honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

finish cleaning up exceptions 

This commit finishes the exception cleanup and resolves the TODOs that were left from
the last set of exception changes and re-enables all muted tests.

Closes elastic/elasticsearch#5

Original commit: elastic/x-pack-elasticsearch@742fa948ce
This commit is contained in:
jaymode 2015-07-15 07:33:54 -04:00
parent 8178b799fd
commit db0b745fa6
26 changed files with 81 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
shield/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java
View File

@ -27,6 +27,7 @@ import org.elasticsearch.shield.crypto.CryptoService;
import org.elasticsearch.shield.license.LicenseEventsNotifier;
import org.elasticsearch.shield.license.LicenseService;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
@ -148,7 +149,7 @@ public class ShieldActionFilter extends AbstractComponent implements ActionFilte
}
}
<Response extends ActionResponse> Response sign(Response response) {
<Response extends ActionResponse> Response sign(Response response) throws IOException {
if (response instanceof SearchResponse) {
SearchResponse searchResponse = (SearchResponse) response;
@ -174,8 +175,12 @@ public class ShieldActionFilter extends AbstractComponent implements ActionFilte
@Override @SuppressWarnings("unchecked")
public void onResponse(Response response) {
response = this.filter.sign(response);
innerListener.onResponse(response);
try {
response = this.filter.sign(response);
innerListener.onResponse(response);
} catch (IOException e) {
onFailure(e);
}
}
@Override

6
shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java
View File

@ -660,7 +660,11 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail {
bulkProcessor = BulkProcessor.builder(client, new BulkProcessor.Listener() {
@Override
public void beforeBulk(long executionId, BulkRequest request) {
authenticationService.attachUserHeaderIfMissing(request, auditUser.user());
try {
authenticationService.attachUserHeaderIfMissing(request, auditUser.user());
} catch (IOException e) {
throw new ElasticsearchException("failed to attach user header", e);
}
}
@Override

6
shield/src/main/java/org/elasticsearch/shield/authc/AuthenticationService.java
View File

@ -10,6 +10,8 @@ import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.shield.User;
import org.elasticsearch.transport.TransportMessage;
import java.io.IOException;
/**
* Responsible for authenticating the Users behind requests
*/
@ -46,7 +48,7 @@ public interface AuthenticationService {
* case where there was no user associated with the request, if the defautl
* token could not be authenticated.
*/
User authenticate(String action, TransportMessage message, User fallbackUser);
User authenticate(String action, TransportMessage message, User fallbackUser) throws IOException;
/**
* Checks if there's alreay a user header attached to the given message. If missing, a new header is
@ -55,6 +57,6 @@ public interface AuthenticationService {
* @param message The message
* @param user The user to be attached if the header is missing
*/
void attachUserHeaderIfMissing(TransportMessage message, User user);
void attachUserHeaderIfMissing(TransportMessage message, User user) throws IOException;
}

4
shield/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
View File

@ -105,7 +105,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
}
@Override
public User authenticate(String action, TransportMessage message, User fallbackUser) {
public User authenticate(String action, TransportMessage message, User fallbackUser) throws IOException {
User user = message.getFromContext(USER_KEY);
if (user != null) {
return user;
@ -127,7 +127,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
}
@Override
public void attachUserHeaderIfMissing(TransportMessage message, User user) {
public void attachUserHeaderIfMissing(TransportMessage message, User user) throws IOException {
if (message.hasHeader(USER_KEY)) {
return;
}

1
shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java
View File

@ -119,7 +119,6 @@ public class ActiveDirectorySessionFactory extends SessionFactory {
return new LdapSession(connectionLogger, connection, dn, groupResolver, timeout);
} catch (LDAPException e) {
connection.close();
// TODO think more about this exception...
throw authenticationError("unable to authenticate user [{}] to active directory domain [{}]", e, userName, domainName);
}
}

15
shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java
View File

@ -5,6 +5,7 @@
*/
package org.elasticsearch.shield.authc.ldap;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.rest.RestController;
@ -16,6 +17,8 @@ import org.elasticsearch.shield.authc.support.DnRoleMapper;
import org.elasticsearch.shield.ssl.ClientSSLService;
import org.elasticsearch.watcher.ResourceWatcherService;
import java.io.IOException;
/**
* Authenticates username/password tokens against ldap, locates groups and maps them to roles.
*/
@ -46,12 +49,16 @@ public class LdapRealm extends AbstractLdapRealm {
@Override
public LdapRealm create(RealmConfig config) {
SessionFactory sessionFactory = sessionFactory(config, clientSSLService);
DnRoleMapper roleMapper = new DnRoleMapper(TYPE, config, watcherService, null);
return new LdapRealm(config, sessionFactory, roleMapper);
try {
SessionFactory sessionFactory = sessionFactory(config, clientSSLService);
DnRoleMapper roleMapper = new DnRoleMapper(TYPE, config, watcherService, null);
return new LdapRealm(config, sessionFactory, roleMapper);
} catch (IOException e) {
throw new ElasticsearchException("failed to create realm [{}/{}]", e, LdapRealm.TYPE, config.name());
}
}
static SessionFactory sessionFactory(RealmConfig config, ClientSSLService clientSSLService) {
static SessionFactory sessionFactory(RealmConfig config, ClientSSLService clientSSLService) throws IOException {
Settings searchSettings = config.settings().getAsSettings("user_search");
if (!searchSettings.names().isEmpty()) {
if (config.settings().getAsArray(LdapSessionFactory.USER_DN_TEMPLATES_SETTING).length > 0) {

10
shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java
View File

@ -7,7 +7,6 @@ package org.elasticsearch.shield.authc.ldap;
import com.google.common.primitives.Ints;
import com.unboundid.ldap.sdk.*;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
@ -43,7 +42,7 @@ public class LdapUserSearchSessionFactory extends SessionFactory {
private final String userAttribute;
private final ServerSet serverSet;
public LdapUserSearchSessionFactory(RealmConfig config, ClientSSLService sslService) {
public LdapUserSearchSessionFactory(RealmConfig config, ClientSSLService sslService) throws IOException {
super(config);
Settings settings = config.settings();
userSearchBaseDn = settings.get("user_search.base_dn");
@ -55,8 +54,6 @@ public class LdapUserSearchSessionFactory extends SessionFactory {
serverSet = serverSet(settings, sslService);
connectionPool = connectionPool(config.settings(), serverSet, timeout);
groupResolver = groupResolver(settings);
}
static void filterOutSensitiveSettings(String realmName, ShieldSettingsFilter filter) {
@ -65,7 +62,7 @@ public class LdapUserSearchSessionFactory extends SessionFactory {
filter.filterOut("shield.authc.realms." + realmName + "." + HOSTNAME_VERIFICATION_SETTING);
}
static LDAPConnectionPool connectionPool(Settings settings, ServerSet serverSet, TimeValue timeout) {
static LDAPConnectionPool connectionPool(Settings settings, ServerSet serverSet, TimeValue timeout) throws IOException {
SimpleBindRequest bindRequest = bindRequest(settings);
int initialSize = settings.getAsInt("user_search.pool.initial_size", DEFAULT_CONNECTION_POOL_INITIAL_SIZE);
int size = settings.getAsInt("user_search.pool.size", DEFAULT_CONNECTION_POOL_SIZE);
@ -88,8 +85,7 @@ public class LdapUserSearchSessionFactory extends SessionFactory {
}
return pool;
} catch (LDAPException e) {
// TODO consider changing this to IOException and bubble it up
throw new ElasticsearchException("unable to connect to any LDAP servers", e);
throw new IOException("unable to connect to any LDAP servers", e);
}
}

13
shield/src/main/java/org/elasticsearch/shield/crypto/CryptoService.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.shield.crypto;
import javax.crypto.SecretKey;
import java.io.IOException;
/**
* Service that provides cryptographic methods based on a shared system key
@ -16,11 +17,11 @@ public interface CryptoService {
* Signs the given text and returns the signed text (original text + signature)
* @param text the string to sign
*/
String sign(String text);
String sign(String text) throws IOException;
/**
* Unsigns the given signed text, verifies the original text with the attached signature and if valid returns
* the unsigned (original) text. If signature verification fails a {@link SignatureException} is thrown.
* the unsigned (original) text. If signature verification fails a {@link IllegalArgumentException} is thrown.
* @param text the string to unsign and verify
*/
String unsignAndVerify(String text);
@ -30,11 +31,11 @@ public interface CryptoService {
* @param text the string to sign
* @param key the key to sign the text with
*/
String sign(String text, SecretKey key);
String sign(String text, SecretKey key) throws IOException;
/**
* Unsigns the given signed text, verifies the original text with the attached signature and if valid returns
* the unsigned (original) text. If signature verification fails a {@link SignatureException} is thrown.
* the unsigned (original) text. If signature verification fails a {@link IllegalArgumentException} is thrown.
* @param text the string to unsign and verify
* @param key the key to unsign the text with
*/
@ -121,8 +122,8 @@ public interface CryptoService {
* service. This provides the old keys back to the clients so that they may perform decryption and re-encryption
* of data after a key has been changed
*
* @param oldSystemKey
* @param oldEncryptionKey
* @param oldSystemKey the pre-existing system key
* @param oldEncryptionKey the pre-existing encryption key
*/
void onKeyChange(SecretKey oldSystemKey, SecretKey oldEncryptionKey);
}

16
shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java
View File

@ -139,12 +139,12 @@ public class InternalCryptoService extends AbstractLifecycleComponent<InternalCr
}
@Override
public String sign(String text) {
public String sign(String text) throws IOException {
return sign(text, this.systemKey);
}
@Override
public String sign(String text, SecretKey key) {
public String sign(String text, SecretKey key) throws IOException {
if (key == null) {
return text;
}
@ -310,8 +310,7 @@ public class InternalCryptoService extends AbstractLifecycleComponent<InternalCr
private byte[] decryptInternal(byte[] bytes, SecretKey key) {
if (bytes.length < ivLength) {
logger.error("received data for decryption with size [{}] that is less than IV length [{}]", bytes.length, ivLength);
// TODO consider changing to IllegalArgumentException
throw new ElasticsearchException("invalid data to decrypt");
throw new IllegalArgumentException("invalid data to decrypt");
}
byte[] iv = new byte[ivLength];
@ -337,15 +336,10 @@ public class InternalCryptoService extends AbstractLifecycleComponent<InternalCr
}
}
private static String signInternal(String text, SecretKey key) {
private static String signInternal(String text, SecretKey key) throws IOException {
Mac mac = createMac(key);
byte[] sig = mac.doFinal(text.getBytes(Charsets.UTF_8));
try {
return Base64.encodeBytes(sig, 0, sig.length, Base64.URL_SAFE);
} catch (IOException e) {
// TODO consider bubbling the IOException up
throw new IllegalArgumentException("unable to encode signed data", e);
}
return Base64.encodeBytes(sig, 0, sig.length, Base64.URL_SAFE);
}

6
shield/src/main/java/org/elasticsearch/shield/transport/ClientTransportFilter.java
View File

@ -10,6 +10,8 @@ import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.AuthenticationService;
import org.elasticsearch.transport.TransportRequest;
import java.io.IOException;
/**
* This interface allows clients, that connect to an elasticsearch cluster, to execute
* additional logic before an operation is sent.
@ -23,7 +25,7 @@ public interface ClientTransportFilter {
* thrown by this method will stop the request from being sent and the error will
* be sent back to the sender.
*/
void outbound(String action, TransportRequest request);
void outbound(String action, TransportRequest request) throws IOException;
/**
* The client transport filter that should be used in transport clients
@ -48,7 +50,7 @@ public interface ClientTransportFilter {
}
@Override
public void outbound(String action, TransportRequest request) {
public void outbound(String action, TransportRequest request) throws IOException {
/**
this will check if there's a user associated with the request. If there isn't,
the system user will be attached. There cannot be a request outgoing from this

7
shield/src/main/java/org/elasticsearch/shield/transport/ServerTransportFilter.java
View File

@ -19,6 +19,7 @@ import org.jboss.netty.channel.Channel;
import org.jboss.netty.handler.ssl.SslHandler;
import javax.net.ssl.SSLPeerUnverifiedException;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
@ -37,7 +38,7 @@ public interface ServerTransportFilter {
* thrown by this method will stop the request from being handled and the error will
* be sent back to the sender.
*/
void inbound(String action, TransportRequest request, TransportChannel transportChannel);
void inbound(String action, TransportRequest request, TransportChannel transportChannel) throws IOException;
/**
* The server trasnport filter that should be used in nodes as it ensures that an incoming
@ -59,7 +60,7 @@ public interface ServerTransportFilter {
}
@Override
public void inbound(String action, TransportRequest request, TransportChannel transportChannel) {
public void inbound(String action, TransportRequest request, TransportChannel transportChannel) throws IOException {
/*
here we don't have a fallback user, as all incoming request are
expected to have a user attached (either in headers or in context)
@ -108,7 +109,7 @@ public interface ServerTransportFilter {
}
@Override
public void inbound(String action, TransportRequest request, TransportChannel transportChannel) {
public void inbound(String action, TransportRequest request, TransportChannel transportChannel) throws IOException {
// TODO is ']' sufficient to mark as shard action?
boolean isInternalOrShardAction = action.startsWith("internal:") || action.endsWith("]");
if (isInternalOrShardAction) {

2
shield/src/test/java/org/elasticsearch/integration/LicensingTests.java
View File

@ -6,7 +6,6 @@
package org.elasticsearch.integration;
import com.google.common.collect.ImmutableSet;
import org.apache.lucene.util.LuceneTestCase;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
import org.elasticsearch.action.admin.cluster.node.stats.NodesStatsResponse;
@ -41,7 +40,6 @@ import static org.hamcrest.Matchers.*;
/**
*
*/
@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch-shield/issues/947")
public class LicensingTests extends ShieldIntegrationTest {
public static final String ROLES =

2
shield/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.integration;
import org.apache.lucene.util.LuceneTestCase;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.search.MultiSearchResponse;
@ -28,7 +27,6 @@ import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitC
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
import static org.hamcrest.Matchers.is;
@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch-shield/issues/947")
public class MultipleIndicesPermissionsTests extends ShieldIntegrationTest {
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray())));

2
shield/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.integration;
import org.apache.lucene.util.LuceneTestCase;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesResponse;
import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateResponse;
@ -32,7 +31,6 @@ import static org.hamcrest.Matchers.hasSize;
* actions that are normally categorized as index actions as cluster actions - for example,
* index template actions.
*/
@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch-shield/issues/947")
public class PermissionPrecedenceTests extends ShieldIntegrationTest {
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("test123".toCharArray())));

2
shield/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.integration;
import org.apache.lucene.util.LuceneTestCase;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.action.index.IndexRequestBuilder;
@ -23,7 +22,6 @@ import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationExcepti
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
import static org.hamcrest.Matchers.*;
@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch-shield/issues/947")
public class ScrollIdSigningTests extends ShieldIntegrationTest {
@Test

2
shield/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.integration;
import org.apache.lucene.util.LuceneTestCase;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.get.MultiGetResponse;
import org.elasticsearch.action.index.IndexResponse;
@ -28,7 +27,6 @@ import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFa
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch-shield/issues/947")
public class SearchGetAndSuggestPermissionsTests extends ShieldIntegrationTest {
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("passwd".toCharArray())));

8
shield/src/test/java/org/elasticsearch/integration/ShieldCachePermissionTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.integration;
import org.apache.lucene.util.LuceneTestCase;
import org.elasticsearch.Version;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.search.SearchPhaseExecutionException;
@ -25,7 +24,6 @@ import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basic
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch-shield/issues/947")
public class ShieldCachePermissionTests extends ShieldIntegrationTest {
static final String READ_ONE_IDX_USER = "read_user";
@ -104,7 +102,8 @@ public class ShieldCachePermissionTests extends ShieldIntegrationTest {
.execute().actionGet();
fail("search phase exception should have been thrown! response was:\n" + response.toString());
} catch (SearchPhaseExecutionException e) {
assertThat(e.toString(), containsString("AuthorizationException"));
assertThat(e.toString(), containsString("ElasticsearchSecurityException[action"));
assertThat(e.toString(), containsString("unauthorized"));
}
}
@ -128,7 +127,8 @@ public class ShieldCachePermissionTests extends ShieldIntegrationTest {
.execute().actionGet();
fail("search phase exception should have been thrown! response was:\n" + response.toString());
} catch (SearchPhaseExecutionException e) {
assertThat(e.toString(), containsString("AuthorizationException"));
assertThat(e.toString(), containsString("ElasticsearchSecurityException[action"));
assertThat(e.toString(), containsString("unauthorized"));
}
}
}

2
shield/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.integration;
import org.apache.lucene.util.LuceneTestCase;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.bulk.BulkRequestBuilder;
import org.elasticsearch.action.bulk.BulkResponse;
@ -28,7 +27,6 @@ import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertThro
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch-shield/issues/947")
public class ShieldClearScrollTests extends ShieldIntegrationTest {
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("change_me".toCharArray())));

2
shield/src/test/java/org/elasticsearch/integration/ldap/GroupMappingTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.integration.ldap;
import org.apache.lucene.util.LuceneTestCase;
import org.elasticsearch.test.junit.annotations.Network;
import org.junit.Test;
@ -16,7 +15,6 @@ import java.io.IOException;
* The super class will provide appropriate group mappings via configGroupMappings()
*/
@Network
@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch-shield/issues/947")
public class GroupMappingTests extends AbstractAdLdapRealmTests {
@Test

2
shield/src/test/java/org/elasticsearch/integration/ldap/MultiGroupMappingTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.integration.ldap;
import org.apache.lucene.util.LuceneTestCase;
import org.elasticsearch.test.junit.annotations.Network;
import org.junit.Test;
@ -15,7 +14,6 @@ import java.io.IOException;
* This tests the mapping of multiple groups to a role
*/
@Network
@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch-shield/issues/947")
public class MultiGroupMappingTests extends AbstractAdLdapRealmTests {
@Override

5
shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java
View File

@ -40,6 +40,7 @@ import org.joda.time.format.ISODateTimeFormat;
import org.junit.After;
import org.junit.Test;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.List;
@ -111,11 +112,11 @@ public class IndexAuditTrailTests extends ShieldIntegrationTest {
return remoteIndexing ? remoteClient : client();
}
private void initialize(String... excludes) {
private void initialize(String... excludes) throws IOException {
initialize(null, excludes);
}
private void initialize(String[] includes, String[] excludes) {
private void initialize(String[] includes, String[] excludes) throws IOException {
rollover = randomFrom(HOURLY, DAILY, WEEKLY, MONTHLY);
numReplicas = numberOfReplicas();
numShards = numberOfShards();

2
shield/src/test/java/org/elasticsearch/shield/authz/AnalyzeTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.shield.authz;
import org.apache.lucene.util.LuceneTestCase;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.shield.authc.support.Hasher;
import org.elasticsearch.shield.authc.support.SecuredString;
@ -17,7 +16,6 @@ import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basic
import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationException;
import static org.hamcrest.CoreMatchers.containsString;
@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch-shield/issues/947")
public class AnalyzeTests extends ShieldIntegrationTest {
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("test123".toCharArray())));

2
shield/src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.shield.authz;
import org.apache.lucene.util.LuceneTestCase;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.admin.indices.alias.Alias;
import org.elasticsearch.action.admin.indices.alias.get.GetAliasesRequestBuilder;
@ -24,7 +23,6 @@ import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationExcepti
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.hamcrest.CoreMatchers.*;
@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch-shield/issues/947")
public class IndexAliasesTests extends ShieldIntegrationTest {
protected static final String USERS_PASSWD_HASHED = new String(Hasher.BCRYPT.hash(new SecuredString("test123".toCharArray())));

4
shield/src/test/java/org/elasticsearch/shield/authz/indicesresolver/IndicesResolverIntegrationTests.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.shield.authz.indicesresolver;
import org.apache.lucene.util.LuceneTestCase;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.ActionRequestBuilder;
import org.elasticsearch.action.admin.indices.alias.Alias;
@ -25,7 +24,6 @@ import java.util.List;
import static org.elasticsearch.test.ShieldTestsUtils.assertAuthorizationException;
import static org.hamcrest.CoreMatchers.*;
@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch-shield/issues/947")
public class IndicesResolverIntegrationTests extends ShieldIntegrationTest {
@Override
@ -173,7 +171,7 @@ public class IndicesResolverIntegrationTests extends ShieldIntegrationTest {
.add(Requests.searchRequest())
.add(Requests.searchRequest("test4")).get();
assertReturnedIndices(multiSearchResponse.getResponses()[0].getResponse(), "test1", "test2", "test3");
assertThat(multiSearchResponse.getResponses()[1].getFailure().toString(), equalTo("[test4] no such index"));
assertThat(multiSearchResponse.getResponses()[1].getFailure().toString(), equalTo("[test4] IndexNotFoundException[no such index]"));
}
@Test(expected = IndexNotFoundException.class)

19
shield/src/test/java/org/elasticsearch/shield/crypto/InternalCryptoServiceTests.java
View File

@ -17,6 +17,7 @@ import org.junit.Before;
import org.junit.Test;
import javax.crypto.SecretKey;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
@ -347,13 +348,17 @@ public class InternalCryptoServiceTests extends ElasticsearchTestCase {
service.register(new CryptoService.Listener() {
@Override
public void onKeyChange(SecretKey oldSystemKey, SecretKey oldEncryptionKey) {
assertThat(oldSystemKey, notNullValue());
final String unsigned = service.unsignAndVerify(signed, oldSystemKey);
assertThat(unsigned, equalTo(text));
final String newSigned = service.sign(unsigned);
assertThat(newSigned, not(equalTo(signed)));
assertThat(newSigned, not(equalTo(text)));
latch.countDown();
try {
assertThat(oldSystemKey, notNullValue());
final String unsigned = service.unsignAndVerify(signed, oldSystemKey);
assertThat(unsigned, equalTo(text));
final String newSigned = service.sign(unsigned);
assertThat(newSigned, not(equalTo(signed)));
assertThat(newSigned, not(equalTo(text)));
latch.countDown();
} catch (IOException e) {
logger.error("caught exception in key change listener", e);
}
}
});

9
watcher/src/main/java/org/elasticsearch/watcher/shield/ShieldIntegration.java
View File

@ -5,6 +5,7 @@
*/
package org.elasticsearch.watcher.shield;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.Injector;
import org.elasticsearch.common.settings.Settings;
@ -15,6 +16,8 @@ import org.elasticsearch.shield.authc.AuthenticationService;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.watcher.WatcherVersion;
import java.io.IOException;
/**
*
*/
@ -48,7 +51,11 @@ public class ShieldIntegration {
public void bindWatcherUser(TransportMessage message) {
if (authcService != null) {
((AuthenticationService) authcService).attachUserHeaderIfMissing(message, ((WatcherUserHolder) userHolder).user);
try {
((AuthenticationService) authcService).attachUserHeaderIfMissing(message, ((WatcherUserHolder) userHolder).user);
} catch (IOException e) {
throw new ElasticsearchException("failed to attach watcher user to request", e);
}
}
}