Initial import
Original commit: elastic/x-pack-elasticsearch@d85c3afaf4
This commit is contained in:
parent
5ee82e4ae7
commit
b201d726b2
|
@ -0,0 +1,8 @@
|
|||
= Elasticsearch Security Plugin
|
||||
|
||||
This plugins adds security features to elasticsearch
|
||||
|
||||
== Access control
|
||||
|
||||
== Encrypted communication
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
@defaultMessage Convert to URI
|
||||
java.net.URL#getPath()
|
||||
java.net.URL#getFile()
|
|
@ -0,0 +1,68 @@
|
|||
@defaultMessage spawns threads with vague names; use a custom thread factory and name threads so that you can tell (by its name) which executor it is associated with
|
||||
|
||||
java.util.concurrent.Executors#newFixedThreadPool(int)
|
||||
java.util.concurrent.Executors#newSingleThreadExecutor()
|
||||
java.util.concurrent.Executors#newCachedThreadPool()
|
||||
java.util.concurrent.Executors#newSingleThreadScheduledExecutor()
|
||||
java.util.concurrent.Executors#newScheduledThreadPool(int)
|
||||
java.util.concurrent.Executors#defaultThreadFactory()
|
||||
java.util.concurrent.Executors#privilegedThreadFactory()
|
||||
|
||||
java.lang.Character#codePointBefore(char[],int) @ Implicit start offset is error-prone when the char[] is a buffer and the first chars are random chars
|
||||
java.lang.Character#codePointAt(char[],int) @ Implicit end offset is error-prone when the char[] is a buffer and the last chars are random chars
|
||||
|
||||
@defaultMessage Collections.sort dumps data into an array, sorts the array and reinserts data into the list, one should rather use Lucene's CollectionUtil sort methods which sort in place
|
||||
|
||||
java.util.Collections#sort(java.util.List)
|
||||
java.util.Collections#sort(java.util.List,java.util.Comparator)
|
||||
|
||||
java.io.StringReader#<init>(java.lang.String) @ Use FastStringReader instead
|
||||
|
||||
@defaultMessage Reference management is tricky, leave it to SearcherManager
|
||||
org.apache.lucene.index.IndexReader#decRef()
|
||||
org.apache.lucene.index.IndexReader#incRef()
|
||||
org.apache.lucene.index.IndexReader#tryIncRef()
|
||||
|
||||
@defaultMessage QueryWrapperFilter is cachable by default - use Queries#wrap instead
|
||||
org.apache.lucene.search.QueryWrapperFilter#<init>(org.apache.lucene.search.Query)
|
||||
|
||||
@defaultMessage Because the filtercache doesn't take deletes into account FilteredQuery can't be used - use XFilteredQuery instead
|
||||
org.apache.lucene.search.FilteredQuery#<init>(org.apache.lucene.search.Query,org.apache.lucene.search.Filter)
|
||||
org.apache.lucene.search.FilteredQuery#<init>(org.apache.lucene.search.Query,org.apache.lucene.search.Filter,org.apache.lucene.search.FilteredQuery$FilterStrategy)
|
||||
|
||||
@defaultMessage Pass the precision step from the mappings explicitly instead
|
||||
org.apache.lucene.search.NumericRangeQuery#newDoubleRange(java.lang.String,java.lang.Double,java.lang.Double,boolean,boolean)
|
||||
org.apache.lucene.search.NumericRangeQuery#newFloatRange(java.lang.String,java.lang.Float,java.lang.Float,boolean,boolean)
|
||||
org.apache.lucene.search.NumericRangeQuery#newIntRange(java.lang.String,java.lang.Integer,java.lang.Integer,boolean,boolean)
|
||||
org.apache.lucene.search.NumericRangeQuery#newLongRange(java.lang.String,java.lang.Long,java.lang.Long,boolean,boolean)
|
||||
org.apache.lucene.search.NumericRangeFilter#newDoubleRange(java.lang.String,java.lang.Double,java.lang.Double,boolean,boolean)
|
||||
org.apache.lucene.search.NumericRangeFilter#newFloatRange(java.lang.String,java.lang.Float,java.lang.Float,boolean,boolean)
|
||||
org.apache.lucene.search.NumericRangeFilter#newIntRange(java.lang.String,java.lang.Integer,java.lang.Integer,boolean,boolean)
|
||||
org.apache.lucene.search.NumericRangeFilter#newLongRange(java.lang.String,java.lang.Long,java.lang.Long,boolean,boolean)
|
||||
|
||||
@defaultMessage Only use wait / notify when really needed try to use concurrency primitives, latches or callbacks instead.
|
||||
java.lang.Object#wait()
|
||||
java.lang.Object#wait(long)
|
||||
java.lang.Object#wait(long,int)
|
||||
java.lang.Object#notify()
|
||||
java.lang.Object#notifyAll()
|
||||
|
||||
@defaultMessage Beware of the behavior of this method on MIN_VALUE
|
||||
java.lang.Math#abs(int)
|
||||
java.lang.Math#abs(long)
|
||||
|
||||
@defaultMessage Please do not try to stop the world
|
||||
java.lang.System#gc()
|
||||
|
||||
@defaultMessage Use Long.compare instead we are on Java7
|
||||
com.google.common.primitives.Longs#compare(long,long)
|
||||
|
||||
@defaultMessage Use Channels.* methods to write to channels. Do not write directly.
|
||||
java.nio.channels.WritableByteChannel#write(java.nio.ByteBuffer)
|
||||
java.nio.channels.FileChannel#write(java.nio.ByteBuffer, long)
|
||||
java.nio.channels.GatheringByteChannel#write(java.nio.ByteBuffer[], int, int)
|
||||
java.nio.channels.GatheringByteChannel#write(java.nio.ByteBuffer[])
|
||||
java.nio.channels.ReadableByteChannel#read(java.nio.ByteBuffer)
|
||||
java.nio.channels.ScatteringByteChannel#read(java.nio.ByteBuffer[])
|
||||
java.nio.channels.ScatteringByteChannel#read(java.nio.ByteBuffer[], int, int)
|
||||
java.nio.channels.FileChannel#read(java.nio.ByteBuffer, long)
|
|
@ -0,0 +1,397 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<groupId>org.elasticsearch</groupId>
|
||||
<artifactId>elasticsearch-shield</artifactId>
|
||||
<version>0.1-SNAPSHOT</version>
|
||||
|
||||
<parent>
|
||||
<groupId>org.sonatype.oss</groupId>
|
||||
<artifactId>oss-parent</artifactId>
|
||||
<version>7</version>
|
||||
</parent>
|
||||
|
||||
<!-- needed for some test features for now, remove with 1.3 release -->
|
||||
<repositories>
|
||||
<repository>
|
||||
<id>oss.sonatype.org-snapshot</id>
|
||||
<url>http://oss.sonatype.org/content/repositories/snapshots</url>
|
||||
<releases>
|
||||
<enabled>false</enabled>
|
||||
</releases>
|
||||
<snapshots>
|
||||
<enabled>true</enabled>
|
||||
</snapshots>
|
||||
</repository>
|
||||
</repositories>
|
||||
|
||||
<properties>
|
||||
<lucene.version>4.9.0</lucene.version>
|
||||
<elasticsearch.version>1.2.1</elasticsearch.version>
|
||||
<!-- TODO enable me, once the snapshot includes test jars -->
|
||||
<elasticsearch.version>1.3.0-SNAPSHOT</elasticsearch.version>
|
||||
<tests.jvms>auto</tests.jvms>
|
||||
<tests.shuffle>true</tests.shuffle>
|
||||
<tests.output>onerror</tests.output>
|
||||
<tests.client.ratio></tests.client.ratio>
|
||||
<tests.bwc.path>${project.basedir}/backwards</tests.bwc.path>
|
||||
<es.logger.level>INFO</es.logger.level>
|
||||
<tests.heap.size>512m</tests.heap.size>
|
||||
<tests.topn>5</tests.topn>
|
||||
<execution.hint.file>.local-${project.version}-execution-hints.log</execution.hint.file>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
<!-- test deps -->
|
||||
<dependency>
|
||||
<groupId>org.apache.lucene</groupId>
|
||||
<artifactId>lucene-test-framework</artifactId>
|
||||
<version>${lucene.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.elasticsearch</groupId>
|
||||
<artifactId>elasticsearch</artifactId>
|
||||
<version>${elasticsearch.version}</version>
|
||||
<scope>test</scope>
|
||||
<type>test-jar</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.hamcrest</groupId>
|
||||
<artifactId>hamcrest-all</artifactId>
|
||||
<version>1.3</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
<version>4.11</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.carrotsearch.randomizedtesting</groupId>
|
||||
<artifactId>randomizedtesting-runner</artifactId>
|
||||
<version>2.1.2</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<!-- real dependencies -->
|
||||
<dependency>
|
||||
<groupId>org.elasticsearch</groupId>
|
||||
<artifactId>elasticsearch</artifactId>
|
||||
<version>${elasticsearch.version}</version>
|
||||
</dependency>
|
||||
|
||||
<!-- needed for forbidden APIs, embarassing, need to fix -->
|
||||
<dependency>
|
||||
<groupId>com.google.guava</groupId>
|
||||
<artifactId>guava</artifactId>
|
||||
<version>17.0</version>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
|
||||
|
||||
<build>
|
||||
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-enforcer-plugin</artifactId>
|
||||
<version>1.3.1</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>enforce-versions</id>
|
||||
<goals>
|
||||
<goal>enforce</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<rules>
|
||||
<requireJavaVersion>
|
||||
<version>[1.7,)</version>
|
||||
</requireJavaVersion>
|
||||
</rules>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-compiler-plugin</artifactId>
|
||||
<version>3.1</version>
|
||||
<configuration>
|
||||
<source>1.7</source>
|
||||
<target>1.7</target>
|
||||
<fork>true</fork>
|
||||
<maxmem>512m</maxmem>
|
||||
<!-- REMOVE WHEN UPGRADE:
|
||||
see https://jira.codehaus.org/browse/MCOMPILER-209 it's a bug where
|
||||
incremental compilation doesn't work unless it's set to false causeing
|
||||
recompilation of the entire codebase each time without any changes. Should
|
||||
be fixed in version > 3.1
|
||||
-->
|
||||
<useIncrementalCompilation>false</useIncrementalCompilation>
|
||||
<compilerArgs>
|
||||
<arg>-XDignore.symbol.file</arg>
|
||||
</compilerArgs>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>com.carrotsearch.randomizedtesting</groupId>
|
||||
<artifactId>junit4-maven-plugin</artifactId>
|
||||
<version>2.1.2</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>tests</id>
|
||||
<phase>test</phase>
|
||||
<goals>
|
||||
<goal>junit4</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<heartbeat>20</heartbeat>
|
||||
<jvmOutputAction>pipe,warn</jvmOutputAction>
|
||||
<leaveTemporary>true</leaveTemporary>
|
||||
<listeners>
|
||||
<report-ant-xml mavenExtensions="true"
|
||||
dir="${project.build.directory}/surefire-reports"/>
|
||||
<report-text
|
||||
showThrowable="true"
|
||||
showStackTraces="true"
|
||||
showOutput="${tests.output}"
|
||||
showStatusOk="false"
|
||||
showStatusError="true"
|
||||
showStatusFailure="true"
|
||||
showStatusIgnored="true"
|
||||
showSuiteSummary="true"
|
||||
timestamps="false"/>
|
||||
<report-execution-times historyLength="20" file="${basedir}/${execution.hint.file}"/>
|
||||
</listeners>
|
||||
<assertions>
|
||||
<enable/>
|
||||
<disable package="${tests.assertion.disabled}"/>
|
||||
<!-- pass org.elasticsearch to run without assertions -->
|
||||
</assertions>
|
||||
<parallelism>${tests.jvms}</parallelism>
|
||||
<balancers>
|
||||
<execution-times>
|
||||
<fileset dir="${basedir}" includes="${execution.hint.file}"/>
|
||||
</execution-times>
|
||||
</balancers>
|
||||
<includes>
|
||||
<include>**/*Tests.class</include>
|
||||
<include>**/*Test.class</include>
|
||||
</includes>
|
||||
<excludes>
|
||||
<exclude>**/Abstract*.class</exclude>
|
||||
<exclude>**/*StressTest.class</exclude>
|
||||
</excludes>
|
||||
<jvmArgs>
|
||||
<param>-Xmx${tests.heap.size}</param>
|
||||
<param>-Xms${tests.heap.size}</param>
|
||||
<param>-Xss256k</param>
|
||||
<param>-XX:MaxPermSize=128m</param>
|
||||
<param>-XX:MaxDirectMemorySize=512m</param>
|
||||
<param>-Des.logger.prefix=</param>
|
||||
</jvmArgs>
|
||||
<shuffleOnSlave>${tests.shuffle}</shuffleOnSlave>
|
||||
<sysouts>${tests.verbose}</sysouts>
|
||||
<seed>${tests.seed}</seed>
|
||||
<haltOnFailure>${tests.failfast}</haltOnFailure>
|
||||
<uniqueSuiteNames>false</uniqueSuiteNames>
|
||||
<systemProperties>
|
||||
<java.io.tmpdir>.</java.io.tmpdir>
|
||||
<!-- we use '.' since this is different per JVM-->
|
||||
<!-- RandomizedTesting library system properties -->
|
||||
<tests.bwc>${tests.bwc}</tests.bwc>
|
||||
<tests.bwc.path>${tests.bwc.path}</tests.bwc.path>
|
||||
<tests.bwc.version>${tests.bwc.version}</tests.bwc.version>
|
||||
<tests.jvm.argline>${tests.jvm.argline}</tests.jvm.argline>
|
||||
<tests.processors>${tests.processors}</tests.processors>
|
||||
<tests.appendseed>${tests.appendseed}</tests.appendseed>
|
||||
<tests.iters>${tests.iters}</tests.iters>
|
||||
<tests.maxfailures>${tests.maxfailures}</tests.maxfailures>
|
||||
<tests.failfast>${tests.failfast}</tests.failfast>
|
||||
<tests.class>${tests.class}</tests.class>
|
||||
<tests.method>${tests.method}</tests.method>
|
||||
<tests.nightly>${tests.nightly}</tests.nightly>
|
||||
<tests.verbose>${tests.verbose}</tests.verbose>
|
||||
<tests.badapples>${tests.badapples}</tests.badapples>
|
||||
<tests.weekly>${tests.weekly}</tests.weekly>
|
||||
<tests.slow>${tests.slow}</tests.slow>
|
||||
<tests.awaitsfix>${tests.awaitsfix}</tests.awaitsfix>
|
||||
<tests.slow>${tests.slow}</tests.slow>
|
||||
<tests.timeoutSuite>${tests.timeoutSuite}</tests.timeoutSuite>
|
||||
<tests.showSuccess>${tests.showSuccess}</tests.showSuccess>
|
||||
<tests.integration>${tests.integration}</tests.integration>
|
||||
<tests.client.ratio>${tests.client.ratio}</tests.client.ratio>
|
||||
<tests.enable_mock_modules>${tests.enable_mock_modules}</tests.enable_mock_modules>
|
||||
<tests.assertion.disabled>${tests.assertion.disabled}</tests.assertion.disabled>
|
||||
<tests.rest>${tests.rest}</tests.rest>
|
||||
<tests.rest.suite>${tests.rest.suite}</tests.rest.suite>
|
||||
<tests.rest.blacklist>${tests.rest.blacklist}</tests.rest.blacklist>
|
||||
<tests.rest.spec>${tests.rest.spec}</tests.rest.spec>
|
||||
<tests.network>${tests.network}</tests.network>
|
||||
<tests.cluster>${tests.cluster}</tests.cluster>
|
||||
<tests.heap.size>${tests.heap.size}</tests.heap.size>
|
||||
<tests.filter>${tests.filter}</tests.filter>
|
||||
<es.node.local>${env.ES_TEST_LOCAL}</es.node.local>
|
||||
<es.node.mode>${es.node.mode}</es.node.mode>
|
||||
<es.logger.level>${es.logger.level}</es.logger.level>
|
||||
<tests.security.manager>${tests.security.manager}</tests.security.manager>
|
||||
<tests.compatibility>${tests.compatibility}</tests.compatibility>
|
||||
<java.awt.headless>true</java.awt.headless>
|
||||
<!-- everything below is for security manager / test.policy -->
|
||||
<junit4.tempDir>${project.build.directory}</junit4.tempDir>
|
||||
<java.security.policy>${basedir}/tests.policy</java.security.policy>
|
||||
</systemProperties>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
|
||||
<plugin>
|
||||
<!-- we skip surefire to work with randomized testing above -->
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-surefire-plugin</artifactId>
|
||||
<version>2.16</version>
|
||||
<configuration>
|
||||
<skipTests>true</skipTests>
|
||||
</configuration>
|
||||
</plugin>
|
||||
|
||||
|
||||
<plugin>
|
||||
<groupId>de.thetaphi</groupId>
|
||||
<artifactId>forbiddenapis</artifactId>
|
||||
<version>1.5.1</version>
|
||||
|
||||
<executions>
|
||||
<execution>
|
||||
<id>check-forbidden-apis</id>
|
||||
<configuration>
|
||||
<targetVersion>1.7</targetVersion>
|
||||
<!-- disallow undocumented classes like sun.misc.Unsafe: -->
|
||||
<internalRuntimeForbidden>true</internalRuntimeForbidden>
|
||||
<!-- if the used Java version is too new, don't fail, just do nothing: -->
|
||||
<failOnUnsupportedJava>false</failOnUnsupportedJava>
|
||||
<excludes>
|
||||
<exclude>jsr166e/**</exclude>
|
||||
<!-- start excludes for valid system-out -->
|
||||
<exclude>org/elasticsearch/common/logging/log4j/ConsoleAppender*</exclude>
|
||||
<exclude>org/elasticsearch/plugins/PluginManager.class</exclude>
|
||||
<exclude>org/elasticsearch/bootstrap/Bootstrap.class</exclude>
|
||||
<exclude>org/elasticsearch/Version.class</exclude>
|
||||
<exclude>
|
||||
org/elasticsearch/common/lucene/search/Queries$QueryWrapperFilterFactory.class
|
||||
</exclude>
|
||||
<!-- end excludes for valid system-out -->
|
||||
<!-- start excludes for Unsafe -->
|
||||
<exclude>org/elasticsearch/common/util/UnsafeUtils.class</exclude>
|
||||
<!-- end excludes for Unsafe -->
|
||||
<!-- start excludes for Math.abs -->
|
||||
<exclude>org/elasticsearch/common/util/MathUtils.class</exclude>
|
||||
<exclude>org/elasticsearch/common/math/UnboxedMathUtils.class</exclude>
|
||||
<exclude>org/elasticsearch/cluster/routing/operation/plain/PlainOperationRouting.class
|
||||
</exclude>
|
||||
<!-- end excludes for Math.abs -->
|
||||
<!-- start exclude for FilteredQuery -->
|
||||
<exclude>org/elasticsearch/common/lucene/search/XFilteredQuery.class</exclude>
|
||||
<!-- end exclude for FilteredQuery -->
|
||||
<!-- start exclude for Channels utility class -->
|
||||
<exclude>org/elasticsearch/common/io/Channels.class</exclude>
|
||||
<!-- end exclude for Channels -->
|
||||
</excludes>
|
||||
<bundledSignatures>
|
||||
<!-- This will automatically choose the right signatures based on 'targetVersion': -->
|
||||
<bundledSignature>jdk-unsafe</bundledSignature>
|
||||
<bundledSignature>jdk-deprecated</bundledSignature>
|
||||
<bundledSignature>jdk-system-out</bundledSignature>
|
||||
</bundledSignatures>
|
||||
<signaturesFiles>
|
||||
<signaturesFile>core-signatures.txt</signaturesFile>
|
||||
<signaturesFile>all-signatures.txt</signaturesFile>
|
||||
</signaturesFiles>
|
||||
<signatures>${forbidden.signatures}</signatures>
|
||||
</configuration>
|
||||
<phase>compile</phase>
|
||||
<goals>
|
||||
<goal>check</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>check-forbidden-test-apis</id>
|
||||
<configuration>
|
||||
<targetVersion>1.7</targetVersion>
|
||||
<!-- disallow undocumented classes like sun.misc.Unsafe: -->
|
||||
<internalRuntimeForbidden>true</internalRuntimeForbidden>
|
||||
<!-- if the used Java version is too new, don't fail, just do nothing: -->
|
||||
<failOnUnsupportedJava>false</failOnUnsupportedJava>
|
||||
<bundledSignatures>
|
||||
<!-- This will automatically choose the right signatures based on 'targetVersion': -->
|
||||
<bundledSignature>jdk-unsafe</bundledSignature>
|
||||
<bundledSignature>jdk-deprecated</bundledSignature>
|
||||
</bundledSignatures>
|
||||
<signaturesFiles>
|
||||
<signaturesFile>test-signatures.txt</signaturesFile>
|
||||
<signaturesFile>all-signatures.txt</signaturesFile>
|
||||
</signaturesFiles>
|
||||
<signatures>${forbidden.test.signatures}</signatures>
|
||||
</configuration>
|
||||
<phase>test-compile</phase>
|
||||
<goals>
|
||||
<goal>testCheck</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
|
||||
<plugin>
|
||||
<artifactId>maven-assembly-plugin</artifactId>
|
||||
<version>2.3</version>
|
||||
<configuration>
|
||||
<appendAssemblyId>false</appendAssemblyId>
|
||||
<outputDirectory>${project.build.directory}/releases/</outputDirectory>
|
||||
<descriptors>
|
||||
<descriptor>${basedir}/src/main/assemblies/plugin.xml</descriptor>
|
||||
</descriptors>
|
||||
</configuration>
|
||||
<executions>
|
||||
<execution>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>single</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
|
||||
</plugins>
|
||||
|
||||
</build>
|
||||
|
||||
|
||||
<profiles>
|
||||
<!-- default profile, with randomization setting kicks in -->
|
||||
<profile>
|
||||
<id>default</id>
|
||||
<activation>
|
||||
<activeByDefault>true</activeByDefault>
|
||||
</activation>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>com.carrotsearch.randomizedtesting</groupId>
|
||||
<artifactId>junit4-maven-plugin</artifactId>
|
||||
<configuration>
|
||||
<argLine>${tests.jvm.argline}</argLine>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
</profiles>
|
||||
|
||||
</project>
|
|
@ -0,0 +1,18 @@
|
|||
<?xml version="1.0"?>
|
||||
<assembly>
|
||||
<id>plugin</id>
|
||||
<formats>
|
||||
<format>zip</format>
|
||||
</formats>
|
||||
<includeBaseDirectory>false</includeBaseDirectory>
|
||||
<dependencySets>
|
||||
<dependencySet>
|
||||
<outputDirectory>/</outputDirectory>
|
||||
<useProjectArtifact>true</useProjectArtifact>
|
||||
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||
<excludes>
|
||||
<exclude>org.elasticsearch:elasticsearch</exclude>
|
||||
</excludes>
|
||||
</dependencySet>
|
||||
</dependencySets>
|
||||
</assembly>
|
|
@ -0,0 +1,20 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield.plugin;
|
||||
|
||||
import org.elasticsearch.common.inject.AbstractModule;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public class SecurityModule extends AbstractModule {
|
||||
|
||||
@Override
|
||||
protected void configure() {
|
||||
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,34 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield.plugin;
|
||||
|
||||
import org.elasticsearch.common.collect.ImmutableList;
|
||||
import org.elasticsearch.common.inject.Module;
|
||||
import org.elasticsearch.plugins.AbstractPlugin;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public class SecurityPlugin extends AbstractPlugin {
|
||||
|
||||
@Override
|
||||
public String name() {
|
||||
return "shield";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String description() {
|
||||
return "Elasticsearch Shield (security)";
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<Class<? extends Module>> modules() {
|
||||
return ImmutableList.<Class<? extends Module>>of(SecurityModule.class);
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,2 @@
|
|||
plugin=org.elasticsearch.shield.plugin.SecurityPlugin
|
||||
version=${project.version}
|
|
@ -0,0 +1,46 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield.plugin;
|
||||
|
||||
import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
|
||||
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
|
||||
import org.elasticsearch.common.settings.ImmutableSettings;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.test.ElasticsearchIntegrationTest;
|
||||
import org.elasticsearch.test.junit.annotations.TestLogging;
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.hamcrest.Matchers.hasSize;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
@ClusterScope(scope = Scope.SUITE)
|
||||
public class ShieldPluginTests extends ElasticsearchIntegrationTest {
|
||||
|
||||
@Override
|
||||
protected Settings nodeSettings(int nodeOrdinal) {
|
||||
return ImmutableSettings.settingsBuilder()
|
||||
.put("plugin.types", SecurityPlugin.class.getName())
|
||||
.put("node.mode", "network")
|
||||
.put(super.nodeSettings(nodeOrdinal))
|
||||
.build();
|
||||
}
|
||||
|
||||
@Test
|
||||
@TestLogging("_root:INFO,plugins.PluginsService:TRACE")
|
||||
public void testThatPluginIsLoaded() {
|
||||
NodesInfoResponse nodeInfos = internalCluster().clientNodeClient().admin().cluster().prepareNodesInfo().get();
|
||||
for (NodeInfo nodeInfo : nodeInfos.getNodes()) {
|
||||
assertThat(nodeInfo.getPlugins().getInfos(), hasSize(1));
|
||||
assertThat(nodeInfo.getPlugins().getInfos().get(0).getName(), is("shield"));
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
es.logger.level=INFO
|
||||
log4j.rootLogger=${es.logger.level}, out
|
||||
|
||||
log4j.logger.org.apache.http=INFO, out
|
||||
log4j.additivity.org.apache.http=false
|
||||
|
||||
log4j.appender.out=org.apache.log4j.ConsoleAppender
|
||||
log4j.appender.out.layout=org.apache.log4j.PatternLayout
|
||||
log4j.appender.out.layout.conversionPattern=[%d{ISO8601}][%-5p][%-25c] %m%n
|
|
@ -0,0 +1,31 @@
|
|||
grant {
|
||||
// permissions for file access, write access only to sandbox:
|
||||
permission java.io.FilePermission "<<ALL FILES>>", "read,execute";
|
||||
permission java.io.FilePermission "${junit4.childvm.cwd}", "read,execute,write";
|
||||
permission java.io.FilePermission "${junit4.childvm.cwd}${/}-", "read,execute,write,delete";
|
||||
permission java.io.FilePermission "${junit4.tempDir}${/}*", "read,execute,write,delete";
|
||||
permission groovy.security.GroovyCodeSourcePermission "/groovy/script";
|
||||
|
||||
// Allow connecting to the internet anywhere
|
||||
permission java.net.SocketPermission "*", "accept,listen,connect,resolve";
|
||||
|
||||
// Basic permissions needed for Lucene / Elasticsearch to work:
|
||||
permission java.util.PropertyPermission "*", "read,write";
|
||||
permission java.lang.reflect.ReflectPermission "*";
|
||||
permission java.lang.RuntimePermission "*";
|
||||
|
||||
// These two *have* to be spelled out a separate
|
||||
permission java.lang.management.ManagementPermission "control";
|
||||
permission java.lang.management.ManagementPermission "monitor";
|
||||
|
||||
permission java.net.NetPermission "*";
|
||||
permission java.util.logging.LoggingPermission "control";
|
||||
permission javax.management.MBeanPermission "*", "*";
|
||||
permission javax.management.MBeanServerPermission "*";
|
||||
permission javax.management.MBeanTrustPermission "*";
|
||||
|
||||
// Needed for some things in DNS caching in the JVM
|
||||
permission java.security.SecurityPermission "getProperty.networkaddress.cache.ttl";
|
||||
permission java.security.SecurityPermission "getProperty.networkaddress.cache.negative.ttl";
|
||||
|
||||
};
|
Loading…
Reference in New Issue