From d1c2698595b1771ffd6e476f8d4a57081dc59ea7 Mon Sep 17 00:00:00 2001 From: Simon Willnauer Date: Tue, 15 Sep 2015 15:51:22 +0200 Subject: [PATCH] Fix forbidden API usage from upstream Original commit: elastic/x-pack-elasticsearch@2bfcc83477644263733a89ddbcb40cf81f0fa5f8 --- .../marvel/agent/exporter/HttpESExporter.java | 14 +++++++------- .../shield/audit/index/IndexAuditTrail.java | 7 +++++-- .../shield/authc/esusers/tool/ESUsersTool.java | 4 ++-- .../org/elasticsearch/shield/authz/Permission.java | 13 ++++++++----- .../authz/accesscontrol/IndicesAccessControl.java | 4 ++-- .../shield/transport/filter/IPFilter.java | 8 ++++---- 6 files changed, 28 insertions(+), 22 deletions(-) diff --git a/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/HttpESExporter.java b/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/HttpESExporter.java index 80a188a127f..38893728404 100644 --- a/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/HttpESExporter.java +++ b/marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/HttpESExporter.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.marvel.agent.exporter; -import com.google.common.io.ByteStreams; import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.cluster.ClusterName; import org.elasticsearch.cluster.ClusterService; @@ -36,10 +35,7 @@ import org.joda.time.format.DateTimeFormat; import org.joda.time.format.DateTimeFormatter; import javax.net.ssl.*; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; +import java.io.*; import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URISyntaxException; @@ -467,7 +463,9 @@ public class HttpESExporter extends AbstractExporter implements private boolean checkAndUploadIndexTemplate(final String host) { byte[] template; try (InputStream is = getClass().getResourceAsStream("/marvel_index_template.json")) { - template = ByteStreams.toByteArray(is); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + Streams.copy(is, out); + template = out.toByteArray(); } catch (IOException e) { // throwing an exception to stop exporting process - we don't want to send data unless // we put in the template for it. @@ -493,7 +491,9 @@ public class HttpESExporter extends AbstractExporter implements if (conn.getResponseCode() == 200) { // verify content. InputStream is = conn.getInputStream(); - byte[] existingTemplate = ByteStreams.toByteArray(is); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + Streams.copy(is, out); + byte[] existingTemplate = out.toByteArray(); is.close(); int foundVersion = AgentUtils.parseIndexVersionFromTemplate(existingTemplate); if (foundVersion < 0) { diff --git a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java index 8489927d4c4..70a0cfe8b33 100644 --- a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java +++ b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java @@ -7,7 +7,6 @@ package org.elasticsearch.shield.audit.index; import com.google.common.base.Splitter; import com.google.common.collect.ImmutableSet; -import com.google.common.io.ByteStreams; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.admin.cluster.state.ClusterStateResponse; import org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsRequest; @@ -32,6 +31,7 @@ import org.elasticsearch.common.collect.Tuple; import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.inject.Provider; +import org.elasticsearch.common.io.Streams; import org.elasticsearch.common.network.NetworkAddress; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.InetSocketTransportAddress; @@ -60,6 +60,7 @@ import org.elasticsearch.transport.TransportRequest; import org.joda.time.DateTime; import org.joda.time.DateTimeZone; +import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.net.InetAddress; @@ -725,7 +726,9 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl void putTemplate(Settings customSettings) { try (InputStream is = getClass().getResourceAsStream("/" + INDEX_TEMPLATE_NAME + ".json")) { - final byte[] template = ByteStreams.toByteArray(is); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + Streams.copy(is, out); + final byte[] template = out.toByteArray(); PutIndexTemplateRequest request = new PutIndexTemplateRequest(INDEX_TEMPLATE_NAME).source(template); if (customSettings != null && customSettings.names().size() > 0) { Settings updatedSettings = Settings.builder() diff --git a/shield/src/main/java/org/elasticsearch/shield/authc/esusers/tool/ESUsersTool.java b/shield/src/main/java/org/elasticsearch/shield/authc/esusers/tool/ESUsersTool.java index 5a25eff29ea..68678318cce 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authc/esusers/tool/ESUsersTool.java +++ b/shield/src/main/java/org/elasticsearch/shield/authc/esusers/tool/ESUsersTool.java @@ -7,7 +7,6 @@ package org.elasticsearch.shield.authc.esusers.tool; import com.google.common.base.Joiner; import com.google.common.collect.ImmutableSet; -import com.google.common.collect.ObjectArrays; import org.apache.commons.cli.CommandLine; import org.elasticsearch.common.Strings; import org.elasticsearch.common.cli.CheckFileCommand; @@ -15,6 +14,7 @@ import org.elasticsearch.common.cli.CliTool; import org.elasticsearch.common.cli.CliToolConfig; import org.elasticsearch.common.cli.Terminal; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.ArrayUtils; import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.env.Environment; import org.elasticsearch.shield.authc.Realms; @@ -363,7 +363,7 @@ public class ESUsersTool extends CliTool { } // check for roles if they match - String[] allRoles = ObjectArrays.concat(addRoles, removeRoles, String.class); + String[] allRoles = ArrayUtils.concat(addRoles, removeRoles, String.class); for (String role : allRoles) { if (!ROLE_PATTERN.matcher(role).matches()) { terminal.println("Role name [%s] is not valid. Please use lowercase and numbers only", role); diff --git a/shield/src/main/java/org/elasticsearch/shield/authz/Permission.java b/shield/src/main/java/org/elasticsearch/shield/authz/Permission.java index 5d9a8d4f87c..b00d524a23a 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authz/Permission.java +++ b/shield/src/main/java/org/elasticsearch/shield/authz/Permission.java @@ -7,8 +7,6 @@ package org.elasticsearch.shield.authz; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; -import com.google.common.collect.Iterators; -import com.google.common.collect.UnmodifiableIterator; import org.elasticsearch.cluster.metadata.AliasOrIndex; import org.elasticsearch.cluster.metadata.IndexMetaData; import org.elasticsearch.cluster.metadata.MetaData; @@ -55,7 +53,7 @@ public interface Permission { boolean isEmpty(); - static class Global implements Permission { + class Global implements Permission { public static final Global NONE = new Global(Cluster.Core.NONE, Indices.Core.NONE, RunAs.Core.NONE); @@ -323,7 +321,7 @@ public interface Permission { @Override public Iterator iterator() { - return Iterators.forArray(groups); + return Arrays.asList(groups).iterator(); } public Group[] groups() { @@ -478,7 +476,7 @@ public interface Permission { } } - static class Iter extends UnmodifiableIterator { + static class Iter implements Iterator { private final Iterator globals; private Iterator current; @@ -500,6 +498,11 @@ public interface Permission { return group; } + @Override + public void remove() { + throw new UnsupportedOperationException(); + } + private void advance() { if (current != null && current.hasNext()) { return; diff --git a/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/IndicesAccessControl.java b/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/IndicesAccessControl.java index 0d84b3d75f5..485fa08265b 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/IndicesAccessControl.java +++ b/shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/IndicesAccessControl.java @@ -71,7 +71,7 @@ public class IndicesAccessControl { * this means that there are no field level restrictions */ @Nullable - public ImmutableSet getFields() { + public Set getFields() { return fields; } @@ -80,7 +80,7 @@ public class IndicesAccessControl { * then this means that there are no document level restrictions */ @Nullable - public ImmutableSet getQueries() { + public Set getQueries() { return queries; } diff --git a/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java b/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java index 772af248cb8..f7a72f3f1e5 100644 --- a/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java +++ b/shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java @@ -7,7 +7,6 @@ package org.elasticsearch.shield.transport.filter; import com.carrotsearch.hppc.ObjectObjectHashMap; import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ObjectArrays; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.collect.HppcMaps; import org.elasticsearch.common.component.AbstractLifecycleComponent; @@ -17,6 +16,7 @@ import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.inject.internal.Nullable; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.InetSocketTransportAddress; +import org.elasticsearch.common.util.ArrayUtils; import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.node.settings.NodeSettingsService; import org.elasticsearch.shield.audit.AuditTrail; @@ -147,7 +147,7 @@ public class IPFilter extends AbstractLifecycleComponent { InetAddress localAddress = ((InetSocketTransportAddress) this.httpServerTransport.boundAddress().boundAddress()).address().getAddress(); String[] httpAllowed = settings.getAsArray("shield.http.filter.allow", settings.getAsArray("transport.profiles.default.shield.filter.allow", settings.getAsArray("shield.transport.filter.allow"))); String[] httpDdenied = settings.getAsArray("shield.http.filter.deny", settings.getAsArray("transport.profiles.default.shield.filter.deny", settings.getAsArray("shield.transport.filter.deny"))); - profileRules.put(HTTP_PROFILE_NAME, ObjectArrays.concat(parseValue(httpAllowed, true, localAddress), parseValue(httpDdenied, false, localAddress), ShieldIpFilterRule.class)); + profileRules.put(HTTP_PROFILE_NAME, ArrayUtils.concat(parseValue(httpAllowed, true, localAddress), parseValue(httpDdenied, false, localAddress), ShieldIpFilterRule.class)); } if (isIpFilterEnabled && this.transport.lifecycleState() == Lifecycle.State.STARTED) { @@ -155,13 +155,13 @@ public class IPFilter extends AbstractLifecycleComponent { String[] allowed = settings.getAsArray("shield.transport.filter.allow"); String[] denied = settings.getAsArray("shield.transport.filter.deny"); - profileRules.put("default", ObjectArrays.concat(parseValue(allowed, true, localAddress), parseValue(denied, false, localAddress), ShieldIpFilterRule.class)); + profileRules.put("default", ArrayUtils.concat(parseValue(allowed, true, localAddress), parseValue(denied, false, localAddress), ShieldIpFilterRule.class)); Map groupedSettings = settings.getGroups("transport.profiles."); for (Map.Entry entry : groupedSettings.entrySet()) { String profile = entry.getKey(); Settings profileSettings = entry.getValue().getByPrefix("shield.filter."); - profileRules.put(profile, ObjectArrays.concat( + profileRules.put(profile, ArrayUtils.concat( parseValue(profileSettings.getAsArray("allow"), true, localAddress), parseValue(profileSettings.getAsArray("deny"), false, localAddress), ShieldIpFilterRule.class));