honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make IndexAuditTrail recreate template and remove ShieldWrappingCluster 

The ShieldWrappingCluster was added to prevent deletion of the IndexAuditTrail template when
running tests since the wipe() method will delete all templates. However, the cluster wrapping
is problematic with indexRandom() and causes noise in CI. This change removes the
ShieldWrappingCluster and changes the IndexAuditTrail to recreate the index template if it is
removed.

Closes elastic/elasticsearch#562

Original commit: elastic/x-pack-elasticsearch@0403ea7cef
This commit is contained in:
jaymode 2015-09-03 07:10:48 -04:00
parent 6035dc3b63
commit afacb47828
32 changed files with 176 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java
View File

@ -19,7 +19,9 @@ import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.ClusterService;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.ClusterStateListener;
import org.elasticsearch.cluster.metadata.IndexMetaData;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;
@ -32,6 +34,7 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
import org.elasticsearch.common.util.concurrent.EsExecutors;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentBuilderString;
@ -47,6 +50,7 @@ import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.shield.authz.Privilege;
import org.elasticsearch.shield.rest.RemoteHostHeader;
import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.transport.TransportRequest;
@ -62,6 +66,8 @@ import java.net.UnknownHostException;
import java.util.*;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.atomic.AtomicReference;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import static org.elasticsearch.shield.audit.AuditUtil.indices;
import static org.elasticsearch.shield.audit.AuditUtil.restRequestContent;
@ -71,7 +77,7 @@ import static org.elasticsearch.shield.audit.index.IndexNameResolver.resolve;
/**
* Audit trail implementation that writes events into an index.
*/
public class IndexAuditTrail extends AbstractComponent implements AuditTrail {
public class IndexAuditTrail extends AbstractComponent implements AuditTrail, ClusterStateListener {
public static final int DEFAULT_BULK_SIZE = 1000;
public static final int MAX_BULK_SIZE = 10000;
@ -107,6 +113,9 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail {
private final LinkedBlockingQueue<Message> eventQueue;
private final QueueConsumer queueConsumer;
private final Transport transport;
private final ThreadPool threadPool;
private final Lock putMappingLock = new ReentrantLock();
private final ClusterService clusterService;
private final boolean indexToRemoteCluster;
private BulkProcessor bulkProcessor;
@ -124,13 +133,15 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail {
@Inject
public IndexAuditTrail(Settings settings, IndexAuditUserHolder indexingAuditUser,
Environment environment, AuthenticationService authenticationService,
Transport transport, Provider<Client> clientProvider) {
Transport transport, Provider<Client> clientProvider, ThreadPool threadPool, ClusterService clusterService) {
super(settings);
this.auditUser = indexingAuditUser;
this.authenticationService = authenticationService;
this.clientProvider = clientProvider;
this.environment = environment;
this.transport = transport;
this.threadPool = threadPool;
this.clusterService = clusterService;
this.nodeName = settings.get("name");
this.queueConsumer = new QueueConsumer(EsExecutors.threadName(settings, "audit-queue-consumer"));
@ -251,6 +262,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail {
if (master) {
putTemplate(customAuditIndexSettings(settings));
}
this.clusterService.add(this);
initializeBulkProcessor();
queueConsumer.start();
state.set(State.STARTED);
@ -712,6 +724,42 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail {
.build();
}
// this could be handled by a template registry service but adding that is extra complexity until we actually need it
@Override
public void clusterChanged(ClusterChangedEvent clusterChangedEvent) {
State state = state();
if (state != State.STARTED || indexToRemoteCluster) {
return;
}
if (clusterChangedEvent.localNodeMaster() == false) {
return;
}
if (clusterChangedEvent.state().metaData().templates().get(INDEX_TEMPLATE_NAME) == null) {
logger.debug("shield audit index template [{}] does not exist. it may have been deleted - putting the template", INDEX_TEMPLATE_NAME);
threadPool.generic().execute(new AbstractRunnable() {
@Override
public void onFailure(Throwable throwable) {
logger.error("failed to update shield audit index template [{}]", throwable, INDEX_TEMPLATE_NAME);
}
@Override
protected void doRun() throws Exception {
final boolean locked = putMappingLock.tryLock();
if (locked) {
try {
putTemplate(customAuditIndexSettings(settings));
} finally {
putMappingLock.unlock();
}
} else {
logger.trace("unable to PUT shield audit index template as the lock is already held");
}
}
});
}
}
private class QueueConsumer extends Thread {
volatile boolean running = true;

2
shield/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java
View File

@ -67,7 +67,7 @@ public abstract class AbstractPrivilegeTestCase extends ShieldIntegTestCase {
}
protected HttpResponse executeRequest(String user, String method, String uri, String body, Map<String, String> params) throws IOException {
HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class);
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport);
requestBuilder.path(uri);

6
shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java
View File

@ -140,7 +140,7 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase {
client.authc().clearRealmCache(request, new ActionListener<ClearRealmCacheResponse>() {
@Override
public void onResponse(ClearRealmCacheResponse response) {
assertThat(response.getNodes().length, equalTo(internalTestCluster().getNodeNames().length));
assertThat(response.getNodes().length, equalTo(internalCluster().getNodeNames().length));
latch.countDown();
}
@ -163,7 +163,7 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase {
static void executeHttpRequest(String path, Map<String, String> params) throws Exception {
try (CloseableHttpClient client = HttpClients.createDefault()) {
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(client)
.httpTransport(internalTestCluster().getDataNodeInstance(HttpServerTransport.class))
.httpTransport(internalCluster().getDataNodeInstance(HttpServerTransport.class))
.method("POST")
.path(path);
for (Map.Entry<String, String> entry : params.entrySet()) {
@ -240,7 +240,7 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase {
}
List<Realm> realms = new ArrayList<>();
for (Realms nodeRealms : internalTestCluster().getInstances(Realms.class)) {
for (Realms nodeRealms : internalCluster().getInstances(Realms.class)) {
realms.add(nodeRealms.realm("esusers"));
}

7
shield/src/test/java/org/elasticsearch/integration/LicensingTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.integration;
import com.google.common.collect.ImmutableSet;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
import org.elasticsearch.action.admin.cluster.node.stats.NodesStatsResponse;
@ -111,7 +110,7 @@ public class LicensingTests extends ShieldIntegTestCase {
refresh();
Client client = internalTestCluster().transportClient();
Client client = internalCluster().transportClient();
disableLicensing();
@ -170,13 +169,13 @@ public class LicensingTests extends ShieldIntegTestCase {
}
public static void disableLicensing() {
for (InternalLicensesClientService service : internalTestCluster().getInstances(InternalLicensesClientService.class)) {
for (InternalLicensesClientService service : internalCluster().getInstances(InternalLicensesClientService.class)) {
service.disable();
}
}
public static void enableLicensing() {
for (InternalLicensesClientService service : internalTestCluster().getInstances(InternalLicensesClientService.class)) {
for (InternalLicensesClientService service : internalCluster().getInstances(InternalLicensesClientService.class)) {
service.enable();
}
}

4
shield/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java
View File

@ -81,7 +81,7 @@ public class MultipleIndicesPermissionsTests extends ShieldIntegTestCase {
refresh();
Client client = internalTestCluster().transportClient();
Client client = internalCluster().transportClient();
// no specifying an index, should replace indices with the permitted ones (test & test1)
SearchResponse searchResponse = client.prepareSearch().setQuery(matchAllQuery()).get();
@ -158,7 +158,7 @@ public class MultipleIndicesPermissionsTests extends ShieldIntegTestCase {
refresh();
Client client = internalTestCluster().transportClient();
Client client = internalCluster().transportClient();
SearchResponse response = client.prepareSearch("a")
.putHeader(BASIC_AUTH_HEADER, userHeader("user_a", "passwd"))

2
shield/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java
View File

@ -89,7 +89,7 @@ public class PermissionPrecedenceTests extends ShieldIntegTestCase {
@Test
public void testDifferentCombinationsOfIndices() throws Exception {
Client client = internalTestCluster().transportClient();
Client client = internalCluster().transportClient();
// first lets try with "admin"... all should work

2
shield/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java
View File

@ -105,7 +105,7 @@ public class ScrollIdSigningTests extends ShieldIntegTestCase {
}
private void assertSigned(String scrollId) {
CryptoService cryptoService = internalTestCluster().getDataNodeInstance(InternalCryptoService.class);
CryptoService cryptoService = internalCluster().getDataNodeInstance(InternalCryptoService.class);
String message = String.format(Locale.ROOT, "Expected scrollId [%s] to be signed, but was not", scrollId);
assertThat(message, cryptoService.signed(scrollId), is(true));
}

8
shield/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java
View File

@ -78,7 +78,7 @@ public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase {
refresh();
Client client = internalTestCluster().transportClient();
Client client = internalCluster().transportClient();
SuggestResponse suggestResponse = client.prepareSuggest("a")
.putHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, userHeader("suggest_user", "passwd"))
@ -116,7 +116,7 @@ public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase {
refresh();
Client client = internalTestCluster().transportClient();
Client client = internalCluster().transportClient();
try {
client.prepareGet("a", "type", indexResponse.getId())
@ -143,7 +143,7 @@ public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase {
refresh();
Client client = internalTestCluster().transportClient();
Client client = internalCluster().transportClient();
MultiGetResponse response = client.prepareMultiGet().add("a", "type", indexResponse.getId())
.putHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, userHeader("get_user", "passwd"))
@ -177,7 +177,7 @@ public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase {
refresh();
Client client = internalTestCluster().transportClient();
Client client = internalCluster().transportClient();
MultiSearchResponse response = client.prepareMultiSearch().add(searchRequest("a").types("type"))
.putHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, userHeader("search_user", "passwd"))

2
shield/src/test/java/org/elasticsearch/integration/SettingsFilterTests.java
View File

@ -171,7 +171,7 @@ public class SettingsFilterTests extends ShieldIntegTestCase {
}
protected HttpResponse executeRequest(String method, String uri, String body, Map<String, String> params) throws IOException {
HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class);
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
.httpTransport(httpServerTransport)
.method(method)

4
shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java
View File

@ -88,7 +88,7 @@ public class ShieldClearScrollTests extends ShieldIntegTestCase {
public void testThatClearingAllScrollIdsWorks() throws Exception {
String shieldUser = "allowed_user:change_me";
String basicAuth = basicAuthHeaderValue("allowed_user", new SecuredString("change_me".toCharArray()));
ClearScrollResponse clearScrollResponse = internalTestCluster().transportClient().prepareClearScroll()
ClearScrollResponse clearScrollResponse = internalCluster().transportClient().prepareClearScroll()
.putHeader("shield.user", shieldUser)
.putHeader("Authorization", basicAuth)
.addScrollId("_all").get();
@ -102,7 +102,7 @@ public class ShieldClearScrollTests extends ShieldIntegTestCase {
String shieldUser = "denied_user:change_me";
String basicAuth = basicAuthHeaderValue("denied_user", new SecuredString("change_me".toCharArray()));
assertThrows(internalTestCluster().transportClient().prepareClearScroll()
assertThrows(internalCluster().transportClient().prepareClearScroll()
.putHeader("shield.user", shieldUser)
.putHeader("Authorization", basicAuth)
.addScrollId("_all"), ElasticsearchSecurityException.class, "action [cluster:admin/indices/scroll/clear_all] is unauthorized for user [denied_user]");

6
shield/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java
View File

@ -85,14 +85,14 @@ public class ShieldPluginEnabledDisabledTests extends ShieldIntegTestCase {
@Test
public void testTransportEnabledDisabled() throws Exception {
for (TransportService service : internalTestCluster().getInstances(TransportService.class)) {
for (TransportService service : internalCluster().getInstances(TransportService.class)) {
Matcher<TransportService> matcher = instanceOf(ShieldServerTransportService.class);
if (!enabled) {
matcher = not(matcher);
}
assertThat(service, matcher);
}
for (Transport transport : internalTestCluster().getInstances(Transport.class)) {
for (Transport transport : internalCluster().getInstances(Transport.class)) {
Matcher<Transport> matcher = instanceOf(ShieldNettyTransport.class);
if (!enabled) {
matcher = not(matcher);
@ -103,7 +103,7 @@ public class ShieldPluginEnabledDisabledTests extends ShieldIntegTestCase {
@Test
public void testShieldInfoStatus() throws IOException {
HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class);
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
try (CloseableHttpClient httpClient = HttpClients.createDefault()) {
HttpResponse response = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport).method("GET").path("/_shield").addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
basicAuthHeaderValue(ShieldSettingsSource.DEFAULT_USER_NAME, new SecuredString(ShieldSettingsSource.DEFAULT_PASSWORD.toCharArray()))).execute();

2
shield/src/test/java/org/elasticsearch/shield/ShieldPluginTests.java
View File

@ -36,7 +36,7 @@ public class ShieldPluginTests extends ShieldIntegTestCase {
@Test
public void testThatPluginIsLoaded() throws IOException {
HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class);
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
try (CloseableHttpClient httpClient = HttpClients.createDefault()) {
logger.info("executing unauthorized request to /_shield infos");
HttpResponse response = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport).method("GET").path("/_shield").execute();

24
shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.shield.audit.index;
import com.google.common.base.Predicate;
import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateResponse;
import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesResponse;
import org.elasticsearch.action.exists.ExistsResponse;
import org.elasticsearch.common.settings.Settings;
@ -56,6 +57,29 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase {
awaitIndexCreation();
}
@Test
public void testAuditTrailTemplateIsRecreatedAfterDelete() throws Exception {
// this is already "tested" by the test framework since we wipe the templates before and after, but lets be explicit about the behavior
GetIndexTemplatesResponse response = client().admin().indices().prepareGetTemplates(IndexAuditTrail.INDEX_TEMPLATE_NAME).execute().actionGet();
assertThat(response.getIndexTemplates().size(), is(1));
assertThat(response.getIndexTemplates().get(0).name(), is(IndexAuditTrail.INDEX_TEMPLATE_NAME));
// delete the template
DeleteIndexTemplateResponse deleteResponse = client().admin().indices().prepareDeleteTemplate(IndexAuditTrail.INDEX_TEMPLATE_NAME).execute().actionGet();
assertThat(deleteResponse.isAcknowledged(), is(true));
boolean templateReplaced = awaitBusy(new Predicate<Void>() {
@Override
public boolean apply(Void aVoid) {
GetIndexTemplatesResponse response = client().admin().indices().prepareGetTemplates(IndexAuditTrail.INDEX_TEMPLATE_NAME).execute().actionGet();
if (response.getIndexTemplates().size() > 0) {
return response.getIndexTemplates().get(0).name().equals(IndexAuditTrail.INDEX_TEMPLATE_NAME);
}
return false;
}
});
assertThat(templateReplaced, is(true));
}
void awaitIndexCreation() throws Exception {
final String indexName = IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, DateTime.now(DateTimeZone.UTC), rollover);
boolean success = awaitBusy(new Predicate<Void>() {

9
shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java
View File

@ -13,6 +13,7 @@ import org.elasticsearch.action.exists.ExistsResponse;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.action.support.IndicesOptions;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.ClusterService;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.settings.Settings;
@ -35,6 +36,7 @@ import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.InternalTestCluster;
import org.elasticsearch.test.ShieldIntegTestCase;
import org.elasticsearch.test.ShieldSettingsSource;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportInfo;
import org.elasticsearch.transport.TransportMessage;
@ -79,6 +81,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
private Client remoteClient;
private int numShards;
private int numReplicas;
private ThreadPool threadPool;
private Settings commonSettings(IndexNameResolver.Rollover rollover) {
return Settings.builder()
@ -188,12 +191,16 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(DummyTransportAddress.INSTANCE, DummyTransportAddress.INSTANCE));
Environment env = new Environment(settings);
auditor = new IndexAuditTrail(settings, user, env, authService, transport, Providers.of(client()));
threadPool = new ThreadPool("index audit trail tests");
auditor = new IndexAuditTrail(settings, user, env, authService, transport, Providers.of(client()), threadPool, mock(ClusterService.class));
auditor.start(true);
}
@After
public void afterTest() {
if (threadPool != null) {
threadPool.shutdown();
}
if (auditor != null) {
auditor.close();
}

12
shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java
View File

@ -53,6 +53,17 @@ public class RemoteIndexAuditTrailStartingTests extends ShieldIntegTestCase {
.build();
}
@Override
public void beforeIndexDeletion() {
if (outputs.contains("index")) {
// For this test, this is a NO-OP because the index audit trail will continue to capture events and index after
// the tests have completed. The default implementation of this method expects that nothing is performing operations
// after the test has completed
return;
}
super.beforeIndexDeletion();
}
@Before
public void startRemoteCluster() throws IOException {
final List<String> addresses = new ArrayList<>();
@ -117,5 +128,4 @@ public class RemoteIndexAuditTrailStartingTests extends ShieldIntegTestCase {
assertThat(auditTrail.state(), is(IndexAuditTrail.State.STARTED));
}
}
}

2
shield/src/test/java/org/elasticsearch/shield/authc/AnonymousUserTests.java
View File

@ -71,7 +71,7 @@ public class AnonymousUserTests extends ShieldIntegTestCase {
}
private String getNodeUrl() {
TransportAddress transportAddress = internalTestCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddress();
TransportAddress transportAddress = internalCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddress();
assertThat(transportAddress, is(instanceOf(InetSocketTransportAddress.class)));
InetSocketTransportAddress inetSocketTransportAddress = (InetSocketTransportAddress) transportAddress;
return String.format(Locale.ROOT, "http://%s:%s/", "localhost", inetSocketTransportAddress.address().getPort());

8
shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiAuthenticationTests.java
View File

@ -71,7 +71,7 @@ public class PkiAuthenticationTests extends ShieldIntegTestCase {
public void testTransportClientCanAuthenticateViaPki() {
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", "testnode");
try (TransportClient client = createTransportClient(settings)) {
client.addTransportAddress(internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress());
client.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
IndexResponse response = client.prepareIndex("foo", "bar").setSource("pki", "auth").get();
assertThat(response.isCreated(), is(true));
}
@ -84,7 +84,7 @@ public class PkiAuthenticationTests extends ShieldIntegTestCase {
@Test(expected = NoNodeAvailableException.class)
public void testTransportClientAuthenticationFailure() {
try (TransportClient client = createTransportClient(Settings.EMPTY)) {
client.addTransportAddress(internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress());
client.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
client.prepareIndex("foo", "bar").setSource("pki", "auth").get();
fail("transport client should not have been able to authenticate");
}
@ -138,14 +138,14 @@ public class PkiAuthenticationTests extends ShieldIntegTestCase {
.put(transportClientSettings())
.put(additionalSettings)
.put("path.home", createTempDir())
.put("cluster.name", internalTestCluster().getClusterName());
.put("cluster.name", internalCluster().getClusterName());
builder.remove("shield.user");
builder.remove("request.headers.Authorization");
return TransportClient.builder().settings(builder).addPlugin(ShieldPlugin.class).build();
}
private String getNodeUrl() {
TransportAddress transportAddress = internalTestCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddress();
TransportAddress transportAddress = internalCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddress();
assertThat(transportAddress, is(instanceOf(InetSocketTransportAddress.class)));
InetSocketTransportAddress inetSocketTransportAddress = (InetSocketTransportAddress) transportAddress;
return String.format(Locale.ROOT, "https://localhost:%s/", inetSocketTransportAddress.address().getPort());

6
shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiOptionalClientAuthTests.java
View File

@ -76,7 +76,7 @@ public class PkiOptionalClientAuthTests extends ShieldIntegTestCase {
@Test
public void testRestClientWithoutClientCertificate() throws Exception {
HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class);
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
try (CloseableHttpClient httpClient = HttpClients.custom().setSslcontext(getSSLContext()).build()) {
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
@ -96,13 +96,13 @@ public class PkiOptionalClientAuthTests extends ShieldIntegTestCase {
@Test
public void testTransportClientWithoutClientCertificate() {
Transport transport = internalTestCluster().getDataNodeInstance(Transport.class);
Transport transport = internalCluster().getDataNodeInstance(Transport.class);
int port = ((InetSocketTransportAddress)transport.profileBoundAddresses().get("want_client_auth").boundAddress()).address().getPort();
Settings settings = Settings.builder()
.put(ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks", "truststore-testnode-only"))
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("shield.transport.ssl", true)
.put("path.home", createTempDir())
.build();

4
shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutClientAuthenticationTests.java
View File

@ -71,13 +71,13 @@ public class PkiWithoutClientAuthenticationTests extends ShieldIntegTestCase {
@Test
public void testThatTransportClientWorks() {
Client client = internalTestCluster().transportClient();
Client client = internalCluster().transportClient();
assertGreenClusterState(client);
}
@Test
public void testThatHttpWorks() throws Exception {
HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class);
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
try (CloseableHttpClient httpClient = HttpClients.custom().setSslcontext(sc).build()) {

4
shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutSSLTests.java
View File

@ -42,13 +42,13 @@ public class PkiWithoutSSLTests extends ShieldIntegTestCase {
@Test
public void testThatTransportClientWorks() {
Client client = internalTestCluster().transportClient();
Client client = internalCluster().transportClient();
assertGreenClusterState(client);
}
@Test
public void testThatHttpWorks() throws Exception {
HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class);
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
try (CloseableHttpClient httpClient = HttpClients.createDefault()) {
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
.httpTransport(httpServerTransport)

10
shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java
View File

@ -81,10 +81,10 @@ public class ServerTransportFilterIntegrationTests extends ShieldIntegTestCase {
@Test
public void testThatConnectionToServerTypeConnectionWorks() {
Settings dataNodeSettings = internalTestCluster().getDataNodeInstance(Settings.class);
Settings dataNodeSettings = internalCluster().getDataNodeInstance(Settings.class);
String systemKeyFile = dataNodeSettings.get(InternalCryptoService.FILE_SETTING);
Transport transport = internalTestCluster().getDataNodeInstance(Transport.class);
Transport transport = internalCluster().getDataNodeInstance(Transport.class);
TransportAddress transportAddress = transport.boundAddress().publishAddress();
assertThat(transportAddress, instanceOf(InetSocketTransportAddress.class));
InetSocketAddress inetSocketAddress = ((InetSocketTransportAddress) transportAddress).address();
@ -96,7 +96,7 @@ public class ServerTransportFilterIntegrationTests extends ShieldIntegTestCase {
.put("node.mode", "network")
.put("node.name", "my-test-node")
.put("network.host", "localhost")
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("discovery.zen.ping.multicast.enabled", false)
.put("discovery.zen.ping.unicast.hosts", unicastHost)
.put("shield.transport.ssl", sslTransportEnabled())
@ -114,7 +114,7 @@ public class ServerTransportFilterIntegrationTests extends ShieldIntegTestCase {
@Test
public void testThatConnectionToClientTypeConnectionIsRejected() {
Settings dataNodeSettings = internalTestCluster().getDataNodeInstance(Settings.class);
Settings dataNodeSettings = internalCluster().getDataNodeInstance(Settings.class);
String systemKeyFile = dataNodeSettings.get(InternalCryptoService.FILE_SETTING);
Path folder = createFolder(createTempDir(), getClass().getSimpleName() + "-" + randomAsciiOfLength(10));
@ -130,7 +130,7 @@ public class ServerTransportFilterIntegrationTests extends ShieldIntegTestCase {
.put("node.mode", "network")
.put("node.name", "my-test-node")
.put("shield.user", "test_user:changeme")
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("discovery.zen.ping.multicast.enabled", false)
.put("discovery.zen.ping.unicast.hosts", "localhost:" + randomClientPort)
.put("shield.transport.ssl", sslTransportEnabled())

6
shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java
View File

@ -52,7 +52,7 @@ public class IpFilteringIntegrationTests extends ShieldIntegTestCase {
@Test
public void testThatIpFilteringIsIntegratedIntoNettyPipelineViaHttp() throws Exception {
TransportAddress transportAddress = internalTestCluster().getDataNodeInstance(HttpServerTransport.class).boundAddress().boundAddress();
TransportAddress transportAddress = internalCluster().getDataNodeInstance(HttpServerTransport.class).boundAddress().boundAddress();
assertThat(transportAddress, is(instanceOf(InetSocketTransportAddress.class)));
InetSocketTransportAddress inetSocketTransportAddress = (InetSocketTransportAddress) transportAddress;
@ -64,7 +64,7 @@ public class IpFilteringIntegrationTests extends ShieldIntegTestCase {
@Test
public void testThatIpFilteringIsNotAppliedForDefaultTransport() throws Exception {
Client client = internalTestCluster().transportClient();
Client client = internalCluster().transportClient();
assertGreenClusterState(client);
}
@ -88,7 +88,7 @@ public class IpFilteringIntegrationTests extends ShieldIntegTestCase {
}
private static int getProfilePort(String profile) {
TransportAddress transportAddress = internalTestCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress();
TransportAddress transportAddress = internalCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress();
assert transportAddress instanceof InetSocketTransportAddress;
return ((InetSocketTransportAddress)transportAddress).address().getPort();
}

4
shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringUpdateTests.java
View File

@ -154,7 +154,7 @@ public class IpFilteringUpdateTests extends ShieldIntegTestCase {
return;
}
IPFilter ipFilter = internalTestCluster().getDataNodeInstance(IPFilter.class);
IPFilter ipFilter = internalCluster().getDataNodeInstance(IPFilter.class);
String message = String.format(Locale.ROOT, "Expected allowed connection for profile %s against host %s", profile, host);
assertThat(message, ipFilter.accept(profile, InetAddress.getByName(host)), is(true));
}
@ -165,7 +165,7 @@ public class IpFilteringUpdateTests extends ShieldIntegTestCase {
return;
}
IPFilter ipFilter = internalTestCluster().getDataNodeInstance(IPFilter.class);
IPFilter ipFilter = internalCluster().getDataNodeInstance(IPFilter.class);
String message = String.format(Locale.ROOT, "Expected rejection for profile %s against host %s", profile, host);
assertThat(message, ipFilter.accept(profile, InetAddress.getByName(host)), is(false));
}

2
shield/src/test/java/org/elasticsearch/shield/transport/netty/IPHostnameVerificationTests.java
View File

@ -73,7 +73,7 @@ public class IPHostnameVerificationTests extends ShieldIntegTestCase {
@Test
public void testTransportClientConnectionWorksWithIPOnlyHostnameVerification() throws Exception {
Client client = internalTestCluster().transportClient();
Client client = internalCluster().transportClient();
assertGreenClusterState(client);
}
}

4
shield/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java
View File

@ -68,7 +68,7 @@ public class SslHostnameVerificationTests extends ShieldIntegTestCase {
@Test(expected = NoNodeAvailableException.class)
public void testThatHostnameMismatchDeniesTransportClientConnection() throws Exception {
Transport transport = internalTestCluster().getDataNodeInstance(Transport.class);
Transport transport = internalCluster().getDataNodeInstance(Transport.class);
TransportAddress transportAddress = transport.boundAddress().publishAddress();
assertThat(transportAddress, instanceOf(InetSocketTransportAddress.class));
InetSocketAddress inetSocketAddress = ((InetSocketTransportAddress) transportAddress).address();
@ -86,7 +86,7 @@ public class SslHostnameVerificationTests extends ShieldIntegTestCase {
@Test
public void testTransportClientConnectionIgnoringHostnameVerification() throws Exception {
Client client = internalTestCluster().transportClient();
Client client = internalCluster().transportClient();
assertGreenClusterState(client);
}
}

8
shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslClientAuthTests.java
View File

@ -64,7 +64,7 @@ public class SslClientAuthTests extends ShieldIntegTestCase {
CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
new HttpRequestBuilder(client)
.httpTransport(internalTestCluster().getInstance(HttpServerTransport.class))
.httpTransport(internalCluster().getInstance(HttpServerTransport.class))
.method("GET").path("/")
.protocol("https")
.execute();
@ -83,7 +83,7 @@ public class SslClientAuthTests extends ShieldIntegTestCase {
CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
HttpResponse response = new HttpRequestBuilder(client)
.httpTransport(internalTestCluster().getInstance(HttpServerTransport.class))
.httpTransport(internalCluster().getInstance(HttpServerTransport.class))
.method("GET").path("/")
.protocol("https")
.addHeader("Authorization", basicAuthHeaderValue(transportClientUsername(), transportClientPassword()))
@ -105,11 +105,11 @@ public class SslClientAuthTests extends ShieldIntegTestCase {
.put("shield.transport.ssl", true)
.put("shield.ssl.keystore.path", store)
.put("shield.ssl.keystore.password", "testclient-client-profile")
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("shield.user", transportClientUsername() + ":" + new String(transportClientPassword().internalChars()))
.build();
try (TransportClient client = TransportClient.builder().settings(settings).addPlugin(ShieldPlugin.class).addPlugin(licensePluginClass()).build()) {
Transport transport = internalTestCluster().getDataNodeInstance(Transport.class);
Transport transport = internalCluster().getDataNodeInstance(Transport.class);
TransportAddress transportAddress = transport.boundAddress().publishAddress();
client.addTransportAddress(transportAddress);

10
shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java
View File

@ -63,11 +63,11 @@ public class SslIntegrationTests extends ShieldIntegTestCase {
.put(transportClientSettings())
.put("path.home", createTempDir())
.put("name", "programmatic_transport_client")
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.putArray("shield.ssl.ciphers", new String[]{"TLS_ECDH_anon_WITH_RC4_128_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA"})
.build()).build()) {
TransportAddress transportAddress = internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress();
TransportAddress transportAddress = internalCluster().getInstance(Transport.class).boundAddress().boundAddress();
transportClient.addTransportAddress(transportAddress);
transportClient.admin().cluster().prepareHealth().get();
@ -81,11 +81,11 @@ public class SslIntegrationTests extends ShieldIntegTestCase {
.put(transportClientSettings())
.put("path.home", createTempDir())
.put("name", "programmatic_transport_client")
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.putArray("shield.ssl.supported_protocols", new String[]{"SSLv3"})
.build()).build()) {
TransportAddress transportAddress = internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress();
TransportAddress transportAddress = internalCluster().getInstance(Transport.class).boundAddress().boundAddress();
transportClient.addTransportAddress(transportAddress);
transportClient.admin().cluster().prepareHealth().get();
@ -125,7 +125,7 @@ public class SslIntegrationTests extends ShieldIntegTestCase {
}
private String getNodeUrl() {
TransportAddress transportAddress = internalTestCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddress();
TransportAddress transportAddress = internalCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddress();
assertThat(transportAddress, is(instanceOf(InetSocketTransportAddress.class)));
InetSocketTransportAddress inetSocketTransportAddress = (InetSocketTransportAddress) transportAddress;
return String.format(Locale.ROOT, "https://%s:%s/", "localhost", inetSocketTransportAddress.address().getPort());

38
shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java
View File

@ -86,7 +86,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
private TransportClient createTransportClient(Settings additionalSettings) {
Settings settings = settingsBuilder().put(transportClientSettings())
.put("name", "programmatic_transport_client")
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("path.home", createTempDir())
.put(additionalSettings)
.build();
@ -102,7 +102,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
*/
@Test
public void testThatStandardTransportClientCanConnectToDefaultProfile() throws Exception {
assertGreenClusterState(internalTestCluster().transportClient());
assertGreenClusterState(internalCluster().transportClient());
}
/**
@ -187,7 +187,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
public void testThatProfileTransportClientCannotConnectToDefaultProfile() throws Exception {
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
try (TransportClient transportClient = createTransportClient(settings)) {
TransportAddress transportAddress = internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress();
TransportAddress transportAddress = internalCluster().getInstance(Transport.class).boundAddress().boundAddress();
transportClient.addTransportAddress(transportAddress);
transportClient.admin().cluster().prepareHealth().get();
}
@ -214,7 +214,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
public void testThatTransportClientCanConnectToNoSslProfile() throws Exception {
Settings settings = settingsBuilder()
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("path.home", createTempDir())
.build();
try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).addPlugin(ShieldPlugin.class).addPlugin(licensePluginClass()).build()) {
@ -231,11 +231,11 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
public void testThatTransportClientCannotConnectToDefaultProfile() throws Exception {
Settings settings = settingsBuilder()
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("path.home", createTempDir())
.build();
try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) {
transportClient.addTransportAddress(internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress());
transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
assertGreenClusterState(transportClient);
}
}
@ -248,7 +248,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
public void testThatTransportClientCannotConnectToClientProfile() throws Exception {
Settings settings = settingsBuilder()
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("path.home", createTempDir())
.build();
try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) {
@ -265,7 +265,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
public void testThatTransportClientCannotConnectToNoClientAuthProfile() throws Exception {
Settings settings = settingsBuilder()
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("path.home", createTempDir())
.build();
try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) {
@ -283,7 +283,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
public void testThatTransportClientWithOnlyTruststoreCanConnectToNoClientAuthProfile() throws Exception {
Settings settings = settingsBuilder()
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("shield.transport.ssl", true)
.put("shield.ssl.truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks"))
.put("shield.ssl.truststore.password", "truststore-testnode-only")
@ -305,7 +305,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
public void testThatTransportClientWithOnlyTruststoreCannotConnectToClientProfile() throws Exception {
Settings settings = settingsBuilder()
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("shield.transport.ssl", true)
.put("shield.ssl.truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks"))
.put("shield.ssl.truststore.password", "truststore-testnode-only")
@ -327,14 +327,14 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
public void testThatTransportClientWithOnlyTruststoreCannotConnectToDefaultProfile() throws Exception {
Settings settings = settingsBuilder()
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("shield.transport.ssl", true)
.put("shield.ssl.truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks"))
.put("shield.ssl.truststore.password", "truststore-testnode-only")
.put("path.home", createTempDir())
.build();
try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) {
transportClient.addTransportAddress(internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress());
transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
assertGreenClusterState(transportClient);
}
}
@ -348,7 +348,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
public void testThatTransportClientWithOnlyTruststoreCannotConnectToNoSslProfile() throws Exception {
Settings settings = settingsBuilder()
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("shield.transport.ssl", true)
.put("shield.ssl.truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks"))
.put("shield.ssl.truststore.password", "truststore-testnode-only")
@ -369,12 +369,12 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
public void testThatSSLTransportClientWithNoTruststoreCannotConnectToDefaultProfile() throws Exception {
Settings settings = settingsBuilder()
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("shield.transport.ssl", true)
.put("path.home", createTempDir())
.build();
try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) {
transportClient.addTransportAddress(internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress());
transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
assertGreenClusterState(transportClient);
}
}
@ -388,7 +388,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
public void testThatSSLTransportClientWithNoTruststoreCannotConnectToClientProfile() throws Exception {
Settings settings = settingsBuilder()
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("shield.transport.ssl", true)
.put("path.home", createTempDir())
.build();
@ -407,7 +407,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
public void testThatSSLTransportClientWithNoTruststoreCannotConnectToNoClientAuthProfile() throws Exception {
Settings settings = settingsBuilder()
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("shield.transport.ssl", true)
.put("path.home", createTempDir())
.build();
@ -426,7 +426,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
public void testThatSSLTransportClientWithNoTruststoreCannotConnectToNoSslProfile() throws Exception {
Settings settings = settingsBuilder()
.put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalTestCluster().getClusterName())
.put("cluster.name", internalCluster().getClusterName())
.put("shield.transport.ssl", true)
.put("path.home", createTempDir())
.build();
@ -437,7 +437,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase {
}
private static int getProfilePort(String profile) {
TransportAddress transportAddress = internalTestCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress();
TransportAddress transportAddress = internalCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress();
assert transportAddress instanceof InetSocketTransportAddress;
return ((InetSocketTransportAddress)transportAddress).address().getPort();
}

10
shield/src/test/java/org/elasticsearch/shield/tribe/TribeTests.java
View File

@ -50,7 +50,7 @@ public class TribeTests extends ShieldIntegTestCase {
@Before
public void setupSecondClusterAndTribeNode() throws Exception {
final Settings globalClusterSettings = internalTestCluster().getInstance(Settings.class);
final Settings globalClusterSettings = internalCluster().getInstance(Settings.class);
//TODO tribe nodes and all of the tribes need to have either ssl disabled or enabled as a whole
//we read the randomized setting from the global cluster and apply it to the other cluster that we are going to start
@ -89,8 +89,8 @@ public class TribeTests extends ShieldIntegTestCase {
}
}
return builder.put("tribe.t1.cluster.name", internalTestCluster().getClusterName())
.putArray("tribe.t1.discovery.zen.ping.unicast.hosts", unicastHosts(internalTestCluster()))
return builder.put("tribe.t1.cluster.name", internalCluster().getClusterName())
.putArray("tribe.t1.discovery.zen.ping.unicast.hosts", unicastHosts(internalCluster()))
.put("tribe.t1.shield.transport.ssl", sslTransportEnabled)
.put("tribe.t2.cluster.name", cluster2.getClusterName())
.putArray("tribe.t2.discovery.zen.ping.unicast.hosts", unicastHosts(cluster2))
@ -193,7 +193,7 @@ public class TribeTests extends ShieldIntegTestCase {
@Test
public void testIndexRefreshAndSearch() throws Exception {
internalTestCluster().client().admin().indices().prepareCreate("test1").get();
internalCluster().client().admin().indices().prepareCreate("test1").get();
cluster2.client().admin().indices().prepareCreate("test2").get();
assertThat(tribeNodeCluster.client().admin().cluster().prepareHealth().setWaitForGreenStatus().get().getStatus(), equalTo(ClusterHealthStatus.GREEN));
@ -209,7 +209,7 @@ public class TribeTests extends ShieldIntegTestCase {
@Override
public void run() {
DiscoveryNodes tribeNodes = tribeNodeCluster.client().admin().cluster().prepareState().get().getState().getNodes();
assertThat(countDataNodesForTribe("t1", tribeNodes), equalTo(internalTestCluster().client().admin().cluster().prepareState().get().getState().getNodes().dataNodes().size()));
assertThat(countDataNodesForTribe("t1", tribeNodes), equalTo(internalCluster().client().admin().cluster().prepareState().get().getState().getNodes().dataNodes().size()));
assertThat(countDataNodesForTribe("t2", tribeNodes), equalTo(cluster2.client().admin().cluster().prepareState().get().getState().getNodes().dataNodes().size()));
}
});

104
shield/src/test/java/org/elasticsearch/test/ShieldIntegTestCase.java
View File

@ -146,14 +146,6 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
}
}
@Override
protected TestCluster buildTestCluster(Scope scope, long seed) throws IOException {
// This overwrites the wipe logic of the test cluster to not remove the shield_audit_log template. By default all templates are removed
// TODO: We should have the notion of a hidden template (like hidden index / type) that only gets removed when specifically mentioned.
final TestCluster testCluster = super.buildTestCluster(scope, seed);
return new ShieldWrappingCluster(seed, testCluster);
}
@Override
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder().put(super.nodeSettings(nodeOrdinal))
@ -321,100 +313,4 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase {
assertNoTimeout(clusterHealthResponse);
assertThat(clusterHealthResponse.getStatus(), is(ClusterHealthStatus.GREEN));
}
protected static InternalTestCluster internalTestCluster() {
return (InternalTestCluster) ((ShieldWrappingCluster) cluster()).testCluster;
}
@Override
public ClusterService clusterService() {
return internalTestCluster().clusterService();
}
// We need this custom impl, because we have custom wipe logic. We don't want the audit index templates to get deleted between tests
private final class ShieldWrappingCluster extends TestCluster {
private final TestCluster testCluster;
private ShieldWrappingCluster(long seed, TestCluster testCluster) {
super(seed);
this.testCluster = testCluster;
}
@Override
public void beforeTest(Random random, double transportClientRatio) throws IOException {
testCluster.beforeTest(random, transportClientRatio);
}
@Override
public void wipe() {
wipeIndices("_all");
wipeRepositories();
if (size() > 0) {
List<String> templatesToWipe = new ArrayList<>();
ClusterState state = client().admin().cluster().prepareState().get().getState();
for (ObjectObjectCursor<String, IndexTemplateMetaData> cursor : state.getMetaData().templates()) {
if (cursor.key.equals(IndexAuditTrail.INDEX_TEMPLATE_NAME)) {
continue;
}
templatesToWipe.add(cursor.key);
}
if (!templatesToWipe.isEmpty()) {
wipeTemplates(templatesToWipe.toArray(new String[templatesToWipe.size()]));
}
}
}
@Override
public void afterTest() throws IOException {
testCluster.afterTest();
}
@Override
public Client client() {
return testCluster.client();
}
@Override
public int size() {
return testCluster.size();
}
@Override
public int numDataNodes() {
return testCluster.numDataNodes();
}
@Override
public int numDataAndMasterNodes() {
return testCluster.numDataAndMasterNodes();
}
@Override
public InetSocketAddress[] httpAddresses() {
return testCluster.httpAddresses();
}
@Override
public void close() throws IOException {
testCluster.close();
}
@Override
public void ensureEstimatedStats() {
testCluster.ensureEstimatedStats();
}
@Override
public String getClusterName() {
return testCluster.getClusterName();
}
@Override
public Iterator<Client> iterator() {
return testCluster.iterator();
}
}
}

4
shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java
View File

@ -51,7 +51,7 @@ public class KnownActionsTests extends ShieldIntegTestCase {
@Test
public void testAllTransportHandlersAreKnown() {
TransportService transportService = internalTestCluster().getDataNodeInstance(TransportService.class);
TransportService transportService = internalCluster().getDataNodeInstance(TransportService.class);
for (String handler : transportService.requestHandlers.keySet()) {
if (!knownActions.contains(handler)) {
assertThat("elasticsearch core transport handler [" + handler + "] is unknown to shield", knownHandlers, hasItem(handler));
@ -75,7 +75,7 @@ public class KnownActionsTests extends ShieldIntegTestCase {
@Test
public void testAllKnownTransportHandlersAreValid() {
TransportService transportService = internalTestCluster().getDataNodeInstance(TransportService.class);
TransportService transportService = internalCluster().getDataNodeInstance(TransportService.class);
for (String knownHandler : knownHandlers) {
assertThat("shield known handler [" + knownHandler + "] is unknown to core", transportService.requestHandlers.keySet(), hasItems(knownHandler));
}

2
shield/src/test/java/org/elasticsearch/transport/ShieldServerTransportServiceTests.java
View File

@ -25,7 +25,7 @@ public class ShieldServerTransportServiceTests extends ShieldIntegTestCase {
}
public void testShieldServerTransportServiceWrapsAllHandlers() {
for (TransportService transportService : internalTestCluster().getInstances(TransportService.class)) {
for (TransportService transportService : internalCluster().getInstances(TransportService.class)) {
assertThat(transportService, instanceOf(ShieldServerTransportService.class));
for (Map.Entry<String, RequestHandlerRegistry> entry : transportService.requestHandlers.entrySet()) {
assertThat(