honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix forbidden API usage from upstream 

Original commit: elastic/x-pack-elasticsearch@2bfcc83477
This commit is contained in:
Simon Willnauer 2015-09-15 15:51:22 +02:00
parent 920b92ffd3
commit d1c2698595
6 changed files with 28 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
marvel/src/main/java/org/elasticsearch/marvel/agent/exporter/HttpESExporter.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.marvel.agent.exporter;
import com.google.common.io.ByteStreams;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.cluster.ClusterName;
import org.elasticsearch.cluster.ClusterService;
@ -36,10 +35,7 @@ import org.joda.time.format.DateTimeFormat;
import org.joda.time.format.DateTimeFormatter;
import javax.net.ssl.*;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.*;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
@ -467,7 +463,9 @@ public class HttpESExporter extends AbstractExporter<HttpESExporter> implements
private boolean checkAndUploadIndexTemplate(final String host) {
byte[] template;
try (InputStream is = getClass().getResourceAsStream("/marvel_index_template.json")) {
template = ByteStreams.toByteArray(is);
ByteArrayOutputStream out = new ByteArrayOutputStream();
Streams.copy(is, out);
template = out.toByteArray();
} catch (IOException e) {
// throwing an exception to stop exporting process - we don't want to send data unless
// we put in the template for it.
@ -493,7 +491,9 @@ public class HttpESExporter extends AbstractExporter<HttpESExporter> implements
if (conn.getResponseCode() == 200) {
// verify content.
InputStream is = conn.getInputStream();
byte[] existingTemplate = ByteStreams.toByteArray(is);
ByteArrayOutputStream out = new ByteArrayOutputStream();
Streams.copy(is, out);
byte[] existingTemplate = out.toByteArray();
is.close();
int foundVersion = AgentUtils.parseIndexVersionFromTemplate(existingTemplate);
if (foundVersion < 0) {

7
shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java
View File

@ -7,7 +7,6 @@ package org.elasticsearch.shield.audit.index;
import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableSet;
import com.google.common.io.ByteStreams;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.action.admin.cluster.state.ClusterStateResponse;
import org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsRequest;
@ -32,6 +31,7 @@ import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.Provider;
import org.elasticsearch.common.io.Streams;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
@ -60,6 +60,7 @@ import org.elasticsearch.transport.TransportRequest;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
@ -725,7 +726,9 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
void putTemplate(Settings customSettings) {
try (InputStream is = getClass().getResourceAsStream("/" + INDEX_TEMPLATE_NAME + ".json")) {
final byte[] template = ByteStreams.toByteArray(is);
ByteArrayOutputStream out = new ByteArrayOutputStream();
Streams.copy(is, out);
final byte[] template = out.toByteArray();
PutIndexTemplateRequest request = new PutIndexTemplateRequest(INDEX_TEMPLATE_NAME).source(template);
if (customSettings != null && customSettings.names().size() > 0) {
Settings updatedSettings = Settings.builder()

4
shield/src/main/java/org/elasticsearch/shield/authc/esusers/tool/ESUsersTool.java
View File

@ -7,7 +7,6 @@ package org.elasticsearch.shield.authc.esusers.tool;
import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.ObjectArrays;
import org.apache.commons.cli.CommandLine;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.cli.CheckFileCommand;
@ -15,6 +14,7 @@ import org.elasticsearch.common.cli.CliTool;
import org.elasticsearch.common.cli.CliToolConfig;
import org.elasticsearch.common.cli.Terminal;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.ArrayUtils;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.authc.Realms;
@ -363,7 +363,7 @@ public class ESUsersTool extends CliTool {
}
// check for roles if they match
String[] allRoles = ObjectArrays.concat(addRoles, removeRoles, String.class);
String[] allRoles = ArrayUtils.concat(addRoles, removeRoles, String.class);
for (String role : allRoles) {
if (!ROLE_PATTERN.matcher(role).matches()) {
terminal.println("Role name [%s] is not valid. Please use lowercase and numbers only", role);

13
shield/src/main/java/org/elasticsearch/shield/authz/Permission.java
View File

@ -7,8 +7,6 @@ package org.elasticsearch.shield.authz;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterators;
import com.google.common.collect.UnmodifiableIterator;
import org.elasticsearch.cluster.metadata.AliasOrIndex;
import org.elasticsearch.cluster.metadata.IndexMetaData;
import org.elasticsearch.cluster.metadata.MetaData;
@ -55,7 +53,7 @@ public interface Permission {
boolean isEmpty();
static class Global implements Permission {
class Global implements Permission {
public static final Global NONE = new Global(Cluster.Core.NONE, Indices.Core.NONE, RunAs.Core.NONE);
@ -323,7 +321,7 @@ public interface Permission {
@Override
public Iterator<Group> iterator() {
return Iterators.forArray(groups);
return Arrays.asList(groups).iterator();
}
public Group[] groups() {
@ -478,7 +476,7 @@ public interface Permission {
}
}
static class Iter extends UnmodifiableIterator<Group> {
static class Iter implements Iterator<Group> {
private final Iterator<Global> globals;
private Iterator<Group> current;
@ -500,6 +498,11 @@ public interface Permission {
return group;
}
@Override
public void remove() {
throw new UnsupportedOperationException();
}
private void advance() {
if (current != null && current.hasNext()) {
return;

4
shield/src/main/java/org/elasticsearch/shield/authz/accesscontrol/IndicesAccessControl.java
View File

@ -71,7 +71,7 @@ public class IndicesAccessControl {
* this means that there are no field level restrictions
*/
@Nullable
public ImmutableSet<String> getFields() {
public Set<String> getFields() {
return fields;
}
@ -80,7 +80,7 @@ public class IndicesAccessControl {
* then this means that there are no document level restrictions
*/
@Nullable
public ImmutableSet<BytesReference> getQueries() {
public Set<BytesReference> getQueries() {
return queries;
}

8
shield/src/main/java/org/elasticsearch/shield/transport/filter/IPFilter.java
View File

@ -7,7 +7,6 @@ package org.elasticsearch.shield.transport.filter;
import com.carrotsearch.hppc.ObjectObjectHashMap;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ObjectArrays;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.collect.HppcMaps;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
@ -17,6 +16,7 @@ import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.internal.Nullable;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.util.ArrayUtils;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.node.settings.NodeSettingsService;
import org.elasticsearch.shield.audit.AuditTrail;
@ -147,7 +147,7 @@ public class IPFilter extends AbstractLifecycleComponent<IPFilter> {
InetAddress localAddress = ((InetSocketTransportAddress) this.httpServerTransport.boundAddress().boundAddress()).address().getAddress();
String[] httpAllowed = settings.getAsArray("shield.http.filter.allow", settings.getAsArray("transport.profiles.default.shield.filter.allow", settings.getAsArray("shield.transport.filter.allow")));
String[] httpDdenied = settings.getAsArray("shield.http.filter.deny", settings.getAsArray("transport.profiles.default.shield.filter.deny", settings.getAsArray("shield.transport.filter.deny")));
profileRules.put(HTTP_PROFILE_NAME, ObjectArrays.concat(parseValue(httpAllowed, true, localAddress), parseValue(httpDdenied, false, localAddress), ShieldIpFilterRule.class));
profileRules.put(HTTP_PROFILE_NAME, ArrayUtils.concat(parseValue(httpAllowed, true, localAddress), parseValue(httpDdenied, false, localAddress), ShieldIpFilterRule.class));
}
if (isIpFilterEnabled && this.transport.lifecycleState() == Lifecycle.State.STARTED) {
@ -155,13 +155,13 @@ public class IPFilter extends AbstractLifecycleComponent<IPFilter> {
String[] allowed = settings.getAsArray("shield.transport.filter.allow");
String[] denied = settings.getAsArray("shield.transport.filter.deny");
profileRules.put("default", ObjectArrays.concat(parseValue(allowed, true, localAddress), parseValue(denied, false, localAddress), ShieldIpFilterRule.class));
profileRules.put("default", ArrayUtils.concat(parseValue(allowed, true, localAddress), parseValue(denied, false, localAddress), ShieldIpFilterRule.class));
Map<String, Settings> groupedSettings = settings.getGroups("transport.profiles.");
for (Map.Entry<String, Settings> entry : groupedSettings.entrySet()) {
String profile = entry.getKey();
Settings profileSettings = entry.getValue().getByPrefix("shield.filter.");
profileRules.put(profile, ObjectArrays.concat(
profileRules.put(profile, ArrayUtils.concat(
parseValue(profileSettings.getAsArray("allow"), true, localAddress),
parseValue(profileSettings.getAsArray("deny"), false, localAddress),
ShieldIpFilterRule.class));