"type": "float"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ package org.elasticsearch.marvel;
|
|||
|
||||
import org.apache.lucene.util.IOUtils;
|
||||
import org.elasticsearch.ElasticsearchException;
|
||||
import org.elasticsearch.Version;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.CollectionUtils;
|
||||
import org.elasticsearch.node.MockNode;
|
||||
|
|
@ -39,7 +38,7 @@ public class MonitoringF {
|
|||
}
|
||||
|
||||
final CountDownLatch latch = new CountDownLatch(1);
|
||||
final Node node = new MockNode(settings.build(), Version.CURRENT,
|
||||
final Node node = new MockNode(settings.build(),
|
||||
Arrays.asList(XPackPlugin.class, XPackPlugin.class, XPackPlugin.class));
|
||||
Runtime.getRuntime().addShutdownHook(new Thread() {
|
||||
|
||||
|
|
|
|||
|
|
@ -88,9 +88,9 @@ public class TransportMonitoringBulkActionTests extends ESTestCase {
|
|||
public void setUp() throws Exception {
|
||||
super.setUp();
|
||||
CapturingTransport transport = new CapturingTransport();
|
||||
clusterService = new ClusterService(Settings.EMPTY, null, new ClusterSettings(Settings.EMPTY,
|
||||
ClusterSettings.BUILT_IN_CLUSTER_SETTINGS), threadPool,
|
||||
new ClusterName(TransportMonitoringBulkActionTests.class.getName()));
|
||||
clusterService = new ClusterService(Settings.builder().put("cluster.name",
|
||||
TransportMonitoringBulkActionTests.class.getName()).build(),
|
||||
new ClusterSettings(Settings.EMPTY, ClusterSettings.BUILT_IN_CLUSTER_SETTINGS), threadPool);
|
||||
clusterService.setLocalNode(new DiscoveryNode("node", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
|
||||
clusterService.setNodeConnectionsService(new NodeConnectionsService(Settings.EMPTY, null, null) {
|
||||
@Override
|
||||
|
|
@ -106,7 +106,7 @@ public class TransportMonitoringBulkActionTests extends ESTestCase {
|
|||
clusterService.setClusterStatePublisher((event, ackListener) -> {});
|
||||
clusterService.start();
|
||||
|
||||
transportService = new TransportService(Settings.EMPTY, transport, threadPool, clusterService.state().getClusterName());
|
||||
transportService = new TransportService(clusterService.getSettings(), transport, threadPool);
|
||||
transportService.start();
|
||||
transportService.acceptIncomingRequests();
|
||||
exportService = new CapturingExporters();
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ import org.elasticsearch.license.plugin.core.LicensesManagerService;
|
|||
import org.elasticsearch.marvel.MonitoringSettings;
|
||||
import org.elasticsearch.marvel.test.MarvelIntegTestCase;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.shield.InternalClient;
|
||||
import org.elasticsearch.xpack.security.InternalClient;
|
||||
import org.elasticsearch.test.ESIntegTestCase;
|
||||
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
|
|
|
|||
|
|
@ -134,8 +134,7 @@ public class ClusterStatsCollectorTests extends AbstractCollectorTestCase {
|
|||
internalCluster().getInstance(MonitoringSettings.class, nodeId),
|
||||
internalCluster().getInstance(MonitoringLicensee.class, nodeId),
|
||||
securedClient(nodeId),
|
||||
internalCluster().getInstance(LicensesManagerService.class, nodeId),
|
||||
internalCluster().getInstance(ClusterName.class, nodeId));
|
||||
internalCluster().getInstance(LicensesManagerService.class, nodeId));
|
||||
}
|
||||
|
||||
private void assertCanCollect(AbstractCollector collector, Class<?>... classes) {
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ public class IndicesStatsCollectorTests extends AbstractCollectorTestCase {
|
|||
waitForNoBlocksOnNode(node);
|
||||
|
||||
try {
|
||||
assertThat(newIndicesStatsCollector(node).doCollect(), hasSize(shieldEnabled ? 0 : 1));
|
||||
assertThat(newIndicesStatsCollector(node).doCollect(), hasSize(securityEnabled ? 0 : 1));
|
||||
} catch (IndexNotFoundException e) {
|
||||
fail("IndexNotFoundException has been thrown but it should have been swallowed by the collector");
|
||||
}
|
||||
|
|
@ -56,7 +56,7 @@ public class IndicesStatsCollectorTests extends AbstractCollectorTestCase {
|
|||
waitForNoBlocksOnNode(node);
|
||||
|
||||
try {
|
||||
assertThat(newIndicesStatsCollector(node).doCollect(), hasSize(shieldEnabled ? 0 : 1));
|
||||
assertThat(newIndicesStatsCollector(node).doCollect(), hasSize(securityEnabled ? 0 : 1));
|
||||
} catch (IndexNotFoundException e) {
|
||||
fail("IndexNotFoundException has been thrown but it should have been swallowed by the collector");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ import org.elasticsearch.marvel.MonitoredSystem;
|
|||
import org.elasticsearch.marvel.agent.collector.AbstractCollectorTestCase;
|
||||
import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
|
||||
import org.elasticsearch.marvel.MonitoringLicensee;
|
||||
import org.elasticsearch.shield.InternalClient;
|
||||
import org.elasticsearch.xpack.security.InternalClient;
|
||||
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
||||
|
||||
import java.util.Collection;
|
||||
|
|
|
|||
|
|
@ -19,8 +19,8 @@ import org.elasticsearch.marvel.MonitoringSettings;
|
|||
import org.elasticsearch.marvel.MonitoredSystem;
|
||||
import org.elasticsearch.marvel.agent.exporter.local.LocalExporter;
|
||||
import org.elasticsearch.marvel.cleaner.CleanerService;
|
||||
import org.elasticsearch.marvel.support.init.proxy.MonitoringClientProxy;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.xpack.common.init.proxy.ClientProxy;
|
||||
import org.junit.Before;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
|
@ -69,7 +69,7 @@ public class ExportersTests extends ESTestCase {
|
|||
clusterService = mock(ClusterService.class);
|
||||
|
||||
// we always need to have the local exporter as it serves as the default one
|
||||
factories.put(LocalExporter.TYPE, new LocalExporter.Factory(MonitoringClientProxy.of(client), clusterService,
|
||||
factories.put(LocalExporter.TYPE, new LocalExporter.Factory(ClientProxy.fromClient(client), clusterService,
|
||||
mock(CleanerService.class)));
|
||||
clusterSettings = new ClusterSettings(Settings.EMPTY, new HashSet<>(Arrays.asList(MonitoringSettings.COLLECTORS,
|
||||
MonitoringSettings.INTERVAL, MonitoringSettings.EXPORTERS_SETTINGS)));
|
||||
|
|
@ -223,7 +223,8 @@ public class ExportersTests extends ESTestCase {
|
|||
|
||||
DiscoveryNodes nodes = mock(DiscoveryNodes.class);
|
||||
when(nodes.isLocalNodeElectedMaster()).thenReturn(true);
|
||||
when(clusterService.state()).thenReturn(ClusterState.builder(ClusterName.DEFAULT).nodes(nodes).build());
|
||||
when(clusterService.state()).thenReturn(ClusterState.builder(ClusterName.CLUSTER_NAME_SETTING.getDefault(Settings.EMPTY))
|
||||
.nodes(nodes).build());
|
||||
|
||||
ExportBulk bulk = exporters.openBulk();
|
||||
assertThat(bulk, notNullValue());
|
||||
|
|
@ -247,7 +248,8 @@ public class ExportersTests extends ESTestCase {
|
|||
|
||||
DiscoveryNodes nodes = mock(DiscoveryNodes.class);
|
||||
when(nodes.isLocalNodeElectedMaster()).thenReturn(false);
|
||||
when(clusterService.state()).thenReturn(ClusterState.builder(ClusterName.DEFAULT).nodes(nodes).build());
|
||||
when(clusterService.state()).thenReturn(ClusterState.builder(ClusterName.CLUSTER_NAME_SETTING.getDefault(Settings.EMPTY))
|
||||
.nodes(nodes).build());
|
||||
|
||||
ExportBulk bulk = exporters.openBulk();
|
||||
assertThat(bulk, notNullValue());
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import org.elasticsearch.Version;
|
|||
import org.elasticsearch.action.admin.cluster.stats.ClusterStatsResponse;
|
||||
import org.elasticsearch.cluster.ClusterName;
|
||||
import org.elasticsearch.cluster.node.DiscoveryNode;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.transport.DummyTransportAddress;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.common.xcontent.XContentType;
|
||||
|
|
@ -45,8 +46,8 @@ public class ClusterInfoResolverTests extends MonitoringIndexNameResolverTestCas
|
|||
doc.setVersion(randomFrom(Version.V_2_0_0, Version.CURRENT).toString());
|
||||
doc.setLicense(licenseBuilder.build());
|
||||
doc.setClusterName(randomAsciiOfLength(5));
|
||||
doc.setClusterStats(new ClusterStatsResponse(Math.abs(randomLong()), ClusterName.DEFAULT,
|
||||
randomAsciiOfLength(5), Collections.emptyList(), Collections.emptyList()));
|
||||
doc.setClusterStats(new ClusterStatsResponse(Math.abs(randomLong()), ClusterName.CLUSTER_NAME_SETTING
|
||||
.getDefault(Settings.EMPTY), randomAsciiOfLength(5), Collections.emptyList(), Collections.emptyList()));
|
||||
return doc;
|
||||
} catch (Exception e) {
|
||||
throw new IllegalStateException("Failed to generated random ClusterInfoMarvelDoc", e);
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ import org.elasticsearch.index.fielddata.FieldDataStats;
|
|||
import org.elasticsearch.index.shard.ShardId;
|
||||
import org.elasticsearch.index.shard.ShardPath;
|
||||
import org.elasticsearch.indices.NodeIndicesStats;
|
||||
import org.elasticsearch.ingest.core.IngestInfo;
|
||||
import org.elasticsearch.ingest.IngestInfo;
|
||||
import org.elasticsearch.marvel.agent.collector.cluster.ClusterStatsMonitoringDoc;
|
||||
import org.elasticsearch.marvel.agent.exporter.MarvelTemplateUtils;
|
||||
import org.elasticsearch.marvel.agent.resolver.MonitoringIndexNameResolverTestCase;
|
||||
|
|
@ -97,8 +97,8 @@ public class ClusterStatsResolverTests extends MonitoringIndexNameResolverTestCa
|
|||
emptyMap(), emptySet(), Version.CURRENT),
|
||||
ClusterHealthStatus.GREEN, randomNodeInfo(), randomNodeStats(), randomShardStats())
|
||||
);
|
||||
return new ClusterStatsResponse(Math.abs(randomLong()), ClusterName.DEFAULT, UUID.randomUUID().toString(),
|
||||
responses, Collections.emptyList());
|
||||
return new ClusterStatsResponse(Math.abs(randomLong()), ClusterName.CLUSTER_NAME_SETTING.getDefault(Settings.EMPTY),
|
||||
UUID.randomUUID().toString(), responses, Collections.emptyList());
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ public class LocalIndicesCleanerTests extends AbstractIndicesCleanerTestCase {
|
|||
try {
|
||||
assertThat(client().admin().indices().prepareGetSettings().get().getIndexToSettings().size(), equalTo(count));
|
||||
} catch (IndexNotFoundException e) {
|
||||
if (shieldEnabled) {
|
||||
if (securityEnabled) {
|
||||
assertThat(0, equalTo(count));
|
||||
} else {
|
||||
throw e;
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.marvel.shield;
|
||||
package org.elasticsearch.marvel.security;
|
||||
|
||||
import org.elasticsearch.ElasticsearchSecurityException;
|
||||
import org.elasticsearch.action.ActionRequestBuilder;
|
||||
|
|
@ -13,7 +13,7 @@ import org.elasticsearch.index.IndexNotFoundException;
|
|||
import org.elasticsearch.marvel.MonitoringSettings;
|
||||
import org.elasticsearch.marvel.test.MarvelIntegTestCase;
|
||||
import org.elasticsearch.rest.RestStatus;
|
||||
import org.elasticsearch.shield.InternalClient;
|
||||
import org.elasticsearch.xpack.security.InternalClient;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.marvel.shield;
|
||||
package org.elasticsearch.marvel.security;
|
||||
|
||||
import org.apache.http.Header;
|
||||
import org.apache.http.message.BasicHeader;
|
||||
|
|
@ -13,15 +13,15 @@ import org.elasticsearch.common.settings.Settings;
|
|||
import org.elasticsearch.common.xcontent.json.JsonXContent;
|
||||
import org.elasticsearch.marvel.MonitoringSettings;
|
||||
import org.elasticsearch.marvel.test.MarvelIntegTestCase;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.hamcrest.Matchers;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.elasticsearch.common.xcontent.support.XContentMapValues.extractValue;
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.hamcrest.CoreMatchers.nullValue;
|
||||
|
||||
public class MarvelSettingsFilterTests extends MarvelIntegTestCase {
|
||||
|
|
@ -44,11 +44,11 @@ public class MarvelSettingsFilterTests extends MarvelIntegTestCase {
|
|||
|
||||
public void testGetSettingsFiltered() throws Exception {
|
||||
Header[] headers;
|
||||
if (shieldEnabled) {
|
||||
if (securityEnabled) {
|
||||
headers = new Header[] {
|
||||
new BasicHeader(BASIC_AUTH_HEADER,
|
||||
basicAuthHeaderValue(ShieldSettings.TEST_USERNAME,
|
||||
new SecuredString(ShieldSettings.TEST_PASSWORD.toCharArray())))};
|
||||
basicAuthHeaderValue(SecuritySettings.TEST_USERNAME,
|
||||
new SecuredString(SecuritySettings.TEST_PASSWORD.toCharArray())))};
|
||||
} else {
|
||||
headers = new Header[0];
|
||||
}
|
||||
|
|
@ -25,12 +25,12 @@ import org.elasticsearch.marvel.agent.resolver.MonitoringIndexNameResolver;
|
|||
import org.elasticsearch.marvel.agent.resolver.ResolversRegistry;
|
||||
import org.elasticsearch.marvel.client.MonitoringClient;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.shield.Security;
|
||||
import org.elasticsearch.shield.authc.file.FileRealm;
|
||||
import org.elasticsearch.shield.authc.support.Hasher;
|
||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||
import org.elasticsearch.shield.authz.store.FileRolesStore;
|
||||
import org.elasticsearch.shield.crypto.InternalCryptoService;
|
||||
import org.elasticsearch.xpack.security.Security;
|
||||
import org.elasticsearch.xpack.security.authc.file.FileRealm;
|
||||
import org.elasticsearch.xpack.security.authc.support.Hasher;
|
||||
import org.elasticsearch.xpack.security.authc.support.SecuredString;
|
||||
import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
|
||||
import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
|
||||
import org.elasticsearch.test.ESIntegTestCase;
|
||||
import org.elasticsearch.test.TestCluster;
|
||||
import org.elasticsearch.test.store.MockFSIndexStore;
|
||||
|
|
@ -60,7 +60,7 @@ import java.util.function.Function;
|
|||
import java.util.stream.Collectors;
|
||||
import java.util.stream.StreamSupport;
|
||||
|
||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
|
||||
import static org.hamcrest.Matchers.allOf;
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
|
|
@ -77,10 +77,10 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
/**
|
||||
* Enables individual tests to control the behavior.
|
||||
* <p>
|
||||
* Control this by overriding {@link #enableShield()}, which defaults to enabling it randomly.
|
||||
* Control this by overriding {@link #enableSecurity()}, which defaults to enabling it randomly.
|
||||
*/
|
||||
// SCARY: This needs to be static or lots of tests randomly fail, but it's not used statically!
|
||||
protected static Boolean shieldEnabled;
|
||||
protected static Boolean securityEnabled;
|
||||
/**
|
||||
* Enables individual tests to control the behavior.
|
||||
* <p>
|
||||
|
|
@ -90,14 +90,14 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
|
||||
@Override
|
||||
protected TestCluster buildTestCluster(Scope scope, long seed) throws IOException {
|
||||
if (shieldEnabled == null) {
|
||||
shieldEnabled = enableShield();
|
||||
if (securityEnabled == null) {
|
||||
securityEnabled = enableSecurity();
|
||||
}
|
||||
if (watcherEnabled == null) {
|
||||
watcherEnabled = enableWatcher();
|
||||
}
|
||||
|
||||
logger.debug("--> shield {}", shieldEnabled ? "enabled" : "disabled");
|
||||
logger.debug("--> security {}", securityEnabled ? "enabled" : "disabled");
|
||||
logger.debug("--> watcher {}", watcherEnabled ? "enabled" : "disabled");
|
||||
|
||||
return super.buildTestCluster(scope, seed);
|
||||
|
|
@ -111,14 +111,14 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
// we do this by default in core, but for monitoring this isn't needed and only adds noise.
|
||||
.put("index.store.mock.check_index_on_close", false);
|
||||
|
||||
ShieldSettings.apply(shieldEnabled, builder);
|
||||
SecuritySettings.apply(securityEnabled, builder);
|
||||
|
||||
return builder.build();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Settings transportClientSettings() {
|
||||
if (shieldEnabled) {
|
||||
if (securityEnabled) {
|
||||
return Settings.builder()
|
||||
.put(super.transportClientSettings())
|
||||
.put("client.transport.sniff", false)
|
||||
|
|
@ -133,8 +133,8 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
@Override
|
||||
protected Collection<Class<? extends Plugin>> getMockPlugins() {
|
||||
Set<Class<? extends Plugin>> plugins = new HashSet<>(super.getMockPlugins());
|
||||
plugins.remove(MockTransportService.TestPlugin.class); // shield has its own transport service
|
||||
plugins.remove(AssertingLocalTransport.TestPlugin.class); // shield has its own transport
|
||||
plugins.remove(MockTransportService.TestPlugin.class); // security has its own transport service
|
||||
plugins.remove(AssertingLocalTransport.TestPlugin.class); // security has its own transport
|
||||
plugins.add(MockFSIndexStore.TestPlugin.class);
|
||||
return plugins;
|
||||
}
|
||||
|
|
@ -151,16 +151,16 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
|
||||
@Override
|
||||
protected Function<Client,Client> getClientWrapper() {
|
||||
if (shieldEnabled == false) {
|
||||
if (securityEnabled == false) {
|
||||
return Function.identity();
|
||||
}
|
||||
Map<String, String> headers = Collections.singletonMap("Authorization",
|
||||
basicAuthHeaderValue(ShieldSettings.TEST_USERNAME, new SecuredString(ShieldSettings.TEST_PASSWORD.toCharArray())));
|
||||
basicAuthHeaderValue(SecuritySettings.TEST_USERNAME, new SecuredString(SecuritySettings.TEST_PASSWORD.toCharArray())));
|
||||
return client -> (client instanceof NodeClient) ? client.filterWithHeader(headers) : client;
|
||||
}
|
||||
|
||||
protected MonitoringClient monitoringClient() {
|
||||
Client client = shieldEnabled ? internalCluster().transportClient() : client();
|
||||
Client client = securityEnabled ? internalCluster().transportClient() : client();
|
||||
return randomBoolean() ? new XPackClient(client).monitoring() : new MonitoringClient(client);
|
||||
}
|
||||
|
||||
|
|
@ -184,7 +184,7 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
/**
|
||||
* Override and return {@code false} to force running without Security.
|
||||
*/
|
||||
protected boolean enableShield() {
|
||||
protected boolean enableSecurity() {
|
||||
return randomBoolean();
|
||||
}
|
||||
|
||||
|
|
@ -231,11 +231,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
}
|
||||
|
||||
protected void deleteMarvelIndices() {
|
||||
if (shieldEnabled) {
|
||||
if (securityEnabled) {
|
||||
try {
|
||||
assertAcked(client().admin().indices().prepareDelete(MONITORING_INDICES_PREFIX + "*"));
|
||||
} catch (IndexNotFoundException e) {
|
||||
// if shield couldn't resolve any marvel index, it'll throw index not found exception.
|
||||
// if security couldn't resolve any marvel index, it'll throw index not found exception.
|
||||
}
|
||||
} else {
|
||||
assertAcked(client().admin().indices().prepareDelete(MONITORING_INDICES_PREFIX + "*"));
|
||||
|
|
@ -247,11 +247,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
}
|
||||
|
||||
protected void ensureMarvelIndicesYellow() {
|
||||
if (shieldEnabled) {
|
||||
if (securityEnabled) {
|
||||
try {
|
||||
ensureYellow(".monitoring-es-*");
|
||||
} catch (IndexNotFoundException e) {
|
||||
// might happen with shield...
|
||||
// might happen with security...
|
||||
}
|
||||
} else {
|
||||
ensureYellow(".monitoring-es-*");
|
||||
|
|
@ -266,7 +266,7 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
logger.trace("--> searched for [{}] documents, found [{}]", Strings.arrayToCommaDelimitedString(types), count);
|
||||
assertThat(count, matcher);
|
||||
} catch (IndexNotFoundException e) {
|
||||
if (shieldEnabled) {
|
||||
if (securityEnabled) {
|
||||
assertThat(0L, matcher);
|
||||
} else {
|
||||
throw e;
|
||||
|
|
@ -312,8 +312,8 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
try {
|
||||
assertIndicesExists(index);
|
||||
} catch (IndexNotFoundException e) {
|
||||
if (shieldEnabled) {
|
||||
// with shield we might get that if wildcards were resolved to no indices
|
||||
if (securityEnabled) {
|
||||
// with security we might get that if wildcards were resolved to no indices
|
||||
fail("IndexNotFoundException when checking for existence of index [" + index + "]");
|
||||
} else {
|
||||
throw e;
|
||||
|
|
@ -336,11 +336,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
}
|
||||
|
||||
protected void securedRefresh() {
|
||||
if (shieldEnabled) {
|
||||
if (securityEnabled) {
|
||||
try {
|
||||
refresh();
|
||||
} catch (IndexNotFoundException e) {
|
||||
// with shield we might get that if wildcards were resolved to no indices
|
||||
// with security we might get that if wildcards were resolved to no indices
|
||||
}
|
||||
} else {
|
||||
refresh();
|
||||
|
|
@ -348,11 +348,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
}
|
||||
|
||||
protected void securedFlush(String... indices) {
|
||||
if (shieldEnabled) {
|
||||
if (securityEnabled) {
|
||||
try {
|
||||
flush(indices);
|
||||
} catch (IndexNotFoundException e) {
|
||||
// with shield we might get that if wildcards were resolved to no indices
|
||||
// with security we might get that if wildcards were resolved to no indices
|
||||
}
|
||||
} else {
|
||||
flush(indices);
|
||||
|
|
@ -360,11 +360,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
}
|
||||
|
||||
protected void securedFlushAndRefresh(String... indices) {
|
||||
if (shieldEnabled) {
|
||||
if (securityEnabled) {
|
||||
try {
|
||||
flushAndRefresh(indices);
|
||||
} catch (IndexNotFoundException e) {
|
||||
// with shield we might get that if wildcards were resolved to no indices
|
||||
// with security we might get that if wildcards were resolved to no indices
|
||||
}
|
||||
} else {
|
||||
flushAndRefresh(indices);
|
||||
|
|
@ -372,11 +372,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
}
|
||||
|
||||
protected void securedEnsureGreen(String... indices) {
|
||||
if (shieldEnabled) {
|
||||
if (securityEnabled) {
|
||||
try {
|
||||
ensureGreen(indices);
|
||||
} catch (IndexNotFoundException e) {
|
||||
// with shield we might get that if wildcards were resolved to no indices
|
||||
// with security we might get that if wildcards were resolved to no indices
|
||||
}
|
||||
} else {
|
||||
ensureGreen(indices);
|
||||
|
|
@ -477,9 +477,9 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
}
|
||||
}
|
||||
|
||||
/** Shield related settings */
|
||||
/** security related settings */
|
||||
|
||||
public static class ShieldSettings {
|
||||
public static class SecuritySettings {
|
||||
|
||||
public static final String TEST_USERNAME = "test";
|
||||
public static final String TEST_PASSWORD = "changeme";
|
||||
|
|
@ -528,7 +528,7 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
return;
|
||||
}
|
||||
try {
|
||||
Path folder = createTempDir().resolve("marvel_shield");
|
||||
Path folder = createTempDir().resolve("marvel_security");
|
||||
Files.createDirectories(folder);
|
||||
|
||||
builder.put("xpack.security.enabled", true)
|
||||
|
|
@ -541,7 +541,7 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
|
|||
.put("xpack.security.authc.sign_user_header", false)
|
||||
.put("xpack.security.audit.enabled", auditLogsEnabled);
|
||||
} catch (IOException ex) {
|
||||
throw new RuntimeException("failed to build settings for shield", ex);
|
||||
throw new RuntimeException("failed to build settings for security", ex);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,29 +3,29 @@
|
|||
|
||||
[partintro]
|
||||
|
||||
Elasticsearch and Shield use jUnit for testing, they also use randomness
|
||||
Elasticsearch and X-Pack use jUnit for testing, they also use randomness
|
||||
in the tests, that can be set using a seed, please refer to the
|
||||
Elasticsearch TESTING.asciidoc cheatsheet to know all about it.
|
||||
|
||||
Tests are executed with network transport and unicast discovery, as this is
|
||||
the configuration that's secured by shield.
|
||||
the configuration that's secured by X-Pack.
|
||||
|
||||
== Testing the REST layer
|
||||
|
||||
The available integration tests are specific for Shield functionalities
|
||||
The available integration tests are specific for Security functionalities
|
||||
and make use of the java API to communicate with the elasticsearch nodes,
|
||||
using the internal binary transport (port 9300 by default).
|
||||
Shield is also tested using the REST tests provided by Elasticsearch core,
|
||||
just by running those same tests against a cluster with Shield installed.
|
||||
Security is also tested using the REST tests provided by Elasticsearch core,
|
||||
just by running those same tests against a cluster with X-Pack installed.
|
||||
|
||||
The REST tests are run automatically during the integration test phase
|
||||
(`mvn verify`). Some tests are blacklisted as they are known to fail against
|
||||
shield due to different behaviours introduced by the security plugin.
|
||||
(`gradle integTest`). Some tests are blacklisted as they are known to fail against
|
||||
X-Pack due to different behaviours introduced by the security plugin.
|
||||
|
||||
---------------------------------------------------------------------------
|
||||
mvn verify
|
||||
gradle integTest
|
||||
---------------------------------------------------------------------------
|
||||
|
||||
`ShieldRestIT` is the executable test class that runs all the
|
||||
`XPackRestIT` is the executable test class that runs all the
|
||||
yaml suites available within the `rest-api-spec` folder.
|
||||
|
||||
|
|
@ -72,7 +72,7 @@ fi
|
|||
|
||||
export HOSTNAME=`hostname -s`
|
||||
|
||||
# include shield jars in classpath
|
||||
# include x-pack jars in classpath
|
||||
ES_CLASSPATH="$ES_CLASSPATH:$ES_HOME/plugins/x-pack/*"
|
||||
|
||||
# don't let JAVA_TOOL_OPTIONS slip in (e.g. crazy agents in ubuntu)
|
||||
|
|
@ -96,7 +96,7 @@ if [ -e "$CONF_DIR" ]; then
|
|||
fi
|
||||
|
||||
cd "$ES_HOME" > /dev/null
|
||||
"$JAVA" $ES_JAVA_OPTS -Des.path.home="$ES_HOME" -cp "$ES_CLASSPATH" org.elasticsearch.shield.crypto.tool.SystemKeyTool $properties "{args[@]}"
|
||||
"$JAVA" $ES_JAVA_OPTS -Des.path.home="$ES_HOME" -cp "$ES_CLASSPATH" org.elasticsearch.xpack.security.crypto.tool.SystemKeyTool $properties "{args[@]}"
|
||||
status=$?
|
||||
cd - > /dev/null
|
||||
exit $status
|
||||
|
|
@ -5,5 +5,5 @@ rem or more contributor license agreements. Licensed under the Elastic License;
|
|||
rem you may not use this file except in compliance with the Elastic License.
|
||||
|
||||
PUSHD "%~dp0"
|
||||
CALL "%~dp0.in.bat" org.elasticsearch.shield.crypto.tool.SystemKeyTool %*
|
||||
CALL "%~dp0.in.bat" org.elasticsearch.xpack.security.crypto.tool.SystemKeyTool %*
|
||||
POPD
|
||||
|
|
@ -72,7 +72,7 @@ fi
|
|||
|
||||
export HOSTNAME=`hostname -s`
|
||||
|
||||
# include shield jars in classpath
|
||||
# include x-pack jars in classpath
|
||||
ES_CLASSPATH="$ES_CLASSPATH:$ES_HOME/plugins/x-pack/*"
|
||||
|
||||
# don't let JAVA_TOOL_OPTIONS slip in (e.g. crazy agents in ubuntu)
|
||||
|
|
@ -96,7 +96,7 @@ if [ -e "$CONF_DIR" ]; then
|
|||
fi
|
||||
|
||||
cd "$ES_HOME" > /dev/null
|
||||
"$JAVA" $ES_JAVA_OPTS -cp "$ES_CLASSPATH" -Des.path.home="$ES_HOME" org.elasticsearch.shield.authc.file.tool.UsersTool "${args[@]}"
|
||||
"$JAVA" $ES_JAVA_OPTS -cp "$ES_CLASSPATH" -Des.path.home="$ES_HOME" org.elasticsearch.xpack.security.authc.file.tool.UsersTool "${args[@]}"
|
||||
status=$?
|
||||
cd - > /dev/null
|
||||
exit $status
|
||||
|
|
@ -5,5 +5,5 @@ rem or more contributor license agreements. Licensed under the Elastic License;
|
|||
rem you may not use this file except in compliance with the Elastic License.
|
||||
|
||||
PUSHD "%~dp0"
|
||||
CALL "%~dp0.in.bat" org.elasticsearch.shield.authc.file.tool.UsersTool %*
|
||||
CALL "%~dp0.in.bat" org.elasticsearch.xpack.security.authc.file.tool.UsersTool %*
|
||||
POPD
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
logger:
|
||||
shield.audit.logfile: INFO, access_log
|
||||
security.audit.logfile: INFO, access_log
|
||||
|
||||
additivity:
|
||||
shield.audit.logfile: false
|
||||
security.audit.logfile: false
|
||||
|
||||
appender:
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue