honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/elasticsearch/elasticsearch-shield into doc-feedback 

Original commit: elastic/x-pack-elasticsearch@9d1e4019e3
This commit is contained in:
Paul Echeverri 2014-10-23 09:21:35 -07:00
parent a6ba0eec2d 82648c240f
commit d46b13e4f5
4 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/org/elasticsearch/shield/authc/Realms.java
View File

@ -7,6 +7,8 @@ package org.elasticsearch.shield.authc;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.internal.Nullable;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.logging.ESLoggerFactory;
import org.elasticsearch.shield.authc.esusers.ESUsersRealm;
import org.elasticsearch.shield.authc.ldap.LdapRealm;
import org.elasticsearch.shield.authc.system.SystemRealm;
@ -19,6 +21,8 @@ import java.util.List;
*/
public class Realms {
private static final ESLogger logger = ESLoggerFactory.getLogger(Realms.class.getName());
private final Realm[] realms;
@Inject
@ -27,9 +31,11 @@ public class Realms {
List<Realm> realms = new ArrayList<>();
realms.add(system);
if (esusers != null) {
logger.info("Realm [" + esusers.type() + "] is used");
realms.add(esusers);
}
if (ldap != null) {
logger.info("Realm [" + ldap.type() + "] is used");
realms.add(ldap);
}
this.realms = realms.toArray(new Realm[realms.size()]);

3
src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java
View File

@ -54,6 +54,9 @@ public class FileUserPasswdStore extends AbstractComponent implements UserPasswd
super(settings);
file = resolveFile(settings, env);
esUsers = parseFile(file, logger);
if (esUsers.isEmpty() && logger.isDebugEnabled()) {
logger.debug("Realm [esusers] has no users");
}
FileWatcher watcher = new FileWatcher(file.getParent().toFile());
watcher.addListener(new FileListener());
watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH);

10
src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java
View File

@ -119,7 +119,7 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
name = new Privilege.Name(names.build());
} else {
throw new ElasticsearchException("Invalid roles file format [" + path.toAbsolutePath() +
"]. [cluster] field value can either be a string or a list of strings, but [" + token + "] was found instead");
"]. [cluster] field value can either be a string or a list of strings, but [" + token + "] was found instead in role [" + roleName + "]");
}
permission.set(Privilege.Cluster.get(name));
} else if ("indices".equals(currentFieldName)) {
@ -140,13 +140,13 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
names.add(parser.text());
} else {
throw new ElasticsearchException("Invalid roles file format [" + path.toAbsolutePath() +
"]. Could not parse [" + token + "] as index privilege. Privilege names must be strings");
"]. Could not parse [" + token + "] as index privilege in role[" + roleName + "]. Privilege names must be strings");
}
}
name = new Privilege.Name(names);
} else {
throw new ElasticsearchException("Invalid roles file format [" + path.toAbsolutePath() +
"]. Could not parse [" + token + "] as index privileges list. Privilege lists must either " +
"]. Could not parse [" + token + "] as index privileges list in role [" + roleName + "]. Privilege lists must either " +
"be a comma delimited string or an array of strings");
}
permission.add(Privilege.Index.get(name), indices);
@ -155,12 +155,12 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
} else {
throw new ElasticsearchException("Invalid roles file format [" + path.toAbsolutePath() +
"]. [indices] field value must be an array of indices-privileges mappings defined as a string" +
" in the form <comma-separated list of index name patterns>::<comma-separated list of privileges> , but [" + token + "] was found instead");
" in the form <comma-separated list of index name patterns>::<comma-separated list of privileges> , but [" + token + "] was found instead in role [" + roleName + "]");
}
} else {
throw new ElasticsearchException("Invalid roles file format [" + path.toAbsolutePath() +
"]. each role may have [cluster] field (holding a list of cluster permissions) and/or " +
"[indices] field (holding a list of indices permissions. But [" + token + "] was found instead");
"[indices] field (holding a list of indices permissions. But [" + token + "] was found instead in role [" + roleName + "]");
}
}
roles.put(roleName, permission.build());

2
src/main/resources/org/elasticsearch/shield/authc/esusers/tool/esusers.help
View File

@ -27,4 +27,4 @@ COMMANDS
NOTES
[*] For usage help on specific commands please type "security <command> -h"
[*] For usage help on specific commands please type "esusers <command> -h"