From 8514b1422eaa39a2ae1ff1cbcfb1403112cee4eb Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Wed, 27 Jul 2016 22:38:18 -0700 Subject: [PATCH 01/15] Move License into xpack We currently have the license:base project, as well as license:licensor. Xpack depends on license base. This change moves all the base license code into xpack, and makes the license-tools (previously called licensor) depenend on x-pack. Original commit: elastic/x-pack-elasticsearch@7fd462ad6a363092f64eb623f5b337518f8ba075 --- .../bin/key-pair-generator | 0 .../bin/license-generator | 0 .../bin/verify-license | 0 .../licensor => license-tools}/build.gradle | 6 +- .../dev-tools/integration-tests.xml | 0 .../sample/license_spec.json | 0 .../license/licensor/LicenseSigner.java | 5 +- .../licensor/tools/KeyPairGeneratorTool.java | 4 +- .../licensor/tools/LicenseGeneratorTool.java | 2 +- .../tools/LicenseVerificationTool.java | 4 +- .../licensor/LicenseVerificationTests.java | 6 +- .../license/licensor/TestUtils.java | 4 +- .../tools/KeyPairGenerationToolTests.java | 0 .../tools/LicenseGenerationToolTests.java | 2 +- .../tools/LicenseVerificationToolTests.java | 2 +- .../src/test/resources/log4j.properties | 0 .../src/test/resources/private.key | Bin .../src/test/resources/public.key | 0 elasticsearch/license/README.md | 36 ---- elasticsearch/license/base/build.gradle | 20 -- .../elasticsearch/license/core/TestUtils.java | 201 ------------------ elasticsearch/license/build.gradle | 7 - .../src/test/resources/log4j.properties | 11 - .../licensor/src/test/resources/private.key | Bin 1232 -> 0 bytes elasticsearch/x-pack/build.gradle | 36 +--- .../elasticsearch/license}/CryptUtils.java | 2 +- .../org/elasticsearch/license}/DateUtils.java | 2 +- .../license/ExpirationCallback.java | 1 - .../license/GetLicenseResponse.java | 1 - .../org/elasticsearch/license}/License.java | 2 +- .../elasticsearch/license/LicenseService.java | 3 - .../license}/LicenseVerifier.java | 2 +- .../license/LicensesMetaData.java | 1 - .../license/LicensingClient.java | 1 - .../license}/OperationModeFileWatcher.java | 4 +- .../license/PutLicenseRequest.java | 3 +- .../license/PutLicenseRequestBuilder.java | 1 - .../license/RestGetLicenseAction.java | 1 - .../elasticsearch/license/TrialLicense.java | 5 +- .../elasticsearch/license/package-info.java | 2 +- .../AbstractLicenseServiceTestCase.java | 1 - .../AbstractLicensesIntegrationTestCase.java | 2 - .../license/ExpirationCallbackTests.java | 1 - .../license/LicenseClusterChangeTests.java | 1 - .../license}/LicenseOperationModeTests.java | 4 +- .../LicenseOperationModeUpdateTests.java | 7 +- .../license/LicenseScheduleTests.java | 1 - .../license}/LicenseSerializationTests.java | 2 +- .../license/LicenseServiceClusterTests.java | 1 - .../license/LicensesAcknowledgementTests.java | 1 - .../license/LicensesManagerServiceTests.java | 1 - .../LicensesMetaDataSerializationTests.java | 1 - .../license/LicensesTransportTests.java | 1 - .../OperationModeFileWatcherTests.java | 2 +- .../org/elasticsearch/license/TestUtils.java | 171 ++++++++++++++- .../license/TrialLicenseTests.java | 4 +- .../src/test/resources/public.key | 0 .../cluster/ClusterInfoMonitoringDoc.java | 2 +- .../resolver/cluster/ClusterInfoResolver.java | 2 +- .../cluster/ClusterInfoResolverTests.java | 2 +- .../resolver/cluster/ClusterInfoTests.java | 2 +- .../elasticsearch/license/LicensingTests.java | 1 - .../license/XPackLicenseStateTests.java | 14 +- .../license/XPackInfoResponse.java | 1 - .../license/XPackLicenseState.java | 2 +- .../action/TransportXPackInfoAction.java | 2 +- .../xpack/action/XPackUsageResponse.java | 12 -- .../action/TransportXPackInfoActionTests.java | 2 +- 68 files changed, 226 insertions(+), 394 deletions(-) rename elasticsearch/{license/licensor => license-tools}/bin/key-pair-generator (100%) rename elasticsearch/{license/licensor => license-tools}/bin/license-generator (100%) rename elasticsearch/{license/licensor => license-tools}/bin/verify-license (100%) rename elasticsearch/{license/licensor => license-tools}/build.gradle (66%) rename elasticsearch/{license/licensor => license-tools}/dev-tools/integration-tests.xml (100%) rename elasticsearch/{license/licensor => license-tools}/sample/license_spec.json (100%) rename elasticsearch/{license/licensor => license-tools}/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java (95%) rename elasticsearch/{license/licensor => license-tools}/src/main/java/org/elasticsearch/license/licensor/tools/KeyPairGeneratorTool.java (95%) rename elasticsearch/{license/licensor => license-tools}/src/main/java/org/elasticsearch/license/licensor/tools/LicenseGeneratorTool.java (98%) rename elasticsearch/{license/licensor => license-tools}/src/main/java/org/elasticsearch/license/licensor/tools/LicenseVerificationTool.java (97%) rename elasticsearch/{license/licensor => license-tools}/src/test/java/org/elasticsearch/license/licensor/LicenseVerificationTests.java (95%) rename elasticsearch/{license/licensor => license-tools}/src/test/java/org/elasticsearch/license/licensor/TestUtils.java (99%) rename elasticsearch/{license/licensor => license-tools}/src/test/java/org/elasticsearch/license/licensor/tools/KeyPairGenerationToolTests.java (100%) rename elasticsearch/{license/licensor => license-tools}/src/test/java/org/elasticsearch/license/licensor/tools/LicenseGenerationToolTests.java (98%) rename elasticsearch/{license/licensor => license-tools}/src/test/java/org/elasticsearch/license/licensor/tools/LicenseVerificationToolTests.java (98%) rename elasticsearch/{license/base => license-tools}/src/test/resources/log4j.properties (100%) rename elasticsearch/{license/base => license-tools}/src/test/resources/private.key (100%) rename elasticsearch/{license/base => license-tools}/src/test/resources/public.key (100%) delete mode 100644 elasticsearch/license/README.md delete mode 100644 elasticsearch/license/base/build.gradle delete mode 100644 elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/TestUtils.java delete mode 100644 elasticsearch/license/build.gradle delete mode 100644 elasticsearch/license/licensor/src/test/resources/log4j.properties delete mode 100644 elasticsearch/license/licensor/src/test/resources/private.key rename elasticsearch/{license/base/src/main/java/org/elasticsearch/license/core => x-pack/license-plugin/src/main/java/org/elasticsearch/license}/CryptUtils.java (99%) rename elasticsearch/{license/base/src/main/java/org/elasticsearch/license/core => x-pack/license-plugin/src/main/java/org/elasticsearch/license}/DateUtils.java (97%) rename elasticsearch/{license/base/src/main/java/org/elasticsearch/license/core => x-pack/license-plugin/src/main/java/org/elasticsearch/license}/License.java (99%) rename elasticsearch/{license/base/src/main/java/org/elasticsearch/license/core => x-pack/license-plugin/src/main/java/org/elasticsearch/license}/LicenseVerifier.java (98%) rename elasticsearch/{license/base/src/main/java/org/elasticsearch/license/core => x-pack/license-plugin/src/main/java/org/elasticsearch/license}/OperationModeFileWatcher.java (97%) rename elasticsearch/{license/base/src/test/java/org/elasticsearch/license/core => x-pack/license-plugin/src/test/java/org/elasticsearch/license}/LicenseOperationModeTests.java (95%) rename elasticsearch/{license/base/src/test/java/org/elasticsearch/license/core => x-pack/license-plugin/src/test/java/org/elasticsearch/license}/LicenseOperationModeUpdateTests.java (92%) rename elasticsearch/{license/base/src/test/java/org/elasticsearch/license/core => x-pack/license-plugin/src/test/java/org/elasticsearch/license}/LicenseSerializationTests.java (99%) rename elasticsearch/{license/base/src/test/java/org/elasticsearch/license/core => x-pack/license-plugin/src/test/java/org/elasticsearch/license}/OperationModeFileWatcherTests.java (99%) rename elasticsearch/{license/licensor => x-pack/license-plugin}/src/test/resources/public.key (100%) diff --git a/elasticsearch/license/licensor/bin/key-pair-generator b/elasticsearch/license-tools/bin/key-pair-generator similarity index 100% rename from elasticsearch/license/licensor/bin/key-pair-generator rename to elasticsearch/license-tools/bin/key-pair-generator diff --git a/elasticsearch/license/licensor/bin/license-generator b/elasticsearch/license-tools/bin/license-generator similarity index 100% rename from elasticsearch/license/licensor/bin/license-generator rename to elasticsearch/license-tools/bin/license-generator diff --git a/elasticsearch/license/licensor/bin/verify-license b/elasticsearch/license-tools/bin/verify-license similarity index 100% rename from elasticsearch/license/licensor/bin/verify-license rename to elasticsearch/license-tools/bin/verify-license diff --git a/elasticsearch/license/licensor/build.gradle b/elasticsearch/license-tools/build.gradle similarity index 66% rename from elasticsearch/license/licensor/build.gradle rename to elasticsearch/license-tools/build.gradle index 33f66883b2f..2fbc288b337 100644 --- a/elasticsearch/license/licensor/build.gradle +++ b/elasticsearch/license-tools/build.gradle @@ -1,9 +1,13 @@ apply plugin: 'elasticsearch.build' dependencies { - compile project(':x-plugins:elasticsearch:license:base') + compile project(':x-plugins:elasticsearch:x-pack') compile "org.elasticsearch:elasticsearch:${version}" testCompile "org.elasticsearch.test:framework:${version}" } +project.forbiddenPatterns { + exclude '**/*.key' +} + dependencyLicenses.enabled = false diff --git a/elasticsearch/license/licensor/dev-tools/integration-tests.xml b/elasticsearch/license-tools/dev-tools/integration-tests.xml similarity index 100% rename from elasticsearch/license/licensor/dev-tools/integration-tests.xml rename to elasticsearch/license-tools/dev-tools/integration-tests.xml diff --git a/elasticsearch/license/licensor/sample/license_spec.json b/elasticsearch/license-tools/sample/license_spec.json similarity index 100% rename from elasticsearch/license/licensor/sample/license_spec.json rename to elasticsearch/license-tools/sample/license_spec.json diff --git a/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java b/elasticsearch/license-tools/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java similarity index 95% rename from elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java rename to elasticsearch/license-tools/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java index 0bebf26532f..ab6b9a61d5b 100644 --- a/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java +++ b/elasticsearch/license-tools/src/main/java/org/elasticsearch/license/licensor/LicenseSigner.java @@ -7,13 +7,12 @@ package org.elasticsearch.license.licensor; import org.apache.lucene.util.BytesRef; import org.apache.lucene.util.BytesRefIterator; -import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.license.core.CryptUtils; -import org.elasticsearch.license.core.License; +import org.elasticsearch.license.CryptUtils; +import org.elasticsearch.license.License; import java.io.IOException; import java.nio.ByteBuffer; diff --git a/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/tools/KeyPairGeneratorTool.java b/elasticsearch/license-tools/src/main/java/org/elasticsearch/license/licensor/tools/KeyPairGeneratorTool.java similarity index 95% rename from elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/tools/KeyPairGeneratorTool.java rename to elasticsearch/license-tools/src/main/java/org/elasticsearch/license/licensor/tools/KeyPairGeneratorTool.java index 0e31670f864..ba3a0c82d50 100644 --- a/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/tools/KeyPairGeneratorTool.java +++ b/elasticsearch/license-tools/src/main/java/org/elasticsearch/license/licensor/tools/KeyPairGeneratorTool.java @@ -20,8 +20,8 @@ import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.SecureRandom; -import static org.elasticsearch.license.core.CryptUtils.writeEncryptedPrivateKey; -import static org.elasticsearch.license.core.CryptUtils.writeEncryptedPublicKey; +import static org.elasticsearch.license.CryptUtils.writeEncryptedPrivateKey; +import static org.elasticsearch.license.CryptUtils.writeEncryptedPublicKey; public class KeyPairGeneratorTool extends Command { diff --git a/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/tools/LicenseGeneratorTool.java b/elasticsearch/license-tools/src/main/java/org/elasticsearch/license/licensor/tools/LicenseGeneratorTool.java similarity index 98% rename from elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/tools/LicenseGeneratorTool.java rename to elasticsearch/license-tools/src/main/java/org/elasticsearch/license/licensor/tools/LicenseGeneratorTool.java index feaa4dc3a74..de1b9e52428 100644 --- a/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/tools/LicenseGeneratorTool.java +++ b/elasticsearch/license-tools/src/main/java/org/elasticsearch/license/licensor/tools/LicenseGeneratorTool.java @@ -20,7 +20,7 @@ import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.license.core.License; +import org.elasticsearch.license.License; import org.elasticsearch.license.licensor.LicenseSigner; public class LicenseGeneratorTool extends Command { diff --git a/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/tools/LicenseVerificationTool.java b/elasticsearch/license-tools/src/main/java/org/elasticsearch/license/licensor/tools/LicenseVerificationTool.java similarity index 97% rename from elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/tools/LicenseVerificationTool.java rename to elasticsearch/license-tools/src/main/java/org/elasticsearch/license/licensor/tools/LicenseVerificationTool.java index 9a6d67bceef..90cf11afea5 100644 --- a/elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/tools/LicenseVerificationTool.java +++ b/elasticsearch/license-tools/src/main/java/org/elasticsearch/license/licensor/tools/LicenseVerificationTool.java @@ -20,8 +20,8 @@ import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.license.core.License; -import org.elasticsearch.license.core.LicenseVerifier; +import org.elasticsearch.license.License; +import org.elasticsearch.license.LicenseVerifier; public class LicenseVerificationTool extends Command { diff --git a/elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/LicenseVerificationTests.java b/elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/LicenseVerificationTests.java similarity index 95% rename from elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/LicenseVerificationTests.java rename to elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/LicenseVerificationTests.java index 37cc3f024a4..fc0b459a80a 100644 --- a/elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/LicenseVerificationTests.java +++ b/elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/LicenseVerificationTests.java @@ -6,9 +6,9 @@ package org.elasticsearch.license.licensor; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.license.core.DateUtils; -import org.elasticsearch.license.core.License; -import org.elasticsearch.license.core.LicenseVerifier; +import org.elasticsearch.license.DateUtils; +import org.elasticsearch.license.License; +import org.elasticsearch.license.LicenseVerifier; import org.elasticsearch.test.ESTestCase; import org.junit.After; import org.junit.Before; diff --git a/elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/TestUtils.java b/elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/TestUtils.java similarity index 99% rename from elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/TestUtils.java rename to elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/TestUtils.java index 3dc45d2d0ad..14e1c95b415 100644 --- a/elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/TestUtils.java +++ b/elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/TestUtils.java @@ -13,8 +13,8 @@ import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.license.core.DateUtils; -import org.elasticsearch.license.core.License; +import org.elasticsearch.license.DateUtils; +import org.elasticsearch.license.License; import org.elasticsearch.test.ESTestCase; import org.hamcrest.MatcherAssert; import org.joda.time.format.DateTimeFormatter; diff --git a/elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/tools/KeyPairGenerationToolTests.java b/elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/tools/KeyPairGenerationToolTests.java similarity index 100% rename from elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/tools/KeyPairGenerationToolTests.java rename to elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/tools/KeyPairGenerationToolTests.java diff --git a/elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/tools/LicenseGenerationToolTests.java b/elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/tools/LicenseGenerationToolTests.java similarity index 98% rename from elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/tools/LicenseGenerationToolTests.java rename to elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/tools/LicenseGenerationToolTests.java index e75e1509887..b763d5c115a 100644 --- a/elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/tools/LicenseGenerationToolTests.java +++ b/elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/tools/LicenseGenerationToolTests.java @@ -13,7 +13,7 @@ import org.elasticsearch.cli.Command; import org.elasticsearch.cli.CommandTestCase; import org.elasticsearch.cli.ExitCodes; import org.elasticsearch.cli.UserException; -import org.elasticsearch.license.core.License; +import org.elasticsearch.license.License; import org.elasticsearch.license.licensor.TestUtils; import org.junit.Before; diff --git a/elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/tools/LicenseVerificationToolTests.java b/elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/tools/LicenseVerificationToolTests.java similarity index 98% rename from elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/tools/LicenseVerificationToolTests.java rename to elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/tools/LicenseVerificationToolTests.java index f35dfa84de1..66e2d6eef64 100644 --- a/elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/tools/LicenseVerificationToolTests.java +++ b/elasticsearch/license-tools/src/test/java/org/elasticsearch/license/licensor/tools/LicenseVerificationToolTests.java @@ -14,7 +14,7 @@ import org.elasticsearch.cli.CommandTestCase; import org.elasticsearch.cli.ExitCodes; import org.elasticsearch.cli.UserException; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.license.core.License; +import org.elasticsearch.license.License; import org.elasticsearch.license.licensor.TestUtils; import org.junit.Before; diff --git a/elasticsearch/license/base/src/test/resources/log4j.properties b/elasticsearch/license-tools/src/test/resources/log4j.properties similarity index 100% rename from elasticsearch/license/base/src/test/resources/log4j.properties rename to elasticsearch/license-tools/src/test/resources/log4j.properties diff --git a/elasticsearch/license/base/src/test/resources/private.key b/elasticsearch/license-tools/src/test/resources/private.key similarity index 100% rename from elasticsearch/license/base/src/test/resources/private.key rename to elasticsearch/license-tools/src/test/resources/private.key diff --git a/elasticsearch/license/base/src/test/resources/public.key b/elasticsearch/license-tools/src/test/resources/public.key similarity index 100% rename from elasticsearch/license/base/src/test/resources/public.key rename to elasticsearch/license-tools/src/test/resources/public.key diff --git a/elasticsearch/license/README.md b/elasticsearch/license/README.md deleted file mode 100644 index 37aecd4c25f..00000000000 --- a/elasticsearch/license/README.md +++ /dev/null @@ -1,36 +0,0 @@ -elasticsearch-license -===================== - -Elasticsearch Licensing core, tools and plugin - -## Core - -Contains core data structures, utilities used by **Licensor** and **Plugin**. - -See `core/` and `core-shaded/` - -## Licensor - -Contains a collection of tools to generate key-pairs, licenses and validate licenses. - -See `licensor/` - -see [wiki] (https://github.com/elasticsearch/elasticsearch-license/wiki) for documentation on -[Licensing Tools Usage & Reference] (https://github.com/elasticsearch/elasticsearch-license/wiki/License-Tools-Usage-&-Reference) - -## Plugin - -**NOTE**: The license plugin has to be packaged with the right public key when being deployed to public repositories in maven -or uploaded to s3. Use `-Dkeys.path=` with maven command to package the plugin with a specified key. - -See `plugin/` - -see [Getting Started] (https://github.com/elasticsearch/elasticsearch-license/blob/master/docs/getting-started.asciidoc) to install license plugin. - -see [Licensing REST APIs] (https://github.com/elasticsearch/elasticsearch-license/blob/master/docs/license.asciidoc) -to use the license plugin from an elasticsearch deployment. - -see [wiki] (https://github.com/elasticsearch/elasticsearch-license/wiki) for documentation on - - [License Plugin Consumer Interface] (https://github.com/elasticsearch/elasticsearch-license/wiki/License---Consumer-Interface) - - [License Plugin Release Process] (https://github.com/elasticsearch/elasticsearch-license/wiki/Plugin-Release-Process) - - [License Plugin Design] (https://github.com/elasticsearch/elasticsearch-license/wiki/License-Plugin--Design) diff --git a/elasticsearch/license/base/build.gradle b/elasticsearch/license/base/build.gradle deleted file mode 100644 index c76fb7c7579..00000000000 --- a/elasticsearch/license/base/build.gradle +++ /dev/null @@ -1,20 +0,0 @@ -apply plugin: 'elasticsearch.build' - -dependencies { - compile "org.elasticsearch:elasticsearch:${version}" - testCompile "org.elasticsearch.test:framework:${version}" -} - -compactProfile = 'full' - -dependencyLicenses.enabled = false - -jar { - baseName = 'license-core' -} - -modifyPom { - project { - artifactId 'license-core' - } -} diff --git a/elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/TestUtils.java b/elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/TestUtils.java deleted file mode 100644 index d2b8e998e43..00000000000 --- a/elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/TestUtils.java +++ /dev/null @@ -1,201 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.license.core; - -import org.elasticsearch.common.joda.DateMathParser; -import org.elasticsearch.common.joda.FormatDateTimeFormatter; -import org.elasticsearch.common.joda.Joda; -import org.elasticsearch.common.xcontent.XContentBuilder; -import org.hamcrest.MatcherAssert; -import org.joda.time.format.DateTimeFormatter; - -import java.io.IOException; -import java.util.UUID; -import java.util.concurrent.Callable; - -import static com.carrotsearch.randomizedtesting.RandomizedTest.randomBoolean; -import static com.carrotsearch.randomizedtesting.RandomizedTest.randomInt; -import static com.carrotsearch.randomizedtesting.RandomizedTest.randomIntBetween; -import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; -import static org.elasticsearch.test.ESTestCase.randomFrom; -import static org.hamcrest.core.IsEqual.equalTo; - -public class TestUtils { - - private static final FormatDateTimeFormatter formatDateTimeFormatter = Joda.forPattern("yyyy-MM-dd"); - private static final DateMathParser dateMathParser = new DateMathParser(formatDateTimeFormatter); - private static final DateTimeFormatter dateTimeFormatter = formatDateTimeFormatter.printer(); - - public static String dateMathString(String time, final long now) { - return dateTimeFormatter.print(dateMathParser.parse(time, new Callable() { - @Override - public Long call() throws Exception { - return now; - } - })); - } - - public static long dateMath(String time, final long now) { - return dateMathParser.parse(time, new Callable() { - @Override - public Long call() throws Exception { - return now; - } - }); - } - - public static LicenseSpec generateRandomLicenseSpec(int version) { - boolean datesInMillis = randomBoolean(); - long now = System.currentTimeMillis(); - String uid = UUID.randomUUID().toString(); - String feature = "feature__" + randomInt(); - String issuer = "issuer__" + randomInt(); - String issuedTo = "issuedTo__" + randomInt(); - final String type; - final String subscriptionType; - if (version < License.VERSION_NO_FEATURE_TYPE) { - subscriptionType = randomFrom("gold", "silver", "platinum"); - type = "subscription";//randomFrom("subscription", "internal", "development"); - } else { - subscriptionType = null; - type = randomFrom("basic", "dev", "gold", "silver", "platinum"); - } - int maxNodes = randomIntBetween(5, 100); - if (datesInMillis) { - long issueDateInMillis = dateMath("now", now); - long expiryDateInMillis = dateMath("now+10d/d", now); - return new LicenseSpec(version, uid, feature, issueDateInMillis, expiryDateInMillis, type, subscriptionType, issuedTo, issuer, - maxNodes); - } else { - String issueDate = dateMathString("now", now); - String expiryDate = dateMathString("now+10d/d", now); - return new LicenseSpec(version, uid, feature, issueDate, expiryDate, type, subscriptionType, issuedTo, issuer, maxNodes); - } - } - - public static String generateLicenseSpecString(LicenseSpec licenseSpec) throws IOException { - XContentBuilder licenses = jsonBuilder(); - licenses.startObject(); - licenses.startArray("licenses"); - licenses.startObject() - .field("uid", licenseSpec.uid) - .field("type", licenseSpec.type) - .field("subscription_type", licenseSpec.subscriptionType) - .field("issued_to", licenseSpec.issuedTo) - .field("issuer", licenseSpec.issuer) - .field("feature", licenseSpec.feature) - .field("max_nodes", licenseSpec.maxNodes); - - if (licenseSpec.issueDate != null) { - licenses.field("issue_date", licenseSpec.issueDate); - } else { - licenses.field("issue_date_in_millis", licenseSpec.issueDateInMillis); - } - if (licenseSpec.expiryDate != null) { - licenses.field("expiry_date", licenseSpec.expiryDate); - } else { - licenses.field("expiry_date_in_millis", licenseSpec.expiryDateInMillis); - } - licenses.field("version", licenseSpec.version); - licenses.endObject(); - licenses.endArray(); - licenses.endObject(); - return licenses.string(); - } - - public static License generateLicenses(LicenseSpec spec) { - License.Builder builder = License.builder() - .uid(spec.uid) - .feature(spec.feature) - .type(spec.type) - .subscriptionType(spec.subscriptionType) - .issuedTo(spec.issuedTo) - .issuer(spec.issuer) - .maxNodes(spec.maxNodes); - - if (spec.expiryDate != null) { - builder.expiryDate(DateUtils.endOfTheDay(spec.expiryDate)); - } else { - builder.expiryDate(spec.expiryDateInMillis); - } - if (spec.issueDate != null) { - builder.issueDate(DateUtils.beginningOfTheDay(spec.issueDate)); - } else { - builder.issueDate(spec.issueDateInMillis); - } - return builder.build(); - } - - public static void assertLicenseSpec(LicenseSpec spec, License license) { - MatcherAssert.assertThat(license.uid(), equalTo(spec.uid)); - MatcherAssert.assertThat(license.issuedTo(), equalTo(spec.issuedTo)); - MatcherAssert.assertThat(license.issuer(), equalTo(spec.issuer)); - MatcherAssert.assertThat(license.type(), equalTo(spec.type)); - MatcherAssert.assertThat(license.maxNodes(), equalTo(spec.maxNodes)); - if (spec.issueDate != null) { - MatcherAssert.assertThat(license.issueDate(), equalTo(DateUtils.beginningOfTheDay(spec.issueDate))); - } else { - MatcherAssert.assertThat(license.issueDate(), equalTo(spec.issueDateInMillis)); - } - if (spec.expiryDate != null) { - MatcherAssert.assertThat(license.expiryDate(), equalTo(DateUtils.endOfTheDay(spec.expiryDate))); - } else { - MatcherAssert.assertThat(license.expiryDate(), equalTo(spec.expiryDateInMillis)); - } - } - - public static class LicenseSpec { - public final int version; - public final String feature; - public final String issueDate; - public final long issueDateInMillis; - public final String expiryDate; - public final long expiryDateInMillis; - public final String uid; - public final String type; - public final String subscriptionType; - public final String issuedTo; - public final String issuer; - public final int maxNodes; - - public LicenseSpec(String issueDate, String expiryDate) { - this(License.VERSION_CURRENT, UUID.randomUUID().toString(), "feature", issueDate, expiryDate, "trial", "none", "customer", - "elasticsearch", 5); - } - - public LicenseSpec(int version, String uid, String feature, long issueDateInMillis, long expiryDateInMillis, String type, - String subscriptionType, String issuedTo, String issuer, int maxNodes) { - this.version = version; - this.feature = feature; - this.issueDateInMillis = issueDateInMillis; - this.issueDate = null; - this.expiryDateInMillis = expiryDateInMillis; - this.expiryDate = null; - this.uid = uid; - this.type = type; - this.subscriptionType = subscriptionType; - this.issuedTo = issuedTo; - this.issuer = issuer; - this.maxNodes = maxNodes; - } - - public LicenseSpec(int version, String uid, String feature, String issueDate, String expiryDate, String type, - String subscriptionType, String issuedTo, String issuer, int maxNodes) { - this.version = version; - this.feature = feature; - this.issueDate = issueDate; - this.issueDateInMillis = -1; - this.expiryDate = expiryDate; - this.expiryDateInMillis = -1; - this.uid = uid; - this.type = type; - this.subscriptionType = subscriptionType; - this.issuedTo = issuedTo; - this.issuer = issuer; - this.maxNodes = maxNodes; - } - } -} diff --git a/elasticsearch/license/build.gradle b/elasticsearch/license/build.gradle deleted file mode 100644 index b4e221e7884..00000000000 --- a/elasticsearch/license/build.gradle +++ /dev/null @@ -1,7 +0,0 @@ -subprojects { - project.afterEvaluate { - project.forbiddenPatterns { - exclude '**/*.key' - } - } -} diff --git a/elasticsearch/license/licensor/src/test/resources/log4j.properties b/elasticsearch/license/licensor/src/test/resources/log4j.properties deleted file mode 100644 index 76defc8660c..00000000000 --- a/elasticsearch/license/licensor/src/test/resources/log4j.properties +++ /dev/null @@ -1,11 +0,0 @@ -es.logger.level=INFO -log4j.rootLogger=${es.logger.level}, out - -log4j.logger.org.apache.http=INFO, out -log4j.additivity.org.apache.http=false - -log4j.logger.org.elasticsearch.license=TRACE - -log4j.appender.out=org.apache.log4j.ConsoleAppender -log4j.appender.out.layout=org.apache.log4j.PatternLayout -log4j.appender.out.layout.conversionPattern=[%d{ISO8601}][%-5p][%-25c] %m%n diff --git a/elasticsearch/license/licensor/src/test/resources/private.key b/elasticsearch/license/licensor/src/test/resources/private.key deleted file mode 100644 index 1f545803d875598d976b206250d5e95667c794ef..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1232 zcmV;>1TXv1%Bc_wbLO>E3}&#D<@-rDJ$(p047kR zkI3mLE>J{X5~_|GE5>Bxd81`fV@~0j8z81fwu78=uPV1?-b_fL$snD`NE}Zsv(l}S z+Dr52K=W~W#&Y(zE)IK9$=-71EtPe#X0XhttX&@1ia@?lvh&>PD=A#>rfdl2Ru)*H zKaKRTp&qI~gmO-)fq;gzrbngk1r$cUKd~25@6;rjPJf6eLtCHTaDU8Rbt#KGKlZ%g zPd`h6iZ4kWgcXo9P=@b~YoN9WQmtytp^dd%)MXVsW%n~=T9#TzSWvr*YCR25X&mo6 zJoJz>&ju@jBz@-J;se7XMiU5&x@g8>FTI*r^O6Xv2(VF_R@Vk3wQBmIE>&XqH^t=M z5_c~f_`fm)R~9ZqEv|Ma3$nQ}LvHLD`h~L2VKXBZwZnP`c6%Qwnwq8Z0!hd2+^*Gk z6R7QdYCwK?kavUU0Vd*Mq5K{M!Vk zzSLrHwA_oZsoml1+m@@Wyh8$ZA^E2_FpxTTRz7~A$x?V+XFW0!aa4^L&A*^Evlz{gN8ae8h9=J=b zC8F19FN`xNpxA!48b`dGRK3GbQMOho1>byaB*psVh{^^yqVL4J0~$j7viqxma>pYOhkH~PwpJT1j6^yHDMWGO{vw8PyI zIrYD&$F3e@0!346r3BY7JkLDD+7E5EE6oiV(gQ62K@eQRE&#pRq81Tut!V+1TCM~srn6-g`!g_`uozhhJEnN6u9$5|& zLC>$@xw*^CD*fb$ngUWU)yZ%TqX*wM!HU2(O2RRFnw&?^e*xOZWZ?n`No9lb?BLpV=@K}hkB uJ-}qCO)pTE(AWQ24*9x_mu179!iEY^J(*;5;=+=*kZC+fDbTdAaQBA - pom.withXml { XmlProvider xml -> - // first find if we have dependencies at all, and grab the node - NodeList depsNodes = xml.asNode().get('dependencies') - if (depsNodes.isEmpty()) { - return - } - - // find the 'base' dependency and replace it with the correct name because the project name is - // always used even when the pom of the other project is correct - Iterator childNodeIter = depsNodes.get(0).children().iterator() - while (childNodeIter.hasNext()) { - Node depNode = childNodeIter.next() - String groupId = depNode.get('groupId').get(0).text() - Node artifactIdNode = depNode.get('artifactId').get(0) - String artifactId = artifactIdNode.text() - String scope = depNode.get("scope").get(0).text() - if (groupId.equals('org.elasticsearch') && artifactId.equals('base')) { - artifactIdNode.replaceNode(new Node(null, 'artifactId', 'license-core')) - } else if ('test'.equals(scope)) { - childNodeIter.remove() - } - } - } -} diff --git a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/CryptUtils.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/CryptUtils.java similarity index 99% rename from elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/CryptUtils.java rename to elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/CryptUtils.java index 6940d121402..c3c69d5bfcd 100644 --- a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/CryptUtils.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/CryptUtils.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.license.core; +package org.elasticsearch.license; import javax.crypto.BadPaddingException; diff --git a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/DateUtils.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/DateUtils.java similarity index 97% rename from elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/DateUtils.java rename to elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/DateUtils.java index 3a25ebebe50..74183ab5e05 100644 --- a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/DateUtils.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/DateUtils.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.license.core; +package org.elasticsearch.license; import org.elasticsearch.common.joda.FormatDateTimeFormatter; import org.elasticsearch.common.joda.Joda; diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/ExpirationCallback.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/ExpirationCallback.java index 4aab4114b01..3f0e6833c36 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/ExpirationCallback.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/ExpirationCallback.java @@ -7,7 +7,6 @@ package org.elasticsearch.license; import org.elasticsearch.common.logging.LoggerMessageFormat; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.license.core.License; import org.elasticsearch.xpack.scheduler.SchedulerEngine; import java.util.UUID; diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/GetLicenseResponse.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/GetLicenseResponse.java index 171ccbbbdbb..53339269560 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/GetLicenseResponse.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/GetLicenseResponse.java @@ -8,7 +8,6 @@ package org.elasticsearch.license; import org.elasticsearch.action.ActionResponse; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; -import org.elasticsearch.license.core.License; import java.io.IOException; diff --git a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/License.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/License.java similarity index 99% rename from elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/License.java rename to elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/License.java index f07d38edeed..a4d3491b9d2 100644 --- a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/License.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/License.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.license.core; +package org.elasticsearch.license; import org.apache.lucene.util.CollectionUtil; import org.elasticsearch.ElasticsearchException; diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicenseService.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicenseService.java index e1486dd119e..7e5ae2b0390 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicenseService.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicenseService.java @@ -25,9 +25,6 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.env.Environment; import org.elasticsearch.gateway.GatewayService; -import org.elasticsearch.license.core.License; -import org.elasticsearch.license.core.LicenseVerifier; -import org.elasticsearch.license.core.OperationModeFileWatcher; import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.XPackPlugin; import org.elasticsearch.xpack.scheduler.SchedulerEngine; diff --git a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/LicenseVerifier.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicenseVerifier.java similarity index 98% rename from elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/LicenseVerifier.java rename to elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicenseVerifier.java index 49f8c0c2b14..af37ea0341c 100644 --- a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/LicenseVerifier.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicenseVerifier.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.license.core; +package org.elasticsearch.license; import org.apache.lucene.util.BytesRef; import org.apache.lucene.util.BytesRefIterator; diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicensesMetaData.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicensesMetaData.java index 1c69ae7b5f4..326f6eae907 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicensesMetaData.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicensesMetaData.java @@ -11,7 +11,6 @@ import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentParser; -import org.elasticsearch.license.core.License; import java.io.IOException; import java.util.EnumSet; diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicensingClient.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicensingClient.java index 6c4aa551211..882e5bcc85b 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicensingClient.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/LicensingClient.java @@ -7,7 +7,6 @@ package org.elasticsearch.license; import org.elasticsearch.action.ActionListener; import org.elasticsearch.client.ElasticsearchClient; -import org.elasticsearch.license.core.License; /** * diff --git a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/OperationModeFileWatcher.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/OperationModeFileWatcher.java similarity index 97% rename from elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/OperationModeFileWatcher.java rename to elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/OperationModeFileWatcher.java index da3c080d987..28c81530381 100644 --- a/elasticsearch/license/base/src/main/java/org/elasticsearch/license/core/OperationModeFileWatcher.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/OperationModeFileWatcher.java @@ -3,11 +3,11 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.license.core; +package org.elasticsearch.license; import org.elasticsearch.common.logging.ESLogger; -import org.elasticsearch.license.core.License.OperationMode; +import org.elasticsearch.license.License.OperationMode; import org.elasticsearch.watcher.FileChangesListener; import org.elasticsearch.watcher.FileWatcher; import org.elasticsearch.watcher.ResourceWatcherService; diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/PutLicenseRequest.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/PutLicenseRequest.java index b63358d5358..7b8e63f8f18 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/PutLicenseRequest.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/PutLicenseRequest.java @@ -10,7 +10,6 @@ import org.elasticsearch.action.ValidateActions; import org.elasticsearch.action.support.master.AcknowledgedRequest; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; -import org.elasticsearch.license.core.License; import java.io.IOException; @@ -29,7 +28,7 @@ public class PutLicenseRequest extends AcknowledgedRequest { } /** - * Parses license from json format to an instance of {@link org.elasticsearch.license.core.License} + * Parses license from json format to an instance of {@link License} * * @param licenseDefinition licenses definition */ diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/PutLicenseRequestBuilder.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/PutLicenseRequestBuilder.java index d0aae11d113..87750405efb 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/PutLicenseRequestBuilder.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/PutLicenseRequestBuilder.java @@ -7,7 +7,6 @@ package org.elasticsearch.license; import org.elasticsearch.action.support.master.AcknowledgedRequestBuilder; import org.elasticsearch.client.ElasticsearchClient; -import org.elasticsearch.license.core.License; /** * Register license request builder diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/RestGetLicenseAction.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/RestGetLicenseAction.java index 6c8ace79353..309d6b8a3ed 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/RestGetLicenseAction.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/RestGetLicenseAction.java @@ -9,7 +9,6 @@ import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; -import org.elasticsearch.license.core.License; import org.elasticsearch.rest.BytesRestResponse; import org.elasticsearch.rest.RestChannel; import org.elasticsearch.rest.RestController; diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/TrialLicense.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/TrialLicense.java index b816a71bb32..bc24032f643 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/TrialLicense.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/TrialLicense.java @@ -11,15 +11,14 @@ import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.license.core.License; import java.io.IOException; import java.nio.ByteBuffer; import java.util.Base64; import java.util.Collections; -import static org.elasticsearch.license.core.CryptUtils.decrypt; -import static org.elasticsearch.license.core.CryptUtils.encrypt; +import static org.elasticsearch.license.CryptUtils.decrypt; +import static org.elasticsearch.license.CryptUtils.encrypt; class TrialLicense { diff --git a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/package-info.java b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/package-info.java index 4565f23630b..25373122ea6 100644 --- a/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/package-info.java +++ b/elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/package-info.java @@ -7,7 +7,7 @@ /** * Licensing for xpack. * - * A {@link org.elasticsearch.license.core.License} is a signed set of json properties that determine what features + * A {@link org.elasticsearch.license.License} is a signed set of json properties that determine what features * are available in a running cluster. Licenses are registered through a * {@link org.elasticsearch.license.PutLicenseRequest}. This action is handled by the master node, which places * the signed license into the cluster state. Each node listens for cluster state updates via the diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/AbstractLicenseServiceTestCase.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/AbstractLicenseServiceTestCase.java index 9b712926cf5..7f3e247db92 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/AbstractLicenseServiceTestCase.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/AbstractLicenseServiceTestCase.java @@ -17,7 +17,6 @@ import org.elasticsearch.common.component.Lifecycle; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.LocalTransportAddress; import org.elasticsearch.env.Environment; -import org.elasticsearch.license.core.License; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.support.clock.ClockMock; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/AbstractLicensesIntegrationTestCase.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/AbstractLicensesIntegrationTestCase.java index a6ed13c31ac..976cd4ee9b7 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/AbstractLicensesIntegrationTestCase.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/AbstractLicensesIntegrationTestCase.java @@ -11,8 +11,6 @@ import org.elasticsearch.cluster.ClusterStateUpdateTask; import org.elasticsearch.cluster.metadata.MetaData; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.license.core.License; -import org.elasticsearch.license.LicensesMetaData; import org.elasticsearch.xpack.monitoring.Monitoring; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.xpack.security.Security; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/ExpirationCallbackTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/ExpirationCallbackTests.java index 383a82612b8..921ca45082a 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/ExpirationCallbackTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/ExpirationCallbackTests.java @@ -6,7 +6,6 @@ package org.elasticsearch.license; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.license.core.License; import org.elasticsearch.test.ESTestCase; import static org.elasticsearch.common.unit.TimeValue.timeValueMillis; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseClusterChangeTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseClusterChangeTests.java index c3f2c789165..fe85d691d0a 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseClusterChangeTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseClusterChangeTests.java @@ -15,7 +15,6 @@ import org.elasticsearch.cluster.node.DiscoveryNode; import org.elasticsearch.cluster.node.DiscoveryNodes; import org.elasticsearch.common.transport.LocalTransportAddress; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.license.core.License; import org.junit.After; import org.junit.Before; import org.mockito.ArgumentCaptor; diff --git a/elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/LicenseOperationModeTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseOperationModeTests.java similarity index 95% rename from elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/LicenseOperationModeTests.java rename to elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseOperationModeTests.java index 6947a515298..e803d8772f0 100644 --- a/elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/LicenseOperationModeTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseOperationModeTests.java @@ -3,13 +3,13 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.license.core; +package org.elasticsearch.license; import org.elasticsearch.test.ESTestCase; import java.util.Locale; -import static org.elasticsearch.license.core.License.OperationMode; +import static org.elasticsearch.license.License.OperationMode; import static org.hamcrest.Matchers.equalTo; /** diff --git a/elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/LicenseOperationModeUpdateTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseOperationModeUpdateTests.java similarity index 92% rename from elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/LicenseOperationModeUpdateTests.java rename to elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseOperationModeUpdateTests.java index 8bd379862cc..a6933128791 100644 --- a/elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/LicenseOperationModeUpdateTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseOperationModeUpdateTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.license.core; +package org.elasticsearch.license; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.watcher.FileWatcher; @@ -12,7 +12,6 @@ import org.junit.Before; import java.nio.file.Path; -import static org.elasticsearch.license.core.OperationModeFileWatcherTests.writeMode; import static org.hamcrest.Matchers.equalTo; import static org.mockito.Matchers.any; import static org.mockito.Matchers.eq; @@ -47,7 +46,7 @@ public class LicenseOperationModeUpdateTests extends ESTestCase { .build(); assertThat(license.operationMode(), equalTo(License.OperationMode.resolve(type))); - writeMode("gold", licenseModeFile); + OperationModeFileWatcherTests.writeMode("gold", licenseModeFile); license.setOperationModeFileWatcher(operationModeFileWatcher); verifyZeroInteractions(resourceWatcherService); assertThat(license.operationMode(), equalTo(License.OperationMode.resolve(type))); @@ -65,7 +64,7 @@ public class LicenseOperationModeUpdateTests extends ESTestCase { .build(); assertThat(license.operationMode(), equalTo(License.OperationMode.PLATINUM)); - writeMode("gold", licenseModeFile); + OperationModeFileWatcherTests.writeMode("gold", licenseModeFile); license.setOperationModeFileWatcher(operationModeFileWatcher); verify(resourceWatcherService, times(1)).add(any(FileWatcher.class), eq(ResourceWatcherService.Frequency.HIGH)); assertThat(license.operationMode(), equalTo(License.OperationMode.GOLD)); diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseScheduleTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseScheduleTests.java index e6a1a269a22..844b14dd676 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseScheduleTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseScheduleTests.java @@ -6,7 +6,6 @@ package org.elasticsearch.license; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.license.core.License; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.scheduler.SchedulerEngine; import org.junit.Before; diff --git a/elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/LicenseSerializationTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseSerializationTests.java similarity index 99% rename from elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/LicenseSerializationTests.java rename to elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseSerializationTests.java index c79ae1df6bc..31d869d9c9b 100644 --- a/elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/LicenseSerializationTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseSerializationTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.license.core; +package org.elasticsearch.license; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseServiceClusterTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseServiceClusterTests.java index cc7eb26c2b8..96a373603e7 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseServiceClusterTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicenseServiceClusterTests.java @@ -9,7 +9,6 @@ import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.env.Environment; -import org.elasticsearch.license.core.License; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.xpack.MockNetty3Plugin; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesAcknowledgementTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesAcknowledgementTests.java index 7d3b365d847..faf468eef07 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesAcknowledgementTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesAcknowledgementTests.java @@ -8,7 +8,6 @@ package org.elasticsearch.license; import org.elasticsearch.action.ActionListener; import org.elasticsearch.cluster.ClusterStateUpdateTask; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.license.core.License; import static org.elasticsearch.license.TestUtils.generateSignedLicense; import static org.hamcrest.Matchers.equalTo; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesManagerServiceTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesManagerServiceTests.java index a22deeccdc5..83706610731 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesManagerServiceTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesManagerServiceTests.java @@ -15,7 +15,6 @@ import org.elasticsearch.cluster.ack.ClusterStateUpdateResponse; import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.license.core.License; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.test.ESSingleNodeTestCase; import org.elasticsearch.xpack.XPackPlugin; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesMetaDataSerializationTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesMetaDataSerializationTests.java index 1dc65966368..18cbe641463 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesMetaDataSerializationTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesMetaDataSerializationTests.java @@ -17,7 +17,6 @@ import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.license.core.License; import org.elasticsearch.test.ESTestCase; import java.util.Collections; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesTransportTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesTransportTests.java index e471d8df328..00155d4bfd4 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesTransportTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/LicensesTransportTests.java @@ -8,7 +8,6 @@ package org.elasticsearch.license; import org.elasticsearch.action.ActionFuture; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.license.core.License; import org.elasticsearch.xpack.monitoring.Monitoring; import org.elasticsearch.node.Node; import org.elasticsearch.plugins.Plugin; diff --git a/elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/OperationModeFileWatcherTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/OperationModeFileWatcherTests.java similarity index 99% rename from elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/OperationModeFileWatcherTests.java rename to elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/OperationModeFileWatcherTests.java index a51ea032c91..71868fd85df 100644 --- a/elasticsearch/license/base/src/test/java/org/elasticsearch/license/core/OperationModeFileWatcherTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/OperationModeFileWatcherTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.license.core; +package org.elasticsearch.license; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.ESTestCase; diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/TestUtils.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/TestUtils.java index bd6c75430c8..a871dfdc181 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/TestUtils.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/TestUtils.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.license; +import com.carrotsearch.randomizedtesting.RandomizedTest; import org.elasticsearch.action.ActionListener; import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.joda.DateMathParser; @@ -15,10 +16,12 @@ import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.license.core.License; import org.elasticsearch.license.licensor.LicenseSigner; +import org.hamcrest.MatcherAssert; +import org.joda.time.format.DateTimeFormatter; import org.junit.Assert; +import java.io.IOException; import java.nio.file.Path; import java.util.ArrayList; import java.util.List; @@ -27,6 +30,9 @@ import java.util.concurrent.Callable; import java.util.concurrent.CountDownLatch; import java.util.concurrent.atomic.AtomicReference; +import static com.carrotsearch.randomizedtesting.RandomizedTest.randomBoolean; +import static com.carrotsearch.randomizedtesting.RandomizedTest.randomInt; +import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.test.ESTestCase.assertNotNull; import static org.elasticsearch.test.ESTestCase.awaitBusy; import static org.elasticsearch.test.ESTestCase.randomAsciiOfLength; @@ -39,6 +45,16 @@ public class TestUtils { private static final FormatDateTimeFormatter formatDateTimeFormatter = Joda.forPattern("yyyy-MM-dd"); private static final DateMathParser dateMathParser = new DateMathParser(formatDateTimeFormatter); + private static final DateTimeFormatter dateTimeFormatter = formatDateTimeFormatter.printer(); + + public static String dateMathString(String time, final long now) { + return dateTimeFormatter.print(dateMathParser.parse(time, new Callable() { + @Override + public Long call() throws Exception { + return now; + } + })); + } public static long dateMath(String time, final long now) { return dateMathParser.parse(time, new Callable() { @@ -48,6 +64,159 @@ public class TestUtils { } }); } + + public static LicenseSpec generateRandomLicenseSpec(int version) { + boolean datesInMillis = randomBoolean(); + long now = System.currentTimeMillis(); + String uid = UUID.randomUUID().toString(); + String feature = "feature__" + randomInt(); + String issuer = "issuer__" + randomInt(); + String issuedTo = "issuedTo__" + randomInt(); + final String type; + final String subscriptionType; + if (version < License.VERSION_NO_FEATURE_TYPE) { + subscriptionType = randomFrom("gold", "silver", "platinum"); + type = "subscription";//randomFrom("subscription", "internal", "development"); + } else { + subscriptionType = null; + type = randomFrom("basic", "dev", "gold", "silver", "platinum"); + } + int maxNodes = RandomizedTest.randomIntBetween(5, 100); + if (datesInMillis) { + long issueDateInMillis = dateMath("now", now); + long expiryDateInMillis = dateMath("now+10d/d", now); + return new LicenseSpec(version, uid, feature, issueDateInMillis, expiryDateInMillis, type, subscriptionType, issuedTo, issuer, + maxNodes); + } else { + String issueDate = dateMathString("now", now); + String expiryDate = dateMathString("now+10d/d", now); + return new LicenseSpec(version, uid, feature, issueDate, expiryDate, type, subscriptionType, issuedTo, issuer, maxNodes); + } + } + + public static String generateLicenseSpecString(LicenseSpec licenseSpec) throws IOException { + XContentBuilder licenses = jsonBuilder(); + licenses.startObject(); + licenses.startArray("licenses"); + licenses.startObject() + .field("uid", licenseSpec.uid) + .field("type", licenseSpec.type) + .field("subscription_type", licenseSpec.subscriptionType) + .field("issued_to", licenseSpec.issuedTo) + .field("issuer", licenseSpec.issuer) + .field("feature", licenseSpec.feature) + .field("max_nodes", licenseSpec.maxNodes); + + if (licenseSpec.issueDate != null) { + licenses.field("issue_date", licenseSpec.issueDate); + } else { + licenses.field("issue_date_in_millis", licenseSpec.issueDateInMillis); + } + if (licenseSpec.expiryDate != null) { + licenses.field("expiry_date", licenseSpec.expiryDate); + } else { + licenses.field("expiry_date_in_millis", licenseSpec.expiryDateInMillis); + } + licenses.field("version", licenseSpec.version); + licenses.endObject(); + licenses.endArray(); + licenses.endObject(); + return licenses.string(); + } + + public static License generateLicenses(LicenseSpec spec) { + License.Builder builder = License.builder() + .uid(spec.uid) + .feature(spec.feature) + .type(spec.type) + .subscriptionType(spec.subscriptionType) + .issuedTo(spec.issuedTo) + .issuer(spec.issuer) + .maxNodes(spec.maxNodes); + + if (spec.expiryDate != null) { + builder.expiryDate(DateUtils.endOfTheDay(spec.expiryDate)); + } else { + builder.expiryDate(spec.expiryDateInMillis); + } + if (spec.issueDate != null) { + builder.issueDate(DateUtils.beginningOfTheDay(spec.issueDate)); + } else { + builder.issueDate(spec.issueDateInMillis); + } + return builder.build(); + } + + public static void assertLicenseSpec(LicenseSpec spec, License license) { + MatcherAssert.assertThat(license.uid(), equalTo(spec.uid)); + MatcherAssert.assertThat(license.issuedTo(), equalTo(spec.issuedTo)); + MatcherAssert.assertThat(license.issuer(), equalTo(spec.issuer)); + MatcherAssert.assertThat(license.type(), equalTo(spec.type)); + MatcherAssert.assertThat(license.maxNodes(), equalTo(spec.maxNodes)); + if (spec.issueDate != null) { + MatcherAssert.assertThat(license.issueDate(), equalTo(DateUtils.beginningOfTheDay(spec.issueDate))); + } else { + MatcherAssert.assertThat(license.issueDate(), equalTo(spec.issueDateInMillis)); + } + if (spec.expiryDate != null) { + MatcherAssert.assertThat(license.expiryDate(), equalTo(DateUtils.endOfTheDay(spec.expiryDate))); + } else { + MatcherAssert.assertThat(license.expiryDate(), equalTo(spec.expiryDateInMillis)); + } + } + + public static class LicenseSpec { + public final int version; + public final String feature; + public final String issueDate; + public final long issueDateInMillis; + public final String expiryDate; + public final long expiryDateInMillis; + public final String uid; + public final String type; + public final String subscriptionType; + public final String issuedTo; + public final String issuer; + public final int maxNodes; + + public LicenseSpec(String issueDate, String expiryDate) { + this(License.VERSION_CURRENT, UUID.randomUUID().toString(), "feature", issueDate, expiryDate, "trial", "none", "customer", + "elasticsearch", 5); + } + + public LicenseSpec(int version, String uid, String feature, long issueDateInMillis, long expiryDateInMillis, String type, + String subscriptionType, String issuedTo, String issuer, int maxNodes) { + this.version = version; + this.feature = feature; + this.issueDateInMillis = issueDateInMillis; + this.issueDate = null; + this.expiryDateInMillis = expiryDateInMillis; + this.expiryDate = null; + this.uid = uid; + this.type = type; + this.subscriptionType = subscriptionType; + this.issuedTo = issuedTo; + this.issuer = issuer; + this.maxNodes = maxNodes; + } + + public LicenseSpec(int version, String uid, String feature, String issueDate, String expiryDate, String type, + String subscriptionType, String issuedTo, String issuer, int maxNodes) { + this.version = version; + this.feature = feature; + this.issueDate = issueDate; + this.issueDateInMillis = -1; + this.expiryDate = expiryDate; + this.expiryDateInMillis = -1; + this.uid = uid; + this.type = type; + this.subscriptionType = subscriptionType; + this.issuedTo = issuedTo; + this.issuer = issuer; + this.maxNodes = maxNodes; + } + } + public static Path getTestPriKeyPath() throws Exception { return getResourcePath("/private.key"); } diff --git a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/TrialLicenseTests.java b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/TrialLicenseTests.java index 4b6e127f57d..9d68dc092a5 100644 --- a/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/TrialLicenseTests.java +++ b/elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/TrialLicenseTests.java @@ -11,8 +11,6 @@ import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.license.core.License; -import org.elasticsearch.license.TrialLicense; import org.elasticsearch.test.ESTestCase; import java.io.IOException; @@ -21,7 +19,7 @@ import java.util.Base64; import java.util.Collections; import java.util.UUID; -import static org.elasticsearch.license.core.CryptUtils.encrypt; +import static org.elasticsearch.license.CryptUtils.encrypt; import static org.hamcrest.Matchers.equalTo; diff --git a/elasticsearch/license/licensor/src/test/resources/public.key b/elasticsearch/x-pack/license-plugin/src/test/resources/public.key similarity index 100% rename from elasticsearch/license/licensor/src/test/resources/public.key rename to elasticsearch/x-pack/license-plugin/src/test/resources/public.key diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterInfoMonitoringDoc.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterInfoMonitoringDoc.java index cd1c9d8aabc..b111a9d96e1 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterInfoMonitoringDoc.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/cluster/ClusterInfoMonitoringDoc.java @@ -6,7 +6,7 @@ package org.elasticsearch.xpack.monitoring.agent.collector.cluster; import org.elasticsearch.action.admin.cluster.stats.ClusterStatsResponse; -import org.elasticsearch.license.core.License; +import org.elasticsearch.license.License; import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc; public class ClusterInfoMonitoringDoc extends MonitoringDoc { diff --git a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolver.java b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolver.java index d6c5e8cad3e..17ae28f1324 100644 --- a/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolver.java +++ b/elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolver.java @@ -10,7 +10,7 @@ import org.elasticsearch.common.collect.MapBuilder; import org.elasticsearch.common.hash.MessageDigests; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; -import org.elasticsearch.license.core.License; +import org.elasticsearch.license.License; import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterInfoMonitoringDoc; import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolver; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolverTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolverTests.java index b3554abd45f..0ccc83edc3e 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolverTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolverTests.java @@ -13,7 +13,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.LocalTransportAddress; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.license.core.License; +import org.elasticsearch.license.License; import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterInfoMonitoringDoc; import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils; import org.elasticsearch.xpack.monitoring.agent.resolver.MonitoringIndexNameResolverTestCase; diff --git a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoTests.java b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoTests.java index 4da93724385..d5caa3c8ea6 100644 --- a/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoTests.java +++ b/elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoTests.java @@ -10,7 +10,7 @@ import org.elasticsearch.action.get.GetResponse; import org.elasticsearch.common.Strings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.index.query.QueryBuilders; -import org.elasticsearch.license.core.License; +import org.elasticsearch.license.License; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.xpack.monitoring.MonitoringSettings; import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStatsCollector; diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/LicensingTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/LicensingTests.java index f6fb771f730..aa77d6a1ac4 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/LicensingTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/LicensingTests.java @@ -23,7 +23,6 @@ import org.elasticsearch.client.transport.TransportClient; import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; -import org.elasticsearch.license.core.License; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.rest.RestStatus; import org.elasticsearch.test.SecurityIntegTestCase; diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java index 21482b1c426..2b72f0065dd 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java @@ -9,18 +9,18 @@ import java.util.Arrays; import java.util.function.Predicate; import java.util.stream.Collectors; -import org.elasticsearch.license.core.License.OperationMode; +import org.elasticsearch.license.License.OperationMode; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.monitoring.Monitoring; import org.elasticsearch.xpack.security.Security; import org.hamcrest.Matchers; -import static org.elasticsearch.license.core.License.OperationMode.MISSING; -import static org.elasticsearch.license.core.License.OperationMode.BASIC; -import static org.elasticsearch.license.core.License.OperationMode.GOLD; -import static org.elasticsearch.license.core.License.OperationMode.PLATINUM; -import static org.elasticsearch.license.core.License.OperationMode.STANDARD; -import static org.elasticsearch.license.core.License.OperationMode.TRIAL; +import static org.elasticsearch.license.License.OperationMode.MISSING; +import static org.elasticsearch.license.License.OperationMode.BASIC; +import static org.elasticsearch.license.License.OperationMode.GOLD; +import static org.elasticsearch.license.License.OperationMode.PLATINUM; +import static org.elasticsearch.license.License.OperationMode.STANDARD; +import static org.elasticsearch.license.License.OperationMode.TRIAL; import static org.hamcrest.Matchers.is; /** diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/license/XPackInfoResponse.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/license/XPackInfoResponse.java index 2aedc732fe4..84bed0b7be6 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/license/XPackInfoResponse.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/license/XPackInfoResponse.java @@ -12,7 +12,6 @@ import org.elasticsearch.common.io.stream.StreamOutput; import org.elasticsearch.common.io.stream.Writeable; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; -import org.elasticsearch.license.core.License; import org.elasticsearch.xpack.XPackBuild; import java.io.IOException; diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/license/XPackLicenseState.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/license/XPackLicenseState.java index 82f7da70734..9cfbe893e67 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/license/XPackLicenseState.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/license/XPackLicenseState.java @@ -13,7 +13,7 @@ import java.util.function.BiFunction; import org.elasticsearch.common.Strings; import org.elasticsearch.common.logging.LoggerMessageFormat; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.license.core.License.OperationMode; +import org.elasticsearch.license.License.OperationMode; import org.elasticsearch.xpack.graph.Graph; import org.elasticsearch.xpack.monitoring.Monitoring; import org.elasticsearch.xpack.monitoring.MonitoringSettings; diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/action/TransportXPackInfoAction.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/action/TransportXPackInfoAction.java index 01b03ea41b9..521661adf21 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/action/TransportXPackInfoAction.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/action/TransportXPackInfoAction.java @@ -12,7 +12,7 @@ import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackInfoResponse; -import org.elasticsearch.license.core.License; +import org.elasticsearch.license.License; import org.elasticsearch.license.LicenseService; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportService; diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/action/XPackUsageResponse.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/action/XPackUsageResponse.java index 9906acaa181..5afbb725351 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/action/XPackUsageResponse.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/action/XPackUsageResponse.java @@ -6,25 +6,13 @@ package org.elasticsearch.xpack.action; import org.elasticsearch.action.ActionResponse; -import org.elasticsearch.common.Nullable; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; -import org.elasticsearch.common.io.stream.Writeable; -import org.elasticsearch.common.xcontent.ToXContent; -import org.elasticsearch.common.xcontent.XContentBuilder; -import org.elasticsearch.license.core.License; -import org.elasticsearch.xpack.XPackBuild; import org.elasticsearch.xpack.XPackFeatureSet; import java.io.IOException; import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; import java.util.List; -import java.util.Locale; -import java.util.Map; -import java.util.Set; -import java.util.stream.Collectors; /** */ diff --git a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/action/TransportXPackInfoActionTests.java b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/action/TransportXPackInfoActionTests.java index 1fbacfc12de..7efd1695ee7 100644 --- a/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/action/TransportXPackInfoActionTests.java +++ b/elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/action/TransportXPackInfoActionTests.java @@ -10,7 +10,7 @@ import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.license.XPackInfoResponse; -import org.elasticsearch.license.core.License; +import org.elasticsearch.license.License; import org.elasticsearch.license.LicenseService; import org.elasticsearch.xpack.security.user.AnonymousUser; import org.elasticsearch.test.ESTestCase; From 7a6ed965b988636d48a413ebc13ebca3724231ab Mon Sep 17 00:00:00 2001 From: Tanguy Leroux Date: Mon, 25 Jul 2016 14:02:39 +0200 Subject: [PATCH 02/15] Update LICENSE.txt The previous LICENSE.txt file still referred to Marvel Software. This commit updates the content of the license for X-Pack for both Elasticsearch and Kibana plugins. closes elastic/elasticsearch#2644 Original commit: elastic/x-pack-elasticsearch@bace98250ee2ac3dc2ecf9a8be7457f67c824f24 --- elasticsearch/x-pack/LICENSE.txt | 440 ------------------------------ elasticsearch/x-pack/build.gradle | 4 +- 2 files changed, 3 insertions(+), 441 deletions(-) delete mode 100644 elasticsearch/x-pack/LICENSE.txt diff --git a/elasticsearch/x-pack/LICENSE.txt b/elasticsearch/x-pack/LICENSE.txt deleted file mode 100644 index 27603586ce4..00000000000 --- a/elasticsearch/x-pack/LICENSE.txt +++ /dev/null @@ -1,440 +0,0 @@ -SOFTWARE END USER LICENSE AGREEMENT - - READ THIS AGREEMENT CAREFULLY, WHICH CONSTITUTES A LEGALLY BINDING AGREEMENT AND GOVERNS YOUR USE OF -ELASTICSEARCH’S PROPRIETARY SOFTWARE. BY INSTALLING AND/OR USING SUCH SOFTWARE, YOU ARE INDICATING THAT YOU AGREE TO THE -TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT. IF YOU DO NOT AGREE WITH SUCH TERMS AND CONDITIONS, YOU MAY NOT -INSTALL OR USE ANY OF THE SOFTWARE. - - This END USER LICENSE AGREEMENT (this “Agreement") is entered into by and between the applicable Elasticsearch -entity referenced in Attachment 1 hereto (“Elasticsearch”) and the person or entity (“You”) that has downloaded any of -Elasticsearch’s proprietary software to which this Agreement is attached or in connection with which this Agreement is -presented to You (collectively, the “Software”). This Agreement is effective upon the earlier of the date on the -commencement of any License granted pursuant to Section 1.1. below (as applicable, the “Effective Date”). - -1. SOFTWARE LICENSE AND RESTRICTIONS -1.1 License Grants. - (a) Trial Version License. Subject to the terms and conditions of this Agreement, Elasticsearch agrees to -grant, and does hereby grant to You, for a period of thirty (30) days from the date on which You first install the -Software (the “Trial Term”), a License to the to use the Eligible Features and Functions of the Software that are -applicable to the Trial Version of the Software.   You understand and agree that upon the expiration of a Trial Term, -You will no longer be able to use the Software, unless you either (i) purchase a Subscription, in which case You will -receive a License under Section 1.1(b) below to use the Eligible Features and Functions of the Software that are -applicable to the Subscription that You purchase, (ii) undertake the Registration of Your use of the Software with -Elasticsearch, in which case You will receive a License under Section 1.1(c) below to the Basic Version of the Software -or (iii) obtain from Elasticsearch written consent (e-mail sufficient) to extend the Trial Term, which may be granted by -Elasticsearch in its sole and absolute discretion. - (b) Subscription License. Subject to the terms and conditions of this Agreement and complete payment of any and -all applicable Subscription fees, Elasticsearch agrees to grant, and does hereby grant to You during the Subscription -Term, and for the restricted scope of this Agreement, a License (i) to use the Eligible Features and Functions of the -Software that are applicable to the Subscription level that You have purchased, (ii) for the number of Nodes (as defined -in the Elasticsearch Support Services Policy) and (iii) for the specific project for which you have purchased a -Subscription. The level of Subscription, the number of Nodes and specific project for which you have purchased such -Subscription, are set forth on the applicable ordering document entered into by Elasticsearch and You for the purchase -of the applicable Subscription (“Order Form”). - (c) Basic Version License. Subject to the terms and conditions of this Agreement, and in consideration of the -Registration of Your use the Software, Elasticsearch agrees to grant, and does hereby grant to You, for a period of one -(1) year from the date of Registration (“Basic Term”), a License to use the Eligible Features and Functions of the -Software that are applicable to the Basic Version of the Software. -1.2 Reservation of Rights; Restrictions. As between Elasticsearch and You, Elasticsearch owns all right title and -interest in and to the Software and any derivative works thereof, and except as expressly set forth in Section 1.1 -above, no other license to the Software is granted to You by implication, estoppel or otherwise. You agree not to: (i) -reverse engineer or decompile, decrypt, disassemble or otherwise reduce any Software or any portion thereof to -human-readable form, except and only to the extent any such restriction is prohibited by applicable law, (ii) deploy the -Software on more Nodes (as defined in Elasticsearch’s Support Services Policy) than are permitted under the applicable -License grant in Section 1.1 above (iii) where You have purchased a Subscription, use the Software in connection with -any project other than the project for which you have purchased such Subscription, as identified on the applicable Order -Form, (iv) prepare derivative works from, modify, copy or use the Software in any manner except as expressly permitted -in this Agreement; (v) except as expressly permitted in Section 1.1 above, transfer, sell, rent, lease, distribute, -sublicense, loan or otherwise transfer the Software in whole or in part to any third party; (vi) except as may be -expressly permitted on an applicable Order Form, use the Software for providing time-sharing services, any -software-as-a-service offering (“SaaS”), service bureau services or as part of an application services provider or other -service offering; (vii) circumvent the limitations on use of the Software that are imposed or preserved by any License -Key, (viii) alter or remove any proprietary notices in the Software; or (ix) make available to any third party any -analysis of the results of operation of the Software, including benchmarking results, without the prior written consent -of Elasticsearch. The Software may contain or be provided with open source libraries, components, utilities and other -open source software (collectively, “Open Source Software”), which Open Source Software may have applicable license -terms as identified on a website designated by Elasticsearch or otherwise provided with the Software or Documentation. -Notwithstanding anything to the contrary herein, use of the Open Source Software shall be subject to the license terms -and conditions applicable to such Open Source Software, to the extent required by the applicable licensor (which terms -shall not restrict the license rights granted to You hereunder, but may contain additional rights). -1.3 Audit Rights. You agree that, unless such right is waived in writing by Elasticsearch, Elasticsearch shall have the -right, upon fifteen (15) days’ notice to You, to audit Your use of the Software for compliance with any quantitative -limitations on Your use of the Software that are set forth in the applicable Order Form. You agree to provide -Elasticsearch with the necessary access to the Software to conduct such an audit either (i) remotely, or (ii) if remote -performance is not possible, at Your facilities, during normal business hours and no more than one (1) time in any -twelve (12) month period. In the event any such audit reveals that You have used the Software in excess of the -applicable quantitative limitations, You agree to solely for Your internal business operations, a limited, -non-exclusive, non-transferable, fully paid up,  right and license (without the right to grant or authorize sublicenses) -promptly pay to Elasticsearch an amount equal to the difference between the fees actually paid and the fees that You -should have paid to remain in compliance with such quantitative limitations. This Section 1.3 shall survive for a -period of two (2) years from the termination or expiration of this Agreement. -1.4 Cluster Metadata. You understand and agree that once deployed, and on a daily basis, the Software may provide -metadata to Elasticsearch about Your cluster statistics and associates that metadata with Your IP address. However, no -other information is provided to Elasticsearch by the Software, including any information about the data You process or -store in connection with your use of the Software. Instructions for disabling this feature are contained in the -Software, however leaving this feature active enables Elasticsearch to gather cluster statistics and provide an improved -level of support to You. - -2. TERM AND TERMINATION -2.1 Term. Unless earlier terminated under Section 2.2 below, this Agreement shall commence on the Effective Date, and -shall continue in force for the term of the last to expire applicable license set forth in Section 1.1 above. -2.2 Termination. Either party may, upon written notice to the other party, terminate this Agreement for material breach -by the other party automatically and without any other formality, if such party has failed to cure such material breach -within thirty (30) days of receiving written notice of such material breach from the non-breaching party. -Notwithstanding the foregoing, this Agreement shall automatically terminate in the event that You intentionally breach -the scope of the license granted in Section 1.1 of this Agreement, provided that Elasticsearch reserves the right to -retroactively waive such automatic termination upon written notice to You. -2.3 Post Termination or Expiration. Upon termination or expiration of this Agreement, for any reason, You shall -promptly cease the use of the Software and Documentation and destroy (and certify to Elasticsearch in writing the fact -of such destruction), or return to Elasticsearch, all copies of the Software and Documentation then in Your possession -or under Your control. -2.4 Survival. Sections 2.3, 2.4, 3, 4 and 5 (as any such Sections may be modified by Attachment 1, if applicable) shall -survive any termination or expiration of this Agreement. -3. LIMITED WARRANTY AND DISCLAIMER OF WARRANTIES -3.1 Limited Performance Warranty. Subject to You purchasing a Subscription, Elasticsearch warrants that during the -applicable Subscription Term, the Software will perform in all material respects in accordance with the Documentation. -In the event of a breach of the foregoing warranty, Elasticsearch’s sole obligation, and Your exclusive remedy shall be -for Elasticsearch to (i) correct any failure(s) of the Software to perform in all material respects in accordance with -the Documentation or (ii) if Elasticsearch is unable to provide such a correction within thirty (30) days of receipt of -notice of the applicable non-conformity, promptly refund to Customer any pre-paid, unused fees paid by You to -Elasticsearch for the applicable Subscription. The warranty set forth in this Section 3.1 does not apply if the -applicable Software or any portion thereof: (a) has been altered, except by or on behalf Elasticsearch; (b) has not been -used, installed, operated, repaired, or maintained in accordance with this Agreement and/or the Documentation; (c) has -been subjected to abnormal physical or electrical stress, misuse, negligence, or accident; or (d) is used on equipment, -products, or systems not meeting specifications identified by Elasticsearch in the Documentation. Additionally, the -warranties set forth herein only apply when notice of a warranty claim is provided to Elasticsearch within the -applicable warranty period specified herein and do not apply to any bug, defect or error caused by or attributable to -software or hardware not supplied by Elasticsearch. -3.2 Malicious Code. Elasticsearch represents and warrants that prior to making it available for delivery to You, -Elasticsearch will use standard industry practices including, without limitation, the use of an updated commercial -anti-virus program, to test the Software for Malicious Code and remove any Malicious Code it discovers. In the event of -a breach of the foregoing warranty, Elasticsearch’s sole obligation, and Your exclusive remedy shall be for -Elasticsearch to replace the Software with Software that does not contain any Malicious Code. -3.3 Warranty Disclaimer. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, THE SOFTWARE IS PROVIDED “AS IS” WITHOUT -WARRANTY OF ANY KIND, AND ELASTICSEARCH AND ITS LICENSORS MAKE NO WARRANTIES WHETHER EXPRESSED, IMPLIED OR STATUTORY -REGARDING OR RELATING TO THE SOFTWARE OR DOCUMENTATION. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, -ELASTICSEARCH AND ITS LICENSORS SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A -PARTICULAR PURPOSE AND NON-INFRINGEMENT WITH RESPECT TO THE SOFTWARE AND DOCUMENTATION, AND WITH RESPECT TO THE USE OF -THE FOREGOING. FURTHER, ELASTICSEARCH DOES NOT WARRANT RESULTS OF USE OR THAT THE SOFTWARE WILL BE ERROR FREE OR THAT -THE USE OF THE SOFTWARE WILL BE UNINTERRUPTED. -4. LIMITATION OF LIABILITY -The provisions of this Section 4 apply if You have not purchased a Subscription. If you have purchased a Subscription, -then the limitations of liability set forth in the applicable Subscription Agreement will apply in lieu of those set -forth in this Section 4. -4.1 Disclaimer of Certain Damages. IN NO EVENT SHALL YOU OR ELASTICSEARCH OR ITS LICENSORS BE LIABLE FOR ANY LOSS OF -PROFITS, LOSS OF USE, BUSINESS INTERRUPTION, LOSS OF DATA, COST OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY INDIRECT, -SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND IN CONNECTION WITH OR ARISING OUT OF THE USE OR INABILITY TO -USE THE SOFTWARE, OR THE PERFORMANCE OF OR FAILURE TO PERFORM THIS AGREEMENT, WHETHER ALLEGED AS A BREACH OF CONTRACT OR -TORTIOUS CONDUCT, INCLUDING NEGLIGENCE, EVEN IF THE RESPONSIBLE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH -DAMAGES. THE LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION 4.1 SHALL NOT APPLY TO A BREACH THROUGH GROSS NEGLIGENCE -OR INTENTIONAL MISCONDUCT BY YOU OF THE SCOPE OF THE LICENSE GRANTED IN SECTION 1.1 OR TO ANY OTHER LIABILITY THAT -CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW. -4.2 Damages Cap. IN NO EVENT SHALL ELASTICSEARCH’S OR ITS LICENSORS’ AGGREGATE, CUMULATIVE LIABILITY UNDER THIS -AGREEMENT EXCEED ONE THOUSAND DOLLARS ($1,000). -4.3 YOU AGREE THAT THE FOREGOING LIMITATIONS, EXCLUSIONS AND DISCLAIMERS ARE A REASONABLE ALLOCATION OF THE RISK BETWEEN -THE PARTIES AND WILL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EVEN IF ANY REMEDY FAILS IN ITS ESSENTIAL -PURPOSE. -5. DEFINITIONS -The following terms have the meanings ascribed: -5.1 “License” means a limited, non-exclusive, non-transferable, fully paid up, right and license (without the right to -grant or authorize sublicenses) solely for Your internal business operations to (i) install and use, in object code -format, the applicable Eligible Features and Functions of the Software, (ii) use, and distribute internally a reasonable -number of copies of the Documentation, provided that You must include on such copies all Marks and Notices; (iii) permit -Contractors to use the Software and Documentation as set forth in (i) and (ii) above, provided that such use must be -solely for Your benefit, and You shall be responsible for all acts and omissions of such Contractors in connection with -their use of the Software that are contrary to the terms and conditions of this Agreement.. -5.2 “License Key” means an alphanumeric code that enables the Eligible Features and Functions of the Software. -5.3 “Basic Version” means that version of the Software available for use without the purchase of a Qualifying -Subscription, but which does require Registration. -5.4 “Contractor” means third party contractors performing services on Your behalf. -5.5 “Documentation” means the published end user documentation provided by Elasticsearch with the Software. -5.6 “Eligible Features and Functions” means those features and functions of the Software that are eligible for use with -respect to a particular version of the Software or level of the Subscription. A list of the Eligible Features and -Functions that correspond to each version of the Software and Subscription levels may be found at -https://www.elastic.co/subscriptions. -5.7 “Malicious Code” means any code that is designed to harm, or otherwise disrupt in any unauthorized manner, the -operation of a recipient’s computer programs or computer systems or destroy or damage recipient’s data. For clarity, -Malicious Code shall not include any software bugs or errors handled through Support Services, or any standard features -of functions of the Software and/or any License Key that are intended to enforce the temporal and other limitations on -the scope of the use of the Software to the scope of the license purchased by You. -5.8 “Marks and Notices” means all Elasticsearch trademarks, trade names, logos and notices present on the Documentation -as originally provided by Elasticsearch. -5.9 “Registration” means Elasticsearch’s then-current process under which You may register Your use of the Software with -Elasticsearch by providing certain information to Elasticsearch regarding your use of the Software. -5.10 “Subscription” means the right to receive Support Services and a License to the Software. -5.11 “Subscription Term” means the period of time for which You have purchased a Subscription. -5.12 “Trial Version” means that version of the Software available for use without the purchase of a Qualifying -Subscription and without Registration. -6. MISCELLANEOUS -This Agreement, including Attachment 1 hereto, which is hereby incorporated herein by this reference, completely and -exclusively states the entire agreement of the parties regarding the subject matter herein, and it supersedes, and its -terms govern, all prior proposals, agreements, or other communications between the parties, oral or written, regarding -such subject matter. For the avoidance of doubt, the parties hereby expressly acknowledge and agree that if You issue -any purchase order or similar document in connection with its purchase of a license to the Software, You will do so only -for Your internal, administrative purposes and not with the intent to provide any contractual terms. This Agreement may -not be modified except by a subsequently dated, written amendment that expressly amends this Agreement and which is -signed on behalf of Elasticsearch and You, by duly authorized representatives. If any provision hereof is held -unenforceable, this Agreement will continue without said provision and be interpreted to reflect the original intent of -the parties. - - -ATTACHMENT 1 -ADDITIONAL TERMS AND CONDITIONS - -A. The following additional terms and conditions apply to all Customers with principal offices in the United States -of America: - -(1) Applicable Elasticsearch Entity. The entity providing the license is Elasticsearch, Inc., a Delaware corporation. - -(2) Government Rights. The Software product is "Commercial Computer Software," as that term is defined in 48 C.F.R. -2.101, and as the term is used in 48 C.F.R. Part 12, and is a Commercial Item comprised of "commercial computer -software" and "commercial computer software documentation". If acquired by or on behalf of a civilian agency, the U.S. -Government acquires this commercial computer software and/or commercial computer software documentation subject to the -terms of this Agreement, as specified in 48 C.F.R. 12.212 (Computer Software) and 12.211 (Technical Data) of the Federal -Acquisition Regulation ("FAR") and its successors. If acquired by or on behalf of any agency within the Department of -Defense ("DOD"), the U.S. Government acquires this commercial computer software and/or commercial computer software -documentation subject to the terms of the Elasticsearch Software License Agreement as specified in 48 C.F.R. 227.7202-3 -and 48 C.F.R. 227.7202-4 of the DOD FAR Supplement ("DFARS") and its successors, and consistent with 48 C.F.R. 227.7202. - This U.S. Government Rights clause, consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202 is in lieu of, and -supersedes, any other FAR, DFARS, or other clause or provision that addresses Government rights in computer software, -computer software documentation or technical data related to the Software under this Agreement and in any Subcontract -under which this commercial computer software and commercial computer software documentation is acquired or licensed. - -(3) Export Control. You acknowledge that the goods, software and technology acquired from Elasticsearch are subject -to U.S. export control laws and regulations, including but not limited to the International Traffic In Arms Regulations -(“ITAR”) (22 C.F.R. Parts 120-130 (2010)); the Export Administration Regulations ("EAR") (15 C.F.R. Parts 730-774 -(2010)); the U.S. antiboycott regulations in the EAR and U.S. Department of the Treasury regulations; the economic -sanctions regulations and guidelines of the U.S. Department of the Treasury, Office of Foreign Assets Control, and the -USA Patriot Act (Title III of Pub. L. 107-56, signed into law October 26, 2001), as amended.  You are now and will -remain in the future compliant with all such export control laws and regulations, and will not export, re-export, -otherwise transfer any Elasticsearch goods, software or technology or disclose any Elasticsearch software or technology -to any person contrary to such laws or regulations.  You acknowledge that remote access to the Software may in certain -circumstances be considered a re-export of Software, and accordingly, may not be granted in contravention of U.S. export -control laws and regulations. -(4) Governing Law, Jurisdiction and Venue. -(a) Customers in California. If Customer is located in California (as determined by the Customer address on the -applicable Order Form, or for a trial license under 1.1(a), the location of person who installed the Software), this -Agreement will be governed by the laws of the State of California, without regard to its conflict of laws principles, -and all suits hereunder will be brought solely in Federal Court for the Northern District of California, or if that -court lacks subject matter jurisdiction, in any California State Court located in Santa Clara County. -(b) Customers Outside of California. If Customer is located anywhere other than California (as determined by the -Customer address on the applicable Order Form, or for a trial license under 1.1(a), the location of person who installed -the Software), this Agreement will be governed by the laws of the State of Delaware, without regard to its conflict of -laws principles, and all suits hereunder will be brought solely in Federal Court for the District of Delaware, or if -that court lacks subject matter jurisdiction, in any Delaware State Court located in Wilmington, Delaware. -(c) All Customers. This Agreement shall not be governed by the 1980 UN Convention on Contracts for the International -Sale of Goods. The parties hereby irrevocably waive any and all claims and defenses either might otherwise have in any -action or proceeding in any of the applicable courts set forth in (a) or (b) above, based upon any alleged lack of -personal jurisdiction, improper venue, forum non conveniens, or any similar claim or defense. -(d) Equitable Relief. A breach or threatened breach, by either party of Section 4 may cause irreparable harm for -which the non-breaching party shall be entitled to seek injunctive relief without being required to post a bond. - -B. The following additional terms and conditions apply to all Customers with principal offices in Canada: - -(1) Applicable Elasticsearch Entity. The entity providing the license is Elasticsearch B.C. Ltd., a corporation -incorporated under laws of the Province of British Columbia. - -(2) Export Control. You acknowledge that the goods, software and technology acquired from Elasticsearch are subject -to the restrictions and controls set out in Section A(3) above as well as those imposed by the Export and Import Permits -Act (Canada) and the regulations thereunder and that you will comply with all applicable laws and regulations. Without -limitation, You acknowledge that the Marvel Software, or any portion thereof, will not be exported: (a) to any country -on Canada's Area Control List; (b) to any country subject to UN Security Council embargo or action; or (c) contrary to -Canada's Export Control List Item 5505. You are now and will remain in the future compliant with all such export control -laws and regulations, and will not export, re-export, otherwise transfer any Elasticsearch goods, software or technology -or disclose any Elasticsearch software or technology to any person contrary to such laws or regulations.  You will not -export or re-export the Marvel Software, or any portion thereof, directly or indirectly, in violation of the Canadian -export administration laws and regulations to any country or end user, or to any end user who you know or have reason to -know will utilize them in the design, development or production of nuclear, chemical or biological weapons. You further -acknowledge that the Marvel Software product may include technical data subject to such Canadian export regulations. -Elasticsearch does not represent that the Marvel Software is appropriate or available for use in all countries. -Elasticsearch prohibits accessing materials from countries or states where contents are illegal. You are using the -Marvel Software on your own initiative and you are responsible for compliance with all applicable laws. You hereby agree -to indemnify Elasticsearch and its affiliates from any claims, actions, liability or expenses (including reasonable -lawyers' fees) resulting from Your failure to act in accordance with the acknowledgements, agreements, and -representations in this Section B(2). - (3) Governing Law and Dispute Resolution. This Agreement shall be governed by the Province of Ontario and the -federal laws of Canada applicable therein without regard to conflict of laws provisions. The parties hereby irrevocably -waive any and all claims and defenses either might otherwise have in any such action or proceeding in any of such courts -based upon any alleged lack of personal jurisdiction, improper venue, forum non conveniens or any similar claim or -defense. Any dispute, claim or controversy arising out of or relating to this Agreement or the existence, breach, -termination, enforcement, interpretation or validity thereof, including the determination of the scope or applicability -of this agreement to arbitrate, (each, a “Dispute”), which the parties are unable to resolve after good faith -negotiations, shall be submitted first to the upper management level of the parties. The parties, through their upper -management level representatives shall meet within thirty (30) days of the Dispute being referred to them and if the -parties are unable to resolve such Dispute within thirty (30) days of meeting, the parties agree to seek to resolve the -Dispute through mediation with ADR Chambers in the City of Toronto, Ontario, Canada before pursuing any other -proceedings. The costs of the mediator shall be shared equally by the parties. If the Dispute has not been resolved -within thirty (30) days of the notice to desire to mediate, any party may terminate the mediation and proceed to -arbitration and the matter shall be referred to and finally resolved by arbitration at ADR Chambers pursuant to the -general ADR Chambers Rules for Arbitration in the City of Toronto, Ontario, Canada. The arbitration shall proceed in -accordance with the provisions of the Arbitration Act (Ontario). The arbitral panel shall consist of three (3) -arbitrators, selected as follows: each party shall appoint one (1) arbitrator; and those two (2) arbitrators shall -discuss and select a chairman. If the two (2) party-appointed arbitrators are unable to agree on the chairman, the -chairman shall be selected in accordance with the applicable rules of the arbitration body. Each arbitrator shall be -independent of each of the parties. The arbitrators shall have the authority to grant specific performance and to -allocate between the parties the costs of arbitration (including service fees, arbitrator fees and all other fees -related to the arbitration) in such equitable manner as the arbitrators may determine. The prevailing party in any -arbitration shall be entitled to receive reimbursement of its reasonable expenses incurred in connection therewith. -Judgment upon the award so rendered may be entered in a court having jurisdiction or application may be made to such -court for judicial acceptance of any award and an order of enforcement, as the case may be. Notwithstanding the -foregoing, Elasticsearch shall have the right to institute an action in a court of proper jurisdiction for preliminary -injunctive relief pending a final decision by the arbitrator, provided that a permanent injunction and damages shall -only be awarded by the arbitrator. The language to be used in the arbitral proceedings shall be English. - (4) Language. Any translation of this Agreement is done for local requirements and in the event of a dispute -between the English and any non-English version, the English version of this Agreement shall govern. At the request of -the parties, the official language of this Agreement and all communications and documents relating hereto is the English -language, and the English-language version shall govern all interpretation of the Agreement.  À la demande des parties, -la langue officielle de la présente convention ainsi que toutes communications et tous documents s'y rapportant est la -langue anglaise, et la version anglaise est celle qui régit toute interprétation de la présente convention. -(5) Warranty Disclaimer. For Customers with principal offices in the Province of Québec, the following new sentence -is to be added to the end of Section 3.3: “SOME JURISDICTIONS DO NOT ALLOW LIMITATIONS OR EXCLUSIONS OF CERTAIN TYPES OF -DAMAGES AND/OR WARRANTIES AND CONDITIONS. THE LIMITATIONS, EXCLUSIONS AND DISCLAIMERS SET FORTH IN THIS AGREEMENT SHALL -NOT APPLY IF AND ONLY IF AND TO THE EXTENT THAT THE LAWS OF A COMPETENT JURISDICTION REQUIRE LIABILITIES BEYOND AND -DESPITE THESE LIMITATIONS, EXCLUSIONS AND DISCLAIMERS.” -(6) Limitation of Liability. For Customers with principal offices in the Province of Québec, the following new -sentence is to be added to the end of Section 4.1: “SOME JURISDICTIONS DO NOT ALLOW LIMITATIONS OR EXCLUSIONS OF CERTAIN -TYPES OF DAMAGES AND/OR WARRANTIES AND CONDITIONS.  THE LIMITATIONS, EXCLUSIONS AND DISCLAIMERS SET FORTH IN THIS -AGREEMENT SHALL NOT APPLY IF AND ONLY IF AND TO THE EXTENT THAT THE LAWS OF A COMPETENT JURISDICTION REQUIRE LIABILITIES -BEYOND AND DESPITE THESE LIMITATIONS, EXCLUSIONS AND DISCLAIMERS.” - -C. The following additional terms and conditions apply to all Customers with principal offices outside of the United -States of America and Canada: - -(1) Applicable Elasticsearch Entity. The entity providing the license in Germany is Elasticsearch Gmbh; in France is -Elasticsearch SARL, in the United Kingdom is Elasticsearch Ltd, in Australia is Elasticsearch Pty Ltd., in Japan is -Elasticsearch KK, in Sweden is Elasticsearch AB, in Norway is Elasticsearch AS and in all other countries is -Elasticsearch BV. - -(2) Choice of Law. This Agreement shall be governed by and construed in accordance with the laws of the State of New -York, without reference to or application of choice of law rules or principles. Notwithstanding any choice of law -provision or otherwise, the Uniform Computer Information Transactions Act (UCITA) and the United Nations Convention on -the International Sale of Goods shall not apply. - -(3) Arbitration. Any dispute, claim or controversy arising out of or relating to this Agreement or the existence, -breach, termination, enforcement, interpretation or validity thereof, including the determination of the scope or -applicability of this agreement to arbitrate, (each, a “Dispute”) shall be referred to and finally resolved by -arbitration under the rules and at the location identified below. The arbitral panel shall consist of three (3) -arbitrators, selected as follows: each party shall appoint one (1) arbitrator; and those two (2) arbitrators shall -discuss and select a chairman. If the two party-appointed arbitrators are unable to agree on the chairman, the chairman -shall be selected in accordance with the applicable rules of the arbitration body. Each arbitrator shall be independent -of each of the parties. The arbitrators shall have the authority to grant specific performance and to allocate between -the parties the costs of arbitration (including service fees, arbitrator fees and all other fees related to the -arbitration) in such equitable manner as the arbitrators may determine. The prevailing party in any arbitration shall -be entitled to receive reimbursement of its reasonable expenses incurred in connection therewith. Judgment upon the -award so rendered may be entered in a court having jurisdiction or application may be made to such court for judicial -acceptance of any award and an order of enforcement, as the case may be. Notwithstanding the foregoing, Elasticsearch -shall have the right to institute an action in a court of proper jurisdiction for preliminary injunctive relief pending -a final decision by the arbitrator, provided that a permanent injunction and damages shall only be awarded by the -arbitrator. The language to be used in the arbitral proceedings shall be English. - -In addition, the following terms only apply to Customers with principal offices within Europe, the Middle East or Africa -(EMEA): - -Arbitration Rules and Location. Any Dispute shall be referred to and finally resolved by arbitration under the London -Court of International Arbitration (“LCIA”) Rules (which Rules are deemed to be incorporated by reference into this -clause) on the basis that the governing law is the law of the State of New York, USA. The seat, or legal place, of -arbitration shall be London, England. - -(b) In addition, the following terms only apply to Customers with principal offices within Asia Pacific, Australia & -New Zealand: - -Arbitration Rules and Location. Any Dispute shall be referred to and finally resolved by arbitration under the Rules of -Conciliation and Arbitration of the International Chamber of Commerce (“ICC”) in force on the date when the notice of -arbitration is submitted in accordance with such Rules (which Rules are deemed to be incorporated by reference into this -clause) on the basis that the governing law is the law of the State of New York, USA. The seat, or legal place, of -arbitration shall be Singapore. - -(c) In addition, the following terms only apply to Customers with principal offices within the Americas (excluding -North America): - -Arbitration Rules and Location. Any Dispute shall be referred to and finally resolved by arbitration under -International Dispute Resolution Procedures of the American Arbitration Association (“AAA”) in force on the date when -the notice of arbitration is submitted in accordance with such Procedures (which Procedures are deemed to be -incorporated by reference into this clause) on the basis that the governing law is the law of the State of New York, -USA. The seat, or legal place, of arbitration shall be New York, New York, USA. - -(4) In addition, for Customers with principal offices within the UK, the following new sentence is added to the end -of Section 4.1: - -Nothing in this Agreement shall have effect so as to limit or exclude a party’s liability for death or personal injury -caused by negligence or for fraud including fraudulent misrepresentation and this Section 4.1 shall take effect subject -to this provision. - -(5) In addition, for Customers with principal offices within France, Sections 1.2, 3 and 4.1 of the Agreement are -deleted and replaced with the following new Sections 1.2, 3.3 and 4.1: -1.2 Reservation of Rights; Restrictions. Elasticsearch owns all right title and interest in and to the Software and -any derivative works thereof, and except as expressly set forth in Section 1.1 above, no other license to the Software -is granted to You by implication, or otherwise. You agree not to prepare derivative works from, modify, copy or use the -Software in any manner except as expressly permitted in this Agreement; provided that You may copy the Software for -archival purposes, only where such software is provided on a non-durable medium; and You may decompile the Software, -where necessary for interoperability purposes and where necessary for the correction of errors making the software unfit -for its intended purpose, if such right is not reserved by Elasticsearch as editor of the Software. Pursuant to article -L122-6-1 of the French intellectual property code, Elasticsearch reserves the right to correct any bugs as necessary for -the Software to serve its intended purpose. You agree not to: (i) transfer, sell, rent, lease, distribute, sublicense, -loan or otherwise transfer the Software in whole or in part to any third party; (ii) use the Software for providing -time-sharing services, any software-as-a-service offering (“SaaS”), service bureau services or as part of an application -services provider or other service offering; (iii) alter or remove any proprietary notices in the Software; or (iv) make -available to any third party any analysis of the results of operation of the Software, including benchmarking results, -without the prior written consent of Elasticsearch. -3.3 Warranty Disclaimer. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, THE SOFTWARE IS PROVIDED “AS IS” -WITHOUT WARRANTY OF ANY KIND, AND ELASTICSEARCH AND ITS LICENSORS MAKE NO WARRANTIES WHETHER EXPRESSED, IMPLIED OR -STATUTORY REGARDING OR RELATING TO THE SOFTWARE OR DOCUMENTATION. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, -ELASTICSEARCH AND ITS LICENSORS SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE WITH -RESPECT TO THE SOFTWARE AND DOCUMENTATION, AND WITH RESPECT TO THE USE OF THE FOREGOING. FURTHER, ELASTICSEARCH DOES -NOT WARRANT RESULTS OF USE OR THAT THE SOFTWARE WILL BE ERROR FREE OR THAT THE USE OF THE SOFTWARE WILL BE -UNINTERRUPTED. -4.1 Disclaimer of Certain Damages. IN NO EVENT SHALL YOU OR ELASTICSEARCH OR ITS LICENSORS BE LIABLE FOR ANY LOSS OF -PROFITS, LOSS OF USE, BUSINESS INTERRUPTION, LOSS OF DATA, COST OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY INDIRECT OR -UNFORESEEABLE DAMAGES OF ANY KIND IN CONNECTION WITH OR ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE, OR THE -PERFORMANCE OF OR FAILURE TO PERFORM THIS AGREEMENT, WHETHER ALLEGED AS A BREACH OF CONTRACT OR TORTIOUS CONDUCT, -INCLUDING NEGLIGENCE. THE LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION 4.1 SHALL NOT APPLY TO A BREACH, THROUGH -GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT BY YOU, OF THE SCOPE OF THE LICENSE GRANTED IN SECTION 1.1, OR IN CASE OF -DEATH OR PERSONAL INJURY. -(6) In addition, for Customers with principal offices within Australia, Sections 4.1, 4.2 and 4.3 of the Agreement -are deleted and replaced with the following new Sections 4.1, 4.2 and 4.3: -4.1 Disclaimer of Certain Damages. Subject to clause 4.3, a party is not liable for Consequential Loss however -caused (including by the negligence of that party) suffered or incurred by the other party in connection with this -agreement. “Consequential Loss” means loss of revenues, loss of reputation, indirect loss, loss of profits, -consequential loss, loss of actual or anticipated savings, indirect loss, lost opportunities, including opportunities to -enter into arrangements with third parties, loss or damage in connection with claims against by third parties, or loss -or corruption or data. -4.2 Damages Cap. SUBJECT TO CLAUSES 4.1 AND 4.3, ANY LIABILITY OF ELASTICSEARCH FOR ANY LOSS OR DAMAGE, HOWEVER -CAUSED (INCLUDING BY THE NEGLIGENCE OF ELASTICSEARCH), SUFFERED BY YOU IN CONNECTION WITH THIS AGREEMENT IS LIMITED TO -THE AMOUNT YOU PAID, IN THE TWELVE (12) MONTHS IMMEDIATELY PRIOR TO THE EVENT GIVING RISE TO LIABILITY, UNDER THE -ELASTICSEARCH SUPPORT SERVICES AGREEMENT IN CONNECTION WITH WHICH YOU OBTAINED THE LICENSE TO USE THE SOFTWARE. THE -LIMITATION SET OUT IN THIS SECTION 4.2 IS AN AGGREGATE LIMIT FOR ALL CLAIMS, WHENEVER MADE. -4.3 Limitation and Disclaimer Exceptions. If the Competition and Consumer Act 2010 (Cth) or any other legislation or -any other legislation states that there is a guarantee in relation to any good or service supplied by Elasticsearch in -connection with this agreement, and Elasticsearch’s liability for failing to comply with that guarantee cannot be -excluded but may be limited, Sections 4.1 and 4.2 do not apply to that liability and instead Elasticsearch’s liability -for such failure is limited (at Elasticsearch’s election) to, in the case of a supply of goods, the Elasticsearch -replacing the goods or supplying equivalent goods or repairing the goods, or in the case of a supply of services, -Elasticsearch supplying the services again or paying the cost of having the services supplied again. -(7) In addition, for Customers with principal offices within Japan, Sections 1.2, 3 and 4.1 of the Agreement are -deleted and replaced with the following new Sections 1.2, 3.3 and 4.1: -1.2 Reservation of Rights; Restrictions. As between Elasticsearch and You, Elasticsearch owns all right title and -interest in and to the Software and any derivative works thereof, and except as expressly set forth in Section 1.1 -above, no other license to the Software is granted to You by implication or otherwise. You agree not to: (i) prepare -derivative works from, modify, copy or use the Software in any manner except as expressly permitted in this Agreement or -applicable law; (ii) transfer, sell, rent, lease, distribute, sublicense, loan or otherwise transfer the Software in -whole or in part to any third party; (iii) use the Software for providing time-sharing services, any -software-as-a-service offering (“SaaS”), service bureau services or as part of an application services provider or other -service offering; (iv) alter or remove any proprietary notices in the Software; or (v) make available to any third party -any analysis of the results of operation of the Software, including benchmarking results, without the prior written -consent of Elasticsearch. -3.3 Warranty Disclaimer. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, THE SOFTWARE IS PROVIDED “AS IS” -WITHOUT WARRANTY OF ANY KIND, AND ELASTICSEARCH AND ITS LICENSORS MAKE NO WARRANTIES WHETHER EXPRESSED, IMPLIED OR -STATUTORY REGARDING OR RELATING TO THE SOFTWARE OR DOCUMENTATION. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, -ELASTICSEARCH AND ITS LICENSORS SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A -PARTICULAR PURPOSE AND NON-INFRINGEMENT WITH RESPECT TO THE SOFTWARE AND DOCUMENTATION, AND WITH RESPECT TO THE USE OF -THE FOREGOING. FURTHER, ELASTICSEARCH DOES NOT WARRANT RESULTS OF USE OR THAT THE SOFTWARE WILL BE ERROR FREE OR THAT -THE USE OF THE SOFTWARE WILL BE UNINTERRUPTED. -4.1 Disclaimer of Certain Damages. IN NO EVENT SHALL YOU OR ELASTICSEARCH OR ITS LICENSORS BE LIABLE FOR ANY LOSS OF -PROFITS, LOSS OF USE, BUSINESS INTERRUPTION, LOSS OF DATA, COST OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY -SPECIALINDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND IN CONNECTION WITH OR ARISING OUT OF THE USE -OR INABILITY TO USE THE SOFTWARE, OR THE PERFORMANCE OF OR FAILURE TO PERFORM THIS AGREEMENT, WHETHER ALLEGED AS A -BREACH OF CONTRACT OR TORTIOUS CONDUCT, INCLUDING NEGLIGENCE, EVEN IF THE RESPONSIBLE PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. THE LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION 4.1 SHALL NOT APPLY TO A BREACH -THROUGH GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT BY YOU OF THE SCOPE OF THE LICENSE GRANTED IN SECTION 1.1 OR TO ANY -OTHER LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW. - diff --git a/elasticsearch/x-pack/build.gradle b/elasticsearch/x-pack/build.gradle index 5c67a941b00..4abad4a4da9 100644 --- a/elasticsearch/x-pack/build.gradle +++ b/elasticsearch/x-pack/build.gradle @@ -117,8 +117,10 @@ forbiddenPatterns { // TODO: standardize packaging config for plugins bundlePlugin { - from(projectDir) { + from(project(':x-plugins').projectDir) { include 'LICENSE.txt' + } + from(projectDir) { include 'NOTICE.txt' } from('bin/x-pack') { From 49a1f8a4e571596ac2360fd4a9e7cccf1656ac82 Mon Sep 17 00:00:00 2001 From: Martijn van Groningen Date: Wed, 27 Jul 2016 18:07:54 +0200 Subject: [PATCH 03/15] test: Removed the mustache dependency on a number of tests and moved them back the xpack There are still tests left to be cleanup, but these tests need to be turned into a rest test and moved the smoke test xpack with mustache module. Original commit: elastic/x-pack-elasticsearch@3b88b15b972e7dfdf1953ea16382971343f92d32 --- .../test/integration}/HipChatServiceIT.java | 31 +++---------------- .../test/integration}/NoMasterNodeIT.java | 28 ++--------------- .../test/integration}/PagerDutyServiceIT.java | 27 ++-------------- .../test/integration}/SlackServiceIT.java | 27 ++-------------- .../watcher/test/integration}/WatchAckIT.java | 28 +---------------- 5 files changed, 11 insertions(+), 130 deletions(-) rename elasticsearch/{qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests => x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration}/HipChatServiceIT.java (90%) rename elasticsearch/{qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests => x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration}/NoMasterNodeIT.java (93%) rename elasticsearch/{qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests => x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration}/PagerDutyServiceIT.java (84%) rename elasticsearch/{qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests => x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration}/SlackServiceIT.java (86%) rename elasticsearch/{qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests => x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration}/WatchAckIT.java (94%) diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/HipChatServiceIT.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/HipChatServiceIT.java similarity index 90% rename from elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/HipChatServiceIT.java rename to elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/HipChatServiceIT.java index 74b499eb8dc..742d6df1f11 100644 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/HipChatServiceIT.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/HipChatServiceIT.java @@ -3,13 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.messy.tests; +package org.elasticsearch.xpack.watcher.test.integration; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.plugins.Plugin; -import org.elasticsearch.script.MockMustacheScriptEngine; -import org.elasticsearch.script.mustache.MustachePlugin; import org.elasticsearch.test.junit.annotations.Network; import org.elasticsearch.test.junit.annotations.TestLogging; import org.elasticsearch.xpack.watcher.actions.hipchat.HipChatAction; @@ -20,9 +17,6 @@ import org.elasticsearch.xpack.notification.hipchat.SentMessages; import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase; import org.elasticsearch.xpack.watcher.transport.actions.put.PutWatchResponse; -import java.util.Collection; -import java.util.List; - import static org.elasticsearch.index.query.QueryBuilders.boolQuery; import static org.elasticsearch.index.query.QueryBuilders.termQuery; import static org.elasticsearch.search.builder.SearchSourceBuilder.searchSource; @@ -36,9 +30,6 @@ import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.lessThan; import static org.hamcrest.Matchers.notNullValue; -/** - * - */ @Network @TestLogging("watcher.support.http:TRACE") public class HipChatServiceIT extends AbstractWatcherIntegrationTestCase { @@ -52,20 +43,6 @@ public class HipChatServiceIT extends AbstractWatcherIntegrationTestCase { return false; } - @Override - protected Collection> getMockPlugins() { - Collection> mockPlugins = super.getMockPlugins(); - mockPlugins.remove(MockMustacheScriptEngine.TestPlugin.class); - return mockPlugins; - } - - @Override - protected List> pluginTypes() { - List> types = super.pluginTypes(); - types.add(MustachePlugin.class); - return types; - } - @Override protected Settings nodeSettings(int nodeOrdinal) { return Settings.builder() @@ -148,7 +125,7 @@ public class HipChatServiceIT extends AbstractWatcherIntegrationTestCase { switch (profile) { case USER: account = "user_account"; - actionBuilder = hipchatAction(account, "{{ctx.payload.ref}}") + actionBuilder = hipchatAction(account, "_message") .addRooms("test-watcher", "test-watcher-2") .addUsers("watcher@elastic.co") .setFormat(HipChatMessage.Format.TEXT) @@ -158,7 +135,7 @@ public class HipChatServiceIT extends AbstractWatcherIntegrationTestCase { case INTEGRATION: account = "integration_account"; - actionBuilder = hipchatAction(account, "{{ctx.payload.ref}}") + actionBuilder = hipchatAction(account, "_message") .setFormat(HipChatMessage.Format.TEXT) .setColor(color) .setNotify(false); @@ -167,7 +144,7 @@ public class HipChatServiceIT extends AbstractWatcherIntegrationTestCase { default: assertThat(profile, is(HipChatAccount.Profile.V1)); account = "v1_account"; - actionBuilder = hipchatAction(account, "{{ctx.payload.ref}}") + actionBuilder = hipchatAction(account, "_message") .addRooms("test-watcher", "test-watcher-2") .setFrom("watcher-test") .setFormat(HipChatMessage.Format.TEXT) diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/NoMasterNodeIT.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/NoMasterNodeIT.java similarity index 93% rename from elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/NoMasterNodeIT.java rename to elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/NoMasterNodeIT.java index c84e46e9c51..caefacbfca9 100644 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/NoMasterNodeIT.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/NoMasterNodeIT.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.messy.tests; +package org.elasticsearch.xpack.watcher.test.integration; import org.apache.lucene.util.LuceneTestCase.BadApple; import org.elasticsearch.ExceptionsHelper; @@ -18,9 +18,6 @@ import org.elasticsearch.discovery.zen.elect.ElectMasterService; import org.elasticsearch.discovery.zen.ping.ZenPing; import org.elasticsearch.discovery.zen.ping.ZenPingService; import org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing; -import org.elasticsearch.plugins.Plugin; -import org.elasticsearch.script.MockMustacheScriptEngine; -import org.elasticsearch.script.mustache.MustachePlugin; import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.ESIntegTestCase.SuppressLocalMode; import org.elasticsearch.test.discovery.ClusterDiscoveryConfiguration; @@ -36,10 +33,6 @@ import org.elasticsearch.xpack.watcher.test.WatcherTestUtils; import org.elasticsearch.xpack.watcher.transport.actions.delete.DeleteWatchResponse; import org.elasticsearch.xpack.watcher.transport.actions.stats.WatcherStatsResponse; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashSet; -import java.util.Set; import java.util.concurrent.TimeUnit; import static org.elasticsearch.index.query.QueryBuilders.termQuery; @@ -88,23 +81,6 @@ public class NoMasterNodeIT extends AbstractWatcherIntegrationTestCase { .build(); } - @Override - protected Collection> nodePlugins() { - Collection> types = new ArrayList<>(); - types.addAll(super.nodePlugins()); - // TODO remove dependency on mustache - types.add(MustachePlugin.class); - return types; - } - - @Override - protected Collection> getMockPlugins() { - Set> plugins = new HashSet<>(super.getMockPlugins()); - // remove the mock because we use mustache here... - plugins.remove(MockMustacheScriptEngine.TestPlugin.class); - return plugins; - } - public void testSimpleFailure() throws Exception { // we need 3 hosts here because we stop the master and start another - it doesn't restart the pre-existing node... config = new ClusterDiscoveryConfiguration.UnicastZen(3, Settings.EMPTY); @@ -178,7 +154,7 @@ public class NoMasterNodeIT extends AbstractWatcherIntegrationTestCase { .trigger(schedule(interval("5s"))) .input(simpleInput("key", "value")) .condition(alwaysCondition()) - .addAction("_id", loggingAction("[{{ctx.watch_id}}] executed!")); + .addAction("_id", loggingAction("executed!")); watcherClient().preparePutWatch("_watch_id") .setSource(watchSource) diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/PagerDutyServiceIT.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/PagerDutyServiceIT.java similarity index 84% rename from elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/PagerDutyServiceIT.java rename to elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/PagerDutyServiceIT.java index 9f5e582b68a..473b1a7cdd8 100644 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/PagerDutyServiceIT.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/PagerDutyServiceIT.java @@ -3,13 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.messy.tests; +package org.elasticsearch.xpack.watcher.test.integration; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.plugins.Plugin; -import org.elasticsearch.script.MockMustacheScriptEngine; -import org.elasticsearch.script.mustache.MustachePlugin; import org.elasticsearch.test.junit.annotations.Network; import org.elasticsearch.xpack.watcher.actions.pagerduty.PagerDutyAction; import org.elasticsearch.xpack.notification.pagerduty.IncidentEvent; @@ -21,9 +18,6 @@ import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase; import org.elasticsearch.xpack.watcher.transport.actions.put.PutWatchResponse; import org.elasticsearch.xpack.watcher.watch.Payload; -import java.util.Collection; -import java.util.List; - import static org.elasticsearch.index.query.QueryBuilders.boolQuery; import static org.elasticsearch.index.query.QueryBuilders.termQuery; import static org.elasticsearch.search.builder.SearchSourceBuilder.searchSource; @@ -38,9 +32,6 @@ import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.lessThan; import static org.hamcrest.Matchers.notNullValue; -/** - * - */ @Network public class PagerDutyServiceIT extends AbstractWatcherIntegrationTestCase { @@ -54,20 +45,6 @@ public class PagerDutyServiceIT extends AbstractWatcherIntegrationTestCase { return false; } - @Override - protected Collection> getMockPlugins() { - Collection> mockPlugins = super.getMockPlugins(); - mockPlugins.remove(MockMustacheScriptEngine.TestPlugin.class); - return mockPlugins; - } - - @Override - protected List> pluginTypes() { - List> types = super.pluginTypes(); - types.add(MustachePlugin.class); - return types; - } - @Override protected Settings nodeSettings(int nodeOrdinal) { return Settings.builder() @@ -100,7 +77,7 @@ public class PagerDutyServiceIT extends AbstractWatcherIntegrationTestCase { public void testWatchWithPagerDutyAction() throws Exception { String account = "test_account"; PagerDutyAction.Builder actionBuilder = pagerDutyAction(IncidentEvent - .templateBuilder("pager duty integration test `{{ctx.payload.ref}}`").setAccount(account)); + .templateBuilder("pager duty integration test").setAccount(account)); PutWatchResponse putWatchResponse = watcherClient().preparePutWatch("1").setSource(watchBuilder() .trigger(schedule(interval("10m"))) diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SlackServiceIT.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SlackServiceIT.java similarity index 86% rename from elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SlackServiceIT.java rename to elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SlackServiceIT.java index e00ecc46823..1fa1cfefe84 100644 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SlackServiceIT.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SlackServiceIT.java @@ -3,13 +3,10 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.messy.tests; +package org.elasticsearch.xpack.watcher.test.integration; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.plugins.Plugin; -import org.elasticsearch.script.MockMustacheScriptEngine; -import org.elasticsearch.script.mustache.MustachePlugin; import org.elasticsearch.test.junit.annotations.Network; import org.elasticsearch.xpack.notification.slack.SentMessages; import org.elasticsearch.xpack.notification.slack.SlackAccount; @@ -21,9 +18,6 @@ import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase; import org.elasticsearch.xpack.watcher.transport.actions.put.PutWatchResponse; import org.joda.time.DateTime; -import java.util.Collection; -import java.util.List; - import static org.elasticsearch.index.query.QueryBuilders.boolQuery; import static org.elasticsearch.index.query.QueryBuilders.termQuery; import static org.elasticsearch.search.builder.SearchSourceBuilder.searchSource; @@ -37,9 +31,6 @@ import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.lessThan; import static org.hamcrest.Matchers.notNullValue; -/** - * - */ @Network public class SlackServiceIT extends AbstractWatcherIntegrationTestCase { @Override @@ -52,20 +43,6 @@ public class SlackServiceIT extends AbstractWatcherIntegrationTestCase { return false; } - @Override - protected Collection> getMockPlugins() { - Collection> mockPlugins = super.getMockPlugins(); - mockPlugins.remove(MockMustacheScriptEngine.TestPlugin.class); - return mockPlugins; - } - - @Override - protected List> pluginTypes() { - List> types = super.pluginTypes(); - types.add(MustachePlugin.class); - return types; - } - @Override protected Settings nodeSettings(int nodeOrdinal) { return Settings.builder() @@ -104,7 +81,7 @@ public class SlackServiceIT extends AbstractWatcherIntegrationTestCase { public void testWatchWithSlackAction() throws Exception { String account = "test_account"; SlackAction.Builder actionBuilder = slackAction(account, SlackMessage.Template.builder() - .setText("slack integration test `{{ctx.payload.ref}}` " + DateTime.now()) + .setText("slack integration test` " + DateTime.now()) .addTo("#watcher-test", "#watcher-test-2")); PutWatchResponse putWatchResponse = watcherClient().preparePutWatch("1").setSource(watchBuilder() diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/WatchAckIT.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatchAckIT.java similarity index 94% rename from elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/WatchAckIT.java rename to elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatchAckIT.java index 0669ae7ad43..b794edde214 100644 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/WatchAckIT.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatchAckIT.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.messy.tests; +package org.elasticsearch.xpack.watcher.test.integration; import org.apache.lucene.util.LuceneTestCase.BadApple; @@ -13,9 +13,6 @@ import org.elasticsearch.action.get.GetRequest; import org.elasticsearch.action.get.GetResponse; import org.elasticsearch.action.index.IndexResponse; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.plugins.Plugin; -import org.elasticsearch.script.MockMustacheScriptEngine; -import org.elasticsearch.script.mustache.MustachePlugin; import org.elasticsearch.xpack.watcher.actions.ActionStatus; import org.elasticsearch.xpack.watcher.client.WatcherClient; import org.elasticsearch.xpack.watcher.condition.compare.CompareCondition; @@ -32,10 +29,6 @@ import org.elasticsearch.xpack.watcher.watch.Watch; import org.elasticsearch.xpack.watcher.watch.WatchStore; import org.hamcrest.Matchers; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashSet; -import java.util.Set; import java.util.concurrent.TimeUnit; import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery; @@ -54,29 +47,10 @@ import static org.hamcrest.Matchers.greaterThanOrEqualTo; import static org.hamcrest.Matchers.is; import static org.hamcrest.core.IsEqual.equalTo; -/** - */ //test is just too slow, please fix it to not be sleep-based @BadApple(bugUrl = "https://github.com/elastic/x-plugins/issues/1007") public class WatchAckIT extends AbstractWatcherIntegrationTestCase { - @Override - protected Collection> nodePlugins() { - Collection> types = new ArrayList<>(); - types.addAll(super.nodePlugins()); - // TODO remove dependency on mustache - types.add(MustachePlugin.class); - return types; - } - - @Override - protected Collection> getMockPlugins() { - Set> plugins = new HashSet<>(super.getMockPlugins()); - // remove the mock because we use mustache here... - plugins.remove(MockMustacheScriptEngine.TestPlugin.class); - return plugins; - } - private IndexResponse indexTestDoc() { createIndex("actions", "events"); ensureGreen("actions", "events"); From 3d3eb0fc48187c8e6987e5a8b37ac01b43c71ea1 Mon Sep 17 00:00:00 2001 From: Martijn van Groningen Date: Thu, 28 Jul 2016 12:59:40 +0200 Subject: [PATCH 04/15] test: renamed test cases Original commit: elastic/x-pack-elasticsearch@c05bfecb974ae74c6e6c1626d4f29fb45d7b3e45 --- .../{HipChatServiceIT.java => HipChatServiceTests.java} | 2 +- .../integration/{NoMasterNodeIT.java => NoMasterNodeTests.java} | 2 +- .../{PagerDutyServiceIT.java => PagerDutyServiceTests.java} | 2 +- .../integration/{SlackServiceIT.java => SlackServiceTests.java} | 2 +- .../test/integration/{WatchAckIT.java => WatchAckTests.java} | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) rename elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/{HipChatServiceIT.java => HipChatServiceTests.java} (99%) rename elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/{NoMasterNodeIT.java => NoMasterNodeTests.java} (99%) rename elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/{PagerDutyServiceIT.java => PagerDutyServiceTests.java} (98%) rename elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/{SlackServiceIT.java => SlackServiceTests.java} (98%) rename elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/{WatchAckIT.java => WatchAckTests.java} (99%) diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/HipChatServiceIT.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/HipChatServiceTests.java similarity index 99% rename from elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/HipChatServiceIT.java rename to elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/HipChatServiceTests.java index 742d6df1f11..28ddb602600 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/HipChatServiceIT.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/HipChatServiceTests.java @@ -32,7 +32,7 @@ import static org.hamcrest.Matchers.notNullValue; @Network @TestLogging("watcher.support.http:TRACE") -public class HipChatServiceIT extends AbstractWatcherIntegrationTestCase { +public class HipChatServiceTests extends AbstractWatcherIntegrationTestCase { @Override protected boolean timeWarped() { return true; diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/NoMasterNodeIT.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/NoMasterNodeTests.java similarity index 99% rename from elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/NoMasterNodeIT.java rename to elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/NoMasterNodeTests.java index caefacbfca9..4dff8ce194e 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/NoMasterNodeIT.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/NoMasterNodeTests.java @@ -56,7 +56,7 @@ import static org.hamcrest.core.Is.is; @TestLogging("discovery:TRACE,watcher:TRACE") @ClusterScope(scope = TEST, numClientNodes = 0, transportClientRatio = 0, randomDynamicTemplates = false, numDataNodes = 0) @SuppressLocalMode -public class NoMasterNodeIT extends AbstractWatcherIntegrationTestCase { +public class NoMasterNodeTests extends AbstractWatcherIntegrationTestCase { private ClusterDiscoveryConfiguration.UnicastZen config; @Override diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/PagerDutyServiceIT.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/PagerDutyServiceTests.java similarity index 98% rename from elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/PagerDutyServiceIT.java rename to elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/PagerDutyServiceTests.java index 473b1a7cdd8..f34f3ae4fde 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/PagerDutyServiceIT.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/PagerDutyServiceTests.java @@ -33,7 +33,7 @@ import static org.hamcrest.Matchers.lessThan; import static org.hamcrest.Matchers.notNullValue; @Network -public class PagerDutyServiceIT extends AbstractWatcherIntegrationTestCase { +public class PagerDutyServiceTests extends AbstractWatcherIntegrationTestCase { @Override protected boolean timeWarped() { diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SlackServiceIT.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SlackServiceTests.java similarity index 98% rename from elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SlackServiceIT.java rename to elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SlackServiceTests.java index 1fa1cfefe84..16ba7afb603 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SlackServiceIT.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SlackServiceTests.java @@ -32,7 +32,7 @@ import static org.hamcrest.Matchers.lessThan; import static org.hamcrest.Matchers.notNullValue; @Network -public class SlackServiceIT extends AbstractWatcherIntegrationTestCase { +public class SlackServiceTests extends AbstractWatcherIntegrationTestCase { @Override protected boolean timeWarped() { return true; diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatchAckIT.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatchAckTests.java similarity index 99% rename from elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatchAckIT.java rename to elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatchAckTests.java index b794edde214..638a27aa85a 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatchAckIT.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatchAckTests.java @@ -49,7 +49,7 @@ import static org.hamcrest.core.IsEqual.equalTo; //test is just too slow, please fix it to not be sleep-based @BadApple(bugUrl = "https://github.com/elastic/x-plugins/issues/1007") -public class WatchAckIT extends AbstractWatcherIntegrationTestCase { +public class WatchAckTests extends AbstractWatcherIntegrationTestCase { private IndexResponse indexTestDoc() { createIndex("actions", "events"); From ba1ced90960271fc4527bba96a9413a4f3ac7bc5 Mon Sep 17 00:00:00 2001 From: jaymode Date: Fri, 8 Jul 2016 14:19:22 -0400 Subject: [PATCH 05/15] security: adapt realms usage stats output and add anonymous This changes the usage stats for the realms to not use nested objects but to instead group values by the realm type. Additionally, the realms now return the actual size of the users that are contained or have recently logged in (in case of LDAP/AD). Additionally, the audit section will always contain an enabled flag and a new field has been added to capture whether anonymous access is enabled or not. See elastic/elasticsearch#2210 Original commit: elastic/x-pack-elasticsearch@9cc2852585d50c8284ff1fffb48a54d605487f21 --- .../xpack/security/SecurityFeatureSet.java | 71 ++++++++-------- .../security/audit/AuditTrailService.java | 2 + .../xpack/security/authc/Realm.java | 1 - .../xpack/security/authc/Realms.java | 82 +++++++++++++++++++ .../xpack/security/authc/file/FileRealm.java | 2 +- .../support/CachingUsernamePasswordRealm.java | 2 +- .../authc/support/UsernamePasswordRealm.java | 32 -------- .../security/transport/filter/IPFilter.java | 12 ++- .../security/SecurityFeatureSetTests.java | 57 ++++++++----- .../xpack/security/authc/RealmsTests.java | 72 ++++++++++++++++ .../ActiveDirectoryRealmTests.java | 22 +++++ .../ActiveDirectoryRealmUsageTests.java | 44 ---------- .../security/authc/file/FileRealmTests.java | 5 +- .../security/authc/ldap/LdapRealmTests.java | 3 +- .../security/authc/ldap/OpenLdapTests.java | 38 --------- .../support/UsernamePasswordRealmTests.java | 44 ---------- .../security/user/AnonymousUserTests.java | 3 - 17 files changed, 262 insertions(+), 230 deletions(-) delete mode 100644 elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmUsageTests.java delete mode 100644 elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealmTests.java diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java index e1b99c86602..4c58cf22f4e 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java @@ -10,14 +10,11 @@ import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.io.stream.NamedWriteableRegistry; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; -import org.elasticsearch.common.io.stream.Writeable; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.xpack.security.audit.AuditTrailService; -import org.elasticsearch.xpack.security.authc.Realm; import org.elasticsearch.xpack.security.authc.Realms; -import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm; import org.elasticsearch.xpack.XPackFeatureSet; import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore; import org.elasticsearch.xpack.security.authz.store.RolesStore; @@ -25,20 +22,20 @@ import org.elasticsearch.xpack.security.crypto.CryptoService; import org.elasticsearch.xpack.security.transport.filter.IPFilter; import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; +import org.elasticsearch.xpack.security.user.AnonymousUser; import java.io.IOException; -import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; -import java.util.List; import java.util.Map; -import java.util.stream.Collectors; /** * */ public class SecurityFeatureSet implements XPackFeatureSet { + private static final Map DISABLED_FEATURE_MAP = Collections.singletonMap("enabled", false); + private final Settings settings; private final boolean enabled; private final XPackLicenseState licenseState; @@ -91,28 +88,22 @@ public class SecurityFeatureSet implements XPackFeatureSet { @Override public XPackFeatureSet.Usage usage() { - List> enabledRealms = buildEnabledRealms(realms); + Map realmsUsage = buildRealmsUsage(realms); Map rolesStoreUsage = rolesStoreUsage(rolesStore); Map sslUsage = sslUsage(settings); Map auditUsage = auditUsage(auditTrailService); Map ipFilterUsage = ipFilterUsage(ipFilter); - boolean hasSystemKey = systemKeyUsage(cryptoService); - return new Usage(available(), enabled(), enabledRealms, rolesStoreUsage, sslUsage, auditUsage, ipFilterUsage, hasSystemKey); + Map systemKeyUsage = systemKeyUsage(cryptoService); + Map anonymousUsage = Collections.singletonMap("enabled", AnonymousUser.enabled()); + return new Usage(available(), enabled(), realmsUsage, rolesStoreUsage, sslUsage, auditUsage, ipFilterUsage, systemKeyUsage, + anonymousUsage); } - static List> buildEnabledRealms(Realms realms) { + static Map buildRealmsUsage(Realms realms) { if (realms == null) { - return Collections.emptyList(); + return Collections.emptyMap(); } - List> enabledRealms = new ArrayList<>(); - for (Realm realm : realms) { - if (realm instanceof ReservedRealm) { - continue; // we don't need usage of this one - } - Map stats = realm.usageStats(); - enabledRealms.add(stats); - } - return enabledRealms; + return realms.usageStats(); } static Map rolesStoreUsage(@Nullable RolesStore rolesStore) { @@ -131,82 +122,88 @@ public class SecurityFeatureSet implements XPackFeatureSet { static Map auditUsage(@Nullable AuditTrailService auditTrailService) { if (auditTrailService == null) { - return Collections.emptyMap(); + return DISABLED_FEATURE_MAP; } return auditTrailService.usageStats(); } static Map ipFilterUsage(@Nullable IPFilter ipFilter) { if (ipFilter == null) { - return Collections.emptyMap(); + return IPFilter.DISABLED_USAGE_STATS; } return ipFilter.usageStats(); } - static boolean systemKeyUsage(CryptoService cryptoService) { + static Map systemKeyUsage(CryptoService cryptoService) { // we can piggy back on the encryption enabled method as it is only enabled if there is a system key - return cryptoService != null && cryptoService.isEncryptionEnabled(); + return Collections.singletonMap("enabled", cryptoService != null && cryptoService.isEncryptionEnabled()); } static class Usage extends XPackFeatureSet.Usage { - private static final String ENABLED_REALMS_XFIELD = "enabled_realms"; + private static final String REALMS_XFIELD = "realms"; private static final String ROLES_XFIELD = "roles"; private static final String SSL_XFIELD = "ssl"; private static final String AUDIT_XFIELD = "audit"; private static final String IP_FILTER_XFIELD = "ipfilter"; private static final String SYSTEM_KEY_XFIELD = "system_key"; + private static final String ANONYMOUS_XFIELD = "anonymous"; - private List> enabledRealms; + private Map realmsUsage; private Map rolesStoreUsage; private Map sslUsage; private Map auditUsage; private Map ipFilterUsage; - private boolean hasSystemKey; + private Map systemKeyUsage; + private Map anonymousUsage; public Usage(StreamInput in) throws IOException { super(in); - enabledRealms = in.readList(StreamInput::readMap); + realmsUsage = in.readMap(); rolesStoreUsage = in.readMap(); sslUsage = in.readMap(); auditUsage = in.readMap(); ipFilterUsage = in.readMap(); - hasSystemKey = in.readBoolean(); + systemKeyUsage = in.readMap(); + anonymousUsage = in.readMap(); } - public Usage(boolean available, boolean enabled, List> enabledRealms, Map rolesStoreUsage, + public Usage(boolean available, boolean enabled, Map realmsUsage, Map rolesStoreUsage, Map sslUsage, Map auditUsage, Map ipFilterUsage, - boolean hasSystemKey) { + Map systemKeyUsage, Map anonymousUsage) { super(Security.NAME, available, enabled); - this.enabledRealms = enabledRealms; + this.realmsUsage = realmsUsage; this.rolesStoreUsage = rolesStoreUsage; this.sslUsage = sslUsage; this.auditUsage = auditUsage; this.ipFilterUsage = ipFilterUsage; - this.hasSystemKey = hasSystemKey; + this.systemKeyUsage = systemKeyUsage; + this.anonymousUsage = anonymousUsage; } @Override public void writeTo(StreamOutput out) throws IOException { super.writeTo(out); - out.writeList(enabledRealms.stream().map((m) -> (Writeable) o -> o.writeMap(m)).collect(Collectors.toList())); + out.writeMap(realmsUsage); out.writeMap(rolesStoreUsage); out.writeMap(sslUsage); out.writeMap(auditUsage); out.writeMap(ipFilterUsage); - out.writeBoolean(hasSystemKey); + out.writeMap(systemKeyUsage); + out.writeMap(anonymousUsage); } @Override protected void innerXContent(XContentBuilder builder, Params params) throws IOException { super.innerXContent(builder, params); if (enabled) { - builder.field(ENABLED_REALMS_XFIELD, enabledRealms); + builder.field(REALMS_XFIELD, realmsUsage); builder.field(ROLES_XFIELD, rolesStoreUsage); builder.field(SSL_XFIELD, sslUsage); builder.field(AUDIT_XFIELD, auditUsage); builder.field(IP_FILTER_XFIELD, ipFilterUsage); - builder.field(SYSTEM_KEY_XFIELD, hasSystemKey); + builder.field(SYSTEM_KEY_XFIELD, systemKeyUsage); + builder.field(ANONYMOUS_XFIELD, anonymousUsage); } } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java index 7154967ebe9..6d414c91c8d 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java @@ -26,6 +26,8 @@ import org.elasticsearch.xpack.security.user.User; */ public class AuditTrailService extends AbstractComponent implements AuditTrail { + public static final Map DISABLED_USAGE_STATS = Collections.singletonMap("enabled", false); + private final XPackLicenseState licenseState; final List auditTrails; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java index 078ff26c76e..c6596033be5 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realm.java @@ -89,7 +89,6 @@ public abstract class Realm implements Comparable { public Map usageStats() { Map stats = new HashMap<>(); - stats.put("type", type); stats.put("name", name()); stats.put("order", order()); return stats; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realms.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realms.java index 0fee39a0e49..adcb11d059f 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realms.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Realms.java @@ -8,13 +8,16 @@ package org.elasticsearch.xpack.security.authc; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; +import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import java.util.Set; import org.elasticsearch.ElasticsearchException; +import org.elasticsearch.common.collect.MapBuilder; import org.elasticsearch.common.component.AbstractLifecycleComponent; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Setting.Property; @@ -178,6 +181,48 @@ public class Realms extends AbstractLifecycleComponent implements Iterable usageStats() { + Map realmMap = new HashMap<>(); + for (Realm realm : this) { + if (ReservedRealm.TYPE.equals(realm.type())) { + continue; + } + realmMap.compute(realm.type(), (key, value) -> { + if (value == null) { + Object realmTypeUsage = convertToMapOfLists(realm.usageStats()); + return realmTypeUsage; + } + assert value instanceof Map; + combineMaps((Map) value, realm.usageStats()); + return value; + }); + } + + final AllowedRealmType allowedRealmType = licenseState.allowedRealmType(); + // iterate over the factories so we can add enabled & available info + for (String type : factories.keySet()) { + assert ReservedRealm.TYPE.equals(type) == false; + realmMap.compute(type, (key, value) -> { + if (value == null) { + return MapBuilder.newMapBuilder() + .put("enabled", false) + .put("available", isRealmTypeAvailable(allowedRealmType, type)) + .map(); + } + + assert value instanceof Map; + Map realmTypeUsage = (Map) value; + realmTypeUsage.put("enabled", true); + // the realms iterator returned this type so it must be enabled + assert isRealmTypeAvailable(allowedRealmType, type); + realmTypeUsage.put("available", true); + return value; + }); + } + + return realmMap; + } + /** * returns the settings for the {@link FileRealm}. Typically, this realms may or may * not be configured. If it is not configured, it will work OOTB using default settings. If it is @@ -218,4 +263,41 @@ public class Realms extends AbstractLifecycleComponent implements Iterable> settingsModule) { settingsModule.add(REALMS_GROUPS_SETTINGS); } + + private static void combineMaps(Map mapA, Map mapB) { + for (Entry entry : mapB.entrySet()) { + mapA.compute(entry.getKey(), (key, value) -> { + if (value == null) { + return new ArrayList<>(Collections.singletonList(entry.getValue())); + } + + assert value instanceof List; + ((List) value).add(entry.getValue()); + return value; + }); + } + } + + private static Map convertToMapOfLists(Map map) { + Map converted = new HashMap<>(map.size()); + for (Entry entry : map.entrySet()) { + converted.put(entry.getKey(), new ArrayList<>(Collections.singletonList(entry.getValue()))); + } + return converted; + } + + private static boolean isRealmTypeAvailable(AllowedRealmType enabledRealmType, String type) { + switch (enabledRealmType) { + case ALL: + return true; + case NONE: + return false; + case NATIVE: + return FileRealm.TYPE.equals(type) || NativeRealm.TYPE.equals(type); + case DEFAULT: + return INTERNAL_REALM_TYPES.contains(type); + default: + throw new IllegalStateException("unknown enabled realm type [" + enabledRealmType + "]"); + } + } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileRealm.java index bd17724107c..43f0ed0d563 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileRealm.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileRealm.java @@ -61,7 +61,7 @@ public class FileRealm extends CachingUsernamePasswordRealm { public Map usageStats() { Map stats = super.usageStats(); // here we can determine the size based on the in mem user store - stats.put("size", UserbaseSize.resolve(userPasswdStore.usersCount())); + stats.put("size", userPasswdStore.usersCount()); return stats; } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java index 54e5b59b1d6..b127e0725af 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java @@ -171,7 +171,7 @@ public abstract class CachingUsernamePasswordRealm extends UsernamePasswordRealm @Override public Map usageStats() { Map stats = super.usageStats(); - stats.put("size", UserbaseSize.resolve(cache.count()).toString()); + stats.put("size", cache.count()); return stats; } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealm.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealm.java index 1bac5a68aab..080d5aca001 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealm.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealm.java @@ -6,13 +6,10 @@ package org.elasticsearch.xpack.security.authc.support; import org.elasticsearch.common.util.concurrent.ThreadContext; -import org.elasticsearch.rest.RestController; import org.elasticsearch.xpack.security.authc.AuthenticationToken; import org.elasticsearch.xpack.security.authc.Realm; import org.elasticsearch.xpack.security.authc.RealmConfig; -import java.util.Locale; - /** * */ @@ -31,33 +28,4 @@ public abstract class UsernamePasswordRealm extends Realm { return token instanceof UsernamePasswordToken; } - public enum UserbaseSize { - - TINY, - SMALL, - MEDIUM, - LARGE, - XLARGE; - - public static UserbaseSize resolve(int count) { - if (count < 10) { - return TINY; - } - if (count < 100) { - return SMALL; - } - if (count < 500) { - return MEDIUM; - } - if (count < 1000) { - return LARGE; - } - return XLARGE; - } - - @Override - public String toString() { - return this == XLARGE ? "x-large" : name().toLowerCase(Locale.ROOT); - } - } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java index 9cb025e81d9..114ea5742bc 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java @@ -7,6 +7,7 @@ package org.elasticsearch.xpack.security.transport.filter; import org.apache.lucene.util.SetOnce; +import org.elasticsearch.common.collect.MapBuilder; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.Loggers; @@ -69,6 +70,10 @@ public class IPFilter { public static final Setting> HTTP_FILTER_DENY_SETTING = Setting.listSetting(setting("http.filter.deny"), HTTP_FILTER_DENY_FALLBACK, Function.identity(), Property.Dynamic, Property.NodeScope); + public static final Map DISABLED_USAGE_STATS = new MapBuilder() + .put("http", false) + .put("transport", false) + .immutableMap(); public static final SecurityIpFilterRule DEFAULT_PROFILE_ACCEPT_ALL = new SecurityIpFilterRule(true, "default:accept_all") { @Override @@ -132,8 +137,11 @@ public class IPFilter { public Map usageStats() { Map map = new HashMap<>(2); - map.put("http", Collections.singletonMap("enabled", isHttpFilterEnabled)); - map.put("transport", Collections.singletonMap("enabled", isIpFilterEnabled)); + final boolean httpFilterEnabled = isHttpFilterEnabled && (httpAllowFilter.isEmpty() == false || httpDenyFilter.isEmpty() == false); + final boolean transportFilterEnabled = isIpFilterEnabled && + (transportAllowFilter.isEmpty() == false || transportDenyFilter.isEmpty() == false); + map.put("http", httpFilterEnabled); + map.put("transport", transportFilterEnabled); return map; } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java index 7d74778f0fb..be5689b8488 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java @@ -12,24 +12,25 @@ import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.XPackFeatureSet; import org.elasticsearch.xpack.security.audit.AuditTrailService; -import org.elasticsearch.xpack.security.authc.Realm; import org.elasticsearch.xpack.security.authc.Realms; import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore; import org.elasticsearch.xpack.security.crypto.CryptoService; import org.elasticsearch.xpack.security.transport.filter.IPFilter; import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport; import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport; +import org.elasticsearch.xpack.security.user.AnonymousUser; import org.elasticsearch.xpack.watcher.support.xcontent.XContentSource; +import org.junit.After; import org.junit.Before; -import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.HashMap; -import java.util.List; import java.util.Map; import static org.hamcrest.CoreMatchers.nullValue; import static org.hamcrest.Matchers.contains; +import static org.hamcrest.Matchers.hasEntry; import static org.hamcrest.Matchers.notNullValue; import static org.hamcrest.core.Is.is; import static org.mockito.Matchers.anyObject; @@ -61,6 +62,11 @@ public class SecurityFeatureSetTests extends ESTestCase { cryptoService = mock(CryptoService.class); } + @After + public void resetAnonymous() { + AnonymousUser.initialize(Settings.EMPTY); + } + public void testWritableRegistration() throws Exception { new SecurityFeatureSet(settings, licenseState, realms, namedWriteableRegistry, rolesStore, ipFilter, auditTrail, cryptoService); verify(namedWriteableRegistry).register(eq(SecurityFeatureSet.Usage.class), eq("xpack.usage.security"), anyObject()); @@ -96,11 +102,11 @@ public class SecurityFeatureSetTests extends ESTestCase { when(cryptoService.isEncryptionEnabled()).thenReturn(enabled); - assertThat(SecurityFeatureSet.systemKeyUsage(cryptoService), is(enabled)); + assertThat(SecurityFeatureSet.systemKeyUsage(cryptoService), hasEntry("enabled", enabled)); } public void testSystemKeyUsageNotEnabledIfNull() { - assertThat(SecurityFeatureSet.systemKeyUsage(null), is(false)); + assertThat(SecurityFeatureSet.systemKeyUsage(null), hasEntry("enabled", false)); } public void testUsage() throws Exception { @@ -143,19 +149,20 @@ public class SecurityFeatureSetTests extends ESTestCase { final boolean useSystemKey = randomBoolean(); when(cryptoService.isEncryptionEnabled()).thenReturn(useSystemKey); - List realmsList= new ArrayList<>(); - + Map realmsUsageStats = new HashMap<>(); for (int i = 0; i < 5; i++) { - Realm realm = mock(Realm.class); - when(realm.type()).thenReturn("type" + i); - realmsList.add(realm); Map realmUsage = new HashMap<>(); - realmUsage.put("key1", "value" + i); - realmUsage.put("key2", i); - realmUsage.put("key3", i % 2 == 0); - when(realm.usageStats()).thenReturn(realmUsage); + realmsUsageStats.put("type" + i, realmUsage); + realmUsage.put("key1", Arrays.asList("value" + i)); + realmUsage.put("key2", Arrays.asList(i)); + realmUsage.put("key3", Arrays.asList(i % 2 == 0)); + } + when(realms.usageStats()).thenReturn(realmsUsageStats); + + final boolean anonymousEnabled = randomBoolean(); + if (anonymousEnabled) { + AnonymousUser.initialize(Settings.builder().put(AnonymousUser.ROLES_SETTING.getKey(), "foo").build()); } - when(realms.iterator()).thenReturn(authcAuthzAvailable ? realmsList.iterator() : Collections.emptyIterator()); SecurityFeatureSet featureSet = new SecurityFeatureSet(settings.build(), licenseState, realms, namedWriteableRegistry, rolesStore, ipFilter, auditTrail, cryptoService); @@ -169,12 +176,12 @@ public class SecurityFeatureSetTests extends ESTestCase { if (enabled) { if (authcAuthzAvailable) { for (int i = 0; i < 5; i++) { - assertThat(source.getValue("enabled_realms." + i + ".key1"), is("value" + i)); - assertThat(source.getValue("enabled_realms." + i + ".key2"), is(i)); - assertThat(source.getValue("enabled_realms." + i + ".key3"), is(i % 2 == 0)); + assertThat(source.getValue("realms.type" + i + ".key1"), contains("value" + i)); + assertThat(source.getValue("realms.type" + i + ".key2"), contains(i)); + assertThat(source.getValue("realms.type" + i + ".key3"), contains(i % 2 == 0)); } } else { - assertThat(source.getValue("enabled_realms"), is(notNullValue())); + assertThat(source.getValue("realms"), is(notNullValue())); } // check SSL @@ -197,9 +204,17 @@ public class SecurityFeatureSetTests extends ESTestCase { } // system key - assertThat(source.getValue("system_key"), is(useSystemKey)); + assertThat(source.getValue("system_key.enabled"), is(useSystemKey)); + + // anonymous + assertThat(source.getValue("anonymous.enabled"), is(anonymousEnabled)); } else { - assertThat(source.getValue("enabled_realms"), is(nullValue())); + assertThat(source.getValue("realms"), is(nullValue())); + assertThat(source.getValue("ssl"), is(nullValue())); + assertThat(source.getValue("audit"), is(nullValue())); + assertThat(source.getValue("anonymous"), is(nullValue())); + assertThat(source.getValue("ipfilter"), is(nullValue())); + assertThat(source.getValue("roles"), is(nullValue())); } } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java index eebc8b139b7..eb4b8089683 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java @@ -24,10 +24,13 @@ import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import static org.hamcrest.Matchers.contains; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.hasEntry; +import static org.hamcrest.Matchers.instanceOf; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; import static org.mockito.Mockito.mock; @@ -51,6 +54,7 @@ public class RealmsTests extends ESTestCase { reservedRealm = mock(ReservedRealm.class); when(licenseState.isAuthAllowed()).thenReturn(true); when(licenseState.allowedRealmType()).thenReturn(AllowedRealmType.ALL); + when(reservedRealm.type()).thenReturn(ReservedRealm.TYPE); } public void testWithSettings() throws Exception { @@ -352,6 +356,74 @@ public class RealmsTests extends ESTestCase { assertThat(realms.iterator().hasNext(), is(false)); } + public void testUsageStats() { + // test realms with duplicate values + Settings.Builder builder = Settings.builder() + .put("path.home", createTempDir()) + .put("xpack.security.authc.realms.foo.type", "type_0") + .put("xpack.security.authc.realms.foo.order", "0") + .put("xpack.security.authc.realms.bar.type", "type_0") + .put("xpack.security.authc.realms.bar.order", "1"); + Settings settings = builder.build(); + Environment env = new Environment(settings); + Realms realms = new Realms(settings, env, factories, licenseState, reservedRealm); + realms.start(); + + Map usageStats = realms.usageStats(); + assertThat(usageStats.size(), is(factories.size())); + + // first check type_0 + assertThat(usageStats.get("type_0"), instanceOf(Map.class)); + Map type0Map = (Map) usageStats.get("type_0"); + assertThat(type0Map, hasEntry("enabled", true)); + assertThat(type0Map, hasEntry("available", true)); + assertThat((Iterable) type0Map.get("name"), contains("foo", "bar")); + assertThat((Iterable) type0Map.get("order"), contains(0, 1)); + + for (Entry entry : usageStats.entrySet()) { + String type = entry.getKey(); + if ("type_0".equals(type)) { + continue; + } + + Map typeMap = (Map) entry.getValue(); + assertThat(typeMap, hasEntry("enabled", false)); + assertThat(typeMap, hasEntry("available", true)); + assertThat(typeMap.size(), is(2)); + } + + // disable ALL using license + when(licenseState.isAuthAllowed()).thenReturn(false); + when(licenseState.allowedRealmType()).thenReturn(AllowedRealmType.NONE); + usageStats = realms.usageStats(); + assertThat(usageStats.size(), is(factories.size())); + for (Entry entry : usageStats.entrySet()) { + Map typeMap = (Map) entry.getValue(); + assertThat(typeMap, hasEntry("enabled", false)); + assertThat(typeMap, hasEntry("available", false)); + assertThat(typeMap.size(), is(2)); + } + + // check native or internal realms enabled only + when(licenseState.isAuthAllowed()).thenReturn(true); + when(licenseState.allowedRealmType()).thenReturn(randomFrom(AllowedRealmType.NATIVE, AllowedRealmType.DEFAULT)); + usageStats = realms.usageStats(); + assertThat(usageStats.size(), is(factories.size())); + for (Entry entry : usageStats.entrySet()) { + final String type = entry.getKey(); + Map typeMap = (Map) entry.getValue(); + if (FileRealm.TYPE.equals(type) || NativeRealm.TYPE.equals(type)) { + assertThat(typeMap, hasEntry("enabled", true)); + assertThat(typeMap, hasEntry("available", true)); + assertThat((Iterable) typeMap.get("name"), contains("default_" + type)); + } else { + assertThat(typeMap, hasEntry("enabled", false)); + assertThat(typeMap, hasEntry("available", false)); + assertThat(typeMap.size(), is(2)); + } + } + } + static class DummyRealm extends Realm { public DummyRealm(String type, RealmConfig config) { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmTests.java index e0c48302f72..75b1e099ee6 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmTests.java @@ -31,6 +31,7 @@ import org.junit.BeforeClass; import java.util.ArrayList; import java.util.List; +import java.util.Map; import static org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory.HOSTNAME_VERIFICATION_SETTING; import static org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory.URLS_SETTING; @@ -38,6 +39,7 @@ import static org.hamcrest.Matchers.arrayContaining; import static org.hamcrest.Matchers.arrayContainingInAnyOrder; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.hasEntry; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; import static org.mockito.Matchers.any; @@ -226,6 +228,26 @@ public class ActiveDirectoryRealmTests extends ESTestCase { assertThat(user.roles(), arrayContainingInAnyOrder(equalTo("group_role"), equalTo("user_role"))); } + public void testRealmUsageStats() throws Exception { + String loadBalanceType = randomFrom("failover", "round_robin"); + Settings settings = settings(Settings.builder() + .put(DnRoleMapper.ROLE_MAPPING_FILE_SETTING, getDataPath("role_mapping.yml")) + .put("load_balance.type", loadBalanceType) + .build()); + RealmConfig config = new RealmConfig("testRealmUsageStats", settings, globalSettings); + ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, null); + DnRoleMapper roleMapper = new DnRoleMapper(ActiveDirectoryRealm.TYPE, config, resourceWatcherService, null); + ActiveDirectoryRealm realm = new ActiveDirectoryRealm(config, sessionFactory, roleMapper); + + Map stats = realm.usageStats(); + assertThat(stats, is(notNullValue())); + assertThat(stats, hasEntry("name", realm.name())); + assertThat(stats, hasEntry("order", realm.order())); + assertThat(stats, hasEntry("size", 0)); + assertThat(stats, hasEntry("ssl", false)); + assertThat(stats, hasEntry("load_balance_type", loadBalanceType)); + } + private Settings settings() throws Exception { return settings(Settings.EMPTY); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmUsageTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmUsageTests.java deleted file mode 100644 index 4347c8e9bdb..00000000000 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/ActiveDirectoryRealmUsageTests.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.xpack.security.authc.activedirectory; - -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.xpack.security.authc.RealmConfig; -import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope; -import org.elasticsearch.xpack.security.authc.support.DnRoleMapper; -import org.elasticsearch.test.junit.annotations.Network; - -import java.util.Map; - -import static org.hamcrest.Matchers.hasEntry; -import static org.hamcrest.Matchers.is; -import static org.hamcrest.Matchers.notNullValue; -import static org.mockito.Mockito.mock; - -@Network -public class ActiveDirectoryRealmUsageTests extends AbstractActiveDirectoryIntegTests { - - public void testUsageStats() throws Exception { - String loadBalanceType = randomFrom("failover", "round_robin"); - Settings settings = Settings.builder() - .put(buildAdSettings(AD_LDAP_URL, AD_DOMAIN, "CN=Bruce Banner, CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com", - LdapSearchScope.BASE, false)) - .put("load_balance.type", loadBalanceType) - .build(); - RealmConfig config = new RealmConfig("ad-test", settings, globalSettings); - ActiveDirectorySessionFactory sessionFactory = new ActiveDirectorySessionFactory(config, clientSSLService); - ActiveDirectoryRealm realm = new ActiveDirectoryRealm(config, sessionFactory, mock(DnRoleMapper.class)); - - Map stats = realm.usageStats(); - assertThat(stats, is(notNullValue())); - assertThat(stats, hasEntry("type", "active_directory")); - assertThat(stats, hasEntry("name", "ad-test")); - assertThat(stats, hasEntry("order", realm.order())); - assertThat(stats, hasEntry("size", "tiny")); - assertThat(stats, hasEntry("ssl", true)); - assertThat(stats, hasEntry("load_balance_type", loadBalanceType)); - } -} diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileRealmTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileRealmTests.java index 007668b9bd1..f581d9d49ff 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileRealmTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/file/FileRealmTests.java @@ -10,7 +10,6 @@ import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.xpack.security.authc.RealmConfig; import org.elasticsearch.xpack.security.authc.support.Hasher; import org.elasticsearch.xpack.security.authc.support.SecuredStringTests; -import org.elasticsearch.xpack.security.authc.support.UsernamePasswordRealm; import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; import org.elasticsearch.xpack.security.user.User; import org.elasticsearch.test.ESTestCase; @@ -177,11 +176,9 @@ public class FileRealmTests extends ESTestCase { Map usage = realm.usageStats(); assertThat(usage, is(notNullValue())); - assertThat(usage, hasEntry("type", "file")); assertThat(usage, hasEntry("name", "file-realm")); assertThat(usage, hasEntry("order", order)); - assertThat(usage, hasEntry("size", UsernamePasswordRealm.UserbaseSize.resolve(userCount))); - + assertThat(usage, hasEntry("size", userCount)); } static class UserPasswdStore extends FileUserPasswdStore { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java index a99d64373bf..08b495b30d2 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java @@ -249,10 +249,9 @@ public class LdapRealmTests extends LdapTestCase { Map stats = realm.usageStats(); assertThat(stats, is(notNullValue())); - assertThat(stats, hasEntry("type", "ldap")); assertThat(stats, hasEntry("name", "ldap-realm")); assertThat(stats, hasEntry("order", realm.order())); - assertThat(stats, hasEntry("size", "tiny")); + assertThat(stats, hasEntry("size", 0)); assertThat(stats, hasEntry("ssl", false)); assertThat(stats, hasEntry("user_search", userSearch)); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java index 66491145d82..f746da1c6f6 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java @@ -6,7 +6,6 @@ package org.elasticsearch.xpack.security.authc.ldap; import com.unboundid.ldap.sdk.LDAPException; -import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.xpack.security.authc.RealmConfig; @@ -14,7 +13,6 @@ import org.elasticsearch.xpack.security.authc.ldap.support.LdapSearchScope; import org.elasticsearch.xpack.security.authc.ldap.support.LdapSession; import org.elasticsearch.xpack.security.authc.ldap.support.LdapTestCase; import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory; -import org.elasticsearch.xpack.security.authc.support.DnRoleMapper; import org.elasticsearch.xpack.security.authc.support.SecuredStringTests; import org.elasticsearch.xpack.security.ssl.ClientSSLService; import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; @@ -22,17 +20,11 @@ import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.junit.annotations.Network; import org.junit.Before; -import java.io.IOException; import java.nio.file.Path; -import java.util.Map; import static org.hamcrest.Matchers.anyOf; import static org.hamcrest.Matchers.containsString; -import static org.hamcrest.Matchers.hasEntry; import static org.hamcrest.Matchers.hasItem; -import static org.hamcrest.Matchers.notNullValue; -import static org.hamcrest.core.Is.is; -import static org.mockito.Mockito.mock; @Network public class OpenLdapTests extends ESTestCase { @@ -96,36 +88,6 @@ public class OpenLdapTests extends ESTestCase { } } - public void testUsageStats() throws Exception { - String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"; - String userTemplate = "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"; - Settings.Builder settings = Settings.builder() - .put(buildLdapSettings(OPEN_LDAP_URL, userTemplate, groupSearchBase, LdapSearchScope.ONE_LEVEL)) - .put("group_search.filter", "(&(objectclass=posixGroup)(memberUID={0}))") - .put("group_search.user_attribute", "uid"); - - boolean userSearch = randomBoolean(); - if (userSearch) { - settings.put("user_search.base_dn", ""); - } - - String loadBalanceType = randomFrom("failover", "round_robin"); - settings.put("load_balance.type", loadBalanceType); - - RealmConfig config = new RealmConfig("oldap-test", settings.build(), globalSettings); - LdapSessionFactory sessionFactory = new LdapSessionFactory(config, clientSSLService); - LdapRealm realm = new LdapRealm(config, sessionFactory, mock(DnRoleMapper.class)); - - Map stats = realm.usageStats(); - assertThat(stats, is(notNullValue())); - assertThat(stats, hasEntry("size", "tiny")); - assertThat(stats, hasEntry("ssl", true)); - assertThat(stats, hasEntry("user_search", userSearch)); - assertThat(stats, hasEntry("load_balance_type", loadBalanceType)); - } - - - public void testCustomFilter() throws Exception { String groupSearchBase = "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"; String userTemplate = "uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"; diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealmTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealmTests.java deleted file mode 100644 index 01b88d21d33..00000000000 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/support/UsernamePasswordRealmTests.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.xpack.security.authc.support; - -import org.elasticsearch.test.ESTestCase; - -import java.util.Locale; - -import static org.hamcrest.core.Is.is; - -/** - * - */ -public class UsernamePasswordRealmTests extends ESTestCase { - - public void testUserbaseScaelResolve() throws Exception { - int count = randomIntBetween(0, 1000); - UsernamePasswordRealm.UserbaseSize size = UsernamePasswordRealm.UserbaseSize.resolve(count); - if (count < 10) { - assertThat(size, is(UsernamePasswordRealm.UserbaseSize.TINY)); - } else if (count < 100) { - assertThat(size, is(UsernamePasswordRealm.UserbaseSize.SMALL)); - } else if (count < 500) { - assertThat(size, is(UsernamePasswordRealm.UserbaseSize.MEDIUM)); - } else if (count < 1000) { - assertThat(size, is(UsernamePasswordRealm.UserbaseSize.LARGE)); - } else { - assertThat(size, is(UsernamePasswordRealm.UserbaseSize.XLARGE)); - } - } - - public void testUserbaseScaleToString() throws Exception { - UsernamePasswordRealm.UserbaseSize size = randomFrom(UsernamePasswordRealm.UserbaseSize.values()); - String value = size.toString(); - if (size == UsernamePasswordRealm.UserbaseSize.XLARGE) { - assertThat(value , is("x-large")); - } else { - assertThat(value , is(size.name().toLowerCase(Locale.ROOT))); - } - } -} diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserTests.java index f801ed792f3..f4b85ad83da 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/user/AnonymousUserTests.java @@ -5,14 +5,11 @@ */ package org.elasticsearch.xpack.security.user; -import org.elasticsearch.common.io.stream.ByteBufferStreamInput; import org.elasticsearch.common.io.stream.BytesStreamOutput; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.ESTestCase; import org.junit.After; -import java.nio.ByteBuffer; - import static org.hamcrest.Matchers.arrayContainingInAnyOrder; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.is; From 39d614bd17a13d02349e9055e4d6aafc908b3280 Mon Sep 17 00:00:00 2001 From: Alexander Reelsen Date: Thu, 28 Jul 2016 16:10:02 +0200 Subject: [PATCH 06/15] Watcher: Fix HTTP proxy port setting (elastic/elasticsearch#2961) The value of the setting name had a typo. Also added a message to show the value of globally configured proxy on startup to help admins spot if this is configured. Original commit: elastic/x-pack-elasticsearch@bdc41ff733318455385ff193cb0febaf8f1db46e --- .../java/org/elasticsearch/xpack/common/http/HttpClient.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpClient.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpClient.java index da5f0aa8a93..0f8a1290654 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpClient.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpClient.java @@ -10,7 +10,6 @@ import org.elasticsearch.ElasticsearchTimeoutException; import org.elasticsearch.SpecialPermission; import org.elasticsearch.common.Strings; import org.elasticsearch.common.component.AbstractLifecycleComponent; -import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.io.Streams; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; @@ -69,7 +68,7 @@ public class HttpClient extends AbstractLifecycleComponent { public static final String SETTINGS_SSL_TRUSTSTORE_ALGORITHM = SETTINGS_SSL_PREFIX + "truststore.algorithm"; static final String SETTINGS_SSL_SECURITY_TRUSTSTORE_ALGORITHM = SETTINGS_SSL_SECURITY_PREFIX + "truststore.algorithm"; public static final String SETTINGS_PROXY_HOST = SETTINGS_PROXY_PREFIX + "host"; - public static final String SETTINGS_PROXY_PORT = SETTINGS_PROXY_PREFIX + "post"; + public static final String SETTINGS_PROXY_PORT = SETTINGS_PROXY_PREFIX + "port"; private final HttpAuthRegistry httpAuthRegistry; private final Environment env; @@ -93,6 +92,7 @@ public class HttpClient extends AbstractLifecycleComponent { String proxyHost = settings.get(SETTINGS_PROXY_HOST, null); if (proxyPort != null && Strings.hasText(proxyHost)) { proxy = new HttpProxy(proxyHost, proxyPort); + logger.info("Using default proxy for http input and slack/hipchat/pagerduty/webhook actions [{}:{}]", proxyHost, proxyPort); } else { if (proxyPort == null && Strings.hasText(proxyHost) || proxyPort != null && !Strings.hasText(proxyHost)) { logger.error("disabling proxy. Watcher HTTP HttpProxy requires both settings: [{}] and [{}]", SETTINGS_PROXY_HOST, From 4d81792a56daed393c8729c5fbbbead5a9130fee Mon Sep 17 00:00:00 2001 From: Chris Earle Date: Thu, 7 Jul 2016 01:32:53 -0400 Subject: [PATCH 07/15] [Graph] Log Deprecation Warnings for old API usage This makes use of the `registerAsDeprecatedHandler` method to automatically warn users when they're using deprecated functionality. This will also automatically provide a `Warning` header for anyone using HTTP clients (though they have to be looking for it...). Graph portion only Original commit: elastic/x-pack-elasticsearch@d6452a75c12e7f7cc32fdb408f35010fc464998b --- .../graph/rest/action/RestGraphAction.java | 32 ++++++++++--------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/rest/action/RestGraphAction.java b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/rest/action/RestGraphAction.java index 140984f8148..5115d010c0c 100644 --- a/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/rest/action/RestGraphAction.java +++ b/elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/rest/action/RestGraphAction.java @@ -16,7 +16,6 @@ import java.util.Map; import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.action.support.IndicesOptions; -import org.elasticsearch.client.node.NodeClient; import org.elasticsearch.common.ParseField; import org.elasticsearch.common.Strings; import org.elasticsearch.common.bytes.BytesReference; @@ -27,23 +26,24 @@ import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.index.query.QueryParseContext; import org.elasticsearch.indices.query.IndicesQueriesRegistry; -import org.elasticsearch.rest.BaseRestHandler; import org.elasticsearch.rest.RestChannel; import org.elasticsearch.rest.RestController; import org.elasticsearch.rest.RestRequest; import org.elasticsearch.rest.action.support.RestActions; import org.elasticsearch.rest.action.support.RestToXContentListener; +import org.elasticsearch.xpack.XPackClient; import org.elasticsearch.xpack.graph.action.GraphExploreRequest; import org.elasticsearch.xpack.graph.action.GraphExploreResponse; import org.elasticsearch.xpack.graph.action.Hop; import org.elasticsearch.xpack.graph.action.VertexRequest; import org.elasticsearch.xpack.graph.action.GraphExploreRequest.TermBoost; +import org.elasticsearch.xpack.rest.XPackRestHandler; /** * @see GraphExploreRequest */ -public class RestGraphAction extends BaseRestHandler { +public class RestGraphAction extends XPackRestHandler { private IndicesQueriesRegistry indicesQueriesRegistry; public static final ParseField TIMEOUT_FIELD = new ParseField("timeout"); @@ -68,21 +68,23 @@ public class RestGraphAction extends BaseRestHandler { @Inject public RestGraphAction(Settings settings, RestController controller, IndicesQueriesRegistry indicesQueriesRegistry) { super(settings); - // @deprecated TODO need to add deprecation support as per https://github.com/elastic/x-plugins/issues/1760#issuecomment-217507517 - controller.registerHandler(GET, "/{index}/_graph/explore", this); - controller.registerHandler(POST, "/{index}/_graph/explore", this); - controller.registerHandler(GET, "/{index}/{type}/_graph/explore", this); - controller.registerHandler(POST, "/{index}/{type}/_graph/explore", this); - // new REST endpoint - controller.registerHandler(GET, "/{index}/_xpack/graph/_explore", this); - controller.registerHandler(POST, "/{index}/_xpack/graph/_explore", this); - controller.registerHandler(GET, "/{index}/{type}/_xpack/graph/_explore", this); - controller.registerHandler(POST, "/{index}/{type}/_xpack/graph/_explore", this); + this.indicesQueriesRegistry = indicesQueriesRegistry; + + // @deprecated Remove in 6.0 + // NOTE: Old versions did not end with "/_explore"; they were just "/explore" + controller.registerWithDeprecatedHandler(GET, "/{index}" + URI_BASE + "/_graph/_explore", this, + GET, "/{index}/_graph/explore", deprecationLogger); + controller.registerWithDeprecatedHandler(POST, "/{index}" + URI_BASE + "/_graph/_explore", this, + POST, "/{index}/_graph/explore", deprecationLogger); + controller.registerWithDeprecatedHandler(GET, "/{index}/{type}" + URI_BASE + "/_graph/_explore", this, + GET, "/{index}/{type}/_graph/explore", deprecationLogger); + controller.registerWithDeprecatedHandler(POST, "/{index}/{type}" + URI_BASE + "/_graph/_explore", this, + POST, "/{index}/{type}/_graph/explore", deprecationLogger); } @Override - public void handleRequest(final RestRequest request, final RestChannel channel, final NodeClient client) throws IOException { + public void handleRequest(final RestRequest request, final RestChannel channel, final XPackClient client) throws IOException { GraphExploreRequest graphRequest = new GraphExploreRequest(Strings.splitStringByCommaToArray(request.param("index"))); graphRequest.indicesOptions(IndicesOptions.fromRequest(request, graphRequest.indicesOptions())); graphRequest.routing(request.param("routing")); @@ -109,7 +111,7 @@ public class RestGraphAction extends BaseRestHandler { } graphRequest.types(Strings.splitStringByCommaToArray(request.param("type"))); - client.execute(INSTANCE, graphRequest, new RestToXContentListener(channel)); + client.es().execute(INSTANCE, graphRequest, new RestToXContentListener(channel)); } private void parseHop(XContentParser parser, QueryParseContext context, Hop currentHop, From 59cb8f227156134bb25b285605ffecac613795c0 Mon Sep 17 00:00:00 2001 From: Nik Everett Date: Thu, 28 Jul 2016 16:37:30 -0400 Subject: [PATCH 08/15] Fix rest spec for graph explore Original commit: elastic/x-pack-elasticsearch@293b5c9ebdc981235aa82a300c63d218754aceb6 --- .../resources/rest-api-spec/api/xpack.graph.explore.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/elasticsearch/x-pack/graph/src/test/resources/rest-api-spec/api/xpack.graph.explore.json b/elasticsearch/x-pack/graph/src/test/resources/rest-api-spec/api/xpack.graph.explore.json index ee4b05a8af0..4530b6027ab 100644 --- a/elasticsearch/x-pack/graph/src/test/resources/rest-api-spec/api/xpack.graph.explore.json +++ b/elasticsearch/x-pack/graph/src/test/resources/rest-api-spec/api/xpack.graph.explore.json @@ -3,8 +3,8 @@ "documentation": "https://www.elastic.co/guide/en/graph/current/explore.html", "methods": ["GET", "POST"], "url": { - "path": "/{index}/_xpack/graph/_explore", - "paths": ["/{index}/_xpack/graph/_explore", "/{index}/{type}/_xpack/graph/_explore"], + "path": "/{index}/_xpack/_graph/_explore", + "paths": ["/{index}/_xpack/_graph/_explore", "/{index}/{type}/_xpack/_graph/_explore"], "parts" : { "index": { "type" : "list", @@ -30,4 +30,4 @@ "description" : "Graph Query DSL" } } -} \ No newline at end of file +} From 62353ff8bc82fe6721cf8d82a50a0b2fa3931a2f Mon Sep 17 00:00:00 2001 From: Martijn van Groningen Date: Thu, 28 Jul 2016 17:40:48 +0200 Subject: [PATCH 09/15] test: removed messy xpack mustache test module The tests have been moved back to xpack, turned into a rest test or removed. For example testing specific inline, file or stored mustache template functionality is already covered in the `lang-mustache` module. The smoke-test-watcher-with-mustache should tests watcher mustach specific things like the if the watcher variables are available. Original commit: elastic/x-pack-elasticsearch@e434bcd3fa7e1df84bda0e0bf323773e0e9a44c3 --- .../build.gradle | 11 - .../messy/tests/SearchInputIT.java | 393 ------------------ .../messy/tests/package-info.java | 23 - .../scripts/test_disk_template.mustache | 26 -- .../scripts/test_disk_template.mustache | 26 -- .../30_search_input_and_transform.yaml | 157 +++++++ .../SecurityCachePermissionTests.java} | 59 +-- .../test/integration/SearchInputTests.java | 199 +++++++++ .../integration/SearchTransformTests.java} | 262 +----------- 9 files changed, 371 insertions(+), 785 deletions(-) delete mode 100644 elasticsearch/qa/messy-test-xpack-with-mustache/build.gradle delete mode 100644 elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchInputIT.java delete mode 100644 elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/package-info.java delete mode 100644 elasticsearch/qa/messy-test-xpack-with-mustache/src/test/resources/org/elasticsearch/xpack/watcher/input/search/config/scripts/test_disk_template.mustache delete mode 100644 elasticsearch/qa/messy-test-xpack-with-mustache/src/test/resources/org/elasticsearch/xpack/watcher/transform/search/config/scripts/test_disk_template.mustache create mode 100644 elasticsearch/qa/smoke-test-watcher-with-mustache/src/test/resources/rest-api-spec/test/watcher_mustache/30_search_input_and_transform.yaml rename elasticsearch/{qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SecurityCachePermissionIT.java => x-pack/security/src/test/java/org/elasticsearch/integration/SecurityCachePermissionTests.java} (53%) create mode 100644 elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SearchInputTests.java rename elasticsearch/{qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformIT.java => x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SearchTransformTests.java} (53%) diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/build.gradle b/elasticsearch/qa/messy-test-xpack-with-mustache/build.gradle deleted file mode 100644 index f2a8648e82e..00000000000 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/build.gradle +++ /dev/null @@ -1,11 +0,0 @@ - -/* - * Messy tests that depend on mustache directly. Fix these! - */ - -apply plugin: 'elasticsearch.messy-test' - -dependencies { - testCompile project(path: ':x-plugins:elasticsearch:x-pack', configuration: 'testArtifacts') - testCompile project(path: ':modules:lang-mustache', configuration: 'runtime') -} diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchInputIT.java b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchInputIT.java deleted file mode 100644 index dcb2e95263e..00000000000 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchInputIT.java +++ /dev/null @@ -1,393 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.messy.tests; - -import org.elasticsearch.action.admin.cluster.storedscripts.PutStoredScriptRequest; -import org.elasticsearch.action.search.SearchRequest; -import org.elasticsearch.action.search.SearchType; -import org.elasticsearch.common.bytes.BytesArray; -import org.elasticsearch.common.io.Streams; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.common.xcontent.ToXContent; -import org.elasticsearch.common.xcontent.XContentBuilder; -import org.elasticsearch.common.xcontent.XContentParser; -import org.elasticsearch.common.xcontent.json.JsonXContent; -import org.elasticsearch.common.xcontent.support.XContentMapValues; -import org.elasticsearch.indices.query.IndicesQueriesRegistry; -import org.elasticsearch.plugins.Plugin; -import org.elasticsearch.plugins.ScriptPlugin; -import org.elasticsearch.script.ScriptContext; -import org.elasticsearch.script.ScriptService; -import org.elasticsearch.script.mustache.MustachePlugin; -import org.elasticsearch.search.aggregations.AggregatorParsers; -import org.elasticsearch.search.builder.SearchSourceBuilder; -import org.elasticsearch.search.suggest.Suggesters; -import org.elasticsearch.test.ESIntegTestCase; -import org.elasticsearch.test.ESIntegTestCase.ClusterScope; -import org.elasticsearch.xpack.common.text.TextTemplate; -import org.elasticsearch.xpack.watcher.actions.ActionWrapper; -import org.elasticsearch.xpack.watcher.actions.ExecutableActions; -import org.elasticsearch.xpack.watcher.condition.always.ExecutableAlwaysCondition; -import org.elasticsearch.xpack.watcher.execution.TriggeredExecutionContext; -import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; -import org.elasticsearch.xpack.watcher.input.Input; -import org.elasticsearch.xpack.watcher.input.search.ExecutableSearchInput; -import org.elasticsearch.xpack.watcher.input.search.SearchInput; -import org.elasticsearch.xpack.watcher.input.search.SearchInputFactory; -import org.elasticsearch.xpack.watcher.input.simple.ExecutableSimpleInput; -import org.elasticsearch.xpack.watcher.input.simple.SimpleInput; -import org.elasticsearch.xpack.watcher.support.WatcherScript; -import org.elasticsearch.xpack.watcher.support.init.proxy.WatcherClientProxy; -import org.elasticsearch.xpack.watcher.support.search.WatcherSearchTemplateRequest; -import org.elasticsearch.xpack.watcher.support.search.WatcherSearchTemplateService; -import org.elasticsearch.xpack.watcher.support.xcontent.XContentSource; -import org.elasticsearch.xpack.watcher.trigger.schedule.IntervalSchedule; -import org.elasticsearch.xpack.watcher.trigger.schedule.ScheduleTrigger; -import org.elasticsearch.xpack.watcher.trigger.schedule.ScheduleTriggerEvent; -import org.elasticsearch.xpack.watcher.watch.Payload; -import org.elasticsearch.xpack.watcher.watch.Watch; -import org.elasticsearch.xpack.watcher.watch.WatchStatus; -import org.joda.time.DateTime; -import org.joda.time.chrono.ISOChronology; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.nio.file.Files; -import java.nio.file.Path; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.Map; - -import static java.util.Collections.emptyMap; -import static org.elasticsearch.common.unit.TimeValue.timeValueSeconds; -import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; -import static org.elasticsearch.index.query.QueryBuilders.boolQuery; -import static org.elasticsearch.index.query.QueryBuilders.matchQuery; -import static org.elasticsearch.index.query.QueryBuilders.rangeQuery; -import static org.elasticsearch.search.builder.SearchSourceBuilder.searchSource; -import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE; -import static org.elasticsearch.xpack.watcher.test.WatcherTestUtils.getRandomSupportedSearchType; -import static org.hamcrest.Matchers.equalTo; -import static org.hamcrest.Matchers.is; -import static org.joda.time.DateTimeZone.UTC; - -/** - */ -@ClusterScope(scope = SUITE, numClientNodes = 0, transportClientRatio = 0, randomDynamicTemplates = false, supportsDedicatedMasters = false, - numDataNodes = 1) -public class SearchInputIT extends ESIntegTestCase { - - @Override - protected Collection> nodePlugins() { - Collection> types = new ArrayList<>(); - types.addAll(super.nodePlugins()); - types.add(MustachePlugin.class); - types.add(CustomScriptContextPlugin.class); - return types; - } - - private static final String TEMPLATE_QUERY = "{\"query\":{\"bool\":{\"must\":{\"match\":{\"event_type\":{\"query\":\"a\"," + - "\"type\":\"boolean\"}}},\"filter\":{\"range\":{\"_timestamp\":" + - "{\"from\":\"{{ctx.trigger.scheduled_time}}||-{{seconds_param}}\",\"to\":\"{{ctx.trigger.scheduled_time}}\"," + - "\"include_lower\":true,\"include_upper\":true}}}}}}"; - - @Override - public Settings nodeSettings(int nodeOrdinal) { - final Path tempDir = createTempDir(); - final Path configPath = tempDir.resolve("config"); - final Path scriptPath = configPath.resolve("scripts"); - try { - Files.createDirectories(scriptPath); - } catch (IOException e) { - throw new RuntimeException("failed to create config dir"); - - } - try (InputStream stream = SearchInputIT.class.getResourceAsStream("/org/elasticsearch/xpack/watcher/input/search/config/scripts" + - "/test_disk_template.mustache"); - OutputStream out = Files.newOutputStream(scriptPath.resolve("test_disk_template.mustache"))) { - Streams.copy(stream, out); - } catch (IOException e) { - throw new RuntimeException("failed to copy mustache template"); - } - - - //Set path so ScriptService will pick up the test scripts - return Settings.builder().put(super.nodeSettings(nodeOrdinal)) - .put("path.conf", configPath).build(); - } - - @Override - protected Settings transportClientSettings() { - return Settings.builder() - .put(super.transportClientSettings()) - .build(); - } - - public void testExecute() throws Exception { - SearchSourceBuilder searchSourceBuilder = searchSource().query( - boolQuery().must(matchQuery("event_type", "a")).must(rangeQuery("_timestamp") - .from("{{ctx.trigger.scheduled_time}}||-30s").to("{{ctx.trigger.triggered_time}}"))); - SearchRequest searchRequest = client() - .prepareSearch() - .setSearchType(ExecutableSearchInput.DEFAULT_SEARCH_TYPE) - .request() - .source(searchSourceBuilder); - - WatcherSearchTemplateRequest request = new WatcherSearchTemplateRequest(searchRequest); - ExecutableSearchInput searchInput = new ExecutableSearchInput(new SearchInput(request, null, null, null), logger, - WatcherClientProxy.of(client()), watcherSearchTemplateService(), null); - WatchExecutionContext ctx = new TriggeredExecutionContext( - new Watch("test-watch", - new ScheduleTrigger(new IntervalSchedule(new IntervalSchedule.Interval(1, IntervalSchedule.Interval.Unit.MINUTES))), - new ExecutableSimpleInput(new SimpleInput(new Payload.Simple()), logger), - new ExecutableAlwaysCondition(logger), - null, - null, - new ExecutableActions(new ArrayList()), - null, - new WatchStatus(new DateTime(0, UTC), emptyMap())), - new DateTime(0, UTC), - new ScheduleTriggerEvent("test-watch", new DateTime(0, UTC), new DateTime(0, UTC)), - timeValueSeconds(5)); - SearchInput.Result result = searchInput.execute(ctx, new Payload.Simple()); - - assertThat(XContentMapValues.extractValue("hits.total", result.payload().data()), equalTo(0)); - assertNotNull(result.executedRequest()); - assertThat(result.status(), is(Input.Result.Status.SUCCESS)); - assertEquals(result.executedRequest().searchType(), request.getRequest().searchType()); - assertArrayEquals(result.executedRequest().indices(), request.getRequest().indices()); - assertEquals(result.executedRequest().indicesOptions(), request.getRequest().indicesOptions()); - - XContentSource source = toXContentSource(result); - assertThat(source.getValue("query.bool.must.1.range._timestamp.from"), equalTo("1970-01-01T00:00:00.000Z||-30s")); - assertThat(source.getValue("query.bool.must.1.range._timestamp.to"), equalTo("1970-01-01T00:00:00.000Z")); - } - - public void testSearchInlineTemplate() throws Exception { - WatchExecutionContext ctx = createContext(); - - Map triggerParams = new HashMap(); - triggerParams.put("triggered_time", new DateTime(1970, 01, 01, 00, 01, 00, 000, ISOChronology.getInstanceUTC())); - triggerParams.put("scheduled_time", new DateTime(1970, 01, 01, 00, 01, 00, 000, ISOChronology.getInstanceUTC())); - Map ctxParams = new HashMap(); - ctxParams.put("id", ctx.id().value()); - ctxParams.put("metadata", null); - ctxParams.put("vars", new HashMap()); - ctxParams.put("watch_id", "test-watch"); - ctxParams.put("trigger", triggerParams); - ctxParams.put("payload", new Payload.Simple().data()); - ctxParams.put("execution_time", new DateTime(1970, 01, 01, 00, 01, 00, 000, ISOChronology.getInstanceUTC())); - Map expectedParams = new HashMap(); - expectedParams.put("seconds_param", "30s"); - expectedParams.put("ctx", ctxParams); - Map params = new HashMap<>(); - params.put("seconds_param", "30s"); - - WatcherScript template = WatcherScript.inline(TEMPLATE_QUERY).lang("mustache").params(params).build(); - - SearchRequest request = client().prepareSearch() - .setSearchType(ExecutableSearchInput.DEFAULT_SEARCH_TYPE) - .setIndices("test-search-index").request(); - - SearchInput.Result executedResult = executeSearchInput(request, template, ctx); - - assertNotNull(executedResult.executedRequest()); - assertThat(executedResult.status(), is(Input.Result.Status.SUCCESS)); - if (getNumShards("test-search-index").numPrimaries > 1) { - assertEquals(executedResult.executedRequest().searchType(), request.searchType()); - } - assertArrayEquals(executedResult.executedRequest().indices(), request.indices()); - assertEquals(executedResult.executedRequest().indicesOptions(), request.indicesOptions()); - - XContentSource source = toXContentSource(executedResult); - assertThat(source.getValue("query.bool.filter.0.range._timestamp.from"), equalTo("1970-01-01T00:01:00.000Z||-30s")); - assertThat(source.getValue("query.bool.filter.0.range._timestamp.to"), equalTo("1970-01-01T00:01:00.000Z")); - } - - public void testSearchIndexedTemplate() throws Exception { - WatchExecutionContext ctx = createContext(); - - PutStoredScriptRequest indexedScriptRequest = client().admin().cluster().preparePutStoredScript() - .setId("test-template") - .setScriptLang("mustache") - .setSource(new BytesArray(TEMPLATE_QUERY)) - .request(); - assertThat(client().admin().cluster().putStoredScript(indexedScriptRequest).actionGet().isAcknowledged(), is(true)); - - Map params = new HashMap<>(); - params.put("seconds_param", "30s"); - - WatcherScript template = WatcherScript.indexed("test-template").lang("mustache").params(params).build(); - - jsonBuilder().value(TextTemplate.indexed("test-template").params(params).build()).bytes(); - SearchRequest request = client().prepareSearch().setSearchType(ExecutableSearchInput.DEFAULT_SEARCH_TYPE) - .setIndices("test-search-index").request(); - - SearchInput.Result executedResult = executeSearchInput(request, template, ctx); - - assertNotNull(executedResult.executedRequest()); - assertThat(executedResult.status(), is(Input.Result.Status.SUCCESS)); - if (getNumShards("test-search-index").numPrimaries > 1) { - assertEquals(executedResult.executedRequest().searchType(), request.searchType()); - } - assertArrayEquals(executedResult.executedRequest().indices(), request.indices()); - assertEquals(executedResult.executedRequest().indicesOptions(), request.indicesOptions()); - - XContentSource source = toXContentSource(executedResult); - assertThat(source.getValue("query.bool.filter.0.range._timestamp.from"), equalTo("1970-01-01T00:01:00.000Z||-30s")); - assertThat(source.getValue("query.bool.filter.0.range._timestamp.to"), equalTo("1970-01-01T00:01:00.000Z")); - - } - - public void testSearchOnDiskTemplate() throws Exception { - WatchExecutionContext ctx = createContext(); - - Map params = new HashMap<>(); - params.put("seconds_param", "30s"); - - WatcherScript template = WatcherScript.file("test_disk_template").lang("mustache").params(params).build(); - SearchRequest request = client().prepareSearch().setSearchType(ExecutableSearchInput.DEFAULT_SEARCH_TYPE) - .setIndices("test-search-index").request(); - - SearchInput.Result executedResult = executeSearchInput(request, template, ctx); - - assertNotNull(executedResult.executedRequest()); - assertThat(executedResult.status(), is(Input.Result.Status.SUCCESS)); - assertArrayEquals(executedResult.executedRequest().indices(), request.indices()); - assertEquals(executedResult.executedRequest().indicesOptions(), request.indicesOptions()); - } - - public void testDifferentSearchType() throws Exception { - SearchSourceBuilder searchSourceBuilder = searchSource().query( - boolQuery().must(matchQuery("event_type", "a")).must(rangeQuery("_timestamp") - .from("{{ctx.trigger.scheduled_time}}||-30s").to("{{ctx.trigger.triggered_time}}")) - ); - SearchType searchType = getRandomSupportedSearchType(); - - SearchRequest searchRequest = client() - .prepareSearch() - .setSearchType(searchType) - .request() - .source(searchSourceBuilder); - - WatcherSearchTemplateRequest request = new WatcherSearchTemplateRequest(searchRequest); - - ExecutableSearchInput searchInput = new ExecutableSearchInput(new SearchInput(request, null, null, null), logger, - WatcherClientProxy.of(client()), watcherSearchTemplateService(), null); - WatchExecutionContext ctx = new TriggeredExecutionContext( - new Watch("test-watch", - new ScheduleTrigger(new IntervalSchedule(new IntervalSchedule.Interval(1, IntervalSchedule.Interval.Unit.MINUTES))), - new ExecutableSimpleInput(new SimpleInput(new Payload.Simple()), logger), - new ExecutableAlwaysCondition(logger), - null, - null, - new ExecutableActions(new ArrayList()), - null, - new WatchStatus(new DateTime(0, UTC), emptyMap())), - new DateTime(0, UTC), - new ScheduleTriggerEvent("test-watch", new DateTime(0, UTC), new DateTime(0, UTC)), - timeValueSeconds(5)); - SearchInput.Result result = searchInput.execute(ctx, new Payload.Simple()); - - assertThat(XContentMapValues.extractValue("hits.total", result.payload().data()), equalTo(0)); - assertNotNull(result.executedRequest()); - assertThat(result.status(), is(Input.Result.Status.SUCCESS)); - assertEquals(result.executedRequest().searchType(), searchType); - assertArrayEquals(result.executedRequest().indices(), searchRequest.indices()); - assertEquals(result.executedRequest().indicesOptions(), searchRequest.indicesOptions()); - - XContentSource source = toXContentSource(result); - assertThat(source.getValue("query.bool.must.1.range._timestamp.from"), equalTo("1970-01-01T00:00:00.000Z||-30s")); - assertThat(source.getValue("query.bool.must.1.range._timestamp.to"), equalTo("1970-01-01T00:00:00.000Z")); - } - - public void testParserValid() throws Exception { - SearchRequest searchRequest = client().prepareSearch() - .setSearchType(ExecutableSearchInput.DEFAULT_SEARCH_TYPE) - .request() - .source(searchSource() - .query(boolQuery().must(matchQuery("event_type", "a")).must(rangeQuery("_timestamp") - .from("{{ctx.trigger.scheduled_time}}||-30s").to("{{ctx.trigger.triggered_time}}")))); - - TimeValue timeout = randomBoolean() ? TimeValue.timeValueSeconds(randomInt(10)) : null; - XContentBuilder builder = jsonBuilder().value( - new SearchInput(new WatcherSearchTemplateRequest(searchRequest), null, timeout, null)); - XContentParser parser = JsonXContent.jsonXContent.createParser(builder.bytes()); - parser.nextToken(); - - IndicesQueriesRegistry indicesQueryRegistry = internalCluster().getInstance(IndicesQueriesRegistry.class); - SearchInputFactory factory = new SearchInputFactory(Settings.EMPTY, WatcherClientProxy.of(client()), indicesQueryRegistry, - null, null, scriptService()); - - SearchInput searchInput = factory.parseInput("_id", parser); - assertEquals(SearchInput.TYPE, searchInput.type()); - assertThat(searchInput.getTimeout(), equalTo(timeout)); - } - - private WatchExecutionContext createContext() { - return new TriggeredExecutionContext( - new Watch("test-watch", - new ScheduleTrigger(new IntervalSchedule(new IntervalSchedule.Interval(1, IntervalSchedule.Interval.Unit.MINUTES))), - new ExecutableSimpleInput(new SimpleInput(new Payload.Simple()), logger), - new ExecutableAlwaysCondition(logger), - null, - null, - new ExecutableActions(new ArrayList()), - null, - new WatchStatus(new DateTime(50000, UTC), emptyMap())), - new DateTime(60000, UTC), - new ScheduleTriggerEvent("test-watch", new DateTime(60000, UTC), new DateTime(60000, UTC)), - timeValueSeconds(5)); - } - - private SearchInput.Result executeSearchInput(SearchRequest request, WatcherScript template, - WatchExecutionContext ctx) throws IOException { - createIndex("test-search-index"); - ensureGreen("test-search-index"); - SearchInput.Builder siBuilder = SearchInput.builder(new WatcherSearchTemplateRequest(request, template)); - - SearchInput si = siBuilder.build(); - - ExecutableSearchInput searchInput = new ExecutableSearchInput(si, logger, WatcherClientProxy.of(client()), - watcherSearchTemplateService(), null); - return searchInput.execute(ctx, new Payload.Simple()); - } - - protected WatcherSearchTemplateService watcherSearchTemplateService() { - String master = internalCluster().getMasterName(); - return new WatcherSearchTemplateService(internalCluster().clusterService(master).getSettings(), - internalCluster().getInstance(ScriptService.class, master), - internalCluster().getInstance(IndicesQueriesRegistry.class, master), - internalCluster().getInstance(AggregatorParsers.class, master), - internalCluster().getInstance(Suggesters.class, master) - ); - } - - protected ScriptService scriptService() { - return internalCluster().getInstance(ScriptService.class); - } - - private XContentSource toXContentSource(SearchInput.Result result) throws IOException { - try (XContentBuilder builder = jsonBuilder()) { - result.executedRequest().source().toXContent(builder, ToXContent.EMPTY_PARAMS); - return new XContentSource(builder); - } - } - - /** - * Custom plugin that registers XPack script context. - */ - public static class CustomScriptContextPlugin extends Plugin implements ScriptPlugin { - - @Override - public ScriptContext.Plugin getCustomScriptContexts() { - return WatcherScript.CTX_PLUGIN; - } - } -} diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/package-info.java b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/package-info.java deleted file mode 100644 index c6429e0f4df..00000000000 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/package-info.java +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -/** - * This package contains tests that use mustache to test what looks - * to be unrelated functionality, or functionality that should be - * tested with a mock instead. Instead of doing an epic battle - * with these tests, they are temporarily moved here to the mustache - * module's tests, but that is likely not where they belong. Please - * help by cleaning them up and we can remove this package! - * - *
    - *
  • If the test is testing templating integration with another core subsystem, - * fix it to use a mock instead, so it can be in the core tests again
  • - *
  • If the test is just being lazy, and does not really need templating to test - * something, clean it up!
  • - *
- */ - -package org.elasticsearch.messy.tests; diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/resources/org/elasticsearch/xpack/watcher/input/search/config/scripts/test_disk_template.mustache b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/resources/org/elasticsearch/xpack/watcher/input/search/config/scripts/test_disk_template.mustache deleted file mode 100644 index cdc73453c0a..00000000000 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/resources/org/elasticsearch/xpack/watcher/input/search/config/scripts/test_disk_template.mustache +++ /dev/null @@ -1,26 +0,0 @@ -{ - "query": { - "bool": { - "must" : [ - { - "match": { - "event_type": { - "query": "a", - "type": "boolean" - } - } - }, - { - "range": { - "_timestamp": { - "from": "{{ctx.trigger.scheduled_time}}||-{{seconds_param}}", - "to": "{{ctx.trigger.scheduled_time}}", - "include_lower": true, - "include_upper": true - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/resources/org/elasticsearch/xpack/watcher/transform/search/config/scripts/test_disk_template.mustache b/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/resources/org/elasticsearch/xpack/watcher/transform/search/config/scripts/test_disk_template.mustache deleted file mode 100644 index cdc73453c0a..00000000000 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/resources/org/elasticsearch/xpack/watcher/transform/search/config/scripts/test_disk_template.mustache +++ /dev/null @@ -1,26 +0,0 @@ -{ - "query": { - "bool": { - "must" : [ - { - "match": { - "event_type": { - "query": "a", - "type": "boolean" - } - } - }, - { - "range": { - "_timestamp": { - "from": "{{ctx.trigger.scheduled_time}}||-{{seconds_param}}", - "to": "{{ctx.trigger.scheduled_time}}", - "include_lower": true, - "include_upper": true - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/elasticsearch/qa/smoke-test-watcher-with-mustache/src/test/resources/rest-api-spec/test/watcher_mustache/30_search_input_and_transform.yaml b/elasticsearch/qa/smoke-test-watcher-with-mustache/src/test/resources/rest-api-spec/test/watcher_mustache/30_search_input_and_transform.yaml new file mode 100644 index 00000000000..a8c7c9308bc --- /dev/null +++ b/elasticsearch/qa/smoke-test-watcher-with-mustache/src/test/resources/rest-api-spec/test/watcher_mustache/30_search_input_and_transform.yaml @@ -0,0 +1,157 @@ +--- +setup: + - do: + cluster.health: + wait_for_status: yellow + - do: {xpack.watcher.stats:{}} + - do: + index: + index: idx + type: type + id: 1 + body: > + { + "date" : "2015-01-01T00:00:00", + "value" : "val_1" + } + - do: + index: + index: idx + type: type + id: 2 + body: > + { + "date" : "2015-01-02T00:00:00", + "value" : "val_2" + } + - do: + index: + index: idx + type: type + id: 3 + body: > + { + "date" : "2015-01-03T00:00:00", + "value" : "val_3" + } + - do: + index: + index: idx + type: type + id: 4 + body: > + { + "date" : "2015-01-04T00:00:00", + "value" : "val_4" + } + - do: + indices.refresh: + index: idx + +--- +"Test input mustache integration": + - do: + xpack.watcher.execute_watch: + body: > + { + "trigger_data" : { + "scheduled_time" : "2015-01-04T00:00:00" + }, + "watch" : { + "trigger" : { "schedule" : { "interval" : "10s" } }, + "actions" : { + "dummy" : { + "logging" : { + "text" : "executed!" + } + } + }, + "input" : { + "search" : { + "request" : { + "indices" : "idx", + "body" : { + "query" : { + "bool" : { + "filter" : [ + { + "range" : { + "date" : { + "lte" : "{{ctx.trigger.scheduled_time}}", + "gte" : "{{ctx.trigger.scheduled_time}}||-3d" + } + } + } + ] + } + } + } + } + } + } + } + } + - match: { "watch_record.result.input.type": "search" } + - match: { "watch_record.result.input.status": "success" } + - match: { "watch_record.result.input.payload.hits.total": 4 } + # makes sure that the mustache template snippets have been resolved correctly: + - match: { "watch_record.result.input.search.request.body.query.bool.filter.0.range.date.from": "2015-01-04T00:00:00.000Z||-3d" } + - match: { "watch_record.result.input.search.request.body.query.bool.filter.0.range.date.to": "2015-01-04T00:00:00.000Z" } + +--- +"Test transform mustache integration": + - do: + xpack.watcher.execute_watch: + body: > + { + "trigger_data" : { + "scheduled_time" : "2015-01-04T00:00:00" + }, + "watch" : { + "trigger" : { "schedule" : { "interval" : "10s" } }, + "input" : { "simple" : { "value" : "val_3" } }, + "actions" : { + "dummy" : { + "logging" : { + "text" : "executed!" + } + } + }, + "transform" : { + "search" : { + "request" : { + "indices" : "idx", + "body" : { + "query" : { + "bool" : { + "filter" : [ + { + "range" : { + "date" : { + "lte" : "{{ctx.trigger.scheduled_time}}", + "gte" : "{{ctx.trigger.scheduled_time}}||-1d" + } + } + }, + { + "term" : { + "value" : "{{ctx.payload.value}}" + } + } + ] + } + } + } + } + } + } + } + } + - match: { "watch_record.result.transform.type": "search" } + - match: { "watch_record.result.transform.status": "success" } + - match: { "watch_record.result.transform.payload.hits.total": 1 } + - match: { "watch_record.result.transform.payload.hits.hits.0._id": "3" } + # makes sure that the mustache template snippets have been resolved correctly: + - match: { "watch_record.result.transform.search.request.body.query.bool.filter.0.range.date.from": "2015-01-04T00:00:00.000Z||-1d" } + - match: { "watch_record.result.transform.search.request.body.query.bool.filter.0.range.date.to": "2015-01-04T00:00:00.000Z" } + - match: { "watch_record.result.transform.search.request.body.query.bool.filter.1.term.value.value": "val_3" } diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SecurityCachePermissionIT.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/SecurityCachePermissionTests.java similarity index 53% rename from elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SecurityCachePermissionIT.java rename to elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/SecurityCachePermissionTests.java index f84c4cc74ad..0b9511a5f1a 100644 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SecurityCachePermissionIT.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/SecurityCachePermissionTests.java @@ -3,43 +3,26 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.messy.tests; +package org.elasticsearch.integration; import org.elasticsearch.ElasticsearchSecurityException; -import org.elasticsearch.Version; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.index.query.QueryBuilders; import org.elasticsearch.indices.TermsLookup; -import org.elasticsearch.plugins.Plugin; -import org.elasticsearch.script.ScriptService; -import org.elasticsearch.script.mustache.MustachePlugin; -import org.elasticsearch.script.mustache.TemplateQueryBuilder; import org.elasticsearch.test.SecurityIntegTestCase; import org.elasticsearch.test.SecuritySettingsSource; import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.junit.Before; -import org.junit.BeforeClass; - -import java.util.ArrayList; -import java.util.Collection; import static java.util.Collections.singletonMap; import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.is; -@SecurityIntegTestCase.AwaitsFix(bugUrl = "clean up test to not use mustache templates, otherwise needs many resources here") -public class SecurityCachePermissionIT extends SecurityIntegTestCase { - static final String READ_ONE_IDX_USER = "read_user"; - - @Override - protected Collection> nodePlugins() { - Collection> types = new ArrayList<>(); - types.addAll(super.nodePlugins()); - types.add(MustachePlugin.class); - return types; - } +public class SecurityCachePermissionTests extends SecurityIntegTestCase { + private final String READ_ONE_IDX_USER = "read_user"; + @Override public String configUsers() { return super.configUsers() @@ -61,11 +44,6 @@ public class SecurityCachePermissionIT extends SecurityIntegTestCase { + "read_one_idx:" + READ_ONE_IDX_USER + "\n"; } - @BeforeClass - public static void checkVersion() { - assumeTrue("These tests are only valid with elasticsearch 1.6.0+", Version.CURRENT.id >= 1060099); - } - @Before public void loadData() { index("data", "a", "1", "{ \"name\": \"John\", \"token\": \"token1\" }"); @@ -93,33 +71,4 @@ public class SecurityCachePermissionIT extends SecurityIntegTestCase { assertThat(e.toString(), containsString("unauthorized")); } } - - public void testThatScriptServiceDoesntLeakData() { - String source = "{\n" + - "\"template\": {\n" + - " \"query\": {\n" + - " \"exists\": {\n" + - " \"field\": \"{{name}}\"\n" + - " }\n" + - " }\n" + - " }\n" + - "}"; - - //Template template = new Template(source, INLINE, MustacheScriptEngineService.NAME, null, singletonMap("name", "token")); - SearchResponse response = client().prepareSearch("data").setTypes("a") - .setQuery(new TemplateQueryBuilder(source, ScriptService.ScriptType.INLINE, singletonMap("name", "token"))) - .execute().actionGet(); - assertThat(response.isTimedOut(), is(false)); - assertThat(response.getHits().hits().length, is(1)); - - // Repeat with unauthorized user!!!! - ElasticsearchSecurityException e = expectThrows(ElasticsearchSecurityException.class, () -> client() - .filterWithHeader(singletonMap("Authorization", basicAuthHeaderValue(READ_ONE_IDX_USER, - new SecuredString("changeme".toCharArray())))) - .prepareSearch("data").setTypes("a") - .setQuery(new TemplateQueryBuilder(source, ScriptService.ScriptType.INLINE, singletonMap("name", "token"))) - .execute().actionGet()); - assertThat(e.toString(), containsString("ElasticsearchSecurityException[action")); - assertThat(e.toString(), containsString("unauthorized")); - } } diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SearchInputTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SearchInputTests.java new file mode 100644 index 00000000000..aa5c721369f --- /dev/null +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SearchInputTests.java @@ -0,0 +1,199 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.watcher.test.integration; + +import org.elasticsearch.action.search.SearchRequest; +import org.elasticsearch.action.search.SearchType; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.unit.TimeValue; +import org.elasticsearch.common.xcontent.XContentBuilder; +import org.elasticsearch.common.xcontent.XContentParser; +import org.elasticsearch.common.xcontent.json.JsonXContent; +import org.elasticsearch.common.xcontent.support.XContentMapValues; +import org.elasticsearch.indices.query.IndicesQueriesRegistry; +import org.elasticsearch.plugins.Plugin; +import org.elasticsearch.plugins.ScriptPlugin; +import org.elasticsearch.script.MockMustacheScriptEngine; +import org.elasticsearch.script.ScriptContext; +import org.elasticsearch.script.ScriptService; +import org.elasticsearch.search.aggregations.AggregatorParsers; +import org.elasticsearch.search.builder.SearchSourceBuilder; +import org.elasticsearch.search.suggest.Suggesters; +import org.elasticsearch.test.ESIntegTestCase; +import org.elasticsearch.test.ESIntegTestCase.ClusterScope; +import org.elasticsearch.xpack.watcher.actions.ExecutableActions; +import org.elasticsearch.xpack.watcher.condition.always.ExecutableAlwaysCondition; +import org.elasticsearch.xpack.watcher.execution.TriggeredExecutionContext; +import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext; +import org.elasticsearch.xpack.watcher.input.Input; +import org.elasticsearch.xpack.watcher.input.search.ExecutableSearchInput; +import org.elasticsearch.xpack.watcher.input.search.SearchInput; +import org.elasticsearch.xpack.watcher.input.search.SearchInputFactory; +import org.elasticsearch.xpack.watcher.input.simple.ExecutableSimpleInput; +import org.elasticsearch.xpack.watcher.input.simple.SimpleInput; +import org.elasticsearch.xpack.watcher.support.WatcherScript; +import org.elasticsearch.xpack.watcher.support.init.proxy.WatcherClientProxy; +import org.elasticsearch.xpack.watcher.support.search.WatcherSearchTemplateRequest; +import org.elasticsearch.xpack.watcher.support.search.WatcherSearchTemplateService; +import org.elasticsearch.xpack.watcher.trigger.schedule.IntervalSchedule; +import org.elasticsearch.xpack.watcher.trigger.schedule.ScheduleTrigger; +import org.elasticsearch.xpack.watcher.trigger.schedule.ScheduleTriggerEvent; +import org.elasticsearch.xpack.watcher.watch.Payload; +import org.elasticsearch.xpack.watcher.watch.Watch; +import org.elasticsearch.xpack.watcher.watch.WatchStatus; +import org.joda.time.DateTime; + +import java.util.ArrayList; +import java.util.Collection; + +import static java.util.Collections.emptyMap; +import static org.elasticsearch.common.unit.TimeValue.timeValueSeconds; +import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; +import static org.elasticsearch.index.query.QueryBuilders.boolQuery; +import static org.elasticsearch.index.query.QueryBuilders.matchQuery; +import static org.elasticsearch.index.query.QueryBuilders.rangeQuery; +import static org.elasticsearch.search.builder.SearchSourceBuilder.searchSource; +import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE; +import static org.elasticsearch.xpack.watcher.test.WatcherTestUtils.getRandomSupportedSearchType; +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.is; +import static org.joda.time.DateTimeZone.UTC; + +@ClusterScope(scope = SUITE, numClientNodes = 0, transportClientRatio = 0, randomDynamicTemplates = false, supportsDedicatedMasters = false, + numDataNodes = 1) +public class SearchInputTests extends ESIntegTestCase { + + @Override + protected Collection> nodePlugins() { + Collection> types = new ArrayList<>(); + types.addAll(super.nodePlugins()); + types.add(MockMustacheScriptEngine.TestPlugin.class); + types.add(CustomScriptContextPlugin.class); + return types; + } + + public void testExecute() throws Exception { + SearchSourceBuilder searchSourceBuilder = searchSource().query( + boolQuery().must(matchQuery("event_type", "a"))); + SearchRequest searchRequest = client() + .prepareSearch() + .setSearchType(ExecutableSearchInput.DEFAULT_SEARCH_TYPE) + .request() + .source(searchSourceBuilder); + + WatcherSearchTemplateRequest request = new WatcherSearchTemplateRequest(searchRequest); + ExecutableSearchInput searchInput = new ExecutableSearchInput(new SearchInput(request, null, null, null), logger, + WatcherClientProxy.of(client()), watcherSearchTemplateService(), null); + WatchExecutionContext ctx = new TriggeredExecutionContext( + new Watch("test-watch", + new ScheduleTrigger(new IntervalSchedule(new IntervalSchedule.Interval(1, IntervalSchedule.Interval.Unit.MINUTES))), + new ExecutableSimpleInput(new SimpleInput(new Payload.Simple()), logger), + new ExecutableAlwaysCondition(logger), + null, + null, + new ExecutableActions(new ArrayList<>()), + null, + new WatchStatus(new DateTime(0, UTC), emptyMap())), + new DateTime(0, UTC), + new ScheduleTriggerEvent("test-watch", new DateTime(0, UTC), new DateTime(0, UTC)), + timeValueSeconds(5)); + SearchInput.Result result = searchInput.execute(ctx, new Payload.Simple()); + + assertThat(XContentMapValues.extractValue("hits.total", result.payload().data()), equalTo(0)); + assertNotNull(result.executedRequest()); + assertThat(result.status(), is(Input.Result.Status.SUCCESS)); + assertEquals(result.executedRequest().searchType(), request.getRequest().searchType()); + assertArrayEquals(result.executedRequest().indices(), request.getRequest().indices()); + assertEquals(result.executedRequest().indicesOptions(), request.getRequest().indicesOptions()); + } + + public void testDifferentSearchType() throws Exception { + SearchSourceBuilder searchSourceBuilder = searchSource().query( + boolQuery().must(matchQuery("event_type", "a")) + ); + SearchType searchType = getRandomSupportedSearchType(); + + SearchRequest searchRequest = client() + .prepareSearch() + .setSearchType(searchType) + .request() + .source(searchSourceBuilder); + + WatcherSearchTemplateRequest request = new WatcherSearchTemplateRequest(searchRequest); + + ExecutableSearchInput searchInput = new ExecutableSearchInput(new SearchInput(request, null, null, null), logger, + WatcherClientProxy.of(client()), watcherSearchTemplateService(), null); + WatchExecutionContext ctx = new TriggeredExecutionContext( + new Watch("test-watch", + new ScheduleTrigger(new IntervalSchedule(new IntervalSchedule.Interval(1, IntervalSchedule.Interval.Unit.MINUTES))), + new ExecutableSimpleInput(new SimpleInput(new Payload.Simple()), logger), + new ExecutableAlwaysCondition(logger), + null, + null, + new ExecutableActions(new ArrayList<>()), + null, + new WatchStatus(new DateTime(0, UTC), emptyMap())), + new DateTime(0, UTC), + new ScheduleTriggerEvent("test-watch", new DateTime(0, UTC), new DateTime(0, UTC)), + timeValueSeconds(5)); + SearchInput.Result result = searchInput.execute(ctx, new Payload.Simple()); + + assertThat(XContentMapValues.extractValue("hits.total", result.payload().data()), equalTo(0)); + assertNotNull(result.executedRequest()); + assertThat(result.status(), is(Input.Result.Status.SUCCESS)); + assertEquals(result.executedRequest().searchType(), searchType); + assertArrayEquals(result.executedRequest().indices(), searchRequest.indices()); + assertEquals(result.executedRequest().indicesOptions(), searchRequest.indicesOptions()); + } + + public void testParserValid() throws Exception { + SearchRequest searchRequest = client().prepareSearch() + .setSearchType(ExecutableSearchInput.DEFAULT_SEARCH_TYPE) + .request() + .source(searchSource() + .query(boolQuery().must(matchQuery("event_type", "a")).must(rangeQuery("_timestamp") + .from("{{ctx.trigger.scheduled_time}}||-30s").to("{{ctx.trigger.triggered_time}}")))); + + TimeValue timeout = randomBoolean() ? TimeValue.timeValueSeconds(randomInt(10)) : null; + XContentBuilder builder = jsonBuilder().value( + new SearchInput(new WatcherSearchTemplateRequest(searchRequest), null, timeout, null)); + XContentParser parser = JsonXContent.jsonXContent.createParser(builder.bytes()); + parser.nextToken(); + + IndicesQueriesRegistry indicesQueryRegistry = internalCluster().getInstance(IndicesQueriesRegistry.class); + SearchInputFactory factory = new SearchInputFactory(Settings.EMPTY, WatcherClientProxy.of(client()), indicesQueryRegistry, + null, null, scriptService()); + + SearchInput searchInput = factory.parseInput("_id", parser); + assertEquals(SearchInput.TYPE, searchInput.type()); + assertThat(searchInput.getTimeout(), equalTo(timeout)); + } + + private WatcherSearchTemplateService watcherSearchTemplateService() { + String master = internalCluster().getMasterName(); + return new WatcherSearchTemplateService(internalCluster().clusterService(master).getSettings(), + internalCluster().getInstance(ScriptService.class, master), + internalCluster().getInstance(IndicesQueriesRegistry.class, master), + internalCluster().getInstance(AggregatorParsers.class, master), + internalCluster().getInstance(Suggesters.class, master) + ); + } + + private ScriptService scriptService() { + return internalCluster().getInstance(ScriptService.class); + } + + /** + * Custom plugin that registers XPack script context. + */ + public static class CustomScriptContextPlugin extends Plugin implements ScriptPlugin { + + @Override + public ScriptContext.Plugin getCustomScriptContexts() { + return WatcherScript.CTX_PLUGIN; + } + } +} diff --git a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformIT.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SearchTransformTests.java similarity index 53% rename from elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformIT.java rename to elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SearchTransformTests.java index c45db63abb7..b09a5c85b76 100644 --- a/elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformIT.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/SearchTransformTests.java @@ -3,15 +3,12 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.messy.tests; +package org.elasticsearch.xpack.watcher.test.integration; -import org.elasticsearch.action.admin.cluster.storedscripts.PutStoredScriptRequest; import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.action.search.SearchType; import org.elasticsearch.client.Requests; -import org.elasticsearch.common.bytes.BytesArray; -import org.elasticsearch.common.io.Streams; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.xcontent.ToXContent; @@ -24,9 +21,9 @@ import org.elasticsearch.index.query.QueryBuilders; import org.elasticsearch.indices.query.IndicesQueriesRegistry; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.plugins.ScriptPlugin; +import org.elasticsearch.script.MockMustacheScriptEngine; import org.elasticsearch.script.ScriptContext; import org.elasticsearch.script.ScriptService; -import org.elasticsearch.script.mustache.MustachePlugin; import org.elasticsearch.search.aggregations.AggregatorParsers; import org.elasticsearch.search.builder.SearchSourceBuilder; import org.elasticsearch.search.suggest.Suggesters; @@ -43,7 +40,6 @@ import org.elasticsearch.xpack.watcher.support.WatcherScript; import org.elasticsearch.xpack.watcher.support.init.proxy.WatcherClientProxy; import org.elasticsearch.xpack.watcher.support.search.WatcherSearchTemplateRequest; import org.elasticsearch.xpack.watcher.support.search.WatcherSearchTemplateService; -import org.elasticsearch.xpack.watcher.support.xcontent.XContentSource; import org.elasticsearch.xpack.watcher.transform.Transform; import org.elasticsearch.xpack.watcher.transform.TransformBuilders; import org.elasticsearch.xpack.watcher.transform.search.ExecutableSearchTransform; @@ -56,35 +52,24 @@ import org.elasticsearch.xpack.watcher.watch.Payload; import org.elasticsearch.xpack.watcher.watch.Watch; import org.elasticsearch.xpack.watcher.watch.WatchStatus; import org.joda.time.DateTime; -import org.joda.time.chrono.ISOChronology; import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; import java.nio.charset.StandardCharsets; -import java.nio.file.Files; -import java.nio.file.Path; import java.util.ArrayList; import java.util.Base64; import java.util.Collection; -import java.util.HashMap; import java.util.Map; import static java.util.Collections.emptyMap; import static org.elasticsearch.common.unit.TimeValue.timeValueSeconds; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.index.query.QueryBuilders.boolQuery; -import static org.elasticsearch.index.query.QueryBuilders.constantScoreQuery; import static org.elasticsearch.index.query.QueryBuilders.matchQuery; -import static org.elasticsearch.index.query.QueryBuilders.rangeQuery; -import static org.elasticsearch.index.query.QueryBuilders.termQuery; import static org.elasticsearch.search.builder.SearchSourceBuilder.searchSource; import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE; -import static org.elasticsearch.xpack.watcher.support.WatcherDateTimeUtils.parseDate; import static org.elasticsearch.xpack.watcher.test.WatcherTestUtils.EMPTY_PAYLOAD; import static org.elasticsearch.xpack.watcher.test.WatcherTestUtils.getRandomSupportedSearchType; import static org.elasticsearch.xpack.watcher.test.WatcherTestUtils.mockExecutionContext; -import static org.elasticsearch.xpack.watcher.test.WatcherTestUtils.simplePayload; import static org.hamcrest.Matchers.arrayContainingInAnyOrder; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; @@ -94,63 +79,26 @@ import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; import static org.joda.time.DateTimeZone.UTC; -/** - * - */ @ClusterScope(scope = SUITE, numClientNodes = 0, transportClientRatio = 0, randomDynamicTemplates = false, supportsDedicatedMasters = false, numDataNodes = 1) -public class SearchTransformIT extends ESIntegTestCase { +public class SearchTransformTests extends ESIntegTestCase { @Override protected Collection> nodePlugins() { - Collection> types = new ArrayList<>(); - types.addAll(super.nodePlugins()); - types.add(MustachePlugin.class); - types.add(CustomScriptContextPlugin.class); - return types; - } - - @Override - public Settings nodeSettings(int nodeOrdinal) { - final Path tempDir = createTempDir(); - final Path configPath = tempDir.resolve("config"); - final Path scriptPath = configPath.resolve("scripts"); - try { - Files.createDirectories(scriptPath); - } catch (IOException e) { - throw new RuntimeException("failed to create config dir"); - - } - String path = "/org/elasticsearch/xpack/watcher/transform/search/config/scripts/test_disk_template.mustache"; - try (InputStream stream = SearchTransformIT.class.getResourceAsStream(path); - OutputStream out = Files.newOutputStream(scriptPath.resolve("test_disk_template.mustache"))) { - Streams.copy(stream, out); - } catch (IOException e) { - throw new RuntimeException("failed to copy mustache template"); - } - //Set path so ScriptService will pick up the test scripts - return Settings.builder() - .put(super.nodeSettings(nodeOrdinal)) - // we're not extending from the base watcher test case, so we should prevent the watcher plugin from being loaded - .put("path.conf", configPath).build(); - } - - @Override - protected Settings transportClientSettings() { - return Settings.builder() - .put(super.transportClientSettings()) - .build(); + Collection> plugins = new ArrayList<>(); + plugins.addAll(super.nodePlugins()); + plugins.add(CustomScriptContextPlugin.class); + plugins.add(MockMustacheScriptEngine.TestPlugin.class); + return plugins; } @Override public Settings indexSettings() { return Settings.builder() .put(super.indexSettings()) - // we have to test this on an index that has at least 2 shards. Otherwise when searching indices with // a single shard the QUERY_THEN_FETCH search type will change to QUERY_AND_FETCH during execution. .put("index.number_of_shards", randomIntBetween(2, 5)) - .build(); } @@ -232,71 +180,6 @@ public class SearchTransformIT extends ESIntegTestCase { } } - public void testExecuteMustacheTemplate() throws Exception { - - // The rational behind this test: - // - // - we index 4 documents each one associated with a unique value and each is associated with a day - // - we build a search transform such that with a filter that - // - the date must be after [scheduled_time] variable - // - the date must be before [execution_time] variable - // - the value must match [payload.value] variable - // - the variable are set as such: - // - scheduled_time = youngest document's date - // - fired_time = oldest document's date - // - payload.value = val_3 - // - when executed, the variables will be replaced with the scheduled_time, fired_time and the payload.value. - // - we set all these variables accordingly (the search transform is responsible to populate them) - // - when replaced correctly, the search should return document 3. - // - // we then do a search for document 3, and compare the response to the payload returned by the transform - - index("idx", "type", "1", doc("2015-01-01T00:00:00", "val_1")); - index("idx", "type", "2", doc("2015-01-02T00:00:00", "val_2")); - index("idx", "type", "3", doc("2015-01-03T00:00:00", "val_3")); - index("idx", "type", "4", doc("2015-01-04T00:00:00", "val_4")); - - ensureGreen("idx"); - refresh(); - - SearchRequest request = Requests.searchRequest("idx").source(searchSource().query(boolQuery() - .must(constantScoreQuery(rangeQuery("date").gt("{{ctx.trigger.scheduled_time}}"))) - .must(constantScoreQuery(rangeQuery("date").lt("{{ctx.execution_time}}"))) - .must(termQuery("value", "{{ctx.payload.value}}")))); - - SearchTransform searchTransform = TransformBuilders.searchTransform(request).build(); - ExecutableSearchTransform transform = new ExecutableSearchTransform(searchTransform, logger, WatcherClientProxy.of(client()), - watcherSearchTemplateService(), null); - - ScheduleTriggerEvent event = new ScheduleTriggerEvent("_name", parseDate("2015-01-04T00:00:00", UTC), - parseDate("2015-01-01T00:00:00", UTC)); - WatchExecutionContext ctx = mockExecutionContext("_name", parseDate("2015-01-04T00:00:00", UTC), event, EMPTY_PAYLOAD); - - Payload payload = simplePayload("value", "val_3"); - - Transform.Result result = transform.execute(ctx, payload); - assertThat(result, notNullValue()); - assertThat(result.type(), is(SearchTransform.TYPE)); - - SearchResponse response = client().prepareSearch("idx").setSearchType(ExecutableSearchTransform.DEFAULT_SEARCH_TYPE).setQuery( - boolQuery() - .must(constantScoreQuery(rangeQuery("date").gt(parseDate("2015-01-01T00:00:00", UTC)))) - .must(constantScoreQuery(rangeQuery("date").lt(parseDate("2015-01-04T00:00:00", UTC)))) - .must(termQuery("value", "val_3")) - ).get(); - Payload expectedPayload = new Payload.XContent(response); - - // we need to remove the "took" field from teh response as this is the only field - // that most likely be different between the two... we don't really care about this - // field, we just want to make sure that the important parts of the response are the same - Map resultData = result.payload().data(); - resultData.remove("took"); - Map expectedData = expectedPayload.data(); - expectedData.remove("took"); - - assertThat(resultData, equalTo(expectedData)); - } - public void testParser() throws Exception { String[] indices = rarely() ? null : randomBoolean() ? new String[] { "idx" } : new String[] { "idx1", "idx2" }; SearchType searchType = getRandomSupportedSearchType(); @@ -354,116 +237,11 @@ public class SearchTransformIT extends ESIntegTestCase { assertThat(executable.transform().getTimeout(), equalTo(readTimeout)); } - public void testSearchInlineTemplate() throws Exception { - WatchExecutionContext ctx = createContext(); - - final String templateQuery = "{\"query\":{\"bool\":{\"must\":[{\"match\":{\"event_type\":{\"query\":\"a\"," + - "\"type\":\"boolean\"}}},{\"range\":{\"_timestamp\":" + - "{\"from\":\"{{ctx.trigger.scheduled_time}}||-{{seconds_param}}\",\"to\":\"{{ctx.trigger.scheduled_time}}\"," + - "\"include_lower\":true,\"include_upper\":true}}}]}}}"; - - Map triggerParams = new HashMap(); - triggerParams.put("triggered_time", new DateTime(1970, 01, 01, 00, 01, 00, 000, ISOChronology.getInstanceUTC())); - triggerParams.put("scheduled_time", new DateTime(1970, 01, 01, 00, 01, 00, 000, ISOChronology.getInstanceUTC())); - Map ctxParams = new HashMap(); - ctxParams.put("id", ctx.id().value()); - ctxParams.put("metadata", null); - ctxParams.put("vars", new HashMap()); - ctxParams.put("watch_id", "test-watch"); - ctxParams.put("payload", new HashMap()); - ctxParams.put("trigger", triggerParams); - ctxParams.put("execution_time", new DateTime(1970, 01, 01, 00, 01, 00, 000, ISOChronology.getInstanceUTC())); - Map expectedParams = new HashMap(); - expectedParams.put("seconds_param", "30s"); - expectedParams.put("ctx", ctxParams); - - Map params = new HashMap<>(); - params.put("seconds_param", "30s"); - - WatcherScript template = WatcherScript.inline(templateQuery).lang("mustache").params(params).build(); - SearchRequest request = client().prepareSearch().setSearchType(ExecutableSearchTransform.DEFAULT_SEARCH_TYPE) - .setIndices("test-search-index").request(); - - SearchTransform.Result executedResult = executeSearchTransform(request, template, ctx); - - assertThat(executedResult.status(), is(Transform.Result.Status.SUCCESS)); - assertEquals(executedResult.executedRequest().searchType(), request.searchType()); - assertArrayEquals(executedResult.executedRequest().indices(), request.indices()); - assertEquals(executedResult.executedRequest().indicesOptions(), request.indicesOptions()); - - XContentSource source = toXContentSource(executedResult); - assertThat(source.getValue("query.bool.must.1.range._timestamp.from"), equalTo("1970-01-01T00:01:00.000Z||-30s")); - assertThat(source.getValue("query.bool.must.1.range._timestamp.to"), equalTo("1970-01-01T00:01:00.000Z")); - } - - public void testSearchIndexedTemplate() throws Exception { - WatchExecutionContext ctx = createContext(); - - final String templateQuery = "{\"query\":{\"bool\":{\"must\":[{\"match\":{\"event_type\":{\"query\":\"a\"," + - "\"type\":\"boolean\"}}},{\"range\":{\"_timestamp\":" + - "{\"from\":\"{{ctx.trigger.scheduled_time}}||-{{seconds_param}}\",\"to\":\"{{ctx.trigger.scheduled_time}}\"," + - "\"include_lower\":true,\"include_upper\":true}}}]}}}"; - - PutStoredScriptRequest indexedScriptRequest = client().admin().cluster().preparePutStoredScript() - .setId("test-script") - .setScriptLang("mustache") - .setSource(new BytesArray(templateQuery)) - .request(); - assertThat(client().admin().cluster().putStoredScript(indexedScriptRequest).actionGet().isAcknowledged(), is(true)); - - Map params = new HashMap<>(); - params.put("seconds_param", "30s"); - - WatcherScript template = WatcherScript.indexed("test-script").lang("mustache").params(params).build(); - - SearchRequest request = client() - .prepareSearch() - .setSearchType(ExecutableSearchTransform.DEFAULT_SEARCH_TYPE) - .setIndices("test-search-index") - .request(); - - SearchTransform.Result result = executeSearchTransform(request, template, ctx); - - assertNotNull(result.executedRequest()); - assertThat(result.status(), is(Transform.Result.Status.SUCCESS)); - assertArrayEquals(result.executedRequest().indices(), request.indices()); - assertEquals(result.executedRequest().indicesOptions(), request.indicesOptions()); - - XContentSource source = toXContentSource(result); - assertThat(source.getValue("query.bool.must.1.range._timestamp.from"), equalTo("1970-01-01T00:01:00.000Z||-30s")); - assertThat(source.getValue("query.bool.must.1.range._timestamp.to"), equalTo("1970-01-01T00:01:00.000Z")); - } - - public void testSearchOnDiskTemplate() throws Exception { - WatchExecutionContext ctx = createContext(); - - Map params = new HashMap<>(); - params.put("seconds_param", "30s"); - - WatcherScript template = WatcherScript.file("test_disk_template").lang("mustache").params(params).build(); - SearchRequest request = client().prepareSearch().setSearchType(ExecutableSearchTransform.DEFAULT_SEARCH_TYPE) - .setIndices("test-search-index").request(); - - SearchTransform.Result result = executeSearchTransform(request, template, ctx); - - assertNotNull(result.executedRequest()); - assertThat(result.status(), is(Transform.Result.Status.SUCCESS)); - assertArrayEquals(result.executedRequest().indices(), request.indices()); - assertEquals(result.executedRequest().indicesOptions(), request.indicesOptions()); - - XContentSource source = toXContentSource(result); - assertThat(source.getValue("query.bool.must.1.range._timestamp.from"), equalTo("1970-01-01T00:01:00.000Z||-30s")); - assertThat(source.getValue("query.bool.must.1.range._timestamp.to"), equalTo("1970-01-01T00:01:00.000Z")); - } - public void testDifferentSearchType() throws Exception { WatchExecutionContext ctx = createContext(); SearchSourceBuilder searchSourceBuilder = searchSource().query(boolQuery() - .must(matchQuery("event_type", "a")) - .must(rangeQuery("_timestamp") - .from("{{ctx.trigger.scheduled_time}}||-30s") - .to("{{ctx.trigger.triggered_time}}"))); + .must(matchQuery("event_type", "a"))); final SearchType searchType = getRandomSupportedSearchType(); SearchRequest request = client() @@ -480,10 +258,6 @@ public class SearchTransformIT extends ESIntegTestCase { assertThat(result.executedRequest().searchType(), is(searchType)); assertThat(result.executedRequest().indices(), arrayContainingInAnyOrder(request.indices())); assertThat(result.executedRequest().indicesOptions(), equalTo(request.indicesOptions())); - - XContentSource source = toXContentSource(result); - assertThat(source.getValue("query.bool.must.1.range._timestamp.from"), equalTo("1970-01-01T00:01:00.000Z||-30s")); - assertThat(source.getValue("query.bool.must.1.range._timestamp.to"), equalTo("1970-01-01T00:01:00.000Z")); } private WatchExecutionContext createContext() { @@ -515,7 +289,7 @@ public class SearchTransformIT extends ESIntegTestCase { return executableSearchTransform.execute(ctx, Payload.Simple.EMPTY); } - protected WatcherSearchTemplateService watcherSearchTemplateService() { + private WatcherSearchTemplateService watcherSearchTemplateService() { String master = internalCluster().getMasterName(); return new WatcherSearchTemplateService(internalCluster().clusterService(master).getSettings(), internalCluster().getInstance(ScriptService.class, master), @@ -525,24 +299,10 @@ public class SearchTransformIT extends ESIntegTestCase { ); } - protected ScriptService scriptService() { + private ScriptService scriptService() { return internalCluster().getInstance(ScriptService.class); } - private static Map doc(String date, String value) { - Map doc = new HashMap<>(); - doc.put("date", parseDate(date, UTC)); - doc.put("value", value); - return doc; - } - - private XContentSource toXContentSource(SearchTransform.Result result) throws IOException { - try (XContentBuilder builder = jsonBuilder()) { - result.executedRequest().source().toXContent(builder, ToXContent.EMPTY_PARAMS); - return new XContentSource(builder); - } - } - /** * Custom plugin that registers XPack script context. */ From c82f1be38666b8fcf9c76806a22c61b4687a3e4d Mon Sep 17 00:00:00 2001 From: jaymode Date: Thu, 28 Jul 2016 07:29:14 -0400 Subject: [PATCH 10/15] security: move reloading of ssl configuration to its own class This commit moves the reloading and monitoring of files from the trust/key configuration classes into a separate class that will reload for the whole SSLConfiguration object. SSLContexts are loaded lazily by most of security, so a listener interface was added to notify the reloader that there may be other paths to monitor. Original commit: elastic/x-pack-elasticsearch@1633cc14a7f98066169af2f8f9072d813903e0d8 --- .../xpack/security/Security.java | 12 +- .../esnative/ESNativeRealmMigrateTool.java | 18 +- .../security/ssl/AbstractSSLService.java | 85 ++- .../xpack/security/ssl/CertUtils.java | 27 +- .../xpack/security/ssl/ClientSSLService.java | 6 +- .../xpack/security/ssl/KeyConfig.java | 86 +-- .../xpack/security/ssl/PEMKeyConfig.java | 16 +- .../xpack/security/ssl/PEMTrustConfig.java | 6 +- .../xpack/security/ssl/SSLConfiguration.java | 59 +- .../ssl/SSLConfigurationReloader.java | 150 ++++ .../xpack/security/ssl/ServerSSLService.java | 6 +- .../xpack/security/ssl/StoreKeyConfig.java | 17 +- .../xpack/security/ssl/StoreTrustConfig.java | 15 +- .../xpack/security/ssl/TrustConfig.java | 149 ++-- .../AbstractActiveDirectoryIntegTests.java | 2 +- .../authc/ldap/GroupsResolverTestCase.java | 2 +- .../LdapUserSearchSessionFactoryTests.java | 2 +- .../security/authc/ldap/OpenLdapTests.java | 2 +- .../security/ssl/ClientSSLServiceTests.java | 5 +- .../ssl/SSLConfigurationReloaderTests.java | 652 ++++++++++++++++++ .../security/ssl/SSLConfigurationTests.java | 488 +------------ .../security/ssl/ServerSSLServiceTests.java | 30 +- .../netty3/HandshakeWaitingHandlerTests.java | 2 +- ...ecurityNetty3HttpServerTransportTests.java | 2 +- .../netty3/SecurityNetty3TransportTests.java | 4 +- .../transport/ssl/SslClientAuthTests.java | 2 +- .../transport/ssl/SslIntegrationTests.java | 2 +- 27 files changed, 1069 insertions(+), 778 deletions(-) create mode 100644 elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloader.java create mode 100644 elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloaderTests.java diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java index 4beb83f873c..c6942f0008e 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java @@ -111,6 +111,7 @@ import org.elasticsearch.xpack.security.rest.action.user.RestGetUsersAction; import org.elasticsearch.xpack.security.rest.action.user.RestPutUserAction; import org.elasticsearch.xpack.security.ssl.ClientSSLService; import org.elasticsearch.xpack.security.ssl.SSLConfiguration; +import org.elasticsearch.xpack.security.ssl.SSLConfigurationReloader; import org.elasticsearch.xpack.security.ssl.ServerSSLService; import org.elasticsearch.xpack.security.support.OptionalSettings; import org.elasticsearch.xpack.security.transport.SecurityClientTransportService; @@ -185,8 +186,7 @@ public class Security implements ActionPlugin, IngestPlugin { modules.add(b -> { // for transport client we still must inject these ssl classes with guice b.bind(ServerSSLService.class).toProvider(Providers.of(null)); - b.bind(ClientSSLService.class).toInstance( - new ClientSSLService(settings, null, new SSLConfiguration.Global(settings), null)); + b.bind(ClientSSLService.class).toInstance(new ClientSSLService(settings, null, new SSLConfiguration.Global(settings))); }); return modules; @@ -232,8 +232,12 @@ public class Security implements ActionPlugin, IngestPlugin { components.add(securityContext); final SSLConfiguration.Global globalSslConfig = new SSLConfiguration.Global(settings); - final ClientSSLService clientSSLService = new ClientSSLService(settings, env, globalSslConfig, resourceWatcherService); - final ServerSSLService serverSSLService = new ServerSSLService(settings, env, globalSslConfig, resourceWatcherService); + final ClientSSLService clientSSLService = new ClientSSLService(settings, env, globalSslConfig); + final ServerSSLService serverSSLService = new ServerSSLService(settings, env, globalSslConfig); + // just create the reloader as it will register itself as a listener to the ssl service and nothing else depends on it + // IMPORTANT: if the reloader construction is moved to later, then it needs to be updated to ensure any SSLContexts that have been + // loaded by the services are also monitored by the reloader! + new SSLConfigurationReloader(settings, env, serverSSLService, clientSSLService, resourceWatcherService); components.add(clientSSLService); components.add(serverSSLService); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java index d100396bf47..517791211c7 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java @@ -6,44 +6,31 @@ package org.elasticsearch.xpack.security.authc.esnative; import com.google.common.base.Charsets; -import com.google.common.base.Joiner; import javax.net.ssl.HttpsURLConnection; import joptsimple.OptionParser; import joptsimple.OptionSet; import joptsimple.OptionSpec; import org.elasticsearch.ElasticsearchException; -import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.cli.MultiCommand; import org.elasticsearch.cli.SettingCommand; import org.elasticsearch.cli.Terminal; -import org.elasticsearch.client.transport.TransportClient; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; -import org.elasticsearch.common.SuppressForbidden; -import org.elasticsearch.common.bytes.BytesReference; -import org.elasticsearch.common.logging.DeprecationLogger; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.env.Environment; -import org.elasticsearch.node.internal.InternalSettingsPreparer; -import org.elasticsearch.xpack.security.action.role.PutRoleRequest; -import org.elasticsearch.xpack.security.action.user.PutUserRequest; import org.elasticsearch.xpack.security.authc.Realms; import org.elasticsearch.xpack.security.authc.file.FileUserPasswdStore; import org.elasticsearch.xpack.security.authc.file.FileUserRolesStore; -import org.elasticsearch.xpack.security.authc.support.Hasher; import org.elasticsearch.xpack.security.authc.support.SecuredString; import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; import org.elasticsearch.xpack.security.authz.RoleDescriptor; -import org.elasticsearch.xpack.security.authz.permission.Permission; import org.elasticsearch.xpack.security.authz.store.FileRolesStore; import org.elasticsearch.xpack.security.ssl.ClientSSLService; import org.elasticsearch.xpack.security.ssl.SSLConfiguration; -import org.elasticsearch.xpack.security.support.NoOpLogger; -import org.elasticsearch.xpack.security.support.Validation; import java.io.BufferedReader; import java.io.IOException; @@ -52,16 +39,13 @@ import java.io.OutputStream; import java.net.HttpURLConnection; import java.net.URI; import java.net.URL; -import java.nio.file.Files; import java.nio.file.Path; import java.security.AccessController; import java.security.PrivilegedAction; import java.util.Arrays; -import java.util.Collections; import java.util.HashSet; import java.util.Map; import java.util.Set; -import java.util.regex.Pattern; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.xpack.security.Security.setting; @@ -151,7 +135,7 @@ public class ESNativeRealmMigrateTool extends MultiCommand { if ("https".equalsIgnoreCase(uri.getScheme())) { Settings sslSettings = settings.getByPrefix(setting("http.ssl.")); SSLConfiguration.Global globalConfig = new SSLConfiguration.Global(settings); - final ClientSSLService sslService = new ClientSSLService(sslSettings, env, globalConfig, null); + final ClientSSLService sslService = new ClientSSLService(sslSettings, env, globalConfig); final HttpsURLConnection httpsConn = (HttpsURLConnection) url.openConnection(); AccessController.doPrivileged(new PrivilegedAction() { @Override diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/AbstractSSLService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/AbstractSSLService.java index 69f44f75b32..80595be17d5 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/AbstractSSLService.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/AbstractSSLService.java @@ -13,13 +13,10 @@ import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.env.Environment; import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Custom; import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; -import org.elasticsearch.xpack.security.ssl.TrustConfig.Reloadable.Listener; -import org.elasticsearch.watcher.ResourceWatcherService; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; @@ -28,9 +25,12 @@ import java.net.InetAddress; import java.net.Socket; import java.util.ArrayList; import java.util.Arrays; -import java.util.Enumeration; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; import java.util.LinkedList; import java.util.List; +import java.util.Objects; import java.util.concurrent.ConcurrentHashMap; /** @@ -39,19 +39,18 @@ import java.util.concurrent.ConcurrentHashMap; */ public abstract class AbstractSSLService extends AbstractComponent { - private final ConcurrentHashMap sslContexts = new ConcurrentHashMap<>(); private final SSLContextCacheLoader cacheLoader = new SSLContextCacheLoader(); + private final ConcurrentHashMap sslContexts = new ConcurrentHashMap<>(); protected final SSLConfiguration globalSSLConfiguration; protected final Environment env; - protected final ResourceWatcherService resourceWatcherService; - public AbstractSSLService(Settings settings, Environment environment, Global globalSSLConfiguration, - ResourceWatcherService resourceWatcherService) { + private Listener listener = Listener.NOOP; + + AbstractSSLService(Settings settings, Environment environment, Global globalSSLConfiguration) { super(settings); this.env = environment; this.globalSSLConfiguration = globalSSLConfiguration; - this.resourceWatcherService = resourceWatcherService; } public String[] supportedProtocols() { @@ -167,6 +166,27 @@ public abstract class AbstractSSLService extends AbstractComponent { return requestedCiphersList.toArray(new String[requestedCiphersList.size()]); } + /** + * Sets the listener to the value provided. Must not be {@code null} + */ + void setListener(Listener listener) { + this.listener = Objects.requireNonNull(listener); + } + + /** + * Returns the existing {@link SSLContext} for the configuration or {@code null} + */ + SSLContext getSSLContext(SSLConfiguration sslConfiguration) { + return sslContexts.get(sslConfiguration); + } + + /** + * Accessor to the loaded ssl configuration objects at the current point in time. This is useful for testing + */ + Collection getLoadedSSLConfigurations() { + return Collections.unmodifiableSet(new HashSet<>(sslContexts.keySet())); + } + private class SSLContextCacheLoader { public SSLContext load(SSLConfiguration sslConfiguration) { @@ -175,15 +195,15 @@ public abstract class AbstractSSLService extends AbstractComponent { logger.debug("using ssl settings [{}]", sslConfiguration); } - ConfigRefreshListener configRefreshListener = new ConfigRefreshListener(sslConfiguration); - TrustManager[] trustManagers = sslConfiguration.trustConfig().trustManagers(env, resourceWatcherService, configRefreshListener); - KeyManager[] keyManagers = sslConfiguration.keyConfig().keyManagers(env, resourceWatcherService, configRefreshListener); + TrustManager[] trustManagers = sslConfiguration.trustConfig().trustManagers(env); + KeyManager[] keyManagers = sslConfiguration.keyConfig().keyManagers(env); SSLContext sslContext = createSslContext(keyManagers, trustManagers, sslConfiguration.protocol(), sslConfiguration.sessionCacheSize(), sslConfiguration.sessionCacheTimeout()); // check the supported ciphers and log them here supportedCiphers(sslContext.getSupportedSSLParameters().getCipherSuites(), sslConfiguration.ciphers().toArray(Strings.EMPTY_ARRAY), true); + listener.onSSLContextLoaded(sslConfiguration); return sslContext; } @@ -202,37 +222,6 @@ public abstract class AbstractSSLService extends AbstractComponent { } } - class ConfigRefreshListener implements Listener { - - private final SSLConfiguration sslConfiguration; - - ConfigRefreshListener(SSLConfiguration sslConfiguration) { - this.sslConfiguration = sslConfiguration; - } - - @Override - public void onReload() { - SSLContext context = sslContexts.get(sslConfiguration); - if (context != null) { - invalidateSessions(context.getClientSessionContext()); - invalidateSessions(context.getServerSessionContext()); - } - } - - void invalidateSessions(SSLSessionContext sslSessionContext) { - Enumeration sessionIds = sslSessionContext.getIds(); - while (sessionIds.hasMoreElements()) { - byte[] sessionId = sessionIds.nextElement(); - sslSessionContext.getSession(sessionId).invalidate(); - } - } - - @Override - public void onFailure(Exception e) { - logger.error("failed to load updated ssl context for [{}]", e, sslConfiguration); - } - } - /** * This socket factory set the protocols and ciphers on each SSLSocket after it is created */ @@ -305,4 +294,14 @@ public abstract class AbstractSSLService extends AbstractComponent { socket.setEnabledCipherSuites(ciphers); } } + + interface Listener { + /** + * Called after a new SSLContext has been created + * @param sslConfiguration the configuration used to create the SSLContext + */ + void onSSLContextLoaded(SSLConfiguration sslConfiguration); + + Listener NOOP = (s) -> {}; + } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/CertUtils.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/CertUtils.java index 5d85c447f68..ab0817079d7 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/CertUtils.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/CertUtils.java @@ -30,6 +30,7 @@ import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; +import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; import org.elasticsearch.common.SuppressForbidden; @@ -48,6 +49,7 @@ import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509ExtendedTrustManager; import javax.security.auth.x500.X500Principal; import java.io.ByteArrayInputStream; +import java.io.InputStream; import java.io.Reader; import java.math.BigInteger; import java.net.InetAddress; @@ -84,7 +86,7 @@ class CertUtils { return PathUtils.get(Strings.cleanPath(path)); } - static X509ExtendedKeyManager[] keyManagers(Certificate[] certificateChain, PrivateKey privateKey, char[] password) throws Exception { + static X509ExtendedKeyManager keyManagers(Certificate[] certificateChain, PrivateKey privateKey, char[] password) throws Exception { KeyStore keyStore = KeyStore.getInstance("jks"); keyStore.load(null, null); // password must be non-null for keystore... @@ -92,19 +94,19 @@ class CertUtils { return keyManagers(keyStore, password, KeyManagerFactory.getDefaultAlgorithm()); } - static X509ExtendedKeyManager[] keyManagers(KeyStore keyStore, char[] password, String algorithm) throws Exception { + static X509ExtendedKeyManager keyManagers(KeyStore keyStore, char[] password, String algorithm) throws Exception { KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(keyStore, password); KeyManager[] keyManagers = kmf.getKeyManagers(); for (KeyManager keyManager : keyManagers) { if (keyManager instanceof X509ExtendedKeyManager) { - return new X509ExtendedKeyManager[] { (X509ExtendedKeyManager) keyManager }; + return (X509ExtendedKeyManager) keyManager; } } throw new IllegalStateException("failed to find a X509ExtendedKeyManager"); } - static X509ExtendedTrustManager[] trustManagers(Certificate[] certificates) throws Exception { + static X509ExtendedTrustManager trustManagers(Certificate[] certificates) throws Exception { KeyStore store = KeyStore.getInstance("jks"); store.load(null, null); int counter = 0; @@ -115,13 +117,26 @@ class CertUtils { return trustManagers(store, TrustManagerFactory.getDefaultAlgorithm()); } - static X509ExtendedTrustManager[] trustManagers(KeyStore keyStore, String algorithm) throws Exception { + static X509ExtendedTrustManager trustManagers(String trustStorePath, String trustStorePassword, String trustStoreAlgorithm, + Environment env) throws Exception { + try (InputStream in = Files.newInputStream(resolvePath(trustStorePath, env))) { + // TODO remove reliance on JKS since we can PKCS12 stores... + KeyStore trustStore = KeyStore.getInstance("jks"); + assert trustStorePassword != null; + trustStore.load(in, trustStorePassword.toCharArray()); + return CertUtils.trustManagers(trustStore, trustStoreAlgorithm); + } catch (Exception e) { + throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e); + } + } + + static X509ExtendedTrustManager trustManagers(KeyStore keyStore, String algorithm) throws Exception { TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); tmf.init(keyStore); TrustManager[] trustManagers = tmf.getTrustManagers(); for (TrustManager trustManager : trustManagers) { if (trustManager instanceof X509ExtendedTrustManager) { - return new X509ExtendedTrustManager[] { (X509ExtendedTrustManager) trustManager }; + return (X509ExtendedTrustManager) trustManager ; } } throw new IllegalStateException("failed to find a X509ExtendedTrustManager"); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ClientSSLService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ClientSSLService.java index 79b03c4444c..8805703c1f1 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ClientSSLService.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ClientSSLService.java @@ -7,14 +7,12 @@ package org.elasticsearch.xpack.security.ssl; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; -import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; public class ClientSSLService extends AbstractSSLService { - public ClientSSLService(Settings settings, Environment env, Global globalSSLConfiguration, - ResourceWatcherService resourceWatcherService) { - super(settings, env, globalSSLConfiguration, resourceWatcherService); + public ClientSSLService(Settings settings, Environment env, Global globalSSLConfiguration) { + super(settings, env, globalSSLConfiguration); } @Override diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/KeyConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/KeyConfig.java index d62b8aa772b..31c46bc312a 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/KeyConfig.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/KeyConfig.java @@ -5,19 +5,12 @@ */ package org.elasticsearch.xpack.security.ssl; -import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Nullable; import org.elasticsearch.env.Environment; -import org.elasticsearch.xpack.security.ssl.TrustConfig.Reloadable.Listener; -import org.elasticsearch.watcher.FileWatcher; -import org.elasticsearch.watcher.ResourceWatcherService; -import org.elasticsearch.watcher.ResourceWatcherService.Frequency; -import javax.net.ssl.KeyManager; import javax.net.ssl.SSLEngine; import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509ExtendedTrustManager; -import java.io.IOException; import java.net.Socket; import java.nio.file.Path; import java.security.Principal; @@ -28,18 +21,20 @@ import java.util.List; abstract class KeyConfig extends TrustConfig { - KeyConfig(boolean includeSystem, boolean reloadEnabled) { - super(includeSystem, reloadEnabled); + private X509ExtendedKeyManager[] keyManagers = null; + + KeyConfig(boolean includeSystem) { + super(includeSystem); } - static final KeyConfig NONE = new KeyConfig(false, false) { + static final KeyConfig NONE = new KeyConfig(false) { @Override - X509ExtendedKeyManager[] loadKeyManagers(@Nullable Environment environment) { + X509ExtendedKeyManager loadKeyManager(@Nullable Environment environment) { return null; } @Override - X509ExtendedTrustManager[] nonSystemTrustManagers(@Nullable Environment environment) { + X509ExtendedTrustManager nonSystemTrustManager(@Nullable Environment environment) { return null; } @@ -58,39 +53,48 @@ abstract class KeyConfig extends TrustConfig { } }; - final KeyManager[] keyManagers(@Nullable Environment environment, @Nullable ResourceWatcherService resourceWatcherService, - @Nullable Listener listener) { - X509ExtendedKeyManager[] keyManagers = loadKeyManagers(environment); - if (reloadEnabled && resourceWatcherService != null && listener != null) { - ReloadableX509KeyManager reloadableX509KeyManager = new ReloadableX509KeyManager(keyManagers[0], environment); - List filesToMonitor = filesToMonitor(environment); - if (filesToMonitor.isEmpty() == false) { - ChangeListener changeListener = new ChangeListener(filesToMonitor, reloadableX509KeyManager, listener); - try { - for (Path dir : directoriesToMonitor(filesToMonitor)) { - FileWatcher fileWatcher = new FileWatcher(dir); - fileWatcher.addListener(changeListener); - resourceWatcherService.add(fileWatcher, Frequency.HIGH); - } - return new X509ExtendedKeyManager[]{reloadableX509KeyManager}; - } catch (IOException e) { - throw new ElasticsearchException("failed to add file watcher", e); - } - } + final synchronized X509ExtendedKeyManager[] keyManagers(@Nullable Environment environment) { + if (keyManagers == null) { + X509ExtendedKeyManager keyManager = loadKeyManager(environment); + setKeyManagers(keyManager); } return keyManagers; } - abstract X509ExtendedKeyManager[] loadKeyManagers(@Nullable Environment environment); + @Override + synchronized void reload(@Nullable Environment environment) { + if (trustManagers == null) { + // trust managers were never initialized... do it lazily! + X509ExtendedKeyManager loadedKeyManager = loadKeyManager(environment); + setKeyManagers(loadedKeyManager); + return; + } - final class ReloadableX509KeyManager extends X509ExtendedKeyManager implements Reloadable { + X509ExtendedTrustManager loadedTrustManager = loadAndMergeIfNecessary(environment); + X509ExtendedKeyManager loadedKeyManager = loadKeyManager(environment); + setTrustManagers(loadedTrustManager); + setKeyManagers(loadedKeyManager); + } + + final synchronized void setKeyManagers(X509ExtendedKeyManager loadedKeyManager) { + if (loadedKeyManager == null) { + this.keyManagers = new X509ExtendedKeyManager[0]; + } else if (this.keyManagers == null || this.keyManagers.length == 0) { + this.keyManagers = new X509ExtendedKeyManager[] { new ReloadableX509KeyManager(loadedKeyManager) }; + } else { + assert this.keyManagers[0] instanceof ReloadableX509KeyManager; + ((ReloadableX509KeyManager)this.keyManagers[0]).setKeyManager(loadedKeyManager); + } + } + + abstract X509ExtendedKeyManager loadKeyManager(@Nullable Environment environment); + + final class ReloadableX509KeyManager extends X509ExtendedKeyManager { - private final Environment environment; private volatile X509ExtendedKeyManager keyManager; - ReloadableX509KeyManager(X509ExtendedKeyManager keyManager, @Nullable Environment environment) { + ReloadableX509KeyManager(X509ExtendedKeyManager keyManager) { this.keyManager = keyManager; - this.environment = environment; } @Override @@ -133,13 +137,13 @@ abstract class KeyConfig extends TrustConfig { return keyManager.chooseEngineServerAlias(s, principals, engine); } - public synchronized void reload() { - X509ExtendedKeyManager[] keyManagers = loadKeyManagers(environment); - this.keyManager = keyManagers[0]; - } - synchronized void setKeyManager(X509ExtendedKeyManager x509ExtendedKeyManager) { this.keyManager = x509ExtendedKeyManager; } + + // pkg-private accessor for testing + X509ExtendedKeyManager getKeyManager() { + return keyManager; + } } } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMKeyConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMKeyConfig.java index 7a5f7c03c02..f0867e446cc 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMKeyConfig.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMKeyConfig.java @@ -28,23 +28,27 @@ class PEMKeyConfig extends KeyConfig { final String keyPassword; final List certPaths; - PEMKeyConfig(boolean includeSystem, boolean reloadEnabled, String keyPath, String keyPassword, List certPaths) { - super(includeSystem, reloadEnabled); + PEMKeyConfig(boolean includeSystem, String keyPath, String keyPassword, List certPaths) { + super(includeSystem); this.keyPath = keyPath; this.keyPassword = keyPassword; this.certPaths = certPaths; } @Override - X509ExtendedKeyManager[] loadKeyManagers(@Nullable Environment environment) { + X509ExtendedKeyManager loadKeyManager(@Nullable Environment environment) { + // password must be non-null for keystore... + char[] password = keyPassword == null ? new char[0] : keyPassword.toCharArray(); try { PrivateKey privateKey = readPrivateKey(CertUtils.resolvePath(keyPath, environment)); Certificate[] certificateChain = CertUtils.readCertificates(certPaths, environment); - // password must be non-null for keystore... - char[] password = keyPassword == null ? new char[0] : keyPassword.toCharArray(); return CertUtils.keyManagers(certificateChain, privateKey, password); } catch (Exception e) { throw new ElasticsearchException("failed to initialize a KeyManagerFactory", e); + } finally { + if (password != null) { + Arrays.fill(password, (char) 0); + } } } @@ -60,7 +64,7 @@ class PEMKeyConfig extends KeyConfig { } @Override - X509ExtendedTrustManager[] nonSystemTrustManagers(@Nullable Environment environment) { + X509ExtendedTrustManager nonSystemTrustManager(@Nullable Environment environment) { try { Certificate[] certificates = CertUtils.readCertificates(certPaths, environment); return CertUtils.trustManagers(certificates); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMTrustConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMTrustConfig.java index b9b1473a70e..5e5f42ba45c 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMTrustConfig.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/PEMTrustConfig.java @@ -20,13 +20,13 @@ class PEMTrustConfig extends TrustConfig { final List caPaths; - PEMTrustConfig(boolean includeSystem, boolean reloadEnabled, List caPaths) { - super(includeSystem, reloadEnabled); + PEMTrustConfig(boolean includeSystem, List caPaths) { + super(includeSystem); this.caPaths = caPaths; } @Override - X509ExtendedTrustManager[] nonSystemTrustManagers(@Nullable Environment environment) { + X509ExtendedTrustManager nonSystemTrustManager(@Nullable Environment environment) { try { Certificate[] certificates = CertUtils.readCertificates(caPaths, environment); return CertUtils.trustManagers(certificates); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java index 84aa8a853eb..a61eceb3def 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfiguration.java @@ -7,6 +7,8 @@ package org.elasticsearch.xpack.security.ssl; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.TrustManagerFactory; +import java.nio.file.Path; +import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.List; @@ -14,10 +16,12 @@ import java.util.Objects; import java.util.Optional; import java.util.function.Function; +import org.elasticsearch.common.Nullable; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Setting.Property; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; +import org.elasticsearch.env.Environment; import static org.elasticsearch.xpack.security.Security.setting; import static org.elasticsearch.xpack.security.support.OptionalSettings.createInt; @@ -43,6 +47,42 @@ public abstract class SSLConfiguration { public abstract List supportedProtocols(); + /** + * Provides the list of paths to files that back this configuration + */ + public List filesToMonitor(@Nullable Environment environment) { + if (keyConfig() == trustConfig()) { + return keyConfig().filesToMonitor(environment); + } + List paths = new ArrayList<>(keyConfig().filesToMonitor(environment)); + paths.addAll(trustConfig().filesToMonitor(environment)); + return paths; + } + + /** + * Reloads the portion of this configuration that makes use of the modified file + */ + public void reload(Path file, @Nullable Environment environment) { + if (keyConfig() == trustConfig()) { + keyConfig().reload(environment); + return; + } + + for (Path path : keyConfig().filesToMonitor(environment)) { + if (file.equals(path)) { + keyConfig().reload(environment); + break; + } + } + + for (Path path : trustConfig().filesToMonitor(environment)) { + if (file.equals(path)) { + trustConfig().reload(environment); + break; + } + } + } + @Override public boolean equals(Object o) { if (this == o) return true; @@ -258,14 +298,14 @@ public abstract class SSLConfiguration { if (certPaths == null) { throw new IllegalArgumentException("you must specify the certificates to use with the key"); } - return new PEMKeyConfig(includeSystem, reloadEnabled, keyPath, keyPassword, certPaths); + return new PEMKeyConfig(includeSystem, keyPath, keyPassword, certPaths); } else { assert keyStorePath != null; String keyStorePassword = KEYSTORE_PASSWORD_SETTING.get(settings).orElse(null); String keyStoreAlgorithm = KEYSTORE_ALGORITHM_SETTING.get(settings); String keyStoreKeyPassword = KEYSTORE_KEY_PASSWORD_SETTING.get(settings).orElse(keyStorePassword); String trustStoreAlgorithm = TRUSTSTORE_ALGORITHM_SETTING.get(settings); - return new StoreKeyConfig(includeSystem, reloadEnabled, keyStorePath, keyStorePassword, keyStoreKeyPassword, + return new StoreKeyConfig(includeSystem, keyStorePath, keyStorePassword, keyStoreKeyPassword, keyStoreAlgorithm, trustStoreAlgorithm); } } @@ -274,19 +314,18 @@ public abstract class SSLConfiguration { String trustStorePath = TRUSTSTORE_PATH_SETTING.get(settings).orElse(null); List caPaths = getListOrNull(CA_PATHS_SETTING, settings); boolean includeSystem = INCLUDE_JDK_CERTS_SETTING.get(settings); - boolean reloadEnabled = RELOAD_ENABLED_SETTING.get(settings); if (trustStorePath != null && caPaths != null) { throw new IllegalArgumentException("you cannot specify a truststore and ca files"); } else if (caPaths != null) { - return new PEMTrustConfig(includeSystem, reloadEnabled, caPaths); + return new PEMTrustConfig(includeSystem, caPaths); } else if (trustStorePath != null) { String trustStorePassword = TRUSTSTORE_PASSWORD_SETTING.get(settings).orElse(null); String trustStoreAlgorithm = TRUSTSTORE_ALGORITHM_SETTING.get(settings); - return new StoreTrustConfig(includeSystem, reloadEnabled, trustStorePath, trustStorePassword, trustStoreAlgorithm); + return new StoreTrustConfig(includeSystem, trustStorePath, trustStorePassword, trustStoreAlgorithm); } else if (keyInfo != KeyConfig.NONE) { return keyInfo; } else { - return new StoreTrustConfig(includeSystem, reloadEnabled, null, null, null); + return new StoreTrustConfig(includeSystem, null, null, null); } } } @@ -413,14 +452,14 @@ public abstract class SSLConfiguration { if (certPaths == null) { throw new IllegalArgumentException("you must specify the certificates to use with the key"); } - return new PEMKeyConfig(includeSystem, reloadEnabled, keyPath, keyPassword, certPaths); + return new PEMKeyConfig(includeSystem, keyPath, keyPassword, certPaths); } else { assert keyStorePath != null; String keyStorePassword = KEYSTORE_PASSWORD_SETTING.get(settings).orElse(null); String keyStoreAlgorithm = KEYSTORE_ALGORITHM_SETTING.get(settings); String keyStoreKeyPassword = KEYSTORE_KEY_PASSWORD_SETTING.get(settings).orElse(keyStorePassword); String trustStoreAlgorithm = TRUSTSTORE_ALGORITHM_SETTING.get(settings); - return new StoreKeyConfig(includeSystem, reloadEnabled, keyStorePath, keyStorePassword, keyStoreKeyPassword, + return new StoreKeyConfig(includeSystem, keyStorePath, keyStorePassword, keyStoreKeyPassword, keyStoreAlgorithm, trustStoreAlgorithm); } } @@ -431,11 +470,11 @@ public abstract class SSLConfiguration { if (trustStorePath != null && caPaths != null) { throw new IllegalArgumentException("you cannot specify a truststore and ca files"); } else if (caPaths != null) { - return new PEMTrustConfig(INCLUDE_JDK_CERTS_SETTING.get(settings), RELOAD_ENABLED_SETTING.get(settings), caPaths); + return new PEMTrustConfig(INCLUDE_JDK_CERTS_SETTING.get(settings), caPaths); } else if (trustStorePath != null) { String trustStorePassword = TRUSTSTORE_PASSWORD_SETTING.get(settings).orElse(null); String trustStoreAlgorithm = TRUSTSTORE_ALGORITHM_SETTING.get(settings); - return new StoreTrustConfig(INCLUDE_JDK_CERTS_SETTING.get(settings), RELOAD_ENABLED_SETTING.get(settings), + return new StoreTrustConfig(INCLUDE_JDK_CERTS_SETTING.get(settings), trustStorePath, trustStorePassword, trustStoreAlgorithm); } else if (keyConfig == global.keyConfig()) { return global.trustConfig(); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloader.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloader.java new file mode 100644 index 00000000000..49c6da03bfb --- /dev/null +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloader.java @@ -0,0 +1,150 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.security.ssl; + +import org.elasticsearch.common.component.AbstractComponent; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.env.Environment; +import org.elasticsearch.watcher.FileChangesListener; +import org.elasticsearch.watcher.FileWatcher; +import org.elasticsearch.watcher.ResourceWatcherService; +import org.elasticsearch.watcher.ResourceWatcherService.Frequency; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSessionContext; +import java.io.IOException; +import java.nio.file.Path; +import java.util.Collection; +import java.util.Collections; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.List; +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.CopyOnWriteArraySet; + +/** + * Ensures that the files backing an {@link SSLConfiguration} are monitored for changes and the underlying key/trust material is reloaded + * and the {@link SSLContext} has existing sessions invalidated to force the use of the new key/trust material + */ +public class SSLConfigurationReloader extends AbstractComponent implements AbstractSSLService.Listener { + + private final ConcurrentHashMap pathToChangeListenerMap = new ConcurrentHashMap<>(); + private final Environment environment; + private final ResourceWatcherService resourceWatcherService; + private final ServerSSLService serverSSLService; + private final ClientSSLService clientSSLService; + + public SSLConfigurationReloader(Settings settings, Environment env, ServerSSLService serverSSLService, + ClientSSLService clientSSLService, ResourceWatcherService resourceWatcher) { + super(settings); + this.environment = env; + this.resourceWatcherService = resourceWatcher; + this.serverSSLService = serverSSLService; + this.clientSSLService = clientSSLService; + serverSSLService.setListener(this); + clientSSLService.setListener(this); + } + + @Override + public void onSSLContextLoaded(SSLConfiguration sslConfiguration) { + startWatching(Collections.singleton(sslConfiguration)); + } + + /** + * Collects all of the directories that need to be monitored for the provided {@link SSLConfiguration} instances and ensures that + * they are being watched for changes + */ + private void startWatching(Collection sslConfigurations) { + for (SSLConfiguration sslConfiguration : sslConfigurations) { + for (Path directory : directoriesToMonitor(sslConfiguration.filesToMonitor(environment))) { + pathToChangeListenerMap.compute(directory, (path, listener) -> { + if (listener != null) { + listener.addSSLConfiguration(sslConfiguration); + return listener; + } + + ChangeListener changeListener = new ChangeListener(); + changeListener.addSSLConfiguration(sslConfiguration); + FileWatcher fileWatcher = new FileWatcher(path); + fileWatcher.addListener(changeListener); + try { + resourceWatcherService.add(fileWatcher, Frequency.HIGH); + return changeListener; + } catch (IOException e) { + logger.error("failed to start watching directory [{}] for ssl configuration [{}]", path, sslConfiguration); + } + return null; + }); + } + } + } + + /** + * Invalidates all of the sessions in the provided {@link SSLContext} + */ + private static void invalidateAllSessions(SSLContext context) { + if (context != null) { + invalidateSessions(context.getClientSessionContext()); + invalidateSessions(context.getServerSessionContext()); + } + } + + /** + * Invalidates the sessions in the provided {@link SSLSessionContext} + */ + private static void invalidateSessions(SSLSessionContext sslSessionContext) { + Enumeration sessionIds = sslSessionContext.getIds(); + while (sessionIds.hasMoreElements()) { + byte[] sessionId = sessionIds.nextElement(); + sslSessionContext.getSession(sessionId).invalidate(); + } + } + + /** + * Returns a unique set of directories that need to be monitored based on the provided file paths + */ + private static Set directoriesToMonitor(List filePaths) { + Set paths = new HashSet<>(); + for (Path path : filePaths) { + paths.add(path.getParent()); + } + return paths; + } + + private class ChangeListener implements FileChangesListener { + + private final CopyOnWriteArraySet sslConfigurations = new CopyOnWriteArraySet<>(); + + /** + * Adds the given ssl configuration to those that have files within the directory watched by this change listener + */ + private void addSSLConfiguration(SSLConfiguration sslConfiguration) { + sslConfigurations.add(sslConfiguration); + } + + @Override + public void onFileCreated(Path file) { + onFileChanged(file); + } + + @Override + public void onFileDeleted(Path file) { + onFileChanged(file); + } + + @Override + public void onFileChanged(Path file) { + for (SSLConfiguration sslConfiguration : sslConfigurations) { + if (sslConfiguration.filesToMonitor(environment).contains(file)) { + sslConfiguration.reload(file, environment); + invalidateAllSessions(serverSSLService.getSSLContext(sslConfiguration)); + invalidateAllSessions(clientSSLService.getSSLContext(sslConfiguration)); + } + } + } + } +} diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ServerSSLService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ServerSSLService.java index 254f6870e4a..f8c0e78e2ba 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ServerSSLService.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/ServerSSLService.java @@ -7,14 +7,12 @@ package org.elasticsearch.xpack.security.ssl; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; -import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; public class ServerSSLService extends AbstractSSLService { - public ServerSSLService(Settings settings, Environment environment, Global globalSSLConfiguration, - ResourceWatcherService resourceWatcherService) { - super(settings, environment, globalSSLConfiguration, resourceWatcherService); + public ServerSSLService(Settings settings, Environment environment, Global globalSSLConfiguration) { + super(settings, environment, globalSSLConfiguration); } @Override diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreKeyConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreKeyConfig.java index 1e762dc6fed..24bf267b0d8 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreKeyConfig.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreKeyConfig.java @@ -26,9 +26,9 @@ class StoreKeyConfig extends KeyConfig { final String keyPassword; final String trustStoreAlgorithm; - StoreKeyConfig(boolean includeSystem, boolean reloadEnabled, String keyStorePath, String keyStorePassword, String keyPassword, + StoreKeyConfig(boolean includeSystem, String keyStorePath, String keyStorePassword, String keyPassword, String keyStoreAlgorithm, String trustStoreAlgorithm) { - super(includeSystem, reloadEnabled); + super(includeSystem); this.keyStorePath = keyStorePath; this.keyStorePassword = keyStorePassword; this.keyPassword = keyPassword; @@ -37,7 +37,7 @@ class StoreKeyConfig extends KeyConfig { } @Override - X509ExtendedKeyManager[] loadKeyManagers(@Nullable Environment environment) { + X509ExtendedKeyManager loadKeyManager(@Nullable Environment environment) { try (InputStream in = Files.newInputStream(CertUtils.resolvePath(keyStorePath, environment))) { // TODO remove reliance on JKS since we can PKCS12 stores... KeyStore ks = KeyStore.getInstance("jks"); @@ -50,14 +50,9 @@ class StoreKeyConfig extends KeyConfig { } @Override - X509ExtendedTrustManager[] nonSystemTrustManagers(@Nullable Environment environment) { - try (InputStream in = Files.newInputStream(CertUtils.resolvePath(keyStorePath, environment))) { - // TODO remove reliance on JKS since we can PKCS12 stores... - KeyStore ks = KeyStore.getInstance("jks"); - assert keyStorePassword != null; - ks.load(in, keyStorePassword.toCharArray()); - - return CertUtils.trustManagers(ks, trustStoreAlgorithm); + X509ExtendedTrustManager nonSystemTrustManager(@Nullable Environment environment) { + try { + return CertUtils.trustManagers(keyStorePath, keyStorePassword, trustStoreAlgorithm, environment); } catch (Exception e) { throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e); } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreTrustConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreTrustConfig.java index e9ac5bffc2b..db1a8ef40ea 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreTrustConfig.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/StoreTrustConfig.java @@ -23,25 +23,20 @@ class StoreTrustConfig extends TrustConfig { final String trustStorePassword; final String trustStoreAlgorithm; - StoreTrustConfig(boolean includeSystem, boolean reloadEnabled, String trustStorePath, String trustStorePassword, - String trustStoreAlgorithm) { - super(includeSystem, reloadEnabled); + StoreTrustConfig(boolean includeSystem, String trustStorePath, String trustStorePassword, String trustStoreAlgorithm) { + super(includeSystem); this.trustStorePath = trustStorePath; this.trustStorePassword = trustStorePassword; this.trustStoreAlgorithm = trustStoreAlgorithm; } @Override - X509ExtendedTrustManager[] nonSystemTrustManagers(@Nullable Environment environment) { + X509ExtendedTrustManager nonSystemTrustManager(@Nullable Environment environment) { if (trustStorePath == null) { return null; } - try (InputStream in = Files.newInputStream(CertUtils.resolvePath(trustStorePath, environment))) { - // TODO remove reliance on JKS since we can PKCS12 stores... - KeyStore trustStore = KeyStore.getInstance("jks"); - assert trustStorePassword != null; - trustStore.load(in, trustStorePassword.toCharArray()); - return CertUtils.trustManagers(trustStore, trustStoreAlgorithm); + try { + return CertUtils.trustManagers(trustStorePath, trustStorePassword, trustStoreAlgorithm, environment); } catch (Exception e) { throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e); } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/TrustConfig.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/TrustConfig.java index 6c67d6f6309..1a3268b0027 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/TrustConfig.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/TrustConfig.java @@ -8,60 +8,53 @@ package org.elasticsearch.xpack.security.ssl; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Nullable; import org.elasticsearch.env.Environment; -import org.elasticsearch.xpack.security.ssl.TrustConfig.Reloadable.Listener; -import org.elasticsearch.watcher.FileChangesListener; -import org.elasticsearch.watcher.FileWatcher; -import org.elasticsearch.watcher.ResourceWatcherService; -import org.elasticsearch.watcher.ResourceWatcherService.Frequency; import javax.net.ssl.SSLEngine; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509ExtendedTrustManager; -import javax.net.ssl.X509TrustManager; -import java.io.IOException; import java.net.Socket; -import java.nio.file.Files; import java.nio.file.Path; import java.security.KeyStore; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; -import java.util.HashSet; import java.util.List; -import java.util.Set; abstract class TrustConfig { protected final boolean includeSystem; - protected final boolean reloadEnabled; - TrustConfig(boolean includeSystem, boolean reloadEnabled) { + X509ExtendedTrustManager[] trustManagers = null; + + TrustConfig(boolean includeSystem) { this.includeSystem = includeSystem; - this.reloadEnabled = reloadEnabled; } - final TrustManager[] trustManagers(@Nullable Environment environment, @Nullable ResourceWatcherService resourceWatcherService, - @Nullable Listener listener) { - X509ExtendedTrustManager[] trustManagers = loadAndMergeIfNecessary(environment); - if (reloadEnabled && resourceWatcherService != null && listener != null) { - ReloadableTrustManager reloadableTrustManager = new ReloadableTrustManager(trustManagers[0], environment); - try { - List filesToMonitor = filesToMonitor(environment); - ChangeListener changeListener = new ChangeListener(filesToMonitor, reloadableTrustManager, listener); - for (Path path : directoriesToMonitor(filesToMonitor)) { - FileWatcher fileWatcher = new FileWatcher(path); - fileWatcher.addListener(changeListener); - resourceWatcherService.add(fileWatcher, Frequency.HIGH); - } - return new X509ExtendedTrustManager[] { reloadableTrustManager }; - } catch (IOException e) { - throw new ElasticsearchException("failed to add file watcher", e); - } + final synchronized X509ExtendedTrustManager[] trustManagers(@Nullable Environment environment) { + if (trustManagers == null) { + X509ExtendedTrustManager loadedTrustManager = loadAndMergeIfNecessary(environment); + setTrustManagers(loadedTrustManager); } return trustManagers; } - abstract X509ExtendedTrustManager[] nonSystemTrustManagers(@Nullable Environment environment); + synchronized void reload(@Nullable Environment environment) { + X509ExtendedTrustManager loadedTrustManager = loadAndMergeIfNecessary(environment); + setTrustManagers(loadedTrustManager); + } + + final synchronized void setTrustManagers(X509ExtendedTrustManager loadedTrustManager) { + if (loadedTrustManager == null) { + this.trustManagers = new X509ExtendedTrustManager[0]; + } else if (this.trustManagers == null || this.trustManagers.length == 0) { + this.trustManagers = new X509ExtendedTrustManager[] { new ReloadableTrustManager(loadedTrustManager) }; + } else { + assert this.trustManagers[0] instanceof ReloadableTrustManager; + ((ReloadableTrustManager)this.trustManagers[0]).setTrustManager(loadedTrustManager); + } + } + + abstract X509ExtendedTrustManager nonSystemTrustManager(@Nullable Environment environment); abstract void validate(); @@ -69,56 +62,47 @@ abstract class TrustConfig { public abstract String toString(); - private X509ExtendedTrustManager[] loadAndMergeIfNecessary(@Nullable Environment environment) { - X509ExtendedTrustManager[] nonSystemTrustManagers = nonSystemTrustManagers(environment); + final X509ExtendedTrustManager loadAndMergeIfNecessary(@Nullable Environment environment) { + X509ExtendedTrustManager trustManager = nonSystemTrustManager(environment); if (includeSystem) { - return mergeWithSystem(nonSystemTrustManagers); - } else if (nonSystemTrustManagers == null || nonSystemTrustManagers.length == 0) { - return new X509ExtendedTrustManager[0]; + trustManager = mergeWithSystem(trustManager); + } else if (trustManager == null) { + return null; } - return nonSystemTrustManagers; + return trustManager; } - private X509ExtendedTrustManager[] mergeWithSystem(X509ExtendedTrustManager[] nonSystemTrustManagers) { + private X509ExtendedTrustManager mergeWithSystem(X509ExtendedTrustManager nonSystemTrustManager) { try { TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init((KeyStore) null); TrustManager[] systemTrustManagers = tmf.getTrustManagers(); - X509ExtendedTrustManager system = findFirstX509TrustManager(systemTrustManagers); - if (nonSystemTrustManagers == null || nonSystemTrustManagers.length == 0) { - return new X509ExtendedTrustManager[] { system }; + X509ExtendedTrustManager system = findFirstX509ExtendedTrustManager(systemTrustManagers); + if (nonSystemTrustManager == null) { + return system; } - return new X509ExtendedTrustManager[] { new CombiningX509TrustManager(nonSystemTrustManagers[0], system) }; + return new CombiningX509TrustManager(nonSystemTrustManager, system); } catch (Exception e) { throw new ElasticsearchException("failed to initialize a trust managers", e); } } - private static X509ExtendedTrustManager findFirstX509TrustManager(TrustManager[] trustManagers) { + private static X509ExtendedTrustManager findFirstX509ExtendedTrustManager(TrustManager[] trustManagers) { X509ExtendedTrustManager x509TrustManager = null; for (TrustManager trustManager : trustManagers) { - if (trustManager instanceof X509TrustManager) { + if (trustManager instanceof X509ExtendedTrustManager) { // first one wins like in the JDK x509TrustManager = (X509ExtendedTrustManager) trustManager; break; } } if (x509TrustManager == null) { - throw new IllegalArgumentException("did not find a X509TrustManager"); + throw new IllegalArgumentException("did not find a X509ExtendedTrustManager"); } return x509TrustManager; } - static Set directoriesToMonitor(List filePaths) { - Set paths = new HashSet<>(); - for (Path path : filePaths) { - assert Files.isDirectory(path) == false; - paths.add(path.getParent()); - } - return paths; - } - private static class CombiningX509TrustManager extends X509ExtendedTrustManager { private final X509ExtendedTrustManager first; @@ -196,14 +180,12 @@ abstract class TrustConfig { } } - final class ReloadableTrustManager extends X509ExtendedTrustManager implements Reloadable { + final class ReloadableTrustManager extends X509ExtendedTrustManager { - private final Environment environment; private volatile X509ExtendedTrustManager trustManager; - ReloadableTrustManager(X509ExtendedTrustManager trustManager, @Nullable Environment environment) { + ReloadableTrustManager(X509ExtendedTrustManager trustManager) { this.trustManager = trustManager; - this.environment = environment; } @Override @@ -241,59 +223,12 @@ abstract class TrustConfig { return trustManager.getAcceptedIssuers(); } - public synchronized void reload() { - X509ExtendedTrustManager[] array = loadAndMergeIfNecessary(environment); - this.trustManager = array[0]; - } - synchronized void setTrustManager(X509ExtendedTrustManager trustManager) { this.trustManager = trustManager; } - } - interface Reloadable { - - void reload(); - - interface Listener { - - void onReload(); - - void onFailure(Exception e); - - } - } - - protected static class ChangeListener implements FileChangesListener { - - private final List paths; - private final Reloadable reloadable; - private final Listener listener; - - protected ChangeListener(List paths, Reloadable reloadable, Listener listener) { - this.paths = paths; - this.reloadable = reloadable; - this.listener = listener; - } - - @Override - public void onFileDeleted(Path file) { - onFileChanged(file); - } - - @Override - public void onFileChanged(Path file) { - for (Path path : paths) { - if (file.equals(path)) { - try { - reloadable.reload(); - listener.onReload(); - } catch (Exception e) { - listener.onFailure(e); - } - break; - } - } + X509ExtendedTrustManager getTrustManager() { + return trustManager; } } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java index ddac569df87..c17e6c5baa3 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/activedirectory/AbstractActiveDirectoryIntegTests.java @@ -43,7 +43,7 @@ public class AbstractActiveDirectoryIntegTests extends ESTestCase { } globalSettings = builder.build(); Environment environment = new Environment(globalSettings); - clientSSLService = new ClientSSLService(globalSettings, environment, new Global(globalSettings), null); + clientSSLService = new ClientSSLService(globalSettings, environment, new Global(globalSettings)); } Settings buildAdSettings(String ldapUrl, String adDomainName, String userSearchDN, LdapSearchScope scope, diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java index d08e1758074..dde4ba5f99c 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/GroupsResolverTestCase.java @@ -40,7 +40,7 @@ public abstract class GroupsResolverTestCase extends ESTestCase { } Settings settings = builder.build(); Environment env = new Environment(settings); - ClientSSLService clientSSLService = new ClientSSLService(settings, env, new Global(settings), null); + ClientSSLService clientSSLService = new ClientSSLService(settings, env, new Global(settings)); LDAPURL ldapurl = new LDAPURL(ldapUrl()); LDAPConnectionOptions options = new LDAPConnectionOptions(); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java index 60dfe8bbbe3..1ce62427315 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java @@ -62,7 +62,7 @@ public class LdapUserSearchSessionFactoryTests extends LdapTestCase { .put("xpack.security.ssl.keystore.path", keystore) .put("xpack.security.ssl.keystore.password", "changeit") .build(); - clientSSLService = new ClientSSLService(settings, env, new Global(settings), null); + clientSSLService = new ClientSSLService(settings, env, new Global(settings)); globalSettings = Settings.builder().put("path.home", createTempDir()).build(); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java index f746da1c6f6..57963d11341 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/OpenLdapTests.java @@ -52,7 +52,7 @@ public class OpenLdapTests extends ESTestCase { } globalSettings = builder.build(); Environment environment = new Environment(globalSettings); - clientSSLService = new ClientSSLService(globalSettings, environment, new Global(globalSettings), null); + clientSSLService = new ClientSSLService(globalSettings, environment, new Global(globalSettings)); } public void testConnect() throws Exception { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ClientSSLServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ClientSSLServiceTests.java index 0ba9bb9a680..826c2e42699 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ClientSSLServiceTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ClientSSLServiceTests.java @@ -59,7 +59,7 @@ public class ClientSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.truststore.path", testclientStore) .put("xpack.security.ssl.truststore.password", "testclient") .build(); - ClientSSLService clientSSLService = new ClientSSLService(settings, null, new Global(settings), null); + ClientSSLService clientSSLService = new ClientSSLService(settings, null, new Global(settings)); clientSSLService.createSSLEngine(); fail("expected an exception"); } catch (ElasticsearchException e) { @@ -284,7 +284,6 @@ public class ClientSSLServiceTests extends ESTestCase { } private ClientSSLService createClientSSLService(Settings settings) { - ClientSSLService clientSSLService = new ClientSSLService(settings, env, new Global(settings), null); - return clientSSLService; + return new ClientSSLService(settings, env, new Global(settings)); } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloaderTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloaderTests.java new file mode 100644 index 00000000000..23b162b06d1 --- /dev/null +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationReloaderTests.java @@ -0,0 +1,652 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.security.ssl; + +import org.apache.lucene.util.SetOnce; +import org.bouncycastle.openssl.jcajce.JcaPEMWriter; +import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.env.Environment; +import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.TestThreadPool; +import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.watcher.ResourceWatcherService; +import org.elasticsearch.xpack.security.ssl.KeyConfig.ReloadableX509KeyManager; +import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; +import org.elasticsearch.xpack.security.ssl.TrustConfig.ReloadableTrustManager; +import org.hamcrest.Matcher; +import org.junit.After; +import org.junit.Before; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.X509ExtendedKeyManager; +import javax.net.ssl.X509ExtendedTrustManager; +import java.io.IOException; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.nio.charset.StandardCharsets; +import java.nio.file.AtomicMoveNotSupportedException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.StandardCopyOption; +import java.nio.file.StandardOpenOption; +import java.nio.file.attribute.BasicFileAttributes; +import java.security.KeyPair; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.concurrent.atomic.AtomicInteger; +import java.util.function.BiFunction; + +import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.instanceOf; +import static org.hamcrest.Matchers.not; +import static org.hamcrest.Matchers.sameInstance; +import static org.hamcrest.core.Is.is; + +/** + * Unit tests for the reloading of SSL configuration + */ +public class SSLConfigurationReloaderTests extends ESTestCase { + + private ThreadPool threadPool; + private ResourceWatcherService resourceWatcherService; + + @Before + public void setup() { + threadPool = new TestThreadPool("reload tests"); + resourceWatcherService = + new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool); + resourceWatcherService.start(); + } + + @After + public void cleanup() throws Exception { + if (threadPool != null) { + terminate(threadPool); + } + } + + /** + * Tests reloading a keystore. The contents of the keystore is used for both keystore and truststore material, so both key + * config and trust config is checked. + */ + public void testReloadingKeyStore() throws Exception { + final Path tempDir = createTempDir(); + final Path keystorePath = tempDir.resolve("testnode.jks"); + Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), keystorePath); + final Settings settings = Settings.builder() + .put("path.home", createTempDir()) + .put("xpack.security.ssl.keystore.path", keystorePath) + .put("xpack.security.ssl.keystore.password", "testnode") + .build(); + final Environment env = randomBoolean() ? null : new Environment(settings); + + final BiFunction keyManagerPreChecks = (keyManager, config) -> { + // key manager checks + String[] aliases = keyManager.getServerAliases("RSA", null); + assertNotNull(aliases); + assertThat(aliases.length, is(1)); + assertThat(aliases[0], is("testnode")); + return null; + }; + + final SetOnce trustedCount = new SetOnce<>(); + final BiFunction trustManagerPreChecks = (trustManager, config) -> { + // trust manager checks + Certificate[] certificates = trustManager.getAcceptedIssuers(); + trustedCount.set(certificates.length); + return null; + }; + + final Runnable modifier = () -> { + try { + // modify it + KeyStore keyStore = KeyStore.getInstance("jks"); + keyStore.load(null, null); + Path updated = tempDir.resolve("updated.jks"); + try (OutputStream out = Files.newOutputStream(updated)) { + keyStore.store(out, "testnode".toCharArray()); + } + atomicMoveIfPossible(updated, keystorePath); + } catch (Exception e) { + throw new RuntimeException("modification failed", e); + } + }; + + final BiFunction trustManagerPostChecks = (updatedTrustManager, config) -> { + assertThat(trustedCount.get() - updatedTrustManager.getAcceptedIssuers().length, is(5)); + return null; + }; + validateSSLConfigurationIsReloaded(settings, env, keyManagerPreChecks, trustManagerPreChecks, modifier, (k, c) -> null, + trustManagerPostChecks); + } + + /** + * Tests the reloading of a PEM key config when the key is overwritten. The trust portion is not tested as it is not modified by this + * test. + */ + public void testPEMKeyConfigReloading() throws Exception { + Path tempDir = createTempDir(); + Path keyPath = tempDir.resolve("testnode.pem"); + Path certPath = tempDir.resolve("testnode.crt"); + Path clientCertPath = tempDir.resolve("testclient.crt"); + Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem"), keyPath); + Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), certPath); + Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath); + final Settings settings = Settings.builder() + .put("path.home", createTempDir()) + .put("xpack.security.ssl.key.path", keyPath) + .put("xpack.security.ssl.key.password", "testnode") + .put("xpack.security.ssl.cert", certPath) + .putArray("xpack.security.ssl.ca", certPath.toString(), clientCertPath.toString()) + .build(); + final Environment env = randomBoolean() ? null : + new Environment(Settings.builder().put("path.home", createTempDir()).build()); + + final SetOnce privateKey = new SetOnce<>(); + final BiFunction keyManagerPreChecks = (keyManager, config) -> { + String[] aliases = keyManager.getServerAliases("RSA", null); + assertNotNull(aliases); + assertThat(aliases.length, is(1)); + assertThat(aliases[0], is("key")); + privateKey.set(keyManager.getPrivateKey("key")); + assertNotNull(privateKey.get()); + return null; + }; + + final KeyPair keyPair = CertUtils.generateKeyPair(randomFrom(1024, 2048)); + final Runnable modifier = () -> { + try { + // make sure we wait long enough to see a change. if time is within a second the file may not be seen as modified since the + // size is the same! + assertTrue(awaitBusy(() -> { + try { + BasicFileAttributes attributes = Files.readAttributes(keyPath, BasicFileAttributes.class); + return System.currentTimeMillis() - attributes.lastModifiedTime().toMillis() >= 1000L; + } catch (IOException e) { + throw new RuntimeException("io exception while checking time", e); + } + })); + Path updatedKeyPath = tempDir.resolve("updated.pem"); + try (OutputStream os = Files.newOutputStream(updatedKeyPath); + OutputStreamWriter osWriter = new OutputStreamWriter(os, StandardCharsets.UTF_8); + JcaPEMWriter writer = new JcaPEMWriter(osWriter)) { + writer.writeObject(keyPair, + new JcePEMEncryptorBuilder("DES-EDE3-CBC").setProvider(CertUtils.BC_PROV).build("testnode".toCharArray())); + } + atomicMoveIfPossible(updatedKeyPath, keyPath); + } catch (Exception e) { + throw new RuntimeException("failed to modify file", e); + } + }; + + final BiFunction keyManagerPostChecks = (keyManager, config) -> { + String[] aliases = keyManager.getServerAliases("RSA", null); + assertNotNull(aliases); + assertThat(aliases.length, is(1)); + assertThat(aliases[0], is("key")); + assertThat(keyManager.getPrivateKey(aliases[0]), not(equalTo(privateKey))); + assertThat(keyManager.getPrivateKey(aliases[0]), is(equalTo(keyPair.getPrivate()))); + return null; + }; + validateKeyConfigurationIsReloaded(settings, env, keyManagerPreChecks, modifier, keyManagerPostChecks); + } + + /** + * Tests the reloading of the trust config when the trust store is modified. The key config is not tested as part of this test. + */ + public void testReloadingTrustStore() throws Exception { + Path tempDir = createTempDir(); + Path trustStorePath = tempDir.resolve("testnode.jks"); + Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), trustStorePath); + Settings settings = Settings.builder() + .put("xpack.security.ssl.truststore.path", trustStorePath) + .put("xpack.security.ssl.truststore.password", "testnode") + .put("path.home", createTempDir()) + .build(); + Environment env = randomBoolean() ? null : new Environment(settings); + + final SetOnce trustedCount = new SetOnce<>(); + final BiFunction trustManagerPreChecks = (trustManager, config) -> { + // trust manager checks + Certificate[] certificates = trustManager.getAcceptedIssuers(); + trustedCount.set(certificates.length); + return null; + }; + + + final Runnable modifier = () -> { + try { + Path updatedTruststore = tempDir.resolve("updated.jks"); + KeyStore keyStore = KeyStore.getInstance("jks"); + keyStore.load(null, null); + try (OutputStream out = Files.newOutputStream(updatedTruststore)) { + keyStore.store(out, "testnode".toCharArray()); + } + atomicMoveIfPossible(updatedTruststore, trustStorePath); + } catch (Exception e) { + throw new RuntimeException("failed to modify file", e); + } + }; + + final BiFunction trustManagerPostChecks = (updatedTrustManager, config) -> { + assertThat(trustedCount.get() - updatedTrustManager.getAcceptedIssuers().length, is(5)); + return null; + }; + + validateTrustConfigurationIsReloaded(settings, env, trustManagerPreChecks, modifier, trustManagerPostChecks); + } + + /** + * Test the reloading of a trust config that is backed by PEM certificate files. The key config is not tested as we only care about the + * trust config in this test. + */ + public void testReloadingPEMTrustConfig() throws Exception { + Path tempDir = createTempDir(); + Path clientCertPath = tempDir.resolve("testclient.crt"); + Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath); + Settings settings = Settings.builder() + .putArray("xpack.security.ssl.ca", clientCertPath.toString()) + .put("path.home", createTempDir()) + .put(Global.INCLUDE_JDK_CERTS_SETTING.getKey(), false) + .build(); + Environment env = randomBoolean() ? null : new Environment(settings); + + final BiFunction trustManagerPreChecks = (trustManager, config) -> { + // trust manager checks + Certificate[] certificates = trustManager.getAcceptedIssuers(); + assertThat(certificates.length, is(1)); + assertThat(((X509Certificate)certificates[0]).getSubjectX500Principal().getName(), containsString("Test Client")); + return null; + }; + + final Runnable modifier = () -> { + try { + Path updatedCert = tempDir.resolve("updated.crt"); + Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), updatedCert, + StandardCopyOption.REPLACE_EXISTING); + atomicMoveIfPossible(updatedCert, clientCertPath); + } catch (Exception e) { + throw new RuntimeException("failed to modify file", e); + } + }; + + final BiFunction trustManagerPostChecks = (updatedTrustManager, config) -> { + Certificate[] updatedCerts = updatedTrustManager.getAcceptedIssuers(); + assertThat(updatedCerts.length, is(1)); + assertThat(((X509Certificate)updatedCerts[0]).getSubjectX500Principal().getName(), containsString("Test Node")); + return null; + }; + + validateTrustConfigurationIsReloaded(settings, env, trustManagerPreChecks, modifier, trustManagerPostChecks); + } + + /** + * Tests the reloading of a keystore when there is an exception during reloading. An exception is caused by truncating the keystore + * that is being monitored + */ + public void testReloadingKeyStoreException() throws Exception { + Path tempDir = createTempDir(); + Path keystorePath = tempDir.resolve("testnode.jks"); + Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), keystorePath); + Settings settings = Settings.builder() + .put("xpack.security.ssl.keystore.path", keystorePath) + .put("xpack.security.ssl.keystore.password", "testnode") + .put("path.home", createTempDir()) + .build(); + Environment env = randomBoolean() ? null : new Environment(settings); + final Global config = new Global(settings); + final ServerSSLService serverSSLService = new ServerSSLService(settings, env, config) { + @Override + SSLContext getSSLContext(SSLConfiguration configuration) { + fail("get should not be called! [keystore reload exception]"); + return super.getSSLContext(configuration); + } + }; + final ClientSSLService clientSSLService = new ClientSSLService(settings, env, config) { + @Override + SSLContext getSSLContext(SSLConfiguration configuration) { + fail("get should not be called! [keystore reload exception]"); + return super.getSSLContext(configuration); + } + }; + final SSLConfigurationReloader reloader = + new SSLConfigurationReloader(settings, env, serverSSLService, clientSSLService, resourceWatcherService); + reloader.onSSLContextLoaded(config); + + // key manager checks + X509ExtendedKeyManager keyManager = ((ReloadableX509KeyManager)config.keyConfig().keyManagers(env)[0]).getKeyManager(); + String[] aliases = keyManager.getServerAliases("RSA", null); + assertNotNull(aliases); + assertThat(aliases.length, is(1)); + assertThat(aliases[0], is("testnode")); + PrivateKey privateKey = keyManager.getPrivateKey("testnode"); + + // truncate the keystore + try (OutputStream out = Files.newOutputStream(keystorePath, StandardOpenOption.TRUNCATE_EXISTING)) { + } + + // we intentionally don't wait here as we rely on concurrency to catch a failure + assertThat(keyManager.getServerAliases("RSA", null), equalTo(aliases)); + assertThat(keyManager.getPrivateKey("testnode"), is(equalTo(privateKey))); + } + + /** + * Tests the reloading of a key config backed by pem files when there is an exception during reloading. An exception is caused by + * truncating the key file that is being monitored + */ + public void testReloadingPEMKeyConfigException() throws Exception { + Path tempDir = createTempDir(); + Path keyPath = tempDir.resolve("testnode.pem"); + Path certPath = tempDir.resolve("testnode.crt"); + Path clientCertPath = tempDir.resolve("testclient.crt"); + Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem"), keyPath); + Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), certPath); + Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath); + Settings settings = Settings.builder() + .put("xpack.security.ssl.key.path", keyPath) + .put("xpack.security.ssl.key.password", "testnode") + .put("xpack.security.ssl.cert", certPath) + .putArray("xpack.security.ssl.ca", certPath.toString(), clientCertPath.toString()) + .put("path.home", createTempDir()) + .build(); + Environment env = randomBoolean() ? null : new Environment(settings); + final Global config = new Global(settings); + final ServerSSLService serverSSLService = new ServerSSLService(settings, env, config) { + @Override + SSLContext getSSLContext(SSLConfiguration configuration) { + fail("get should not be called! [pem key reload exception]"); + return super.getSSLContext(configuration); + } + }; + final ClientSSLService clientSSLService = new ClientSSLService(settings, env, config) { + @Override + SSLContext getSSLContext(SSLConfiguration configuration) { + fail("get should not be called! [pem key reload exception]"); + return super.getSSLContext(configuration); + } + }; + final SSLConfigurationReloader reloader = + new SSLConfigurationReloader(settings, env, serverSSLService, clientSSLService, resourceWatcherService); + reloader.onSSLContextLoaded(config); + + X509ExtendedKeyManager keyManager = ((ReloadableX509KeyManager)config.keyConfig().keyManagers(env)[0]).getKeyManager(); + String[] aliases = keyManager.getServerAliases("RSA", null); + assertNotNull(aliases); + assertThat(aliases.length, is(1)); + assertThat(aliases[0], is("key")); + PrivateKey privateKey = keyManager.getPrivateKey("key"); + + // truncate the file + try (OutputStream os = Files.newOutputStream(keyPath, StandardOpenOption.TRUNCATE_EXISTING)) { + } + + // we intentionally don't wait here as we rely on concurrency to catch a failure + assertThat(keyManager.getServerAliases("RSA", null), equalTo(aliases)); + assertThat(keyManager.getPrivateKey("key"), is(equalTo(privateKey))); + } + + /** + * Tests the reloading of a truststore when there is an exception during reloading. An exception is caused by truncating the truststore + * that is being monitored + */ + public void testTrustStoreReloadException() throws Exception { + Path tempDir = createTempDir(); + Path trustStorePath = tempDir.resolve("testnode.jks"); + Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), trustStorePath); + Settings settings = Settings.builder() + .put("xpack.security.ssl.truststore.path", trustStorePath) + .put("xpack.security.ssl.truststore.password", "testnode") + .put("path.home", createTempDir()) + .build(); + Environment env = randomBoolean() ? null : new Environment(settings); + final Global config = new Global(settings); + final ServerSSLService serverSSLService = new ServerSSLService(settings, env, config) { + @Override + SSLContext getSSLContext(SSLConfiguration configuration) { + fail("get should not be called! [truststore reload exception]"); + return super.getSSLContext(configuration); + } + }; + final ClientSSLService clientSSLService = new ClientSSLService(settings, env, config) { + @Override + SSLContext getSSLContext(SSLConfiguration configuration) { + fail("get should not be called! [truststore reload exception]"); + return super.getSSLContext(configuration); + } + }; + final SSLConfigurationReloader reloader = + new SSLConfigurationReloader(settings, env, serverSSLService, clientSSLService, resourceWatcherService); + reloader.onSSLContextLoaded(config); + + X509ExtendedTrustManager trustManager = ((ReloadableTrustManager)config.trustConfig().trustManagers(env)[0]).getTrustManager(); + final Certificate[] certificates = trustManager.getAcceptedIssuers(); + assertContainsCertificateWithMatchingName(certificates, containsString("Test Node")); + + // truncate the truststore + try (OutputStream os = Files.newOutputStream(trustStorePath, StandardOpenOption.TRUNCATE_EXISTING)) { + } + + // we intentionally don't wait here as we rely on concurrency to catch a failure + assertThat(trustManager.getAcceptedIssuers(), equalTo(certificates)); + assertContainsCertificateWithMatchingName(trustManager.getAcceptedIssuers(), containsString("Test Node")); + } + + /** + * Tests the reloading of a trust config backed by pem files when there is an exception during reloading. An exception is caused by + * truncating the certificate file that is being monitored + */ + public void testPEMTrustReloadException() throws Exception { + Path tempDir = createTempDir(); + Path clientCertPath = tempDir.resolve("testclient.crt"); + Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath); + Settings settings = Settings.builder() + .putArray("xpack.security.ssl.ca", clientCertPath.toString()) + .put("path.home", createTempDir()) + .build(); + Environment env = randomBoolean() ? null : new Environment(settings); + final Global config = new Global(settings); + final ServerSSLService serverSSLService = new ServerSSLService(settings, env, config) { + @Override + SSLContext getSSLContext(SSLConfiguration configuration) { + fail("get should not be called! [pem trust reload exception]"); + return super.getSSLContext(configuration); + } + }; + final ClientSSLService clientSSLService = new ClientSSLService(settings, env, config) { + @Override + SSLContext getSSLContext(SSLConfiguration configuration) { + fail("get should not be called! [pem trust reload exception]"); + return super.getSSLContext(configuration); + } + }; + final SSLConfigurationReloader reloader = + new SSLConfigurationReloader(settings, env, serverSSLService, clientSSLService, resourceWatcherService); + reloader.onSSLContextLoaded(config); + + X509ExtendedTrustManager trustManager = ((ReloadableTrustManager)config.trustConfig().trustManagers(env)[0]).getTrustManager(); + final Certificate[] certificates = trustManager.getAcceptedIssuers(); + assertContainsCertificateWithMatchingName(certificates, containsString("Test Client")); + + // write bad file + Path updatedCert = tempDir.resolve("updated.crt"); + try (OutputStream os = Files.newOutputStream(updatedCert)) { + os.write(randomByte()); + } + atomicMoveIfPossible(updatedCert, clientCertPath); + + // we intentionally don't wait here as we rely on concurrency to catch a failure + assertThat(trustManager.getAcceptedIssuers(), equalTo(certificates)); + assertContainsCertificateWithMatchingName(trustManager.getAcceptedIssuers(), containsString("Test Client")); + } + + /** + * Validates the trust configuration aspect of the SSLConfiguration is reloaded + */ + private void validateTrustConfigurationIsReloaded(Settings settings, Environment env, + BiFunction trustManagerPreChecks, + Runnable modificationFunction, + BiFunction trustManagerPostChecks) + throws Exception { + validateSSLConfigurationIsReloaded(settings, env, false, true, null, trustManagerPreChecks, modificationFunction, null, + trustManagerPostChecks); + } + + /** + * Validates the trust configuration aspect of the SSLConfiguration is reloaded + */ + private void validateKeyConfigurationIsReloaded(Settings settings, Environment env, + BiFunction keyManagerPreChecks, + Runnable modificationFunction, + BiFunction keyManagerPostChecks) + throws Exception { + validateSSLConfigurationIsReloaded(settings, env, true, false, keyManagerPreChecks, null, modificationFunction, + keyManagerPostChecks, null); + } + + /** + * Validates that both the key and trust configuration aspects of the SSLConfiguration are reloaded + */ + private void validateSSLConfigurationIsReloaded(Settings settings, Environment env, + BiFunction keyManagerPreChecks, + BiFunction trustManagerPreChecks, + Runnable modificationFunction, + BiFunction keyManagerPostChecks, + BiFunction trustManagerPostChecks) + throws Exception { + validateSSLConfigurationIsReloaded(settings, env, true, true, keyManagerPreChecks, trustManagerPreChecks, modificationFunction, + keyManagerPostChecks, trustManagerPostChecks); + } + + private void validateSSLConfigurationIsReloaded(Settings settings, Environment env, boolean checkKeys, boolean checkTrust, + BiFunction keyManagerPreChecks, + BiFunction trustManagerPreChecks, + Runnable modificationFunction, + BiFunction keyManagerPostChecks, + BiFunction trustManagerPostChecks) + throws Exception { + + final AtomicInteger serverCounter = new AtomicInteger(0); + final AtomicInteger clientCounter = new AtomicInteger(0); + final Global config = new Global(settings); + final ServerSSLService serverSSLService = new ServerSSLService(settings, env, config) { + @Override + SSLContext getSSLContext(SSLConfiguration sslConfiguration) { + serverCounter.incrementAndGet(); + return super.getSSLContext(sslConfiguration); + } + }; + final ClientSSLService clientSSLService = new ClientSSLService(settings, env, config) { + @Override + SSLContext getSSLContext(SSLConfiguration sslConfiguration) { + clientCounter.incrementAndGet(); + return super.getSSLContext(sslConfiguration); + } + }; + + final SSLConfigurationReloader reloader = + new SSLConfigurationReloader(settings, env, serverSSLService, clientSSLService, resourceWatcherService); + + final X509ExtendedKeyManager keyManager; + final X509ExtendedKeyManager[] originalKeyManagers; + if (checkKeys) { + originalKeyManagers = config.keyConfig().keyManagers(env); + assertThat(originalKeyManagers.length, is(1)); + keyManager = ((ReloadableX509KeyManager) originalKeyManagers[0]).getKeyManager(); + } else { + originalKeyManagers = null; + keyManager = null; + } + + final X509ExtendedTrustManager[] originalTrustManagers; + final X509ExtendedTrustManager trustManager; + if (checkTrust) { + originalTrustManagers = config.trustConfig().trustManagers(env); + assertThat(originalTrustManagers.length, is(1)); + trustManager = ((ReloadableTrustManager) originalTrustManagers[0]).getTrustManager(); + } else { + originalTrustManagers = null; + trustManager = null; + } + + // register configuration with reloader + reloader.onSSLContextLoaded(config); + + // key manager checks + if (checkKeys) { + assertKeyManagersSame(keyManager, config.keyConfig().keyManagers(env)); + keyManagerPreChecks.apply(keyManager, config); + } + + // trust manager checks + if (checkTrust) { + assertTrustManagersSame(trustManager, config.trustConfig().trustManagers(env)); + trustManagerPreChecks.apply(trustManager, config); + } + + assertEquals(0, clientSSLService.getLoadedSSLConfigurations().size()); + assertEquals(0, serverSSLService.getLoadedSSLConfigurations().size()); + assertEquals("nothing should have called get", 0, clientCounter.get()); + assertEquals("nothing should have called get", 0, serverCounter.get()); + + // modify + modificationFunction.run(); + assertTrue(awaitBusy(() -> clientCounter.get() > 0 && serverCounter.get() > 0)); + + // check key manager + if (checkKeys) { + final X509ExtendedKeyManager[] updatedKeyManagers = config.keyConfig().keyManagers(env); + assertThat(updatedKeyManagers, sameInstance(originalKeyManagers)); + final X509ExtendedKeyManager updatedKeyManager = ((ReloadableX509KeyManager) updatedKeyManagers[0]).getKeyManager(); + keyManagerPostChecks.apply(updatedKeyManager, config); + } + + // check trust manager + if (checkTrust) { + final X509ExtendedTrustManager[] updatedTrustManagers = config.trustConfig().trustManagers(env); + assertThat(updatedTrustManagers, sameInstance(originalTrustManagers)); + final X509ExtendedTrustManager updatedTrustManager = ((ReloadableTrustManager) updatedTrustManagers[0]).getTrustManager(); + assertThat(updatedTrustManager, not(sameInstance(trustManager))); + trustManagerPostChecks.apply(updatedTrustManager, config); + } + } + + private void assertContainsCertificateWithMatchingName(Certificate[] certificates, Matcher matcher) { + for (Certificate certificate : certificates) { + if (certificate instanceof X509Certificate) { + if (matcher.matches(((X509Certificate) certificate).getSubjectX500Principal().getName())) { + return; + } + } + } + fail("no matching certificate could be found"); + } + + private void assertKeyManagersSame(X509ExtendedKeyManager original, X509ExtendedKeyManager[] other) { + assertEquals(1, other.length); + assertThat(other[0], instanceOf(ReloadableX509KeyManager.class)); + X509ExtendedKeyManager otherKeyManager = ((ReloadableX509KeyManager) other[0]).getKeyManager(); + assertThat(otherKeyManager, sameInstance(original)); + } + + private void assertTrustManagersSame(X509ExtendedTrustManager original, X509ExtendedTrustManager[] other) { + assertEquals(1, other.length); + assertThat(other[0], instanceOf(ReloadableTrustManager.class)); + X509ExtendedTrustManager otherTrustManager = ((ReloadableTrustManager) other[0]).getTrustManager(); + assertThat(otherTrustManager, sameInstance(original)); + } + + private static void atomicMoveIfPossible(Path source, Path target) throws IOException { + try { + Files.move(source, target, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); + } catch (AtomicMoveNotSupportedException e) { + Files.move(source, target, StandardCopyOption.REPLACE_EXISTING); + } + } +} diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationTests.java index cc5cc32cdf8..5f417c0a5b2 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/SSLConfigurationTests.java @@ -5,45 +5,18 @@ */ package org.elasticsearch.xpack.security.ssl; -import org.bouncycastle.openssl.jcajce.JcaPEMWriter; -import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder; -import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.env.Environment; import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Custom; import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global; -import org.elasticsearch.xpack.security.ssl.TrustConfig.Reloadable.Listener; import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.threadpool.TestThreadPool; -import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.watcher.ResourceWatcherService; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.TrustManager; -import javax.net.ssl.X509ExtendedKeyManager; -import javax.net.ssl.X509ExtendedTrustManager; - -import java.io.IOException; -import java.io.OutputStream; -import java.io.OutputStreamWriter; -import java.nio.charset.StandardCharsets; -import java.nio.file.AtomicMoveNotSupportedException; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.StandardCopyOption; -import java.nio.file.attribute.BasicFileAttributes; -import java.security.KeyPair; -import java.security.KeyStore; -import java.security.PrivateKey; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; import java.util.Arrays; -import java.util.concurrent.CountDownLatch; -import java.util.concurrent.atomic.AtomicReference; -import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.instanceOf; import static org.hamcrest.Matchers.is; @@ -273,10 +246,10 @@ public class SSLConfigurationTests extends ESTestCase { SSLConfiguration config = new Global(settings); assertThat(config.keyConfig(), instanceOf(PEMKeyConfig.class)); PEMKeyConfig keyConfig = (PEMKeyConfig) config.keyConfig(); - KeyManager[] keyManagers = keyConfig.keyManagers(env, null, null); + KeyManager[] keyManagers = keyConfig.keyManagers(env); assertThat(keyManagers.length, is(1)); assertThat(config.trustConfig(), sameInstance(keyConfig)); - TrustManager[] trustManagers = keyConfig.trustManagers(env, null, null); + TrustManager[] trustManagers = keyConfig.trustManagers(env); assertThat(trustManagers.length, is(1)); } @@ -296,464 +269,11 @@ public class SSLConfigurationTests extends ESTestCase { SSLConfiguration config = new Global(settings); assertThat(config.keyConfig(), instanceOf(PEMKeyConfig.class)); PEMKeyConfig keyConfig = (PEMKeyConfig) config.keyConfig(); - KeyManager[] keyManagers = keyConfig.keyManagers(env, null, null); + KeyManager[] keyManagers = keyConfig.keyManagers(env); assertThat(keyManagers.length, is(1)); assertThat(config.trustConfig(), not(sameInstance(keyConfig))); assertThat(config.trustConfig(), instanceOf(PEMTrustConfig.class)); - TrustManager[] trustManagers = keyConfig.trustManagers(env, null, null); + TrustManager[] trustManagers = keyConfig.trustManagers(env); assertThat(trustManagers.length, is(1)); } - - public void testReloadingKeyStore() throws Exception { - Environment env = randomBoolean() ? null : - new Environment(Settings.builder().put("path.home", createTempDir()).build()); - Path tempDir = createTempDir(); - Path keystorePath = tempDir.resolve("testnode.jks"); - Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), keystorePath); - Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", keystorePath) - .put("xpack.security.ssl.keystore.password", "testnode") - .put(Global.INCLUDE_JDK_CERTS_SETTING.getKey(), randomBoolean()) - .build(); - - SSLConfiguration config = new Global(settings); - assertThat(config.keyConfig(), instanceOf(StoreKeyConfig.class)); - StoreKeyConfig keyConfig = (StoreKeyConfig) config.keyConfig(); - - CountDownLatch latch = new CountDownLatch(2); - AtomicReference exceptionRef = new AtomicReference<>(); - Listener listener = createRefreshListener(latch, exceptionRef); - - ThreadPool threadPool = new TestThreadPool("reload"); - try { - ResourceWatcherService resourceWatcherService = - new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool); - resourceWatcherService.start(); - KeyManager[] keyManagers = keyConfig.keyManagers(env, resourceWatcherService, listener); - assertThat(keyManagers.length, is(1)); - assertThat(keyManagers[0], instanceOf(X509ExtendedKeyManager.class)); - X509ExtendedKeyManager keyManager = (X509ExtendedKeyManager) keyManagers[0]; - String[] aliases = keyManager.getServerAliases("RSA", null); - assertNotNull(aliases); - assertThat(aliases.length, is(1)); - assertThat(aliases[0], is("testnode")); - TrustManager[] trustManagers = keyConfig.trustManagers(env, resourceWatcherService, listener); - assertThat(trustManagers.length, is(1)); - assertThat(trustManagers[0], instanceOf(X509ExtendedTrustManager.class)); - X509ExtendedTrustManager trustManager = (X509ExtendedTrustManager) trustManagers[0]; - Certificate[] certificates = trustManager.getAcceptedIssuers(); - final int trustedCount = certificates.length; - assertThat(latch.getCount(), is(2L)); - - KeyStore keyStore = KeyStore.getInstance("jks"); - keyStore.load(null, null); - Path updated = tempDir.resolve("updated.jks"); - try (OutputStream out = Files.newOutputStream(updated)) { - keyStore.store(out, "testnode".toCharArray()); - } - atomicMoveIfPossible(updated, keystorePath); - latch.await(); - assertThat(exceptionRef.get(), is(nullValue())); - aliases = keyManager.getServerAliases("RSA", null); - assertThat(aliases, is(nullValue())); - certificates = trustManager.getAcceptedIssuers(); - assertThat(trustedCount - certificates.length, is(5)); - } finally { - threadPool.shutdown(); - } - } - - public void testReloadingPEMKeyConfig() throws Exception { - Environment env = randomBoolean() ? null : - new Environment(Settings.builder().put("path.home", createTempDir()).build()); - Path tempDir = createTempDir(); - Path keyPath = tempDir.resolve("testnode.pem"); - Path certPath = tempDir.resolve("testnode.crt"); - Path clientCertPath = tempDir.resolve("testclient.crt"); - Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem"), keyPath); - Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), certPath); - Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath); - Settings settings = Settings.builder() - .put("xpack.security.ssl.key.path", keyPath) - .put("xpack.security.ssl.key.password", "testnode") - .put("xpack.security.ssl.cert", certPath) - .putArray("xpack.security.ssl.ca", certPath.toString(), clientCertPath.toString()) - .put(Global.INCLUDE_JDK_CERTS_SETTING.getKey(), randomBoolean()) - .build(); - SSLConfiguration config = new Global(settings); - assertThat(config.keyConfig(), instanceOf(PEMKeyConfig.class)); - PEMKeyConfig keyConfig = (PEMKeyConfig) config.keyConfig(); - - CountDownLatch latch = new CountDownLatch(2); - AtomicReference exceptionRef = new AtomicReference<>(); - Listener listener = createRefreshListener(latch, exceptionRef); - - ThreadPool threadPool = new TestThreadPool("reload pem"); - try { - ResourceWatcherService resourceWatcherService = - new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool); - resourceWatcherService.start(); - KeyManager[] keyManagers = keyConfig.keyManagers(env, resourceWatcherService, listener); - assertThat(keyManagers.length, is(1)); - assertThat(keyManagers[0], instanceOf(X509ExtendedKeyManager.class)); - X509ExtendedKeyManager keyManager = (X509ExtendedKeyManager) keyManagers[0]; - String[] aliases = keyManager.getServerAliases("RSA", null); - assertThat(aliases, is(notNullValue())); - assertThat(aliases.length, is(1)); - assertThat(aliases[0], is("key")); - PrivateKey privateKey = keyManager.getPrivateKey(aliases[0]); - TrustManager[] trustManagers = keyConfig.trustManagers(env, resourceWatcherService, listener); - assertThat(trustManagers.length, is(1)); - assertThat(trustManagers[0], instanceOf(X509ExtendedTrustManager.class)); - X509ExtendedTrustManager trustManager = (X509ExtendedTrustManager) trustManagers[0]; - Certificate[] certificates = trustManager.getAcceptedIssuers(); - final int trustedCount = certificates.length; - assertThat(latch.getCount(), is(2L)); - - // make sure we wait enough to see a change. if time is within a second the file may not be seen as modified since the size is - // the same! - awaitBusy(() -> { - try { - BasicFileAttributes attributes = Files.readAttributes(keyPath, BasicFileAttributes.class); - return System.currentTimeMillis() - attributes.lastModifiedTime().toMillis() >= 1000L; - } catch (IOException e) { - throw new ElasticsearchException("io exception while checking time", e); - } - }); - Path updatedKeyPath = tempDir.resolve("updated.pem"); - KeyPair keyPair = CertUtils.generateKeyPair(randomFrom(1024, 2048)); - try (OutputStream os = Files.newOutputStream(updatedKeyPath); - OutputStreamWriter osWriter = new OutputStreamWriter(os, StandardCharsets.UTF_8); - JcaPEMWriter writer = new JcaPEMWriter(osWriter)) { - writer.writeObject(keyPair, - new JcePEMEncryptorBuilder("DES-EDE3-CBC").setProvider(CertUtils.BC_PROV).build("testnode".toCharArray())); - } - atomicMoveIfPossible(updatedKeyPath, keyPath); - - latch.await(); - assertThat(exceptionRef.get(), is(nullValue())); - aliases = keyManager.getServerAliases("RSA", null); - assertThat(aliases, is(notNullValue())); - assertThat(aliases.length, is(1)); - assertThat(aliases[0], is("key")); - assertThat(keyManager.getPrivateKey(aliases[0]), not(equalTo(privateKey))); - assertThat(keyManager.getPrivateKey(aliases[0]), is(equalTo(keyPair.getPrivate()))); - certificates = trustManager.getAcceptedIssuers(); - assertThat(trustedCount - certificates.length, is(0)); - } finally { - threadPool.shutdown(); - } - } - - public void testReloadingTrustStore() throws Exception { - Environment env = randomBoolean() ? null : - new Environment(Settings.builder().put("path.home", createTempDir()).build()); - Path tempDir = createTempDir(); - Path trustStorePath = tempDir.resolve("testnode.jks"); - Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), trustStorePath); - Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", trustStorePath) - .put("xpack.security.ssl.truststore.password", "testnode") - .put(Global.INCLUDE_JDK_CERTS_SETTING.getKey(), randomBoolean()) - .build(); - - SSLConfiguration config = new Global(settings); - assertThat(config.trustConfig(), instanceOf(StoreTrustConfig.class)); - StoreTrustConfig trustConfig = (StoreTrustConfig) config.trustConfig(); - - CountDownLatch latch = new CountDownLatch(1); - AtomicReference exceptionRef = new AtomicReference<>(); - Listener listener = createRefreshListener(latch, exceptionRef); - - ThreadPool threadPool = new TestThreadPool("reload"); - try { - ResourceWatcherService resourceWatcherService = - new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool); - resourceWatcherService.start(); - TrustManager[] trustManagers = trustConfig.trustManagers(env, resourceWatcherService, listener); - assertThat(trustManagers.length, is(1)); - assertThat(trustManagers[0], instanceOf(X509ExtendedTrustManager.class)); - X509ExtendedTrustManager trustManager = (X509ExtendedTrustManager) trustManagers[0]; - Certificate[] certificates = trustManager.getAcceptedIssuers(); - final int trustedCount = certificates.length; - - assertThat(latch.getCount(), is(1L)); - - Path updatedTruststore = tempDir.resolve("updated.jks"); - KeyStore keyStore = KeyStore.getInstance("jks"); - keyStore.load(null, null); - try (OutputStream out = Files.newOutputStream(updatedTruststore)) { - keyStore.store(out, "testnode".toCharArray()); - } - atomicMoveIfPossible(updatedTruststore, trustStorePath); - latch.await(); - assertThat(exceptionRef.get(), is(nullValue())); - certificates = trustManager.getAcceptedIssuers(); - assertThat(trustedCount - certificates.length, is(5)); - } finally { - threadPool.shutdown(); - } - } - - public void testReloadingPEMTrustConfig() throws Exception { - Environment env = randomBoolean() ? null : - new Environment(Settings.builder().put("path.home", createTempDir()).build()); - Path tempDir = createTempDir(); - Path clientCertPath = tempDir.resolve("testclient.crt"); - Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath); - Settings settings = Settings.builder() - .putArray("xpack.security.ssl.ca", clientCertPath.toString()) - .put(Global.INCLUDE_JDK_CERTS_SETTING.getKey(), false) - .build(); - SSLConfiguration config = new Global(settings); - assertThat(config.trustConfig(), instanceOf(PEMTrustConfig.class)); - PEMTrustConfig trustConfig = (PEMTrustConfig) config.trustConfig(); - CountDownLatch latch = new CountDownLatch(1); - AtomicReference exceptionRef = new AtomicReference<>(); - Listener listener = createRefreshListener(latch, exceptionRef); - - ThreadPool threadPool = new TestThreadPool("reload"); - try { - ResourceWatcherService resourceWatcherService = - new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool); - resourceWatcherService.start(); - TrustManager[] trustManagers = trustConfig.trustManagers(env, resourceWatcherService, listener); - assertThat(trustManagers.length, is(1)); - assertThat(trustManagers[0], instanceOf(X509ExtendedTrustManager.class)); - X509ExtendedTrustManager trustManager = (X509ExtendedTrustManager) trustManagers[0]; - Certificate[] certificates = trustManager.getAcceptedIssuers(); - assertThat(certificates.length, is(1)); - assertThat(((X509Certificate)certificates[0]).getSubjectX500Principal().getName(), containsString("Test Client")); - assertThat(latch.getCount(), is(1L)); - - Path updatedCert = tempDir.resolve("updated.crt"); - Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), updatedCert, - StandardCopyOption.REPLACE_EXISTING); - atomicMoveIfPossible(updatedCert, clientCertPath); - latch.await(); - assertThat(exceptionRef.get(), is(nullValue())); - Certificate[] updatedCerts = trustManager.getAcceptedIssuers(); - assertThat(updatedCerts.length, is(1)); - assertThat(((X509Certificate)updatedCerts[0]).getSubjectX500Principal().getName(), containsString("Test Node")); - assertThat(updatedCerts[0], not(equalTo(certificates[0]))); - } finally { - threadPool.shutdown(); - } - } - - public void testReloadingKeyStoreException() throws Exception { - Environment env = randomBoolean() ? null : - new Environment(Settings.builder().put("path.home", createTempDir()).build()); - Path tempDir = createTempDir(); - Path keystorePath = tempDir.resolve("testnode.jks"); - Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), keystorePath); - Settings settings = Settings.builder() - .put("xpack.security.ssl.keystore.path", keystorePath) - .put("xpack.security.ssl.keystore.password", "testnode") - .put(Global.INCLUDE_JDK_CERTS_SETTING.getKey(), randomBoolean()) - .build(); - - SSLConfiguration config = new Global(settings); - assertThat(config.keyConfig(), instanceOf(StoreKeyConfig.class)); - StoreKeyConfig keyConfig = (StoreKeyConfig) config.keyConfig(); - - CountDownLatch latch = new CountDownLatch(1); - AtomicReference exceptionRef = new AtomicReference<>(); - Listener listener = createRefreshListener(latch, exceptionRef); - - ThreadPool threadPool = new TestThreadPool("reload"); - try { - ResourceWatcherService resourceWatcherService = - new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool); - resourceWatcherService.start(); - KeyManager[] keyManagers = keyConfig.keyManagers(env, resourceWatcherService, listener); - X509ExtendedKeyManager keyManager = (X509ExtendedKeyManager) keyManagers[0]; - String[] aliases = keyManager.getServerAliases("RSA", null); - assertNotNull(aliases); - assertThat(aliases.length, is(1)); - assertThat(aliases[0], is("testnode")); - assertThat(latch.getCount(), is(1L)); - - // truncate the keystore - try (OutputStream out = Files.newOutputStream(keystorePath)) { - } - latch.await(); - assertThat(exceptionRef.get(), notNullValue()); - assertThat(exceptionRef.get(), instanceOf(ElasticsearchException.class)); - assertThat(keyManager.getServerAliases("RSA", null), equalTo(aliases)); - } finally { - threadPool.shutdown(); - } - } - - public void testReloadingPEMKeyConfigException() throws Exception { - Environment env = randomBoolean() ? null : - new Environment(Settings.builder().put("path.home", createTempDir()).build()); - Path tempDir = createTempDir(); - Path keyPath = tempDir.resolve("testnode.pem"); - Path certPath = tempDir.resolve("testnode.crt"); - Path clientCertPath = tempDir.resolve("testclient.crt"); - Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem"), keyPath); - Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt"), certPath); - Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath); - Settings settings = Settings.builder() - .put("xpack.security.ssl.key.path", keyPath) - .put("xpack.security.ssl.key.password", "testnode") - .put("xpack.security.ssl.cert", certPath) - .putArray("xpack.security.ssl.ca", certPath.toString(), clientCertPath.toString()) - .put(Global.INCLUDE_JDK_CERTS_SETTING.getKey(), randomBoolean()) - .build(); - SSLConfiguration config = new Global(settings); - assertThat(config.keyConfig(), instanceOf(PEMKeyConfig.class)); - PEMKeyConfig keyConfig = (PEMKeyConfig) config.keyConfig(); - - CountDownLatch latch = new CountDownLatch(1); - AtomicReference exceptionRef = new AtomicReference<>(); - Listener listener = createRefreshListener(latch, exceptionRef); - - ThreadPool threadPool = new TestThreadPool("reload pem"); - try { - ResourceWatcherService resourceWatcherService = - new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool); - resourceWatcherService.start(); - KeyManager[] keyManagers = keyConfig.keyManagers(env, resourceWatcherService, listener); - assertThat(keyManagers.length, is(1)); - assertThat(keyManagers[0], instanceOf(X509ExtendedKeyManager.class)); - X509ExtendedKeyManager keyManager = (X509ExtendedKeyManager) keyManagers[0]; - String[] aliases = keyManager.getServerAliases("RSA", null); - assertThat(aliases, is(notNullValue())); - assertThat(aliases.length, is(1)); - assertThat(aliases[0], is("key")); - PrivateKey privateKey = keyManager.getPrivateKey(aliases[0]); - assertThat(latch.getCount(), is(1L)); - - // pick a random file to truncate - Path toTruncate = randomFrom(keyPath, certPath); - - // truncate the file - try (OutputStream os = Files.newOutputStream(toTruncate)) { - } - - latch.await(); - assertThat(exceptionRef.get(), is(instanceOf(ElasticsearchException.class))); - assertThat(keyManager.getServerAliases("RSA", null), equalTo(aliases)); - assertThat(keyManager.getPrivateKey(aliases[0]), is(equalTo(privateKey))); - } finally { - threadPool.shutdown(); - } - } - - public void testTrustStoreReloadException() throws Exception { - Environment env = randomBoolean() ? null : - new Environment(Settings.builder().put("path.home", createTempDir()).build()); - Path tempDir = createTempDir(); - Path trustStorePath = tempDir.resolve("testnode.jks"); - Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks"), trustStorePath); - Settings settings = Settings.builder() - .put("xpack.security.ssl.truststore.path", trustStorePath) - .put("xpack.security.ssl.truststore.password", "testnode") - .put(Global.INCLUDE_JDK_CERTS_SETTING.getKey(), randomBoolean()) - .build(); - - SSLConfiguration config = new Global(settings); - assertThat(config.trustConfig(), instanceOf(StoreTrustConfig.class)); - StoreTrustConfig trustConfig = (StoreTrustConfig) config.trustConfig(); - - CountDownLatch latch = new CountDownLatch(1); - AtomicReference exceptionRef = new AtomicReference<>(); - Listener listener = createRefreshListener(latch, exceptionRef); - - ThreadPool threadPool = new TestThreadPool("reload"); - try { - ResourceWatcherService resourceWatcherService = - new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool); - resourceWatcherService.start(); - TrustManager[] trustManagers = trustConfig.trustManagers(env, resourceWatcherService, listener); - assertThat(trustManagers.length, is(1)); - assertThat(trustManagers[0], instanceOf(X509ExtendedTrustManager.class)); - X509ExtendedTrustManager trustManager = (X509ExtendedTrustManager) trustManagers[0]; - Certificate[] certificates = trustManager.getAcceptedIssuers(); - - // truncate the truststore - try (OutputStream os = Files.newOutputStream(trustStorePath)) { - } - - latch.await(); - assertThat(exceptionRef.get(), instanceOf(ElasticsearchException.class)); - assertThat(trustManager.getAcceptedIssuers(), equalTo(certificates)); - } finally { - threadPool.shutdown(); - } - } - - public void testPEMTrustReloadException() throws Exception { - Environment env = randomBoolean() ? null : - new Environment(Settings.builder().put("path.home", createTempDir()).build()); - Path tempDir = createTempDir(); - Path clientCertPath = tempDir.resolve("testclient.crt"); - Files.copy(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.crt"), clientCertPath); - Settings settings = Settings.builder() - .putArray("xpack.security.ssl.ca", clientCertPath.toString()) - .put(Global.INCLUDE_JDK_CERTS_SETTING.getKey(), false) - .build(); - SSLConfiguration config = new Global(settings); - assertThat(config.trustConfig(), instanceOf(PEMTrustConfig.class)); - PEMTrustConfig trustConfig = (PEMTrustConfig) config.trustConfig(); - CountDownLatch latch = new CountDownLatch(1); - AtomicReference exceptionRef = new AtomicReference<>(); - Listener listener = createRefreshListener(latch, exceptionRef); - - ThreadPool threadPool = new TestThreadPool("reload"); - try { - ResourceWatcherService resourceWatcherService = - new ResourceWatcherService(Settings.builder().put("resource.reload.interval.high", "1s").build(), threadPool); - resourceWatcherService.start(); - TrustManager[] trustManagers = trustConfig.trustManagers(env, resourceWatcherService, listener); - assertThat(trustManagers.length, is(1)); - assertThat(trustManagers[0], instanceOf(X509ExtendedTrustManager.class)); - X509ExtendedTrustManager trustManager = (X509ExtendedTrustManager) trustManagers[0]; - Certificate[] certificates = trustManager.getAcceptedIssuers(); - assertThat(certificates.length, is(1)); - assertThat(((X509Certificate) certificates[0]).getSubjectX500Principal().getName(), containsString("Test Client")); - assertThat(latch.getCount(), is(1L)); - - // write bad file - Path updatedCert = tempDir.resolve("updated.crt"); - try (OutputStream os = Files.newOutputStream(updatedCert)) { - os.write(randomByte()); - } - atomicMoveIfPossible(updatedCert, clientCertPath); - - latch.await(); - assertThat(exceptionRef.get(), instanceOf(ElasticsearchException.class)); - assertThat(trustManager.getAcceptedIssuers(), equalTo(certificates)); - } finally { - threadPool.shutdown(); - } - } - - private Listener createRefreshListener(CountDownLatch latch, AtomicReference exceptionRef) { - return new Listener() { - @Override - public void onReload() { - logger.info("refresh called"); - latch.countDown(); - } - - @Override - public void onFailure(Exception e) { - logger.error("exception " + e); - exceptionRef.set(e); - latch.countDown(); - } - }; - } - - private void atomicMoveIfPossible(Path source, Path target) throws IOException { - try { - Files.move(source, target, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); - } catch (AtomicMoveNotSupportedException e) { - Files.move(source, target, StandardCopyOption.REPLACE_EXISTING); - } - } } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ServerSSLServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ServerSSLServiceTests.java index 6d633279f52..d179604291f 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ServerSSLServiceTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/ssl/ServerSSLServiceTests.java @@ -53,7 +53,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.truststore.password", "testnode") .build(); try { - new ServerSSLService(settings, env, new Global(settings), null).createSSLEngine(); + new ServerSSLService(settings, env, new Global(settings)).createSSLEngine(); fail("expected an exception"); } catch (ElasticsearchException e) { assertThat(e.getMessage(), containsString("failed to initialize the SSLContext")); @@ -67,7 +67,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.keystore.path", testnodeStore) .put("xpack.security.ssl.keystore.password", "testnode") .build(); - ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings), null); + ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings)); Settings.Builder settingsBuilder = Settings.builder() .put("truststore.path", testClientStore) @@ -85,7 +85,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.keystore.path", testnodeStore) .put("xpack.security.ssl.keystore.password", "testnode") .build(); - ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings), null); + ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings)); SSLContext sslContext = sslService.sslContext(); SSLContext cachedSslContext = sslService.sslContext(); @@ -101,7 +101,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.keystore.password", "testnode") .put("xpack.security.ssl.keystore.key_password", "testnode1") .build(); - new ServerSSLService(settings, env, new Global(settings), null).createSSLEngine(); + new ServerSSLService(settings, env, new Global(settings)).createSSLEngine(); } public void testIncorrectKeyPasswordThrowsException() throws Exception { @@ -112,7 +112,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.keystore.path", differentPasswordsStore) .put("xpack.security.ssl.keystore.password", "testnode") .build(); - new ServerSSLService(settings, env, new Global(settings), null).createSSLEngine(); + new ServerSSLService(settings, env, new Global(settings)).createSSLEngine(); fail("expected an exception"); } catch (ElasticsearchException e) { assertThat(e.getMessage(), containsString("failed to initialize a KeyManagerFactory")); @@ -124,7 +124,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.keystore.path", testnodeStore) .put("xpack.security.ssl.keystore.password", "testnode") .build(); - ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings), null); + ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings)); SSLEngine engine = sslService.createSSLEngine(); assertThat(Arrays.asList(engine.getEnabledProtocols()), not(hasItem("SSLv3"))); } @@ -134,7 +134,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.keystore.path", testnodeStore) .put("xpack.security.ssl.keystore.password", "testnode") .build(); - ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings), null); + ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings)); SSLSessionContext context = sslService.sslContext().getServerSessionContext(); assertThat(context.getSessionCacheSize(), equalTo(1000)); assertThat(context.getSessionTimeout(), equalTo((int) TimeValue.timeValueHours(24).seconds())); @@ -147,14 +147,14 @@ public class ServerSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.session.cache_size", "300") .put("xpack.security.ssl.session.cache_timeout", "600s") .build(); - ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings), null); + ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings)); SSLSessionContext context = sslService.sslContext().getServerSessionContext(); assertThat(context.getSessionCacheSize(), equalTo(300)); assertThat(context.getSessionTimeout(), equalTo(600)); } public void testThatCreateSSLEngineWithoutAnySettingsDoesNotWork() throws Exception { - ServerSSLService sslService = new ServerSSLService(Settings.EMPTY, env, new Global(Settings.EMPTY), null); + ServerSSLService sslService = new ServerSSLService(Settings.EMPTY, env, new Global(Settings.EMPTY)); try { sslService.createSSLEngine(); fail("Expected IllegalArgumentException"); @@ -168,7 +168,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.truststore.path", testnodeStore) .put("xpack.security.ssl.truststore.password", "testnode") .build(); - ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings), null); + ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings)); try { sslService.createSSLEngine(); fail("Expected IllegalArgumentException"); @@ -183,7 +183,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.keystore.password", "testnode") .put("xpack.security.ssl.truststore.path", testnodeStore) .build(); - ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings), null); + ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings)); try { sslService.sslContext(); fail("Expected IllegalArgumentException"); @@ -196,7 +196,7 @@ public class ServerSSLServiceTests extends ESTestCase { Settings settings = Settings.builder() .put("xpack.security.ssl.keystore.path", testnodeStore) .build(); - ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings), null); + ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings)); try { sslService.sslContext(); fail("Expected IllegalArgumentException"); @@ -214,7 +214,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.keystore.password", "testnode") .putArray("xpack.security.ssl.ciphers", ciphers.toArray(new String[ciphers.size()])) .build(); - ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings), null); + ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings)); SSLEngine engine = sslService.createSSLEngine(); assertThat(engine, is(notNullValue())); String[] enabledCiphers = engine.getEnabledCipherSuites(); @@ -227,7 +227,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.keystore.password", "testnode") .putArray("xpack.security.ssl.ciphers", new String[] { "foo", "bar" }) .build(); - ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings), null); + ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings)); try { sslService.createSSLEngine(); fail("Expected IllegalArgumentException"); @@ -241,7 +241,7 @@ public class ServerSSLServiceTests extends ESTestCase { .put("xpack.security.ssl.keystore.path", testnodeStore) .put("xpack.security.ssl.keystore.password", "testnode") .build(); - ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings), null); + ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings)); SSLSocketFactory factory = sslService.sslSocketFactory(Settings.EMPTY); final String[] ciphers = sslService.supportedCiphers(factory.getSupportedCipherSuites(), sslService.ciphers(), false); assertThat(factory.getDefaultCipherSuites(), is(ciphers)); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/HandshakeWaitingHandlerTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/HandshakeWaitingHandlerTests.java index 7f40fff068d..8eed8b303b0 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/HandshakeWaitingHandlerTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/HandshakeWaitingHandlerTests.java @@ -76,7 +76,7 @@ public class HandshakeWaitingHandlerTests extends ESTestCase { .put("xpack.security.ssl.keystore.password", "testnode") .build(); Environment env = new Environment(Settings.builder().put("path.home", createTempDir()).build()); - ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings), null); + ServerSSLService sslService = new ServerSSLService(settings, env, new Global(settings)); sslContext = sslService.sslContext(); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransportTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransportTests.java index 235ad157c7d..e81725bb5ec 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransportTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransportTests.java @@ -43,7 +43,7 @@ public class SecurityNetty3HttpServerTransportTests extends ESTestCase { .put("xpack.security.ssl.keystore.password", "testnode") .build(); Environment env = new Environment(Settings.builder().put("path.home", createTempDir()).build()); - serverSSLService = new ServerSSLService(settings, env, new Global(settings), null); + serverSSLService = new ServerSSLService(settings, env, new Global(settings)); } public void testDefaultClientAuth() throws Exception { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3TransportTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3TransportTests.java index ad55149de6f..22a4b86da80 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3TransportTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3TransportTests.java @@ -43,8 +43,8 @@ public class SecurityNetty3TransportTests extends ESTestCase { .build(); Environment env = new Environment(Settings.builder().put("path.home", createTempDir()).build()); Global globalSSLConfiguration = new Global(settings); - serverSSLService = new ServerSSLService(settings, env, globalSSLConfiguration, null); - clientSSLService = new ClientSSLService(settings, env, globalSSLConfiguration, null); + serverSSLService = new ServerSSLService(settings, env, globalSSLConfiguration); + clientSSLService = new ClientSSLService(settings, env, globalSSLConfiguration); } public void testThatSSLCanBeDisabledByProfile() throws Exception { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java index 5c5a42c36a6..fee11261e0e 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java @@ -74,7 +74,7 @@ public class SslClientAuthTests extends SecurityIntegTestCase { Settings settings = Settings.builder() .put(getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks", "testclient")) .build(); - ClientSSLService sslService = new ClientSSLService(settings, null, new Global(settings), null); + ClientSSLService sslService = new ClientSSLService(settings, null, new Global(settings)); SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sslService.sslContext(), NoopHostnameVerifier.INSTANCE); try (RestClient restClient = createRestClient(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy), "https")) { Response response = restClient.performRequest("GET", "/", diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslIntegrationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslIntegrationTests.java index 1fb2bd8f71a..817a44e0b9d 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslIntegrationTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslIntegrationTests.java @@ -99,7 +99,7 @@ public class SslIntegrationTests extends SecurityIntegTestCase { Settings settings = Settings.builder() .put(getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testclient.jks", "testclient")) .build(); - ClientSSLService service = new ClientSSLService(settings, null, new Global(settings), null); + ClientSSLService service = new ClientSSLService(settings, null, new Global(settings)); CredentialsProvider provider = new BasicCredentialsProvider(); provider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(nodeClientUsername(), From 240a052cbf2530a2850edf916fbe94ea00e458d9 Mon Sep 17 00:00:00 2001 From: Nik Everett Date: Fri, 29 Jul 2016 13:43:02 -0400 Subject: [PATCH 11/15] Stop using isCreated and isFound These are going away in core and being replaced by `getOperation`. Original commit: elastic/x-pack-elasticsearch@d02e7453181d31daceed284dbb8b395cd9c148fb --- .../security/authc/esnative/NativeUsersStore.java | 15 +++++++++------ .../security/authz/store/NativeRolesStore.java | 10 ++++++---- .../integration/BulkUpdateTests.java | 13 ++++++------- .../integration/ClearRolesCacheTests.java | 5 +++-- .../integration/DateMathExpressionIntegTests.java | 5 +++-- .../integration/KibanaUserRoleIntegTests.java | 5 +++-- .../MultipleIndicesPermissionsTests.java | 9 +++++---- .../ldap/AbstractAdLdapRealmTestCase.java | 4 +++- .../org/elasticsearch/license/LicensingTests.java | 5 +++-- .../authc/pki/PkiAuthenticationTests.java | 3 ++- .../xpack/watcher/WatcherService.java | 5 ++--- .../actions/index/ExecutableIndexAction.java | 4 +++- .../delete/TransportDeleteWatchAction.java | 5 +++-- .../actions/put/TransportPutWatchAction.java | 4 +++- .../xpack/watcher/WatcherServiceTests.java | 7 ++++--- .../actions/TimeThrottleIntegrationTests.java | 3 ++- .../watcher/test/integration/WatchAckTests.java | 7 ++++--- 17 files changed, 64 insertions(+), 45 deletions(-) diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java index 1134d0d10a8..2e162d26308 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java @@ -13,6 +13,7 @@ import com.carrotsearch.hppc.cursors.ObjectCursor; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.action.ActionListener; +import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.LatchedActionListener; import org.elasticsearch.action.delete.DeleteRequest; import org.elasticsearch.action.delete.DeleteResponse; @@ -325,7 +326,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL .execute(new ActionListener() { @Override public void onResponse(UpdateResponse updateResponse) { - assert updateResponse.isCreated() == false; + assert updateResponse.getOperation() == DocWriteResponse.Operation.INDEX; clearRealmCache(request.username(), listener, null); } @@ -401,7 +402,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL .execute(new ActionListener() { @Override public void onResponse(UpdateResponse updateResponse) { - assert updateResponse.isCreated() == false; + assert updateResponse.getOperation() == DocWriteResponse.Operation.INDEX; clearRealmCache(putUserRequest.username(), listener, false); } @@ -442,12 +443,13 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL @Override public void onResponse(IndexResponse indexResponse) { // if the document was just created, then we don't need to clear cache - if (indexResponse.isCreated()) { - listener.onResponse(indexResponse.isCreated()); + boolean created = indexResponse.getOperation() == DocWriteResponse.Operation.CREATE; + if (created) { + listener.onResponse(true); return; } - clearRealmCache(putUserRequest.username(), listener, indexResponse.isCreated()); + clearRealmCache(putUserRequest.username(), listener, created); } @Override @@ -471,7 +473,8 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL client.delete(request, new ActionListener() { @Override public void onResponse(DeleteResponse deleteResponse) { - clearRealmCache(deleteUserRequest.username(), listener, deleteResponse.isFound()); + clearRealmCache(deleteUserRequest.username(), listener, + deleteResponse.getOperation() == DocWriteResponse.Operation.DELETE); } @Override diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java index 6324b4d8e5a..0bc1181374d 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java @@ -22,6 +22,7 @@ import java.util.function.Function; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; +import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.LatchedActionListener; import org.elasticsearch.action.delete.DeleteRequest; import org.elasticsearch.action.delete.DeleteResponse; @@ -273,7 +274,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C client.delete(request, new ActionListener() { @Override public void onResponse(DeleteResponse deleteResponse) { - clearRoleCache(deleteRoleRequest.name(), listener, deleteResponse.isFound()); + clearRoleCache(deleteRoleRequest.name(), listener, deleteResponse.getOperation() == DocWriteResponse.Operation.DELETE); } @Override @@ -303,11 +304,12 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C .execute(new ActionListener() { @Override public void onResponse(IndexResponse indexResponse) { - if (indexResponse.isCreated()) { - listener.onResponse(indexResponse.isCreated()); + boolean created = indexResponse.getOperation() == DocWriteResponse.Operation.CREATE; + if (created) { + listener.onResponse(true); return; } - clearRoleCache(role.getName(), listener, indexResponse.isCreated()); + clearRoleCache(role.getName(), listener, created); } @Override diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java index 201850afa2c..f0a6f4f4016 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java @@ -10,9 +10,9 @@ import org.apache.http.entity.ContentType; import org.apache.http.entity.StringEntity; import org.apache.http.message.BasicHeader; import org.apache.http.util.EntityUtils; +import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.bulk.BulkResponse; import org.elasticsearch.action.get.GetResponse; -import org.elasticsearch.action.update.UpdateResponse; import org.elasticsearch.client.Response; import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.Settings; @@ -28,7 +28,6 @@ import java.util.Collections; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; -import static org.hamcrest.Matchers.is; public class BulkUpdateTests extends SecurityIntegTestCase { @@ -42,7 +41,8 @@ public class BulkUpdateTests extends SecurityIntegTestCase { } public void testThatBulkUpdateDoesNotLoseFields() { - assertThat(client().prepareIndex("index1", "type").setSource("{\"test\": \"test\"}").setId("1").get().isCreated(), is(true)); + assertEquals(DocWriteResponse.Operation.CREATE, + client().prepareIndex("index1", "type").setSource("{\"test\": \"test\"}").setId("1").get().getOperation()); GetResponse getResponse = internalCluster().transportClient().prepareGet("index1", "type", "1").setFields("test").get(); assertThat(getResponse.getField("test").getValue(), equalTo("test")); @@ -51,9 +51,8 @@ public class BulkUpdateTests extends SecurityIntegTestCase { } // update with a new field - boolean created = internalCluster().transportClient().prepareUpdate("index1", "type", "1").setDoc("{\"not test\": \"not test\"}") - .get().isCreated(); - assertThat(created, is(false)); + assertEquals(DocWriteResponse.Operation.INDEX, internalCluster().transportClient().prepareUpdate("index1", "type", "1") + .setDoc("{\"not test\": \"not test\"}").get().getOperation()); getResponse = internalCluster().transportClient().prepareGet("index1", "type", "1").setFields("test", "not test").get(); assertThat(getResponse.getField("test").getValue(), equalTo("test")); assertThat(getResponse.getField("not test").getValue(), equalTo("not test")); @@ -65,7 +64,7 @@ public class BulkUpdateTests extends SecurityIntegTestCase { // do it in a bulk BulkResponse response = internalCluster().transportClient().prepareBulk().add(client().prepareUpdate("index1", "type", "1") .setDoc("{\"bulk updated\": \"bulk updated\"}")).get(); - assertThat(((UpdateResponse)response.getItems()[0].getResponse()).isCreated(), is(false)); + assertEquals(DocWriteResponse.Operation.INDEX, response.getItems()[0].getResponse().getOperation()); getResponse = internalCluster().transportClient().prepareGet("index1", "type", "1"). setFields("test", "not test", "bulk updated").get(); assertThat(getResponse.getField("test").getValue(), equalTo("test")); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java index 1c3a9b5e6d5..e09530128e3 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java @@ -6,6 +6,7 @@ package org.elasticsearch.integration; import org.apache.http.message.BasicHeader; +import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.delete.DeleteResponse; import org.elasticsearch.action.update.UpdateResponse; import org.elasticsearch.client.Client; @@ -119,7 +120,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase { .setDoc("run_as", new String[] { role }) .setRefreshPolicy(refresh ? IMMEDIATE : NONE) .get(); - assertThat(response.isCreated(), is(false)); + assertEquals(DocWriteResponse.Operation.INDEX, response.getOperation()); logger.debug("--> updated role [{}] with run_as", role); } @@ -161,7 +162,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase { .prepareDelete(SecurityTemplateService.SECURITY_INDEX_NAME, NativeRolesStore.ROLE_DOC_TYPE, role) .setRefreshPolicy(refresh ? IMMEDIATE : NONE) .get(); - assertThat(response.isFound(), is(true)); + assertEquals(DocWriteResponse.Operation.DELETE, response.getOperation()); assertBusy(new Runnable() { @Override diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java index 2f2003db155..db89d13dc23 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.integration; +import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.admin.indices.create.CreateIndexResponse; import org.elasticsearch.action.admin.indices.delete.DeleteIndexResponse; import org.elasticsearch.action.get.GetResponse; @@ -69,7 +70,7 @@ public class DateMathExpressionIntegTests extends SecurityIntegTestCase { IndexResponse response = client.prepareIndex(expression, "type").setSource("foo", "bar") .setRefreshPolicy(refeshOnOperation ? IMMEDIATE : NONE).get(); - assertThat(response.isCreated(), is(true)); + assertEquals(DocWriteResponse.Operation.CREATE, response.getOperation()); assertThat(response.getIndex(), containsString(expectedIndexName)); if (refeshOnOperation == false) { @@ -89,7 +90,7 @@ public class DateMathExpressionIntegTests extends SecurityIntegTestCase { .setDoc("new", "field") .setRefreshPolicy(refeshOnOperation ? IMMEDIATE : NONE) .get(); - assertThat(updateResponse.isCreated(), is(false)); + assertEquals(DocWriteResponse.Operation.INDEX, updateResponse.getOperation()); if (refeshOnOperation == false) { client.admin().indices().prepareRefresh(expression).get(); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java index 0fd125570a1..4f0f223818d 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.integration; +import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.admin.indices.create.CreateIndexResponse; import org.elasticsearch.action.admin.indices.get.GetIndexResponse; import org.elasticsearch.action.admin.indices.mapping.get.GetFieldMappingsResponse; @@ -186,13 +187,13 @@ public class KibanaUserRoleIntegTests extends SecurityIntegTestCase { .setSource("foo", "bar") .setRefreshPolicy(IMMEDIATE) .get(); - assertThat(response.isCreated(), is(true)); + assertEquals(DocWriteResponse.Operation.CREATE, response.getOperation()); DeleteResponse deleteResponse = client() .filterWithHeader(singletonMap("Authorization", UsernamePasswordToken.basicAuthHeaderValue("kibana_user", USERS_PASSWD))) .prepareDelete(index, "dashboard", response.getId()) .get(); - assertThat(deleteResponse.isFound(), is(true)); + assertEquals(DocWriteResponse.Operation.DELETE, deleteResponse.getOperation()); } // TODO: When we have an XPackIntegTestCase, this should test that we can send MonitoringBulkActions diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java index a5425d3355f..db23824df60 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java @@ -6,6 +6,7 @@ package org.elasticsearch.integration; import org.elasticsearch.ElasticsearchSecurityException; +import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.index.IndexResponse; import org.elasticsearch.action.search.MultiSearchResponse; import org.elasticsearch.action.search.SearchResponse; @@ -75,14 +76,14 @@ public class MultipleIndicesPermissionsTests extends SecurityIntegTestCase { .startObject() .field("name", "value") .endObject()); - assertThat(indexResponse.isCreated(), is(true)); + assertEquals(DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); indexResponse = index("test1", "type", jsonBuilder() .startObject() .field("name", "value1") .endObject()); - assertThat(indexResponse.isCreated(), is(true)); + assertEquals(DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); refresh(); @@ -150,13 +151,13 @@ public class MultipleIndicesPermissionsTests extends SecurityIntegTestCase { .startObject() .field("name", "value_a") .endObject()); - assertThat(indexResponse.isCreated(), is(true)); + assertEquals(DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); indexResponse = index("b", "type", jsonBuilder() .startObject() .field("name", "value_b") .endObject()); - assertThat(indexResponse.isCreated(), is(true)); + assertEquals(DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); refresh(); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java index f1334c374de..2409b696d95 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java @@ -6,6 +6,7 @@ package org.elasticsearch.integration.ldap; import org.elasticsearch.ElasticsearchSecurityException; +import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.get.GetResponse; import org.elasticsearch.action.index.IndexResponse; import org.elasticsearch.client.Client; @@ -132,7 +133,8 @@ public abstract class AbstractAdLdapRealmTestCase extends SecurityIntegTestCase .endObject()) .execute().actionGet(); - assertThat("user " + user + " should have write access to index " + index, indexResponse.isCreated(), is(true)); + assertEquals("user " + user + " should have write access to index " + index, + DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); refresh(); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/LicensingTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/LicensingTests.java index aa77d6a1ac4..446067e4301 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/LicensingTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/LicensingTests.java @@ -9,6 +9,7 @@ import java.util.ArrayList; import java.util.Collection; import org.elasticsearch.ElasticsearchSecurityException; +import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse; import org.elasticsearch.action.admin.cluster.node.stats.NodesStatsResponse; import org.elasticsearch.action.admin.cluster.stats.ClusterStatsIndices; @@ -114,14 +115,14 @@ public class LicensingTests extends SecurityIntegTestCase { .startObject() .field("name", "value") .endObject()); - assertThat(indexResponse.isCreated(), is(true)); + assertEquals(DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); indexResponse = index("test1", "type", jsonBuilder() .startObject() .field("name", "value1") .endObject()); - assertThat(indexResponse.isCreated(), is(true)); + assertEquals(DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); refresh(); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java index 22229227eef..f8ca672d46a 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java @@ -10,6 +10,7 @@ import org.apache.http.client.methods.HttpPut; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.util.EntityUtils; +import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.index.IndexResponse; import org.elasticsearch.client.transport.NoNodeAvailableException; import org.elasticsearch.client.transport.TransportClient; @@ -79,7 +80,7 @@ public class PkiAuthenticationTests extends SecurityIntegTestCase { try (TransportClient client = createTransportClient(settings)) { client.addTransportAddress(randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses())); IndexResponse response = client.prepareIndex("foo", "bar").setSource("pki", "auth").get(); - assertThat(response.isCreated(), is(true)); + assertEquals(DocWriteResponse.Operation.CREATE, response.getOperation()); } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/WatcherService.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/WatcherService.java index 88836a6448e..be2331308f7 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/WatcherService.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/WatcherService.java @@ -7,6 +7,7 @@ package org.elasticsearch.xpack.watcher; import org.elasticsearch.ElasticsearchTimeoutException; +import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.index.IndexResponse; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.common.bytes.BytesReference; @@ -15,7 +16,6 @@ import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.index.engine.VersionConflictEngineException; -import org.elasticsearch.xpack.common.stats.Counters; import org.elasticsearch.xpack.watcher.execution.ExecutionService; import org.elasticsearch.xpack.watcher.support.WatcherIndexTemplateRegistry; import org.elasticsearch.xpack.support.clock.Clock; @@ -29,7 +29,6 @@ import org.joda.time.DateTimeZone; import org.joda.time.PeriodType; import java.io.IOException; -import java.util.HashMap; import java.util.Map; import java.util.concurrent.atomic.AtomicReference; @@ -122,7 +121,7 @@ public class WatcherService extends AbstractComponent { } try { WatchStore.WatchDelete delete = watchStore.delete(id, force); - if (delete.deleteResponse().isFound()) { + if (delete.deleteResponse().getOperation() == DocWriteResponse.Operation.DELETE) { triggerService.remove(id); } return delete; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/index/ExecutableIndexAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/index/ExecutableIndexAction.java index b5703c18ff1..5b60481b21c 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/index/ExecutableIndexAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/index/ExecutableIndexAction.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.watcher.actions.index; +import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.bulk.BulkItemResponse; import org.elasticsearch.action.bulk.BulkRequest; import org.elasticsearch.action.bulk.BulkResponse; @@ -116,7 +117,8 @@ public class ExecutableIndexAction extends ExecutableAction { static void indexResponseToXContent(XContentBuilder builder, IndexResponse response) throws IOException { builder.startObject() - .field("created", response.isCreated()) + .field("created", response.getOperation() == DocWriteResponse.Operation.CREATE) + .field("operation", response.getOperation().getLowercase()) .field("id", response.getId()) .field("version", response.getVersion()) .field("type", response.getType()) diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/delete/TransportDeleteWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/delete/TransportDeleteWatchAction.java index 742491c23ad..b7305566f6a 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/delete/TransportDeleteWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/delete/TransportDeleteWatchAction.java @@ -7,6 +7,7 @@ package org.elasticsearch.xpack.watcher.transport.actions.delete; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.action.ActionListener; +import org.elasticsearch.action.DocWriteResponse; import org.elasticsearch.action.delete.DeleteResponse; import org.elasticsearch.action.support.ActionFilters; import org.elasticsearch.cluster.service.ClusterService; @@ -56,8 +57,8 @@ public class TransportDeleteWatchAction extends WatcherTransportAction Date: Fri, 29 Jul 2016 20:36:52 -0400 Subject: [PATCH 12/15] Handle core moving RestUtils Original commit: elastic/x-pack-elasticsearch@01cda72d62b9d74967f305dde024804d351ea913 --- .../java/org/elasticsearch/xpack/common/http/HttpRequest.java | 2 +- .../elasticsearch/xpack/common/http/HttpRequestTemplate.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpRequest.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpRequest.java index 3b6311a62ae..34c76e46272 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpRequest.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpRequest.java @@ -17,7 +17,7 @@ import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentHelper; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.XContentType; -import org.elasticsearch.rest.support.RestUtils; +import org.elasticsearch.rest.RestUtils; import org.elasticsearch.xpack.common.http.auth.HttpAuthRegistry; import org.elasticsearch.xpack.watcher.support.WatcherDateTimeUtils; import org.elasticsearch.xpack.watcher.support.WatcherUtils; diff --git a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpRequestTemplate.java b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpRequestTemplate.java index 936e3faa54e..e514e969c0b 100644 --- a/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpRequestTemplate.java +++ b/elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/http/HttpRequestTemplate.java @@ -15,7 +15,7 @@ import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentParser; -import org.elasticsearch.rest.support.RestUtils; +import org.elasticsearch.rest.RestUtils; import org.elasticsearch.xpack.common.http.auth.HttpAuth; import org.elasticsearch.xpack.common.http.auth.HttpAuthRegistry; import org.elasticsearch.xpack.watcher.support.WatcherDateTimeUtils; From 2297c493e4ece408ffe31a817ed6c286d97877b2 Mon Sep 17 00:00:00 2001 From: Nik Everett Date: Sun, 31 Jul 2016 07:27:54 -0400 Subject: [PATCH 13/15] Handle renaming DocWriteResponse.Operation It is now DocWriteResponse.Result. The enum constants have changed a bit as well. Original commit: elastic/x-pack-elasticsearch@395e7c15bb758a0a84cb1210c631b683fe384b46 --- .../security/authc/esnative/NativeUsersStore.java | 8 ++++---- .../xpack/security/authz/store/NativeRolesStore.java | 4 ++-- .../org/elasticsearch/integration/BulkUpdateTests.java | 10 +++++----- .../integration/ClearRolesCacheTests.java | 4 ++-- .../integration/DateMathExpressionIntegTests.java | 4 ++-- .../integration/KibanaUserRoleIntegTests.java | 4 ++-- .../integration/MultipleIndicesPermissionsTests.java | 8 ++++---- .../integration/ldap/AbstractAdLdapRealmTestCase.java | 2 +- .../java/org/elasticsearch/license/LicensingTests.java | 4 ++-- .../security/authc/pki/PkiAuthenticationTests.java | 2 +- .../elasticsearch/xpack/watcher/WatcherService.java | 2 +- .../watcher/actions/index/ExecutableIndexAction.java | 4 ++-- .../actions/delete/TransportDeleteWatchAction.java | 2 +- .../transport/actions/put/TransportPutWatchAction.java | 2 +- .../xpack/watcher/WatcherServiceTests.java | 6 +++--- .../watcher/actions/TimeThrottleIntegrationTests.java | 2 +- .../xpack/watcher/test/integration/WatchAckTests.java | 6 +++--- 17 files changed, 37 insertions(+), 37 deletions(-) diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java index 2e162d26308..c591ccf1e9f 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java @@ -326,7 +326,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL .execute(new ActionListener() { @Override public void onResponse(UpdateResponse updateResponse) { - assert updateResponse.getOperation() == DocWriteResponse.Operation.INDEX; + assert updateResponse.getResult() == DocWriteResponse.Result.UPDATED; clearRealmCache(request.username(), listener, null); } @@ -402,7 +402,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL .execute(new ActionListener() { @Override public void onResponse(UpdateResponse updateResponse) { - assert updateResponse.getOperation() == DocWriteResponse.Operation.INDEX; + assert updateResponse.getResult() == DocWriteResponse.Result.UPDATED; clearRealmCache(putUserRequest.username(), listener, false); } @@ -443,7 +443,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL @Override public void onResponse(IndexResponse indexResponse) { // if the document was just created, then we don't need to clear cache - boolean created = indexResponse.getOperation() == DocWriteResponse.Operation.CREATE; + boolean created = indexResponse.getResult() == DocWriteResponse.Result.CREATED; if (created) { listener.onResponse(true); return; @@ -474,7 +474,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL @Override public void onResponse(DeleteResponse deleteResponse) { clearRealmCache(deleteUserRequest.username(), listener, - deleteResponse.getOperation() == DocWriteResponse.Operation.DELETE); + deleteResponse.getResult() == DocWriteResponse.Result.DELETED); } @Override diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java index 0bc1181374d..f2e2b005c9f 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java @@ -274,7 +274,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C client.delete(request, new ActionListener() { @Override public void onResponse(DeleteResponse deleteResponse) { - clearRoleCache(deleteRoleRequest.name(), listener, deleteResponse.getOperation() == DocWriteResponse.Operation.DELETE); + clearRoleCache(deleteRoleRequest.name(), listener, deleteResponse.getResult() == DocWriteResponse.Result.DELETED); } @Override @@ -304,7 +304,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C .execute(new ActionListener() { @Override public void onResponse(IndexResponse indexResponse) { - boolean created = indexResponse.getOperation() == DocWriteResponse.Operation.CREATE; + boolean created = indexResponse.getResult() == DocWriteResponse.Result.CREATED; if (created) { listener.onResponse(true); return; diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java index f0a6f4f4016..695db274857 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java @@ -41,8 +41,8 @@ public class BulkUpdateTests extends SecurityIntegTestCase { } public void testThatBulkUpdateDoesNotLoseFields() { - assertEquals(DocWriteResponse.Operation.CREATE, - client().prepareIndex("index1", "type").setSource("{\"test\": \"test\"}").setId("1").get().getOperation()); + assertEquals(DocWriteResponse.Result.CREATED, + client().prepareIndex("index1", "type").setSource("{\"test\": \"test\"}").setId("1").get().getResult()); GetResponse getResponse = internalCluster().transportClient().prepareGet("index1", "type", "1").setFields("test").get(); assertThat(getResponse.getField("test").getValue(), equalTo("test")); @@ -51,8 +51,8 @@ public class BulkUpdateTests extends SecurityIntegTestCase { } // update with a new field - assertEquals(DocWriteResponse.Operation.INDEX, internalCluster().transportClient().prepareUpdate("index1", "type", "1") - .setDoc("{\"not test\": \"not test\"}").get().getOperation()); + assertEquals(DocWriteResponse.Result.UPDATED, internalCluster().transportClient().prepareUpdate("index1", "type", "1") + .setDoc("{\"not test\": \"not test\"}").get().getResult()); getResponse = internalCluster().transportClient().prepareGet("index1", "type", "1").setFields("test", "not test").get(); assertThat(getResponse.getField("test").getValue(), equalTo("test")); assertThat(getResponse.getField("not test").getValue(), equalTo("not test")); @@ -64,7 +64,7 @@ public class BulkUpdateTests extends SecurityIntegTestCase { // do it in a bulk BulkResponse response = internalCluster().transportClient().prepareBulk().add(client().prepareUpdate("index1", "type", "1") .setDoc("{\"bulk updated\": \"bulk updated\"}")).get(); - assertEquals(DocWriteResponse.Operation.INDEX, response.getItems()[0].getResponse().getOperation()); + assertEquals(DocWriteResponse.Result.UPDATED, response.getItems()[0].getResponse().getResult()); getResponse = internalCluster().transportClient().prepareGet("index1", "type", "1"). setFields("test", "not test", "bulk updated").get(); assertThat(getResponse.getField("test").getValue(), equalTo("test")); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java index e09530128e3..87205804d63 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRolesCacheTests.java @@ -120,7 +120,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase { .setDoc("run_as", new String[] { role }) .setRefreshPolicy(refresh ? IMMEDIATE : NONE) .get(); - assertEquals(DocWriteResponse.Operation.INDEX, response.getOperation()); + assertEquals(DocWriteResponse.Result.UPDATED, response.getResult()); logger.debug("--> updated role [{}] with run_as", role); } @@ -162,7 +162,7 @@ public class ClearRolesCacheTests extends NativeRealmIntegTestCase { .prepareDelete(SecurityTemplateService.SECURITY_INDEX_NAME, NativeRolesStore.ROLE_DOC_TYPE, role) .setRefreshPolicy(refresh ? IMMEDIATE : NONE) .get(); - assertEquals(DocWriteResponse.Operation.DELETE, response.getOperation()); + assertEquals(DocWriteResponse.Result.DELETED, response.getResult()); assertBusy(new Runnable() { @Override diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java index db89d13dc23..06fcf206550 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/DateMathExpressionIntegTests.java @@ -70,7 +70,7 @@ public class DateMathExpressionIntegTests extends SecurityIntegTestCase { IndexResponse response = client.prepareIndex(expression, "type").setSource("foo", "bar") .setRefreshPolicy(refeshOnOperation ? IMMEDIATE : NONE).get(); - assertEquals(DocWriteResponse.Operation.CREATE, response.getOperation()); + assertEquals(DocWriteResponse.Result.CREATED, response.getResult()); assertThat(response.getIndex(), containsString(expectedIndexName)); if (refeshOnOperation == false) { @@ -90,7 +90,7 @@ public class DateMathExpressionIntegTests extends SecurityIntegTestCase { .setDoc("new", "field") .setRefreshPolicy(refeshOnOperation ? IMMEDIATE : NONE) .get(); - assertEquals(DocWriteResponse.Operation.INDEX, updateResponse.getOperation()); + assertEquals(DocWriteResponse.Result.UPDATED, updateResponse.getResult()); if (refeshOnOperation == false) { client.admin().indices().prepareRefresh(expression).get(); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java index 4f0f223818d..d2edd52de7f 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/KibanaUserRoleIntegTests.java @@ -187,13 +187,13 @@ public class KibanaUserRoleIntegTests extends SecurityIntegTestCase { .setSource("foo", "bar") .setRefreshPolicy(IMMEDIATE) .get(); - assertEquals(DocWriteResponse.Operation.CREATE, response.getOperation()); + assertEquals(DocWriteResponse.Result.CREATED, response.getResult()); DeleteResponse deleteResponse = client() .filterWithHeader(singletonMap("Authorization", UsernamePasswordToken.basicAuthHeaderValue("kibana_user", USERS_PASSWD))) .prepareDelete(index, "dashboard", response.getId()) .get(); - assertEquals(DocWriteResponse.Operation.DELETE, deleteResponse.getOperation()); + assertEquals(DocWriteResponse.Result.DELETED, deleteResponse.getResult()); } // TODO: When we have an XPackIntegTestCase, this should test that we can send MonitoringBulkActions diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java index db23824df60..5160581d6c2 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java @@ -76,14 +76,14 @@ public class MultipleIndicesPermissionsTests extends SecurityIntegTestCase { .startObject() .field("name", "value") .endObject()); - assertEquals(DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); + assertEquals(DocWriteResponse.Result.CREATED, indexResponse.getResult()); indexResponse = index("test1", "type", jsonBuilder() .startObject() .field("name", "value1") .endObject()); - assertEquals(DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); + assertEquals(DocWriteResponse.Result.CREATED, indexResponse.getResult()); refresh(); @@ -151,13 +151,13 @@ public class MultipleIndicesPermissionsTests extends SecurityIntegTestCase { .startObject() .field("name", "value_a") .endObject()); - assertEquals(DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); + assertEquals(DocWriteResponse.Result.CREATED, indexResponse.getResult()); indexResponse = index("b", "type", jsonBuilder() .startObject() .field("name", "value_b") .endObject()); - assertEquals(DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); + assertEquals(DocWriteResponse.Result.CREATED, indexResponse.getResult()); refresh(); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java index 2409b696d95..76e65e995c0 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java @@ -134,7 +134,7 @@ public abstract class AbstractAdLdapRealmTestCase extends SecurityIntegTestCase .execute().actionGet(); assertEquals("user " + user + " should have write access to index " + index, - DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); + DocWriteResponse.Result.CREATED, indexResponse.getResult()); refresh(); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/LicensingTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/LicensingTests.java index 446067e4301..624eac4aa86 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/LicensingTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/license/LicensingTests.java @@ -115,14 +115,14 @@ public class LicensingTests extends SecurityIntegTestCase { .startObject() .field("name", "value") .endObject()); - assertEquals(DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); + assertEquals(DocWriteResponse.Result.CREATED, indexResponse.getResult()); indexResponse = index("test1", "type", jsonBuilder() .startObject() .field("name", "value1") .endObject()); - assertEquals(DocWriteResponse.Operation.CREATE, indexResponse.getOperation()); + assertEquals(DocWriteResponse.Result.CREATED, indexResponse.getResult()); refresh(); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java index f8ca672d46a..84eeae70802 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java @@ -80,7 +80,7 @@ public class PkiAuthenticationTests extends SecurityIntegTestCase { try (TransportClient client = createTransportClient(settings)) { client.addTransportAddress(randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses())); IndexResponse response = client.prepareIndex("foo", "bar").setSource("pki", "auth").get(); - assertEquals(DocWriteResponse.Operation.CREATE, response.getOperation()); + assertEquals(DocWriteResponse.Result.CREATED, response.getResult()); } } diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/WatcherService.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/WatcherService.java index be2331308f7..fb66c4d5062 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/WatcherService.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/WatcherService.java @@ -121,7 +121,7 @@ public class WatcherService extends AbstractComponent { } try { WatchStore.WatchDelete delete = watchStore.delete(id, force); - if (delete.deleteResponse().getOperation() == DocWriteResponse.Operation.DELETE) { + if (delete.deleteResponse().getResult() == DocWriteResponse.Result.DELETED) { triggerService.remove(id); } return delete; diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/index/ExecutableIndexAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/index/ExecutableIndexAction.java index 5b60481b21c..2d78c24e3cf 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/index/ExecutableIndexAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/actions/index/ExecutableIndexAction.java @@ -117,8 +117,8 @@ public class ExecutableIndexAction extends ExecutableAction { static void indexResponseToXContent(XContentBuilder builder, IndexResponse response) throws IOException { builder.startObject() - .field("created", response.getOperation() == DocWriteResponse.Operation.CREATE) - .field("operation", response.getOperation().getLowercase()) + .field("created", response.getResult() == DocWriteResponse.Result.CREATED) + .field("result", response.getResult().getLowercase()) .field("id", response.getId()) .field("version", response.getVersion()) .field("type", response.getType()) diff --git a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/delete/TransportDeleteWatchAction.java b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/delete/TransportDeleteWatchAction.java index b7305566f6a..cc12b25c90b 100644 --- a/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/delete/TransportDeleteWatchAction.java +++ b/elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/transport/actions/delete/TransportDeleteWatchAction.java @@ -57,7 +57,7 @@ public class TransportDeleteWatchAction extends WatcherTransportAction Date: Mon, 1 Aug 2016 18:13:43 +0200 Subject: [PATCH 14/15] [TEST] Make MockMustacheScriptEngine less strict Since elastic/elasticsearch#19621 MockScriptEngine is stricter and expects scripts to be defined before being used in tests. Because watcher makes heavy use of scripts without really need of custom logic, this commit changed the MockMustacheScriptEngine implementation so that it always returns the script's source as a result. Original commit: elastic/x-pack-elasticsearch@09cffa9517acd95d1050ae6b9e18d4794e266de6 --- .../org/elasticsearch/script/MockMustacheScriptEngine.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java index 0fe5e1b6fa6..85a2d9db356 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/script/MockMustacheScriptEngine.java @@ -48,8 +48,8 @@ public class MockMustacheScriptEngine extends MockScriptEngine { if (script.contains("{{") && script.contains("}}")) { throw new IllegalArgumentException("Fix your test to not rely on mustache"); } - - return super.compile(name, script, params); + // We always return the script's source as it is + return new MockCompiledScript(name, params, script, null); } @Override From 287f4da0b999d4645c63af21eb0b47e7bf3b88a8 Mon Sep 17 00:00:00 2001 From: Ali Beyad Date: Tue, 19 Jul 2016 14:15:47 -0400 Subject: [PATCH 15/15] Fix tests that use write consistency level in favor of ActiveShardCount Original commit: elastic/x-pack-elasticsearch@4c463c8d7b80a3fdc6a86e254a4cc7185d54d4ea --- .../watcher/test/integration/BootStrapTests.java | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/BootStrapTests.java b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/BootStrapTests.java index 1b8665300da..263b7fab2e1 100644 --- a/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/BootStrapTests.java +++ b/elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/BootStrapTests.java @@ -5,9 +5,9 @@ */ package org.elasticsearch.xpack.watcher.test.integration; -import org.elasticsearch.action.WriteConsistencyLevel; import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.action.search.SearchResponse; +import org.elasticsearch.action.support.ActiveShardCount; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.test.junit.annotations.TestLogging; @@ -140,7 +140,7 @@ public class BootStrapTests extends AbstractWatcherIntegrationTestCase { .startObject("none").endObject() .endObject() .endObject()) - .setConsistencyLevel(WriteConsistencyLevel.ALL) + .setWaitForActiveShards(ActiveShardCount.ALL) .setRefreshPolicy(IMMEDIATE) .get(); @@ -158,7 +158,7 @@ public class BootStrapTests extends AbstractWatcherIntegrationTestCase { .startObject("none").endObject() .endObject() .endObject()) - .setConsistencyLevel(WriteConsistencyLevel.ALL) + .setWaitForActiveShards(ActiveShardCount.ALL) .setRefreshPolicy(IMMEDIATE) .get(); @@ -176,7 +176,7 @@ public class BootStrapTests extends AbstractWatcherIntegrationTestCase { .startObject("none").endObject() .endObject() .endObject()) - .setConsistencyLevel(WriteConsistencyLevel.ALL) + .setWaitForActiveShards(ActiveShardCount.ALL) .setRefreshPolicy(IMMEDIATE) .get(); @@ -200,7 +200,7 @@ public class BootStrapTests extends AbstractWatcherIntegrationTestCase { .field(event.type(), event) .endObject() .endObject()) - .setConsistencyLevel(WriteConsistencyLevel.ALL) + .setWaitForActiveShards(ActiveShardCount.ALL) .setRefreshPolicy(IMMEDIATE) .get(); @@ -226,7 +226,7 @@ public class BootStrapTests extends AbstractWatcherIntegrationTestCase { .condition(compareCondition("ctx.payload.hits.total", CompareCondition.Op.EQ, 1L)) .buildAsBytes(XContentType.JSON) ) - .setConsistencyLevel(WriteConsistencyLevel.ALL) + .setWaitForActiveShards(ActiveShardCount.ALL) .get(); } @@ -269,7 +269,7 @@ public class BootStrapTests extends AbstractWatcherIntegrationTestCase { TriggeredWatch triggeredWatch = new TriggeredWatch(wid, event); client().prepareIndex(TriggeredWatchStore.INDEX_NAME, TriggeredWatchStore.DOC_TYPE, triggeredWatch.id().value()) .setSource(jsonBuilder().value(triggeredWatch)) - .setConsistencyLevel(WriteConsistencyLevel.ALL) + .setWaitForActiveShards(ActiveShardCount.ALL) .get(); } @@ -320,7 +320,7 @@ public class BootStrapTests extends AbstractWatcherIntegrationTestCase { TriggeredWatch triggeredWatch = new TriggeredWatch(wid, event); client().prepareIndex(TriggeredWatchStore.INDEX_NAME, TriggeredWatchStore.DOC_TYPE, triggeredWatch.id().value()) .setSource(jsonBuilder().value(triggeredWatch)) - .setConsistencyLevel(WriteConsistencyLevel.ALL) + .setWaitForActiveShards(ActiveShardCount.ALL) .get(); }