From afacb478286a486a46c54cc9e067911e3400e60b Mon Sep 17 00:00:00 2001 From: jaymode Date: Thu, 3 Sep 2015 07:10:48 -0400 Subject: [PATCH] make IndexAuditTrail recreate template and remove ShieldWrappingCluster The ShieldWrappingCluster was added to prevent deletion of the IndexAuditTrail template when running tests since the wipe() method will delete all templates. However, the cluster wrapping is problematic with indexRandom() and causes noise in CI. This change removes the ShieldWrappingCluster and changes the IndexAuditTrail to recreate the index template if it is removed. Closes elastic/elasticsearch#562 Original commit: elastic/x-pack-elasticsearch@0403ea7cef3adba43f19549a9f428586b03eafe9 --- .../shield/audit/index/IndexAuditTrail.java | 52 ++++++++- .../AbstractPrivilegeTestCase.java | 2 +- .../integration/ClearRealmsCacheTests.java | 6 +- .../integration/LicensingTests.java | 7 +- .../MultipleIndicesPermissionsTests.java | 4 +- .../PermissionPrecedenceTests.java | 2 +- .../integration/ScrollIdSigningTests.java | 2 +- .../SearchGetAndSuggestPermissionsTests.java | 8 +- .../integration/SettingsFilterTests.java | 2 +- .../integration/ShieldClearScrollTests.java | 4 +- .../ShieldPluginEnabledDisabledTests.java | 6 +- .../shield/ShieldPluginTests.java | 2 +- .../index/IndexAuditTrailEnabledTests.java | 24 ++++ .../audit/index/IndexAuditTrailTests.java | 9 +- .../RemoteIndexAuditTrailStartingTests.java | 12 +- .../shield/authc/AnonymousUserTests.java | 2 +- .../authc/pki/PkiAuthenticationTests.java | 8 +- .../authc/pki/PkiOptionalClientAuthTests.java | 6 +- .../PkiWithoutClientAuthenticationTests.java | 4 +- .../shield/authc/pki/PkiWithoutSSLTests.java | 4 +- ...ServerTransportFilterIntegrationTests.java | 10 +- .../filter/IpFilteringIntegrationTests.java | 6 +- .../filter/IpFilteringUpdateTests.java | 4 +- .../netty/IPHostnameVerificationTests.java | 2 +- .../netty/SslHostnameVerificationTests.java | 4 +- .../transport/ssl/SslClientAuthTests.java | 8 +- .../transport/ssl/SslIntegrationTests.java | 10 +- .../transport/ssl/SslMultiPortTests.java | 38 +++---- .../shield/tribe/TribeTests.java | 10 +- .../test/ShieldIntegTestCase.java | 104 ------------------ .../transport/KnownActionsTests.java | 4 +- .../ShieldServerTransportServiceTests.java | 2 +- 32 files changed, 176 insertions(+), 192 deletions(-) diff --git a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java index a304bb5735b..d5c62d15673 100644 --- a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java +++ b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java @@ -19,7 +19,9 @@ import org.elasticsearch.action.index.IndexRequest; import org.elasticsearch.client.Client; import org.elasticsearch.client.transport.TransportClient; import org.elasticsearch.cluster.ClusterChangedEvent; +import org.elasticsearch.cluster.ClusterService; import org.elasticsearch.cluster.ClusterState; +import org.elasticsearch.cluster.ClusterStateListener; import org.elasticsearch.cluster.metadata.IndexMetaData; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; @@ -32,6 +34,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.common.unit.TimeValue; +import org.elasticsearch.common.util.concurrent.AbstractRunnable; import org.elasticsearch.common.util.concurrent.EsExecutors; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentBuilderString; @@ -47,6 +50,7 @@ import org.elasticsearch.shield.authc.AuthenticationToken; import org.elasticsearch.shield.authz.Privilege; import org.elasticsearch.shield.rest.RemoteHostHeader; import org.elasticsearch.shield.transport.filter.ShieldIpFilterRule; +import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.Transport; import org.elasticsearch.transport.TransportMessage; import org.elasticsearch.transport.TransportRequest; @@ -62,6 +66,8 @@ import java.net.UnknownHostException; import java.util.*; import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.atomic.AtomicReference; +import java.util.concurrent.locks.Lock; +import java.util.concurrent.locks.ReentrantLock; import static org.elasticsearch.shield.audit.AuditUtil.indices; import static org.elasticsearch.shield.audit.AuditUtil.restRequestContent; @@ -71,7 +77,7 @@ import static org.elasticsearch.shield.audit.index.IndexNameResolver.resolve; /** * Audit trail implementation that writes events into an index. */ -public class IndexAuditTrail extends AbstractComponent implements AuditTrail { +public class IndexAuditTrail extends AbstractComponent implements AuditTrail, ClusterStateListener { public static final int DEFAULT_BULK_SIZE = 1000; public static final int MAX_BULK_SIZE = 10000; @@ -107,6 +113,9 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail { private final LinkedBlockingQueue eventQueue; private final QueueConsumer queueConsumer; private final Transport transport; + private final ThreadPool threadPool; + private final Lock putMappingLock = new ReentrantLock(); + private final ClusterService clusterService; private final boolean indexToRemoteCluster; private BulkProcessor bulkProcessor; @@ -124,13 +133,15 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail { @Inject public IndexAuditTrail(Settings settings, IndexAuditUserHolder indexingAuditUser, Environment environment, AuthenticationService authenticationService, - Transport transport, Provider clientProvider) { + Transport transport, Provider clientProvider, ThreadPool threadPool, ClusterService clusterService) { super(settings); this.auditUser = indexingAuditUser; this.authenticationService = authenticationService; this.clientProvider = clientProvider; this.environment = environment; this.transport = transport; + this.threadPool = threadPool; + this.clusterService = clusterService; this.nodeName = settings.get("name"); this.queueConsumer = new QueueConsumer(EsExecutors.threadName(settings, "audit-queue-consumer")); @@ -251,6 +262,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail { if (master) { putTemplate(customAuditIndexSettings(settings)); } + this.clusterService.add(this); initializeBulkProcessor(); queueConsumer.start(); state.set(State.STARTED); @@ -712,6 +724,42 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail { .build(); } + // this could be handled by a template registry service but adding that is extra complexity until we actually need it + @Override + public void clusterChanged(ClusterChangedEvent clusterChangedEvent) { + State state = state(); + if (state != State.STARTED || indexToRemoteCluster) { + return; + } + + if (clusterChangedEvent.localNodeMaster() == false) { + return; + } + if (clusterChangedEvent.state().metaData().templates().get(INDEX_TEMPLATE_NAME) == null) { + logger.debug("shield audit index template [{}] does not exist. it may have been deleted - putting the template", INDEX_TEMPLATE_NAME); + threadPool.generic().execute(new AbstractRunnable() { + @Override + public void onFailure(Throwable throwable) { + logger.error("failed to update shield audit index template [{}]", throwable, INDEX_TEMPLATE_NAME); + } + + @Override + protected void doRun() throws Exception { + final boolean locked = putMappingLock.tryLock(); + if (locked) { + try { + putTemplate(customAuditIndexSettings(settings)); + } finally { + putMappingLock.unlock(); + } + } else { + logger.trace("unable to PUT shield audit index template as the lock is already held"); + } + } + }); + } + } + private class QueueConsumer extends Thread { volatile boolean running = true; diff --git a/shield/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java b/shield/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java index a235471fd7f..b01c6db8ab8 100644 --- a/shield/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java +++ b/shield/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTestCase.java @@ -67,7 +67,7 @@ public abstract class AbstractPrivilegeTestCase extends ShieldIntegTestCase { } protected HttpResponse executeRequest(String user, String method, String uri, String body, Map params) throws IOException { - HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class); + HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport); requestBuilder.path(uri); diff --git a/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java b/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java index dbeb0a048d6..29d352c75d2 100644 --- a/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java +++ b/shield/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java @@ -140,7 +140,7 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase { client.authc().clearRealmCache(request, new ActionListener() { @Override public void onResponse(ClearRealmCacheResponse response) { - assertThat(response.getNodes().length, equalTo(internalTestCluster().getNodeNames().length)); + assertThat(response.getNodes().length, equalTo(internalCluster().getNodeNames().length)); latch.countDown(); } @@ -163,7 +163,7 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase { static void executeHttpRequest(String path, Map params) throws Exception { try (CloseableHttpClient client = HttpClients.createDefault()) { HttpRequestBuilder requestBuilder = new HttpRequestBuilder(client) - .httpTransport(internalTestCluster().getDataNodeInstance(HttpServerTransport.class)) + .httpTransport(internalCluster().getDataNodeInstance(HttpServerTransport.class)) .method("POST") .path(path); for (Map.Entry entry : params.entrySet()) { @@ -240,7 +240,7 @@ public class ClearRealmsCacheTests extends ShieldIntegTestCase { } List realms = new ArrayList<>(); - for (Realms nodeRealms : internalTestCluster().getInstances(Realms.class)) { + for (Realms nodeRealms : internalCluster().getInstances(Realms.class)) { realms.add(nodeRealms.realm("esusers")); } diff --git a/shield/src/test/java/org/elasticsearch/integration/LicensingTests.java b/shield/src/test/java/org/elasticsearch/integration/LicensingTests.java index 8ed2c5feb03..a351116ea38 100644 --- a/shield/src/test/java/org/elasticsearch/integration/LicensingTests.java +++ b/shield/src/test/java/org/elasticsearch/integration/LicensingTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.integration; -import com.google.common.collect.ImmutableSet; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse; import org.elasticsearch.action.admin.cluster.node.stats.NodesStatsResponse; @@ -111,7 +110,7 @@ public class LicensingTests extends ShieldIntegTestCase { refresh(); - Client client = internalTestCluster().transportClient(); + Client client = internalCluster().transportClient(); disableLicensing(); @@ -170,13 +169,13 @@ public class LicensingTests extends ShieldIntegTestCase { } public static void disableLicensing() { - for (InternalLicensesClientService service : internalTestCluster().getInstances(InternalLicensesClientService.class)) { + for (InternalLicensesClientService service : internalCluster().getInstances(InternalLicensesClientService.class)) { service.disable(); } } public static void enableLicensing() { - for (InternalLicensesClientService service : internalTestCluster().getInstances(InternalLicensesClientService.class)) { + for (InternalLicensesClientService service : internalCluster().getInstances(InternalLicensesClientService.class)) { service.enable(); } } diff --git a/shield/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java b/shield/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java index 011a8a8bb01..20a95ed0c04 100644 --- a/shield/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java +++ b/shield/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java @@ -81,7 +81,7 @@ public class MultipleIndicesPermissionsTests extends ShieldIntegTestCase { refresh(); - Client client = internalTestCluster().transportClient(); + Client client = internalCluster().transportClient(); // no specifying an index, should replace indices with the permitted ones (test & test1) SearchResponse searchResponse = client.prepareSearch().setQuery(matchAllQuery()).get(); @@ -158,7 +158,7 @@ public class MultipleIndicesPermissionsTests extends ShieldIntegTestCase { refresh(); - Client client = internalTestCluster().transportClient(); + Client client = internalCluster().transportClient(); SearchResponse response = client.prepareSearch("a") .putHeader(BASIC_AUTH_HEADER, userHeader("user_a", "passwd")) diff --git a/shield/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java b/shield/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java index f424b8c8594..5e198974e99 100644 --- a/shield/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java +++ b/shield/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java @@ -89,7 +89,7 @@ public class PermissionPrecedenceTests extends ShieldIntegTestCase { @Test public void testDifferentCombinationsOfIndices() throws Exception { - Client client = internalTestCluster().transportClient(); + Client client = internalCluster().transportClient(); // first lets try with "admin"... all should work diff --git a/shield/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java b/shield/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java index 9a449c8728f..5bd769bb60a 100644 --- a/shield/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java +++ b/shield/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java @@ -105,7 +105,7 @@ public class ScrollIdSigningTests extends ShieldIntegTestCase { } private void assertSigned(String scrollId) { - CryptoService cryptoService = internalTestCluster().getDataNodeInstance(InternalCryptoService.class); + CryptoService cryptoService = internalCluster().getDataNodeInstance(InternalCryptoService.class); String message = String.format(Locale.ROOT, "Expected scrollId [%s] to be signed, but was not", scrollId); assertThat(message, cryptoService.signed(scrollId), is(true)); } diff --git a/shield/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java b/shield/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java index 0fcb673d6fb..bdb21b26c8f 100644 --- a/shield/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java +++ b/shield/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java @@ -78,7 +78,7 @@ public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase { refresh(); - Client client = internalTestCluster().transportClient(); + Client client = internalCluster().transportClient(); SuggestResponse suggestResponse = client.prepareSuggest("a") .putHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, userHeader("suggest_user", "passwd")) @@ -116,7 +116,7 @@ public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase { refresh(); - Client client = internalTestCluster().transportClient(); + Client client = internalCluster().transportClient(); try { client.prepareGet("a", "type", indexResponse.getId()) @@ -143,7 +143,7 @@ public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase { refresh(); - Client client = internalTestCluster().transportClient(); + Client client = internalCluster().transportClient(); MultiGetResponse response = client.prepareMultiGet().add("a", "type", indexResponse.getId()) .putHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, userHeader("get_user", "passwd")) @@ -177,7 +177,7 @@ public class SearchGetAndSuggestPermissionsTests extends ShieldIntegTestCase { refresh(); - Client client = internalTestCluster().transportClient(); + Client client = internalCluster().transportClient(); MultiSearchResponse response = client.prepareMultiSearch().add(searchRequest("a").types("type")) .putHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, userHeader("search_user", "passwd")) diff --git a/shield/src/test/java/org/elasticsearch/integration/SettingsFilterTests.java b/shield/src/test/java/org/elasticsearch/integration/SettingsFilterTests.java index d6bac4728f5..3584ce2ec64 100644 --- a/shield/src/test/java/org/elasticsearch/integration/SettingsFilterTests.java +++ b/shield/src/test/java/org/elasticsearch/integration/SettingsFilterTests.java @@ -171,7 +171,7 @@ public class SettingsFilterTests extends ShieldIntegTestCase { } protected HttpResponse executeRequest(String method, String uri, String body, Map params) throws IOException { - HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class); + HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient) .httpTransport(httpServerTransport) .method(method) diff --git a/shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java b/shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java index 5ff26a58751..26734896e08 100644 --- a/shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java +++ b/shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java @@ -88,7 +88,7 @@ public class ShieldClearScrollTests extends ShieldIntegTestCase { public void testThatClearingAllScrollIdsWorks() throws Exception { String shieldUser = "allowed_user:change_me"; String basicAuth = basicAuthHeaderValue("allowed_user", new SecuredString("change_me".toCharArray())); - ClearScrollResponse clearScrollResponse = internalTestCluster().transportClient().prepareClearScroll() + ClearScrollResponse clearScrollResponse = internalCluster().transportClient().prepareClearScroll() .putHeader("shield.user", shieldUser) .putHeader("Authorization", basicAuth) .addScrollId("_all").get(); @@ -102,7 +102,7 @@ public class ShieldClearScrollTests extends ShieldIntegTestCase { String shieldUser = "denied_user:change_me"; String basicAuth = basicAuthHeaderValue("denied_user", new SecuredString("change_me".toCharArray())); - assertThrows(internalTestCluster().transportClient().prepareClearScroll() + assertThrows(internalCluster().transportClient().prepareClearScroll() .putHeader("shield.user", shieldUser) .putHeader("Authorization", basicAuth) .addScrollId("_all"), ElasticsearchSecurityException.class, "action [cluster:admin/indices/scroll/clear_all] is unauthorized for user [denied_user]"); diff --git a/shield/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java b/shield/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java index c824a99add2..5063c81298a 100644 --- a/shield/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java @@ -85,14 +85,14 @@ public class ShieldPluginEnabledDisabledTests extends ShieldIntegTestCase { @Test public void testTransportEnabledDisabled() throws Exception { - for (TransportService service : internalTestCluster().getInstances(TransportService.class)) { + for (TransportService service : internalCluster().getInstances(TransportService.class)) { Matcher matcher = instanceOf(ShieldServerTransportService.class); if (!enabled) { matcher = not(matcher); } assertThat(service, matcher); } - for (Transport transport : internalTestCluster().getInstances(Transport.class)) { + for (Transport transport : internalCluster().getInstances(Transport.class)) { Matcher matcher = instanceOf(ShieldNettyTransport.class); if (!enabled) { matcher = not(matcher); @@ -103,7 +103,7 @@ public class ShieldPluginEnabledDisabledTests extends ShieldIntegTestCase { @Test public void testShieldInfoStatus() throws IOException { - HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class); + HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); try (CloseableHttpClient httpClient = HttpClients.createDefault()) { HttpResponse response = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport).method("GET").path("/_shield").addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, basicAuthHeaderValue(ShieldSettingsSource.DEFAULT_USER_NAME, new SecuredString(ShieldSettingsSource.DEFAULT_PASSWORD.toCharArray()))).execute(); diff --git a/shield/src/test/java/org/elasticsearch/shield/ShieldPluginTests.java b/shield/src/test/java/org/elasticsearch/shield/ShieldPluginTests.java index bcd2626c6ff..f32fe65342f 100644 --- a/shield/src/test/java/org/elasticsearch/shield/ShieldPluginTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/ShieldPluginTests.java @@ -36,7 +36,7 @@ public class ShieldPluginTests extends ShieldIntegTestCase { @Test public void testThatPluginIsLoaded() throws IOException { - HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class); + HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); try (CloseableHttpClient httpClient = HttpClients.createDefault()) { logger.info("executing unauthorized request to /_shield infos"); HttpResponse response = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport).method("GET").path("/_shield").execute(); diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java index af2787a9989..12ff7aebfe6 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java @@ -6,6 +6,7 @@ package org.elasticsearch.shield.audit.index; import com.google.common.base.Predicate; +import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateResponse; import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesResponse; import org.elasticsearch.action.exists.ExistsResponse; import org.elasticsearch.common.settings.Settings; @@ -56,6 +57,29 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase { awaitIndexCreation(); } + @Test + public void testAuditTrailTemplateIsRecreatedAfterDelete() throws Exception { + // this is already "tested" by the test framework since we wipe the templates before and after, but lets be explicit about the behavior + GetIndexTemplatesResponse response = client().admin().indices().prepareGetTemplates(IndexAuditTrail.INDEX_TEMPLATE_NAME).execute().actionGet(); + assertThat(response.getIndexTemplates().size(), is(1)); + assertThat(response.getIndexTemplates().get(0).name(), is(IndexAuditTrail.INDEX_TEMPLATE_NAME)); + + // delete the template + DeleteIndexTemplateResponse deleteResponse = client().admin().indices().prepareDeleteTemplate(IndexAuditTrail.INDEX_TEMPLATE_NAME).execute().actionGet(); + assertThat(deleteResponse.isAcknowledged(), is(true)); + boolean templateReplaced = awaitBusy(new Predicate() { + @Override + public boolean apply(Void aVoid) { + GetIndexTemplatesResponse response = client().admin().indices().prepareGetTemplates(IndexAuditTrail.INDEX_TEMPLATE_NAME).execute().actionGet(); + if (response.getIndexTemplates().size() > 0) { + return response.getIndexTemplates().get(0).name().equals(IndexAuditTrail.INDEX_TEMPLATE_NAME); + } + return false; + } + }); + assertThat(templateReplaced, is(true)); + } + void awaitIndexCreation() throws Exception { final String indexName = IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, DateTime.now(DateTimeZone.UTC), rollover); boolean success = awaitBusy(new Predicate() { diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java index 371249c407b..62079f6dbd3 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java @@ -13,6 +13,7 @@ import org.elasticsearch.action.exists.ExistsResponse; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.client.Client; +import org.elasticsearch.cluster.ClusterService; import org.elasticsearch.common.inject.util.Providers; import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.settings.Settings; @@ -35,6 +36,7 @@ import org.elasticsearch.test.ESIntegTestCase; import org.elasticsearch.test.InternalTestCluster; import org.elasticsearch.test.ShieldIntegTestCase; import org.elasticsearch.test.ShieldSettingsSource; +import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.Transport; import org.elasticsearch.transport.TransportInfo; import org.elasticsearch.transport.TransportMessage; @@ -79,6 +81,7 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { private Client remoteClient; private int numShards; private int numReplicas; + private ThreadPool threadPool; private Settings commonSettings(IndexNameResolver.Rollover rollover) { return Settings.builder() @@ -188,12 +191,16 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { when(transport.boundAddress()).thenReturn(new BoundTransportAddress(DummyTransportAddress.INSTANCE, DummyTransportAddress.INSTANCE)); Environment env = new Environment(settings); - auditor = new IndexAuditTrail(settings, user, env, authService, transport, Providers.of(client())); + threadPool = new ThreadPool("index audit trail tests"); + auditor = new IndexAuditTrail(settings, user, env, authService, transport, Providers.of(client()), threadPool, mock(ClusterService.class)); auditor.start(true); } @After public void afterTest() { + if (threadPool != null) { + threadPool.shutdown(); + } if (auditor != null) { auditor.close(); } diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java index 4f1040049fc..b48744b0412 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java @@ -53,6 +53,17 @@ public class RemoteIndexAuditTrailStartingTests extends ShieldIntegTestCase { .build(); } + @Override + public void beforeIndexDeletion() { + if (outputs.contains("index")) { + // For this test, this is a NO-OP because the index audit trail will continue to capture events and index after + // the tests have completed. The default implementation of this method expects that nothing is performing operations + // after the test has completed + return; + } + super.beforeIndexDeletion(); + } + @Before public void startRemoteCluster() throws IOException { final List addresses = new ArrayList<>(); @@ -117,5 +128,4 @@ public class RemoteIndexAuditTrailStartingTests extends ShieldIntegTestCase { assertThat(auditTrail.state(), is(IndexAuditTrail.State.STARTED)); } } - } diff --git a/shield/src/test/java/org/elasticsearch/shield/authc/AnonymousUserTests.java b/shield/src/test/java/org/elasticsearch/shield/authc/AnonymousUserTests.java index 99dd036e884..5f2aeda16aa 100644 --- a/shield/src/test/java/org/elasticsearch/shield/authc/AnonymousUserTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/authc/AnonymousUserTests.java @@ -71,7 +71,7 @@ public class AnonymousUserTests extends ShieldIntegTestCase { } private String getNodeUrl() { - TransportAddress transportAddress = internalTestCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddress(); + TransportAddress transportAddress = internalCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddress(); assertThat(transportAddress, is(instanceOf(InetSocketTransportAddress.class))); InetSocketTransportAddress inetSocketTransportAddress = (InetSocketTransportAddress) transportAddress; return String.format(Locale.ROOT, "http://%s:%s/", "localhost", inetSocketTransportAddress.address().getPort()); diff --git a/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiAuthenticationTests.java b/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiAuthenticationTests.java index 41c894b3a37..de8d8e3291e 100644 --- a/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiAuthenticationTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiAuthenticationTests.java @@ -71,7 +71,7 @@ public class PkiAuthenticationTests extends ShieldIntegTestCase { public void testTransportClientCanAuthenticateViaPki() { Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", "testnode"); try (TransportClient client = createTransportClient(settings)) { - client.addTransportAddress(internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress()); + client.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress()); IndexResponse response = client.prepareIndex("foo", "bar").setSource("pki", "auth").get(); assertThat(response.isCreated(), is(true)); } @@ -84,7 +84,7 @@ public class PkiAuthenticationTests extends ShieldIntegTestCase { @Test(expected = NoNodeAvailableException.class) public void testTransportClientAuthenticationFailure() { try (TransportClient client = createTransportClient(Settings.EMPTY)) { - client.addTransportAddress(internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress()); + client.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress()); client.prepareIndex("foo", "bar").setSource("pki", "auth").get(); fail("transport client should not have been able to authenticate"); } @@ -138,14 +138,14 @@ public class PkiAuthenticationTests extends ShieldIntegTestCase { .put(transportClientSettings()) .put(additionalSettings) .put("path.home", createTempDir()) - .put("cluster.name", internalTestCluster().getClusterName()); + .put("cluster.name", internalCluster().getClusterName()); builder.remove("shield.user"); builder.remove("request.headers.Authorization"); return TransportClient.builder().settings(builder).addPlugin(ShieldPlugin.class).build(); } private String getNodeUrl() { - TransportAddress transportAddress = internalTestCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddress(); + TransportAddress transportAddress = internalCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddress(); assertThat(transportAddress, is(instanceOf(InetSocketTransportAddress.class))); InetSocketTransportAddress inetSocketTransportAddress = (InetSocketTransportAddress) transportAddress; return String.format(Locale.ROOT, "https://localhost:%s/", inetSocketTransportAddress.address().getPort()); diff --git a/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiOptionalClientAuthTests.java b/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiOptionalClientAuthTests.java index 127ecc93029..82c296a0358 100644 --- a/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiOptionalClientAuthTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiOptionalClientAuthTests.java @@ -76,7 +76,7 @@ public class PkiOptionalClientAuthTests extends ShieldIntegTestCase { @Test public void testRestClientWithoutClientCertificate() throws Exception { - HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class); + HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); try (CloseableHttpClient httpClient = HttpClients.custom().setSslcontext(getSSLContext()).build()) { HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient) @@ -96,13 +96,13 @@ public class PkiOptionalClientAuthTests extends ShieldIntegTestCase { @Test public void testTransportClientWithoutClientCertificate() { - Transport transport = internalTestCluster().getDataNodeInstance(Transport.class); + Transport transport = internalCluster().getDataNodeInstance(Transport.class); int port = ((InetSocketTransportAddress)transport.profileBoundAddresses().get("want_client_auth").boundAddress()).address().getPort(); Settings settings = Settings.builder() .put(ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks", "truststore-testnode-only")) .put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("shield.transport.ssl", true) .put("path.home", createTempDir()) .build(); diff --git a/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutClientAuthenticationTests.java b/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutClientAuthenticationTests.java index 8af5d3ec13f..6f44bef7242 100644 --- a/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutClientAuthenticationTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutClientAuthenticationTests.java @@ -71,13 +71,13 @@ public class PkiWithoutClientAuthenticationTests extends ShieldIntegTestCase { @Test public void testThatTransportClientWorks() { - Client client = internalTestCluster().transportClient(); + Client client = internalCluster().transportClient(); assertGreenClusterState(client); } @Test public void testThatHttpWorks() throws Exception { - HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class); + HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new SecureRandom()); try (CloseableHttpClient httpClient = HttpClients.custom().setSslcontext(sc).build()) { diff --git a/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutSSLTests.java b/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutSSLTests.java index 21e6e6833c9..60e671ff534 100644 --- a/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutSSLTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/authc/pki/PkiWithoutSSLTests.java @@ -42,13 +42,13 @@ public class PkiWithoutSSLTests extends ShieldIntegTestCase { @Test public void testThatTransportClientWorks() { - Client client = internalTestCluster().transportClient(); + Client client = internalCluster().transportClient(); assertGreenClusterState(client); } @Test public void testThatHttpWorks() throws Exception { - HttpServerTransport httpServerTransport = internalTestCluster().getDataNodeInstance(HttpServerTransport.class); + HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); try (CloseableHttpClient httpClient = HttpClients.createDefault()) { HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient) .httpTransport(httpServerTransport) diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java index 03e3de3b4f5..8e48980304b 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java @@ -81,10 +81,10 @@ public class ServerTransportFilterIntegrationTests extends ShieldIntegTestCase { @Test public void testThatConnectionToServerTypeConnectionWorks() { - Settings dataNodeSettings = internalTestCluster().getDataNodeInstance(Settings.class); + Settings dataNodeSettings = internalCluster().getDataNodeInstance(Settings.class); String systemKeyFile = dataNodeSettings.get(InternalCryptoService.FILE_SETTING); - Transport transport = internalTestCluster().getDataNodeInstance(Transport.class); + Transport transport = internalCluster().getDataNodeInstance(Transport.class); TransportAddress transportAddress = transport.boundAddress().publishAddress(); assertThat(transportAddress, instanceOf(InetSocketTransportAddress.class)); InetSocketAddress inetSocketAddress = ((InetSocketTransportAddress) transportAddress).address(); @@ -96,7 +96,7 @@ public class ServerTransportFilterIntegrationTests extends ShieldIntegTestCase { .put("node.mode", "network") .put("node.name", "my-test-node") .put("network.host", "localhost") - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("discovery.zen.ping.multicast.enabled", false) .put("discovery.zen.ping.unicast.hosts", unicastHost) .put("shield.transport.ssl", sslTransportEnabled()) @@ -114,7 +114,7 @@ public class ServerTransportFilterIntegrationTests extends ShieldIntegTestCase { @Test public void testThatConnectionToClientTypeConnectionIsRejected() { - Settings dataNodeSettings = internalTestCluster().getDataNodeInstance(Settings.class); + Settings dataNodeSettings = internalCluster().getDataNodeInstance(Settings.class); String systemKeyFile = dataNodeSettings.get(InternalCryptoService.FILE_SETTING); Path folder = createFolder(createTempDir(), getClass().getSimpleName() + "-" + randomAsciiOfLength(10)); @@ -130,7 +130,7 @@ public class ServerTransportFilterIntegrationTests extends ShieldIntegTestCase { .put("node.mode", "network") .put("node.name", "my-test-node") .put("shield.user", "test_user:changeme") - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("discovery.zen.ping.multicast.enabled", false) .put("discovery.zen.ping.unicast.hosts", "localhost:" + randomClientPort) .put("shield.transport.ssl", sslTransportEnabled()) diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java index 7b25e8503f8..4b5d4f38cfa 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java @@ -52,7 +52,7 @@ public class IpFilteringIntegrationTests extends ShieldIntegTestCase { @Test public void testThatIpFilteringIsIntegratedIntoNettyPipelineViaHttp() throws Exception { - TransportAddress transportAddress = internalTestCluster().getDataNodeInstance(HttpServerTransport.class).boundAddress().boundAddress(); + TransportAddress transportAddress = internalCluster().getDataNodeInstance(HttpServerTransport.class).boundAddress().boundAddress(); assertThat(transportAddress, is(instanceOf(InetSocketTransportAddress.class))); InetSocketTransportAddress inetSocketTransportAddress = (InetSocketTransportAddress) transportAddress; @@ -64,7 +64,7 @@ public class IpFilteringIntegrationTests extends ShieldIntegTestCase { @Test public void testThatIpFilteringIsNotAppliedForDefaultTransport() throws Exception { - Client client = internalTestCluster().transportClient(); + Client client = internalCluster().transportClient(); assertGreenClusterState(client); } @@ -88,7 +88,7 @@ public class IpFilteringIntegrationTests extends ShieldIntegTestCase { } private static int getProfilePort(String profile) { - TransportAddress transportAddress = internalTestCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress(); + TransportAddress transportAddress = internalCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress(); assert transportAddress instanceof InetSocketTransportAddress; return ((InetSocketTransportAddress)transportAddress).address().getPort(); } diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringUpdateTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringUpdateTests.java index 565d6935303..3396660d53c 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringUpdateTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringUpdateTests.java @@ -154,7 +154,7 @@ public class IpFilteringUpdateTests extends ShieldIntegTestCase { return; } - IPFilter ipFilter = internalTestCluster().getDataNodeInstance(IPFilter.class); + IPFilter ipFilter = internalCluster().getDataNodeInstance(IPFilter.class); String message = String.format(Locale.ROOT, "Expected allowed connection for profile %s against host %s", profile, host); assertThat(message, ipFilter.accept(profile, InetAddress.getByName(host)), is(true)); } @@ -165,7 +165,7 @@ public class IpFilteringUpdateTests extends ShieldIntegTestCase { return; } - IPFilter ipFilter = internalTestCluster().getDataNodeInstance(IPFilter.class); + IPFilter ipFilter = internalCluster().getDataNodeInstance(IPFilter.class); String message = String.format(Locale.ROOT, "Expected rejection for profile %s against host %s", profile, host); assertThat(message, ipFilter.accept(profile, InetAddress.getByName(host)), is(false)); } diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/netty/IPHostnameVerificationTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/netty/IPHostnameVerificationTests.java index 759c7ae0cba..0a51a03f935 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/netty/IPHostnameVerificationTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/netty/IPHostnameVerificationTests.java @@ -73,7 +73,7 @@ public class IPHostnameVerificationTests extends ShieldIntegTestCase { @Test public void testTransportClientConnectionWorksWithIPOnlyHostnameVerification() throws Exception { - Client client = internalTestCluster().transportClient(); + Client client = internalCluster().transportClient(); assertGreenClusterState(client); } } diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java index 63e445ca2f8..bed3ba5ca01 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java @@ -68,7 +68,7 @@ public class SslHostnameVerificationTests extends ShieldIntegTestCase { @Test(expected = NoNodeAvailableException.class) public void testThatHostnameMismatchDeniesTransportClientConnection() throws Exception { - Transport transport = internalTestCluster().getDataNodeInstance(Transport.class); + Transport transport = internalCluster().getDataNodeInstance(Transport.class); TransportAddress transportAddress = transport.boundAddress().publishAddress(); assertThat(transportAddress, instanceOf(InetSocketTransportAddress.class)); InetSocketAddress inetSocketAddress = ((InetSocketTransportAddress) transportAddress).address(); @@ -86,7 +86,7 @@ public class SslHostnameVerificationTests extends ShieldIntegTestCase { @Test public void testTransportClientConnectionIgnoringHostnameVerification() throws Exception { - Client client = internalTestCluster().transportClient(); + Client client = internalCluster().transportClient(); assertGreenClusterState(client); } } diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslClientAuthTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslClientAuthTests.java index 345e828d32e..bb60d946949 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslClientAuthTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslClientAuthTests.java @@ -64,7 +64,7 @@ public class SslClientAuthTests extends ShieldIntegTestCase { CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(socketFactory).build(); new HttpRequestBuilder(client) - .httpTransport(internalTestCluster().getInstance(HttpServerTransport.class)) + .httpTransport(internalCluster().getInstance(HttpServerTransport.class)) .method("GET").path("/") .protocol("https") .execute(); @@ -83,7 +83,7 @@ public class SslClientAuthTests extends ShieldIntegTestCase { CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(socketFactory).build(); HttpResponse response = new HttpRequestBuilder(client) - .httpTransport(internalTestCluster().getInstance(HttpServerTransport.class)) + .httpTransport(internalCluster().getInstance(HttpServerTransport.class)) .method("GET").path("/") .protocol("https") .addHeader("Authorization", basicAuthHeaderValue(transportClientUsername(), transportClientPassword())) @@ -105,11 +105,11 @@ public class SslClientAuthTests extends ShieldIntegTestCase { .put("shield.transport.ssl", true) .put("shield.ssl.keystore.path", store) .put("shield.ssl.keystore.password", "testclient-client-profile") - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("shield.user", transportClientUsername() + ":" + new String(transportClientPassword().internalChars())) .build(); try (TransportClient client = TransportClient.builder().settings(settings).addPlugin(ShieldPlugin.class).addPlugin(licensePluginClass()).build()) { - Transport transport = internalTestCluster().getDataNodeInstance(Transport.class); + Transport transport = internalCluster().getDataNodeInstance(Transport.class); TransportAddress transportAddress = transport.boundAddress().publishAddress(); client.addTransportAddress(transportAddress); diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java index fd96b1a3152..dd14087d9fe 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java @@ -63,11 +63,11 @@ public class SslIntegrationTests extends ShieldIntegTestCase { .put(transportClientSettings()) .put("path.home", createTempDir()) .put("name", "programmatic_transport_client") - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .putArray("shield.ssl.ciphers", new String[]{"TLS_ECDH_anon_WITH_RC4_128_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA"}) .build()).build()) { - TransportAddress transportAddress = internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress(); + TransportAddress transportAddress = internalCluster().getInstance(Transport.class).boundAddress().boundAddress(); transportClient.addTransportAddress(transportAddress); transportClient.admin().cluster().prepareHealth().get(); @@ -81,11 +81,11 @@ public class SslIntegrationTests extends ShieldIntegTestCase { .put(transportClientSettings()) .put("path.home", createTempDir()) .put("name", "programmatic_transport_client") - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .putArray("shield.ssl.supported_protocols", new String[]{"SSLv3"}) .build()).build()) { - TransportAddress transportAddress = internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress(); + TransportAddress transportAddress = internalCluster().getInstance(Transport.class).boundAddress().boundAddress(); transportClient.addTransportAddress(transportAddress); transportClient.admin().cluster().prepareHealth().get(); @@ -125,7 +125,7 @@ public class SslIntegrationTests extends ShieldIntegTestCase { } private String getNodeUrl() { - TransportAddress transportAddress = internalTestCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddress(); + TransportAddress transportAddress = internalCluster().getInstance(HttpServerTransport.class).boundAddress().boundAddress(); assertThat(transportAddress, is(instanceOf(InetSocketTransportAddress.class))); InetSocketTransportAddress inetSocketTransportAddress = (InetSocketTransportAddress) transportAddress; return String.format(Locale.ROOT, "https://%s:%s/", "localhost", inetSocketTransportAddress.address().getPort()); diff --git a/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java b/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java index e58de1d2637..1c0db55e79d 100644 --- a/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java @@ -86,7 +86,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { private TransportClient createTransportClient(Settings additionalSettings) { Settings settings = settingsBuilder().put(transportClientSettings()) .put("name", "programmatic_transport_client") - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("path.home", createTempDir()) .put(additionalSettings) .build(); @@ -102,7 +102,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { */ @Test public void testThatStandardTransportClientCanConnectToDefaultProfile() throws Exception { - assertGreenClusterState(internalTestCluster().transportClient()); + assertGreenClusterState(internalCluster().transportClient()); } /** @@ -187,7 +187,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatProfileTransportClientCannotConnectToDefaultProfile() throws Exception { Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile"); try (TransportClient transportClient = createTransportClient(settings)) { - TransportAddress transportAddress = internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress(); + TransportAddress transportAddress = internalCluster().getInstance(Transport.class).boundAddress().boundAddress(); transportClient.addTransportAddress(transportAddress); transportClient.admin().cluster().prepareHealth().get(); } @@ -214,7 +214,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatTransportClientCanConnectToNoSslProfile() throws Exception { Settings settings = settingsBuilder() .put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("path.home", createTempDir()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).addPlugin(ShieldPlugin.class).addPlugin(licensePluginClass()).build()) { @@ -231,11 +231,11 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatTransportClientCannotConnectToDefaultProfile() throws Exception { Settings settings = settingsBuilder() .put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("path.home", createTempDir()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { - transportClient.addTransportAddress(internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress()); + transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress()); assertGreenClusterState(transportClient); } } @@ -248,7 +248,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatTransportClientCannotConnectToClientProfile() throws Exception { Settings settings = settingsBuilder() .put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("path.home", createTempDir()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { @@ -265,7 +265,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatTransportClientCannotConnectToNoClientAuthProfile() throws Exception { Settings settings = settingsBuilder() .put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("path.home", createTempDir()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { @@ -283,7 +283,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatTransportClientWithOnlyTruststoreCanConnectToNoClientAuthProfile() throws Exception { Settings settings = settingsBuilder() .put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("shield.transport.ssl", true) .put("shield.ssl.truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks")) .put("shield.ssl.truststore.password", "truststore-testnode-only") @@ -305,7 +305,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatTransportClientWithOnlyTruststoreCannotConnectToClientProfile() throws Exception { Settings settings = settingsBuilder() .put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("shield.transport.ssl", true) .put("shield.ssl.truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks")) .put("shield.ssl.truststore.password", "truststore-testnode-only") @@ -327,14 +327,14 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatTransportClientWithOnlyTruststoreCannotConnectToDefaultProfile() throws Exception { Settings settings = settingsBuilder() .put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("shield.transport.ssl", true) .put("shield.ssl.truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks")) .put("shield.ssl.truststore.password", "truststore-testnode-only") .put("path.home", createTempDir()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { - transportClient.addTransportAddress(internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress()); + transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress()); assertGreenClusterState(transportClient); } } @@ -348,7 +348,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatTransportClientWithOnlyTruststoreCannotConnectToNoSslProfile() throws Exception { Settings settings = settingsBuilder() .put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("shield.transport.ssl", true) .put("shield.ssl.truststore.path", getDataPath("/org/elasticsearch/shield/transport/ssl/certs/simple/truststore-testnode-only.jks")) .put("shield.ssl.truststore.password", "truststore-testnode-only") @@ -369,12 +369,12 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatSSLTransportClientWithNoTruststoreCannotConnectToDefaultProfile() throws Exception { Settings settings = settingsBuilder() .put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("shield.transport.ssl", true) .put("path.home", createTempDir()) .build(); try (TransportClient transportClient = TransportClient.builder().settings(settings).loadConfigSettings(false).build()) { - transportClient.addTransportAddress(internalTestCluster().getInstance(Transport.class).boundAddress().boundAddress()); + transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress()); assertGreenClusterState(transportClient); } } @@ -388,7 +388,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatSSLTransportClientWithNoTruststoreCannotConnectToClientProfile() throws Exception { Settings settings = settingsBuilder() .put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("shield.transport.ssl", true) .put("path.home", createTempDir()) .build(); @@ -407,7 +407,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatSSLTransportClientWithNoTruststoreCannotConnectToNoClientAuthProfile() throws Exception { Settings settings = settingsBuilder() .put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("shield.transport.ssl", true) .put("path.home", createTempDir()) .build(); @@ -426,7 +426,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { public void testThatSSLTransportClientWithNoTruststoreCannotConnectToNoSslProfile() throws Exception { Settings settings = settingsBuilder() .put("shield.user", DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD) - .put("cluster.name", internalTestCluster().getClusterName()) + .put("cluster.name", internalCluster().getClusterName()) .put("shield.transport.ssl", true) .put("path.home", createTempDir()) .build(); @@ -437,7 +437,7 @@ public class SslMultiPortTests extends ShieldIntegTestCase { } private static int getProfilePort(String profile) { - TransportAddress transportAddress = internalTestCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress(); + TransportAddress transportAddress = internalCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress(); assert transportAddress instanceof InetSocketTransportAddress; return ((InetSocketTransportAddress)transportAddress).address().getPort(); } diff --git a/shield/src/test/java/org/elasticsearch/shield/tribe/TribeTests.java b/shield/src/test/java/org/elasticsearch/shield/tribe/TribeTests.java index 39c34969faf..734e0b3ebf0 100644 --- a/shield/src/test/java/org/elasticsearch/shield/tribe/TribeTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/tribe/TribeTests.java @@ -50,7 +50,7 @@ public class TribeTests extends ShieldIntegTestCase { @Before public void setupSecondClusterAndTribeNode() throws Exception { - final Settings globalClusterSettings = internalTestCluster().getInstance(Settings.class); + final Settings globalClusterSettings = internalCluster().getInstance(Settings.class); //TODO tribe nodes and all of the tribes need to have either ssl disabled or enabled as a whole //we read the randomized setting from the global cluster and apply it to the other cluster that we are going to start @@ -89,8 +89,8 @@ public class TribeTests extends ShieldIntegTestCase { } } - return builder.put("tribe.t1.cluster.name", internalTestCluster().getClusterName()) - .putArray("tribe.t1.discovery.zen.ping.unicast.hosts", unicastHosts(internalTestCluster())) + return builder.put("tribe.t1.cluster.name", internalCluster().getClusterName()) + .putArray("tribe.t1.discovery.zen.ping.unicast.hosts", unicastHosts(internalCluster())) .put("tribe.t1.shield.transport.ssl", sslTransportEnabled) .put("tribe.t2.cluster.name", cluster2.getClusterName()) .putArray("tribe.t2.discovery.zen.ping.unicast.hosts", unicastHosts(cluster2)) @@ -193,7 +193,7 @@ public class TribeTests extends ShieldIntegTestCase { @Test public void testIndexRefreshAndSearch() throws Exception { - internalTestCluster().client().admin().indices().prepareCreate("test1").get(); + internalCluster().client().admin().indices().prepareCreate("test1").get(); cluster2.client().admin().indices().prepareCreate("test2").get(); assertThat(tribeNodeCluster.client().admin().cluster().prepareHealth().setWaitForGreenStatus().get().getStatus(), equalTo(ClusterHealthStatus.GREEN)); @@ -209,7 +209,7 @@ public class TribeTests extends ShieldIntegTestCase { @Override public void run() { DiscoveryNodes tribeNodes = tribeNodeCluster.client().admin().cluster().prepareState().get().getState().getNodes(); - assertThat(countDataNodesForTribe("t1", tribeNodes), equalTo(internalTestCluster().client().admin().cluster().prepareState().get().getState().getNodes().dataNodes().size())); + assertThat(countDataNodesForTribe("t1", tribeNodes), equalTo(internalCluster().client().admin().cluster().prepareState().get().getState().getNodes().dataNodes().size())); assertThat(countDataNodesForTribe("t2", tribeNodes), equalTo(cluster2.client().admin().cluster().prepareState().get().getState().getNodes().dataNodes().size())); } }); diff --git a/shield/src/test/java/org/elasticsearch/test/ShieldIntegTestCase.java b/shield/src/test/java/org/elasticsearch/test/ShieldIntegTestCase.java index 08db2ccbdcd..e7c38a32283 100644 --- a/shield/src/test/java/org/elasticsearch/test/ShieldIntegTestCase.java +++ b/shield/src/test/java/org/elasticsearch/test/ShieldIntegTestCase.java @@ -146,14 +146,6 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase { } } - @Override - protected TestCluster buildTestCluster(Scope scope, long seed) throws IOException { - // This overwrites the wipe logic of the test cluster to not remove the shield_audit_log template. By default all templates are removed - // TODO: We should have the notion of a hidden template (like hidden index / type) that only gets removed when specifically mentioned. - final TestCluster testCluster = super.buildTestCluster(scope, seed); - return new ShieldWrappingCluster(seed, testCluster); - } - @Override protected Settings nodeSettings(int nodeOrdinal) { return Settings.builder().put(super.nodeSettings(nodeOrdinal)) @@ -321,100 +313,4 @@ public abstract class ShieldIntegTestCase extends ESIntegTestCase { assertNoTimeout(clusterHealthResponse); assertThat(clusterHealthResponse.getStatus(), is(ClusterHealthStatus.GREEN)); } - - protected static InternalTestCluster internalTestCluster() { - return (InternalTestCluster) ((ShieldWrappingCluster) cluster()).testCluster; - } - - @Override - public ClusterService clusterService() { - return internalTestCluster().clusterService(); - } - - // We need this custom impl, because we have custom wipe logic. We don't want the audit index templates to get deleted between tests - private final class ShieldWrappingCluster extends TestCluster { - - private final TestCluster testCluster; - - private ShieldWrappingCluster(long seed, TestCluster testCluster) { - super(seed); - this.testCluster = testCluster; - } - - @Override - public void beforeTest(Random random, double transportClientRatio) throws IOException { - testCluster.beforeTest(random, transportClientRatio); - } - - @Override - public void wipe() { - wipeIndices("_all"); - wipeRepositories(); - - if (size() > 0) { - List templatesToWipe = new ArrayList<>(); - ClusterState state = client().admin().cluster().prepareState().get().getState(); - for (ObjectObjectCursor cursor : state.getMetaData().templates()) { - if (cursor.key.equals(IndexAuditTrail.INDEX_TEMPLATE_NAME)) { - continue; - } - templatesToWipe.add(cursor.key); - } - if (!templatesToWipe.isEmpty()) { - wipeTemplates(templatesToWipe.toArray(new String[templatesToWipe.size()])); - } - } - } - - @Override - public void afterTest() throws IOException { - testCluster.afterTest(); - } - - @Override - public Client client() { - return testCluster.client(); - } - - @Override - public int size() { - return testCluster.size(); - } - - @Override - public int numDataNodes() { - return testCluster.numDataNodes(); - } - - @Override - public int numDataAndMasterNodes() { - return testCluster.numDataAndMasterNodes(); - } - - @Override - public InetSocketAddress[] httpAddresses() { - return testCluster.httpAddresses(); - } - - @Override - public void close() throws IOException { - testCluster.close(); - } - - @Override - public void ensureEstimatedStats() { - testCluster.ensureEstimatedStats(); - } - - @Override - public String getClusterName() { - return testCluster.getClusterName(); - } - - @Override - public Iterator iterator() { - return testCluster.iterator(); - } - - } } diff --git a/shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java b/shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java index 0f1aefc4f07..52a5be3e77a 100644 --- a/shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java +++ b/shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java @@ -51,7 +51,7 @@ public class KnownActionsTests extends ShieldIntegTestCase { @Test public void testAllTransportHandlersAreKnown() { - TransportService transportService = internalTestCluster().getDataNodeInstance(TransportService.class); + TransportService transportService = internalCluster().getDataNodeInstance(TransportService.class); for (String handler : transportService.requestHandlers.keySet()) { if (!knownActions.contains(handler)) { assertThat("elasticsearch core transport handler [" + handler + "] is unknown to shield", knownHandlers, hasItem(handler)); @@ -75,7 +75,7 @@ public class KnownActionsTests extends ShieldIntegTestCase { @Test public void testAllKnownTransportHandlersAreValid() { - TransportService transportService = internalTestCluster().getDataNodeInstance(TransportService.class); + TransportService transportService = internalCluster().getDataNodeInstance(TransportService.class); for (String knownHandler : knownHandlers) { assertThat("shield known handler [" + knownHandler + "] is unknown to core", transportService.requestHandlers.keySet(), hasItems(knownHandler)); } diff --git a/shield/src/test/java/org/elasticsearch/transport/ShieldServerTransportServiceTests.java b/shield/src/test/java/org/elasticsearch/transport/ShieldServerTransportServiceTests.java index 3f86638a272..df404496bb4 100644 --- a/shield/src/test/java/org/elasticsearch/transport/ShieldServerTransportServiceTests.java +++ b/shield/src/test/java/org/elasticsearch/transport/ShieldServerTransportServiceTests.java @@ -25,7 +25,7 @@ public class ShieldServerTransportServiceTests extends ShieldIntegTestCase { } public void testShieldServerTransportServiceWrapsAllHandlers() { - for (TransportService transportService : internalTestCluster().getInstances(TransportService.class)) { + for (TransportService transportService : internalCluster().getInstances(TransportService.class)) { assertThat(transportService, instanceOf(ShieldServerTransportService.class)); for (Map.Entry entry : transportService.requestHandlers.entrySet()) { assertThat(