Merge branch 'master' into license-checking/reporting-ux

Original commit: elastic/x-pack-elasticsearch@045ab3f468
This commit is contained in:
Shaunak Kashyap 2016-07-05 13:31:30 -07:00
commit d0b3a9074b
138 changed files with 1082 additions and 951 deletions

View File

@ -10,7 +10,7 @@ import joptsimple.OptionSpec;
import org.elasticsearch.cli.Command;
import org.elasticsearch.cli.ExitCodes;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.cli.UserError;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
@ -54,9 +54,9 @@ public class KeyPairGeneratorTool extends Command {
Path publicKeyPath = parsePath(publicKeyPathOption.value(options));
Path privateKeyPath = parsePath(privateKeyPathOption.value(options));
if (Files.exists(privateKeyPath)) {
throw new UserError(ExitCodes.USAGE, privateKeyPath + " already exists");
throw new UserException(ExitCodes.USAGE, privateKeyPath + " already exists");
} else if (Files.exists(publicKeyPath)) {
throw new UserError(ExitCodes.USAGE, publicKeyPath + " already exists");
throw new UserException(ExitCodes.USAGE, publicKeyPath + " already exists");
}
SecureRandom random = new SecureRandom();

View File

@ -12,7 +12,7 @@ import joptsimple.OptionSet;
import joptsimple.OptionSpec;
import org.elasticsearch.cli.Command;
import org.elasticsearch.cli.ExitCodes;
import org.elasticsearch.cli.UserError;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
@ -62,9 +62,9 @@ public class LicenseGeneratorTool extends Command {
Path publicKeyPath = parsePath(publicKeyPathOption.value(options));
Path privateKeyPath = parsePath(privateKeyPathOption.value(options));
if (Files.exists(privateKeyPath) == false) {
throw new UserError(ExitCodes.USAGE, privateKeyPath + " does not exist");
throw new UserException(ExitCodes.USAGE, privateKeyPath + " does not exist");
} else if (Files.exists(publicKeyPath) == false) {
throw new UserError(ExitCodes.USAGE, publicKeyPath + " does not exist");
throw new UserException(ExitCodes.USAGE, publicKeyPath + " does not exist");
}
final License licenseSpec;
@ -73,11 +73,11 @@ public class LicenseGeneratorTool extends Command {
} else if (options.has(licenseFileOption)) {
Path licenseSpecPath = parsePath(licenseFileOption.value(options));
if (Files.exists(licenseSpecPath) == false) {
throw new UserError(ExitCodes.USAGE, licenseSpecPath + " does not exist");
throw new UserException(ExitCodes.USAGE, licenseSpecPath + " does not exist");
}
licenseSpec = License.fromSource(Files.readAllBytes(licenseSpecPath));
} else {
throw new UserError(ExitCodes.USAGE, "Must specify either --license or --licenseFile");
throw new UserException(ExitCodes.USAGE, "Must specify either --license or --licenseFile");
}
// sign

View File

@ -12,7 +12,7 @@ import joptsimple.OptionSet;
import joptsimple.OptionSpec;
import org.elasticsearch.cli.Command;
import org.elasticsearch.cli.ExitCodes;
import org.elasticsearch.cli.UserError;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
@ -49,7 +49,7 @@ public class LicenseVerificationTool extends Command {
protected void execute(Terminal terminal, OptionSet options) throws Exception {
Path publicKeyPath = parsePath(publicKeyPathOption.value(options));
if (Files.exists(publicKeyPath) == false) {
throw new UserError(ExitCodes.USAGE, publicKeyPath + " does not exist");
throw new UserException(ExitCodes.USAGE, publicKeyPath + " does not exist");
}
final License licenseSpec;
@ -58,16 +58,16 @@ public class LicenseVerificationTool extends Command {
} else if (options.has(licenseFileOption)) {
Path licenseSpecPath = parsePath(licenseFileOption.value(options));
if (Files.exists(licenseSpecPath) == false) {
throw new UserError(ExitCodes.USAGE, licenseSpecPath + " does not exist");
throw new UserException(ExitCodes.USAGE, licenseSpecPath + " does not exist");
}
licenseSpec = License.fromSource(Files.readAllBytes(licenseSpecPath));
} else {
throw new UserError(ExitCodes.USAGE, "Must specify either --license or --licenseFile");
throw new UserException(ExitCodes.USAGE, "Must specify either --license or --licenseFile");
}
// verify
if (LicenseVerifier.verifyLicense(licenseSpec, Files.readAllBytes(publicKeyPath)) == false) {
throw new UserError(ExitCodes.DATA_ERROR, "Invalid License!");
throw new UserException(ExitCodes.DATA_ERROR, "Invalid License!");
}
XContentBuilder builder = XContentFactory.contentBuilder(XContentType.JSON);
builder.startObject();

View File

@ -11,9 +11,7 @@ import java.nio.file.Path;
import org.elasticsearch.cli.Command;
import org.elasticsearch.cli.CommandTestCase;
import org.elasticsearch.cli.ExitCodes;
import org.elasticsearch.cli.UserError;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.cli.UserException;
import static org.hamcrest.CoreMatchers.containsString;
@ -27,12 +25,12 @@ public class KeyPairGenerationToolTests extends CommandTestCase {
public void testMissingKeyPaths() throws Exception {
Path exists = createTempFile("", "existing");
Path dne = createTempDir().resolve("dne");
UserError e = expectThrows(UserError.class, () -> {
UserException e = expectThrows(UserException.class, () -> {
execute("--publicKeyPath", exists.toString(), "--privateKeyPath", dne.toString());
});
assertThat(e.getMessage(), containsString("existing"));
assertEquals(ExitCodes.USAGE, e.exitCode);
e = expectThrows(UserError.class, () -> {
e = expectThrows(UserException.class, () -> {
execute("--publicKeyPath", dne.toString(), "--privateKeyPath", exists.toString());
});
assertThat(e.getMessage(), containsString("existing"));

View File

@ -12,12 +12,9 @@ import java.nio.file.Path;
import org.elasticsearch.cli.Command;
import org.elasticsearch.cli.CommandTestCase;
import org.elasticsearch.cli.ExitCodes;
import org.elasticsearch.cli.UserError;
import org.elasticsearch.cli.MockTerminal;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.license.core.License;
import org.elasticsearch.license.licensor.TestUtils;
import org.elasticsearch.test.ESTestCase;
import org.junit.Before;
public class LicenseGenerationToolTests extends CommandTestCase {
@ -38,14 +35,14 @@ public class LicenseGenerationToolTests extends CommandTestCase {
public void testMissingKeyPaths() throws Exception {
Path pub = createTempDir().resolve("pub");
Path pri = createTempDir().resolve("pri");
UserError e = expectThrows(UserError.class, () -> {
UserException e = expectThrows(UserException.class, () -> {
execute("--publicKeyPath", pub.toString(), "--privateKeyPath", pri.toString());
});
assertTrue(e.getMessage(), e.getMessage().contains("pri does not exist"));
assertEquals(ExitCodes.USAGE, e.exitCode);
Files.createFile(pri);
e = expectThrows(UserError.class, () -> {
e = expectThrows(UserException.class, () -> {
execute("--publicKeyPath", pub.toString(), "--privateKeyPath", pri.toString());
});
assertTrue(e.getMessage(), e.getMessage().contains("pub does not exist"));
@ -53,7 +50,7 @@ public class LicenseGenerationToolTests extends CommandTestCase {
}
public void testMissingLicenseSpec() throws Exception {
UserError e = expectThrows(UserError.class, () -> {
UserException e = expectThrows(UserException.class, () -> {
execute("--publicKeyPath", pubKeyPath.toString(), "--privateKeyPath", priKeyPath.toString());
});
assertTrue(e.getMessage(), e.getMessage().contains("Must specify either --license or --licenseFile"));

View File

@ -12,7 +12,7 @@ import java.nio.file.Path;
import org.elasticsearch.cli.Command;
import org.elasticsearch.cli.CommandTestCase;
import org.elasticsearch.cli.ExitCodes;
import org.elasticsearch.cli.UserError;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.license.core.License;
import org.elasticsearch.license.licensor.TestUtils;
@ -36,7 +36,7 @@ public class LicenseVerificationToolTests extends CommandTestCase {
public void testMissingKeyPath() throws Exception {
Path pub = createTempDir().resolve("pub");
UserError e = expectThrows(UserError.class, () -> {
UserException e = expectThrows(UserException.class, () -> {
execute("--publicKeyPath", pub.toString());
});
assertTrue(e.getMessage(), e.getMessage().contains("pub does not exist"));
@ -44,7 +44,7 @@ public class LicenseVerificationToolTests extends CommandTestCase {
}
public void testMissingLicenseSpec() throws Exception {
UserError e = expectThrows(UserError.class, () -> {
UserException e = expectThrows(UserException.class, () -> {
execute("--publicKeyPath", pubKeyPath.toString());
});
assertTrue(e.getMessage(), e.getMessage().contains("Must specify either --license or --licenseFile"));
@ -56,7 +56,7 @@ public class LicenseVerificationToolTests extends CommandTestCase {
License tamperedLicense = License.builder()
.fromLicenseSpec(signedLicense, signedLicense.signature())
.expiryDate(signedLicense.expiryDate() + randomIntBetween(1, 1000)).build();
UserError e = expectThrows(UserError.class, () -> {
UserException e = expectThrows(UserException.class, () -> {
execute("--publicKeyPath", pubKeyPath.toString(),
"--license", TestUtils.dumpLicense(tamperedLicense));
});

View File

@ -14,18 +14,18 @@ import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.script.GeneralScriptException;
import org.elasticsearch.script.ScriptException;
import org.elasticsearch.script.ScriptService.ScriptType;
import org.elasticsearch.search.internal.InternalSearchResponse;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.xpack.watcher.condition.Condition;
import org.elasticsearch.xpack.common.ScriptServiceProxy;
import org.elasticsearch.xpack.watcher.condition.script.ExecutableScriptCondition;
import org.elasticsearch.xpack.watcher.condition.script.ScriptCondition;
import org.elasticsearch.xpack.watcher.condition.script.ScriptConditionFactory;
import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext;
import org.elasticsearch.xpack.watcher.support.Script;
import org.elasticsearch.xpack.common.ScriptServiceProxy;
import org.elasticsearch.xpack.watcher.watch.Payload;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
@ -41,12 +41,10 @@ import static org.elasticsearch.xpack.watcher.support.Exceptions.illegalArgument
import static org.elasticsearch.xpack.watcher.test.WatcherTestUtils.mockExecutionContext;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
/**
*/
public class ScriptConditionTests extends ESTestCase {
ThreadPool tp = null;
private ThreadPool tp = null;
@Before
public void init() {
@ -54,8 +52,8 @@ public class ScriptConditionTests extends ESTestCase {
}
@After
public void cleanup() {
tp.shutdownNow();
public void cleanup() throws InterruptedException {
terminate(tp);
}
public void testExecute() throws Exception {
@ -136,13 +134,8 @@ public class ScriptConditionTests extends ESTestCase {
XContentParser parser = XContentFactory.xContent(builder.bytes()).createParser(builder.bytes());
parser.nextToken();
ScriptCondition scriptCondition = conditionParser.parseCondition("_watch", parser);
try {
conditionParser.createExecutable(scriptCondition);
fail("expected a condition validation exception trying to create an executable with a bad or missing script");
} catch (GeneralScriptException e) {
// TODO add these when the test if fixed
// assertThat(e.getMessage(), is("ASDF"));
}
GeneralScriptException exception = expectThrows(GeneralScriptException.class,
() -> conditionParser.createExecutable(scriptCondition));
}
public void testScriptConditionParser_badLang() throws Exception {
@ -153,39 +146,30 @@ public class ScriptConditionTests extends ESTestCase {
XContentParser parser = XContentFactory.xContent(builder.bytes()).createParser(builder.bytes());
parser.nextToken();
ScriptCondition scriptCondition = conditionParser.parseCondition("_watch", parser);
try {
conditionParser.createExecutable(scriptCondition);
fail("expected a condition validation exception trying to create an executable with an invalid language");
} catch (GeneralScriptException e) {
// TODO add these when the test if fixed
// assertThat(e.getMessage(), is("ASDF"));
}
GeneralScriptException exception = expectThrows(GeneralScriptException.class,
() -> conditionParser.createExecutable(scriptCondition));
assertThat(exception.getMessage(), containsString("script_lang not supported [not_a_valid_lang]]"));
}
public void testScriptConditionThrowException() throws Exception {
ScriptServiceProxy scriptService = getScriptServiceProxy(tp);
ExecutableScriptCondition condition = new ExecutableScriptCondition(
new ScriptCondition(Script.inline("assert false").build()), logger, scriptService);
new ScriptCondition(Script.inline("null.foo").build()), logger, scriptService);
SearchResponse response = new SearchResponse(InternalSearchResponse.empty(), "", 3, 3, 500L, new ShardSearchFailure[0]);
WatchExecutionContext ctx = mockExecutionContext("_name", new Payload.XContent(response));
ScriptCondition.Result result = condition.execute(ctx);
assertThat(result, notNullValue());
assertThat(result.status(), is(Condition.Result.Status.FAILURE));
assertThat(result.reason(), notNullValue());
assertThat(result.reason(), containsString("Assertion"));
ScriptException exception = expectThrows(ScriptException.class, () -> condition.execute(ctx));
assertThat(exception.getMessage(), containsString("Error evaluating null.foo"));
}
public void testScriptConditionReturnObject() throws Exception {
public void testScriptConditionReturnObjectThrowsException() throws Exception {
ScriptServiceProxy scriptService = getScriptServiceProxy(tp);
ExecutableScriptCondition condition = new ExecutableScriptCondition(
new ScriptCondition(Script.inline("return new Object()").build()), logger, scriptService);
SearchResponse response = new SearchResponse(InternalSearchResponse.empty(), "", 3, 3, 500L, new ShardSearchFailure[0]);
WatchExecutionContext ctx = mockExecutionContext("_name", new Payload.XContent(response));
ScriptCondition.Result result = condition.execute(ctx);
assertThat(result, notNullValue());
assertThat(result.status(), is(Condition.Result.Status.FAILURE));
assertThat(result.reason(), notNullValue());
assertThat(result.reason(), containsString("ScriptException"));
Exception exception = expectThrows(GeneralScriptException.class, () -> condition.execute(ctx));
assertThat(exception.getMessage(),
containsString("condition [script] must return a boolean value (true|false) but instead returned [_name]"));
}
public void testScriptConditionAccessCtx() throws Exception {

View File

@ -420,7 +420,7 @@ public class TransportGraphExploreAction extends HandledTransportAction<GraphExp
// weakest weights.
// A priority queue is used to trim vertices according to the size settings
// requested for each field.
private final void trimNewAdditions(Hop currentHop, ArrayList<Connection> newConnections, ArrayList<Vertex> newVertices) {
private void trimNewAdditions(Hop currentHop, ArrayList<Connection> newConnections, ArrayList<Vertex> newVertices) {
Set<Vertex> evictions = new HashSet<>();
for (int k = 0; k < currentHop.getNumberVertexRequests(); k++) {
@ -460,7 +460,7 @@ public class TransportGraphExploreAction extends HandledTransportAction<GraphExp
// we can do something server-side here
// Helper method - compute the total signal of all scores in the search results
private final double getExpandTotalSignalStrength(Hop lastHop, Hop currentHop, Sampler sample) {
private double getExpandTotalSignalStrength(Hop lastHop, Hop currentHop, Sampler sample) {
double totalSignalOutput = 0;
for (int j = 0; j < lastHop.getNumberVertexRequests(); j++) {
VertexRequest lastVr = lastHop.getVertexRequest(j);
@ -509,7 +509,7 @@ public class TransportGraphExploreAction extends HandledTransportAction<GraphExp
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
listener.onFailure(e);
}
});
@ -688,7 +688,7 @@ public class TransportGraphExploreAction extends HandledTransportAction<GraphExp
}
// Helper method - Provides a total signal strength for all terms connected to the initial query
private final double getInitialTotalSignalStrength(Hop rootHop, Sampler sample) {
private double getInitialTotalSignalStrength(Hop rootHop, Sampler sample) {
double totalSignalStrength = 0;
for (int i = 0; i < rootHop.getNumberVertexRequests(); i++) {
if (request.useSignificance()) {
@ -711,13 +711,13 @@ public class TransportGraphExploreAction extends HandledTransportAction<GraphExp
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
listener.onFailure(e);
}
});
} catch (Throwable t) {
logger.error("unable to execute the graph query", t);
listener.onFailure(t);
} catch (Exception e) {
logger.error("unable to execute the graph query", e);
listener.onFailure(e);
}
}

View File

@ -270,11 +270,10 @@ public class GraphTests extends ESSingleNodeTestCase {
try {
GraphExploreResponse response = grb.get();
if (response.getShardFailures().length > 0) {
throw ((ShardSearchFailure) response.getShardFailures()[0]).getCause();
expectedError = response.getShardFailures()[0].getCause();
}
} catch (Throwable rte) {
} catch (Exception rte) {
expectedError = rte;
}
assertNotNull(expectedError);
String message = expectedError.toString();

View File

@ -59,7 +59,7 @@ public class TransportDeleteLicenseAction extends TransportMasterNodeAction<Dele
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
listener.onFailure(e);
}
});

View File

@ -61,7 +61,7 @@ public class TransportPutLicenseAction extends TransportMasterNodeAction<PutLice
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
listener.onFailure(e);
}
});

View File

@ -427,8 +427,8 @@ public class LicensesService extends AbstractLifecycleComponent implements Clust
}
@Override
public void onFailure(String source, @Nullable Throwable t) {
logger.error("unexpected failure during [{}]", t, source);
public void onFailure(String source, @Nullable Exception e) {
logger.error("unexpected failure during [{}]", e, source);
}
});

View File

@ -88,8 +88,8 @@ public abstract class AbstractLicensesIntegrationTestCase extends ESIntegTestCas
}
@Override
public void onFailure(String source, @Nullable Throwable t) {
logger.error("error on metaData cleanup after test", t);
public void onFailure(String source, @Nullable Exception e) {
logger.error("error on metaData cleanup after test", e);
}
});
latch.await();

View File

@ -146,7 +146,7 @@ public class TestUtils {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
latch.countDown();
}
});

View File

@ -157,7 +157,7 @@ public class LicensesAcknowledgementTests extends ESSingleNodeTestCase {
}
@Override
public void onFailure(Throwable throwable) {
public void onFailure(Exception throwable) {
latch.countDown();
}
}

View File

@ -174,7 +174,7 @@ public class LicensesManagerServiceTests extends ESSingleNodeTestCase {
}
@Override
public void onFailure(Throwable throwable) {
public void onFailure(Exception throwable) {
latch.countDown();
}
});

View File

@ -84,12 +84,12 @@ public class MonitoringBulkResponse extends ActionResponse {
}
Error(StreamInput in) throws IOException {
this(in.<Throwable>readThrowable());
this(in.readException());
}
@Override
public void writeTo(StreamOutput out) throws IOException {
out.writeThrowable(getCause());
out.writeException(getCause());
}
/**

View File

@ -114,8 +114,8 @@ public class TransportMonitoringBulkAction extends HandledTransportAction<Monito
}
@Override
public void onFailure(Throwable t) {
listener.onResponse(new MonitoringBulkResponse(buildTookInMillis(startTimeNanos), new MonitoringBulkResponse.Error(t)));
public void onFailure(Exception e) {
listener.onResponse(new MonitoringBulkResponse(buildTookInMillis(startTimeNanos), new MonitoringBulkResponse.Error(e)));
}
});
}

View File

@ -204,8 +204,8 @@ public class AgentService extends AbstractLifecycleComponent {
} catch (InterruptedException e) {
logger.trace("interrupted");
Thread.currentThread().interrupt();
} catch (Throwable t) {
logger.error("background thread had an uncaught exception", t);
} catch (Exception e) {
logger.error("background thread had an uncaught exception", e);
}
}
logger.debug("worker shutdown");

View File

@ -59,9 +59,6 @@ import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
/**
*
*/
public class HttpExporter extends Exporter {
public static final String TYPE = "http";
@ -664,9 +661,9 @@ public class HttpExporter extends Exporter {
}
} catch (InterruptedException e) {
// ignore, if closed, good....
} catch (Throwable t) {
} catch (Exception e) {
logger.debug("error in keep alive thread, shutting down (will be restarted after a successful connection has been " +
"made) {}", ExceptionsHelper.detailedMessage(t));
"made) {}", ExceptionsHelper.detailedMessage(e));
return;
}
}

View File

@ -211,8 +211,8 @@ public class LocalExporter extends Exporter implements ClusterStateListener, Cle
}
@Override
public void onFailure(Throwable throwable) {
logger.error("failed to update monitoring index template [{}]", throwable, template);
public void onFailure(Exception e) {
logger.error("failed to update monitoring index template [{}]", e, template);
}
});
}
@ -296,7 +296,7 @@ public class LocalExporter extends Exporter implements ClusterStateListener, Cle
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
logger.error("failed to delete indices", e);
}
});

View File

@ -179,8 +179,8 @@ public class CleanerService extends AbstractLifecycleComponent {
for (Listener listener : listeners) {
try {
listener.onCleanUpIndices(retention);
} catch (Throwable t) {
logger.error("listener failed to clean indices", t);
} catch (Exception e) {
logger.error("listener failed to clean indices", e);
}
}
@ -209,8 +209,8 @@ public class CleanerService extends AbstractLifecycleComponent {
}
@Override
public void onFailure(Throwable t) {
logger.error("failed to clean indices", t);
public void onFailure(Exception e) {
logger.error("failed to clean indices", e);
}
/**

View File

@ -81,9 +81,9 @@ public class MonitoringBulkTests extends MonitoringIntegTestCase {
threads[i] = new Thread(new AbstractRunnable() {
@Override
public void onFailure(Throwable t) {
logger.error("unexpected error in exporting thread", t);
exceptions.add(t);
public void onFailure(Exception e) {
logger.error("unexpected error in exporting thread", e);
exceptions.add(e);
}
@Override

View File

@ -19,7 +19,7 @@ import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.util.concurrent.ConcurrentCollections;
import org.elasticsearch.discovery.DiscoverySettings;
import org.elasticsearch.test.ESTestCase;
@ -90,7 +90,8 @@ public class TransportMonitoringBulkActionTests extends ESTestCase {
clusterService = new ClusterService(Settings.builder().put("cluster.name",
TransportMonitoringBulkActionTests.class.getName()).build(),
new ClusterSettings(Settings.EMPTY, ClusterSettings.BUILT_IN_CLUSTER_SETTINGS), threadPool);
clusterService.setLocalNode(new DiscoveryNode("node", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
clusterService.setLocalNode(new DiscoveryNode("node", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(),
Version.CURRENT));
clusterService.setNodeConnectionsService(new NodeConnectionsService(Settings.EMPTY, null, null) {
@Override
public void connectToAddedNodes(ClusterChangedEvent event) {
@ -152,8 +153,8 @@ public class TransportMonitoringBulkActionTests extends ESTestCase {
}
@Override
public void onFailure(String source, Throwable t) {
fail("unexpected exception: " + t);
public void onFailure(String source, Exception e) {
fail("unexpected exception: " + e);
}
});

View File

@ -296,9 +296,9 @@ public class ExportersTests extends ESTestCase {
logger.debug("--> exporting thread [{}] exports {} documents", threadNum, threadDocs);
threads[i] = new Thread(new AbstractRunnable() {
@Override
public void onFailure(Throwable t) {
logger.error("unexpected error in exporting thread", t);
exceptions.add(t);
public void onFailure(Exception e) {
logger.error("unexpected error in exporting thread", e);
exceptions.add(e);
}
@Override

View File

@ -9,7 +9,7 @@ import org.elasticsearch.Version;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.common.io.stream.BytesStreamOutput;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.test.ESTestCase;
import java.io.IOException;
@ -130,7 +130,7 @@ public class MonitoringDocTests extends ESTestCase {
}
}
Set<DiscoveryNode.Role> roles = new HashSet<>(randomSubsetOf(Arrays.asList(DiscoveryNode.Role.values())));
return new DiscoveryNode(randomAsciiOfLength(5), randomAsciiOfLength(3), randomAsciiOfLength(3), randomAsciiOfLength(3),
DummyTransportAddress.INSTANCE, attributes, roles, randomVersion(random()));
return new DiscoveryNode(randomAsciiOfLength(5), randomAsciiOfLength(3), LocalTransportAddress.buildUnique(),
attributes, roles, randomVersion(random()));
}
}

View File

@ -22,7 +22,7 @@ import org.elasticsearch.cluster.health.ClusterHealthStatus;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.xcontent.XContentHelper;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.ESIntegTestCase.Scope;
@ -439,14 +439,14 @@ public class HttpExporterTests extends MonitoringIntegTestCase {
IndexRecoveryMonitoringDoc doc = new IndexRecoveryMonitoringDoc(MonitoredSystem.ES.getSystem(), Version.CURRENT.toString());
doc.setClusterUUID(internalCluster().getClusterName());
doc.setTimestamp(System.currentTimeMillis());
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
doc.setRecoveryResponse(new RecoveryResponse());
return doc;
} else {
ClusterStateMonitoringDoc doc = new ClusterStateMonitoringDoc(MonitoredSystem.ES.getSystem(), Version.CURRENT.toString());
doc.setClusterUUID(internalCluster().getClusterName());
doc.setTimestamp(System.currentTimeMillis());
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
doc.setClusterState(ClusterState.PROTO);
doc.setStatus(ClusterHealthStatus.GREEN);
return doc;

View File

@ -13,7 +13,7 @@ import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.health.ClusterHealthStatus;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.search.SearchHit;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.ESIntegTestCase.Scope;
@ -198,14 +198,14 @@ public class LocalExporterTests extends MonitoringIntegTestCase {
IndexRecoveryMonitoringDoc doc = new IndexRecoveryMonitoringDoc(MonitoredSystem.ES.getSystem(), Version.CURRENT.toString());
doc.setClusterUUID(internalCluster().getClusterName());
doc.setTimestamp(System.currentTimeMillis());
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
doc.setRecoveryResponse(new RecoveryResponse());
return doc;
} else {
ClusterStateMonitoringDoc doc = new ClusterStateMonitoringDoc(MonitoredSystem.ES.getSystem(), Version.CURRENT.toString());
doc.setClusterUUID(internalCluster().getClusterName());
doc.setTimestamp(System.currentTimeMillis());
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
doc.setClusterState(ClusterState.PROTO);
doc.setStatus(ClusterHealthStatus.GREEN);
return doc;

View File

@ -7,7 +7,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver;
import org.elasticsearch.Version;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc;
@ -31,7 +31,7 @@ public class DataResolverTests extends MonitoringIndexNameResolverTestCase {
MonitoringDoc doc = new MonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(Math.abs(randomLong()));
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
return doc;
}

View File

@ -8,7 +8,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver;
import org.elasticsearch.Version;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.xpack.monitoring.MonitoredSystem;
@ -40,7 +40,7 @@ public class TimestampedResolverTests extends MonitoringIndexNameResolverTestCas
MonitoringDoc doc = new MonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(Math.abs(randomLong()));
doc.setSourceNode(new DiscoveryNode(randomAsciiOfLength(5), DummyTransportAddress.INSTANCE,
doc.setSourceNode(new DiscoveryNode(randomAsciiOfLength(5), LocalTransportAddress.buildUnique(),
emptyMap(), emptySet(), Version.CURRENT));
return doc;
}

View File

@ -8,7 +8,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver.bulk;
import org.elasticsearch.Version;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.xpack.monitoring.MonitoredSystem;
import org.elasticsearch.xpack.monitoring.action.MonitoringBulkDoc;
@ -39,7 +39,7 @@ public class MonitoringBulkDataResolverTests extends MonitoringIndexNameResolver
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(Math.abs(randomLong()));
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
return doc;
}

View File

@ -8,7 +8,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver.bulk;
import org.elasticsearch.Version;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.xpack.monitoring.MonitoredSystem;
import org.elasticsearch.xpack.monitoring.action.MonitoringBulkDoc;
@ -41,7 +41,7 @@ public class MonitoringBulkTimestampedResolverTests
}
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
return doc;
}

View File

@ -10,7 +10,7 @@ import org.elasticsearch.action.admin.cluster.stats.ClusterStatsResponse;
import org.elasticsearch.cluster.ClusterName;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.license.core.License;
@ -42,7 +42,7 @@ public class ClusterInfoResolverTests extends MonitoringIndexNameResolverTestCas
ClusterInfoMonitoringDoc doc = new ClusterInfoMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(Math.abs(randomLong()));
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
doc.setVersion(randomFrom(Version.V_2_0_0, Version.CURRENT).toString());
doc.setLicense(licenseBuilder.build());
doc.setClusterName(randomAsciiOfLength(5));

View File

@ -7,7 +7,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver.cluster;
import org.elasticsearch.Version;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateNodeMonitoringDoc;
import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils;
@ -28,7 +28,7 @@ public class ClusterStateNodeResolverTests extends
ClusterStateNodeMonitoringDoc doc = new ClusterStateNodeMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(Math.abs(randomLong()));
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
doc.setNodeId(UUID.randomUUID().toString());
doc.setStateUUID(UUID.randomUUID().toString());
return doc;

View File

@ -11,7 +11,6 @@ import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.health.ClusterHealthStatus;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.node.DiscoveryNodes;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateMonitoringDoc;
@ -32,7 +31,7 @@ public class ClusterStateResolverTests extends MonitoringIndexNameResolverTestCa
ClusterStateMonitoringDoc doc = new ClusterStateMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(Math.abs(randomLong()));
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
doc.setStatus(randomFrom(ClusterHealthStatus.values()));
DiscoveryNode masterNode = new DiscoveryNode("master", new LocalTransportAddress("master"),

View File

@ -21,7 +21,7 @@ import org.elasticsearch.cluster.routing.ShardRouting;
import org.elasticsearch.cluster.routing.UnassignedInfo;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.BoundTransportAddress;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.common.unit.ByteSizeValue;
import org.elasticsearch.common.xcontent.XContentType;
@ -63,7 +63,7 @@ public class ClusterStatsResolverTests extends MonitoringIndexNameResolverTestCa
ClusterStatsMonitoringDoc doc = new ClusterStatsMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(Math.abs(randomLong()));
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
doc.setClusterStats(randomClusterStats());
return doc;
}
@ -94,7 +94,7 @@ public class ClusterStatsResolverTests extends MonitoringIndexNameResolverTestCa
*/
private ClusterStatsResponse randomClusterStats() {
List<ClusterStatsNodeResponse> responses = Collections.singletonList(
new ClusterStatsNodeResponse(new DiscoveryNode("node_0", DummyTransportAddress.INSTANCE,
new ClusterStatsNodeResponse(new DiscoveryNode("node_0", LocalTransportAddress.buildUnique(),
emptyMap(), emptySet(), Version.CURRENT),
ClusterHealthStatus.GREEN, randomNodeInfo(), randomNodeStats(), randomShardStats())
);
@ -106,10 +106,10 @@ public class ClusterStatsResolverTests extends MonitoringIndexNameResolverTestCa
* @return a random {@link NodeInfo} used to resolve a monitoring document.
*/
private NodeInfo randomNodeInfo() {
BoundTransportAddress transportAddress = new BoundTransportAddress(new TransportAddress[]{DummyTransportAddress.INSTANCE},
DummyTransportAddress.INSTANCE);
BoundTransportAddress transportAddress = new BoundTransportAddress(new TransportAddress[]{LocalTransportAddress.buildUnique()},
LocalTransportAddress.buildUnique());
return new NodeInfo(Version.CURRENT, org.elasticsearch.Build.CURRENT,
new DiscoveryNode("node_0", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT),
new DiscoveryNode("node_0", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT),
Settings.EMPTY, DummyOsInfo.INSTANCE, new ProcessInfo(randomInt(), randomBoolean()), JvmInfo.jvmInfo(),
new ThreadPoolInfo(Collections.singletonList(new ThreadPool.Info("test_threadpool", ThreadPool.ThreadPoolType.FIXED, 5))),
new TransportInfo(transportAddress, Collections.emptyMap()), new HttpInfo(transportAddress, randomLong()),
@ -127,7 +127,7 @@ public class ClusterStatsResolverTests extends MonitoringIndexNameResolverTestCa
};
Map<Index, List<IndexShardStats>> statsByShard = new HashMap<>();
statsByShard.put(index, Collections.singletonList(new IndexShardStats(new ShardId(index, 0), randomShardStats())));
return new NodeStats(new DiscoveryNode("node_0", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT), 0,
return new NodeStats(new DiscoveryNode("node_0", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT), 0,
new NodeIndicesStats(new CommonStats(), statsByShard), null, null, null, null,
new FsInfo(0, null, pathInfo), null, null, null, null, null, null);
}

View File

@ -8,7 +8,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver.indices;
import org.elasticsearch.Version;
import org.elasticsearch.action.admin.indices.recovery.RecoveryResponse;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.index.shard.ShardId;
import org.elasticsearch.indices.recovery.RecoveryState;
@ -32,9 +32,9 @@ public class IndexRecoveryResolverTests extends MonitoringIndexNameResolverTestC
IndexRecoveryMonitoringDoc doc = new IndexRecoveryMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(Math.abs(randomLong()));
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
DiscoveryNode localNode = new DiscoveryNode("foo", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT);
DiscoveryNode localNode = new DiscoveryNode("foo", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT);
Map<String, java.util.List<RecoveryState>> shardRecoveryStates = new HashMap<>();
shardRecoveryStates.put("test", Collections.singletonList(new RecoveryState(new ShardId("test", "uuid", 0), true,
RecoveryState.Type.STORE, localNode, localNode)));

View File

@ -12,7 +12,7 @@ import org.elasticsearch.action.admin.indices.stats.ShardStats;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.routing.ShardRouting;
import org.elasticsearch.cluster.routing.UnassignedInfo;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.index.Index;
import org.elasticsearch.index.cache.query.QueryCacheStats;
@ -45,7 +45,7 @@ public class IndexStatsResolverTests extends MonitoringIndexNameResolverTestCase
IndexStatsMonitoringDoc doc = new IndexStatsMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(Math.abs(randomLong()));
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
doc.setIndexStats(randomIndexStats());
return doc;
}
@ -58,7 +58,7 @@ public class IndexStatsResolverTests extends MonitoringIndexNameResolverTestCase
public void testIndexStatsResolver() throws Exception {
IndexStatsMonitoringDoc doc = newMonitoringDoc();
doc.setTimestamp(1437580442979L);
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
IndexStatsResolver resolver = newResolver();
assertThat(resolver.index(doc), equalTo(".monitoring-es-" + MonitoringTemplateUtils.TEMPLATE_VERSION + "-2015.07.22"));

View File

@ -13,7 +13,7 @@ import org.elasticsearch.action.admin.indices.stats.ShardStats;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.routing.ShardRouting;
import org.elasticsearch.cluster.routing.UnassignedInfo;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.index.Index;
import org.elasticsearch.index.cache.query.QueryCacheStats;
@ -49,7 +49,7 @@ public class IndicesStatsResolverTests extends MonitoringIndexNameResolverTestCa
IndicesStatsMonitoringDoc doc = new IndicesStatsMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(Math.abs(randomLong()));
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
doc.setIndicesStats(randomIndicesStats());
return doc;
}
@ -63,7 +63,7 @@ public class IndicesStatsResolverTests extends MonitoringIndexNameResolverTestCa
IndicesStatsMonitoringDoc doc = newMonitoringDoc();
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(1437580442979L);
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
IndicesStatsResolver resolver = newResolver();
assertThat(resolver.index(doc), equalTo(".monitoring-es-" + MonitoringTemplateUtils.TEMPLATE_VERSION + "-2015.07.22"));

View File

@ -7,7 +7,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver.node;
import org.elasticsearch.Version;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.test.VersionUtils;
import org.elasticsearch.xpack.monitoring.agent.collector.cluster.DiscoveryNodeMonitoringDoc;
@ -28,9 +28,9 @@ public class DiscoveryNodeResolverTests extends MonitoringIndexNameResolverTestC
DiscoveryNodeMonitoringDoc doc = new DiscoveryNodeMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(Math.abs(randomLong()));
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
doc.setNode(new DiscoveryNode(randomAsciiOfLength(3), UUID.randomUUID().toString(),
DummyTransportAddress.INSTANCE, emptyMap(), emptySet(),
LocalTransportAddress.buildUnique(), emptyMap(), emptySet(),
VersionUtils.randomVersionBetween(random(), VersionUtils.getFirstVersion(), Version.CURRENT)));
return doc;
}

View File

@ -14,7 +14,7 @@ import org.elasticsearch.action.admin.indices.stats.ShardStats;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.routing.ShardRouting;
import org.elasticsearch.cluster.routing.UnassignedInfo;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.index.Index;
import org.elasticsearch.index.cache.query.QueryCacheStats;
@ -59,7 +59,7 @@ public class NodeStatsResolverTests extends MonitoringIndexNameResolverTestCase<
NodeStatsMonitoringDoc doc = new NodeStatsMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(Math.abs(randomLong()));
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
doc.setNodeMaster(randomBoolean());
doc.setNodeId(UUID.randomUUID().toString());
doc.setDiskThresholdDeciderEnabled(randomBoolean());
@ -133,7 +133,7 @@ public class NodeStatsResolverTests extends MonitoringIndexNameResolverTestCase<
new ThreadPoolStats.Stats(ThreadPool.Names.SEARCH, 0, 0, 0, 0, 0, 0),
new ThreadPoolStats.Stats(InternalWatchExecutor.THREAD_POOL_NAME, 0, 0, 0, 0, 0, 0)
);
return new NodeStats(new DiscoveryNode("node_0", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT), 0,
return new NodeStats(new DiscoveryNode("node_0", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT), 0,
new NodeIndicesStats(new CommonStats(), statsByShard), OsProbe.getInstance().osStats(),
ProcessProbe.getInstance().processStats(), JvmStats.jvmStats(),
new ThreadPoolStats(threadPoolStats),

View File

@ -9,7 +9,7 @@ import org.elasticsearch.Version;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.routing.ShardRouting;
import org.elasticsearch.cluster.routing.UnassignedInfo;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.index.Index;
import org.elasticsearch.index.shard.ShardId;
@ -31,7 +31,7 @@ public class ShardsResolverTests extends MonitoringIndexNameResolverTestCase<Sha
doc.setClusterUUID(randomAsciiOfLength(5));
doc.setTimestamp(Math.abs(randomLong()));
doc.setClusterStateUUID(UUID.randomUUID().toString());
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
ShardRouting shardRouting = ShardRouting.newUnassigned(new ShardId(new Index(randomAsciiOfLength(5), UUID.randomUUID().toString()),
randomIntBetween(0, 5)), null, randomBoolean(), new UnassignedInfo(UnassignedInfo.Reason.INDEX_CREATED, null));
@ -48,7 +48,7 @@ public class ShardsResolverTests extends MonitoringIndexNameResolverTestCase<Sha
final String clusterStateUUID = UUID.randomUUID().toString();
doc.setClusterStateUUID(clusterStateUUID);
doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
ShardsResolver resolver = newResolver();
assertThat(resolver.index(doc), equalTo(".monitoring-es-" + MonitoringTemplateUtils.TEMPLATE_VERSION + "-2015.07.22"));

View File

@ -141,8 +141,12 @@ public class Security implements ActionPlugin {
}
modules.add(new AuthenticationModule(settings));
modules.add(new AuthorizationModule(settings));
if (enabled == false) {
modules.add(new SecurityModule(settings, securityLicenseState));
modules.add(new CryptoModule(settings));
modules.add(new AuditTrailModule(settings));
modules.add(new SecurityTransportModule(settings));
return modules;
}
@ -152,7 +156,6 @@ public class Security implements ActionPlugin {
securityLicenseState = new SecurityLicenseState();
modules.add(new SecurityModule(settings, securityLicenseState));
modules.add(new CryptoModule(settings));
modules.add(new AuthorizationModule(settings));
modules.add(new AuditTrailModule(settings));
modules.add(new SecurityRestModule(settings));
modules.add(new SecurityActionModule(settings));

View File

@ -13,14 +13,21 @@ import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.io.stream.Writeable;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.xpack.security.audit.AuditTrailService;
import org.elasticsearch.xpack.security.authc.Realm;
import org.elasticsearch.xpack.security.authc.Realms;
import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
import org.elasticsearch.xpack.XPackFeatureSet;
import org.elasticsearch.xpack.security.authz.store.RolesStore;
import org.elasticsearch.xpack.security.crypto.CryptoService;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
@ -30,16 +37,33 @@ import java.util.stream.Collectors;
*/
public class SecurityFeatureSet implements XPackFeatureSet {
private final Settings settings;
private final boolean enabled;
private final SecurityLicenseState licenseState;
@Nullable private final Realms realms;
@Nullable
private final Realms realms;
@Nullable
private final RolesStore rolesStore;
@Nullable
private final IPFilter ipFilter;
@Nullable
private final AuditTrailService auditTrailService;
@Nullable
private final CryptoService cryptoService;
@Inject
public SecurityFeatureSet(Settings settings, @Nullable SecurityLicenseState licenseState,
@Nullable Realms realms, NamedWriteableRegistry namedWriteableRegistry) {
@Nullable Realms realms, NamedWriteableRegistry namedWriteableRegistry, @Nullable RolesStore rolesStore,
@Nullable IPFilter ipFilter, @Nullable AuditTrailService auditTrailService,
@Nullable CryptoService cryptoService) {
this.enabled = Security.enabled(settings);
this.licenseState = licenseState;
this.realms = realms;
this.rolesStore = rolesStore;
this.settings = settings;
this.ipFilter = ipFilter;
this.auditTrailService = auditTrailService;
this.cryptoService = cryptoService;
namedWriteableRegistry.register(Usage.class, Usage.writeableName(Security.NAME), Usage::new);
}
@ -66,7 +90,12 @@ public class SecurityFeatureSet implements XPackFeatureSet {
@Override
public XPackFeatureSet.Usage usage() {
List<Map<String, Object>> enabledRealms = buildEnabledRealms(realms);
return new Usage(available(), enabled(), enabledRealms);
Map<String, Object> rolesStoreUsage = rolesStoreUsage(rolesStore);
Map<String, Object> sslUsage = sslUsage(settings);
Map<String, Object> auditUsage = auditUsage(auditTrailService);
Map<String, Object> ipFilterUsage = ipFilterUsage(ipFilter);
boolean hasSystemKey = systemKeyUsage(cryptoService);
return new Usage(available(), enabled(), enabledRealms, rolesStoreUsage, sslUsage, auditUsage, ipFilterUsage, hasSystemKey);
}
static List<Map<String, Object>> buildEnabledRealms(Realms realms) {
@ -84,26 +113,86 @@ public class SecurityFeatureSet implements XPackFeatureSet {
return enabledRealms;
}
static Map<String, Object> rolesStoreUsage(@Nullable RolesStore rolesStore) {
if (rolesStore == null) {
return Collections.emptyMap();
}
return rolesStore.usageStats();
}
static Map<String, Object> sslUsage(Settings settings) {
Map<String, Object> map = new HashMap<>(2);
map.put("http", Collections.singletonMap("enabled", SecurityNettyHttpServerTransport.SSL_SETTING.get(settings)));
map.put("transport", Collections.singletonMap("enabled", SecurityNettyTransport.SSL_SETTING.get(settings)));
return map;
}
static Map<String, Object> auditUsage(@Nullable AuditTrailService auditTrailService) {
if (auditTrailService == null) {
return Collections.emptyMap();
}
return auditTrailService.usageStats();
}
static Map<String, Object> ipFilterUsage(@Nullable IPFilter ipFilter) {
if (ipFilter == null) {
return Collections.emptyMap();
}
return ipFilter.usageStats();
}
static boolean systemKeyUsage(CryptoService cryptoService) {
// we can piggy back on the encryption enabled method as it is only enabled if there is a system key
return cryptoService.encryptionEnabled();
}
static class Usage extends XPackFeatureSet.Usage {
private static final String ENABLED_REALMS_XFIELD = "enabled_realms";
private static final String ROLES_XFIELD = "roles";
private static final String SSL_XFIELD = "ssl";
private static final String AUDIT_XFIELD = "audit";
private static final String IP_FILTER_XFIELD = "ipfilter";
private static final String SYSTEM_KEY_XFIELD = "system_key";
private List<Map<String, Object>> enabledRealms;
private Map<String, Object> rolesStoreUsage;
private Map<String, Object> sslUsage;
private Map<String, Object> auditUsage;
private Map<String, Object> ipFilterUsage;
private boolean hasSystemKey;
public Usage(StreamInput in) throws IOException {
super(in);
enabledRealms = in.readList(StreamInput::readMap);
rolesStoreUsage = in.readMap();
sslUsage = in.readMap();
auditUsage = in.readMap();
ipFilterUsage = in.readMap();
hasSystemKey = in.readBoolean();
}
public Usage(boolean available, boolean enabled, List<Map<String, Object>> enabledRealms) {
public Usage(boolean available, boolean enabled, List<Map<String, Object>> enabledRealms, Map<String, Object> rolesStoreUsage,
Map<String, Object> sslUsage, Map<String, Object> auditUsage, Map<String, Object> ipFilterUsage,
boolean hasSystemKey) {
super(Security.NAME, available, enabled);
this.enabledRealms = enabledRealms;
this.rolesStoreUsage = rolesStoreUsage;
this.sslUsage = sslUsage;
this.auditUsage = auditUsage;
this.ipFilterUsage = ipFilterUsage;
this.hasSystemKey = hasSystemKey;
}
@Override
public void writeTo(StreamOutput out) throws IOException {
super.writeTo(out);
out.writeList(enabledRealms.stream().map((m) -> (Writeable) o -> o.writeMap(m)).collect(Collectors.toList()));
out.writeMap(rolesStoreUsage);
out.writeMap(sslUsage);
out.writeMap(auditUsage);
out.writeMap(ipFilterUsage);
out.writeBoolean(hasSystemKey);
}
@Override
@ -111,6 +200,11 @@ public class SecurityFeatureSet implements XPackFeatureSet {
super.innerXContent(builder, params);
if (enabled) {
builder.field(ENABLED_REALMS_XFIELD, enabledRealms);
builder.field(ROLES_XFIELD, rolesStoreUsage);
builder.field(SSL_XFIELD, sslUsage);
builder.field(AUDIT_XFIELD, auditUsage);
builder.field(IP_FILTER_XFIELD, ipFilterUsage);
builder.field(SYSTEM_KEY_XFIELD, hasSystemKey);
}
}
}

View File

@ -76,7 +76,7 @@ public class SecurityLifecycleService extends AbstractComponent implements Clust
if (nativeUserStore.canStart(event.state(), master)) {
threadPool.generic().execute(new AbstractRunnable() {
@Override
public void onFailure(Throwable throwable) {
public void onFailure(Exception throwable) {
logger.error("failed to start native user store service", throwable);
assert false : "security lifecycle services startup failed";
}
@ -95,7 +95,7 @@ public class SecurityLifecycleService extends AbstractComponent implements Clust
if (nativeRolesStore.canStart(event.state(), master)) {
threadPool.generic().execute(new AbstractRunnable() {
@Override
public void onFailure(Throwable throwable) {
public void onFailure(Exception throwable) {
logger.error("failed to start native roles store services", throwable);
assert false : "security lifecycle services startup failed";
}
@ -117,7 +117,7 @@ public class SecurityLifecycleService extends AbstractComponent implements Clust
threadPool.generic().execute(new AbstractRunnable() {
@Override
public void onFailure(Throwable throwable) {
public void onFailure(Exception throwable) {
logger.error("failed to start index audit trail services", throwable);
assert false : "security lifecycle services startup failed";
}

View File

@ -90,8 +90,8 @@ public class SecurityTemplateService extends AbstractComponent implements Cluste
if (createTemplate && templateCreationPending.compareAndSet(false, true)) {
threadPool.generic().execute(new AbstractRunnable() {
@Override
public void onFailure(Throwable t) {
logger.warn("failed to create security index template", t);
public void onFailure(Exception e) {
logger.warn("failed to create security index template", e);
templateCreationPending.set(false);
}

View File

@ -44,9 +44,6 @@ import java.util.function.Predicate;
import static org.elasticsearch.xpack.security.support.Exceptions.authorizationError;
/**
*
*/
public class SecurityActionFilter extends AbstractComponent implements ActionFilter {
private static final Predicate<String> LICENSE_EXPIRATION_ACTION_MATCHER = HealthAndStatsPrivilege.INSTANCE.predicate();
@ -109,8 +106,8 @@ public class SecurityActionFilter extends AbstractComponent implements ActionFil
} else {
chain.proceed(task, action, request, listener);
}
} catch (Throwable t) {
listener.onFailure(t);
} catch (Exception e) {
listener.onFailure(e);
}
}
@ -231,7 +228,7 @@ public class SecurityActionFilter extends AbstractComponent implements ActionFil
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
if (threadContext != null) {
threadContext.restore();
}

View File

@ -44,7 +44,7 @@ public class TransportDeleteRoleAction extends HandledTransportAction<DeleteRole
}
@Override
public void onFailure(Throwable t) {
public void onFailure(Exception t) {
listener.onFailure(t);
}
});

View File

@ -77,7 +77,7 @@ public class TransportGetRolesAction extends HandledTransportAction<GetRolesRequ
}
@Override
public void onFailure(Throwable t) {
public void onFailure(Exception t) {
logger.error("failed to retrieve role [{}]", t, rolename);
listener.onFailure(t);
}
@ -95,7 +95,7 @@ public class TransportGetRolesAction extends HandledTransportAction<GetRolesRequ
}
@Override
public void onFailure(Throwable t) {
public void onFailure(Exception t) {
logger.error("failed to retrieve role [{}]", t,
Strings.arrayToDelimitedString(request.names(), ","));
listener.onFailure(t);

View File

@ -48,7 +48,7 @@ public class TransportPutRoleAction extends HandledTransportAction<PutRoleReques
}
@Override
public void onFailure(Throwable t) {
public void onFailure(Exception t) {
listener.onFailure(t);
}
});

View File

@ -12,7 +12,6 @@ import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
import org.elasticsearch.xpack.security.user.AnonymousUser;
import org.elasticsearch.xpack.security.user.SystemUser;
import org.elasticsearch.threadpool.ThreadPool;
@ -50,7 +49,7 @@ public class TransportChangePasswordAction extends HandledTransportAction<Change
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
listener.onFailure(e);
}
});

View File

@ -54,7 +54,7 @@ public class TransportDeleteUserAction extends HandledTransportAction<DeleteUser
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
listener.onFailure(e);
}
});

View File

@ -78,7 +78,7 @@ public class TransportGetUsersAction extends HandledTransportAction<GetUsersRequ
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
logger.error("failed to retrieve user [{}]", e, username);
listener.onFailure(e);
}
@ -94,7 +94,7 @@ public class TransportGetUsersAction extends HandledTransportAction<GetUsersRequ
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
logger.error("failed to retrieve user [{}]", e,
Strings.arrayToDelimitedString(request.usernames(), ","));
listener.onFailure(e);

View File

@ -59,7 +59,7 @@ public class TransportPutUserAction extends HandledTransportAction<PutUserReques
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
logger.error("failed to put user [{}]", e, request.username());
listener.onFailure(e);
}

View File

@ -7,6 +7,7 @@ package org.elasticsearch.xpack.security.audit;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.inject.multibindings.Multibinder;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Setting.Property;
import org.elasticsearch.common.settings.Settings;
@ -44,18 +45,16 @@ public class AuditTrailModule extends AbstractSecurityModule.Node {
@Override
protected void configureNode() {
if (!enabled) {
bind(AuditTrail.class).toInstance(AuditTrail.NOOP);
return;
}
List<String> outputs = OUTPUTS_SETTING.get(settings);
if (outputs.isEmpty()) {
if (securityEnabled == false || enabled == false || outputs.isEmpty()) {
bind(AuditTrailService.class).toProvider(Providers.of(null));
bind(AuditTrail.class).toInstance(AuditTrail.NOOP);
return;
}
bind(AuditTrail.class).to(AuditTrailService.class).asEagerSingleton();
Multibinder<AuditTrail> binder = Multibinder.newSetBinder(binder(), AuditTrail.class);
bind(AuditTrailService.class).asEagerSingleton();
bind(AuditTrail.class).to(AuditTrailService.class);
Multibinder<AuditTrail> binder = Multibinder.newSetBinder(binder(), AuditTrail.class);
Set<String> uniqueOutputs = Sets.newHashSet(outputs);
for (String output : uniqueOutputs) {
switch (output) {

View File

@ -16,6 +16,8 @@ import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
import org.elasticsearch.transport.TransportMessage;
import java.net.InetAddress;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/**
@ -197,4 +199,11 @@ public class AuditTrailService extends AbstractComponent implements AuditTrail {
}
}
}
public Map<String, Object> usageStats() {
Map<String, Object> map = new HashMap<>(2);
map.put("enabled", AuditTrailModule.ENABLED_SETTING.get(settings));
map.put("outputs", AuditTrailModule.OUTPUTS_SETTING.get(settings));
return map;
}
}

View File

@ -886,7 +886,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
INDEX_TEMPLATE_NAME);
threadPool.generic().execute(new AbstractRunnable() {
@Override
public void onFailure(Throwable throwable) {
public void onFailure(Exception throwable) {
logger.error("failed to update security audit index template [{}]", throwable, INDEX_TEMPLATE_NAME);
}

View File

@ -159,7 +159,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
@Override
public void onFailure(Throwable t) {
public void onFailure(Exception t) {
if (t instanceof IndexNotFoundException) {
logger.trace("failed to retrieve user [{}] since security index does not exist", username);
// We don't invoke the onFailure listener here, instead
@ -228,7 +228,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
@Override
public void onFailure(Throwable t) {
public void onFailure(Exception t) {
// attempt to clear scroll response
if (lastResponse != null && lastResponse.getScrollId() != null) {
clearScrollResponse(lastResponse.getScrollId());
@ -260,7 +260,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
@Override
public void onFailure(Throwable t) {
public void onFailure(Exception t) {
if (t instanceof IndexNotFoundException) {
logger.trace("failed to retrieve user [{}] since security index does not exist", t, username);
} else {
@ -287,7 +287,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
@Override
public void onFailure(Throwable t) {
public void onFailure(Exception t) {
if (t instanceof IndexNotFoundException) {
logger.trace("could not retrieve user [{}] because security index does not exist", t, user);
} else {
@ -334,7 +334,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
Throwable cause = e;
if (e instanceof ElasticsearchException) {
cause = ExceptionsHelper.unwrapCause(e);
@ -368,7 +368,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
listener.onFailure(e);
}
});
@ -410,7 +410,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
Throwable cause = e;
if (e instanceof ElasticsearchException) {
cause = ExceptionsHelper.unwrapCause(e);
@ -455,7 +455,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
listener.onFailure(e);
}
});
@ -479,7 +479,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
listener.onFailure(e);
}
});
@ -550,9 +550,9 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
if (state.compareAndSet(State.STARTED, State.STOPPING)) {
try {
userPoller.stop();
} catch (Throwable t) {
} catch (Exception e) {
state.set(State.FAILED);
throw t;
throw e;
} finally {
state.set(State.STOPPED);
}
@ -594,10 +594,10 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
return securityIndexExists;
}
char[] reservedUserPassword(String username) throws Throwable {
char[] reservedUserPassword(String username) throws Exception {
assert started();
final AtomicReference<char[]> passwordHash = new AtomicReference<>();
final AtomicReference<Throwable> failure = new AtomicReference<>();
final AtomicReference<Exception> failure = new AtomicReference<>();
final CountDownLatch latch = new CountDownLatch(1);
client.prepareGet(SecurityTemplateService.SECURITY_INDEX_NAME, RESERVED_USER_DOC_TYPE, username)
.execute(new LatchedActionListener<>(new ActionListener<GetResponse>() {
@ -615,7 +615,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
if (e instanceof IndexNotFoundException) {
logger.trace("could not retrieve built in user [{}] password since security index does not exist", e, username);
} else {
@ -634,7 +634,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
failure.set(e);
}
Throwable failureCause = failure.get();
Exception failureCause = failure.get();
if (failureCause != null) {
// if there is any sort of failure we need to throw an exception to prevent the fallback to the default password...
throw failureCause;
@ -651,7 +651,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
@Override
public void onFailure(Throwable t) {
public void onFailure(Exception t) {
// Not really much to do here except for warn about it...
logger.warn("failed to clear scroll [{}]", t, scrollId);
}
@ -669,7 +669,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
logger.error("unable to clear realm cache for user [{}]", e, username);
ElasticsearchException exception = new ElasticsearchException("clearing the cache for [" + username
+ "] failed. please clear the realm cache manually", e);
@ -838,21 +838,22 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
}
// call listeners
Throwable th = null;
RuntimeException ex = null;
for (ChangeListener listener : listeners) {
try {
listener.onUsersChanged(changedUsers);
} catch (Throwable t) {
th = ExceptionsHelper.useOrSuppress(th, t);
} catch (Exception e) {
if (ex == null) ex = new RuntimeException("exception while notifying listeners");
ex.addSuppressed(e);
}
}
ExceptionsHelper.reThrowIfNotNull(th);
if (ex != null) throw ex;
}
@Override
public void onFailure(Throwable t) {
logger.error("error occurred while checking the native users for changes", t);
public void onFailure(Exception e) {
logger.error("error occurred while checking the native users for changes", e);
}
private boolean isStopped() {

View File

@ -131,7 +131,7 @@ public class ReservedRealm extends CachingUsernamePasswordRealm {
return DEFAULT_PASSWORD_HASH;
}
return passwordHash;
} catch (Throwable e) {
} catch (Exception e) {
logger.error("failed to retrieve password hash for reserved user [{}]", e, username);
return null;
}

View File

@ -37,9 +37,6 @@ import static java.util.Collections.emptyMap;
import static java.util.Collections.unmodifiableMap;
import static org.elasticsearch.xpack.security.support.SecurityFiles.openAtomicMoveWriter;
/**
*
*/
public class FileUserPasswdStore {
private final ESLogger logger;
@ -111,8 +108,8 @@ public class FileUserPasswdStore {
static Map<String, char[]> parseFileLenient(Path path, ESLogger logger) {
try {
return parseFile(path, logger);
} catch (Throwable t) {
logger.error("failed to parse users file [{}]. skipping/removing all users...", t, path.toAbsolutePath());
} catch (Exception e) {
logger.error("failed to parse users file [{}]. skipping/removing all users...", e, path.toAbsolutePath());
return emptyMap();
}
}

View File

@ -37,9 +37,6 @@ import static java.util.Collections.emptyMap;
import static java.util.Collections.unmodifiableMap;
import static org.elasticsearch.xpack.security.support.SecurityFiles.openAtomicMoveWriter;
/**
*
*/
public class FileUserRolesStore {
private static final Pattern USERS_DELIM = Pattern.compile("\\s*,\\s*");
@ -103,8 +100,8 @@ public class FileUserRolesStore {
static Map<String, String[]> parseFileLenient(Path path, ESLogger logger) {
try {
return parseFile(path, logger);
} catch (Throwable t) {
logger.error("failed to parse users_roles file [{}]. skipping/removing all entries...", t, path.toAbsolutePath());
} catch (Exception e) {
logger.error("failed to parse users_roles file [{}]. skipping/removing all entries...", e, path.toAbsolutePath());
return emptyMap();
}
}

View File

@ -11,7 +11,7 @@ import org.elasticsearch.cli.ExitCodes;
import org.elasticsearch.cli.MultiCommand;
import org.elasticsearch.cli.SettingCommand;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.cli.UserError;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.set.Sets;
@ -88,7 +88,7 @@ public class UsersTool extends MultiCommand {
String username = parseUsername(arguments.values(options));
Validation.Error validationError = Users.validateUsername(username);
if (validationError != null) {
throw new UserError(ExitCodes.DATA_ERROR, "Invalid username [" + username + "]... " + validationError);
throw new UserException(ExitCodes.DATA_ERROR, "Invalid username [" + username + "]... " + validationError);
}
char[] password = parsePassword(terminal, passwordOption.value(options));
@ -102,7 +102,7 @@ public class UsersTool extends MultiCommand {
Map<String, char[]> users = new HashMap<>(FileUserPasswdStore.parseFile(passwordFile, null));
if (users.containsKey(username)) {
throw new UserError(ExitCodes.CODE_ERROR, "User [" + username + "] already exists");
throw new UserException(ExitCodes.CODE_ERROR, "User [" + username + "] already exists");
}
Hasher hasher = Hasher.BCRYPT;
users.put(username, hasher.hash(new SecuredString(password)));
@ -149,7 +149,7 @@ public class UsersTool extends MultiCommand {
Map<String, char[]> users = new HashMap<>(FileUserPasswdStore.parseFile(passwordFile, null));
if (users.containsKey(username) == false) {
throw new UserError(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
throw new UserException(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
}
if (Files.exists(passwordFile)) {
char[] passwd = users.remove(username);
@ -205,7 +205,7 @@ public class UsersTool extends MultiCommand {
FileAttributesChecker attributesChecker = new FileAttributesChecker(file);
Map<String, char[]> users = new HashMap<>(FileUserPasswdStore.parseFile(file, null));
if (users.containsKey(username) == false) {
throw new UserError(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
throw new UserException(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
}
users.put(username, Hasher.BCRYPT.hash(new SecuredString(password)));
FileUserPasswdStore.writeFile(users, file);
@ -261,7 +261,7 @@ public class UsersTool extends MultiCommand {
Map<String, char[]> usersMap = FileUserPasswdStore.parseFile(usersFile, null);
if (!usersMap.containsKey(username)) {
throw new UserError(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
throw new UserException(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
}
Map<String, String[]> userRoles = FileUserRolesStore.parseFile(rolesFile, null);
@ -325,7 +325,7 @@ public class UsersTool extends MultiCommand {
if (username != null) {
if (!users.contains(username)) {
throw new UserError(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
throw new UserException(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
}
if (userRoles.containsKey(username)) {
@ -394,38 +394,38 @@ public class UsersTool extends MultiCommand {
}
// pkg private for testing
static String parseUsername(List<String> args) throws UserError {
static String parseUsername(List<String> args) throws UserException {
if (args.isEmpty()) {
throw new UserError(ExitCodes.USAGE, "Missing username argument");
throw new UserException(ExitCodes.USAGE, "Missing username argument");
} else if (args.size() > 1) {
throw new UserError(ExitCodes.USAGE, "Expected a single username argument, found extra: " + args.toString());
throw new UserException(ExitCodes.USAGE, "Expected a single username argument, found extra: " + args.toString());
}
String username = args.get(0);
Validation.Error validationError = Users.validateUsername(username);
if (validationError != null) {
throw new UserError(ExitCodes.DATA_ERROR, "Invalid username [" + username + "]... " + validationError);
throw new UserException(ExitCodes.DATA_ERROR, "Invalid username [" + username + "]... " + validationError);
}
return username;
}
// pkg private for testing
static char[] parsePassword(Terminal terminal, String passwordStr) throws UserError {
static char[] parsePassword(Terminal terminal, String passwordStr) throws UserException {
char[] password;
if (passwordStr != null) {
password = passwordStr.toCharArray();
Validation.Error validationError = Users.validatePassword(password);
if (validationError != null) {
throw new UserError(ExitCodes.DATA_ERROR, "Invalid password..." + validationError);
throw new UserException(ExitCodes.DATA_ERROR, "Invalid password..." + validationError);
}
} else {
password = terminal.readSecret("Enter new password: ");
Validation.Error validationError = Users.validatePassword(password);
if (validationError != null) {
throw new UserError(ExitCodes.DATA_ERROR, "Invalid password..." + validationError);
throw new UserException(ExitCodes.DATA_ERROR, "Invalid password..." + validationError);
}
char[] retyped = terminal.readSecret("Retype new password: ");
if (Arrays.equals(password, retyped) == false) {
throw new UserError(ExitCodes.DATA_ERROR, "Password mismatch");
throw new UserException(ExitCodes.DATA_ERROR, "Password mismatch");
}
}
return password;
@ -446,7 +446,7 @@ public class UsersTool extends MultiCommand {
}
// pkg private for testing
static String[] parseRoles(Terminal terminal, Environment env, String rolesStr) throws UserError {
static String[] parseRoles(Terminal terminal, Environment env, String rolesStr) throws UserException {
if (rolesStr.isEmpty()) {
return Strings.EMPTY_ARRAY;
}
@ -454,7 +454,7 @@ public class UsersTool extends MultiCommand {
for (String role : roles) {
Validation.Error validationError = Validation.Roles.validateRoleName(role);
if (validationError != null) {
throw new UserError(ExitCodes.DATA_ERROR, "Invalid role [" + role + "]... " + validationError);
throw new UserException(ExitCodes.DATA_ERROR, "Invalid role [" + role + "]... " + validationError);
}
}

View File

@ -65,7 +65,7 @@ public class LdapSession implements Closeable {
return groupsResolver.resolve(ldap, userDn, timeout, logger);
}
public static interface GroupsResolver {
public interface GroupsResolver {
List<String> resolve(LDAPInterface ldapConnection, String userDn, TimeValue timeout, ESLogger logger);

View File

@ -484,7 +484,7 @@ public class BCrypt {
* @param lr an array containing the two 32-bit half blocks
* @param off the position in the array of the blocks
*/
private final void encipher(int lr[], int off) {
private void encipher(int lr[], int off) {
int i, n, l = lr[off], r = lr[off + 1];
l ^= P[0];

View File

@ -95,8 +95,8 @@ public class DnRoleMapper {
public static Map<DN, Set<String>> parseFileLenient(Path path, ESLogger logger, String realmType, String realmName) {
try {
return parseFile(path, logger, realmType, realmName);
} catch (Throwable t) {
logger.error("failed to parse role mappings file [{}]. skipping/removing all mappings...", t, path.toAbsolutePath());
} catch (Exception e) {
logger.error("failed to parse role mappings file [{}]. skipping/removing all mappings...", e, path.toAbsolutePath());
return emptyMap();
}
}

View File

@ -10,12 +10,7 @@ package org.elasticsearch.xpack.security.authc.support;
*/
public interface RefreshListener {
static final RefreshListener NOOP = new RefreshListener() {
@Override
public void onRefresh() {
}
};
RefreshListener NOOP = () -> {};
void onRefresh();
}

View File

@ -5,6 +5,7 @@
*/
package org.elasticsearch.xpack.security.authz;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore;
import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
@ -24,6 +25,10 @@ public class AuthorizationModule extends AbstractSecurityModule.Node {
@Override
protected void configureNode() {
if (securityEnabled == false) {
bind(RolesStore.class).toProvider(Providers.of(null));
return;
}
// First the file and native roles stores must be bound...
bind(ReservedRolesStore.class).asEagerSingleton();

View File

@ -125,7 +125,7 @@ public interface IndicesPermission extends Permission, Iterable<IndicesPermissio
if (group.check(action, indexOrAlias)) {
granted = true;
for (String index : concreteIndices) {
if (group.getFields() != null) {
if (group.hasFields()) {
Set<String> roleFields = rolesFieldsByIndex.get(index);
if (roleFields == null) {
roleFields = new HashSet<>();
@ -133,7 +133,7 @@ public interface IndicesPermission extends Permission, Iterable<IndicesPermissio
}
roleFields.addAll(group.getFields());
}
if (group.getQuery() != null) {
if (group.hasQuery()) {
Set<BytesReference> roleQueries = roleQueriesByIndex.get(index);
if (roleQueries == null) {
roleQueries = new HashSet<>();
@ -330,5 +330,13 @@ public interface IndicesPermission extends Permission, Iterable<IndicesPermissio
assert index != null;
return actionMatcher.test(action) && indexNameMatcher.test(index);
}
public boolean hasFields() {
return fields != null;
}
public boolean hasQuery() {
return query != null;
}
}
}

View File

@ -8,6 +8,9 @@ package org.elasticsearch.xpack.security.authz.store;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.xpack.security.authz.permission.Role;
import java.util.HashMap;
import java.util.Map;
/**
* A composite roles store that combines built in roles, file-based roles, and index-based roles. Checks the built in roles first, then the
* file roles, and finally the index roles.
@ -40,4 +43,12 @@ public class CompositeRolesStore implements RolesStore {
return nativeRolesStore.role(role);
}
@Override
public Map<String, Object> usageStats() {
Map<String, Object> usage = new HashMap<>(2);
usage.put("file", fileRolesStore.usageStats());
usage.put("native", nativeRolesStore.usageStats());
return usage;
}
}

View File

@ -15,13 +15,13 @@ import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Setting.Property;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsModule;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.common.xcontent.yaml.YamlXContent;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.authc.support.RefreshListener;
import org.elasticsearch.xpack.security.authz.RoleDescriptor;
import org.elasticsearch.xpack.security.authz.permission.IndicesPermission.Group;
import org.elasticsearch.xpack.security.authz.permission.Role;
import org.elasticsearch.xpack.security.support.NoOpLogger;
import org.elasticsearch.xpack.security.support.Validation;
@ -46,9 +46,6 @@ import static java.util.Collections.emptySet;
import static java.util.Collections.unmodifiableMap;
import static org.elasticsearch.xpack.security.Security.setting;
/**
*
*/
public class FileRolesStore extends AbstractLifecycleComponent implements RolesStore {
public static final Setting<String> ROLES_FILE_SETTING =
@ -100,6 +97,28 @@ public class FileRolesStore extends AbstractLifecycleComponent implements RolesS
return permissions.get(role);
}
@Override
public Map<String, Object> usageStats() {
Map<String, Object> usageStats = new HashMap<>();
usageStats.put("size", permissions.size());
boolean dls = false;
boolean fls = false;
for (Role role : permissions.values()) {
for (Group group : role.indices()) {
fls = fls || group.hasFields();
dls = dls || group.hasQuery();
}
if (fls && dls) {
break;
}
}
usageStats.put("fls", fls);
usageStats.put("dls", dls);
return usageStats;
}
public static Path resolveFile(Settings settings, Environment env) {
String location = ROLES_FILE_SETTING.get(settings);
if (location.isEmpty()) {
@ -288,8 +307,8 @@ public class FileRolesStore extends AbstractLifecycleComponent implements RolesS
try {
permissions = parseFile(file, logger, settings);
logger.info("updated roles (roles file [{}] changed)", file.toAbsolutePath());
} catch (Throwable t) {
logger.error("could not reload roles file [{}]. Current roles remain unmodified", t, file.toAbsolutePath());
} catch (Exception e) {
logger.error("could not reload roles file [{}]. Current roles remain unmodified", e, file.toAbsolutePath());
return;
}
listener.onRefresh();

View File

@ -15,6 +15,9 @@ import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.search.ClearScrollRequest;
import org.elasticsearch.action.search.ClearScrollResponse;
import org.elasticsearch.action.search.MultiSearchRequestBuilder;
import org.elasticsearch.action.search.MultiSearchResponse;
import org.elasticsearch.action.search.MultiSearchResponse.Item;
import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.action.search.SearchScrollRequest;
@ -47,6 +50,7 @@ import org.elasticsearch.xpack.security.action.role.ClearRolesCacheResponse;
import org.elasticsearch.xpack.security.action.role.DeleteRoleRequest;
import org.elasticsearch.xpack.security.action.role.PutRoleRequest;
import org.elasticsearch.xpack.security.authz.RoleDescriptor;
import org.elasticsearch.xpack.security.authz.permission.IndicesPermission.Group;
import org.elasticsearch.xpack.security.authz.permission.Role;
import org.elasticsearch.xpack.security.client.SecurityClient;
import org.elasticsearch.xpack.security.support.SelfReschedulingRunnable;
@ -56,8 +60,10 @@ import org.elasticsearch.threadpool.ThreadPool.Names;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CountDownLatch;
@ -231,7 +237,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
}
@Override
public void onFailure(Throwable t) {
public void onFailure(Exception t) {
// attempt to clear the scroll request
if (lastResponse != null && lastResponse.getScrollId() != null) {
clearScollRequest(lastResponse.getScrollId());
@ -277,7 +283,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
logger.error("failed to delete role from the index", e);
listener.onFailure(e);
}
@ -311,7 +317,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
logger.error("failed to put role [{}]", e, request.name());
listener.onFailure(e);
}
@ -329,6 +335,84 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
return roleAndVersion == null ? null : roleAndVersion.getRole();
}
@Override
public Map<String, Object> usageStats() {
if (state() != State.STARTED) {
return Collections.emptyMap();
}
boolean dls = false;
boolean fls = false;
Map<String, Object> usageStats = new HashMap<>();
if (securityIndexExists == false) {
usageStats.put("size", 0L);
usageStats.put("fls", fls);
usageStats.put("dls", dls);
return usageStats;
}
long count = (long) roleCache.size();
for (RoleAndVersion rv : roleCache.values()) {
Role role = rv.getRole();
for (Group group : role.indices()) {
fls = fls || group.hasFields();
dls = dls || group.hasQuery();
}
if (fls && dls) {
break;
}
}
// slow path - query for necessary information
if (fls == false || dls == false) {
MultiSearchRequestBuilder builder = client.prepareMultiSearch()
.add(client.prepareSearch(SecurityTemplateService.SECURITY_INDEX_NAME)
.setTypes(ROLE_DOC_TYPE)
.setQuery(QueryBuilders.matchAllQuery())
.setSize(0));
if (fls == false) {
builder.add(client.prepareSearch(SecurityTemplateService.SECURITY_INDEX_NAME)
.setTypes(ROLE_DOC_TYPE)
.setQuery(QueryBuilders.existsQuery("indices.fields"))
.setSize(0)
.setTerminateAfter(1));
}
if (dls == false) {
builder.add(client.prepareSearch(SecurityTemplateService.SECURITY_INDEX_NAME)
.setTypes(ROLE_DOC_TYPE)
.setQuery(QueryBuilders.existsQuery("indices.query"))
.setSize(0)
.setTerminateAfter(1));
}
MultiSearchResponse multiSearchResponse = builder.get();
int pos = 0;
Item[] responses = multiSearchResponse.getResponses();
if (responses[pos].isFailure() == false) {
count = responses[pos].getResponse().getHits().getTotalHits();
}
if (fls == false) {
if (responses[++pos].isFailure() == false) {
fls = responses[pos].getResponse().getHits().getTotalHits() > 0L;
}
}
if (dls == false) {
if (responses[++pos].isFailure() == false) {
dls = responses[pos].getResponse().getHits().getTotalHits() > 0L;
}
}
}
usageStats.put("size", count);
usageStats.put("fls", fls);
usageStats.put("dls", dls);
return usageStats;
}
private RoleAndVersion getRoleAndVersion(final String roleId) {
RoleAndVersion roleAndVersion = null;
final AtomicReference<GetResponse> getRef = new AtomicReference<>(null);
@ -345,7 +429,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
}
@Override
public void onFailure(Throwable t) {
public void onFailure(Exception t) {
if (t instanceof IndexNotFoundException) {
logger.trace("failed to retrieve role [{}] since security index does not exist", t, roleId);
} else {
@ -403,7 +487,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
}
@Override
public void onFailure(Throwable t) {
public void onFailure(Exception t) {
// Not really much to do here except for warn about it...
logger.warn("failed to clear scroll [{}] after retrieving roles", t, scrollId);
}
@ -441,7 +525,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
logger.error("unable to clear cache for role [{}]", e, role);
ElasticsearchException exception = new ElasticsearchException("clearing the cache for [" + role
+ "] failed. please clear the role cache manually", e);
@ -568,8 +652,8 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
}
@Override
public void onFailure(Throwable t) {
logger.error("error occurred while checking the native roles for changes", t);
public void onFailure(Exception e) {
logger.error("error occurred while checking the native roles for changes", e);
}
private boolean isStopped() {

View File

@ -19,6 +19,8 @@ import org.elasticsearch.xpack.security.user.SystemUser;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
/**
@ -55,6 +57,11 @@ public class ReservedRolesStore implements RolesStore {
}
}
@Override
public Map<String, Object> usageStats() {
return Collections.emptyMap();
}
public RoleDescriptor roleDescriptor(String role) {
switch (role) {
case SuperuserRole.NAME:

View File

@ -7,6 +7,8 @@ package org.elasticsearch.xpack.security.authz.store;
import org.elasticsearch.xpack.security.authz.permission.Role;
import java.util.Map;
/**
* An interface for looking up a role given a string role name
*/
@ -14,4 +16,5 @@ public interface RolesStore {
Role role(String role);
Map<String, Object> usageStats();
}

View File

@ -5,6 +5,7 @@
*/
package org.elasticsearch.xpack.security.crypto;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
@ -19,6 +20,10 @@ public class CryptoModule extends AbstractSecurityModule.Node {
@Override
protected void configureNode() {
if (securityEnabled == false) {
bind(CryptoService.class).toProvider(Providers.of(null));
return;
}
bind(InternalCryptoService.class).asEagerSingleton();
bind(CryptoService.class).to(InternalCryptoService.class).asEagerSingleton();
}

View File

@ -12,13 +12,12 @@ import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Setting.Property;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsModule;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.security.authc.support.CharArrays;
import org.elasticsearch.watcher.FileChangesListener;
import org.elasticsearch.watcher.FileWatcher;
import org.elasticsearch.watcher.ResourceWatcherService;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.security.authc.support.CharArrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
@ -28,6 +27,7 @@ import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
@ -45,12 +45,9 @@ import java.util.Objects;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.regex.Pattern;
import static org.elasticsearch.xpack.security.authc.support.SecuredString.constantTimeEquals;
import static org.elasticsearch.xpack.security.Security.setting;
import static org.elasticsearch.xpack.security.authc.support.SecuredString.constantTimeEquals;
/**
*
*/
public class InternalCryptoService extends AbstractLifecycleComponent implements CryptoService {
public static final String KEY_ALGO = "HmacSHA512";
@ -232,8 +229,8 @@ public class InternalCryptoService extends AbstractLifecycleComponent implements
base64RandomKey = pieces[2];
receivedSignature = pieces[3].substring(0, length);
text = pieces[3].substring(length);
} catch (Throwable t) {
logger.error("error occurred while parsing signed text", t);
} catch (Exception e) {
logger.error("error occurred while parsing signed text", e);
throw new IllegalArgumentException("tampered signed text");
}
@ -270,8 +267,8 @@ public class InternalCryptoService extends AbstractLifecycleComponent implements
if (constantTimeEquals(sig, receivedSignature)) {
return text;
}
} catch (Throwable t) {
logger.error("error occurred while verifying signed text", t);
} catch (Exception e) {
logger.error("error occurred while verifying signed text", e);
throw new IllegalStateException("error while verifying the signed text");
}
@ -543,29 +540,20 @@ public class InternalCryptoService extends AbstractLifecycleComponent implements
}
private void callListeners(SecretKey oldSystemKey, SecretKey oldEncryptionKey) {
Throwable th = null;
RuntimeException ex = null;
for (Listener listener : listeners) {
try {
listener.onKeyChange(oldSystemKey, oldEncryptionKey);
} catch (Throwable t) {
if (th == null) {
th = t;
} else {
th.addSuppressed(t);
}
} catch (Exception e) {
if (ex == null) ex = new RuntimeException("exception calling key change listeners");
ex.addSuppressed(e);
}
}
// all listeners were notified now rethrow
if (th != null) {
logger.error("called all key change listeners but one or more exceptions was thrown", th);
if (th instanceof RuntimeException) {
throw (RuntimeException) th;
} else if (th instanceof Error) {
throw (Error) th;
} else {
throw new RuntimeException(th);
}
if (ex != null) {
logger.error("called all key change listeners but one or more exceptions was thrown", ex);
throw ex;
}
}
}

View File

@ -7,12 +7,10 @@ package org.elasticsearch.xpack.security.crypto.tool;
import joptsimple.OptionSet;
import joptsimple.OptionSpec;
import joptsimple.util.KeyValuePair;
import org.elasticsearch.cli.Command;
import org.elasticsearch.cli.ExitCodes;
import org.elasticsearch.cli.SettingCommand;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.cli.UserError;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
import org.elasticsearch.common.settings.Settings;
@ -26,7 +24,6 @@ import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.PosixFileAttributeView;
import java.nio.file.attribute.PosixFilePermission;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
@ -65,7 +62,7 @@ public class SystemKeyTool extends SettingCommand {
if (options.hasArgument(arguments)) {
List<String> args = arguments.values(options);
if (args.size() > 1) {
throw new UserError(ExitCodes.USAGE, "No more than one key path can be supplied");
throw new UserException(ExitCodes.USAGE, "No more than one key path can be supplied");
}
keyPath = parsePath(args.get(0));
} else {

View File

@ -123,8 +123,8 @@ public abstract class AbstractSSLService extends AbstractComponent {
sslEngine.setEnabledCipherSuites(supportedCiphers(sslEngine.getSupportedCipherSuites(), ciphers, false));
} catch (ElasticsearchException e) {
throw e;
} catch (Throwable t) {
throw new IllegalArgumentException("failed loading cipher suites [" + Arrays.asList(ciphers) + "]", t);
} catch (Exception e) {
throw new IllegalArgumentException("failed loading cipher suites [" + Arrays.asList(ciphers) + "]", e);
}
try {

View File

@ -49,8 +49,8 @@ public class SelfReschedulingRunnable extends AbstractRunnable {
}
@Override
public void onFailure(Throwable t) {
logger.warn("failed to run scheduled task", t);
public void onFailure(Exception e) {
logger.warn("failed to run scheduled task", e);
}
@Override

View File

@ -34,8 +34,8 @@ public class SecurityClientTransportService extends TransportService {
try {
clientFilter.outbound(action, request);
super.sendRequest(node, action, request, options, handler);
} catch (Throwable t) {
handler.handleException(new TransportException("failed sending request", t));
} catch (Exception e) {
handler.handleException(new TransportException("failed sending request", e));
}
}

View File

@ -38,9 +38,6 @@ import static org.elasticsearch.xpack.security.transport.netty.SecurityNettyTran
import static org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport.PROFILE_CLIENT_AUTH_SETTING;
import static org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport.SSL_SETTING;
/**
*
*/
public class SecurityServerTransportService extends TransportService {
public static final String SETTING_NAME = "xpack.security.type";
@ -81,16 +78,16 @@ public class SecurityServerTransportService extends TransportService {
try {
clientFilter.outbound(action, request);
super.sendRequest(node, action, request, options, new ContextRestoreResponseHandler<>(original, handler));
} catch (Throwable t) {
handler.handleException(new TransportException("failed sending request", t));
} catch (Exception e) {
handler.handleException(new TransportException("failed sending request", e));
}
}
} else {
try {
clientFilter.outbound(action, request);
super.sendRequest(node, action, request, options, handler);
} catch (Throwable t) {
handler.handleException(new TransportException("failed sending request", t));
} catch (Exception e) {
handler.handleException(new TransportException("failed sending request", e));
}
}
}
@ -194,8 +191,8 @@ public class SecurityServerTransportService extends TransportService {
RequestContext context = new RequestContext(request, threadContext);
RequestContext.setCurrent(context);
handler.messageReceived(request, channel, task);
} catch (Throwable t) {
channel.sendResponse(t);
} catch (Exception e) {
channel.sendResponse(e);
} finally {
RequestContext.removeCurrent();
}

View File

@ -21,6 +21,11 @@ public class SecurityTransportModule extends AbstractSecurityModule {
@Override
protected void configure(boolean clientMode) {
if (securityEnabled == false) {
bind(IPFilter.class).toProvider(Providers.<IPFilter>of(null));
return;
}
if (clientMode) {
// no ip filtering on the client
bind(IPFilter.class).toProvider(Providers.<IPFilter>of(null));

View File

@ -130,6 +130,13 @@ public class IPFilter {
updateRules();
}
public Map<String, Object> usageStats() {
Map<String, Object> map = new HashMap<>(2);
map.put("http", Collections.singletonMap("enabled", isHttpFilterEnabled));
map.put("transport", Collections.singletonMap("enabled", isIpFilterEnabled));
return map;
}
private void setTransportProfiles(Settings settings) {
transportGroups = settings.getAsGroups();
updateRules();

View File

@ -26,14 +26,12 @@ import org.jboss.netty.channel.ChannelHandlerContext;
import org.jboss.netty.channel.ChannelPipeline;
import org.jboss.netty.channel.ChannelPipelineFactory;
import org.jboss.netty.channel.ChannelStateEvent;
import org.jboss.netty.channel.ExceptionEvent;
import org.jboss.netty.channel.SimpleChannelHandler;
import org.jboss.netty.handler.ssl.SslHandler;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import java.net.InetSocketAddress;
import java.util.Collections;
import java.util.List;
import static org.elasticsearch.xpack.security.Security.featureEnabledSetting;
@ -113,7 +111,7 @@ public class SecurityNettyTransport extends NettyTransport {
}
@Override
protected void onException(Channel channel, Throwable e) {
protected void onException(Channel channel, Exception e) {
if (isNotSslRecordException(e)) {
if (logger.isTraceEnabled()) {
logger.trace("received plaintext traffic on a encrypted channel, closing connection {}", e, channel);

View File

@ -146,7 +146,7 @@ public class ClearRealmsCacheTests extends SecurityIntegTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
error.set(e);
latch.countDown();
}

View File

@ -709,9 +709,9 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
SearchResponse response = client()
.filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD)))
.prepareSearch("test")
.addField("field1")
.addField("field2")
.addField("field3")
.addStoredField("field1")
.addStoredField("field2")
.addStoredField("field3")
.get();
assertThat(response.getHits().getAt(0).fields().size(), equalTo(1));
assertThat(response.getHits().getAt(0).fields().get("field1").<String>getValue(), equalTo("value1"));
@ -719,9 +719,9 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
// user2 is granted access to field2 only:
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD)))
.prepareSearch("test")
.addField("field1")
.addField("field2")
.addField("field3")
.addStoredField("field1")
.addStoredField("field2")
.addStoredField("field3")
.get();
assertThat(response.getHits().getAt(0).fields().size(), equalTo(1));
assertThat(response.getHits().getAt(0).fields().get("field2").<String>getValue(), equalTo("value2"));
@ -729,9 +729,9 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
// user3 is granted access to field1 and field2:
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user3", USERS_PASSWD)))
.prepareSearch("test")
.addField("field1")
.addField("field2")
.addField("field3")
.addStoredField("field1")
.addStoredField("field2")
.addStoredField("field3")
.get();
assertThat(response.getHits().getAt(0).fields().size(), equalTo(2));
assertThat(response.getHits().getAt(0).fields().get("field1").<String>getValue(), equalTo("value1"));
@ -740,18 +740,18 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
// user4 is granted access to no fields:
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user4", USERS_PASSWD)))
.prepareSearch("test")
.addField("field1")
.addField("field2")
.addField("field3")
.addStoredField("field1")
.addStoredField("field2")
.addStoredField("field3")
.get();
assertThat(response.getHits().getAt(0).fields().size(), equalTo(0));
// user5 has no field level security configured:
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user5", USERS_PASSWD)))
.prepareSearch("test")
.addField("field1")
.addField("field2")
.addField("field3")
.addStoredField("field1")
.addStoredField("field2")
.addStoredField("field3")
.get();
assertThat(response.getHits().getAt(0).fields().size(), equalTo(3));
assertThat(response.getHits().getAt(0).fields().get("field1").<String>getValue(), equalTo("value1"));
@ -761,9 +761,9 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
// user6 has field level security configured with access to field*:
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user6", USERS_PASSWD)))
.prepareSearch("test")
.addField("field1")
.addField("field2")
.addField("field3")
.addStoredField("field1")
.addStoredField("field2")
.addStoredField("field3")
.get();
assertThat(response.getHits().getAt(0).fields().size(), equalTo(3));
assertThat(response.getHits().getAt(0).fields().get("field1").<String>getValue(), equalTo("value1"));
@ -773,9 +773,9 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
// user7 has access to all fields due to a mix of roles without field level security and with:
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user7", USERS_PASSWD)))
.prepareSearch("test")
.addField("field1")
.addField("field2")
.addField("field3")
.addStoredField("field1")
.addStoredField("field2")
.addStoredField("field3")
.get();
assertThat(response.getHits().getAt(0).fields().size(), equalTo(3));
assertThat(response.getHits().getAt(0).fields().get("field1").<String>getValue(), equalTo("value1"));
@ -785,9 +785,9 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
// user8 has field level security configured with access to field1 and field2:
response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user8", USERS_PASSWD)))
.prepareSearch("test")
.addField("field1")
.addField("field2")
.addField("field3")
.addStoredField("field1")
.addStoredField("field2")
.addStoredField("field3")
.get();
assertThat(response.getHits().getAt(0).fields().size(), equalTo(2));
assertThat(response.getHits().getAt(0).fields().get("field1").<String>getValue(), equalTo("value1"));

View File

@ -5,12 +5,19 @@
*/
package org.elasticsearch.xpack.security;
import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.security.audit.AuditTrailService;
import org.elasticsearch.xpack.security.authc.Realm;
import org.elasticsearch.xpack.security.authc.Realms;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.xpack.XPackFeatureSet;
import org.elasticsearch.xpack.security.authz.store.RolesStore;
import org.elasticsearch.xpack.security.crypto.CryptoService;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.watcher.support.xcontent.XContentSource;
import org.junit.Before;
@ -21,6 +28,7 @@ import java.util.List;
import java.util.Map;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.core.Is.is;
import static org.mockito.Matchers.anyObject;
@ -34,24 +42,35 @@ import static org.mockito.Mockito.when;
*/
public class SecurityFeatureSetTests extends ESTestCase {
private Settings settings;
private SecurityLicenseState licenseState;
private Realms realms;
private NamedWriteableRegistry namedWriteableRegistry;
private IPFilter ipFilter;
private RolesStore rolesStore;
private AuditTrailService auditTrail;
private CryptoService cryptoService;
@Before
public void init() throws Exception {
settings = Settings.builder().put("path.home", createTempDir()).build();
licenseState = mock(SecurityLicenseState.class);
realms = mock(Realms.class);
namedWriteableRegistry = mock(NamedWriteableRegistry.class);
ipFilter = mock(IPFilter.class);
rolesStore = mock(RolesStore.class);
auditTrail = mock(AuditTrailService.class);
cryptoService = mock(CryptoService.class);
}
public void testWritableRegistration() throws Exception {
new SecurityFeatureSet(Settings.EMPTY, licenseState, realms, namedWriteableRegistry);
new SecurityFeatureSet(settings, licenseState, realms, namedWriteableRegistry, rolesStore, ipFilter, auditTrail, cryptoService);
verify(namedWriteableRegistry).register(eq(SecurityFeatureSet.Usage.class), eq("xpack.usage.security"), anyObject());
}
public void testAvailable() throws Exception {
SecurityFeatureSet featureSet = new SecurityFeatureSet(Settings.EMPTY, licenseState, realms, namedWriteableRegistry);
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings, licenseState, realms, namedWriteableRegistry, rolesStore,
ipFilter, auditTrail, cryptoService);
boolean available = randomBoolean();
when(licenseState.authenticationAndAuthorizationEnabled()).thenReturn(available);
assertThat(featureSet.available(), is(available));
@ -60,27 +79,60 @@ public class SecurityFeatureSetTests extends ESTestCase {
public void testEnabledSetting() throws Exception {
boolean enabled = randomBoolean();
Settings settings = Settings.builder()
.put(this.settings)
.put("xpack.security.enabled", enabled)
.build();
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings, licenseState, realms, namedWriteableRegistry);
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings, licenseState, realms, namedWriteableRegistry, rolesStore,
ipFilter, auditTrail, cryptoService);
assertThat(featureSet.enabled(), is(enabled));
}
public void testEnabledDefault() throws Exception {
SecurityFeatureSet featureSet = new SecurityFeatureSet(Settings.EMPTY, licenseState, realms, namedWriteableRegistry);
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings, licenseState, realms, namedWriteableRegistry, rolesStore,
ipFilter, auditTrail, cryptoService);
assertThat(featureSet.enabled(), is(true));
}
public void testUsage() throws Exception {
boolean available = randomBoolean();
when(licenseState.authenticationAndAuthorizationEnabled()).thenReturn(available);
boolean authcAuthzAvailable = randomBoolean();
when(licenseState.authenticationAndAuthorizationEnabled()).thenReturn(authcAuthzAvailable);
Settings.Builder settings = Settings.builder();
Settings.Builder settings = Settings.builder().put(this.settings);
boolean enabled = randomBoolean();
settings.put("xpack.security.enabled", enabled);
final boolean httpSSLEnabled = randomBoolean();
settings.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), httpSSLEnabled);
final boolean transportSSLEnabled = randomBoolean();
settings.put(SecurityNettyTransport.SSL_SETTING.getKey(), transportSSLEnabled);
final boolean auditingEnabled = randomBoolean();
final String[] auditOutputs = randomFrom(new String[] {"logfile"}, new String[] {"index"}, new String[] {"logfile", "index"});
when(auditTrail.usageStats())
.thenReturn(MapBuilder.<String, Object>newMapBuilder()
.put("enabled", auditingEnabled)
.put("outputs", auditOutputs)
.map());
final boolean httpIpFilterEnabled = randomBoolean();
final boolean transportIPFilterEnabled = randomBoolean();
when(ipFilter.usageStats())
.thenReturn(MapBuilder.<String, Object>newMapBuilder()
.put("http", Collections.singletonMap("enabled", httpIpFilterEnabled))
.put("transport", Collections.singletonMap("enabled", transportIPFilterEnabled))
.map());
final boolean rolesStoreEnabled = randomBoolean();
if (rolesStoreEnabled) {
when(rolesStore.usageStats()).thenReturn(Collections.singletonMap("count", 1));
} else {
when(rolesStore.usageStats()).thenReturn(Collections.emptyMap());
}
final boolean useSystemKey = randomBoolean();
when(cryptoService.encryptionEnabled()).thenReturn(useSystemKey);
List<Realm> realmsList= new ArrayList<>();
for (int i = 0; i < 5; i++) {
@ -93,24 +145,49 @@ public class SecurityFeatureSetTests extends ESTestCase {
realmUsage.put("key3", i % 2 == 0);
when(realm.usageStats()).thenReturn(realmUsage);
}
when(realms.iterator()).thenReturn(available ? realmsList.iterator() : Collections.<Realm>emptyIterator());
when(realms.iterator()).thenReturn(authcAuthzAvailable ? realmsList.iterator() : Collections.<Realm>emptyIterator());
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings.build(), licenseState, realms, namedWriteableRegistry);
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings.build(), licenseState, realms, namedWriteableRegistry, rolesStore,
ipFilter, auditTrail, cryptoService);
XPackFeatureSet.Usage usage = featureSet.usage();
assertThat(usage, is(notNullValue()));
assertThat(usage.name(), is(Security.NAME));
assertThat(usage.enabled(), is(enabled));
assertThat(usage.available(), is(available));
assertThat(usage.available(), is(authcAuthzAvailable));
XContentSource source = new XContentSource(usage);
if (enabled && available) {
for (int i = 0; i < 5; i++) {
assertThat(source.getValue("enabled_realms." + i + ".key1"), is("value" + i));
assertThat(source.getValue("enabled_realms." + i + ".key2"), is(i));
assertThat(source.getValue("enabled_realms." + i + ".key3"), is(i % 2 == 0));
if (enabled) {
if (authcAuthzAvailable) {
for (int i = 0; i < 5; i++) {
assertThat(source.getValue("enabled_realms." + i + ".key1"), is("value" + i));
assertThat(source.getValue("enabled_realms." + i + ".key2"), is(i));
assertThat(source.getValue("enabled_realms." + i + ".key3"), is(i % 2 == 0));
}
} else {
assertThat(source.getValue("enabled_realms"), is(notNullValue()));
}
} else if (enabled) {
assertThat(source.getValue("enabled_realms"), is(notNullValue()));
// check SSL
assertThat(source.getValue("ssl.http.enabled"), is(httpSSLEnabled));
assertThat(source.getValue("ssl.transport.enabled"), is(transportSSLEnabled));
// auditing
assertThat(source.getValue("audit.enabled"), is(auditingEnabled));
assertThat(source.getValue("audit.outputs"), contains(auditOutputs));
// ip filter
assertThat(source.getValue("ipfilter.http.enabled"), is(httpIpFilterEnabled));
assertThat(source.getValue("ipfilter.transport.enabled"), is(transportIPFilterEnabled));
// roles
if (rolesStoreEnabled) {
assertThat(source.getValue("roles.count"), is(1));
} else {
assertThat(((Map) source.getValue("roles")).isEmpty(), is(true));
}
// system key
assertThat(source.getValue("system_key"), is(useSystemKey));
} else {
assertThat(source.getValue("enabled_realms"), is(nullValue()));
}

View File

@ -33,6 +33,6 @@ public class VersionCompatibilityTests extends ESTestCase {
*
*/
assertThat("Remove workaround in LicenseService class when es core supports merging cluster level custom metadata",
Version.CURRENT.equals(Version.V_5_0_0_alpha4), is(true));
Version.CURRENT.equals(Version.V_5_0_0_alpha5), is(true));
}
}

View File

@ -55,7 +55,7 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -96,7 +96,7 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -108,7 +108,7 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
}
public void testException() {
final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException());
final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException());
final String roleName = randomFrom("admin", "dept_a", "restricted");
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
TransportDeleteRoleAction action = new TransportDeleteRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
@ -124,7 +124,7 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
Object[] args = invocation.getArguments();
assert args.length == 2;
ActionListener<Boolean> listener = (ActionListener<Boolean>) args[1];
listener.onFailure(t);
listener.onFailure(e);
return null;
}
}).when(rolesStore).deleteRole(eq(request), any(ActionListener.class));
@ -138,14 +138,14 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
assertThat(responseRef.get(), is(nullValue()));
assertThat(throwableRef.get(), is(notNullValue()));
assertThat(throwableRef.get(), is(sameInstance(t)));
assertThat(throwableRef.get(), is(sameInstance(e)));
verify(rolesStore, times(1)).deleteRole(eq(request), any(ActionListener.class));
}
}

View File

@ -89,7 +89,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -158,7 +158,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -251,7 +251,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -273,7 +273,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
}
public void testException() {
final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException());
final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException());
final List<RoleDescriptor> storeRoleDescriptors = randomRoleDescriptors();
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
SecurityContext context = mock(SecurityContext.class);
@ -290,7 +290,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
Object[] args = invocation.getArguments();
assert args.length == 2;
ActionListener<RoleDescriptor> listener = (ActionListener<RoleDescriptor>) args[1];
listener.onFailure(t);
listener.onFailure(e);
return null;
}
}).when(rolesStore).getRoleDescriptor(eq(request.names()[0]), any(ActionListener.class));
@ -301,7 +301,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
Object[] args = invocation.getArguments();
assert args.length == 2;
ActionListener<List<RoleDescriptor>> listener = (ActionListener<List<RoleDescriptor>>) args[1];
listener.onFailure(t);
listener.onFailure(e);
return null;
}
}).when(rolesStore).getRoleDescriptors(aryEq(request.names()), any(ActionListener.class));
@ -316,13 +316,13 @@ public class TransportGetRolesActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
assertThat(throwableRef.get(), is(notNullValue()));
assertThat(throwableRef.get(), is(t));
assertThat(throwableRef.get(), is(e));
assertThat(responseRef.get(), is(nullValue()));
}

View File

@ -56,7 +56,7 @@ public class TransportPutRoleActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -97,7 +97,7 @@ public class TransportPutRoleActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -109,7 +109,7 @@ public class TransportPutRoleActionTests extends ESTestCase {
}
public void testException() {
final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException());
final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException());
final String roleName = randomFrom("admin", "dept_a", "restricted");
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
TransportPutRoleAction action = new TransportPutRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
@ -124,7 +124,7 @@ public class TransportPutRoleActionTests extends ESTestCase {
Object[] args = invocation.getArguments();
assert args.length == 3;
ActionListener<Boolean> listener = (ActionListener<Boolean>) args[2];
listener.onFailure(t);
listener.onFailure(e);
return null;
}
}).when(rolesStore).putRole(eq(request), any(RoleDescriptor.class), any(ActionListener.class));
@ -138,14 +138,14 @@ public class TransportPutRoleActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
assertThat(responseRef.get(), is(nullValue()));
assertThat(throwableRef.get(), is(notNullValue()));
assertThat(throwableRef.get(), is(sameInstance(t)));
assertThat(throwableRef.get(), is(sameInstance(e)));
verify(rolesStore, times(1)).putRole(eq(request), any(RoleDescriptor.class), any(ActionListener.class));
}
}

View File

@ -47,7 +47,7 @@ public class TransportAuthenticateActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -72,7 +72,7 @@ public class TransportAuthenticateActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -99,7 +99,7 @@ public class TransportAuthenticateActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});

View File

@ -68,7 +68,7 @@ public class TransportChangePasswordActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -97,7 +97,7 @@ public class TransportChangePasswordActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -135,7 +135,7 @@ public class TransportChangePasswordActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -152,13 +152,13 @@ public class TransportChangePasswordActionTests extends ESTestCase {
ChangePasswordRequest request = new ChangePasswordRequest();
request.username(user.principal());
request.passwordHash(Hasher.BCRYPT.hash(new SecuredString("changeme".toCharArray())));
final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new RuntimeException());
final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new RuntimeException());
doAnswer(new Answer() {
public Void answer(InvocationOnMock invocation) {
Object[] args = invocation.getArguments();
assert args.length == 2;
ActionListener<Void> listener = (ActionListener<Void>) args[1];
listener.onFailure(t);
listener.onFailure(e);
return null;
}
}).when(usersStore).changePassword(eq(request), any(ActionListener.class));
@ -174,14 +174,14 @@ public class TransportChangePasswordActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
assertThat(responseRef.get(), is(nullValue()));
assertThat(throwableRef.get(), is(notNullValue()));
assertThat(throwableRef.get(), sameInstance(t));
assertThat(throwableRef.get(), sameInstance(e));
verify(usersStore, times(1)).changePassword(eq(request), any(ActionListener.class));
}
}

View File

@ -63,7 +63,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -90,7 +90,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -118,7 +118,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -156,7 +156,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -168,7 +168,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
}
public void testException() {
final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new RuntimeException());
final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new RuntimeException());
final User user = new User("joe");
NativeUsersStore usersStore = mock(NativeUsersStore.class);
TransportDeleteUserAction action = new TransportDeleteUserAction(Settings.EMPTY, mock(ThreadPool.class),
@ -180,7 +180,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
Object[] args = invocation.getArguments();
assert args.length == 2;
ActionListener<Boolean> listener = (ActionListener<Boolean>) args[1];
listener.onFailure(t);
listener.onFailure(e);
return null;
}
}).when(usersStore).deleteUser(eq(request), any(ActionListener.class));
@ -194,14 +194,14 @@ public class TransportDeleteUserActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
assertThat(responseRef.get(), is(nullValue()));
assertThat(throwableRef.get(), is(notNullValue()));
assertThat(throwableRef.get(), sameInstance(t));
assertThat(throwableRef.get(), sameInstance(e));
verify(usersStore, times(1)).deleteUser(eq(request), any(ActionListener.class));
}
}

View File

@ -84,7 +84,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -116,7 +116,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -147,7 +147,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -185,7 +185,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -242,7 +242,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -261,7 +261,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
}
public void testException() {
final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new ValidationException());
final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new ValidationException());
final List<User> storeUsers =
randomFrom(Collections.singletonList(new User("joe")), Arrays.asList(new User("jane"), new User("fred")), randomUsers());
final String[] storeUsernames = storeUsers.stream().map(User::principal).collect(Collectors.toList()).toArray(Strings.EMPTY_ARRAY);
@ -277,7 +277,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
Object[] args = invocation.getArguments();
assert args.length == 2;
ActionListener<List<User>> listener = (ActionListener<List<User>>) args[1];
listener.onFailure(t);
listener.onFailure(e);
return null;
}
}).when(usersStore).getUsers(aryEq(storeUsernames), any(ActionListener.class));
@ -288,7 +288,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
Object[] args = invocation.getArguments();
assert args.length == 2;
ActionListener<User> listener = (ActionListener<User>) args[1];
listener.onFailure(t);
listener.onFailure(e);
return null;
}
}).when(usersStore).getUser(eq(storeUsernames[0]), any(ActionListener.class));
@ -303,13 +303,13 @@ public class TransportGetUsersActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
assertThat(throwableRef.get(), is(notNullValue()));
assertThat(throwableRef.get(), is(sameInstance(t)));
assertThat(throwableRef.get(), is(sameInstance(e)));
assertThat(responseRef.get(), is(nullValue()));
if (request.usernames().length == 1) {
verify(usersStore, times(1)).getUser(eq(request.usernames()[0]), any(ActionListener.class));

View File

@ -67,7 +67,7 @@ public class TransportPutUserActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -95,7 +95,7 @@ public class TransportPutUserActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -124,7 +124,7 @@ public class TransportPutUserActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -167,7 +167,7 @@ public class TransportPutUserActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
@ -179,7 +179,7 @@ public class TransportPutUserActionTests extends ESTestCase {
}
public void testException() {
final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new ValidationException());
final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new ValidationException());
final User user = new User("joe");
NativeUsersStore usersStore = mock(NativeUsersStore.class);
TransportPutUserAction action = new TransportPutUserAction(Settings.EMPTY, mock(ThreadPool.class),
@ -192,7 +192,7 @@ public class TransportPutUserActionTests extends ESTestCase {
Object[] args = invocation.getArguments();
assert args.length == 2;
ActionListener<Boolean> listener = (ActionListener<Boolean>) args[1];
listener.onFailure(t);
listener.onFailure(e);
return null;
}
}).when(usersStore).putUser(eq(request), any(ActionListener.class));
@ -206,14 +206,14 @@ public class TransportPutUserActionTests extends ESTestCase {
}
@Override
public void onFailure(Throwable e) {
public void onFailure(Exception e) {
throwableRef.set(e);
}
});
assertThat(responseRef.get(), is(nullValue()));
assertThat(throwableRef.get(), is(notNullValue()));
assertThat(throwableRef.get(), sameInstance(t));
assertThat(throwableRef.get(), sameInstance(e));
verify(usersStore, times(1)).putUser(eq(request), any(ActionListener.class));
}
}

View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.xpack.security.audit;
import org.elasticsearch.Version;
import org.elasticsearch.common.inject.Guice;
import org.elasticsearch.common.inject.Injector;
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
@ -15,20 +14,17 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsModule;
import org.elasticsearch.indices.breaker.CircuitBreakerService;
import org.elasticsearch.node.Node;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.local.LocalTransport;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
/**
*
*/
public class AuditTrailModuleTests extends ESTestCase {
public void testEnabled() throws Exception {
Settings settings = Settings.builder()
@ -93,7 +89,7 @@ public class AuditTrailModuleTests extends ESTestCase {
try {
Guice.createInjector(settingsModule, new AuditTrailModule(settings));
fail("Expect initialization to fail when an unknown audit trail output is configured");
} catch (Throwable t) {
} catch (Exception e) {
// expected
}
}

View File

@ -17,20 +17,20 @@ import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.BoundTransportAddress;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.xpack.security.InternalClient;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail.State;
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
import org.elasticsearch.xpack.security.user.SystemUser;
import org.elasticsearch.xpack.security.user.User;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportMessage;
import org.junit.After;
import org.junit.Before;
@ -58,8 +58,8 @@ public class IndexAuditTrailMutedTests extends ESTestCase {
@Before
public void setup() {
transport = mock(Transport.class);
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { DummyTransportAddress.INSTANCE },
DummyTransportAddress.INSTANCE));
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() },
LocalTransportAddress.buildUnique()));
threadPool = new TestThreadPool("index audit trail tests");
transportClient = TransportClient.builder().settings(Settings.EMPTY).build();

View File

@ -21,21 +21,11 @@ import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.BoundTransportAddress;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.search.SearchHit;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail.Message;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.user.SystemUser;
import org.elasticsearch.xpack.security.user.User;
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.test.InternalTestCluster;
import org.elasticsearch.test.SecurityIntegTestCase;
@ -46,6 +36,15 @@ import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportInfo;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail.Message;
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.user.SystemUser;
import org.elasticsearch.xpack.security.user.User;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.joda.time.format.ISODateTimeFormat;
@ -64,12 +63,12 @@ import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
import static org.elasticsearch.test.InternalTestCluster.clusterName;
import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.DAILY;
import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.HOURLY;
import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.MONTHLY;
import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.WEEKLY;
import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
import static org.elasticsearch.test.InternalTestCluster.clusterName;
import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
@ -255,8 +254,8 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
Settings settings = builder.put(settings(rollover, includes, excludes)).build();
logger.info("--> settings: [{}]", settings.getAsMap().toString());
Transport transport = mock(Transport.class);
BoundTransportAddress boundTransportAddress = new BoundTransportAddress(new TransportAddress[]{DummyTransportAddress.INSTANCE},
DummyTransportAddress.INSTANCE);
BoundTransportAddress boundTransportAddress = new BoundTransportAddress(new TransportAddress[]{ remoteHostAddress()},
remoteHostAddress());
when(transport.boundAddress()).thenReturn(boundTransportAddress);
threadPool = new TestThreadPool("index audit trail tests");
enqueuedMessage = new SetOnce<>();
@ -279,7 +278,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
assertAuditMessage(hit, "transport", "anonymous_access_denied");
Map<String, Object> sourceMap = hit.sourceAsMap();
if (message instanceof RemoteHostMockMessage) {
assertEquals(remoteHostAddress(), sourceMap.get("origin_address"));
assertEquals(remoteHostAddress().toString(), sourceMap.get("origin_address"));
} else {
assertEquals("local[local_host]", sourceMap.get("origin_address"));
}
@ -316,7 +315,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
assertAuditMessage(hit, "transport", "authentication_failed");
if (message instanceof RemoteHostMockMessage) {
assertEquals(remoteHostAddress(), sourceMap.get("origin_address"));
assertEquals(remoteHostAddress().toString(), sourceMap.get("origin_address"));
} else {
assertEquals("local[local_host]", sourceMap.get("origin_address"));
}
@ -336,7 +335,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
assertAuditMessage(hit, "transport", "authentication_failed");
Map<String, Object> sourceMap = hit.sourceAsMap();
if (message instanceof RemoteHostMockMessage) {
assertEquals(remoteHostAddress(), sourceMap.get("origin_address"));
assertEquals(remoteHostAddress().toString(), sourceMap.get("origin_address"));
} else {
assertEquals("local[local_host]", sourceMap.get("origin_address"));
}
@ -391,7 +390,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
Map<String, Object> sourceMap = hit.sourceAsMap();
if (message instanceof RemoteHostMockMessage) {
assertEquals(remoteHostAddress(), sourceMap.get("origin_address"));
assertEquals(remoteHostAddress().toString(), sourceMap.get("origin_address"));
} else {
assertEquals("local[local_host]", sourceMap.get("origin_address"));
}
@ -621,8 +620,8 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
DateTime dateTime = ISODateTimeFormat.dateTimeParser().withZoneUTC().parseDateTime((String) sourceMap.get("@timestamp"));
assertThat(dateTime.isBefore(DateTime.now(DateTimeZone.UTC)), is(true));
assertThat(DummyTransportAddress.INSTANCE.getHost(), equalTo(sourceMap.get("node_host_name")));
assertThat(DummyTransportAddress.INSTANCE.getAddress(), equalTo(sourceMap.get("node_host_address")));
assertThat(remoteHostAddress().getHost(), equalTo(sourceMap.get("node_host_name")));
assertThat(remoteHostAddress().getAddress(), equalTo(sourceMap.get("node_host_address")));
assertEquals(layer, sourceMap.get("layer"));
assertEquals(type, sourceMap.get("event_type"));
@ -636,13 +635,13 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
private static class RemoteHostMockMessage extends TransportMessage {
RemoteHostMockMessage() throws Exception {
remoteAddress(DummyTransportAddress.INSTANCE);
remoteAddress(remoteHostAddress());
}
}
private static class RemoteHostMockTransportRequest extends TransportRequest {
RemoteHostMockTransportRequest() throws Exception {
remoteAddress(DummyTransportAddress.INSTANCE);
remoteAddress(remoteHostAddress());
}
}
@ -738,8 +737,8 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
return actionGet.getStatus();
}
static String remoteHostAddress() throws Exception {
return DummyTransportAddress.INSTANCE.toString();
private static LocalTransportAddress remoteHostAddress() {
return new LocalTransportAddress("_remote_host_");
}
}

View File

@ -10,7 +10,7 @@ import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.BoundTransportAddress;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.rest.FakeRestRequest;
@ -49,8 +49,8 @@ public class IndexAuditTrailUpdateMappingTests extends SecurityIntegTestCase {
Settings settings = Settings.builder().put("xpack.security.audit.index.rollover", rollover.name().toLowerCase(Locale.ENGLISH))
.put("path.home", createTempDir()).build();
Transport transport = mock(Transport.class);
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { DummyTransportAddress.INSTANCE },
DummyTransportAddress.INSTANCE));
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() },
LocalTransportAddress.buildUnique()));
auditor = new IndexAuditTrail(settings, transport, Providers.of(internalClient()), threadPool,
mock(ClusterService.class));

View File

@ -13,22 +13,21 @@ import org.elasticsearch.common.component.Lifecycle;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.BoundTransportAddress;
import org.elasticsearch.common.transport.DummyTransportAddress;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.xpack.security.user.SystemUser;
import org.elasticsearch.xpack.security.user.User;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger.Level;
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.security.rest.RemoteHostHeader;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.xpack.security.user.SystemUser;
import org.elasticsearch.xpack.security.user.User;
import org.junit.Before;
import java.io.IOException;
@ -115,8 +114,8 @@ public class LoggingAuditTrailTests extends ESTestCase {
.build();
transport = mock(Transport.class);
when(transport.lifecycleState()).thenReturn(Lifecycle.State.STARTED);
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { DummyTransportAddress.INSTANCE },
DummyTransportAddress.INSTANCE));
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() },
LocalTransportAddress.buildUnique()));
prefix = LoggingAuditTrail.resolvePrefix(settings, transport);
}

Some files were not shown because too many files have changed in this diff Show More