Remove uses of single argument Environment constructor from production code (elastic/x-pack-elasticsearch#2852)
Following elastic/elasticsearch#27235 the single argument Environment constructor is forbidden in production code. This change removes the last such uses from X-Pack. Original commit: elastic/x-pack-elasticsearch@87e72d0d07
This commit is contained in:
parent
1a28f57e0d
commit
ba5dbc4daf
|
@ -598,7 +598,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
|
||||||
@Override
|
@Override
|
||||||
public List<BootstrapCheck> getBootstrapChecks() {
|
public List<BootstrapCheck> getBootstrapChecks() {
|
||||||
return Collections.unmodifiableList(
|
return Collections.unmodifiableList(
|
||||||
Stream.of(security.getBootstrapChecks(), watcher.getBootstrapChecks())
|
Stream.of(security.getBootstrapChecks(), watcher.getBootstrapChecks(env))
|
||||||
.flatMap(Collection::stream)
|
.flatMap(Collection::stream)
|
||||||
.collect(Collectors.toList()));
|
.collect(Collectors.toList()));
|
||||||
}
|
}
|
||||||
|
|
|
@ -254,7 +254,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin, Clus
|
||||||
new TokenSSLBootstrapCheck(),
|
new TokenSSLBootstrapCheck(),
|
||||||
new PkiRealmBootstrapCheck(sslService),
|
new PkiRealmBootstrapCheck(sslService),
|
||||||
new TLSLicenseBootstrapCheck()));
|
new TLSLicenseBootstrapCheck()));
|
||||||
checks.addAll(InternalRealms.getBootstrapChecks(settings));
|
checks.addAll(InternalRealms.getBootstrapChecks(settings, env));
|
||||||
this.bootstrapChecks = Collections.unmodifiableList(checks);
|
this.bootstrapChecks = Collections.unmodifiableList(checks);
|
||||||
} else {
|
} else {
|
||||||
this.bootstrapChecks = Collections.emptyList();
|
this.bootstrapChecks = Collections.emptyList();
|
||||||
|
|
|
@ -17,6 +17,7 @@ import java.util.Set;
|
||||||
import org.elasticsearch.bootstrap.BootstrapCheck;
|
import org.elasticsearch.bootstrap.BootstrapCheck;
|
||||||
import org.elasticsearch.common.settings.Setting;
|
import org.elasticsearch.common.settings.Setting;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
|
import org.elasticsearch.env.Environment;
|
||||||
import org.elasticsearch.threadpool.ThreadPool;
|
import org.elasticsearch.threadpool.ThreadPool;
|
||||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||||
import org.elasticsearch.xpack.security.SecurityLifecycleService;
|
import org.elasticsearch.xpack.security.SecurityLifecycleService;
|
||||||
|
@ -101,11 +102,11 @@ public class InternalRealms {
|
||||||
private InternalRealms() {
|
private InternalRealms() {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static List<BootstrapCheck> getBootstrapChecks(final Settings globalSettings) {
|
public static List<BootstrapCheck> getBootstrapChecks(final Settings globalSettings, final Environment env) {
|
||||||
final List<BootstrapCheck> checks = new ArrayList<>();
|
final List<BootstrapCheck> checks = new ArrayList<>();
|
||||||
final Map<String, Settings> settingsByRealm = RealmSettings.getRealmSettings(globalSettings);
|
final Map<String, Settings> settingsByRealm = RealmSettings.getRealmSettings(globalSettings);
|
||||||
settingsByRealm.forEach((name, settings) -> {
|
settingsByRealm.forEach((name, settings) -> {
|
||||||
final RealmConfig realmConfig = new RealmConfig(name, settings, globalSettings, null);
|
final RealmConfig realmConfig = new RealmConfig(name, settings, globalSettings, env, null);
|
||||||
switch (realmConfig.type()) {
|
switch (realmConfig.type()) {
|
||||||
case LdapRealm.AD_TYPE:
|
case LdapRealm.AD_TYPE:
|
||||||
case LdapRealm.LDAP_TYPE:
|
case LdapRealm.LDAP_TYPE:
|
||||||
|
|
|
@ -23,11 +23,6 @@ public class RealmConfig {
|
||||||
private final Settings globalSettings;
|
private final Settings globalSettings;
|
||||||
private final ThreadContext threadContext;
|
private final ThreadContext threadContext;
|
||||||
|
|
||||||
public RealmConfig(String name, Settings settings, Settings globalSettings,
|
|
||||||
ThreadContext threadContext) {
|
|
||||||
this(name, settings, globalSettings, new Environment(globalSettings), threadContext);
|
|
||||||
}
|
|
||||||
|
|
||||||
public RealmConfig(String name, Settings settings, Settings globalSettings, Environment env,
|
public RealmConfig(String name, Settings settings, Settings globalSettings, Environment env,
|
||||||
ThreadContext threadContext) {
|
ThreadContext threadContext) {
|
||||||
this.name = name;
|
this.name = name;
|
||||||
|
|
|
@ -517,7 +517,7 @@ public class Watcher implements ActionPlugin {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<BootstrapCheck> getBootstrapChecks() {
|
public List<BootstrapCheck> getBootstrapChecks(Environment env) {
|
||||||
return Collections.singletonList(new EncryptSensitiveDataBootstrapCheck(new Environment(settings)));
|
return Collections.singletonList(new EncryptSensitiveDataBootstrapCheck(env));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,6 +7,7 @@ package org.elasticsearch.xpack.security.authc;
|
||||||
|
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||||
|
import org.elasticsearch.env.Environment;
|
||||||
import org.elasticsearch.test.ESTestCase;
|
import org.elasticsearch.test.ESTestCase;
|
||||||
import org.elasticsearch.threadpool.ThreadPool;
|
import org.elasticsearch.threadpool.ThreadPool;
|
||||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||||
|
@ -38,10 +39,12 @@ public class InternalRealmsTests extends ESTestCase {
|
||||||
verifyZeroInteractions(lifecycleService);
|
verifyZeroInteractions(lifecycleService);
|
||||||
|
|
||||||
Settings settings = Settings.builder().put("path.home", createTempDir()).build();
|
Settings settings = Settings.builder().put("path.home", createTempDir()).build();
|
||||||
factories.get(NativeRealm.TYPE).create(new RealmConfig("test", Settings.EMPTY, settings, new ThreadContext(settings)));
|
factories.get(NativeRealm.TYPE).create(new RealmConfig("test", Settings.EMPTY, settings, new Environment(settings),
|
||||||
|
new ThreadContext(settings)));
|
||||||
verify(lifecycleService).addSecurityIndexHealthChangeListener(isA(BiConsumer.class));
|
verify(lifecycleService).addSecurityIndexHealthChangeListener(isA(BiConsumer.class));
|
||||||
|
|
||||||
factories.get(NativeRealm.TYPE).create(new RealmConfig("test", Settings.EMPTY, settings, new ThreadContext(settings)));
|
factories.get(NativeRealm.TYPE).create(new RealmConfig("test", Settings.EMPTY, settings, new Environment(settings),
|
||||||
|
new ThreadContext(settings)));
|
||||||
verify(lifecycleService, times(2)).addSecurityIndexHealthChangeListener(isA(BiConsumer.class));
|
verify(lifecycleService, times(2)).addSecurityIndexHealthChangeListener(isA(BiConsumer.class));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,6 +9,7 @@ import org.elasticsearch.cluster.health.ClusterHealthStatus;
|
||||||
import org.elasticsearch.cluster.health.ClusterIndexHealth;
|
import org.elasticsearch.cluster.health.ClusterIndexHealth;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||||
|
import org.elasticsearch.env.Environment;
|
||||||
import org.elasticsearch.test.ESTestCase;
|
import org.elasticsearch.test.ESTestCase;
|
||||||
import org.elasticsearch.xpack.security.authc.RealmConfig;
|
import org.elasticsearch.xpack.security.authc.RealmConfig;
|
||||||
|
|
||||||
|
@ -23,7 +24,7 @@ public class NativeRealmTests extends ESTestCase {
|
||||||
final AtomicInteger numInvalidation = new AtomicInteger(0);
|
final AtomicInteger numInvalidation = new AtomicInteger(0);
|
||||||
int expectedInvalidation = 0;
|
int expectedInvalidation = 0;
|
||||||
Settings settings = Settings.builder().put("path.home", createTempDir()).build();
|
Settings settings = Settings.builder().put("path.home", createTempDir()).build();
|
||||||
RealmConfig config = new RealmConfig("native", Settings.EMPTY, settings, new ThreadContext(settings));
|
RealmConfig config = new RealmConfig("native", Settings.EMPTY, settings, new Environment(settings), new ThreadContext(settings));
|
||||||
final NativeRealm nativeRealm = new NativeRealm(config, mock(NativeUsersStore.class)) {
|
final NativeRealm nativeRealm = new NativeRealm(config, mock(NativeUsersStore.class)) {
|
||||||
@Override
|
@Override
|
||||||
void clearCache() {
|
void clearCache() {
|
||||||
|
|
|
@ -62,7 +62,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
|
||||||
public void testAdAuth() throws Exception {
|
public void testAdAuth() throws Exception {
|
||||||
RealmConfig config = new RealmConfig("ad-test",
|
RealmConfig config = new RealmConfig("ad-test",
|
||||||
buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false),
|
buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false),
|
||||||
globalSettings, new ThreadContext(Settings.EMPTY));
|
globalSettings, new Environment(globalSettings), new ThreadContext(Settings.EMPTY));
|
||||||
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
|
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
|
||||||
|
|
||||||
String userName = "ironman";
|
String userName = "ironman";
|
||||||
|
@ -410,7 +410,7 @@ public class ActiveDirectorySessionFactoryTests extends AbstractActiveDirectoryI
|
||||||
public void testADLookup() throws Exception {
|
public void testADLookup() throws Exception {
|
||||||
RealmConfig config = new RealmConfig("ad-test",
|
RealmConfig config = new RealmConfig("ad-test",
|
||||||
buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false, true),
|
buildAdSettings(AD_LDAP_URL, AD_DOMAIN, false, true),
|
||||||
globalSettings, new ThreadContext(Settings.EMPTY));
|
globalSettings, new Environment(globalSettings), new ThreadContext(Settings.EMPTY));
|
||||||
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
|
try (ActiveDirectorySessionFactory sessionFactory = getActiveDirectorySessionFactory(config, sslService, threadPool)) {
|
||||||
|
|
||||||
List<String> users = randomSubsetOf(Arrays.asList("cap", "hawkeye", "hulk", "ironman", "thor", "blackwidow",
|
List<String> users = randomSubsetOf(Arrays.asList("cap", "hawkeye", "hulk", "ironman", "thor", "blackwidow",
|
||||||
|
|
|
@ -15,6 +15,7 @@ import org.elasticsearch.common.settings.SecureString;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.unit.TimeValue;
|
import org.elasticsearch.common.unit.TimeValue;
|
||||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||||
|
import org.elasticsearch.env.Environment;
|
||||||
import org.elasticsearch.xpack.security.authc.RealmConfig;
|
import org.elasticsearch.xpack.security.authc.RealmConfig;
|
||||||
import org.elasticsearch.xpack.security.authc.ldap.LdapSessionFactory;
|
import org.elasticsearch.xpack.security.authc.ldap.LdapSessionFactory;
|
||||||
import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
|
import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
|
||||||
|
@ -135,7 +136,7 @@ public abstract class LdapTestCase extends ESTestCase {
|
||||||
.put(DnRoleMapper.USE_UNMAPPED_GROUPS_AS_ROLES_SETTING.getKey(), true)
|
.put(DnRoleMapper.USE_UNMAPPED_GROUPS_AS_ROLES_SETTING.getKey(), true)
|
||||||
.build();
|
.build();
|
||||||
Settings global = Settings.builder().put("path.home", createTempDir()).build();
|
Settings global = Settings.builder().put("path.home", createTempDir()).build();
|
||||||
RealmConfig config = new RealmConfig("ldap1", settings, global, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("ldap1", settings, global, new Environment(global), new ThreadContext(Settings.EMPTY));
|
||||||
|
|
||||||
return new DnRoleMapper(config, resourceWatcherService);
|
return new DnRoleMapper(config, resourceWatcherService);
|
||||||
}
|
}
|
||||||
|
|
|
@ -222,8 +222,9 @@ public class SessionFactoryLoadBalancingTests extends LdapTestCase {
|
||||||
String userTemplate = "cn={0},ou=people,o=sevenSeas";
|
String userTemplate = "cn={0},ou=people,o=sevenSeas";
|
||||||
Settings settings = buildLdapSettings(ldapUrls(), new String[] { userTemplate }, groupSearchBase,
|
Settings settings = buildLdapSettings(ldapUrls(), new String[] { userTemplate }, groupSearchBase,
|
||||||
LdapSearchScope.SUB_TREE, loadBalancing);
|
LdapSearchScope.SUB_TREE, loadBalancing);
|
||||||
RealmConfig config = new RealmConfig("test-session-factory", settings, Settings.builder().put("path.home",
|
Settings globalSettings = Settings.builder().put("path.home", createTempDir()).build();
|
||||||
createTempDir()).build(), new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("test-session-factory", settings, globalSettings, new Environment(globalSettings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
return new TestSessionFactory(config, new SSLService(Settings.EMPTY, new Environment(config.globalSettings())), threadPool);
|
return new TestSessionFactory(config, new SSLService(Settings.EMPTY, new Environment(config.globalSettings())), threadPool);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -107,7 +107,7 @@ public class SessionFactoryTests extends ESTestCase {
|
||||||
private SessionFactory createSessionFactory() {
|
private SessionFactory createSessionFactory() {
|
||||||
Settings global = Settings.builder().put("path.home", createTempDir()).build();
|
Settings global = Settings.builder().put("path.home", createTempDir()).build();
|
||||||
final RealmConfig realmConfig = new RealmConfig("_name", Settings.builder().put("url", "ldap://localhost:389").build(),
|
final RealmConfig realmConfig = new RealmConfig("_name", Settings.builder().put("url", "ldap://localhost:389").build(),
|
||||||
global, new ThreadContext(Settings.EMPTY));
|
global, new Environment(global), new ThreadContext(Settings.EMPTY));
|
||||||
return new SessionFactory(realmConfig, null, threadPool) {
|
return new SessionFactory(realmConfig, null, threadPool) {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -11,6 +11,7 @@ import org.elasticsearch.common.settings.SecureString;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.unit.TimeValue;
|
import org.elasticsearch.common.unit.TimeValue;
|
||||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||||
|
import org.elasticsearch.env.Environment;
|
||||||
import org.elasticsearch.test.ESTestCase;
|
import org.elasticsearch.test.ESTestCase;
|
||||||
import org.elasticsearch.test.SecuritySettingsSource;
|
import org.elasticsearch.test.SecuritySettingsSource;
|
||||||
import org.elasticsearch.xpack.security.authc.AuthenticationResult;
|
import org.elasticsearch.xpack.security.authc.AuthenticationResult;
|
||||||
|
@ -55,7 +56,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
||||||
.put(CachingUsernamePasswordRealm.CACHE_TTL_SETTING.getKey(), ttl)
|
.put(CachingUsernamePasswordRealm.CACHE_TTL_SETTING.getKey(), ttl)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
RealmConfig config = new RealmConfig("test_realm", settings, globalSettings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("test_realm", settings, globalSettings, new Environment(globalSettings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
CachingUsernamePasswordRealm realm = new CachingUsernamePasswordRealm("test", config) {
|
CachingUsernamePasswordRealm realm = new CachingUsernamePasswordRealm("test", config) {
|
||||||
@Override
|
@Override
|
||||||
protected void doAuthenticate(UsernamePasswordToken token, ActionListener<AuthenticationResult> listener) {
|
protected void doAuthenticate(UsernamePasswordToken token, ActionListener<AuthenticationResult> listener) {
|
||||||
|
@ -226,7 +228,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
||||||
Settings settings = Settings.builder()
|
Settings settings = Settings.builder()
|
||||||
.put(CachingUsernamePasswordRealm.CACHE_TTL_SETTING.getKey(), ttl)
|
.put(CachingUsernamePasswordRealm.CACHE_TTL_SETTING.getKey(), ttl)
|
||||||
.build();
|
.build();
|
||||||
RealmConfig config = new RealmConfig("test_cache_ttl", settings, globalSettings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("test_cache_ttl", settings, globalSettings, new Environment(globalSettings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
AlwaysAuthenticateCachingRealm realm = new AlwaysAuthenticateCachingRealm(config);
|
AlwaysAuthenticateCachingRealm realm = new AlwaysAuthenticateCachingRealm(config);
|
||||||
|
|
||||||
final UsernamePasswordToken authToken = new UsernamePasswordToken("the-user", new SecureString("the-password"));
|
final UsernamePasswordToken authToken = new UsernamePasswordToken("the-user", new SecureString("the-password"));
|
||||||
|
@ -254,7 +257,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
||||||
Settings settings = Settings.builder()
|
Settings settings = Settings.builder()
|
||||||
.put(CachingUsernamePasswordRealm.CACHE_TTL_SETTING.getKey(), ttl)
|
.put(CachingUsernamePasswordRealm.CACHE_TTL_SETTING.getKey(), ttl)
|
||||||
.build();
|
.build();
|
||||||
RealmConfig config = new RealmConfig("test_cache_ttl", settings, globalSettings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("test_cache_ttl", settings, globalSettings, new Environment(globalSettings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
AlwaysAuthenticateCachingRealm realm = new AlwaysAuthenticateCachingRealm(config);
|
AlwaysAuthenticateCachingRealm realm = new AlwaysAuthenticateCachingRealm(config);
|
||||||
|
|
||||||
final UsernamePasswordToken authToken = new UsernamePasswordToken("the-user", new SecureString("the-password"));
|
final UsernamePasswordToken authToken = new UsernamePasswordToken("the-user", new SecureString("the-password"));
|
||||||
|
@ -330,7 +334,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
||||||
final SecureString randomPassword = new SecureString(randomAlphaOfLength(password.length()).toCharArray());
|
final SecureString randomPassword = new SecureString(randomAlphaOfLength(password.length()).toCharArray());
|
||||||
|
|
||||||
final String passwordHash = new String(Hasher.BCRYPT.hash(password));
|
final String passwordHash = new String(Hasher.BCRYPT.hash(password));
|
||||||
RealmConfig config = new RealmConfig("test_realm", Settings.EMPTY, globalSettings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("test_realm", Settings.EMPTY, globalSettings, new Environment(globalSettings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
final CachingUsernamePasswordRealm realm = new CachingUsernamePasswordRealm("test", config) {
|
final CachingUsernamePasswordRealm realm = new CachingUsernamePasswordRealm("test", config) {
|
||||||
@Override
|
@Override
|
||||||
protected void doAuthenticate(UsernamePasswordToken token, ActionListener<AuthenticationResult> listener) {
|
protected void doAuthenticate(UsernamePasswordToken token, ActionListener<AuthenticationResult> listener) {
|
||||||
|
@ -393,7 +398,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
||||||
public void testUserLookupConcurrency() throws Exception {
|
public void testUserLookupConcurrency() throws Exception {
|
||||||
final String username = "username";
|
final String username = "username";
|
||||||
|
|
||||||
RealmConfig config = new RealmConfig("test_realm", Settings.EMPTY, globalSettings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("test_realm", Settings.EMPTY, globalSettings, new Environment(globalSettings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
final CachingUsernamePasswordRealm realm = new CachingUsernamePasswordRealm("test", config) {
|
final CachingUsernamePasswordRealm realm = new CachingUsernamePasswordRealm("test", config) {
|
||||||
@Override
|
@Override
|
||||||
protected void doAuthenticate(UsernamePasswordToken token, ActionListener<AuthenticationResult> listener) {
|
protected void doAuthenticate(UsernamePasswordToken token, ActionListener<AuthenticationResult> listener) {
|
||||||
|
@ -446,7 +452,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
||||||
static class FailingAuthenticationRealm extends CachingUsernamePasswordRealm {
|
static class FailingAuthenticationRealm extends CachingUsernamePasswordRealm {
|
||||||
|
|
||||||
FailingAuthenticationRealm(Settings settings, Settings global) {
|
FailingAuthenticationRealm(Settings settings, Settings global) {
|
||||||
super("failing", new RealmConfig("failing-test", settings, global, new ThreadContext(Settings.EMPTY)));
|
super("failing", new RealmConfig("failing-test", settings, global, new Environment(global),
|
||||||
|
new ThreadContext(Settings.EMPTY)));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -463,7 +470,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
||||||
static class ThrowingAuthenticationRealm extends CachingUsernamePasswordRealm {
|
static class ThrowingAuthenticationRealm extends CachingUsernamePasswordRealm {
|
||||||
|
|
||||||
ThrowingAuthenticationRealm(Settings settings, Settings globalSettings) {
|
ThrowingAuthenticationRealm(Settings settings, Settings globalSettings) {
|
||||||
super("throwing", new RealmConfig("throwing-test", settings, globalSettings, new ThreadContext(Settings.EMPTY)));
|
super("throwing", new RealmConfig("throwing-test", settings, globalSettings, new Environment(globalSettings),
|
||||||
|
new ThreadContext(Settings.EMPTY)));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -485,7 +493,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
||||||
private boolean usersEnabled = true;
|
private boolean usersEnabled = true;
|
||||||
|
|
||||||
AlwaysAuthenticateCachingRealm(Settings globalSettings) {
|
AlwaysAuthenticateCachingRealm(Settings globalSettings) {
|
||||||
this(new RealmConfig("always-test", Settings.EMPTY, globalSettings, new ThreadContext(Settings.EMPTY)));
|
this(new RealmConfig("always-test", Settings.EMPTY, globalSettings, new Environment(globalSettings),
|
||||||
|
new ThreadContext(Settings.EMPTY)));
|
||||||
}
|
}
|
||||||
|
|
||||||
AlwaysAuthenticateCachingRealm(RealmConfig config) {
|
AlwaysAuthenticateCachingRealm(RealmConfig config) {
|
||||||
|
@ -516,7 +525,8 @@ public class CachingUsernamePasswordRealmTests extends ESTestCase {
|
||||||
public final AtomicInteger lookupInvocationCounter = new AtomicInteger(0);
|
public final AtomicInteger lookupInvocationCounter = new AtomicInteger(0);
|
||||||
|
|
||||||
LookupNotSupportedRealm(Settings globalSettings) {
|
LookupNotSupportedRealm(Settings globalSettings) {
|
||||||
super("lookup", new RealmConfig("lookup-notsupported-test", Settings.EMPTY, globalSettings, new ThreadContext(Settings.EMPTY)));
|
super("lookup", new RealmConfig("lookup-notsupported-test", Settings.EMPTY, globalSettings, new Environment(globalSettings),
|
||||||
|
new ThreadContext(Settings.EMPTY)));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -283,7 +283,7 @@ public class DnRoleMapperTests extends ESTestCase {
|
||||||
Settings ldapSettings = Settings.builder()
|
Settings ldapSettings = Settings.builder()
|
||||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||||
.build();
|
.build();
|
||||||
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new Environment(settings), new ThreadContext(Settings.EMPTY));
|
||||||
|
|
||||||
DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool));
|
DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool));
|
||||||
|
|
||||||
|
@ -297,7 +297,7 @@ public class DnRoleMapperTests extends ESTestCase {
|
||||||
Settings ldapSettings = Settings.builder()
|
Settings ldapSettings = Settings.builder()
|
||||||
.put(USE_UNMAPPED_GROUPS_AS_ROLES_SETTING_KEY, true)
|
.put(USE_UNMAPPED_GROUPS_AS_ROLES_SETTING_KEY, true)
|
||||||
.build();
|
.build();
|
||||||
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new Environment(settings), new ThreadContext(Settings.EMPTY));
|
||||||
|
|
||||||
DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool));
|
DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool));
|
||||||
|
|
||||||
|
@ -311,7 +311,8 @@ public class DnRoleMapperTests extends ESTestCase {
|
||||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||||
.put(USE_UNMAPPED_GROUPS_AS_ROLES_SETTING_KEY, false)
|
.put(USE_UNMAPPED_GROUPS_AS_ROLES_SETTING_KEY, false)
|
||||||
.build();
|
.build();
|
||||||
RealmConfig config = new RealmConfig("ldap-userdn-role", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("ldap-userdn-role", ldapSettings, settings, new Environment(settings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
|
|
||||||
DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool));
|
DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool));
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,7 @@ import org.elasticsearch.bootstrap.BootstrapCheck;
|
||||||
import org.elasticsearch.bootstrap.BootstrapContext;
|
import org.elasticsearch.bootstrap.BootstrapContext;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||||
|
import org.elasticsearch.env.Environment;
|
||||||
import org.elasticsearch.test.ESTestCase;
|
import org.elasticsearch.test.ESTestCase;
|
||||||
import org.elasticsearch.xpack.security.authc.RealmConfig;
|
import org.elasticsearch.xpack.security.authc.RealmConfig;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
@ -42,7 +43,8 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
||||||
Settings ldapSettings = Settings.builder()
|
Settings ldapSettings = Settings.builder()
|
||||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||||
.build();
|
.build();
|
||||||
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("ldap1", ldapSettings, settings, new Environment(settings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
||||||
assertThat(check, notNullValue());
|
assertThat(check, notNullValue());
|
||||||
assertThat(check.alwaysEnforce(), equalTo(true));
|
assertThat(check.alwaysEnforce(), equalTo(true));
|
||||||
|
@ -55,7 +57,8 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
||||||
Settings ldapSettings = Settings.builder()
|
Settings ldapSettings = Settings.builder()
|
||||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||||
.build();
|
.build();
|
||||||
RealmConfig config = new RealmConfig("the-realm-name", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("the-realm-name", ldapSettings, settings, new Environment(settings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
||||||
assertThat(check, notNullValue());
|
assertThat(check, notNullValue());
|
||||||
assertThat(check.alwaysEnforce(), equalTo(true));
|
assertThat(check.alwaysEnforce(), equalTo(true));
|
||||||
|
@ -74,7 +77,8 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
||||||
Settings ldapSettings = Settings.builder()
|
Settings ldapSettings = Settings.builder()
|
||||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||||
.build();
|
.build();
|
||||||
RealmConfig config = new RealmConfig("the-realm-name", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("the-realm-name", ldapSettings, settings, new Environment(settings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
||||||
assertThat(check, notNullValue());
|
assertThat(check, notNullValue());
|
||||||
assertThat(check.alwaysEnforce(), equalTo(true));
|
assertThat(check.alwaysEnforce(), equalTo(true));
|
||||||
|
@ -93,7 +97,8 @@ public class RoleMappingFileBootstrapCheckTests extends ESTestCase {
|
||||||
Settings ldapSettings = Settings.builder()
|
Settings ldapSettings = Settings.builder()
|
||||||
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
.put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath())
|
||||||
.build();
|
.build();
|
||||||
RealmConfig config = new RealmConfig("the-realm-name", ldapSettings, settings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("the-realm-name", ldapSettings, settings, new Environment(settings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
final BootstrapCheck check = RoleMappingFileBootstrapCheck.create(config);
|
||||||
assertThat(check, notNullValue());
|
assertThat(check, notNullValue());
|
||||||
assertThat(check.alwaysEnforce(), equalTo(true));
|
assertThat(check.alwaysEnforce(), equalTo(true));
|
||||||
|
|
|
@ -108,7 +108,7 @@ public class OpenLdapTests extends ESTestCase {
|
||||||
String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
|
String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
|
||||||
String userTemplate = "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
|
String userTemplate = "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
|
||||||
RealmConfig config = new RealmConfig("oldap-test", buildLdapSettings(OPEN_LDAP_URL, userTemplate, groupSearchBase,
|
RealmConfig config = new RealmConfig("oldap-test", buildLdapSettings(OPEN_LDAP_URL, userTemplate, groupSearchBase,
|
||||||
LdapSearchScope.ONE_LEVEL), globalSettings, new ThreadContext(Settings.EMPTY));
|
LdapSearchScope.ONE_LEVEL), globalSettings, new Environment(globalSettings), new ThreadContext(Settings.EMPTY));
|
||||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||||
|
|
||||||
String[] users = new String[] { "blackwidow", "cap", "hawkeye", "hulk", "ironman", "thor" };
|
String[] users = new String[] { "blackwidow", "cap", "hawkeye", "hulk", "ironman", "thor" };
|
||||||
|
@ -126,7 +126,7 @@ public class OpenLdapTests extends ESTestCase {
|
||||||
String groupSearchBase = "cn=Avengers,ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
|
String groupSearchBase = "cn=Avengers,ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
|
||||||
String userTemplate = "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
|
String userTemplate = "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com";
|
||||||
RealmConfig config = new RealmConfig("oldap-test", buildLdapSettings(OPEN_LDAP_URL, userTemplate, groupSearchBase,
|
RealmConfig config = new RealmConfig("oldap-test", buildLdapSettings(OPEN_LDAP_URL, userTemplate, groupSearchBase,
|
||||||
LdapSearchScope.BASE), globalSettings, new ThreadContext(Settings.EMPTY));
|
LdapSearchScope.BASE), globalSettings, new Environment(globalSettings), new ThreadContext(Settings.EMPTY));
|
||||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||||
|
|
||||||
String[] users = new String[] { "blackwidow", "cap", "hawkeye", "hulk", "ironman", "thor" };
|
String[] users = new String[] { "blackwidow", "cap", "hawkeye", "hulk", "ironman", "thor" };
|
||||||
|
@ -145,7 +145,8 @@ public class OpenLdapTests extends ESTestCase {
|
||||||
.put("group_search.filter", "(&(objectclass=posixGroup)(memberUid={0}))")
|
.put("group_search.filter", "(&(objectclass=posixGroup)(memberUid={0}))")
|
||||||
.put("group_search.user_attribute", "uid")
|
.put("group_search.user_attribute", "uid")
|
||||||
.build();
|
.build();
|
||||||
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new Environment(globalSettings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||||
|
|
||||||
try (LdapSession ldap = session(sessionFactory, "selvig", PASSWORD_SECURE_STRING)){
|
try (LdapSession ldap = session(sessionFactory, "selvig", PASSWORD_SECURE_STRING)){
|
||||||
|
@ -163,7 +164,8 @@ public class OpenLdapTests extends ESTestCase {
|
||||||
.put("ssl.verification_mode", VerificationMode.CERTIFICATE)
|
.put("ssl.verification_mode", VerificationMode.CERTIFICATE)
|
||||||
.put(SessionFactory.TIMEOUT_TCP_READ_SETTING, "1ms") //1 millisecond
|
.put(SessionFactory.TIMEOUT_TCP_READ_SETTING, "1ms") //1 millisecond
|
||||||
.build();
|
.build();
|
||||||
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new Environment(globalSettings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||||
|
|
||||||
LDAPException expected = expectThrows(LDAPException.class,
|
LDAPException expected = expectThrows(LDAPException.class,
|
||||||
|
@ -180,7 +182,8 @@ public class OpenLdapTests extends ESTestCase {
|
||||||
.put("ssl.verification_mode", VerificationMode.FULL)
|
.put("ssl.verification_mode", VerificationMode.FULL)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new ThreadContext(Settings.EMPTY));
|
RealmConfig config = new RealmConfig("oldap-test", settings, globalSettings, new Environment(globalSettings),
|
||||||
|
new ThreadContext(Settings.EMPTY));
|
||||||
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool);
|
||||||
|
|
||||||
String user = "blackwidow";
|
String user = "blackwidow";
|
||||||
|
|
Loading…
Reference in New Issue